cisco_vs_hp_cli

#hp

Public Channel / HP

Share on Social Networks

Share Link

Use permanent link to share in social media

Share with a friend

Please login to send this document by email!

Embed in your website

Select page to start with

54. 53 Cisco(config)#enable secret 0 ? LINE The UNENCRYPTED (cleartext) 'enable' secret Cisco(config)#enable secret 0 secret ? LINE <cr> Cisco(config)#enable secret 0 secret Cisco(config)#username ? WORD User name Cisco(config)#username manager ? aaa AAA directive access - class Restrict access by access - class autocommand Automatically issue a command after the user logs in callback - dialstring Callback dialstring callback - line Associate a specific line with this callback callback - rotary Associate a rotary group with this callback dnis Do not require password when obtained via DNIS mac This entry is for MAC Filtering where username=mac nocallback - verify Do not require authentication after callback noescape Prevent the user from using an escape character nohangup Do not disconnect after an automatic command nopassword No password is required for the user t o log in password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user user - maxlinks Limit the user's number of inbound links view Set view name <cr> Cisco(config)#username manager privilege ? <0 - 15> User privilege level Cisco(config)#username manager privilege 15 ? aaa AAA directive access - class Restrict access by access - class autocommand Automatically issue a command after the user logs in callback - dialstring Callback dialstring callback - line Associate a specific line with this callback callback - rotary Associate a rotary group with this callback dnis Do not require password when obtained via DNIS mac This entry is for MAC Filtering where username=mac nocallback - verify Do not require authentication after callback noescape Prevent the user from using an escape charac ter nohangup Do not disconnect after an automatic command nopassword No password is required for the user to log in password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user user - maxlinks Limit the user's number of inbound links view Set view name <cr> Cisco(config)#username manager privilege 15 password ? 0 Specifies an UNENCRYPTED password will follow 7 Specifies a HIDDEN password will follow LINE The UNENCRYPTED (cleartext) user password Cisco(config)#username manager privilege 15 password password ? LINE <cr> Cisco(config)#username manager privilege 15 password password

60. 59 Cisco From the Cisco Catalyst 375 0 Switch Software Configuration Guide: “By default, any end user with physical access to the switch can recover from a lost password by interrupting the boot proces s while the switch is powering on and then by entering a new password. The password - recovery disable feature protects acc ess to the switch password by disabling part of this functionality. When this feature is enabled, the end user can interrupt the boot process only by agreeing to set the system back to the default configuration. With password recovery disabled, you can sti ll interrupt the boot process and change the password, but the configuration file (config.text) and the VLAN database file (vlan.dat) are deleted.” Cisco#show version ... The password - recovery mechanism is enabled. ... Cisco(config)#no service passwor d - recovery Cisco#show version ... The password - recovery mechanism is disabled. ...

28. 27 Cisco Cisco#show inventory NAME: "1", DESCR : "WS - C3750E - 24TD" PID: WS - C3750E - 24TD - S , VID: V02 , SN: xxxxxxxxxxx NAME: "Switch 1 - Power Supply 0", DESCR: "FRU Power Supply" PID: C3K - PWR - 265WAC , VID: V01Q , SN: xxxxxxxxxxx Cisco#show version Cisco IOS Software, C3750E Software (C3750E - UNIVE RSALK9 - M), Version 15.0(1)SE, RELEASE SOFTWARE (fc1) ... Cisco uptime is 1 hour, 9 minutes System returned to ROM by power - on System restarted at 23:56:02 central Wed Mar 4 2015 System image file is "flash:c3750e - universalk9 - mz.150 - 1.SE.bin" ... cisco WS - C 3750E - 24TD (PowerPC405) processor (revision F0) with 262144K bytes of memory. Processor board ID FDO1231V0US Last reset from power - on 1 Virtual Ethernet interface 1 FastEthernet interface 28 Gigabit Ethernet interfaces 2 Ten Gigabit Ethernet interfaces The password - recovery mechanism is enabled. 512K bytes of flash - simulated non - volatile configuration memory. Base ethernet MAC Address : 00:22:91:AB:43:80 Motherboard assembly number : 73 - 10313 - 11 Motherboard serial number : xxxxxxxxxxx Model revision number : F0 Motherboard revision number : A0 Model number : WS - C3750E - 24TD - S Daughterboard assembly number : 800 - 28590 - 01 Daughterboard serial number : xxxxxxxxxxx System serial number : xxxxxxxxx xx Top Assembly Part Number : 800 - 27546 - 03 Top Assembly Revision Number : A0 Version ID : V02 CLEI Code Number : xxxxxxxxxxx Hardware Board Revision Number : 0x01 Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 30 WS - C3750E - 24TD 15.0(1)SE C3750E - UNIVERSALK9 - M Cisco#sh env ? all Show all environment status fan Show fan status powe r Show power supply status rps Show RPS status stack Show Stack - wide all environment status temperature Show temperature status xps Show XPS status Cisco#show env fan FAN is OK

127. 126 Cisco(config)#clock summer - time ? WORD name of time zone in summer Cisco(config)#clock summer - time US - Cent ? date Configure absolute summer time recurring Configure recurring summer time Cisco(config)#clock summer - time US - Cent date ? <1 - 31> Date to start MONTH Month to start Cisco(config)#clock summer - time US - Cent date mar ? <1 - 31> Date to start Cisco(config)#clock summer - time US - Cent date mar 8 ? <1993 - 2035> Year to start Cisco(config)#clock summer - time US - Cent date mar 8 2015 ? hh:mm Time to start (hh:mm) Cisco(config)#clock summer - time US - Cent date mar 8 2015 02:00 ? <1 - 31> Date to end MONTH Month to end Cisco(config)#clock summer - time US - Cent date mar 8 2015 02:00 nov ? <1 - 31> Date to end Cisco(config)#clock summer - time US - Cent date mar 8 2015 02:00 nov 1 ? <1993 - 2035> Year to end Cisco(config)#clock sum mer - time US - Cent date mar 8 2015 02:00 nov 1 2015 ? hh:mm Time to end (hh:mm) Cisco(config)#clock summer - time US - Cent date mar 8 2015 02:00 nov 1 2015 02:00 ? <1 - 1440> Offset to add in minutes <cr> Cisco(config)#clock summer - time US - Cent date mar 8 2015 0 2:00 nov 1 2015 02:00 60 ? <cr> Cisco(config)#clock summer - time US - Cent date mar 8 2015 02:00 nov 1 2015 02:00 60 Cisco#show clock 17:16:15.928 US - Cent Tue Mar 10 2015 Cisco#show clock detail 17:16:45.950 US - Cent Tue Mar 10 2015 Time source is NTP Summer time starts 02:00:00 US - Cent Sun Mar 8 2015 Summe r time ends 02:00:00 US - Cent Sun Nov 1 2015

62. 61 ProVision(config)# aaa au thorization group ? GROUPNAME - STR The group name. ProVision(config)# aaa authorization group network - admin 2 ? <1 - 2147483647> The sequence number. ProVision(config)# aaa authorization group network - admin 2 1 ? match - command Specif y the command to match. ProVision(config)# aaa authorization group network - admin 2 1 match - command ? COMMAND - STR The command to match. ProVision(config)# aaa authorization group network - admin 2 1 match - command "command:show interface s brief" ? permit Permit the specified action. deny Deny the specified action. ProVision(config)# aaa authorization group network - admin 2 1 match - command "command:show interface brief" permit ? log Generate an eve nt log any time a match happens. <cr> ProVision(config)# aaa authorization group network - admin 2 1 match - command "command:show interface brief" permit log ? <cr> ProVision(config)# aaa authorization group network - admin 2 1 match - command "command:show in terface brief" permit log ProVision(config)# aaa authorization group network - admin2 2 match - command "command:show ip " permit log ProVision(config)# aaa authentication ? allow - vlan Configure authenticator ports to apply VLAN changes immediate ly. captive - portal Configure redirection to a captive portal server for additional client authentication. console Configure authentication mechanism used to control access to the switch c onsole. disable - username Bypass the username during authentication while accessing the switch to get Manager or Operator access. local - user Create or remove a local user account. lockout - delay The number of seconds after repeated login failures before a user may again attempt login. login Specify that switch respects the authentication server's privilege level. mac - based Configure au thentication mechanism used to control mac - based port access to the switch. num - attempts The number of login attempts allowed. port - access Configure authentication mechanism used to control access to the network. ssh Configure authentication mechanism used to control SSH access to the switch. telnet Configure authentication mechanism used to control Telnet access to the switch. web Configure authentication mechanism used to control web access to the switch. web - based Configure authentication mechanism used to control web - based port acce ss to the switch. ProVision(config)# aaa authentication local - user ? USERNAME - STR The username.

85. 84 ProVision# copy sftp flash ? HOST - NAME - STR Specify hostname of the SFTP server. IP - ADDR Specify SFTP server IPv4 address. IPV6 - ADDR Specify SFTP server IPv6 address. user Specify the username on the remote system USERNAME@IP - STR Specify the username along with remote system information (hostname, IPv4 or IPv6 addre ss). ProVisi on# copy sftp flash 10.0.100.111 ? FILENAME - STR Specify filename for the SFTP transfer port TCP port of the SSH server on the remote system. ProVisi on# copy sftp flash 10.0.100.111 K_15_16_0004.swi ? primary Copy to primary flash. secondary Copy to secondary flash. oobm Use the OOBM interface to reach SFTP server. <cr> ProVision# copy sftp flash 10.0.100.111 K_15_16_0004.swi secondary ? oobm Use the O OBM interface to reach SFTP server. <cr> ProVision# copy sftp flash 10.0.100.111 K_15_16_0004.swi secondary Attempting username/password authentication... Enter manager@10.0.100.111's password: ******** SFTP download in progress. ProVision# copy usb ? autorun - cert - file Copy autorun trusted certificate to the switch. autorun - key - file Copy autorun key file to the switch. command - file Copy command script to switch and execute. config Copy data to the specified switch co nfiguration file. default - config Copy custom default configuration to the switch. flash Copy data to the switch system image file. pub - key - file Copy the public keys to the switch. ssh - client - key Copy an RSA or DSA private key to the switch for the SSH client to use. ssh - client - known - h... Copy a file containing SSH known hosts to the switch. startup - config Copy data to the switch configuration file. ProVision# copy usb flash ? IMAGE - NAME - STR Specify filename for the USB transfer. ProVision# copy usb flash K_ 15 _16_0004 .swi ? primary Copy to primary flash. secondary Copy to secondary flash. <cr> ProVision# copy usb flash K_15_16_0004.swi secondary ? <cr> ProVision# copy usb flash K_15_16_0004.swi secondary ProVision# copy xmodem ? command - file Copy command script to switch and execute. config Copy data to the specified switch configuration file. default - config Copy source file to custom default configuration. flash Copy to primary/secondary flash. ssh - client - key Copy an RSA or DSA private key to the switch for the SSH client to use. ssh - client - known - h... Copy a fi le containing SSH known hosts to the switch. startup - config Copy data to the switch configuration file.

106. 105 <Comware7>backup startup - configuration ? to Indicate the operation direction <Comware7>bac kup startup - configuration to ? STRING<1 - 253> IP address or hostname of the TFTP server <Comware7>backup startup - configuration to 10.0.100.111 ? STRING<1 - 256> Destination filename with the suffix .cfg <cr> <Comware7>backup startup - configuration to 10.0.100.111 comware7_startup - config.cfg ? <cr> <Comware7>backup startup - configuration to 10.0.100.111 comware7_startup - config.cfg <Comware7>copy ? STRING [drive][path][file name] flash: Device name ftp: File on the FTP s erver slot1#flash: Device name slot1#usba0: Device name tftp: File on the TFTP server usba0: Device name <Comware7>copy flash:/? flash:/comware_main.cfg flash:/startup.cfg <Comware7>copy flash:/comware_main.cfg ? STRING [drive][path][file name] flash: Device name ftp: File on the FTP server slot1#flash: Device name slot1#usba0: Device name tftp: File on the TFTP server usba0: Device name <Comware 7 > copy flash:/ comware_ main. cfg flash:/ comware_ main2.cfg ? <cr> <Comware 7 > copy flash:/ comware_ main.cfg flash:/ comware_ main2.cfg <Comware7>tftp ? STRING<1 - 253> IP address or hostname of the TFTP Server ipv6 IPv6 TFTP Client <Comware7>tftp 10.0.100.111 ? get Do wnload a file from the TFTP server put Upload a local file to the TFTP server sget Download a file from the TFTP server securely <Comware7>tftp 10.0.100.111 put ? STRING<1 - 255> Source filename <Comware7>tftp 10.0.100.111 put comware_main.cfg ? STRING<1 - 255> Destination filename dscp Set the Differentiated Services Codepoint (DSCP) value source Specify the source address for outgoing TFTP packets vpn - instance Specify a VPN instance <cr> <Comware7>tftp 10.0.100.111 put comware_main.cfg comware7_startup - config.cfg ?

145. 144 Cisco(config)#snmp - server contact ? LINE identification of the contact person for this managed node Cisco(config)#snmp - server contact Lab_Engr Cisco(config)#snmp - server enable ? traps Enable SNMP Traps Cisco(config)#snmp - server enable traps ? auth - framework Enable SNMP CISCO - AUTH - FRAMEWORK - MIB traps bridge Enable SNMP STP Bridge MIB traps call - home Enable SNMP CISCO - CALLHOME - MIB traps cef Enable SNMP CEF traps cluster Enable Cluster traps config Enable SNMP config traps config - copy Enable SNMP config - copy traps config - ctid Enable SNMP config - ctid traps copy - config Enable SNMP config - c opy traps cpu Allow cpu related traps dot1x Enable SNMP dot1x traps eigrp Enable SNMP EIGRP traps energywise Enable SNMP ENERGYWISE traps entity Enable SNMP entity traps envmon Enable SNMP environmental monitor traps errdisable Enable SNMP errdisable notifications event - manager Enable SNMP Embedded Event Manager traps flash Enable SNMP FLASH notifications flowmon Enabel SNMP flowmon notifi cations fru - ctrl Enable SNMP entity FRU control traps hsrp Enable SNMP HSRP traps ipmulticast Enable SNMP ipmulticast traps ipsla Enable SNMP IP SLA traps license Enable license traps mac - notifi cation Enable SNMP MAC Notification traps ospf Enable OSPF traps pim Enable SNMP PIM traps port - security Enable SNMP port security traps power - ethernet Enable SNMP power ethernet traps snmp Enable S NMP traps stackwise Enable SNMP stackwise traps storm - control Enable SNMP storm - control trap parameters stpx Enable SNMP STPX MIB traps syslog Enable SNMP syslog traps transceiver Enable SNMP transceiver traps tty Enable TCP connection traps vlan - membership Enable SNMP VLAN membership traps vlancreate Enable SNMP VLAN created traps vlandelete Enable SNMP VLAN deleted traps vstack Enable SNMP Smart Install traps vtp Enable SNMP VTP traps <cr> Cisco(config)#snmp - server enable traps Cisco#show snmp Chassis: FDO1231V0US Contact: Lab_Engr Location: Lab 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Ille gal operation for community name supplied 0 Encoding errors

386. 385 ProVision(config)# sp anning - tree config - name ProVision - C omware - C isco ProVision(confi g)# spanning - tree config - revision 1 ProVision(config)# spanning - tree instance 1 vlan 220 ProVision(config)# spanning - tree instance 2 vlan 1 00 ProVision(config)# spanning - tree instance 3 vlan 240 ProVision(config)# spanning - tree priority 2 (note - mu ltiplier is 4096 , default setting is 8 ) ProVision(config)# spann ing - tree instance 1 priority 3 (note - multiplier is 4096 , default setting is 8 ) ProVision(config)# spann ing - tree instance 2 priority 4 (note - multiplier is 4096 , default setting is 8 ) ProVision(config)# spann ing - tree instance 3 priority 5 (note - multiplier is 4096 , default setting is 8 ) ProVision(config)# spanning - tree 9 ? admin - edge - port Set the administrative edge port status. auto - edge - port Set the automatic ed ge port detection. bpdu - filter Stop a specific port or ports from transmitting BPDUs, receiving BPDUs, and assume a continuous fowarding state. bpdu - protection Disable the specific port or ports if the port(s) recei ves STP BPDUs. hello - time Set message transmission interval (in sec.) on the port. Not applicable in RPVST mode. loop - guard Set port to guard against the loop and consequently to prevent it from becoming Forwarding Port. mcheck Force the port to transmit RST BPDUs. Not applicable in RPVST mode. path - cost Set port's path cost value. Not applicable in RPVST mode. po int - to - point - mac Set the administrative point - to - point status. priority Set port priority (the value is in range of 0 - 240 divided into steps of 16 that are numbered from 0 to 15, default is step 8). Not applicable in RPVST mode. pvst - filter Stop a specific port or ports from receiving and retransmitting PVST BPDUs. Not applicable in RPVST mode. pvst - protection Disable the specific port or ports if the por t(s) receives PVST BPDUs. Not applicable in RPVST mode. root - guard Set port to ignore superior BPDUs to prevent it from becoming Root Port. tcn - guard Set port to stop propagating receiv ed topology changes notifications and topology changes to other ports. Pro Vision(config)# spanning - tree 9 admin - edge - port ProVision(config)# spanning - tree 9 path - cost 10000 ProVision(config)# spanning - tree 9 priorit y 10 (note - multiplier is 16 , default setting is 8 ) ProVision(config)# spanning - tree instance 1 9 path - cost 10000 ProVision(config)# spanning - tree instance 1 9 priority 10 (note - multiplier is 16 , default setting is 8 ) ProVision# show spanning - tree ?

403. 402 Bridge ID Priority 16385 (priority 16384 sys - id - ext 1) Address 0022.91ab.4380 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Gi1/0/6 Root FWD 20000 128.6 P2p MST2 Spanning tree enabled protocol mstp Root ID Priority 8194 Address cc3e.5f73.bacb Cost 40000 Port 6 (GigabitEthernet1/0/6) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 12290 (priority 12288 sys - id - ext 2) Address 0022.91ab.4380 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Gi1/0/6 R oot FWD 20000 128.6 P2p Gi1/0/9 Desg FWD 10000 160.9 P2p Edge MST3 Spanning tree enabled protocol mstp Root ID Priority 8195 Address 0022.91ab.4380 This bridge is the root He llo Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 8195 (priority 8192 sys - id - ext 3) Address 0022.91ab.4380 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Gi1/0/6 Desg FWD 20000 128.6 P2p Cisco #show spanning - tree mst ##### MST0 vlans mapped: 1 - 99,101 - 219,221 - 239,241 - 4094 Bridge address 0022.91ab.4380 priority 20480 (20480 sysid 0) Root address 009c.02d5.3980 priority 8192 (8192 sysid 0) port Gi1/0/6 path cost 0 Regional Root address 009c.02d5.3980 priority 8192 (81 92 sysid 0) internal cost 20000 rem hops 19 Operational hello time 2 , forward delay 15, max age 20, txholdcount 6 Configured hello time 2 , forward delay 15, max age 20, max hops 20 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Gi1/0/1 Desg FWD 20000 128.1 P2p Gi1/0/6 Root FWD 20000 128.6 P2p Gi1/0/9 Desg FWD 10000 160.9 P2p Edg e ##### MST1 vlans mapped: 220 Bridge address 0022.91ab.4380 priority 16385 (16384 sysid 1)

170. 169 [ Comware5 ] ssh ? client Specify SSH client attribute server Specify the serv er attribute user SSH user [ Comware5 ] ssh server ? acl Specify an ACL to control SSH clients' access authentication - retries Specify authentication retry times authentication - timeout Specify authentication timeout compatib le - ssh1x Specify the compatible ssh1x dscp Differentiated Services Codepoint (DSCP) enable Enable SSH Server ipv6 Specify SSH Server IPv6 attribute rekey - interval Specify the SS H server key rekey - interval [ Comware5 ]ssh server enable ? <cr> [ Comware5 ] ssh server enable [ Comware5 ] display ssh server ? session Server session status Server state [ Comware5 ] display ssh server status SSH server: Enable SSH version : 1.99 SSH authentication - timeout : 60 second(s) SSH server key generating interval : 0 hour(s) SSH authentication retries : 3 time(s) SFTP server: Disable SFTP server Idle - Timeout: 10 minute(s) [ Comware5 ] display ssh server session Conn Ver Encry S tate Retry SerType Username VTY 0 2.0 AES Estab lished 0 Stelnet ssh - manager [ Comware5 ] display public - key local rsa public ===================================================== Time of Key pair created: 15:16:11 2015/03/ 12 Key name: HOST_KEY Key type: RSA Encryption Key ===================================================== Key code: 30819F300D06092A864886F70D010101050003818D0030818902818100BF156BF41CE4EB567EBA80D644E20A3339A 1EDC43701F758DFB89B72BCCFCC14 123456789054 AFC9EEC B32D56A1E2D220BB7BDBB0FE9D6A46A79C21CA84BA04F 1EB1E9E57D60497A1EF1D536C3ED4B8468C48C77CBC7C56052D04A93552A0A7BCB98805F1EF8B29A6ABC4FFCA930E 1912A07506E629000CDEFC570E3106605C910203010001 ===================================================== Time of Key pair created: 15:16:18 2015/03/12 Key name: SERVER_KEY Key type: RSA Encryption Key ===================================================== Key code: 307C300D06092A864886F70D0101010500036B003068026100C05DE56C3141015C6D792DDE419B436530E666C615E 339A09B3C189C4332A AEE575344966B0 123456789054 519F7BA917F95464B354BCD998AC0E49463334B8C6D4ADC55 CC4C77EE7201FCC80AD63979DC9DBD4EB525E3C53B0E3BAE54D33272BF0203010001

189. 188 Chapter 10 R ADIUS Authentication for Switch Management This chapter covers the commands required to authenticate management us ers to a network Remote Authentication Dial - In User Service (RADIUS) server. RADIUS is a distributed information interaction protocol that uses a client/server model. It provides access authentication and authorization services and is often used in network environments requiring both high security and remote user access. Originally designed for dial - in user access, i t now supports additional access methods, such as Ethernet and Asymmetric Digital Subscriber Line (ADSL). Running on the switch, t h e RADIUS client passes user information to designated RADIUS servers and acts on the responses (for example, rejecting or acc epting user access requests). RADIU S is described in RFC 2865 for Authentication and Authorization, and in RFC 2866 for Accou n ting . The RADIUS accounting function collects and records network resource usage information. RADIUS uses UDP as the transport p rotocol. It uses UDP port 1812 for authentication and UDP port 1813 for accounting. Huawei Terminal Access Controller Access Control System ( HWTACACS ) also provide s authentication, authorization, and accounting services. RADIUS and HWTACACS have many featu res in common, including a client/server model, the use of shared keys for user information security, and flexibility and extensibility. Their differences are listed in the following table : RADIUS HWTACACS RADIUS u ses UDP, providing higher transport effic iency. HWTACACS u ses TCP, providing more reliable network transmission. It e ncrypts only the user password field in an authentication packet. It e ncrypts the entire packet , except for the HWTACACS header. Protocol packets are simple and the authorizat ion process is combined with the authentication process. Protocol packets are complicated and authorization is independent of authentication. You can deploy a uthentication and authorization on different HWTACACS servers. RADIUS d oes not support authorizat ion of configuration commands. A user can use all the commands at our below the user’s level . (ProVision has this as a feature using VSA configuration parameters on the RADIUS server that are passed to the NAS.) HWTACACS s upports authorization of configura tion commands. A user can use commands that are at or below the user ’s level or are authorized by the HWTACACS server.

208. 207 Cisco(config)#line vty 0 15 Cisco(config - line)#login ? authentication Aut hentication parameters. Cisco(config - line)#login authentication ? WORD Use an authentication list with this name. default Use the default authentication list. Cisco(config - line)#login authentication default ? <cr> Cisco(config - line)#login a uthentication default Cisco#sh ow aaa servers RADIUS: id 6, priority 1, host 10.0.100.111, auth - port 1812, acct - port 1813 State: current UP, duration 171s, previous duration 0s Dead: total time 0s, count 0 Quarantined: No Authen: requ est 3, timeouts 0, failover 0, retransmission 0 Response: accept 1, reject 1, challenge 0 Response: unexpected 0, server error 0, incorrect 0, time 4956344ms Transaction: success 3, failure 0 Throttled: t ransaction 0, timeout 0, failure 0 Author: request 0, timeouts 0, failover 0, retransmission 0 Response: accept 0, reject 0, challenge 0 Response: unexpected 0, server error 0, incorrect 0, time 0ms Transaction: success 0, failure 0 Throttled: transaction 0, timeout 0, failure 0 Account: request 0, timeouts 0, failover 0, retransmission 0 Request: start 0, interim 0, stop 0 Response: start 0, interim 0, stop 0 Response: unexpected 0, server error 0, incorrect 0, time 0ms Transaction: success 0, failure 0 Throttled: transaction 0, timeout 0, failure 0 Elapsed time since counters last cleared: 2m Estimated Outstanding Access Transactions: 0 Estimated Outstanding Accounting Transactions: 0 Estimated Throttled Access Transactions: 0 Estimated Throttled Accounting Transactions: 0 Maximum Throttled Transactions: access 0, accounting 0 Requests per minute p ast 24 hours: high - 0 hours, 1 minutes ago: 2 low - 0 hours, 3 minutes ago: 0 average: 0 Cisco#show radius server - group radius Server group radius Sharecount = 1 sg_unconfigured = FALSE Type = standard Memlocks = 1 Server(10.0.100.111:1812,1813) Transactions: Authen: 2 Author: 0 Acct: 0 Server_auto_test_enabled: FALSE Keywrap enabled: FALSE Cisco#show radius statistics Auth. Acct. Bo th Maximum inQ length: NA NA 1 Maximum waitQ length: NA NA 1

231. 230 Cisco(config)#tacacs - server host 10.0.100.111 ? key per - server encryption key (overrides default) nat To send client's pos t NAT address to tacacs+ server port TCP port for TACACS+ server (default is 49) single - connection Multiplex all packets over a single tcp connection to server (for CiscoSecure) timeout Time to wait for this TACACS server to reply (overrides default) <cr> Cisco(config)#tacacs - server host 10.0.100.111 key ? 0 Specifies an UNENCRYPTED key will follow 7 Specifies HIDDEN key will follow LINE The UNENCRYPTED (cleartext) s hared key Cisco(config)#tacacs - server host 10.0.100.111 key password ? <cr> Cisco(config)#tacacs - server host 10.0.100.111 key password Cisco(config)#aaa ? accounting Accounting configurations parameters. attribute AAA attribute defin itions authentication Authentication configurations parameters. authorization Authorization configurations parameters. cache AAA cache definitions configuration Authorization configuration parameters. dnis Associate certain AAA parameters to a specific DNIS number group AAA group definitions local AAA Local Authen/Authz Method Lists local AAA Local method options max - sessions Adjust initial hash size for estimated max sess ions memory AAA memory parameters nas NAS specific configuration new - model Enable NEW access control commands and functions.(Disables OLD commands.) pod POD processing policy AAA policy parameters server Local AAA server service - profile Service - Profile parameters session - id AAA Session ID traceback Traceback recording user AAA user definitions Cisco(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. dot1x Set authentication lists for IEEE 802.1x. en able Set authentication list for enable. eou Set authentication lists for EAPoUDP fail - message Message to use for failed login/authentication. login Set authentication lists for logins. password - prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. suppress Do not send access request for a specific type of user. username - prompt Text to use when pro mpting for a username Cisco(config)#aaa authentication login ? WORD Named authentication list (max 31 characters, longer will be rejected). default The default authentication list.

280. 279 GE1/0/26 ADM auto A A 1 GE1/0/27 ADM auto A A 1 GE1/0/28 ADM auto A A 1 <Comware 5 >display interface g1/ 0/1 ? brief Brief information of status and configuration for interface(s) | Matching output <cr> < Comware 5 >display interface g1/0/1 brief The brief information of interface(s) under bridge mode: Link: ADM - administratively down; Stby - stand by Speed or Duplex: (a)/A - auto; H - half; F - full Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description GE1/0/1 UP 1G(a) F(a) A 1 < Comware 5 > display interface g1/0/1 GigabitEtherne t1/0/1 current state: UP IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 0023 - 89d5 - a070 D escription: GigabitEthernet1/0/1 Interface Loopback is not set Media type is twisted pair Port hardware type is 1000_BASE_T 100Mbps - speed mode, full - dup lex mode Link speed type is autonegotiation, link duplex type is autonegotiation Flow - control is not enabled The Maximum Frame Length is 9216 Broadcast MAX - ratio: 100% Unicast MAX - ratio: 100% Multicast MAX - ratio: 100% Allow jumbo frame to pass PVID : 1 Mdi type: auto Port link - type: access Tagged VLAN ID : none Untagged VLAN ID : 1 Port priority: 0 Peak value of input: 213 bytes/sec, at 2015 - 04 - 07 00:31:58 Peak value of output: 236 bytes/sec, at 2015 - 04 - 07 00:20:21 Last 300 seconds input: 2 packets/sec 213 bytes/sec 0% Last 300 seconds output: 0 packets/sec 18 bytes/sec 0% Input (total): 4311 packets, 1269761 bytes 781 unicasts, 2272 broadcasts, 1258 multicasts Input (normal): 4311 packets, - bytes 781 unicasts , 2272 broadcasts, 1258 multicasts Input: 0 input errors, 0 runts, 0 giants, 0 throttles 0 CRC, 0 frame, - overruns, 0 aborts - ignored, - parity errors Output (total): 9731 packets, 1114808 bytes 372 unicasts, 5974 broadcasts , 3385 multicasts, 0 pauses Output (normal): 9731 packets, - bytes 372 unicasts, 5974 broadcasts, 3385 multicasts, 0 pauses Output: 0 output errors, - underruns, - buffer failures 0 aborts, 0 deferred, 0 collisions, 0 late collisions 0 lost carrier, - no carrier [ Comware 5 ] interface ? Bridge - Aggregation Bridge - Aggregation interface GigabitEthernet GigabitEthernet interface LoopBack LoopBack interface NULL NULL interface

289. 288 Port Name Status Vlan Dupl ex Speed Type Gi1/0/1 connected 1 a - full a - 1000 10/100/1000BaseTX Cisco#show interfaces g1/0/1 GigabitEthernet1/0/1 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is 0022.91ab.4381 (bia 002 2.91ab.4381) MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full - duplex, 1000Mb/s, media type is 10/100/1000BaseTX input flow - cont rol is off, output flow - control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:00:07, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total outpu t drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1902 packets input, 149768 bytes, 0 no buffer Received 1806 broadcasts (1764 mul ticasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 1764 multicast, 0 pause input 0 input packets with dribble condition detected 482 packets output, 102102 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out Cisco(config)#in terface ? Async Async interface Auto - Template Auto - Template interface BVI Bridge - Group Virtual Interface CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEthe rnet IEEE 802.3 Filter Filter interface Filtergroup Filter Group interface GigabitEthernet GigabitEthernet IEEE 802.3z Group - Async Async Group interface GroupVI Group Virtual interface Lex Lex interface Loopback Loopback interface Null Null interface Port - channel Ethernet Channel of interfaces Portgroup Portgroup interface Pos - channel POS Channel of interfaces TenGigabitEth ernet Ten Gigabit Ethernet Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual - Template Virtual Template interface Virtual - TokenRing Virtual TokenRing Vlan Catalyst Vlans fcpa Fiber Channel range interface range command Cisco(config)#interface g1/0/1 Cisco(config - if)#?

331. 330 [Comware7 - GigabitEtherne t1/0/12 ]interface g1/0/14 [Comware7 - GigabitEthernet1/0/14]port access vlan 152 [Comware7 - GigabitEthernet1/0/14]port private - vlan host [Comware7 - GigabitEthernet1/0/14 ]quit [Comware7]interface vlan 150 [Comware7 - Vlan - interface150]ip address 10.150.2.1 24 [Comware7 - Vlan - interface150]? Vlan - interface interface view commands: arp ARP module bandwidth Specify the expected bandwidth bfd BFD module cfd Connectivity Fault Detection (CFD) module ddns Dynamic Domain Name System (DDNS) module default Restore the default settings description Describe the interface dhcp Dynamic Host Configuration Protocol (DHCP) commands diagnostic - logfile Diagnostic log file configuration display Display current system information enable Enable functions igmp Specify IGMP configuration information ip Specify IP configuration ipsec IP Security (IPsec) module ipv6 Specify IPv6 configuration isis Configure interface parameters for IS - IS local - proxy - arp Specify local proxy ARP function for same interface local - proxy - nd Local ND proxy fu nction logfile Log file configuration mad Multi - active detection mld Specify MLD configuration information monitor System monitor mpls Multiprotocol Label Switching (MPLS) mod ule mtu Specify Maximum Transmission Unit(MTU) of the interface multicast Multicast module ntp - service Network Time Protocol (NTP) module ospf OSPF interface commands ospfv3 OSPFv3 int erface commands packet - filter Packet filter settings pim Protocol Independent Multicast (PIM) module ping Ping function portal Portal authentication module private - vlan Private VLAN functio n proxy - arp Specify proxy ARP function proxy - nd ND proxy function quit Exit from current command view return Exit to User View rip Configure interface parameters for RIP ripng Configure interface parameters for RIPng rsvp Resource Reservation Protocol (RSVP) module save Save current configuration security - logfile Security log file configuration service Specify the s ervice slot shutdown Shut down the interface tcp Specify TCP parameters of the interface tracert Tracert function udp - helper UDP helper function undo Cancel current setting vrrp Virtual Router Redundancy Protocol(VRRP) module

391. 390 [Comware5] stp instance 2 priority 2048 0 (note – in steps of 4096 , default setting is 32768 ) [Comware5] stp instance 3 priority 16384 (note – in steps of 4096 , default setting is 32768 ) [Comware5]interface g1/0/9 [Comware5 - GigabitEthernet1/0/9]stp ? compliance MST BPDU Fo rmat config - digest - snooping Specify configuration digest snooping cost Specify port path cost disable Disable spanning tree protocol on a port edged - port Specify edge port enable E nable spanning tree protocol on a port instance Spanning tree instance loop - protection Specify loop protection mcheck Specify mcheck no - agreement - check Specify port ignore agreement information point - t o - point Specify point to point link port Specify port parameter root - protection Specify root protection transmit - limit Specify transmission limit count vlan Virtual LAN [ Comware5 - Gig abitEthernet1/0/9 ]stp edged - port enable [Comware5 - GigabitEthernet1/0/9 ]stp cost 10000 [Comware5 - GigabitEthernet1/0/9]stp port priority 160 (note – in steps of 16 , default setting is 128 ) [Comware5 - Gigab itEthernet1/0/9 ]stp instance 1 cost 10000 [Com ware5 - GigabitEthernet1/0/9]stp instance 1 port priority 160 (note – in steps of 16 , default setting is 128 ) [Comware5]display stp ? abnormal - port Display abnormal ports bpdu - statistics STP BPDU statistics brief Brie f information down - port Port information of protocol down history Root or alternate port history instance Spanning tree instance interface Specify interface region - configuration Region configura tion root Display status and configuration of the root bridge slot Slot Number tc Port TC count vlan Virtual LAN | Matching output <cr> [Comware5] displa y stp ------- [CIST Global Info][Mode MSTP] ------- CIST Bridge :12288.0023 - 89d5 - a059 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :8192.009c - 02d5 - 3980 / 0 CIST RegRoot/IRPC :8192.009c - 02d5 - 3980 / 20 CIST RootPor tId :128.6 BPDU - Protection :disabled Bridge Config - Digest - Snooping :disabled

29. 28 Cisco#sh env power ? all All power supplies switch Switch number | Output modifiers <cr> Cisco#show env power SW PID Serial# Status Sys Pwr PoE Pwr Watts --- ------------------ ---------- --------------- ------- ------- ----- 1 C3K - PWR - 265WAC xxxxxxxxxxx OK Good N/A 265/0 Cisco#show env temperature ? status Show Temperature status and threshold values | Output modifiers <cr> Cisco#show env temperature SYSTEM TEMPERATURE is OK

131. 130 version Specify SNTP version vpn - instance Specify a VPN instance <cr> [Comware7]sntp unicast - server 10.0.100.251 [Comware7]display sntp ? ipv6 IPv6 protocol sessions Session information [Comware7]display sn tp sessions ? > Redirect it to a file >> Redirect it to a file in append mode | Matching output <cr> [Comware7]display sntp sessions SNTP server Stratum Version Last receive time 10.0.100.251 2 4 Thu, Mar 26 2015 1:16:58.143 [Comware7]clock ? protocol Specify a time protocol summer - time Configure daylight saving time timezone Configure time zone [Comware7 ]clock timezone ? STRING<1 - 32> Name of time zone [Comware7]clock timezone US - Centra l ? add Add time zone offset minus Minus time zone offset [Comware7]clock timezone US - Central minus ? TIME Time zone offset ( hh:mm:ss ) [Comware7]clock timezone US - Central minus 06:00:00 ? <cr> [Comware7]clock timezone US - Central minus 06:00 :00 [Comware7] clock summer - time ? STRING<1 - 32> Name of the daylight saving time [Comware7] clock summer - time US - Central ? TIME Time to start (HH:MM:SS) [Comware7]clock summer - time US - Central 02:00:00 ? STRING<1 - 32> Date to start (MM/DD) Janua ry Start from January February Start from February March Start from March April Start from April May Start from May June Start from June July Start from July August Start from Augu st September Start from September October Start from October November Start from November December Start from December [Comware7]clock summer - time US - Central 02:00:00 03/08 ?

42. 41 Cisco Cisco(config)# logging source - interface ? Async Async interface Auto - Template Auto - Temp late interface BVI Bridge - Group Virtual Interface CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEthernet IEEE 802.3 Filter Filter interface Filtergroup Fi lter Group interface GigabitEthernet GigabitEthernet IEEE 802.3z GroupVI Group Virtual interface Lex Lex interface Loopback Loopback interface Null Null interface Port - channel Eth ernet Channel of interfaces Portgroup Portgroup interface Pos - channel POS Channel of interfaces TenGigabitEthernet Ten Gigabit Ethernet Tunnel Tunnel interface Vif PGM Multicast Host interface Vir tual - Template Virtual Template interface Virtual - TokenRing Virtual TokenRing Vlan Catalyst Vlans fcpa Fiber Channel Cisco(config)# logging source - interface vlan 1 ? <cr> Cisco(config)#l ogging source - interface vla n 1 (the following service commands are similar the above logging example) Cisco(config)#ip radius source - interface vlan 1 Cisco(config)#ip t acacs source - interface vlan 1 Cisco(config)#ip ftp source - interface vlan 1 Cisco(config)#ip tftp source - inter face vlan 1 Cis co(config)#ntp source vlan 1 Cisco(config)#ip telnet source - interface vlan 1 Cisco (config)# ip ssh source - interface vlan 1 Cisco (config)#snmp - server source - interface traps vlan 1

92. 91 <Comware7>scp 10.0.100.111 get 5900_5920 - CMW710 - R2311P05.ipe Username: manager Press CTRL+C to abort. Connecting to 10.0.100.111 port 22 . manager@10.0.100.111's password: <Comware7>copy usb? usba0:/ <Comware7>copy usba0:/? "usba0:/System Volume Information/" usba0:/5900_5920 - CMW710 - R2311P05.ipe usba0:/5900_5920 - CMW710 - R2416.ipe usba0:/5900_5920 - cmw710 - boot - r2311p05.bin usb a0:/5900_5920 - cmw710 - boot - r2416.bin usba0:/5900_5920 - cmw710 - system - r2311p05.bin usba0:/5900_5920 - cmw710 - system - r2416.bin <Comware7>copy usba0:/5900_5920 - CMW710 - R2311P05.ipe ? STRING [drive][path][file name] flash: Device name ftp: File on the FTP server slot1#flash: Device name slot1#usba0: Device name tftp: File on the TFTP server usba0: Device name <Comware7>copy usba0:/5900_5920 - CMW710 - R2311P05.ipe flash:/? flash:/5900_5920 - cmw710 - boot - r2416.b in flash:/5900_5920 - cmw710 - system - r2416.bin flash:/diagfile/ flash:/ifindex.dat flash:/startup .cfg flash:/startup .mdb flash:/lauth.dat flash:/license/ flash:/logfile/ flash:/pki/ flash:/seclog/ flash:/versionInfo/ <Comware7>copy usba 0:/5900_5920 - CMW710 - R2311P05.ipe flash:/5900_5920 - CMW710 - R2311P05.ipe ? <cr> <Comware7>copy usba0:/5900_5920 - CMW710 - R2311P05.ipe flash:/5900_5920 - CMW710 - R2311P05.ipe <Comware7>tftp 10.0.100.111 put 5900_5920 - CMW710 - R2311P05.ipe ? STRING<1 - 255> Dest ination filename dscp Set the Differentiated Services Codepoint (DSCP) value source Specify the source address for outgoing TFTP packets vpn - instance Specify a VPN instance <cr> <Comware7>tftp 10.0.100.111 put 5900_5920 - CMW710 - R2311P05.ipe <Comware7>scp 10.0.100.111 put 5900_5920 - CMW710 - R2311P05.ipe ? STRING<1 - 255> Destination file name identity - key Specify the algorithm for publickey authentication prefer - compress Specify the preferred compression algo rithm prefer - ctos - cipher Specify the preferred encryption algorithm from client to

156. 155 write specify a write view for the group <cr> Cisco(config)#snmp - server group managerpriv v3 priv Cisco(config)#snmp - server user ? WORD Name of the user Cisco(config)#snmp - server user test ? WORD Group to which the user belongs Cisco(config)#snmp - server user test managerpriv ? remote Specify a remote SNMP entity to which the user belongs v1 user using the v1 security model v2c user using the v2c security model v3 user using the v 3 security model Cisco(config)#snmp - server user test managerpriv v3 ? access specify an access - list associated with this group auth authentication parameters for the user encrypted specifying passwords as MD5 or SHA digests <cr> Cisco( config)#snmp - server user test managerpriv v3 auth ? md5 Use HMAC MD5 algorithm for authentication sha Use HMAC SHA algorithm for authentication Cisco(config)#snmp - server user test managerpriv v3 auth md5 ? WORD authentication pas s word for user C isco(config)#snmp - server user test managerpriv v3 auth md5 password ? access specify an access - list associated with this group priv encryption parameters for the user <cr> Cisco(config)#snmp - server user test managerpriv v3 auth md5 password priv ? 3des Use 168 bit 3DES algorithm for encryption aes Use AES algorithm for encryption des Use 56 bit DES algorithm for encryption Cisco(config)#snmp - server user test manager priv v3 auth md5 password priv des ? WORD privacy pasword for user Cisco(config)#snmp - server user test manager priv v3 auth md5 password priv des password ? access specify an access - list associated with this group <cr> Cisco(config)#snmp - server user test manager priv v3 auth md5 password priv des password Cisco(con fig)#snmp - server host ? WORD IP/IPV6 address of SNMP notification host http://<Hostname or A.B.C.D>[:<port number>][/<uri>] HTTP address of XML notification host Cisco(config)#snmp - server host 10.0.111.210 ? WORD SNMPv1/v2c community string or SNMPv3 user name informs Send Inform messages to this host traps Send Trap messages to this host version SNMP version to use for notification messages vrf VPN Routing instance for this host Cisco(config)#snmp - server host 10.0.1 11.210 version ?

194. 193 ProVision(config)# aaa authentication console login radius local ? <cr> ProVisio n(config)# aaa authentication console login radius local ProVision(config)# aaa authentication console enable radius local ProVision(config)# aaa authentication telnet login radius none ProVision(config)# aaa authentication telnet enable radius none ProVision(config)# aaa authentication ssh login radius none ProVision(config)# aaa authentication ssh enable radius none ProVision(config)# aaa authentication web login radius none ProVision(config)# aaa authentication web enable radius none ProVis ion# show radius Status and Counters - General RADIUS Information Deadtime (minutes) : 0 Timeout (seconds) : 5 Retransmit Attempts : 3 Global Encryption Key : Dynamic Authorization UDP Port : 3799 Source IP Selection : 10.0.111.21 Auth Acct DM/ Time | Server IP Addr Port Port CoA Window | Encryption Key OOBM --------------- ---- ---- --- ------ + -------------------------------- ---- 10.0.100 .111 1812 1813 No 300 | password No ProVision# show authentication Status and Counters - Authentication Information Login Attempts : 3 Lockout Delay : 0 Respect Privilege : Disabled Bypass Username For Operator a nd Manager Access : Disabled | Login Login Login Access Task | Primary Server Group Secondary -------------- + ---------- ------------ ---------- Console | Radius radius Local Telnet | Ra dius radius None Port - Access | Local None Webui | Radius radius None SSH | Radius radius None Web - Auth | ChapRadius radius None MAC - Auth | ChapRadius radius None SNMP | Local None Local - MAC - Auth | Local radius None | Local None

196. 195 [Comware5] radius scheme radius - auth New Radius scheme [Comware5 - radius - radius - auth]? Radius - template view commands: accounting - on Accounting - On packet sending mode attribute Customize selected RADIUS attributes cfd Connectivity fault detection (IEEE 802.1ag) data - flow - format Specify data flow format display Display current system information key Specify the shared encryption key of RADIUS server mtracert Trace route to multicast source nas - backup - ip Specify RADIUS client backup IP address nas - ip Specify RADIUS client IP address ping Ping function primary Specify IP address of primary RADIUS server quit Exit from current command view retry Specify retransmission times return Exit to User View save Save current configuration secondary Specify IP address of secondary RADIUS server security - policy - server Specify IP address of security policy server server - type Specify the type of RADIUS server state Specify state of primary/secondary authentication/accounting RADIUS server stop - accounting - buffer Enable stop - accounting packet buffer timer Specify timer parameters tracert Trace route function undo Cancel current setting use r - name - format Specify user - name format sent to RADIUS server vpn - instance Specify VPN instance [Comware5 - radius - radius - auth]primary ? accounting Specify IP address of primary accounting RADIUS server authentication Specify I P address of primary authentication RADIUS server [Comware5 - radius - radius - auth]primary authentication ? X.X.X.X Any valid IP address ipv6 Specify IPV6 address [Comware5 - radius - radius - auth]primary authentication 10.0.100.111 ? INTEGER<1 - 65535> Authentication - port : generally is 1812 key Specify the shared encryption key of RADIUS server probe Probe the server to determine its availability vpn - instance Specify VPN instance <cr> [Comware5 - radius - radius - aut h]primary authentication 10.0.100.111 key ? STRING<1 - 64> Plaintext key string cipher Specify a ciphertext key simple Specify a plaintext key [Comware5 - radius - radius - auth]primary authentication 10.0.100.111 key simple ? STRING<1 - 64> Plaintext key string [Comware5 - radius - radius - auth]primary authentication 10.0.100.111 key simple password ? INTEGER<1 - 65535> Authentication - port : generally is 1812 probe Probe the server to determine its availability vpn - instance Specify VPN instance <cr> [Comware5 - radius - radius - auth]primary authentication 10.0.100.111 key simple password

232. 231 Cisco(config)#aaa authentication login default ? ca che Use Cached - group enable Use enable password for authentication. group Use Server - group krb5 Use Kerberos 5 authentication. krb5 - telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local - case Use case - sensitive local username authentication. none NO authentication. passwd - expiry enable the login list to provide password aging support Cisco(config)#aaa authentication login default group ? WORD Server - group name ldap Use list of all LDAP hosts. radius Use list of all Radius hosts. tacacs+ Use list of all Tacacs+ hosts. Cisco(co nfig)#aaa authentication login default group tacacs+ ? cache Use Cached - group enable Use enable password for authentication. group Use Server - group krb5 Use Kerberos 5 authentication. line Use line password for auth entication. local Use local username authentication. local - case Use case - sensitive local username authentication. none NO authentication. <cr> Cisco(config)#aaa authentication login default group tacacs+ Cisco(config)#aaa authentica tion enable default group tacacs+ Cisco(config)#line vty 0 15 Cisco(config - line)#login ? authentication Authentication parameters. Cisco(config - line)#login authentication ? WORD Use an authentication list with this name. default Use the def ault authentication list. Cisco(config - line)#login authentication default ? <cr> Cisco(config - line)#login authentication default Cisco#show tacacs Tacacs+ Server - public : Server address: 10.0.100.111 Server port: 49 Socket opens: 7 Socket closes: 7 Socket aborts: 0 Socket errors: 0 Socket Timeouts: 0 Failed Connect Attempts: 0 Total Packets Se nt: 17 Total Packets Recv: 17

252. 251 <cr> Cisco#show cdp Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled Cisco#show cdp neighbors ? Asyn c Async interface Auto - Template Auto - Template interface BVI Bridge - Group Virtual Interface CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEthernet IEEE 802.3 Filter Filter interface Filtergroup Filter Group interface GigabitEthernet GigabitEthernet IEEE 802.3z GroupVI Group Virtual interface Lex Lex interface Port - channel Ethernet Channel o f interfaces Portgroup Portgroup interface Pos - channel POS Channel of interfaces TenGigabitEthernet Ten Gigabit Ethernet Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual - Template Virtual Template interface Virtual - TokenRing Virtual TokenRing Vlan Catalyst Vlans detail Show detailed information fcpa Fiber Channel | Output modifiers <cr> Cisco#show cdp neig hbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two - port Mac Relay Device ID Local Intrfce Hold tme Capability Platform Port ID SEP001AA133A2FA Gig 1/0/5 149 H P IP Phone Port 1 Cisco#show cdp neighbors g1/0/5 ? detail Show detailed information | Output modifiers <cr> Cisco#show cdp neighbors g1/0/5 Capabi lity Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two - port Mac Relay Device ID Local Intrfce Holdtme Capab ility Platform Port ID SEP001AA133A2FA Gig 1/0/5 132 H P IP Phone Port 1 Cisco#show cdp neighbors g1/0/5 detail ------------------------- Device ID: SEP001AA133A2FA Entry address(es): IP address: 10.0.111.103 Platform: Cisco IP Phone 7961, Capabilities: Host Phone Interface: GigabitEthernet1/0/5, Port ID (outgoing port): Port 1 Holdtime : 140 sec

253. 252 Version : SIP41.8 - 2 - 2SR2S advertisement version: 2 Duplex: full Power drawn: 6.300 Watts Power request id: 41722, Power manageme nt id: 1 Power request levels are:6300 0 0 0 0 Management address(es):

284. 283 GE1/0/44 DOWN auto A A 1 GE1/0/45 DOWN auto A A 1 GE1/0/46 DOWN auto A A 1 GE1/0/47 DOWN auto A A 1 GE1/0/48 DOWN auto A A 1 XGE1/0/49 ADM auto A A 1 XGE1/0/50 ADM auto A A 1 XGE1/0/51 DOWN auto A A 1 XGE1/0/52 DOWN auto A A 1 <Comware 7 >d isplay interface g1/0/1 ? > Redirect it to a file >> Redirect it to a file in append mode brief Brief information of status and configuration for interface(s) | Matching output <cr> <Comware7>display interface g1/0/1 brief Brief i nformation on interfaces in bridge mode: Link: ADM - administratively down; Stby - standby Speed: (a) - auto Duplex: (a)/A - auto; H - half; F - full Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description GE1 /0/1 UP 1G(a) F(a) A 1 <Comware 7 >display interface g1/0/1 GigabitEthernet1/0/1 Current state: UP Line protocol state: UP IP packet frame type: Ethernet II, hardware address: cc3e - 5f73 - baf4 Description: GigabitEthernet1/0/1 Interface Bandwidth: 1000000 kbps Loopback is not set Media type is twisted pair Port hardware type is 1000_BASE_T 1000Mbps - speed mode, full - duplex mode Link speed type is autonegotiation, link duplex type is autonegotiation Flow - control is not enabled Maximum fram e length: 10000 Allow jumbo frames to pass Broadcast max - ratio: 100% Multicast max - ratio: 100% Unicast max - ratio: 100% PVID: 1 MDI type: automdix Port link - type: Access Tagged VLANs: None Untagged VLANs: 1 Port priority: 0 Last clearing of counters: Ne ver Peak input rate: 90 bytes/sec, at 2015 - 04 - 07 00:31:58 Peak output rate: 33 bytes/sec, at 2015 - 04 - 07 00:22:05 Last 300 second input: 0 packets/sec 83 bytes/sec 0% Last 300 second output: 0 packets/sec 19 bytes/sec 0% Input (total): 1728 packets, 2 15498 bytes 146 unicasts, 37 broadcasts, 1545 multicasts, 0 pauses Input (normal): 1728 packets, - bytes 146 unicasts, 37 broadcasts, 1545 multicasts, 0 pauses Input: 0 input errors, 0 runts, 0 giants, 0 throttles 0 CRC, 0 fr ame, - overruns, 0 aborts - ignored, - parity errors Output (total): 253 packets, 50800 bytes

333. 332 Cisco(config)#vtp ? domain Set the name of the VTP administrative domain. file Configure IFS filesystem file where VTP configuration is stored. interface Configure int erface as the preferred source for the VTP IP updater address. mode Configure VTP device mode password Set the password for the VTP administrative domain pruning Set the administrative domain to permit pruning version Set the administrative domain to VTP version Cisco(config)#vtp mode ? client Set the device to client mode. off Set the device to off mode. server Set the device to server mode. transparent Set the device to transparent mode. C isco(config)#vtp mode transparent ? mst Set the mode for MST VTP instance. unknown Set the mode for unknown VTP instances. vlan Set the mode for VLAN VTP instance. <cr> Cisco(config)#vtp mode transparent Setting device to VTP Transparent mode for VLANS. Cisco(config)#vlan 150 Cisco(config - vlan)#? VLAN configuration commands: are Maximum number of All Route Explorer hops for this VLAN (or zero if none specified) backupcrf Backup CRF mode of the VLAN br idge Bridging characteristics of the VLAN exit Apply changes, bump revision number, and exit mode media Media type of the VLAN mtu VLAN Maximum Transmission Unit name Ascii name of the VLAN no Negate a command or set its defaults parent ID number of the Parent VLAN of FDDI or Token Ring type VLANs private - vlan Configure a private VLAN remote - span Configure as Remote SPAN VLAN ring Ring number of FDDI or Token Ring typ e VLANs said IEEE 802.10 SAID shutdown Shutdown VLAN switching state Operational state of the VLAN ste Maximum number of Spanning Tree Explorer hops for this VLAN (or zero if none specified) stp Spanning tree characteristics of the VLAN tb - vlan1 ID number of the first translational VLAN for this VLAN (or zero if none) tb - vlan2 ID number of the second translational VLAN for this VLAN (or zero if none) Cisco(config - vlan)#private - vlan ? association Configure association between private VLANs community Configure the VLAN as a community private VLAN isolated Configure the VLAN as an isolated private VLAN primary Configure the VLA N as a primary private VLAN Cisco(config - vlan)#private - vlan primary ? <cr> Cisco(config - vlan)#private - vlan primary

404. 403 Root address 0023.89d5.a059 priority 8193 (8192 sysid 1) port Gi1/0/6 cost 40000 rem hops 1 8 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Gi1/0/6 Root FWD 20000 128.6 P2p ##### MST2 vlans mapped: 100 Bridge address 0022.91ab.4380 pri ority 12290 (12288 sysid 2) Root address cc3e.5f73.bacb priority 8194 (8192 sysid 2) port Gi1/0/6 cost 40000 rem hops 18 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Gi1/0/6 Root FWD 20000 128.6 P2p Gi1/0/9 Desg FWD 10000 160.9 P2p Edge ##### MST3 vlans mapped: 240 Bridge address 0022.91ab.4380 priority 8195 (8192 s ysid 3) Root this switch for MST3 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Gi1/0/6 Desg FWD 20000 128.6 P2p Cisco #show spanning - tree mst conf iguration Name [ProVision - Comware - Cisco] Revision 1 Instances configured 4 Instance Vlans mapped -------- --------------------------------------------------------------------- 0 1 - 99,101 - 219,221 - 239,241 - 4094 1 220 2 100 3 240 ------------------------------------------------------------------------------- Cisco #show spanning - tree mst 0 ##### MST0 vlans mapped: 1 - 99,101 - 219,221 - 239,241 - 4094 Bridge address 0022.91ab.4380 priority 20480 (20480 sy sid 0) Root address 009c.02d5.3980 priority 8192 (8192 sysid 0) port Gi1/0/6 path cost 0 Regional Root address 009c.02d5.3980 priority 8192 (8192 sysid 0) internal co st 20000 rem hops 19 Operational hello time 2 , forward delay 15, max age 20, txholdcount 6 Configured hello time 2 , forward delay 15, max age 20, max hops 20 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- ------- -- -------- -------------------------------- Gi1/0/1 Desg FWD 20000 128.1 P2p Gi1/0/6 Root FWD 20000 128.6 P2p Gi1/0/9 Desg FWD 10000 160.9 P2p Edge Cisco#show spanning - tree mst 1 ##### MST1 vlans mappe d: 220 Bridge address 0022.91ab.4380 priority 16385 (16384 sysid 1) Root address 0023.89d5.a059 priority 8193 (8192 sysid 1) port Gi1/0/6 cost 40000 rem hops 18 Interface Role Sts Cost Prio.Nbr Type

453. 452 eBGP router additional commands after section “a” has been completed. Cisco(config)#router bgp 64504 Cisco(config - router)#nei ghbor 10.0.114.1 remote - as 64504 Cisco(config - router)#neighbor 10.0.114.1 next - hop - self Cisco#show ip bgp summary BGP router identifier 10.0.0.4, local AS number 64504 BGP table version is 47, main routing table version 47 23 network entries using 3128 bytes of memory 25 path entries using 1300 bytes of memory 10/10 BGP path/bestp ath attribute entries using 1240 bytes of memory 3 BGP AS - PATH entries using 72 bytes of memory 0 BGP route - map cache entries using 0 bytes of memory 0 BGP filter - list cache entries using 0 bytes of memory BGP using 5740 total bytes of memory BGP activity 26/3 prefixes, 36/11 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.101.21 4 64502 197 198 47 0 0 02:50:50 18 10.0.114.1 4 64504 73 87 47 0 0 01:07:00 3

79. 78 <cr> Cisco(config)#aaa common - criteria policy pwcomplex Cisco(config - cc - policy)#? CC Policy commands: char - changes Number of change characters between old and new passwords copy Copy from policy exit Exit from common - criteria sub - mode lifetime lifetime configuration lower - case Number of lower - case characters max - length Specify the maximum length of the password min - length Specify the minimum length of the password no Negate a command or set its defaults numeric - count Number of numeric characters special - case Number of special characters upper - case Number of upper - case characters Cisco(config - cc - policy)#min - length ? <1 - 1 27> Min Length 1 - 127 Cisco(config - cc - policy)#min - length 10 ? <cr> Cisco(config - cc - policy)#min - length 10 Cisco(config - cc - policy)#max - length ? <1 - 127> Max Length 1 - 127 Cisco(config - cc - policy)#max - length 10 ? <cr> Cisco(config - cc - policy)#max - leng th 10 Cisco(config - cc - policy)#numeric - count ? <0 - 127> Number of digits from 0 - 127 Cisco(config - cc - policy)#numeric - count 2 ? <cr> Cisco(config - cc - policy)#numeric - count 2 Cisco(config - cc - policy)#special - case ? <0 - 127> Number of special characters from 0 - 127 Cisco(config - cc - policy)#special - case 2 ? <cr> Cisco(config - cc - policy)#special - case 2 Cisco(config - cc - policy)#upper - case ? <0 - 127> Number of upper - case characters from 0 - 127 Cisco(config - cc - policy)#upper - case 2 ? <cr> Cisco(config - cc - policy)#upper - case 2 Cisco(config - cc - policy)#lower - case ? <0 - 127> Number of lower - case characters from 0 - 127 Cisco(config - cc - policy)#lower - case 2 ? <cr> Cisco(config - cc - policy)#lower - case 2

81. 80 PA55word!^ Cisco#show aaa common - criteria policy name pwcomple x Policy name: pwcomplex Minimum length: 10 Maximum length: 10 Upper Count: 2 Lower Count: 2 Numeric Count: 2 Special Count: 2 Number of character changes 4 Valid forever. User tied to this policy will not expire

91. 90 Uptime is 0 weeks,1 day,2 hours,46 minutes 5900AF - 48G - 4XG - 2QSFP+ Switch with 2 Processors BOARD TYPE: 5900AF - 48G - 4XG - 2QSFP+ Switch DRAM: 2048M bytes FLASH: 512M bytes PCB 1 Version: VER.A Bootrom Version: 139 CPLD 1 Version: 001 CPLD 2 Version: 255 Release Version: HP 5900AF - 48G - 4XG - 2QSFP+ Switch - 2416 Patch Version : None Reboot Cause : ColdReboot [SubSlot 0] 48GE+4SFP Plus+2Q SFP Plus Comware7>tftp ? STRING<1 - 253> IP address or hostname of the TFTP Server ipv6 IPv6 TFTP Client <Comware7>tftp 10.0.100.111 ? get Download a file from the TFTP server put Upload a local file to the TFTP server sget Down load a file from the TFTP server securely <Comware7>tftp 10.0.100.111 get ? STRING<1 - 255> Source filename <Comware7>tftp 10.0.100.111 get 5900_5920 - CMW710 - R2311P05.ipe ? STRING<1 - 255> Destination filename dscp Set the Differentiated Ser vices Codepoint (DSCP) value source Specify the source address for outgoing TFTP packets vpn - instance Specify a VPN instance <cr> <Comware7>tftp 10.0.100.111 get 5900_5920 - CMW710 - R2311P05.ipe Press CTRL+C to abort. <Comware7>scp ? STR ING<1 - 253> IP address or hostname of remote system ipv6 IPv6 information <Comware7>scp 10.0.100.111 ? INTEGER<1 - 65535> Specify port number get Get file from server put Put file to server vpn - instance Specify a VPN instance <Comware7>scp 10.0.100.111 get ? STRING<1 - 255> Source file name <Comware7>scp 10.0.100.111 get 5900_5920 - CMW710 - R2311P05.ipe ? STRING<1 - 255> Destination file name identity - key Specify the algorithm for publickey authentication prefer - compress Specify the preferred compression algorithm prefer - ctos - cipher Specify the preferred encryption algorithm from client to server prefer - ctos - hmac Specify the preferred HMAC algorithm from c lient to server prefer - kex Specify the preferred key exchange algorithm prefer - stoc - cipher Specify the preferred encryption algorithm from server to client prefer - stoc - hmac Specify the preferred HMAC algorithm from server to client publickey Specify the public key of server source Specify a source <cr>

121. 120 ProVision(config)# clock ? datetime Specify the time and date set Set curr ent time and/or date. summer - time Enable/disable daylight - saving time changes. timezone Set the number of hours your location is to the West( - ) or East(+) of GMT. <cr> ProVision(config)# clock timezone ? g mt Number of hours your timezone is to the West( - ) or East(+) of GMT. us Timezone for US locations. ProVision(config)# clock timezone us alaska aleutian arizona central east_indiana eastern hawaii michigan mo untain pacific samoa ProVision(config)# clock timezone us central <cr> ProVision(config)# clock summer - time <cr> ProVision(config)# time ? begin - date The begin date of daylight savings time MM/DD[/[YY]YY] New date daylight - tim e - rule The daylight savings time rule for your location end - date The end date of daylight savings time HH:MM[:SS] New time timezone The number of minutes your location is West( - ) or East(+) of GMT <cr> ProVision (config)# time daylight - time - rule ? none alaska continental - us - and - canada middle - europe - and - portugal southern - hemisphere western - europe user - defined ProVision(config)# time daylight - time - rule continental - us - and - canada ? begin - date The b egin date of daylight savings time MM/DD[/[YY]YY] New date end - date The end date of daylight savings time HH:MM[:SS] New time timezone The number of minutes your location is West( - ) or East(+) of GMT <cr> P roVision(config)# time daylight - time - rule continental - us - and - canada ProVision# show time Wed Apr 27 17:45:52 2016

139. 138 [ Comware5 ] snmp - agent sys - info version v1 ? v2c Enable the device to support SNMPv2c v3 Enable the device to support SNMPv3 <cr> [ Com ware5 ]snmp - agent sys - info version v1 v2c ? v3 Enable the device to support SNMPv3 <cr> [ Comware5 ] snmp - agent sys - info version v1 v2c [ Comware5 ] undo snmp - agent sys - info version v3 (Note, SNMP v3 is configured but not enabled, so if only v1 & v2c required, undo v3) [ Comware5 ]snmp - agent trap ? enable SNMP trap/notification enable commands group if - mib Set trap types in IF - MIB life Set the trap aging time queue - size Length of each TRAP message queue source Set the so urce address of traps [ Comware5 ] snmp - agent trap enable ? arp Enable ARP traps bfd Enable BFD traps bgp Enable BGP trap configuration Enable the configuration management traps default - route Enable default route traps flash Enable Flash traps ospf Enable OSPF traps pim Enable PIM traps standard Enable the standard SNMP traps system Enable SysMib traps vrrp Enable VRRP traps <cr> [ Comware5 ] snmp - ag ent trap enable [ Comware5 ] snmp - agent [ Comware5 ] dis play snmp - agent sys - info The contact person for this managed node: LabEngr The physical location of this node: Lab SNMP version running in the system: SNMPv1 SNMPv2c [ Comware5 ] dis play snmp - agent community Community name: public Group name: public Storage - type: nonVolatile Community name: private Group name: private Storage - type: nonvolatile Comware7 [Comware7]snmp - agent ? calculate - password Convert a plain text key to an encrypted key community Set a community for the access of SNMPv1 and SNMPv2c community - map Configure an SNMP community to map context Configure an SNMP context

141. 140 write Assign the community the read and write access to MIB objects [Comware7]snmp - agent community read ? STRING<1 - 32> Plaintext community name cipher Specify a ciphertext community name sim ple Specify a plaintext community name [Comware7]snmp - agent community read public ? acl Set access control list for this user mib - view Specify the MIB views available for the community <cr> [Comware 7 ] snmp - agent community read public [Comware7]snmp - agent community write ? STRING<1 - 32> Plaintext community name cipher Specify a ciphertext community name simple Specify a plaintext community name [Comware7]snmp - agent community write private ? acl Set access control list for this user mib - view Specify the MIB views available for the community <cr> [Comware 7 ] snmp - agent community write private [Comware7]snmp - agent sys - info ? contact Specify the contact for system maintenance location Set the locati on information of the agent version Specify the SNMP version [Comware7]snmp - agent sys - info location ? TEXT Location information of the agent, 1 to 255 characters [Comware 7 ] snmp - agent sys - info location Lab [Comware7]snmp - agent sys - info contact ? TEXT Contact information, 1 to 255 characters [Comware 7 ] snmp - agent sys - info contact Lab _ Engr [Comware7]snmp - agent sys - info version ? all Enable the agent to support SNMPv1, SNMPv2c and SNMPv3 v1 Enable the agent to support SNMPv1 v2c Enable t he agent to support SNMPv2c v3 Enable the agent to support SNMPv3 [Comware7]snmp - agent sys - info version v1 ? v2c Enable the agent to support SNMPv2c v3 Enable the agent to support SNMPv3 <cr> [Comware7]snmp - agent sys - info version v1 v2c ? v3 Enable the agent to support SNMPv3 <cr> [Comware 7 ] snmp - agent sys - info version v1 v2c [Comware 7 ] undo snmp - agent sys - info version v3 (Note, SNMP v3 is configured but not enabled, so if only v1 & v2c required, undo v3) [Comware7]snmp - agent tra p ? enable Enable SNMP notifications if - mib Set the notification format in the IF - MIB life Set the notifications aging time

148. 147 Enter authentication password: ******** Privacy protocol is DES Enter privacy password: ******** User creation is done. SNMPv3 is now functional. Would you like to restrict SNMPv1 and SNMPv2c messages to have read only access (you can s et this later by the command 'snmp restrict - access')? [y/n] y ProVision(config)# snmpv3 user ? USERNAME - STR Set authentication param e ters. ProVision(config)# snmpv3 user test ? auth Set authentication parameters. If in enhanc ed secure - mode, you will be prompted for the password. <cr> ProVision(config)# snmpv3 user test auth ? AUTHENTICATION PASSWORD Set authentication password. md5 Set the authentication protocol to md5. sha Set the authentication protocol to sha. ProVision(config)# snmpv3 user test auth md5 ? AUTHENTICATION PASSWORD Set authentication password. ProVision(config)# snmpv3 user test auth md5 password ? priv Specify Privacy pas sword. If in enhanced secure - mode, you will be prompted for the password. <cr> ProVision(config)# snmpv3 user test auth md5 password priv ? PRIVACY PASSWORD Specify Privacy password. des Set the privacy pr otocol to des. aes Set the privacy protocol to aes - 128. ProVision(config)# snmpv3 user test auth md5 password priv des ? PRIVACY PASSWORD Specify Privacy password. ProVision(config)# snmpv3 user test auth md5 password priv des password ? <cr> ProVision(config)# snmpv3 user test auth md5 password priv des password ProVision(config)# snmpv3 group ? managerpriv Require privacy and authentication, can access all objects. managerauth Require authentication, can access all objects. operatorauth Requires authentication, limited access to objects. operatornoauth No authentication required, limited access to objects. commanagerrw Community with manager and unrestricted write access. c ommanagerr Community with manager and restricted write access. comoperatorrw Community with operator and unrestricted write access. comoperatorr Community with operator and restricted write access. ProVision(config)# snmpv3 g roup managerpriv ? user Set user to be added to the group. ProVision(config)# snmpv3 group managerpriv user ? ASCII - STR Enter an ASCII string. ProVision(config)# snmpv3 group managerpriv user test ? sec - model S et security model to be used. ProVision(config)# snmpv3 group managerpriv user test sec - model ? ver1 SNMP version 1 security model.

157. 156 1 Use SNMPv1 2c Use SNMPv2c 3 Use SNMPv3 Cisco(config)#snmp - server host 10.0 .1 11.210 version 3 ? auth Use the SNMPv3 authNoPriv Security Level noauth Use the SNMPv3 noAuthNoPriv Security Level priv Use the SNMPv3 authPriv Security Level Cisco(config)#snmp - server host 10.0.1 11.210 version 3 priv ? WORD SNMPv1/v2c c ommunity string or SNMPv3 user name Cisco(config)#snmp - server host 10.0.1 11.210 version 3 priv test ? auth - framework Allow SNMP CISCO - AUTH - FRAMEWORK - MIB traps bridge Allow SNMP STP Bridge MIB traps call - home Allow SNMP CISCO - CA LLHOME - MIB traps cef Allows cef traps cluster Allow Cluster Member Status traps config Allow SNMP config traps config - copy Allow SNMP config - copy traps config - ctid Allow SNMP config - ctid traps copy - config Allow SNMP copy - config traps cpu Allow cpu related traps dot1x Allow dot1x traps eigrp Allow SNMP EIGRP traps energywise Allow SNMP energywise traps entity Allow SNMP entity tr aps envmon Allow environmental monitor traps errdisable Allow errordisable notifications event - manager Allow SNMP Embedded Event Manager traps flash Allow SNMP FLASH traps flowmon Allow SNMP flow monito r notifications fru - ctrl Allow entity FRU control traps hsrp Allow SNMP HSRP traps ipmulticast Allow SNMP ipmulticast traps ipsla Allow SNMP Host IP SLA traps license Allow license traps mac - not ification Allow SNMP MAC Notification Traps ospf Allow OSPF traps pim Allow SNMP PIM traps port - security Allow SNMP port - security traps power - ethernet Allow SNMP power ethernet traps snmp Allow SNMP - type notifications stackwise Allow SNMP stackwise traps storm - control Allow SNMP storm - control traps stpx Allow SNMP STPX MIB traps syslog Allow SNMP syslog traps tty Allow TCP connection traps udp - port The notification host's UDP port number (default port 162) vlan - membership Allow SNMP VLAN membership traps vlancreate Allow SNMP VLAN created traps vlandelete Allow SNMP VLAN deleted traps vstack Allow SNMP Smart Install traps vtp Allow SNMP VTP traps <cr > Cisco(config)#snmp - server host 10.0.111.210 version 3 priv test Cisco(config)#snmp - server location ? LINE The physical location of this node Cisco(config)#snmp - server location Lab Cisco(config)#snmp - server contact ?

161. 160 enable Enable TELNET server functions ipv6 Specify IPv6 attribute [ Comware5 ]telnet server ena ble [ Comware5 ] local - user <name> [ Comware5 - luser - manager]service - type ? ftp FTP service type lan - access LAN - ACCESS service type portal Portal service type ssh Secu re Shell service type telnet TELNET service type terminal TERMINAL service type web Web service type [ Comware5 - lu ser - manager]service - type telnet [the next command set s the use of uid/pw for login via vty ] [ Comware5 ]user - interface vty 0 15 [ Comware5 - ui - vty0 - 15]authentication - mode ? none Login without checking password Authentication use password of user terminal interface scheme Authentication use AAA [ Comware5 - ui - vty0 - 15]authentication - mode scheme ? <cr> [ Comw are5 - ui - vty0 - 15 ]authentication - mode scheme [ the next command set s the use of password only for login via vty ] [ Comware5 ]user - interface vty 0 15 [ Comware5 - ui - vty0 - 15 ]authentication - mode password [ Comware5 - ui - vty0 - 15]user ? privilege Specify the logi n priority of user terminal interface [ Comware5 - ui - vty0 - 15]user privilege ? level Specify the privilege level of user interface [ Comware5 - ui - vty0 - 15]user privilege level ? INTEGER<0 - 3> Specify privilege level [ Comware5 - ui - vty0 - 15]user privilege le vel 3 ? <cr> [ Comware5 - ui - vty0 - 15]user privilege level 3 [ Comware5 - ui - vty0 - 15]set authentication ? password Specify the password of user interface [ Comware5 - ui - vty0 - 15]set authentication password ? cipher Set the password with cipher text has h Save and display the hash value of the password simple Set the password with plain text [ Comware5 - ui - vty0 - 15]set authentication password simple ? STRING<1 - 16> Plain text password

259. 258 <cr> [Comware7 - M - GigabitEthernet0/0/0]ip address 10.199.111.51 255.255.255.0 [Comware7]telnet ? client Specify telnet client attribute server Telnet ser ver configuration [Comware7]telnet client ? source Specify a source [Comware7]telnet client source ? interface Specify a source interface ip Specify a source IP address [Comware7]telnet client source interface ? M - GigabitEthernet MGE interface Vlan - interface VLAN interface [Comware7]telnet client source interface M - GigabitEthernet 0/0/0 ? <cr> [Comware7]telnet client source interface M - GigabitEthernet 0/0/0 [Comware7]ssh ? client SSH client configuration server Specif y the server attribute user SSH user [Comware7]ssh client ? ipv6 Specify IPv6 protocol source Specify a source address or interface for the SSH client [Comware7]ssh client source ? interface Specify a source interface ip Specify a source IPv4 address [Comware7]ssh client source interface ? M - GigabitEthernet MGE interface Vlan - interface VLAN interface [Comware7]ssh client source interface m [Comware7]ssh client source interface M - GigabitEthernet 0/0/0 ? <cr> [Comware 7]ssh client source interface M - GigabitEthernet 0/0/0 [Comware7]ntp ? authentication Configure NTP authentication authentication - keyid Specify an authentication key ID dscp Set the Differentiated Services Codepoint (DSCP) v alue enable Enable NTP service ipv6 IPv6 protocol max - dynamic - sessions Specify the maximum number of dynamic NTP sessions peer Permit full access query Permit control query refcl ock - master Configure the local clock as a master clock reliable Specify a trusted key server Permit server access and query source Specify a source interface synchronization Permit server acces s only unicast - peer Specify a NTP peer

267. 266 Cisco#ping ? WORD Ping destination address or hostname clns CLNS echo ip IP echo ipv6 IPv6 echo tag Tag encapsulated IP echo <cr> Cisco#ping 10.199.111.21 ? data specify data pattern df - bit enable do not fragment bit in IP header repeat specif y repeat count size specify datagram size source specify source address or name timeout specify timeout interval validate validate reply data <cr> Cisco#ping 10.199.111.21 source ? A.B.C.D Source address Async Async interface Auto - Template Auto - Template interface BVI Bridge - Group Virtual Interface CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEthernet IEEE 802.3 Filter Filter interface Filtergroup Filter Group interface GigabitEthernet GigabitEthernet IEEE 802.3z GroupVI Group Virtual interface Lex Lex interface Loopback Loopback interface Null Null interface Port - channel Ethernet Channel of interfaces Portgroup Portgroup interface Pos - channel POS Channel of interfaces TenGigabitEthernet Ten Gigabit Ethernet Tunnel Tunnel interface V if PGM Multicast Host interface Virtual - Template Virtual Template interface Virtual - TokenRing Virtual TokenRing Vlan Catalyst Vlans fcpa Fiber Channel Cisco#ping 10.199.111.21 source fastEthernet 0 ? data specify data pattern df - bit enable do not fragment bit in IP header repeat specify repeat count size specify datagram size timeout specify timeout interval validate validate reply data <cr> Cisco#ping 10.199.111.2 1 source fastEthernet 0 Type escape sequence to abort. Sending 5, 100 - byte ICMP Echos to 10.199.111.21, timeout is 2 seconds: Packet sent with a source address of 10.199.111.41 !!!!! Success rate is 100 percent (5/5), round - trip min/avg/max = 1/2/8 ms Ci sco#copy tftp:? tftp: A URL beginning with this prefix Cisco#copy tftp://10.199.111.200/ c3750e - universalk9 - mz.150 - 2.SE7.bin ?

277. 276 Port Type | Alert Enabled Status Mode Mode Ctrl Limit ------------ --------- + --------- ------- ------ ---------- ---- ---- ----- 1 100/1000T | No Yes Up 1000FDx MDIX off 0 2 100/1000T | No Yes Down 1000FDx Auto off 0 3 100/1000T | No Yes Down 1000FDx Auto off 0 4 100/1000T | No Yes Down 1000FDx Auto off 0 5 100/1000T | No Yes Down 1000FDx Auto off 0 6 100/1000T | No Yes Down 1000FDx Auto off 0 7 100/1000T | No Yes Down 1000FDx Auto off 0 8 100/1000T | No Yes Down 1000FDx Auto off 0 9 100/1000T | No Yes Down 1000FDx Auto off 0 10 100/1000T | No Yes Down 1000FDx Auto off 0 11 100/ 1000T | No Yes Down 1000FDx Auto off 0 12 100/1000T | No Yes Down 1000FDx Auto off 0 13 100/1000T | No Yes Down 1000FDx Auto off 0 14 100/1000T | No Yes Down 1000FDx Auto off 0 15 100/1000T | No Yes Down 1000FDx Auto off 0 16 100/1000T | No Yes Down 1000FDx Auto off 0 17 100/1000T | No Yes Down 1000FDx Auto off 0 18 100/1000T | No Yes Down 1000FDx Auto off 0 19 100/1000T | No Yes Down 1000FDx Auto off 0 20 100/1000T | No Yes Down 1000FDx Auto off 0 21 100/1000T | No Yes Down 1000FDx Auto off 0 22 100/1000T | No Yes Down 1000FDx Auto off 0 23 100/1000T | No Yes Down 1000FDx Auto off 0 24 100/1000T | No Yes Down 1000FDx Auto off 0 25 | No Yes Down . off 0 26 | No Yes Down . off 0 ProVision# show interfaces brief 1 Status and Counters - Port Status | Intrusion MDI Flow Bcast Port Type | Alert Enabled Status Mode Mode Ctrl Limit ------------ --------- + --------- ------- ------ ---------- ---- ---- ----- 1 100/1000T | No Yes Up 1000FDx MDIX off 0 ProVision# show interfaces 1 ? hc Show summary of network traffic handled by the ports. <cr> ProVision# show interfaces 1 Status and Cou nters - Port Counters for port 1 Name : MAC Address : 009c02 - d539bf Link Status : Up Totals (Since boot or last clear) : Bytes Rx : 2,069,285,321 Bytes Tx : 214,736,598 Unicast Rx : 1,922,572 Unicast Tx : 1,283,973 Bcast/Mcast Rx : 588,985 B cast/Mcast Tx : 326,260 Errors (Since boot or last clear) : FCS Rx : 0 Drops Tx : 0 Alignment Rx : 0 Collisions Tx : 0 Runts Rx : 0 Late Colln Tx : 0 Giants Rx : 0 Excessive Colln : 0 Total Rx Errors : 0 Deferred Tx : 0 Others (Since boot or last clear) : Discard Rx : 0 Out Queue Len : 0 Unknown Protos : 0 Rates (5 minute weighted a verage) : Total Rx (bps) : 510824 Total Tx (bps) : 517072

278. 277 Unicast Rx (Pkts/sec) : 18 Unicast Tx (Pkts/sec) : 20 B/Mcast Rx (Pkts/sec) : 0 B/Mcast Tx (Pkts/sec) : 0 Utilization Rx : 00.51 % Utilizat ion Tx : 00.51 % ProVision(config)# interface ? loopback Enter the loopback Configuration Level. [ethernet] PORT - LIST Enter the Interface Configuration Level, or execute one command for that level. tunnel Enter a tunnel context. ProVision(config)# interface 1 ProVision (eth - 1 )#? arp - protect Configure the port as trusted or untrusted. bandwidth - min Enable/disable and configure guaranteed minimum bandwidth se ttings for outgoing traffic on the port(s). broadcast - limit Limit network bandwidth used by broadcast traffic. dhcp - snooping Configure port - specific DHCP snooping parameters. dhcpv6 - snooping Configure DHCPv6 snooping settings on a po rt. disable Disable interface. enable Enable interface. energy - efficient - e... Enables or disables EEE on each port in the port list. flow - control Enable/disable flow control negotiation on the port(s) during link establishment. forbid Prevent ports from becoming a member of specified VLANs. gvrp Set the GVRP timers for the port. ignore - untagged - mac Prevent MAC address learning for certain untagged control traffic. ip Apply an access control list to inbound packets on port. ipv6 Configure various IPv6 parameters for the VLAN. lacp Define whether LACP is enabled on the port, and whe ther it is in active or passive mode when enabled. link - keepalive Configure UniDirectional Link Detection (UDLD) on the port. mac - count - notify Send a trap when the number of MAC addresses learned on the specified ports exceeds the threshold. mac - notify Configures SNMP traps for changes in the MAC address table. mdix - mode Set port MDI/MDIX mode (default: auto). monitor Monitor traffic on the port. name Change the interface name. poe - allocate - by Configure the power allocation method. poe - lldp - detect Enabling this feature causes the port to allocate power based on the link - partner's capabilities via LLDP. po e - value Set the maximum power allocation for the port. power - over - ethernet Enable per - port power distribution. qos Configure port - based traffic prioritization. rate - limit Enable rate limiting for various types of traffic. service - policy Apply the QoS/Mirror policy on the interface. smart - link Configure the control VLANs for receiving flush packets. speed - duplex Define mode of operation for the port(s). tagged Assign ports to specified VLANs as tagged. unknown - vlans Configure the GVRP mode. untagged Assign ports to specified VLAN as untagged. <cr> ProVision ( eth - 1 )# name ? PORT - NAME - STR Specify a port name up to 64 characters length. P roVision ( eth - 1)# name link - to - core ProVision ( eth - 1 )# speed - duplex ? 10 - half 10 Mbps, half duplex. 100 - half 100 Mbps, half duplex. 10 - full 10 Mbps, full duplex.

290. 289 Interface configuration commands: aaa Authentication, Authorization and Accounting. arp Se t arp type (arpa, probe, snap) or timeout or log options auto Configure Automation bandwidth Set bandwidth informational parameter bgp - policy Apply policy propagated by bgp commu nity string carrier - delay Specify delay for interface transitions cdp CDP interface subcommands channel - group Etherchannel/port bundling configuration channel - protocol Select the channel protocol (LACP , PAgP) cts Configure Cisco Trusted Security dampening Enable event dampening datalink Interface Datalink commands default Set a command to its defaults delay Spec ify interface throughput delay description Interface specific description down - when - looped Force looped interface down duplex Configure duplex operation. eou EAPoUDP Interface Configuration Co mmands exit Exit from interface configuration mode flow - sampler Attach flow sampler to the interface flowcontrol Configure flow operation. help Description of the interactive help system history Interface history histograms - 60 second, 60 minute and 72 hour hold - queue Set hold queue depth ip Interface Internet Protocol config commands keepalive Enable keepalive l2protocol - tunnel Tunnel Layer2 protocols lacp LACP interface subcommands link Configure Link lldp LLDP interface subcommands load - interval Specify inter val for load calculation for an interface location Interface location information logging Configure logging for interface mac MAC interface commands macro Command macro max - reserved - bandwidth Maximum Reservable Bandwidth on an Interface mdix Set Media Dependent Interface with Crossover mka MACsec Key Agreement (MKA) interface configuration mls mls interface commands mvr MVR per port configuration neighbor interface neighbor configuration mode commands network - policy Network Policy nmsp NMSP interface configuration no Negate a command or set its defaults pagp PAgP interface subcommands priority - queue Priority Queue queue - set Choose a queue set for this queue rmon Configure Remote Mo nitoring on an interface routing Per - interface routing configuration rsu rollsing stack upgrade service - policy Configure CPL Service Policy shutdown Shutdown the selected interface small - frame Set rate limit parameters for small frame snmp Modify SNMP interface parameters source Get config from another source spanning - tree Spanning Tree Subsystem speed Con figure speed operation. srr - queue Configure shaped round - robin transmit queues storm - control storm configuration switchport Set switching mode characteristics timeout Define timeout values for th is interface

299. 298 VLAN ID : 220 Name : test Status : Port - based Voice : No Jumbo : No Port Information Mode Unknown VLAN Status ---------------- -------- ------------ ---------- 4 Un tagged Learn Down 6 Tagged Learn Down ProVision# show vlans 100 Status and Counters - VLAN Information - VLAN 100 VLAN ID : 100 Name : VLAN100 Status : Port - based Voice : No Jumbo : No Port Information Mod e Unknown VLAN Status ---------------- -------- ------------ ---------- 5 Untagged Learn Down 6 Tagged Learn Down 9 Untagged Learn Down ProVision# show vlans 1 Status and C ounters - VLAN Information - VLAN 1 VLAN ID : 1 Name : DEFAULT_VLAN Status : Port - based Voice : No Jumbo : No Port Information Mode Unknown VLAN Status ---------------- -------- ------------ ---------- 1 Untagged Learn Up 2 Untagged Learn Down 3 Untagged Learn Down 6 Untagged Learn Down 7 Untagged Learn Down 8 Untagged Learn Down 10 Untagged Learn Down 11 Untagged Learn Up 12 Untagged Learn Down 13 Untagged Learn Up 14 Untagged Learn Down 15 Untagged Learn Down 16 Untagged Learn Down 17 Untagged Learn Down 18 Untagged Learn Down 19 Untagged Learn Down 20 Untagged Learn Down 21 Untagge d Learn Down 22 Untagged Learn Down 23 Untagged Learn Down 24 Untagged Learn Down 25 Untagged Learn Down 26 Untagged Learn Down

329. 328 [Comware7]interface g1/0/10 [Comware7 - GigabitEthernet1/0/10]? Gigabitethernet_l2 interface view commands: apply Apply a PoE profile arp ARP module bandwidth Specify the expected bandwi dth bpdu - drop Specify BPDU drop function broadcast - suppression Broadcast storm suppression function cdp Non standard IEEE discovery protocol cfd Connectivity Fault Detection (CFD) module dcbx Data Center Bridge Capability Exchange Protocol default Restore the default settings description Describe the interface dhcp DHCP module diagnostic - logfile Diagnostic log file configur ation display Display current system information dldp DLDP module dot1x 802.1X module duplex Status of duplex eee Energy efficient ethernet enable Enable functions evb Edge Virtual Bridging (EVB) module flex10 Configure Flex10 flow - control Enable flow control function flow - interval Set the interface statistics interval igmp - snooping IGMP snooping module ip Specify IP configuration ipv6 Specify IPv6 configuration jumboframe Specify jumbo frame forwarding l2vpn Layer 2 Virtual Private Network (L2VPN) mod ule lacp Configure LACP protocol link - aggregation Specify link aggregation group configuration information link - delay Set the physical state change suppression lldp Link Layer Discovery Protocol(802.1ab) logfile Log file configuration loopback Specify loopback of current port loopback - detection Loopback detection module mac - address Configure MAC address mac - authenticat ion MAC authentication module mac - forced - forwarding Specify MAC - forced forwarding configuration information mac - vlan MAC VLAN configuration macsec MAC security module mdix - mode Specify mdix type mir roring - group Specify mirroring group mka MACsec Key Agreement protocol mld - snooping MLD snooping module monitor System monitor mrp Multiple registration protocol multicast - supp ression Multicast storm suppression function mvrp Multiple VLAN registration protocol oam OAM module packet - filter Packet filter settings pbb Provider Backbone Bridge (PBB) module ping Ping function poe Power over Ethernet port Set port attributes port - isolate Port isolation configuration port - security Port security module priority - flow - control Prio rity - based flow control (PFC) configuration ptp Precision Time Protocol (PTP) module qcn Quantized Congestion Notification (QCN) module qinq 802.1QinQ function qos Quality o f Service (QoS) module

358. 357 [Comware7]voice - vlan mac - address 0013 - 6000 - 0000 ? mask Specify MAC address mask [Co mware7]voice - vlan mac - address 0013 - 6000 - 0000 mask ffff - ff00 - 0000 ? description Specify MAC address description <cr> [Comware7]voice - vlan mac - address 0013 - 6000 - 0000 mask ffff - ff00 - 0000 description Cisco - 7960 ? TEXT MAC address description (of up to 30 characters) <cr> [Comware7]voice - vlan mac - address 0013 - 6000 - 0000 mask ffff - ff00 - 0000 description Cisco - 7960 [Comware7]vlan 230 [Comware7 - vlan230]name voice [Comware7]interface g1/0/5 [Comware7 - GigabitEthernet1/0/5]port link - type access [Comwa re7 - GigabitEthernet1/0/5]port link - type hybrid [Comware7 - GigabitEthernet1/0/5]port hybrid vlan 220 untagged [Comware7 - GigabitEthernet1/0/5]port hybrid pvid vlan 220 [Comware7 - GigabitEthernet1/0/5]voice - vlan 230 enable [Comware 7 - GigabitEthernet1/0/5 ]poe enable <Comware7>display vlan 230 VLAN ID: 230 VLAN type: Static Route interface: Configured IPv4 address: 10.1.230.5 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0230 Name: voice Tagged ports: GigabitEthernet1/0/5 Untagged ports: None <Comware 7 >display interface g1/0/5 G igabitEthernet1/0/5 Current state: UP ... PVID: 220 MDI type: automdix Port link - type: Hybrid Tagged VLANs: 230 Untagged VLANs: 100, 220 ... <Comware7>display voice - vlan state Current voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes

26. 25 ProVision# show system fans Fan Information Num | State | Failures ------- + ------------- + ---------- Fan - 1 | Fan OK | 0 Fan - 2 | Fan OK | 0 Fan - 3 | Fan OK | 0 Fan - 4 | Fan OK | 0 0 / 4 Fans in Failure State 0 / 4 Fans have been in Failure State ProVision# show system power - supply Power Supply Status: PS# Model State AC/DC + V Wattage Max ----- --------- --------------- ----------------- ---- ----- ------ 1 J9580A Powered AC 120V/240V 71 1000 2 Unknwn Not Present 0 0 1 / 2 supply bays delivering power. Currently supplying 71 W / 1000 W total power. ProVision# show s ystem temperature System Air Temperature Temp Current Max Min Sensor Temp Temp Temp Threshold OverTemp ------- -------- ----- ----- ---------- --------- Chassis 28C 28C 0C 55C NO Comware <Comware >display device ? chassis Specify the chassis number manuinfo Manufacture information slot Specify the slot number verbose Display detail information | Matching output <cr> < Comware > display device manuinfo ? slot Specify the slot number | Matching output <cr> < Comware >display device manuinfo Slot 1: DEVICE_NAME : S5500 - 28C - PWR - EI DEVICE_SERIAL_NUMBER : xxxxxxxxxxxx MAC_ADDRESS : 0023 - 89D5 - A059 MANUFACTURING_DATE : 2010 - 02 - 16 VENDOR_NAME : H3C < Comwa re > display device verbose ? | Matching output <cr>

32. 31 141 VTY 12 142 VTY 13 143 VTY 14 144 VTY 15 145 VTY 16 146 VTY 17 147 VTY 18 148 VTY 19 149 VTY 20 150 VTY 21 151 VTY 22 152 VTY 23 153 VTY 24 154 VTY 25 155 VTY 26 156 VTY 27 157 VTY 28 158 VTY 29 159 VTY 30 160 VTY 31 161 VTY 32 162 VTY 33 163 VTY 34 164 VTY 35 165 VTY 36 166 VTY 37 167 VTY 38 168 VTY 39 169 VTY 40 170 VTY 41 171 VTY 42 172 VTY 43 173 VTY 44 174 VTY 45 175 VTY 46 176 VTY 47 177 VTY 48 178 VTY 49 179 VTY 50 180 VTY 51 181 VTY 52 182 VTY 53 183 VTY 54 184 VTY 55 185 VTY 56 186 VTY 57 187 VTY 58 188 VTY 59 189 VTY 60 190 VTY 61 191 VTY 62 192 VTY 63 Following are more details. VTY 0 : Location: 10.0.100.84 VTY 1 : Location: 10.1. 1.108 + : Line is active. F : Line is active and works in async mode.

35. 34 < Comware7>free user - interface 129 ? <cr> < Comware7>free user - interface 129 Are you sure to free line vty0? [Y/N]:y [OK] <Comware7>free line ? INTEGER<0 - 192> Specify one line aux AUX line vty Virtual type terminal (VTY) line <Comware7>free line 129 ? <cr> <Comware7>free line 129 Are you sure to free line vty0? [Y/N]:y <Comware7>display users Idx Line Idle Time Pid Type F 0 AUX 0 00:00:00 Mar 23 15: 22:58 538 130 VTY 1 00:05:31 Mar 23 15:45:49 621 TEL Following are more details. VTY 1 : Location: 10.1.1.108 + : Current operation user. F : Current operation user works in async mode. Cisco Cisco#clear line ? <0 - 16> Line number console Primary terminal line vty Virtual terminal Cisco#clear line 2 [confirm] [OK] Cisco#clear line vty ? <0 - 15> Line number Cisco#clear line vty 1 ? <cr> Cisco#clear line vty 1 [confirm] [OK] Cisco#show users Lin e User Host(s) Idle Location * 0 con 0 manager idle 00:00:00 1 vty 0 manager idle 00:02:30 10.0.100.84 Interface User Mode Idle Peer Address

66. 65 ssh Secure Shell service terminal Terminal access service <cr> [Comware7 - luser - manage - test1]service - type telnet [C omware7 - luser - manage - test1]authorization - attribute ? acl Specify ACL of local user callback - number Specify PPP callback number of local user idle - cut Specify idle cut function for local user user - profile Specify user profi le of local user user - role Specify user role of the local user vlan Specify VLAN ID of local user work - directory Specify work directory of local user [Comware7 - luser - manage - test1]authorization - attribute user - role ? STRING<1 - 63 > User role name network - admin network - operator level - 0 level - 1 level - 2 level - 3 level - 4 level - 5 level - 6 level - 7 level - 8 level - 9 level - 10 level - 11 level - 12 level - 13 level - 14 level - 15 security - audit network - admin2 [Comware7 - luser - manage - test1]authorization - attribute user - role network - admin2 ? acl Specify ACL of local user callback - number Specify PPP callback number of local user idle - cut Specify idle cut function for local user user - p rofile Specify user profile of local user vlan Specify VLAN ID of local user work - directory Specify work directory of local user <cr> [Comware7 - luser - manage - test1]authorization - attribute user - role network - admin2 [Comware7 - luser - ma nage - test1]undo authorization - attribute user - role network - oper a tor [Comware7]display role ? > Redirect it to a file >> Redirect it to a file in append mode feature Specify a feature feature - group Specify a featur e group name Specify a name for the user role | Matching output <cr> [Comware7]display role name ? STRING<1 - 63> User role name network - admin

84. 83 flash Copy the switch system image file. running - config Copy running configuration file. sftp Copy data from a SFTP server. ssh - client - known - h... Copy the known hosts file. ssh - server - pub - key Copy the switch's SSH server public key. startup - config Copy in - flash configuration file. tftp Copy data from a TFTP server. usb Copy data from a USB flash drive. xmodem Use xmodem on the term inal as the data source. ProVision# copy tftp ? autorun - cert - file Copy autorun trusted certificate to the switch. autorun - key - file Copy autorun key file to the switch. command - file Copy command script to switch and execute. config Copy data to the specified switch configuration file. default - config Copy source file to custom default configuration. flash Copy data to the switch system image file. local - certificate Local Certificate to be cop ied. pub - key - file Copy the public keys to the switch. show - tech Copy custom show - tech script to switch. ssh - client - key Copy an RSA or DSA private key to the switch for the SSH client to use. ssh - client - known - h... Copy a file containing SSH known hosts to the switch. startup - config Copy data to the switch configuration file. ta - certificate Copy a Trust Anchor certificate to the device. ProVision# copy tftp flash ? HOST - NAME - STR Specify hostname of the TFTP server. IP - ADDR Specify TFTP server IPv4 address. IPV6 - ADDR Specify TFTP server IPv6 address. ProVision# copy tftp flash 10.0.100.111 ? FILENAME - STR Specify filename for the TFTP transf er. ProVision# copy tftp flash 10.0.100.11 K_15_16_0004.swi ? primary Copy to primary flash. secondary Copy to secondary flash. oobm Use the OOBM interface to reach TFTP server. <cr> ProVision# copy tftp fla sh 10.0.100.111 K_15_16_0004.swi secondary ? oobm Use the OOBM interface to reach TFTP server. <cr> ProVision# copy tftp flash 10.0.100.111 K_15_16_0004.swi secondary ProVision# copy sftp ? autorun - cert - file Copy autorun trusted certificate to the switch. autorun - key - file Copy autorun key file to the switch. command - file Copy command script to switch and execute. config Copy data to the specified switch configuration file. default - config Cop y source file to custom default configuration. flash Copy data to the switch system image file. local - certificate Local Certificate to be copied. pub - key - file Copy the public keys to the switch. show - tech Copy c ustom show - tech script to switch. ssh - client - key Copy an RSA or DSA private key to the switch for the SSH client to use. ssh - client - known - h... Copy a file containing SSH known hosts to the switch. startup - config Copy data to the switch configuration file. ta - certificate Copy a Trust Anchor certificate to the device.

104. 103 client vpn - instance Specify a VPN instance <cr> < Comware5 >sftp 10.0.1 00.111 Input Username: manager Trying 10.0.100.111 ... Press CTRL+K to abort Connected to 10.0.100.111 ... Enter password: sftp - client>put comware_main.cfg comware_startup - config.cfg Local file:comware_main.cfg --- > Remote file: /comware_startup - config.c fg Uploading file successfully ended sftp - client>bye Bye Connection closed. < Comware5 > reset saved - configuration ? backup Backup config file main Main config file <cr> < Comware5 > reset saved - configuration main ? backup Backup config file ma in Main config file <cr> < Comware5 > reset saved - configuration main < Comware5 >tftp 10.0.100.111 get comware_main.cfg startup.cfg < Comware5 >sftp 10.0.100.111 Input Username: manager Trying 10.0.100.111 ... Press CTRL+K to abort Connected to 10.0.100 .111 ... Enter password: sftp - client>get comware_main.cfg startup .cfg Remote file:/comware_mai n.cfg --- > Local file: startup .cfg. Downloading file successfully ended sftp - client>bye < Comware5 > tftp 10. 0.100.111 get comware_ main3.cfg comware_ main3.cfg < Comware5 >sftp 10.0.100.111 Input Username: manager Trying 10.0.100.111 ... Press CTRL+K to abort Connected to 10.0.100.111 ... Enter password: sftp - client>get comware_main3.cfg comware_main3.cfg Remote file:/comware_main3.cfg --- > Local file: comware_ma in3.cfg. Downloading file successfully ended sftp - client>bye < Comware5 > dir Directory of flash:/ 0 - rw - 3816 Mar 06 2015 00:31:44 startup.cfg

206. 205 timeout Time to wait for this RADIUS server to reply (overrides default) <cr> Cisco(config)#radius - server host 10.0.100.111 auth - port ? <0 - 65535> Port number Cisco(config )#radius - server host 10.0.100.111 auth - port 1812 ? acct - port UDP port for RADIUS accounting server (default is 1646) auth - port UDP port for RADIUS authentication server (default is 1645) backoff Retry backoff pattern (Default is retrans mits with constant delay) key per - server encryption key (overrides default) key - wrap per - server keywrap configuration non - standard Parse attributes that violate the RADIUS standard pac Generate per - server P rotected Access Credential key retransmit Specify the number of retries to active server (overrides default) test Configure server automated testing. timeout Time to wait for this RADIUS server to reply (overrides default) <cr> Cisco(config)#radius - server host 10.0.100.111 auth - port 1812 acct - port ? <0 - 65535> Port number Cisco(config)#radius - server host 10.0.100.111 auth - port 1812 acct - port 1813 ? auth - port UDP port for RADIUS authenticati on server (default is 1645) backoff Retry backoff pattern (Default is retransmits with constant delay) key per - server encryption key (overrides default) key - wrap per - server keywrap configuration non - standard Pa rse attributes that violate the RADIUS standard pac Generate per - server Protected Access Credential key retransmit Specify the number of retries to active server (overrides default) test Configure server automate d testing. timeout Time to wait for this RADIUS server to reply (overrides default) <cr> Cisco(config)#radius - server host 10.0.100.111 auth - port 1812 acct - port 1813 key ? 0 Specifies an UNENCRYPTED key will follow 7 S pecifies HIDDEN key will follow LINE The UNENCRYPTED (cleartext) server key Cisco(config)#radius - server host 10.0.100.111 auth - port 1812 acct - port 1813 key password ? <cr> Cisco(config)#radius - server host 10.0.100.111 auth - port 1812 acct - port 1813 k ey password Cisco(config)#aaa ? accounting Accounting configurations parameters. attribute AAA attribute definitions authentication Authentication configurations parameters. authorization Authorization configurations parameters. cache AAA cache definitions configuration Authorization configuration parameters. dnis Associate certain AAA parameters to a specific DNIS number group AAA group definitions local AAA Local Authen/ Authz Method Lists local AAA Local method options max - sessions Adjust initial hash size for estimated max sessions memory AAA memory parameters

224. 223 [ Comware5 - hwtacacs - tacacs_auth]primary ? accounting Specify HWTACACS accounting server authentication Specify HWTACACS authentication server authorization Specify HWTACACS authorization server [ Comware5 - hwtacacs - tacacs_auth]primary authentication ? X.X.X.X IP address [ Comware5 - hwtacacs - tacacs_auth]pri mary authentication 10.0.100.11 1 ? INTEGER<1 - 65535> Specify port for server key Specify the shared key for secure communication with the server vpn - instance Specify VPN instance <cr> [Comware5 - hwtacacs - tacacs - auth]primary authentication 10.0.100.111 key ? STRING<1 - 255> Plaintext key string cipher Specify a ciphertext key simple Specify a plaintext key [Comware5 - hwtacacs - tacacs - auth]primary authentication 10.0.100.111 key simple ? STRING<1 - 255> Plaintext key stri ng [Comware5 - hwtacacs - tacacs - auth]primary authentication 10.0.100.111 key simple password ? INTEGER<1 - 65535> Specify port for server vpn - instance Specify VPN instance <cr> [ Comware5 - hwtacacs - tacacs - auth]primary authentication 10.0.100.111 key simple password [Comware5 - hwtacacs - tacacs - auth]primary authorization 10.0.100.111 key simple password [Comware5 - hwtacacs - tacacs - auth]primary accounting 10.0.100.111 key simple password [ Comware5 - hwtacacs - tacacs - auth]user - name - format ? keep - original User name unchanged with - domain User name like XXX@XXX without - domain User name like XXX [ Comware5 - hwtacacs - tacacs - auth]user - name - format with - domain ? <cr> [Comware5 - hwtacacs - tacacs - auth]user - name - format without - domain [Comware5] domain ta cacs [ Comware5 - isp - tacacs]? Isp view commands: access - limit Specify access limit of domain accounting Specify accounting scheme authentication Specify authentication scheme authorization Specify auth orization scheme authorization - attribute Specify authorization attributes of domain cfd Connectivity fault detection (IEEE 802.1ag) display Display current system information dscp Specify a DSCP value for user packets of this domain idle - cut Specify idle - cut attribute of domain mtracert Trace route to multicast source ping Ping function quit Exit from current com mand view return Exit to User View

262. 261 agent Specify LLDP agent interface Specify interface list Neighbor list verbose Verbose message | Matching output <cr> <Comware7>display lldp neighbor - information interface ? FortyGigE FortyGigE interface GigabitEthernet GigabitEthernet interface M - GigabitEthernet MGE interface Ten - GigabitEthernet Ten - GigabitEthernet interface <Comware7>display lldp neighbor - information interface M - GigabitEthernet 0/0 /0 ? > Redirect it to a file >> Redirect it to a file in append mode agent Specify LLDP agent verbose Verbose message | Matching output <cr> <Comware7>display lldp neighbor - information interface M - GigabitEthernet 0/0/0 LLDP neighbor - information of port 26446[M - GigabitEthernet0/0/0]: LLDP agent nearest - bridge: LLDP neighbor index : 1 ChassisID/subtype : 0025 - 61d7 - c560/MAC address PortID/subtype : 6/Locally assigned Capabilities : Bridge Cisco Cisco( config)#interface fastEthernet 0 Cisco(config - if)#? Interface configuration commands: aaa Authentication, Authorization and Accounting. access - expression Build a bridge boolean access expression arp Set arp type (arpa, probe, snap) or timeout or log options bandwidth Set bandwidth informational parameter bgp - policy Apply policy propagated by bgp community string carrier - delay Specify del ay for interface transitions cdp CDP interface subcommands clns CLNS interface subcommands crypto Encryption/Decryption commands cts Configure Cisco Trusted Security damp ening Enable event dampening datalink Interface Datalink commands default Set a command to its defaults delay Specify interface throughput delay description Interface specif ic description duplex Configure duplex operation. eou EAPoUDP Interface Configuration Commands exit Exit from interface configuration mode flow - sampler Attach flow sampler to the in terface flowcontrol Configure flow operation. glbp Gateway Load Balancing Protocol interface commands help Description of the interactive help system history Interface history histog rams - 60 second, 60 minute and 72 hour hold - queue Set hold queue depth ip Interface Internet Protocol config commands ipv6 IPv6 interface subcommands isis IS - IS commands

265. 264 Loopback Loopback interface Null Null interface Port - channel Ethernet Channel of interfaces Port group Portgroup interface Pos - channel POS Channel of interfaces TenGigabitEthernet Ten Gigabit Ethernet Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual - Template Virtual Template interface Virtual - TokenRing Virtual TokenRing Vlan Catalyst Vlans fcpa Fiber Channel Cisco(config)#ip telnet source - interface fastEthernet 0 ? <cr> Cisco(config)#ip telnet source - interface fastEthernet 0 Cisco(co nfig)#ip ssh ? authentication - retries Specify number of authentication retries break - string break - string dh Diffie - Hellman dscp IP DSCP value for SSH traffic logging Configure lo gging for SSH maxstartups Maximum concurrent sessions allowed port Starting (or only) Port number to listen on precedence IP Precedence value for SSH traffic pubkey - chain pubkey - chain rekey Configure rekey values rsa Configure RSA keypair name for SSH source - interface Specify interface for source address in SSH connections stricthostkeycheck Enable SSH Server Aut hentication time - out Specify SSH time - out interval version Specify protocol version to be supported Cisco(config)#ip ssh source - interface ? Async Async interface Auto - Template Auto - Template interf ace BVI Bridge - Group Virtual Interface CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEthernet IEEE 802.3 Filter Filter interface Filtergroup Filter Group interface GigabitEthernet GigabitEthernet IEEE 802.3z GroupVI Group Virtual interface Lex Lex interface Loopback Loopback interface Null Null interface Port - channel Ethernet Chann el of interfaces Portgroup Portgroup interface Pos - channel POS Channel of interfaces TenGigabitEthernet Ten Gigabit Ethernet Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual - Templa te Virtual Template interface Virtual - TokenRing Virtual TokenRing Vlan Catalyst Vlans fcpa Fiber Channel Cisco(config)#ip ssh source - interface fastEthernet 0 ? <cr>

283. 282 | Matching output <cr> <Comware7>display interface brief Brief information on interfaces in route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Primary IP Descr iption InLoop0 UP UP(s) -- M - GE0/0/0 DOWN DOWN -- NULL0 UP UP(s) -- REG0 UP -- -- Vlan1 UP UP 10.0.111.51 Brief information on interfaces in bridge mode: L ink: ADM - administratively down; Stby - standby Speed: (a) - auto Duplex: (a)/A - auto; H - half; F - full Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description FGE1/0/53 DOWN auto A A 1 FGE1/0/54 DOWN auto A A 1 GE1/0/1 UP 1G(a) F(a) A 1 GE1/0/2 DOWN auto A A 1 GE1/0/3 DOWN auto A A 1 GE1/0/4 DOWN auto A A 1 GE1/0/5 DOWN auto A A 1 GE1/0/6 DOWN auto A A 1 GE1/0/7 DOWN auto A A 1 GE1/0/8 DOWN auto A A 1 GE1/0/9 DOWN auto A A 1 GE1/0/10 DOWN aut o A A 1 GE1/0/11 DOWN auto A A 1 GE1/0/12 DOWN auto A A 1 GE1/0/13 DOWN auto A A 1 GE1/0/14 DOWN auto A A 1 GE1/0/15 DOWN auto A A 1 GE1/0/16 DOWN auto A A 1 GE1/0/17 DOWN auto A A 1 GE1/0/18 DOWN auto A A 1 GE1/0/19 DOWN auto A A 1 GE1/0/20 DOWN auto A A 1 GE1/0/21 DOWN auto A A 1 GE1/0/22 DOWN auto A A 1 GE1/0/23 DOWN auto A A 1 GE1/0/24 DOWN auto A A 1 GE1/0/25 DOWN auto A A 1 GE1/0/26 DOWN aut o A A 1 GE1/0/27 DOWN auto A A 1 GE1/0/28 DOWN auto A A 1 GE1/0/29 DOWN auto A A 1 GE1/0/30 DOWN auto A A 1 GE1/0/31 DOWN auto A A 1 GE1/0/32 DOWN auto A A 1 GE1/0/33 DOWN auto A A 1 GE1/0/34 DOWN auto A A 1 GE1/0/35 DOWN auto A A 1 GE1/0/36 DOWN auto A A 1 GE1/0/37 DOWN auto A A 1 GE1/0/38 DOWN auto A A 1 GE1/0/39 DOWN auto A A 1 GE1/0/40 DOWN auto A A 1 GE1/0/41 DOWN auto A A 1 GE1/0/42 DOWN aut o A A 1 GE1/0/43 DOWN auto A A 1

285. 284 152 unicasts, 10 broadcasts, 91 multicasts, 0 pauses Output (normal): 253 packets, - bytes 152 unicasts, 10 broadcasts, 91 multicasts , 0 pauses Output: 0 output errors, - underruns, - buffer failures 0 aborts, 0 deferred, 0 collisions, 0 late collisions 0 lost carrier, - no carrier r [Comware7]interface ? Bridge - Aggregation Bridge - Aggregation interface FortyGig E FortyGigE interface GigabitEthernet GigabitEthernet interface LoopBack LoopBack interface M - GigabitEthernet MGE interface NULL NULL interface Route - Aggregation Route - Aggregation interface Ten - GigabitEthernet Ten - GigabitEthernet interface Tunnel Tunnel interface Vlan - interface VLAN interface range Configure an interface range [Comware 7 ]interface g1/0/1 [Comware 7 - GigabitEthernet1/0/1 ]? Gigabitethernet_l 2 interface view commands: apply Apply a PoE profile arp ARP module bandwidth Specify the expected bandwidth bpdu - drop Specify BPDU drop function broadcast - suppression Broadcast storm suppression function cdp Non standard IEEE discovery protocol cfd Connectivity Fault Detection (CFD) module dcbx Data Center Bridge Capability Exchange Protocol default Restore the default settings description Describe the interface dhcp DHCP module diagnostic - logfile Diagnostic log file configuration display Display current system information dldp DLDP module dot1x 802.1X module duplex Status of duplex eee Energy efficient ethernet enable Enable functions evb Edge Virtual Bridging (EVB) module flex10 Configure Flex10 flow - control Enable flow control function flow - interval Set the interface statistics interval igmp - snooping IGMP snooping module ip Specify IP configuration ipv6 Specify IPv6 configuration jumboframe Specify jumbo frame forwarding l2vpn Layer 2 Virtual Private Network (L2VPN) module lacp Configure LACP protocol link - aggregation Specify link aggre gation group configuration information link - delay Set the physical state change suppression lldp Link Layer Discovery Protocol(802.1ab) logfile Log file configuration loopback Specify loopback of current port loopback - detection Loopback detection module mac - address Configure MAC address mac - authentication MAC authentication module mac - forced - forwarding Specify MAC - forced forwarding configu ration information mac - vlan MAC VLAN configuration mdix - mode Specify mdix type

303. 30 2 Untagged Ports: GigabitEthernet1/0/4 [Comware5]display vlan 100 VLAN ID: 100 VLAN Type: static Route Interface: not configured Description: VLAN 0100 Name: VLAN 01 00 Tagged Ports: GigabitEthernet1/0/6 Untagged Ports: GigabitEthernet1/0/5 GigabitEthernet1/0/9 [Comware5]display vlan 1 VLAN ID: 1 VLAN Type: static Route Interface: configured IPv4 address: 10.0.111.31 IPv4 subnet mask: 255.255.255. 0 Description: VLAN 0001 Name: VLAN 0001 Tagged Ports: none Untagged Ports: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3 GigabitEthernet1/0/6 GigabitEthernet1/0/7 GigabitEthernet1/0/8 GigabitEthernet1/0/1 0 GigabitEthernet1/0/11 GigabitEthernet1/0/12 GigabitEthernet1/0/13 GigabitEthernet1/0/14 GigabitEthernet1/0/15 GigabitEthernet1/0/16 GigabitEthernet1/0/17 GigabitEthernet1/0/18 GigabitEthernet1/0/19 GigabitEthernet1/0/20 GigabitEthernet1/0/21 GigabitEthernet1/0/22 GigabitEthernet1/0/23 GigabitEthernet1/0/24 GigabitEthernet1/0/25 GigabitEthernet1/0/26 GigabitEthernet1/0/27 GigabitEthernet1/0/28 [Comware5]display interface g1/0/6 GigabitEthernet1 /0/6 current state: UP IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 0023 - 89d5 - a075 Description: GigabitEthernet1/0/6 Interface Loopback is not set Media type is twisted pair Port hardware type is 1000_BASE_T 1000Mbps - speed mode, full - dupl ex mode Link speed type is autonegotiation, link duplex type is autonegotiation Flow - control is not enabled The Maximum Frame Length is 9216 Broadcast MAX - ratio: 100% Unicast MAX - ratio: 100% Multicast MAX - ratio: 100% Allow jumbo frame to pass PVID: 1 Mdi type: auto Port link - type: trunk VLAN passing : 1(default vlan), 100, 220 VLAN permitted: 1(default vlan), 100, 220 Trunk port encapsulation: IEEE 802.1q Port priority: 0 Last clearing of counters: Never Peak value of input: 16 bytes/se c, at 2015 - 04 - 08 02:29:34 Peak value of output: 9 bytes/sec, at 2015 - 04 - 08 02:29:34 Last 300 seconds input: 0 packets/sec 21 bytes/sec 0% Last 300 seconds output: 0 packets/sec 9 bytes/sec 0% Input (total): 56 packets, 6492 bytes 0 unicasts , 16 broadcasts, 40 multicasts, 0 pauses Input (normal): 56 packets, - bytes

313. 312 Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ Cisco#show interfaces g1/0/6 switchport Name: Gi1/0/6 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Off Access Mode VLAN: 100 (VLAN0100) Trunking Native Mode VLAN: 1 (default) Administr ative Native VLAN tagging: enabled Voice VLAN: none Administrative private - vlan host - association: none Administrative private - vlan mapping: none Administrative private - vlan trunk native VLAN: none Administrative private - vlan trunk Native VLAN tagging: enab led Administrative private - vlan trunk encapsulation: dot1q Administrative private - vlan trunk normal VLANs: none Administrative private - vlan trunk associations: none Administrative private - vlan trunk mappings: none Operational private - vlan: none Trunking VL ANs Enabled: 100,220 Pruning VLANs Enabled: 2 - 1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Cisco#show interfaces g1/0/5 switchport Name: Gi1/0/5 Switchport: Enabled Administrative Mode: static access Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: Off Access Mode VLAN: 100 (VLAN0100) Trunking Native Mode VLAN: 1 (default) Administrative Nati ve VLAN tagging: enabled Voice VLAN: none Administrative private - vlan host - association: none Administrative private - vlan mapping: none Administrative private - vlan trunk native VLAN: none Administrative private - vlan trunk Native VLAN tagging: enabled Admini strative private - vlan trunk encapsulation: dot1q Administrative private - vlan trunk normal VLANs: none Administrative private - vlan trunk associations: none Administrative private - vlan trunk mappings: none Operational private - vlan: none Trunking VLANs Enable d: ALL Pruning VLANs Enabled: 2 - 1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none

353. 352 Cisco(config - if)#power inline never Cisco#show power inline f1/0/5 Interface Admin Oper Power Device Class Ma x (Watts) --------- ------ ---------- ------- ------------------- ----- ---- Fa1/0/5 off off 0.0 n/a n/a 15.4 Interface AdminPowerMax AdminConsumption (Watts) (Watts) ---------- --------------- -------------------- Fa1/0/5 15.4 15.4 Cisco(config)#interface f1/0/5 Cisco(config - if)#power inline auto Cisco#show power inline f1/0/5 Interface Admin Oper Power Device C lass Max (Watts) --------- ------ ---------- ------- ------------------- ----- ---- Fa1/0/5 auto on 6.3 IP Phone 7960 n/a 15.4 Interface AdminPowerMax AdminConsumption (Watts) ( Watts) ---------- --------------- -------------------- Fa1/0/5 15.4 15.4

365. 364 Cisco(config - if)#switchport nonegotiate Ci sco(config)#interface range g 1/ 0/24 - 24 Cisco(config - if - range)#switchport trunk encapsulation dot1q Cisco(config - if - range)# switchport trunk allowed vlan 2 2 0 Cisco(config - if - range)#switchport mode access Cisco(config - if - range)#switchport nonegotiate C isco(config - if - range)#channel - group 1 mode active Cisco#show lacp 1 internal Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device is in Active mode P - Device is in Passive mode Channel gro up 1 LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Fa1/0/22 SA bndl 32768 0x1 0x1 0x18 0x3D Fa1/0/23 SA b ndl 32768 0x1 0x1 0x19 0x3D Cisco#show interfaces etherchannel ---- GigabitEthernet1/0/23: Port state = Up Mstr Assoc In - Bndl Channel group = 1 Mode = Active Gcchange = - Port - channel = Po1 GC = - Pseudo port - channel = Po1 Port index = 0 Load = 0x00 Protocol = LACP Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs. A - Device is in active mode. P - Device is in passive mode. Local information: LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Gi1/0/23 SA bndl 32768 0x1 0x1 0x11 8 0x3D Partner's information: LACP port Admin Oper Port Port Port Flags Priority Dev ID Age key Key Number State Gi1/0/23 SA 0 009c.02d5.3980 19s 0x0 0x2 34 0x17 0x3D Age of the port in the current state: 0d:00h:03m:16s ---- GigabitEthernet1/0/24: Port state = Up Mstr Assoc In - Bndl Channel group = 1 Mode = Active Gcchange = - Port - channel = Po1 GC = - Pse udo port - channel = Po1 Port index = 0 Load = 0x00 Protocol = LACP Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs. A - Device is in active mode. P - Device is in passive mode. Local information: LACP port Admin Oper Port Port

392. 391 TC or TCN received :26 Time since last TC :0 days 0h:11m:55s ... ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port Protocol :enabled Port Role :CIST Root Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :8192.009c - 02d5 - 3980 / 128.11 Port Edged :Config=disabled / Active=disabled Point - to - point :Config=auto / Active=true Transmit L imit :10 packets/hello - time Protection Type :None MST BPDU Format :Config=auto / Active=802.1s Port Config - Digest - Snooping :disabled Num of Vlans Mapped :1 PortTimes :Hello 2s MaxAge 20s FwDly 15s MsgAge 0s RemHop 20 BPDU Sent :2873 TCN: 0, Config: 0, RST: 0, MST: 2873 BPDU Received :2961 TCN: 0, Config: 0, RST: 0, MST: 2961 ... ---- [Port9(GigabitEthernet1/0/9)][FORWARDING] ---- Port Protocol :enabled Port Role :CIST De signated Port Port Priority :160 Port Cost(Legacy) :Config=10000 / Active=10000 Desg. Bridge/Port :12288.0023 - 89d5 - a059 / 160.9 Port Edged :Config=enabled / Active=enabled Point - to - point :Config=auto / Active=true Transmit Lim it :10 packets/hello - time Protection Type :None MST BPDU Format :Config=auto / Active=legacy Port Config - Digest - Snooping :disabled Rapid transition :true Num of Vlans Mapped :0 PortTimes :Hello 2s MaxAge 20s FwDly 15s MsgAge 0s RemHop 19 BPDU Sent :2937 TCN: 0, Config: 0, RST: 0, MST: 2937 BPDU Received :0 TCN: 0, Config: 0, RST: 0, MST: 0 ... ------- [MSTI 1 Global Info] ------- MSTI Bridge ID :8192.0023 - 89d5 - a059 MSTI RegRoot/I RPC :8192.0023 - 89d5 - a059 / 0 MSTI RootPortId :0.0 Master Bridge :8192.009c - 02d5 - 3980 Cost to Master :20 TC received :14 Time since last TC :0 days 0h:16m:40s ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port Role :Designated Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :8192.0023 - 89d5 - a059 / 128.6 Rapid transition :true Num of Vlans Mapped :1 Port Times :RemHops 20 ------- [MSTI 2 Global Info] ----- -- MSTI Bridge ID :20480.0023 - 89d5 - a059 MSTI RegRoot/IRPC :8192.cc3e - 5f73 - bacb / 20020

393. 392 MSTI RootPortId :128.6 Master Bridge :8192.009c - 02d5 - 3980 Cost to Master :20 TC received :16 Time since last TC :0 days 0h:17m:24s ---- [P ort6(GigabitEthernet1/0/6)][FORWARDING] ---- Port Role :Root Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :16384.009c - 02d5 - 3980 / 128.11 Num of Vlans Mapped :1 Port Times :RemHops 19 ------- [MSTI 3 Global Info] ------- MSTI Bridge ID :16384.0023 - 89d5 - a059 MSTI RegRoot/IRPC :8192.0022 - 91ab - 4380 / 20020 MSTI RootPortId :128.6 Master Bridge :8192.009c - 02d5 - 3980 Cost to Master :20 TC received :6 Time since la st TC :0 days 0h:19m:30s ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port Role :Root Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :20480.009c - 02d5 - 3980 / 128.11 Num of Vlans Mapped : 1 Port Times :RemHops 19 [Comware 5 ] display stp brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/5 DESI FORWARD ING NONE 0 GigabitEthernet1/0/6 ROOT FORWARDING NONE 0 GigabitEthernet1/0/9 DESI FORWARDING NONE 1 GigabitEthernet1/0/5 DESI FORWARDING NONE 1 GigabitEthernet1/0/6 DESI FORWARDING NONE 2 GigabitEthernet1/0/5 DESI FORWARDING NONE 2 GigabitEthernet1/0/6 ROOT FORWARDING NONE 2 GigabitEthernet1/0/9 DESI FORWARDING NONE 3 GigabitEthernet1/0/6 ROOT FORWARDING NONE [Comware 5 ] display stp region - configuration Oper configuration Format selector :0 Region name :ProVision - Comware - Cisco Revision level :1 Configuration digest :0xcee7f8d6e076e3201f92550cb1d2cb92 Instance Vlans Mapped 0 1 to 99, 101 to 219, 221 to 239, 241 to 4094 1 220 2 100 3 240 [Comware 5 ] display stp instance 0 ------- [CIST Global Info][Mode MSTP] ------- CIST Bridge :12288.0023 - 89d5 - a059 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :8192.009c - 02d5 - 3980 / 0

435. 434 Link ID ADV Router Age Seq# Checksum Link count 10.0.0.21 10.0.0.21 470 0x80000011 0x006898 1 10.0.0.31 10.0.0.31 626 0x80000015 0x00BD49 1 10.0.0.41 10.0.0.41 1604 0x80000002 0x006F75 1 10.0.0.51 10.0.0.51 469 0x8000001B 0x00C8CD 1 Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 10.1.100.5 10.0.0.51 469 0x80000007 0x001D86 Summary Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 0.0.0.0 10.0.0.21 482 0x80000001 0x003DD7 0.0.0.0 10.0.0.31 245 0x80000003 0x007AB8 0.0.0.0 10.0.0.41 1608 0x80000001 0x0060AA 0.0.0.0 10.0.0.51 919 0x80000002 0x00409F 10.1.220.0 10.0.0.21 470 0x80000009 0x00BC72 10.1.220.0 10.0.0.31 247 0x80000009 0x0062E2 10.1.220.0 10.0.0.41 1598 0x80000009 0x0044D6 10.1.220.0 10.0.0.51 913 0x80000008 0x0028C9 10.1.230.0 10.0.0.21 470 0x8000000D 0x00A077 10.1.230.0 10.0.0.31 978 0x80000002 0x005CDC 10.1.230.0 10.0.0.41 1007 0x80000009 0x0030D7 10.1.230.0 10.0.0.51 995 0x8000000C 0x000CCE Router Link States (Area 0.0.0.2) Link ID ADV Router Age Seq# Checksum Link count 10.0.0.21 10.0.0.21 477 0x80000013 0x0034BD 1 10.0.0.31 10.0.0.31 480 0x80000019 0x008570 1 10.0.0.41 10.0.0.41 1015 0x80000006 0x00379C 1 10.0.0.51 10.0.0.51 996 0x8000001B 0x0098F0 1 Net Link States (Area 0.0.0.2) Link ID ADV Router Age Seq# Checksum 10.1.230.4 10.0.0.41 473 0x80000003 0x003917 Summary Net Link States (Area 0.0.0.2) Link ID ADV Router Age Seq# Checksum 0.0.0.0 10.0.0.21 482 0x80000001 0x003DD7 0.0.0.0 10.0.0.31 1110 0x80000001 0x007EB6 0.0.0.0 10.0.0.41 1032 0x80000001 0x0060AA 0.0.0.0 10.0.0.51 1061 0x80000001 0x00429E Type - 5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 10.0.111.0 10.0.0.21 474 0x80000008 0x0032D6 0 10.0.111.0 10.0.0.31 245 0x80000009 0x008D98 1 10.0.111.0 10.0.0 .51 1017 0x80000008 0x00537F 1 10.1.100.0 10.0.0.31 263 0x80000002 0x00092E 1 10.1.100.0 10.0.0.51 1017 0x80000008 0x00C01C 1 10.1.220.0 10.0.0.31 265 0x80000002 0x00DBE2 1 10.1.220.0 10.0.0.51 1017 0x80000008 0x0093D0 1 10.1.230.0 10.0.0.31 261 0x80000002 0x006D47 1 10.1.230.0 10.0.0.51 477 0x80000008 0x002535 1 10.1.240.0 10.0.0.21 474 0x80000008 0x0095F0 0 10.1.2 40.0 10.0.0.31 265 0x80000002 0x00FEAB 1 10.1.240.0 10.0.0.51 1017 0x80000008 0x00B699 1

48. 47 [ Comware 5 - luser - manager]authorization - attribute level 3 ? acl Specify ACL number of user callback - number Specify dialing character string for callback user idle - cut Specify idle - cut of local user user - profile Specify user profile of user user - role Specify role of local user vlan Specify VLAN ID of user work - directory Specify directo ry of user <cr> [ Comware 5 - luser - manager]authorization - attribute level 3 [ Comware 5 - luser - manager]service - type ? ftp FTP service type lan - access LAN - ACCESS service type portal Portal service type ssh Secure Shell service ty pe telnet TELNET service type terminal TERMINAL service type web Web service type [ Comware 5 - luser - manager]service - type terminal ? ssh Secure Shell service type telnet TELNET service type <cr> [ Comware 5 - luser - manager]servi ce - type terminal [ Comware 5 - luser - manager ]password ? cipher Display password with cipher text simple Display password with plain text [ Comware 5 - luser - manager ]password cipher ? STRING<1 - 117> Ciphertext password string [ Comware 5 - luser - manager]pas sword cipher password [the next command set s the use of uid/pw for login via console , even though the scheme is defined for AAA, it works with local uid/pw configuration ] [ Comware 5 ] user - interface aux 0 [ Comware 5 - ui - aux0]? User - interface view commands: acl Specify acl filtering activation - key Specify a character to begin a terminal session authentication - mode Terminal interface authentication mode auto - execute Do something automatically cfd Conne ctivity fault detection (IEEE 802.1ag) command Specify command configuration information databits Specify the databits of user terminal interface display Display current system information escape - key Specify a character to abort a process started by previously executed command flow - control Specify the flow control mode of user terminal interface history - command Record history command idle - timeout Specif y the connection idle timeout for login user mtracert Trace route to multicast source parity Specify the parity mode of user interface ping Ping function protocol Set user interface protocol q uit Exit from current command view

51. 50 tracert Tracert function undo Cancel current setting [Comware7 - luser - manage - manager]password ? hash Specify a hashtext password simple Specify a plaintext password <cr> [Comware7 - luser - manage - manager]password simple ? STRING<1 - 63> Plaintext password string [Comware7 - luser - manage - manager]password simple password ? <cr> [Comware7 - luser - manage - man ager]password simple pass word [Comware7 - luser - manage - manager]authorization - attribute ? acl Specify ACL of local user callback - number Specify PPP callback number of local user idle - cut Specify idle cut function for local user user - profile Specify user profile of local user user - role Specify user role of the local user vlan Specify VLAN ID of local user work - directory Specify work directory of local user [Comware7 - luser - manage - manager]authorization - attribute user - role ? STRING<1 - 63> User role name network - admin network - operator level - 0 level - 1 level - 2 level - 3 level - 4 level - 5 level - 6 level - 7 level - 8 level - 9 level - 10 level - 11 level - 12 level - 13 level - 14 level - 15 security - audit [ Comware7 - luser - manage - manager]authorization - attribute user - role network - admin ? acl Specify ACL of local user callback - number Specify PPP callback number of local user idle - cut Specify idle cut function for local user user - pr ofile Specify user profile of local user vlan Specify VLAN ID of local user work - directory Specify work directory of local user <cr> [Comware7 - luser - manage - manager]authorization - attribute user - role network - admin [Comware7 - luser - manage - manager]service - type ? ftp FTP service http HTTP service type https HTTPS service type pad X.25 PAD service ssh Secure Shell service

77. 76 (letters, numbers, symbol s) [Comware7]password - control composition type - number ? INTEGER<1 - 4> Minimum number of types [Comware7]password - control composition type - number 4 ? type - length Specify the minimum number of characters for each type <cr> [Comware7]password - contro l composition type - number 4 type - length ? INTEGER<1 - 63> Minimum number of characters [Comware7]password - control composition type - number 4 type - length 2 ? <cr> [Comware7]password - control composition type - number 4 type - length 2 [Comware7]password - con trol composition enable ? <cr> [Comware7]password - control composition enable [Comware7]password - control complexity ? same - character Deny 3 or more repeated characters in password user - name Deny username or reversed username in password [Com ware7]password - control complexity same - character ? check Enable password complexity checking [Comware7]password - control complexity same - character check ? <cr> [Comware7]password - control complexity same - character check [Comware7]password - control com plexity user - name ? check Enable password complexity checking [Comware7]password - control complexity user - name check ? <cr> [Comware7]password - control complexity user - name check [As seen from a login screen] login: manager Password: <password> [note, password was not displayed) First login or password reset. For security reason, you need to change your password. Please enter your password. old password: ********* new password: <PA55word!^> [note, passw ord displayed as asterisks) confirm: ********* Updating user information. Please wait ... ... [As seen at the console screen] [Comware7]%Jun 25 14:32:04:223 2016 Comware7 PWDCTL/6/CHANGEPASSWORD: manager changed the password because first login. %Jun 2 5 14:32:05:645 2016 Comware7 SHELL/5/SHELL_LOGIN: manager logged in from 10.1.1.109. [Comware7]display password - control ?

107. 106 dscp Set the Differentiated Services Codepoint (DSCP) value source Specify the source address for outgoing TFTP packets vpn - instance Specify a VPN instance <cr> <Comware7>tftp 10. 0.100.111 put comware_main.cfg comware7_startup - config.cfg <Comware7>sftp ? STRING<1 - 253> IP address or hostname of remote system ipv6 IPv6 information <Comware7>sftp 10.0.100.111 ? INTEGER<1 - 65535> Specify port number dscp Set the Differentiated Services Codepoint (DSCP) value identity - key Specify the algorithm for publickey authentication prefer - compress Specify the preferred compression algorithm prefer - ctos - cipher Specify the preferred encryption algorithm from client to server prefer - ctos - hmac Specify the preferred HMAC algorithm from client to server prefer - kex Specify the preferred key exchange algorithm prefer - stoc - cipher Specify the preferred encryptio n algorithm from server to client prefer - stoc - hmac Specify the preferred HMAC algorithm from server to client publickey Specify the public key of server source Specify a source vpn - instance Spe cify a VPN instance <cr> <Comware7>sftp 10.0.100.111 Username: manager Press CTRL+C to abort. Connecting to 10.0.100.111 port 22. manager@10.0.100.111's password: sftp> put comware_main.cfg comware7_startup - config.cfg Uploading comware_main.cfg to /comw are7_startup - config.cfg comware_main.cfg 100% 6787 6.6KB/s 00:00 sftp> bye <Comware 7 > reset saved - configuration ? backup Backup config file main Main config file <cr> <Comware 7 > reset saved - configuration main ? backup Backup config file main Main config file <cr> <Comware 7 > reset saved - configuration main <Comware 7 >tftp 10.0.100.111 get comware_main.cfg startup.cfg <Comware7>sftp 10.0.100.111 Username: manager Press CTRL+C to abort. Connecting to 1 0.0.100.111 port 22. manager@10.0.100.111's password: sft p> get comware_main.cfg startup .cfg Fetchi ng /comware_main.cfg to startup .cfg /comware_main.cfg 100% 3816 3.7KB/s 00:00 sftp> bye

108. 107 <Comware 7 > tftp 10. 0.100.111 get comware_ main3.cfg comware_ main3.cfg <Comware7>sftp 10.0.100.111 Username: manager Press CTRL+C to abort. Connecting to 10.0.100.111 port 22. manager@10.0.100.111's password: sftp> get comware7_main3.cfg comware7_main 3 .cfg Fetching /comware7_main3.cfg to comware7_main.cfg /comware7_main3.cfg 100% 6787 6.6KB/s 00:00 sftp> bye <Comware7>dir Directory of flash: 1 - rw - 61579264 Mar 25 2015 17:28:50 5900_5920 - CMW710 - R2311P05.ipe 2 - rw - 10986496 Feb 04 2015 17:52 :26 5900_5920 - cmw710 - boot - r2416.bin 3 - rw - 66350080 Feb 04 2015 17:54:43 5900_5920 - cmw710 - system - r2416.bin 4 - rw - 6787 Mar 25 2015 23:51:59 comware7_main.cfg 5 - rw - 6787 Mar 25 2015 23:26:11 comware 7 _main2.cfg 6 - rw - 6787 Mar 25 2015 23:26:11 comware 7_main3 .cfg 7 drw - - Dec 31 2010 18:00:23 diagfile 8 - rw - 1580 Mar 25 2015 23:18:15 ifindex.dat 9 - rw - 0 Oct 06 2014 12:02:16 lauth.dat 10 drw - - Dec 31 2010 18:0 0:24 license 11 drw - - Jan 01 2011 18:00:23 logfile 1 2 drw - - Sep 15 2014 10:45:45 pki 1 3 drw - - Dec 31 2010 18:00:23 seclog 1 4 - rw - 6787 Mar 25 2015 23:18:16 startup.cfg 1 5 - rw - 172286 Mar 25 2 015 23:18:17 startup.mdb 1 6 - rw - 3816 Mar 25 2015 23:49:12 startup1.cfg 1 7 drw - - Feb 04 2015 18:00:57 versionInfo (will need to view files to determine which are configuration files) < Comware 7 >display startup MainBoard: Curr ent startup saved - configuration file: flash:/startup.cfg Next main startup saved - configuration file: flash:/ comware _main.cfg Next backup startup saved - configuration file: NULL <Comware7>display boot - loader Software images on slot 1: Current software ima ges: flash:/5900_5920 - cmw710 - boot - r2416.bin flash:/5900_5920 - cmw710 - system - r2416.bin Main startup software images: flash:/5900_5920 - cmw710 - boot - r2416.bin flash:/5900_5920 - cmw710 - system - r2416.bin Backup startup software images: None <Comware7>s tartup ? saved - configuration Saved - configuration file for starting system <Comware7>startup saved - configuration ? comware7_main.cfg comware 7 _main 2 .cfg comware 7_main3 .cfg startup.cfg startup1.cfg

109. 108 <Comware7>startup saved - configuration comware7 _main.cfg ? backup Backup configuration file main Main configuration file <cr> <Comware7>startup saved - configuration comware7_main.cfg main ? <cr> <Comware7>startup saved - configuration comware7_main.cfg main Cisco Cisco#show running - config ? all Configuration with defaults brief configuration without certificate data class - map Show class - map information flow Global Flow configuration subcommands full full configuration identity Show identity profi le/policy information interface Show interface configuration linenum Display line numbers in output map - class Show map class information partition Configuration corresponding a partition policy - map Show policy - map information view View options vlan Show L2 VLAN information vrf Show VRF aware configuration | Output modifiers <cr> Cisco#copy ? /erase Erase destination file system. /error Allow to copy error file. /noverify Don't verify image signature before reload. /verify Verify image signature before reload. bs: Copy from bs: file system cns: Copy from cns: file system flash1: Copy from flash1: file system flash: Copy from flash: file system ftp: Copy from ftp: file system http: Copy from http: file system https: Copy from https: file system logging Copy logging messages null: Copy from null: file syst em nvram: Copy from nvram: file system rcp: Copy from rcp: file system running - config Copy from current system configuration scp: Copy from scp: file system startup - config Copy from startup configuration system: Copy from system: file system tar: Copy from tar: file system tftp: Copy from tftp: file system tmpsys: Copy from tmpsys: file system xmodem: Copy from xmodem: file system ymodem: Copy from ym odem: file system Cisco#copy running - config ? flash1: Copy to flash1: file system flash: Copy to flash: file system ftp: Copy to ftp: file system http: Copy to http: file system https: Copy to http s: file system null: Copy to null: file system nvram: Copy to nvram: file system rcp: Copy to rcp: file system running - config Update (merge with) current system configuration

110. 109 scp: Copy to scp: file system startup - config Copy to startup configuration syslog: Copy to syslog: file system system: Copy to system: file system tftp: Copy to tftp: file system tmpsys: Copy to tmpsys: file system Cisco#copy running - conf ig tftp://10.0.100.111/Cisco.cfg Address or name of remote host [10.0.100.111]? Destination filename [Cisco.cfg]? Cisco#copy running - config scp: Address or name of remote host []? 10.0.100.111 Destination username [manager]? Destination filename [cisco - c onfg]? Cisco.cfg Writing Cisco.cfg Password: Cisco#copy startup - config ? flash1: Copy to flash1: file system flash: Copy to flash: file system ftp: Copy to ftp: file system http: Copy to http: file system ht tps: Copy to https: file system null: Copy to null: file system nvram: Copy to nvram: file system rcp: Copy to rcp: file system running - config Update (merge with) current system configuration scp: Copy to scp: file system startup - config Copy to startup configuration syslog: Copy to syslog: file system system: Copy to system: file system tftp: Copy to tftp: file system tmpsys: Copy to tmpsys: file system Cisco#copy startup - config tftp:// 10. 0.100.111 /Cisco_startup - config.cfg Address or name of remote host [ 10. 0.100.111 ]? Destination filename [Cisco_startup - config]? Cisco#copy startup - config scp: Address or name of remote host []? 10.0.100.111 Destinatio n username [manager]? Destination filename [cisco - confg]? Cisco_startup - config.cfg Writing Cisco_startup - config.cfg Password: Cisco#copy flash:? flash:Cisco.cfg flash:config.text flash:info flash:multiple - fs flash:private - config.text flash:vlan.dat Cisco#copy flash:Cisco.cfg ? flash1: Copy to flash1: file system flash: Copy to flash: file system ftp: Copy to ftp: file system http: Copy to http: file system https: Co py to https: file system null: Copy to null: file system nvram: Copy to nvram: file system rcp: Copy to rcp: file system running - config Update (merge with) current system configuration

149. 148 ver2c SNMP version v2c security model. ver3 SNMP version 3 security mo del. ProVision(config)# snmpv3 group managerpriv user test sec - model ver3 ? <cr> ProVision(config)# snmpv3 group managerpriv user test sec - model ver3 ProVision(config)# snmpv3 targetaddress ? ASCII - STR Enter an ASCII string. ProVision(co nfig)# snmpv3 targetaddress NMS ? params Set parameter name. ProVision(config)# snmpv3 targetaddress NMS params ? ASCII - STR Enter an ASCII string. ProVision(config)# snmpv3 targetaddress NMS params all ? IP - ADDR Set IP address of the destination target. IPV6 - ADDR Set IPv6 address of the destination target. ProVision(config)# snmpv3 targetaddress NMS params all 10.0.111.210 ? addr - mask Set range of transport addresses with this mask. f ilter Set log filters. max - msg - size Set maximum message size value; default is 1472. oobm Use OOBM interface to connect to server port - mask Set range of udp ports with this mask. retries Set retries value; default is 3. taglist Set list of values used to select this entry from snmpNotifyTable. timeout Set time - out value; default is 1500. udp - port Set UDP port number to which the messages are se nt; default is 162. <cr> ProVision(config)# snmpv3 targetaddress NMS params all 10.0.111.210 ProVision(config)# snmp - server location ASCII - STR Enter an ASCII string. ProVision(config)# snmp - server location Lab ProV ision(config)# snmp - server contact ASCII - STR Enter an ASCII string. ProVision(config)# snmp - server contact Lab_Engr ProVision# show snmpv3 enable Status and Counters - SNMP v3 Global Configuration Information SNMP v3 enabled : Yes Pro Vision# show snmpv3 targetaddress snmpTargetAddrTable [rfc2573] Target Name IP Address Parameter ------------------------- ---------------------- --------------------------- NMS 10.0.111.210 all ProVision# show snmpv3 user

151. 150 v2c SNMPv2c security model v3 USM(SNMPv3) security model [Comware 5 ] snmp - agent usm - user v3 ? STRING<1 - 32> User name [Comware 5 ] snmp - agent usm - user v3 test ? STRING<1 - 32> The string of group to which the specified user belongs [Comware 5 ] snmp - agent usm - user v3 test managerpriv ? acl Set access control list for thi s user authentication - mode Specify the authentication mode for the user cipher Use secret key as password <cr> [Comware 5 ] snmp - agent usm - user v3 test managerpriv authentication - mode ? md5 Authenticate with HMAC MD5 algorithm sha Authenticate with HMAC SHA algorithm [Comware 5 ] snmp - agent usm - user v3 test managerpriv authentication - mode md5 ? STRING<1 - 64> Plain password of user authentication [Comware 5 ] snmp - agent usm - user v3 test managerpriv authentication - mode md5 password ? acl Set access control list for this user privacy - mode Specify the privacy mode for the user <cr> [Comware 5 ] snmp - agent usm - user v3 test managerpriv authentication - mode md5 password privacy - mode ? 3des Use the 3DES encryption algorithm aes128 Use the 128bits AES encryption algorithm des56 Use the 56bits DES encryption algorithm [Comware 5 ] snmp - agent usm - user v3 test managerpriv authentication - mode md5 password privacy - mode des ? STRING<1 - 64> Plain password of user encryption [ Comware 5 ] snmp - agent usm - user v3 test managerpriv authentication - mode md5 password privacy - mode des password ? acl Set access control list for this user <cr> [Comware 5 ] snmp - agent usm - user v3 test managerpriv authentication - mode md5 password privacy - m ode des password [Comware 5 ]snmp - agent target - host ? trap Specify trap host target [Comware 5 ]snmp - agent target - host trap ? address Specify the transport addresses to be used in the generation of SNMP messages [Comware 5 ]snmp - agent target - host trap address ? udp - domain Specify transport domain over UDP for the target host [Comware 5 ]snmp - agent target - host trap address udp - domain ? STRING<1 - 255> IP address or hostname of target host ipv6 Specify an ipv6 address as the targ et host address [Comware 5 ]snmp - agent target - host trap address udp - domain 10.0.111.210 ? dscp Differentiated Services Codepoint (DSCP) params Specify SNMP target information to be used in the generation of SNMP messages udp - port Set port to receive traps/notifications for this target host

158. 157 LINE identification of the contact person for this managed node Cisco(config)#snmp - server contact Lab_Engr Cisco#show snmp host Notification host: 10.0.1 11.210 udp - port: 162 type: trap user: t est secur ity model: v3 priv Cisco#show snmp user User name: test Engine ID: 800000090300002291AB4381 storage - type: nonvolatile active Authentication Protocol: MD5 Privacy Protocol: DES Group - name: managerpriv Cisco#show snmp group groupname: managerpriv security model:v3 priv readview : v1default writeview: <no writeview specified> notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F row status: active

181. 180 connections path Set base path for HTML port Set http server port secu re - active - session - modules Set up active http secure server session modules secure - ciphersuite Set http secure server ciphersuite secure - client - auth Set http secure server with client authentication secure - port Set http secure server port number for listening secure - server Enable HTTP secure server secure - trustpoint Set http sec ure server certificate trustpoint server Enable http server session - module - list Set up a http(s) server session module list timeout - policy Set http server time - out policy parameters Cisco(config)#ip http authentication ? aaa Use AAA access control methods enable Use enable passwords local Use local username and passwords Cisco(config)#ip http authentication local ? <cr> Cisco(config)#ip http authentication local Cisco(config)#ip ht tp server ? <cr> Cisco(config)#ip http server Cisco#sh ow ip http server conn ection HTTP server current connections: local - ipaddress:port remote - ipaddress:port in - bytes out - bytes 10.0.111.41:80 10.1.1.108:55648 1612 70843

207. 206 nas NAS specific configuration new - model Enable NEW acces s control commands and functions.(Disables OLD commands.) pod POD processing policy AAA policy parameters server Local AAA server service - profile Service - Profile parameters session - id AAA Session ID traceback Traceback recording user AAA user definitions Cisco(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts ban ner Message to use when starting login/authentication. dot1x Set authentication lists for IEEE 802.1x. enable Set authentication list for enable. eou Set authentication lists for EAPoUDP fail - message Message to use for failed login/authentication. login Set authentication lists for logins. password - prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. suppress Do not send access request for a specific type of user. username - prompt Text to use when prompting for a username Cisco(config)#aaa authentication login ? WORD Named authentication list (max 31 characters, long er will be rejected). default The default authentication list. Cisco(config)#aaa authentication login default ? cache Use Cached - group enable Use enable password for authentication. group Use Server - group k rb5 Use Kerberos 5 authentication. krb5 - telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. lo cal - case Use case - sensitive local username authentication. none NO authentication. passwd - expiry enable the login list to provide password aging support Cisco(config)#aaa authentication login default group ? WORD Server - group nam e ldap Use list of all LDAP hosts. radius Use list of all Radius hosts. tacacs+ Use list of all Tacacs+ hosts. Cisco(config)#aaa authentication login default group radius ? cache Use Cached - group enable Use enable password for authentication. group Use Server - group krb5 Use Kerberos 5 authentication. line Use line password for authentication. local Use local username authentication. local - case Use case - sensitive local username authentication . none NO authentication. <cr> Cisco(config)#aaa authentication login default group radius local Cisco(config)#aaa authentication enable default group radius local

228. 227 secondary Specify a secondary HWTACACS server security - logfile Security log file configuration t imer Specify timer parameters tracert Tracert function undo Cancel current setting user - name - format Specify user - name format sent to HWTACACS server vpn - instance Specify a VPN instance [Comware7 - hwtacacs - tacacs - auth]primary ? accounting Specify the primary HWTACACS accounting server authentication Specify the primary HWTACACS authentication server authorization Specify the primary HWTACACS authorization server [Comware7 - hwtacacs - tac acs - auth]primary authentication ? STRING<1 - 253> Host name X.X.X.X IP address ipv6 Specify an IPv6 address [Comware7 - hwtacacs - tacacs - auth]primary authentication 10.0.100.111 ? INTEGER<1 - 65535> port number, 49 by default key Specify the shared key for secure communication with the server single - connection Transmit HWTACACS packets on an open TCP connection vpn - instance Specify a VPN instance <cr> [Comware7 - hwtacacs - tacacs - auth]p rimary authentication 10.0.100.111 key ? cipher Specify a ciphertext key simple Specify a plaintext key [Comware7 - hwtacacs - tacacs - auth]primary authentication 10.0.100.111 key simple ? STRING<1 - 255> Plaintext key string [Comware7 - hwtacacs - tacacs - auth]primary authentication 10.0.100.111 key simple password ? INTEGER<1 - 65535> port number, 49 by default single - connection Transmit HWTACACS packets on an open TCP connection vpn - instance Specify a VPN instance <cr> [Comware7 - hwtacacs - t acacs - auth]primary authentication 10.0.100.111 key simple password [Comware 7 - hwtacacs - tacacs - auth]primary authorization 10.0.100.111 key simple password [Comware 7 - hwtacacs - tacacs - auth]primary accounting 10.0.100.111 key simple password [ Comware 7 - hwtaca cs - tacacs - auth]user - name - format ? keep - original User name unchanged with - domain User name like XXX@XXX without - domain User name like XXX [ Comware 7 - hwtacacs - tacacs - auth]user - name - format with - domain ? <cr> [Comware 7 - hwtacacs - tacacs - auth]use r - name - format without - domain [Comware 7 ] domain tacacs [ Comware 7 - isp - tacacs]? Isp view commands: accounting Specify accounting scheme authentication Specify authentication scheme authorization Specify authorization scheme authorization - attribute Configure authorization attributes of the domain

229. 228 cfd Connectivity Fault Detection (CFD) module diagnostic - logfile Diagnostic log file configuration display Display current system information logfile Log file configuration monitor System monitor ping Ping function quit Exit from current command view return Exit to User View save Save current configuration security - logfile Security log file configuration state Specify state of domain tracert Tracert function undo Cancel current settin g [Comware7 - isp - tacacs]authentication ? advpn Specify AAA configuration for ADVPN user default Specify default AAA configuration for all types of users ike Specify AAA configuration for IKE user lan - access Specify AAA configura tion for lan - access service login Specify AAA configuration for login user portal Specify AAA configuration for PORTAL user ppp Specify AAA configuration for PPP user super Specify AAA configuration for super user [Comware 7 - isp - tacacs]authentication default ? hwtacacs - scheme Specify HWTACACS scheme ldap - scheme Specify LDAP scheme local Specify local scheme none Specify none scheme radius - scheme Specify RADIUS scheme [Comware7 - isp - t acacs]authentication default hwtacacs - scheme ? STRING<1 - 32> Scheme name [Comware7 - isp - tacacs]authentication default hwtacacs - scheme tacacs - auth ? local Specify local scheme none Specify none scheme radius - scheme Specify RADIUS scheme <cr> [Comware7 - isp - tacacs]authentication default hwtacacs - scheme tacacs - auth [Comware7 - isp - tacacs]authorization default hwtacacs - scheme tacacs - auth [Comware7 - isp - tacacs]accounting default hwtacacs - scheme tacacs - auth [Comware 7 ] domain default enable tacacs [Comware 7 ]user - interface aux 0 [Comware7 - line - aux0]authentication - mode ? none Login without authentication password Password authentication scheme Authentication use AAA [Comware7 - line - aux0]authentication - mode scheme ? < cr> [Comware7 - line - aux0]authentication - mode scheme [Comware7 - line - vty0 - 63]authentication - mode ? none Login without authentication

247. 246 ProVision# show cdp ? neighbors Show CDP neighbors. <cr> ProVision# show cdp Global CDP information Enable CDP [Yes] : Yes CDP mode [rxonly] : rxonly Port CDP ---- -------- 1 enabled 2 enabled 3 enabled ... ProVision# show cdp neighbors ? detail Show neighbor information field - per - line instead o f shortened table format. [ethernet] PORT - NUM Show CDP neighbors on specified port only. <cr> ProVision # sh ow cdp neighbors CDP neighbors information Port Device ID | Platform Capabi lity ----- ----------------------------- + ---------------------------- ----------- 1 c0 91 34 83 8d 80 | ProCurve J9299A Switch 25... S 5 SEP001E7A2542D1 | SCCP41.8 - 5 - 2SR1SCisco IP ... 5 01 0a 00 6f 68 | Cisco IP Phone CP - 7961G - G... S ProVision# show cdp neighbors 5 detail Show neighbor information field - per - line instead of shortened table format. <cr> ProVision# show cdp neighbors 5 CDP neighbors info rmation for port 5 Port Device ID | Platform Capability ----- ----------------------------- + ---------------------------- ----------- 5 SEP001E7A2542D1 | SCCP41.8 - 5 - 2SR1SCisco IP ... 5 01 0a 00 6f 68 | Cisco IP Phone CP - 7961G - G... S ProVision# show cdp neighbors 5 detail ? <cr> ProVision# show cdp neighbors 5 detail CDP neighbors information for port 5 Port : 5 Device ID : SEP001E7A2542D1 Address Type : IP Address : 10.0.111.104 Platform : SCCP41.8 - 5 - 2SR1SCisco IP Phone 7961 Capability : Device Port : Port 1

287. 286 [Comware 7 - GigabitEthernet1/0/1 ]undo shutdown Cisco Cisco#show interfaces ? Async Async interface Auto - Template Auto - Template interface BVI Bridge - Group Virtual Interface CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEthernet IEEE 802.3 Filter Filter interface Filtergroup Filter Group interface GigabitEthernet GigabitEthernet IEEE 802.3z GroupVI Group Virtual interface Loopback Loopbac k interface Null Null interface Port - channel Ethernet Channel of interfaces Portgroup Portgroup interface Pos - channel POS Channel of interfaces TenGigabitEthernet Ten Gigabit Ethernet Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual - Template Virtual Template interface Virtual - TokenRing Virtual TokenRing Vlan Catalyst Vlans accounting Show interface accounting capabilitie s Show interface capabilities information counters Show interface counters crb Show interface routing/bridging info dampening Show interface dampening info debounce Show interface debounce time info description Show interface description etherchannel Show interface etherchannel information fair - queue Show interface Weighted Fair Queueing (WFQ) info fcpa Fiber Channel flowcontrol Show inter face flowcontrol information history Show interface history irb Show interface routing/bridging info mac - accounting Show interface MAC accounting info mpls - exp Show interface MPLS experimental accounting info mtu Show interface mtu precedence Show interface precedence accounting info private - vlan Show interface private vlan information pruning Show interface trunk VTP pruning information random - detect Show interface Weighted Random Early Detection (WRED) info rate - limit Show interface rate - limit info stats Show interface packets & octets, in & out, by switching path status Show interface line status summary Show interface summary switchport Show interface switchport information transceiver Show interface transceiver trunk Show interface trunk information | Output modifiers <cr> Cisco#show interfaces status Port Name Status Vlan Duplex Speed Type Gi1/0/1 connected 1 a - full a - 1000 10/100/1000BaseTX Gi1/0/2 not connect 1 auto auto 10/100/1000BaseTX Gi1/0/3 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/4 notconnect 1 auto auto 10/100/1000BaseTX

288. 287 Gi1/0/5 notc onnect 1 auto auto 10/100/1000BaseTX Gi1/0/6 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/7 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/8 notco nnect 1 auto auto 10/100/1000BaseTX Gi1/0/9 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/10 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/11 notcon nect 1 auto auto 10/100/1000BaseTX Gi1/0/12 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/13 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/14 notconn ect 1 auto auto 10/100/1000BaseTX Gi1/0/15 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/16 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/17 notconne ct 1 auto auto 10/100/1000BaseTX Gi1/0/18 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/19 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/20 notconnec t 1 auto auto 10/100/1000BaseTX Gi1/0/21 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/22 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/23 notconnect 1 auto auto 10/100/1000BaseTX Gi1/0/24 notconnect 1 auto auto 10/100/1000BaseTX Te1/0/1 notconnect 1 full 10G Not Present Te1/0/2 notconnect 1 full 10G Not Present Fa0 disabled routed auto auto 10/100BaseTX Cisco#show interfaces g1/0/1 ? accounting Show interface accounting capabilities Show interface capabilities information contro ller Show interface status, configuration and controller status counters Show interface counters crb Show interface routing/bridging info dampening Show interface dampening info debounce Show interface debounce time info description Show interface description etherchannel Show interface etherchannel information fair - queue Show interface Weighted Fair Queueing (WFQ) info flowcontrol Show interface flowcontrol information history S how interface history irb Show interface routing/bridging info mac - accounting Show interface MAC accounting info mpls - exp Show interface MPLS experimental accounting info mtu Show interface mtu precedence Show interface precedence accounting info private - vlan Show interface private vlan information pruning Show interface trunk VTP pruning information random - detect Show interface Weighted Random Early Detection (WRED) info rate - limit Sh ow interface rate - limit info stats Show interface packets & octets, in & out, by switching path status Show interface line status summary Show interface summary switchport Show interface switchport information tran sceiver Show interface transceiver trunk Show interface trunk information users Show interface users vlan Show interface vlan information | Output modifiers <cr> Cisco#show interfaces g1/0/1 statu s Port Name Status Vlan Duplex Speed Type Gi1/0/1 connected 1 a - full a - 1000 10/100/1000BaseTX Cisco#show interfaces g1/0/1 status

308. 307 GigabitEthernet1/0/10 GigabitEthernet1/0/11 GigabitEthernet1/0/12 GigabitEtherne t1/0/13 GigabitEthernet1/0/14 GigabitEthernet1/0/15 GigabitEthernet1/0/16 GigabitEthernet1/0/17 GigabitEthernet1/0/18 GigabitEthernet1/0/19 GigabitEthernet1/0/20 GigabitEthernet1/0/21 GigabitEthernet1/0/2 2 GigabitEthernet1/0/23 GigabitEthernet1/0/24 GigabitEthernet1/0/25 GigabitEthernet1/0/26 GigabitEthernet1/0/27 GigabitEthernet1/0/28 GigabitEthernet1/0/29 GigabitEthernet1/0/30 GigabitEthernet1/0/31 GigabitEthernet1/0/32 GigabitEthernet1/0/33 GigabitEthernet1/0/34 GigabitEthernet1/0/35 GigabitEthernet1/0/36 GigabitEthernet1/0/37 GigabitEthernet1/0/38 GigabitEthernet1/0/39 GigabitEthernet1/0/40 GigabitEthernet1/0/41 GigabitEthernet1/0/42 GigabitEthernet1/0/43 GigabitEthernet1/0/44 GigabitEthernet1/0/45 GigabitEthernet1/0/46 GigabitEthernet1/0/47 GigabitEthernet1/0/48 Ten - GigabitEthernet1/0/49 Ten - GigabitEthernet1/0/50 Ten - GigabitEthernet1/0/51 Ten - GigabitEthernet1/0/52 [Comware7]display interface g1/0/6 GigabitEthernet1/0/6 Current state: UP Line protocol state: UP IP packet frame type: Ethernet II, hardware address: cc3e - 5f73 - baf9 Descri ption: GigabitEthernet1/0/6 Interface Bandwidth: 1000000 kbps Loopback is not set Media type is twisted pair Port hardware type is 1000_BASE_T 1000Mbps - speed mode, full - duplex mode Link speed type is autonegotiation, link duplex type is autonegotiation Flo w - control is not enabled Maximum frame length: 10000 Allow jumbo frames to pass Broadcast max - ratio: 100% Multicast max - ratio: 100% Unicast max - ratio: 100% PVID: 1 MDI type: automdix Port link - type: Trunk VLAN Passing: 1(default vlan), 100, 220 VLAN pe rmitted: 1(default vlan), 100, 220 Trunk port encapsulation: IEEE 802.1q Port priority: 0 Last clearing of counters: Never Peak input rate: 5 bytes/sec, at 2015 - 04 - 08 02:03:03 Peak output rate: 8 bytes/sec, at 2015 - 04 - 08 02:03:03 Last 300 second input: 0 packets/sec 5 bytes/sec 0% Last 300 second output: 0 packets/sec 8 bytes/sec 0% Input (total): 17 packets, 1801 bytes 4 unicasts, 5 broadcasts, 8 multicasts, 0 pauses Input (normal): 17 packets, - bytes 4 unicasts, 5 broadcasts, 8 multicasts, 0 pauses Input: 0 input errors, 0 runts, 0 giants, 0 throttles 0 CRC, 0 frame, - overruns, 0 aborts - ignored, - parity errors Output (total): 16 packets, 2626 bytes 3 unicasts, 6 broadcasts, 7 multicasts, 0 pause s

310. 309 cts Configure Cisco Trusted Security dampening Enable event dampening datalink Interface Datalink commands default Set a command to its defaults delay Specify interface throughput delay description Interface specific description down - when - looped Force looped interface down duplex Configure duplex operation. eou EAPoUD P Interface Configuration Commands exit Exit from interface configuration mode flow - sampler Attach flow sampler to the interface flowcontrol Configure flow operation. help Description of the interactive help system history Interface history histograms - 60 second, 60 minute and 72 hour hold - queue Set hold queue depth ip Interface Internet Protocol config comm ands keepalive Enable keepalive l2protocol - tunnel Tunnel Layer2 protocols lacp LACP interface subcommands link Configure Link lldp LLDP interface subcommands load - inte rval Specify interval for load calculation for an interface location Interface location information logging Configure logging for interface mac MAC interface comma nds macro Command macro max - reserved - bandwidth Maximum Reservable Bandwidth on an Interface mdix Set Media Dependent Interface with Crossover mka MACsec Key Agreement (MKA) interface configu ration mls mls interface commands mvr MVR per port configuration neighbor interface neighbor configuration mode commands network - policy Network Policy nmsp NMSP in terface configuration no Negate a command or set its defaults pagp PAgP interface subcommands priority - queue Priority Queue queue - set Choose a queue set for this queue rmon Configure Remote Monitoring on an interface routing Per - interface routing configuration rsu rollsing stack upgrade service - policy Configure CPL Service Policy shutdown Shutdown th e selected interface small - frame Set rate limit parameters for small frame snmp Modify SNMP interface parameters source Get config from another source spanning - tree Spanning Tree Subsystem speed Configure speed operation. srr - queue Configure shaped round - robin transmit queues storm - control storm configuration switchport Set switching mode characteristics timeout Define timeout values for this interface topology Configure routing topology on the interface transmit - interface Assign a transmit interface to a receive - only interface tx - ring - limit Configure P A level transmit ring limit udld Configure UDLD enabled or disabled and ignore global UDLD setting vtp Enable VTP on this interface Cisco(config - if)#switchport ? access Set acc ess mode characteristics of the interface autostate Include or exclude this port from vlan link up calculation

311. 310 backup Set backup for the interface block Disable forwarding of unknown uni/multi cast addresses host Set port host mode Set trunking mode of the interface nonegotiate Device will not engage in negotiation protocol on this interface port - security Security related command priority Set appliance 802.1p priority pri vate - vlan Set the private VLAN configuration protected Configure an interface to be a protected port trunk Set trunking characteristics of the interface voice Voice appliance attributes <cr> Cisco(config - if)#switchport tru nk ? allowed Set allowed VLAN characteristics when interface is in trunking mode encapsulation Set trunking encapsulation when interface is in trunking mode native Set trunking native characteristics when interface is in trunking mode pruning Set pruning VLAN characteristics when interface is in trunking mode Cisco(config - if)#switchport trunk encapsulation ? dot1q Interface uses only 802.1q trunking encapsulation when trunking isl Interface uses only ISL trunking encapsulation when trunking negotiate Device will negotiate trunking encapsulation with peer on interface Cisco(config - if)#switchport trunk encapsulation dot1q Cisco(config - if)#swit chport trunk allowed ? vlan Set allowed VLANs when interface is in trunking mode Cisco(config - if)#switchport trunk allowed vlan ? WORD VLAN IDs of the allowed VLANs when this port is in trunking mode add add VLANs to the current list all all VLANs except all VLANs except the following none no VLANs remove remove VLANs from the current list Cisco(config - if)#switchport trunk allowed vlan 100 ? <cr> Cisco(config - if)#switchport trunk allowed vlan 100,? WORD Cisco(config - if)# switchport trunk allowed vlan 100,220 Cisco(config - if)#switchport mode ? access Set trunking mode to ACCESS unconditionally dot1q - tunnel set trunking mode to TUNNEL unconditionally dynamic Set trunking mode to dynamically negotiate ac cess or trunk mode private - vlan Set private - vlan mode trunk Set trunking mode to TRUNK unconditionally Cisco(config - if)#switchport mode trunk Cisco(config - if)#switchport nonegotiate

328. 327 tracert Tracert function undo Cancel current setting [Comware7 - vlan150]private - vlan ? community Configure the VLAN as a community VLAN isolated Configure the VLAN as an isolated VLAN primary Configure the VLAN as a primary VLAN secondary Specify the secondary VLANs [Comware7 - vlan150]private - vlan primary ? <cr> [Com ware7 - vlan150]private - vlan primary [Comware7 - vlan150]quit [Comware7]vlan 151 [Comware7 - vlan151]private - vlan ? community Configure the VLAN as a community VLAN isolated Configure the VLAN as an isolated VLAN primary Configure the VLAN as a pr imary VLAN secondary Specify the secondary VLANs [Comware7 - vlan151]private - vlan isolated ? <cr> [Comware7 - vlan151]private - vlan isolated [Comware7 - vlan151]quit [Comware7]vlan 152 [Comware7 - vlan152]private - vlan ? community Configure the VLAN as a community VLAN isolated Configure the VLAN as an isolated VLAN primary Configure the VLAN as a primary VLAN secondary Specify the secondary VLANs [Comware7 - vlan152]private - vlan community ? <cr> [Comware7 - vlan152]private - vlan community [C omware7 - vlan152]quit [Comware7]vlan 150 [Comware7 - vlan150]private - vlan ? community Configure the VLAN as a community VLAN isolated Configure the VLAN as an isolated VLAN primary Configure the VLAN as a primary VLAN secondary Specify the se condary VLANs [Comware7 - vlan150]private - vlan secondary ? INTEGER<1 - 4094> Secondary VLAN ID [Comware7 - vlan150]private - vlan secondary 151 to 152 ? INTEGER<1 - 4094> Secondary VLAN ID <cr> [Comware7 - vlan150]private - vlan secondary 151 to 152 [Comware 7 - vlan150]quit

330. 329 quit Exit from current command view return Exit to User View rmon RMON module save Save current configuration security - logfile Security log file co nfiguration service - instance Configure a service instance sflow sFlow function shutdown Shut down the interface smart - link Smart Link module spbm SPBM configuration speed Specify speed of current port storm - constrain Port storm control stp Spanning Tree Protocol (STP) module tracert Tracert function trill TRansparent Interconnection of Lots of Link s (TRILL) module undo Cancel current setting unicast - suppression Unicast storm suppression function virtual - cable - test Test cable connection for an interface vlan Set VLAN preceden ce voice - vlan Voice VLAN configuration [Comware7 - GigabitEthernet1/0/10]port ? access Set access port attributes auto - power - down Auto power down an idle interface bridge Configure bridging connection - d istance Specify the connection distance of the interface hybrid Set hybrid port attributes link - aggregation Link aggregation group link - mode Switch the specified interface to layer2 or layer3 ether net link - type Set the link type monitor - link Monitor Link module multicast - vlan Specify a multicast VLAN private - vlan Private VLAN function pvid Forward packets within the PVID service - loopback Service loop back group smart - link Smart Link module trunk Set trunk port attributes up - mode Forcibly bring up an interface without a fiber connection [Comware7 - GigabitEthernet1/0/10]port private - vlan ? INT EGER<1 - 4094> VLAN ID host Specify the host mode in private VLAN [Comware7 - GigabitEthernet1/0/10]port private - vlan 150 ? INTEGER<1 - 4094> VLAN ID promiscuous Specify the promiscuous mode in private VLAN to Range of V LAN IDs trunk Specify trunk mode [Comware7 - GigabitEthernet1/0/10]port private - vlan 150 promiscuous ? <cr> [Comware7 - GigabitEthernet1/0/10]port private - vlan 150 promiscuous [Comware7 - GigabitEthernet1/0/10]interface g1/0/12 [Comware7 - Gigab itEthernet1/0/12]port access vlan 151 [Comware7 - GigabitEthernet1/0/12]port private - vlan ? INTEGER<1 - 4094> VLAN ID host Specify the host mode in private VLAN [Comware7 - GigabitEthernet1/0/12]port private - vlan host

379. 378 ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port Protocol :enabled Port Role :CIST Root Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :8192.009c - 02d5 - 3980 / 128.11 Port Edged :Config=disabled / Active=disabled Point - to - point :Config=auto / Active=true Tr ansmit Limit :10 packets/hello - time Protection Type :None MST BPDU Format :Config=auto / Active=legacy Port Config - Digest - Snooping :disabled Num of Vlans Mapped :3 PortTimes :Hello 2s MaxAge 20s FwDly 15s MsgAge 0s RemHop 0 BPDU Sent :8 TCN: 0, Config: 0, RST: 0, MST: 8 BPDU Received :1034 TCN: 0, Config: 0, RST: 1034, MST: 0 ... [Comware 5 ] dis play stp brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/4 DESI FORWARDING NONE 0 GigabitEthernet1/0/5 DESI FORWARDING NONE 0 GigabitEthernet1/0/6 ROOT FORWARDING NONE Comware 7 [Comware7]stp ? bpdu - protection Specify BPDU protection function bridge - diameter Specify bridge diameter global Specify global parameter instance Specify the spanning tree instance list max - hops Specify max hops mode Specify state machine mode pathcost - standard Specify port path cost standard port - log Specify port status logging priority Specify bridge priority region - configura tion Enter MSTP region view root Specify root switch tc - protection Specify TC protection function tc - snooping Specify TC snooping timer Specify timer configuration timer - factor Specify aged out time factor vlan Specify the VLAN list [Comware7]stp mode ? mstp Multiple spanning tree protocol mode pvst Per - Vlan spanning tree mode rstp Rapid spanning tree protocol mode stp Spanning tree protocol mode [ Comwa re 7 ] stp mode rstp

388. 387 3 100/1000T | Auto 128 Disabled | 2 Yes No 4 100/1000T | 1000 0 96 Disabled | 2 Yes Yes 5 100/1000T | 20000 128 Forwarding | 009c02 - d53980 2 Yes Yes 6 100/1000T | Auto 128 Disabled | 2 Yes No 7 100/1000T | Auto 128 Disabled | 2 Yes No 8 100/1000T | Auto 128 Disabled | 2 Yes No 9 100/1000T | 10000 160 Forwarding | 009c02 - d53980 2 Yes Yes 10 100/1000T | Auto 128 Disabled | 2 Ye s No 11 100/1000T | 20000 128 Forwarding | 009c02 - d53980 2 Yes No 12 100/1000T | Auto 128 Disabled | 2 Yes No 13 100/1000T | 20000 128 Forwarding | 009c02 - d53980 2 Yes No 14 100/1000T | Auto 128 Disabled | 2 Yes No 15 100/1000T | 20000 128 Forwarding | 009c02 - d53980 2 Yes No 16 100/1000T | Auto 128 Disabled | 2 Yes No 17 100/1000T | Auto 128 Disabled | 2 Yes No 18 100/1000T | Auto 128 Disabled | 2 Yes No 25 | Auto 128 Disabled | 2 Yes No 26 | Auto 128 Disabled | 2 Yes No Trk1 | Auto 64 Disabled | 2 Yes No Trk2 | Auto 64 Disabled | 2 Yes No Trk3 | Auto 64 Disabled | 2 Yes No ProVision# show spanning - tree mst - config MST Configuration Identifier Information MST Configuration Name : ProVision - Comware - Cisco MST Configuration Revision : 1 MST Configuration Digest : 0xCEE7F8D6E076E3201F92550CB1D2CB92 IST Mapped VLANs : 1 - 99,101 - 219,221 - 239,241 - 4094 Instance ID Mapped VLANs ----------- --------------------------------------------------------- 1 220 2 100 3 240 ProVision# show spanning - tree instance ist IST Instance Information Instance ID : 0 Mapped VLANs : 1 - 99,101 - 219,221 - 239,241 - 4094 Switch Priority : 8192 Topology Change Count : 0 Time Since Last Change : 9 mins Regional Root MAC Address : 009c02 - d53980 Regional Root Priority : 8192 Regional Root Path Cost : 0 Regional Root Port : This switch is root Remaining Hops : 20 Root Inconsistent Ports : Loop Inconsistent Ports : Designated Port Type Cost Priority Role State Bridge ----- --------- --------- -------- ---------- ------------ -------------- 1 100/1000T 20000 128 Designated Forwarding 009c02 - d53980 2 100/1000T Auto 128 Disabled Disabled

408. 407 port Configure port specific RPVST parameters for the specified VLANs. [ethernet] PORT - LIST Configure the port - specific parameters of the spanning tree p rotocol for individual ports. priority Set the device STP priority (the value is in range of 0 - 61440 divided into steps of 4096 that are numbered from 0 to 15, default is step 8). Not applicable i n RPVST mode. root Configure root for STP. trap Enable/disable STP/MSTP/RPVST traps. vlan Specify RPVST VLAN specific parameters. <cr> ProVision(config)# spanning - tree vlan ? [vlan]VLAN - ID - LIST En ter a list of VLAN identifiers or one VLAN identifier. ProVision(config)# spanning - tree vlan 1 ? enable Enable RPVST on the specified VLANs. This is default. disable Disable RPVST on the specified VLANs. forward - delay Set time the switch waits between transitioning from listening to learning and from learning to forwarding states for specified VLANs. hello - time Set time between messages transmission when the sw itch is root for specified VLANs. maximum - age Set maximum age of received STP information before it is discarded for specified VLANs. priority Set the device STP priority for the specif ied VLANs (the value is in range of 0 - 61440 divided into steps of 4096 that are numbered from 0 to 15, default is step 8). root Explictly configure the switch as the primary or secondary root bridge for the specified VLANs. ProVision(config)# spanning - tree vlan 1 priority 2 (note - multiplier is 4096 , default setting is 8 ) ProVision(config)# sp anning - tree vlan 220 priority 3 ProVision(config)# sp anning - tree vlan 100 priority 4 ProVision(config)# sp anning - tree vlan 240 priority 5 ProVision(config)# spanning - tree ProVision # show spanning - tree ? bpdu - protection Show spanning tree BPDU protection status information. bpdu - throttle Displays the configur ed throttle value. config Show spanning tree configuration information. debug - counters Show spanning tree debug counters information. detail Show spanning tree extended details Port, Bridge, Rx, and Tx report. inconsistent - ports Show information about inconsistent ports blocked by spanning tree protection functions. instance Show the spanning tree instance information. mst - config Show multiple spanning tree region configuration. pending Show spanning tree pending configuration. [ethernet] PORT - LIST Limit the port information printed to the set of the specified ports. port - role - change - h... Show the last 1 0 role change entries on a port in a VLAN/instance. pvst - filter Show spanning tree PVST filter status information. pvst - protection Show spanning tree PVST protection status information. root - history Show spanning tree Root chang es history information. system - limits Show system limits for spanning - tree topo - change - history Show spanning tree topology changes history information. traps Show spanning tree trap information. vlan Show VLAN information for RPVST.

411. 410 Port Edged :Config=disabled / Active=disabled Point - to - point :Config=auto / Active=true Transmit Limit :10 packets/hello - time Protection Type :None Rapid transition :true PortTimes :Hello 2s Ma xAge 20s FwDly 15s MsgAge 1s ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port Protocol :enabled Port Role :Root Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :8192.009c - 02d5 - 3980 / 128.11 Port Edged :Config=disabled / Active=disabled Point - to - point :Config=auto / Active=true Transmit Limit :10 packets/hello - time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s MsgAge 0s ------- [ VLAN 100 Global Info] ------- Protocol Status :enabled Bridge ID :20480.0023 - 89d5 - a059 Bridge Times :Hello 2s MaxAge 20s FwDly 15s Root ID / RPC :8192.cc3e - 5f73 - bacb / 20020 RootPortId :128.6 BPDU - Protection :disabled TC or TCN received :6 Time since last TC :0 days 1h:7m:33s ---- [Port5(GigabitEthernet1/0/5)][FORWARDING] ---- Port Protocol :enabled Port Role :Designated Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=200 Desg. Bridge/Port :20480.0023 - 89d5 - a059 / 128.5 Port Edged :Config=disabled / Active=disabled Point - to - point :Config=auto / Active=true Transmit Limit :10 packets/hello - time Protection Type :None Rapid transition :false Po rtTimes :Hello 2s MaxAge 20s FwDly 15s MsgAge 2s ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port Protocol :enabled Port Role :Root Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20 Desg. Brid ge/Port :16384.009c - 02d5 - 3980 / 128.11 Port Edged :Config=disabled / Active=disabled Point - to - point :Config=auto / Active=true Transmit Limit :10 packets/hello - time Protection Type :None PortTimes :Hello 2s MaxAge 20 s FwDly 15s MsgAge 1s ---- [Port9(GigabitEthernet1/0/9)][FORWARDING] ---- Port Protocol :enabled Port Role :Designated Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=200 Desg. Bridge/Port :20480.0023 - 89d5 - a05 9 / 128.9 Port Edged :Config=enabled / Active=enabled Point - to - point :Config=auto / Active=true Transmit Limit :10 packets/hello - time Protection Type :None Rapid transition :true

511. 510 ProVision(config)# vlan 220 ProVision(vlan - 220)# ip pim - sparse ? dr - priority Set the priority value to use on the interface in the Designated Router election process. hello - dela y Set the maximum time before a triggered PIM Hello message is transmitted on this interface. hello - interval Set the frequency at which PIM Hello messages are transmitted on this interface. i p - addr Set the source IP address for the PIM - SM packets sent out on this interface. lan - prune - delay Turn on/off the LAN Prune Delay Option on this interface. override - interval Set the value inserted into the Override Interval field of a LAN Prune Delay option on this interface. propagation - delay Set the value inserted into the LAN Prune Delay field of a LAN Prune Delay option on this interface. <cr> ProVisi on (vlan - 220)# ip pim - sparse ProVision(vlan - 220 - pim - sparse)# router pim ProVision(pim)# ? bsr - candidate Configure the router to advertise itself as the Candidate Bootstrap Router (Candidate - BSR) for a PIM - SM domain. disab le Disable PIM globally. enable Enable PIM globally. join - prune - interval Configure interval at which the router will send periodic PIM - SM Join/Prune messages. rp - address Statically configu re the Rendezvous Point (RP) to accept multicast traffic for specified group or range of groups. rp - candidate Configure router to advertise itself as the Candidate Rendezvous Point (Candidate - RP) to t he Bootstrap Router (BSR). rpf - override Add, edit or delete RPF override entries. spt - threshold Specify whether switching to the Shortest Path Tree is enabled or disabled on the router. state - refresh Set t he interval between successive State Refresh messages originated by this router. trap Enable/disable PIM traps. ProVision(pim)# rp - address 10.1.220.1 GROUP - ADDR/GROUP - MASK Specify the range of multicast group addr esses associated with the static RP. <cr> ProVision (pim)# rp - address 1 0.1 .220.1 ProVision(pim)# rp - candidate source - ip - vlan ? VLAN - ID Enter a VLAN identifier or a VLAN name. ProVision(pim)# rp - candidate source - ip - v lan 220 ProVision(pim)# bsr - candidate ? bsm - interval Specify the interval for sending Bootstrap messages on PIM - SM interfaces. hash - mask - length Specify the length (in bits) of the hash mask. priority Sp ecify the priority for the Candidate Bootstrap router. source - ip - vlan Specify the VLAN to use as a source for Candidate - BSR router IP address(PIM - SM must be enabled on this VLAN). <cr> ProVision (pim)# bsr - candidate source - ip - vlan 220

22. 21 - or - <Comware7>scheduler reboot delay ? STRING<1 - 6> Interval (HH:MM or MM) <Comware7>scheduler reboot delay 07:45 ? <cr> <Comware7>scheduler reboot delay 07:45 Reboot system at 22:56:01 03/09/2015(in 7 hours and 45 minutes). Confirm?[Y/N]:y <Comware7>%Mar 9 15:11:04:975 2015 Comware7 SCH/5/SCH_REBOOT_SCHEDULED: aux0 set schedule reboot parameters at 15:11:01 03/09/2015, and system will reboot at 22:56:01 03/09/2015. <Comware7>display scheduler reboot System will reboot at 23:00:00 03/09/2015(in 7 hours and 47 minutes). <Comware7>u ndo schedule reboot <Comware7>%Mar 9 15:09:23:490 2015 Comware7 SCH/5/SCH_REBOOT_CANCEL: aux0 cancelled reboot parameters at 15:09:23 03/09/2015. Cisco Cisco#reload Proceed with reload? [confirm] [for timed reboot] Cisco#reload ? /noverify Don't verify file signature before reload. /verify Verify file signature before reload. LINE Reason for reload at Reload at a specific time/date cancel Cancel pending reload in Reload after a time interval slot S lot number card standby - cpu Standby RP <cr> Cisco#reload at ? hh:mm Time to reload (hh:mm) Cisco#reload at 23:00 ? <1 - 31> Day of the month LINE Reason for reload MONTH Month of the year <cr> Cisco#reload at 23:00 march ? <1 - 31> Day of the month Cisco#reload at 23:00 march 5 ? LINE Reason for reload <cr> Cisco#reload at 23:00 march 5 System configuration has been modified. Save? [yes/no]: y Building configuration... [OK] Reload scheduled for 23:00:00 central Thu Mar 5 2015 (in 22 hours and 16 minutes) by console Proceed with reload? [confirm] Cisco#

27. 26 < Comware > display device verbose Slot 1 SubSNo PortNum PCBVer FPGAVer CPLDVer BootRomVer AddrLM Type State 0 28 RE V.C NULL 002 710 IVL MAIN Normal slot 1 info: Up Time : 0 weeks, 0 days, 1 hours, 22 minutes Brd Type : HP A5500 - 24G - PoE+ EI Switch with 2 Interface Slots Brd Status : Master Sft Ver : Release 2221P07 Patch Ver : None PCB Ver : REV.C BootRom Ver : 721 CPLD Ver : 002 < Comw are > display fan ? slot Display slot ID | Matching output <cr> < Comware > display fan Slot 1 FAN 1 State : Normal < Comware > display power ? slot Display slot ID | Matching output <cr> < Comware > display power Slot 1 Power 1 State : Normal Type : AC < Comware > display environment ? slot Specify the slot number | Matching output <cr> < Comware > display environment Slot 1 System temperature information (degree centigrade): ---------- --------------------------------------------------------------------- Sensor Temperature LowerLimit WarningLimit AlarmLimit ShutdownLimit hotspot 1 33 - 5 55 NA NA

31. 30 27 VTY 2 28 VTY 3 29 VTY 4 30 VTY 5 31 VTY 6 32 VTY 7 33 VTY 8 34 VTY 9 35 VTY 10 36 VTY 11 37 VTY 12 38 VTY 13 39 VTY 14 40 VTY 15 Following are more details. VTY 0 : Location: 10.0.100.84 VTY 1 : Location: 10.0.100.87 + : User - interface is active. F : User - interface is active and work in async mode. Comware7 <Comware7>dis play users ? > Redirect it to a file >> Redirect it to a file in append mode all Information about all lines | Matching o utput <cr> <Comware7>display users Idx Line Idle Time Pid Type F 0 AUX 0 00:00:00 Mar 23 15:22:58 538 129 VTY 0 00:02:10 Mar 23 15:41:18 613 TEL 130 VTY 1 00:01:39 Mar 23 15:45:49 621 TEL Following are more details. VTY 0 : Location: 10.0.100.84 VTY 1 : Location: 10.1.1.108 + : Current operation user. F : Current operation user works in async mode. <Comware7>dis play users all ? > Redirect it to a file >> Redirect it to a file in append mode | Matching output <cr> <Comware7>display users all Idx Line Idle Time Pid Type F 0 AUX 0 00:00:00 Mar 23 15:22:58 538 + 129 VTY 0 00:02:52 Mar 23 15:41:18 613 TEL + 130 VTY 1 00:02:21 Mar 23 15:45:49 621 TEL 131 VTY 2 132 VTY 3 133 VTY 4 134 VTY 5 135 VTY 6 136 VTY 7 137 VTY 8 138 VTY 9 139 VTY 10 140 VTY 11

129. 128 ProVision(config)# sntp server prio rity 1 10.0.100.251 ? oobm Use OOBM interface to connect to server <1 - 7> The SNTP version of the server <cr> ProVision(config)# sntp server priority 1 10.0.100.251 ProVision(config)# sntp unicast ProVision(config)# s ntp 60 ProVision(config)# timesync sntp ProVision# show sntp ? authentication Show configured SNTP authentication information. statistics Show SNTP protocol statistics. <cr> ProVision# show sntp authentication ? <cr> ProVision# s how sntp authentication SNTP Authentication Information SNTP Authentication : Disabled ProVision# show sntp statistics ? <cr> ProVision# show sntp statistics SNTP Statistics Received Packets : 2 Sent Packets : 2 Dropped Packets : 0 SNTP Server Address Auth Failed Pkts --------------------------------------- ---------------- 10.0.100.251 0 ProVision# show sntp SNTP Configuration SNTP Authentic ation : Disabled Time Sync Mode: Sntp SNTP Mode : Unicast Poll Interval (sec) [720] : 60 Source IP Selection: Outgoing Interface Priority SNTP Server Address Version Key - id -------- --------------------------------------- ------- ---------- 1 10.0.100.251 3 0 ProVision(config)# clock ? datetime Specify the time and date set Set current time and/or date. summer - time Enable/disable dayli ght - saving time changes. timezone Set the number of hours your location is to the West( - ) or East(+) of GMT. <cr>

52. 51 telnet Telnet service terminal Terminal access service [Comware7 - luse r - manage - manager]service - type terminal ? http HTTP service type https HTTPS service type pad X.25 PAD service ssh Secure Shell service telnet Telnet service <cr> [Comware7 - luser - manage - manager]service - type terminal [Comware7 - luser - manage - manager]password ? hash Specify a hashtext password simple Specify a plaintext password <cr> [Comware7 - luser - manage - manager]password hash ? STRING<1 - 110> Hashtext password string [Comware7 - luser - manage - manager]password hash pass word ? <cr> [Comware7 - luser - manage - manager]password hash password [the next command sets the use of uid/pw for login via console, even though the scheme is defined for AAA, it works with local uid/pw configuration] [Comware 7 ] user - interface aux 0 [C omware7 - line - aux0]? Line view commands: activation - key Specify a character to begin a terminal session authentication - mode Login authentication mode auto - execute Automatic execution configuration cfd Connectivity Fau lt Detection (CFD) module command Command authorization and accounting databits Set the databits of line diagnostic - logfile Diagnostic log file configuration display Display current system information escap e - key Escape key sequence configuration flow - control Set a flow control mode history - command History command buffer configuration idle - timeout User connection idle timeout logfile Log file configuration monitor System monitor parity Set the parity check method ping Ping function protocol Set the protocols to be supported by the line quit Exit from current command view return Exit to User View save Save current configuration screen - length Specify the number of lines to be displayed on a screen security - logfile Security log file configuration set Specify line par ameters shell Enable terminal user service speed Line transmission speed stopbits Specify the stop bit of line terminal Specify terminal attribute tracert Tracert function undo Cancel current setting user - role Specify user role configuration information

53. 52 [Comware7 - line - aux0]authentication - mode ? none Login without authentication password Password authentication scheme Authentication u se AAA [Comware7 - line - aux0]authentication - mode scheme ? <cr> [Comware7 - line - aux0]authentication - mode scheme [the next command sets the use of password only for login via console] [ Comware 7 ]user - interface aux 0 [Comware7 - line - aux0]authentication - m ode password ? <cr> [Comware7 - line - aux0]authentication - mode password [Comware7 - line - aux0]set ? authentication Specify the authentication parameters for line [Comware7 - line - aux0]set authentication ? password Specify the password of line [Comwar e7 - line - aux0]set authentication password ? hash Specify a hashtext password simple Specify a plaintext password [Comware7 - line - aux0]set authentication password simple ? STRING<1 - 16> Plaintext password string [Comware7 - line - aux0]set authenticat ion password simple password ? <cr> [Comware7 - line - aux0]set authentication password simple password Cisco Cisco(config)#enable ? last - resort Define enable action if no TACACS servers respond password Assign the privileged level password (MAX of 25 characters) secret Assign the privileged level secret (MAX of 25 characters) use - tacacs Use TACACS to check enable passwords Cisco(config)#enable password ? 0 Specifies an UNENCRYPTED password will follow 7 Specifies a HID DEN password will follow LINE The UNENCRYPTE D (cleartext) 'enable' password level Set exec level password Cisco(config)#enable password 0 ? LINE The UNENCRYPTED (cleartext) 'enable' password Cisco(config)#enable password 0 password ? LINE <c r> Cisco(config)#enable password 0 password Cisco(config)#enable secret ? 0 Specifies an UNENCRYPTED password will follow 5 Specifies an ENCRYPTED secret will follow LINE The UNENCRYPTED (cleartext) 'enable' secret level Set exec lev el password

65. 64 [Comware7]local - user test1 ? class Specify a class for the local user <cr> [Comware7]local - user test1 class ? manage Device management user networ k Network access user [Comware7]local - user test1 class manage ? <cr> [Comware7]local - user test1 class manage New local user added. [Comware7 - luser - manage - test1]? Local - user protocol view commands: access - limit Specify the maximum concur rent access number for the local user authorization - attribute Specify authorization attributes of local user bind - attribute Specify binding attributes of local user cfd Connectivity Fault Det ection (CFD) module diagnostic - logfile Diagnostic log file configuration display Display current system information group Specify user group of local user ip Specify IP configuration logfile Log file configuration monitor System monitor password Specify password of local user password - control Password control feature ping Ping function quit Exit from current command view return Exit to User View save Save current configuration security - logfile Security log file configuration service - type Specify a service type for the local user state Specify state of local user tracert Tracert function undo Cancel current setting [Comware7 - luser - manage - test1]password ? hash Specify a hashtext password simple Spe cify a plaintext password <cr> [Comware7 - luser - manage - test1]password simple ? STRING<1 - 63> Plaintext password string [Comware7 - luser - manage - test1]password simple password ? <cr> [Comware7 - luser - manage - test1]password simple password [Comware7 - lus er - manage - test1]service - type ? ftp FTP service http HTTP service type https HTTPS service type pad X.25 PAD service ssh Secure Shell service telnet Telnet service terminal Terminal access service [Comware7 - luse r - manage - test1]service - type telnet ? http HTTP service type https HTTPS service type pad X.25 PAD service

76. 75 [Comware5]display password - control ? blacklist Display blacklist information super Display super user's password - control information | Matching output <cr> [Comware5]display password - control Global password control configurations: Password control: Enabled Password aging: Enabled (90 days) Password length: Enabled ( 10 characters) Password composition: Enabled (4 types, 2 characters per type) Password history: Enabled (max history records:4) Early notice on password expiration: 7 days User authentication timeout: 60 secon ds Maximum failed login attempts: 3 times Login attempt - failed action: Lock for 1 minutes Minimum password update time: 24 hours User account idle - time: 90 days Login with aged password: 3 times in 30 days Password complexity: Enabled (username checking) Enabled (repeated characters checking) Comware7 [Comware7]password - control ? aging Specify password aging alert - before - expire Se t the alert time before password expiration complexity Check password complexity composition Specify password composition enable Enable password control globally expired - user - login Allow a user to log in with an e xpired password within a period history Specify maximum number of history passowrds for each user length Specify minimum password length login Specify local user login login - attempt Control local user login attempts super Super user's password controls update - interval Set the minimum password update interval [Comware7]password - control enable ? <cr> [Comware7]password - control enable [Comware7]password - control length ? INTEGER<4 - 32> Minimum password length,in characters enable Enable the password control function [Comware7]password - control length 10 ? <cr> [Comware7]password - control length 10 [Comware7]password - control length enable ? <cr> [Comware7]password - control length enable [Comware7]password - control composition ? enable Enable the password control function type - number Specify the minimum number of password composition types

86. 85 ProVision# copy xmodem flash ? primary Copy to primary flash. secondary Copy to secondary flash. <cr> ProVision# copy xmodem flash secondary ? <cr> ProVision# copy xmodem flash secondary The S econdary OS Image will be deleted, continue [y/n]? y Press 'Enter' and start XMODEM on your host... ProVision# copy flash ? flash Copy to primary/secondary flash. sftp Copy data to an SFTP server tftp Copy data to a TFTP server. usb Copy data to a USB flash drive. xmodem Use xmodem on the terminal as the data destination. ProVision# copy flash flash ? primary Copy to primary flash. secondary Copy to secondary flash. ProVision# copy flash flash secondary ProVision# copy flash tftp ? oobm Use the OOBM interface to reach TFTP server. IP - ADDR Specify TFTP server IPv4 address. IPV6 - ADDR Specify TFTP server IPv6 address. ProVision# copy flash tftp 10.0.100.111 ? FILENAME - STR Specify filename for the TFTP transfer. ProVision# copy flash tftp 10.0.100. 111 K_ 1 5_16 _0004 .swi ? primary Copy image primary flash. secondary Copy image secondary flash. oobm Use the OOBM interface to reach TFTP server. <cr> ProVision# copy flash tftp 10.0.100.111 K_15_16_0004.swi seconda ry ? oobm Use the OOBM interface to reach TFTP server. <cr> ProVision# copy flash tftp 10.0.100.111 K_15_16_0004.swi secondary ProVision# copy flash s ftp 10.0.100.11 1 K_ 15_16 _0004 .swi ? primary Copy image primary flash. secondary Copy image secondary flash. oobm Use the OOBM interface to reach SFTP server. <cr> ProVision# copy flash sftp 10.0.100.111 K_15_16_0004.swi secondary ? oobm Use the OOBM interface to reach SFTP server. <cr> ProVision# copy flash sftp 10.0.100.111 K_15_16_0004.swi secondary Attempting username/password authentication... Enter manager@10.0.100.111's password: ******** SFTP download in progress. ProVision# copy flash usb ? FILENAME - STR Specify filename for the TFTP transfer.

93. 92 server prefer - ctos - hmac Specify the preferred HMAC algorithm from client to server prefer - kex Specify the preferred key exchange alg orithm prefer - stoc - cipher Specify the preferred encryption algorithm from server to client prefer - stoc - hmac Specify the preferred HMAC algorithm from server to client publickey Specify the public key of server so urce Specify a source <cr> <Comware7>scp 10.0.100.111 put 5900_5920 - CMW710 - R2311P05.ipe Username: manager Press CTRL+C to abort. Connecting to 10.0.100.111 port 22. manager@10.0.100.111's password: <Comware7>copy flash:/? flash:/5900_ 5920 - CMW710 - R2311P05.ipe flash:/5900_5920 - cmw710 - boot - r2416.bin flash:/5900_5920 - cmw710 - system - r2416.bin flash:/diagfile/ flash:/ifindex.dat flash:/startup .cfg flash:/startup .mdb flash:/lauth.dat flash:/license/ flash:/logfile/ flash:/p ki/ flash:/seclog/ flash:/versionInfo/ <Comware7>copy flash:/5900_5920 - CMW710 - R2311P05.ipe ? STRING [drive][path][file name] flash: Device name ftp: File on the FTP server slot1#flash: Device name slot1#usba0: Device name tftp: File on the TFTP server usba0: Device name <Comware7>copy flash:/5900_5920 - CMW710 - R2311P05.ipe usba0:? usba0:/ <Comware7>copy flash:/5900_5920 - CMW710 - R2311P05.ipe usba0:/? "usba0:/System Volume Information/" usba0:/59 00_5920 - CMW710 - R2416.ipe usba0:/5900_5920 - cmw710 - boot - r2311p05.bin usba0:/5900_5920 - cmw710 - boot - r2416.bin usba0:/5900_5920 - cmw710 - system - r2311p05.bin usba0:/5900_5920 - cmw710 - system - r2416.bin <Comware7>copy flash:/5900_5920 - CMW710 - R2311P05.ipe usba 0:/ ? <cr> <Comware7>copy flash:/5900_5920 - CMW710 - R2311P05.ipe usba0:/ <Comware7>boot - loader ? file Specify upgrade image files pex Specify the startup software image files for PEXs to load from the parent device update Update startup software images <Comware7>boot - loader file ?

95. 94 tftp: A URL beginning with this prefix Cisco#copy tftp:// 10. 0.100.111 / c3750e - universalk9 - mz.150 - 2.SE7.bin ? flash: Copy to flash: file system null: Copy to null: file system nvram: Copy to nvram: file system running - config Update (merge with) current system configuration startup - config Copy to startup configuration sysl og: Copy to syslog: file system system: Copy to system: file system tmpsys: Copy to tmpsys: file system vb: Copy to vb: file system Cisco#copy tftp://10.0.100.111/c3750e - universalk9 - mz.150 - 2.SE7.bin flash ? <cr> Cisco#copy tftp:// 10. 0.100.111 / c3750e - universalk9 - mz.150 - 2.SE7.bin flash: Destination filename [ c3750e - universalk9 - mz.150 - 2.SE7.bin ]? Cisco#copy scp:? scp: A URL beginning with this prefix Cisco#copy scp://10.0.100.111/c3750e - universalk9 - mz.150 - 2 .SE7.bin ? flash1: Copy to flash1: file system flash: Copy to flash: file system null: Copy to null: file system nvram: Copy to nvram: file system running - config Update (merge with) current system configuratio n startup - config Copy to startup configuration syslog: Copy to syslog: file system system: Copy to system: file system tmpsys: Copy to tmpsys: file system Cisco#copy scp://10.0.100.111/c3750e - universalk9 - mz.150 - 2.SE7.bin flash ? <cr> Cisco#copy scp://10.0.100.111/c3750e - universalk9 - mz.150 - 2.SE7.bin flash Source username [manager]? test Destination filename [c3750e - universalk9 - mz.150 - 2.SE7.bin]? Cisco#copy xmodem: ? flash1: Copy to flash1: file system fla sh: Copy to flash: file system ftp: Copy to ftp: file system http: Copy to http: file system https: Copy to https: file system null: Copy to null: file system nvram: Copy to nvram: file sy stem rcp: Copy to rcp: file system running - config Update (merge with) current system configuration scp: Copy to scp: file system startup - config Copy to startup configuration syslog: Copy to syslog: file system sy stem: Copy to system: file system tftp: Copy to tftp: file system tmpsys: Copy to tmpsys: file system vb: Copy to vb: file system Cisco#copy xmodem: flash: ? <cr> Cisco#copy xmodem: flash:

143. 142 manager Modi fy SNMP manager parameters packetsize Largest SNMP packet size queue - length Message queue length for each TRAP host source - interface Assign an source interface spi Configs for SNMP communication using SPI sysobjectid sysObjectID system - shutdown Enable use of the SNMP reload command tftp - server - list Limit TFTP servers used via SNMP trap SNMP trap options trap - source Assign an interface for the source address of all traps trap - timeout Set timeout for TRAP message retransmissions user Define a user who can access the SNMP engine view Define an SNMPv3 MIB view Cisco(config)#snmp - server host ? WORD IP/IP V6 address of SNMP notification host http://<Hostname or A.B.C.D>[:<port number>][/<uri>] HTTP address of XML notification host Cisco(config )#snmp - server host 10.0.1 11.210 ? WORD SNMPv1/v2c community string or SNMPv3 user name informs Send Inform messages to this host traps Send Trap messages to this host version SNMP version to use for notification messages vrf VPN Rou ting instance for this host Cisco (config)#snmp - server host 10.0. 11.210 version ? 1 Use SNMPv1 2c Use SNMPv2c 3 Use SNMPv3 Cisco(config)#snmp - server host 10.0.1 11.210 version 2c ? WORD SNMPv1/v2c community string or SNMPv3 user name Cisco (config)#snmp - server host 10.0.1 11.210 version 2c private ? auth - framework Allow SNMP CISCO - AUTH - FRAMEWORK - MIB traps bridge Allow SNMP STP Bridge MIB traps call - home Allow SNMP CISCO - CALLHOME - MIB traps cef Allows cef traps cluster Allow Cluster Member Status traps config Allow SNMP config traps config - copy Allow SNMP config - copy traps config - ctid Allow SNMP config - ctid traps copy - config Allow SNMP copy - config traps cpu Allow cpu related traps dot1x Allow dot1x traps eigrp Allow SNMP EIGRP traps energywise Allow SNMP energywise traps entity Allow SNMP entity traps envmon Allow environmental monitor traps errdisable Allow errordisable notifications event - manager Allow SNMP Embedded Event Manager traps flash Allow SNMP FLASH traps flowmon Allow SNMP flow monitor notifications fru - ctrl Allow e ntity FRU control traps hsrp Allow SNMP HSRP traps ipmulticast Allow SNMP ipmulticast traps ipsla Allow SNMP Host IP SLA traps license Allow license traps mac - notification Allow SNMP MAC Notification Trap s ospf Allow OSPF traps pim Allow SNMP PIM traps port - security Allow SNMP port - security traps power - ethernet Allow SNMP power ethernet traps

146. 145 0 Number of requested variables 0 Number of altered variables 0 Get - request PDUs 0 Get - next PDUs 0 Set - request PDUs 0 Input queue packet drops (Maximum queue size 1000) 0 SNMP packets output 0 Too big errors (Maximum packet size 1500) 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs SNMP global trap: enabled SNMP logging: enabled Logging to 10.0.111.210.1 62, 0/10, 0 sent, 0 dropped. SNMP agent enabled Cisco#show snmp host Notification host: 10.0.1 11.210 udp - port: 162 type: trap user: private security model: v2c

152. 151 vpn - instance Specify VPN instance [Comware 5 ]snmp - agent target - host trap address udp - domain 10.0.111.210 params ? securityname Specify the name for the principal on whose be half SNMP messages will be generated [Comware 5 ]snmp - agent target - host trap address udp - domain 10.0.111.210 params securityname ? STRING<1 - 32> Specify the character string of security name [Comware 5 ]snmp - agent target - host trap address u dp - domain 10.0.111.210 params securityname test ? v1 Specify security model of SNMPv1 to generate SNMP messages v2c Specify security model of SNMPv2c to generate SNMP messages v3 Specify security model of SNMPv3 to generate SNMP messages <c r> [Comware 5 ]snmp - agent target - host trap address udp - domain 10.0.111.210 params securityname test v3 ? authentication Specify the securityLevel of AuthNoPriv privacy Specify the securityLevel of AuthPriv <cr> [Comware 5 ]snmp - agent target - ho st trap address udp - domain 10.0.111.210 params securityname test v3 privacy ? <cr> [Comware 5 ]snmp - agent target - host trap address udp - domain 10.0.111.210 params securityname test v3 privacy [Comware 5 ] snmp - agent sys - info location ? TEXT The phy sical location of this node<1 - 255 > [Comware 5 ] snmp - agent sys - info location Lab [Comware 5 ] snmp - agent sys - info contact ? TEXT Contact person information for this node<1 - 255> [Comware 5 ] snmp - agent sys - info contact Lab _ Engr [Comware 5 ] dis play snmp - agent sys - inf o The contact person for this managed node: LabEngr The physical location of this node: Lab SNMP version running in the system: SNMPv3 [Comware 5 ] dis play snmp - agent group Group name: managerpriv Securi ty model: v3 AuthPriv Readview: ViewDefault Writeview: <no specified> Notifyview: <no specified> Storage - type: nonVolatile [Comware 5 ] dis play snmp - agent usm - user User name: test Group name: managerpriv Engine ID: 80 0063A203002389D5A070 Storage - type: nonVolatile

155. 154 <cr> [Comware7]snmp - agent target - host trap address udp - domain 10.0.111.210 p arams securityname test v3 privacy ? <cr> [Comware 7 ]snmp - agent target - host trap address udp - domain 10.0.111.210 params securityname test v3 privacy [Comware7]snmp - agent sys - info location ? TEXT Location information of the agent, 1 to 255 character s [Comware7]snmp - agent sys - info location Lab [Comware7]snmp - agent sys - info contact ? TEXT Contact information, 1 to 255 characters [Comware7]snmp - agent sys - info contact Lab_Engr [Comware7]display snmp - agent sys - info The contact information of th e agent: Lab_Engr The location information of the agent: Lab The SNMP version of the agent: SNMPv3 [Comware7]display snmp - agent group Group name: managerpriv Security model: v3 AuthPriv Readview: ViewDefault Writeview: <no specified> Notifyview: <no specified> Storage - type: nonVolatile [Comware7]display snmp - agent usm - user Username: test Group name: managerpriv Engine ID: 800063A280CC3E5F73BACF00000001 Storage - type: nonVol atile UserStatus: active Cisco Cisco(config)#snmp - server group ? WORD Name of the group Cisco(config)#snmp - server group managerpriv ? v1 group using the v1 security model v2c group using the v2c security model v3 group using the Use r Security Model (SNMPv3) Cisco(config)#snmp - server group managerpriv v3 ? auth group using the authNoPriv Security Level noauth group using the noAuthNoPriv Security Level priv group using SNMPv3 authPriv security level Cisco(config)#snmp - s erver group managerpriv v3 priv ? access specify an access - list associated with this group context specify a context to associate these views for the group match context name match criteria notify specify a notify view for the group read specify a read view for the group

162. 161 [ Comware5 - ui - vty0 - 15]set authentication password simple password ? <cr> [ Comware5 - ui - vty0 - 15]set authentication password simple password [ Comware5 ] display users The user application information of the user interface(s): Idx UI Delay Type Userlevel 0 AUX 0 00:00:40 3 + 25 VTY 0 00:00:00 TEL 3 Following are more details. AUX 0 : User name: manager VTY 0 : User name: manager Location: 10.0.100.80 + : Current operation user. F : Current operation user work in async mode. [ Comware5 ]dis play users all The user application information of all user interfaces: Idx UI Delay Type Userlevel F 0 AUX 0 00:00:00 3 + 25 VTY 0 00:03:11 TEL 3 26 VTY 1 27 VTY 2 28 VTY 3 29 VTY 4 30 VTY 5 31 VTY 6 32 VTY 7 33 VTY 8 34 VTY 9 35 VTY 10 36 VTY 11 37 VTY 12 38 VTY 13 39 VTY 14 40 VTY 15 Following are more details. AUX 0 : User name: manager VTY 0 : User name: manager Location: 10.0.100.80 + : User - interface is active. F : User - interface is active and work in async mode. Comware 7 [Comware7]telnet ? client Specify telnet client attribute server Telnet server configuration [Comware7]telnet server ? acl Specify an ACL to control telnet clients' access dscp Set t he Differentiated Services Codepoint (DSCP) value enable Enable telnet server function ipv6 IPv6 information [Comware 7 ]telnet server ena ble

172. 171 [Comware7 - luser - manage - ssh - manag er]service - type ssh ? http HTTP service type https HTTPS service type pad X.25 PAD service telnet Telnet service terminal Terminal access service <cr> [Comware7 - luser - manage - ssh - manager]service - type ssh NOTE: by configuring ‘protocol inbound ssh’ on the vty interfaces, if telnet access was previously enabled, it is now functionally disabled, however still remove the ‘telnet server enable’ command, as done later in a few steps . [Comware7 - luser - manage - ssh - manager]authorizatio n - attribute ? acl Specify ACL of local user callback - number Specify PPP callback number of local user idle - cut Specify idle cut function for local user user - profile Specify user profile of local user user - role Spe cify user role of the local user vlan Specify VLAN ID of local user work - directory Specify work directory of local user [Comware7 - luser - manage - ssh - manager]authorization - attribute user - role ? STRING<1 - 63> User role name network - a dmin network - operator level - 0 level - 1 level - 2 level - 3 level - 4 level - 5 level - 6 level - 7 level - 8 level - 9 level - 10 level - 11 level - 12 level - 13 level - 14 level - 15 security - audit [Comware7 - luser - manage - ssh - manager]authorization - attribute user - role network - admin ? acl Specify ACL of local user callback - number Specify PPP callback number of local user idle - cut Specify idle cut function for local user user - profile Specify user profile of local user vlan Specify VLAN ID of local user work - directory Specify work directory of local user <cr> [Comware7 - luser - manage - ssh - manager]authorization - attribute user - role network - admin [Comware7]undo telnet server enable [Comware7]ssh ? cl ient SSH client configuration server Specify the server attribute user SSH user [Comware7]ssh server ?

183. 182 ProVision ProVision(config)# crypto ? key Install/ remove RSA key file for ssh. pki Public Key Infrastructure management ProVision(config)# crypto pki ? clear Clears the csr, certificate and its related private key. create - csr Manually create a certificate s igning request. enroll - self - signed Create and install a self - signed certificate. identity - profile Creates an identity profile. install - signed - cer... Manually install a signed certificate, the certificatemust match a previo usly created signing request. ta - profile Creates a Trust Anchor profile. zeroize Remove all pki configuration, including profiles, certificates and keys. ProVision(config)# crypto pki enroll - self - signed ? certificate - name Name of the local certificate. ProVision(config)# crypto pki enroll - self - signed certificate - name ? CERT - NAME Name of the local certificate. ProVision(config)# crypto pki enroll - self - signed certificate - name localcert ? key - size The length of the key, default is 1024 bits. subject Subject fields of the certificate, the default values are specified in the identity profile. usage The intended application, default is web. valid - start Certificate validity start date (MM/DD/YYYY). <cr> ProVision(config)# crypto pki enroll - self - signed certificate - name localcert subject ? common - name To specify common name country To specif y the two letter ISO 3166 - 1 country code locality To specify locality org To specify organization org - unit To specify organization unit state To specify state key - size The length of the key, default is 1024 bits. usage The intended application, default is web. valid - start Certificate validity start date (MM/DD/YYYY). <cr> ProVision(config)# crypto pki enroll - self - signed certificate - name localcert subj ect Enter Common Name(CN) : ProVision Enter Org Unit(OU) : Lab Enter Org Name(O) : Test Enter Locality(L) : Any City Enter State(ST) : Any State Enter Country(C) : ProVision(config)# web - management idle - timeout Set the idle timeout for web man agement sessions. listen Specify in which mode HTTP Server should listen in management - url Specify URL for web interface [?] button. plaintext Enable/disable the http server (insecure). ssl Enable/dis able the https server (secure). support - url Specify URL for web interface Support page. <cr> ProVision(config)# web - management ssl TCP/UDP - PORT TCP port on which https server should accept connections. <cr> ProVision(config)# web - man agement ssl

193. 192 <cr> ProVision(config)# radius - server host 10.0.100.111 key ? KEY Encryption key to use with the RADIUS server (default is NULL). oobm Use OOBM interface to connect to server ProVision(config)# radius - server host 10.0.100.111 key password ? acct - port Accounting UDP destination port number(1 - 65535). auth - port Authentication UDP destination port num ber (default is 1812). oobm Use OOBM interface to connect to server <cr> ProVision(config)# radius - server host 10.0.100.111 key password ProVision (config)# aaa accounting Configure accounting parameters on the switch. aut hentication Configure authentication parameters on the switch. authorization Configure authorization parameters on the switch. port - access Configure 802.1X (Port Based Network Access), MAC address based net work access, or web authentication based network access on the device. server - group Place the RADIUS server into the RADIUS server group. ProVision(config)# aaa authentication ? allow - vlan Configure authenticato r ports to apply VLAN changes immediately. console Configure authentication mechanism used to control access to the switch console. disable - username Bypass the username during authentication while accessing the switch to get Manager or Operator access. local - user Create or remove a local user account. lockout - delay The number of seconds after repeated login failures before a user may again attempt login. login Specify that switch respects the authentication server's privilege level. mac - based Configure authentication mechanism used to control mac - based port access to the swi tch. num - attempts The number of login attempts allowed. port - access Configure authentication mechanism used to control access to the network. ssh Configure authentication mechanism used to cont rol SSH access to the switch. telnet Configure authentication mechanism used to control telnet access to the switch. web Configure authentication mechanism used to control web access to the switch. web - based Configure authentication mechanism used to control web - based port access to the switch. ProVision(config)# aaa authentication console ? enable Conf igure access to the privileged mode commands. login Configure login access to the switch. ProVision(config)# aaa authentication console login ? local Use local switch user/password database. tacacs Use TAC ACS+ server. radius Use RADIUS server. peap - mschapv2 Use RADIUS server with PEAP - MSChapv2. ProVision(config)# aaa authentication console login radius ? local Use local switch user/password database. none Do not use backup authentication methods. authorized Allow access without authentication. server - group Specify the server group to use. <cr>

235. 234 local AAA Local method options max - se ssions Adjust initial hash size for estimated max sessions memory AAA memory parameters nas NAS specific configuration new - model Enable NEW access control commands and functions.(Disables OLD comma nds.) pod POD processing policy AAA policy parameters server Local AAA server service - profile Service - Profile parameters session - id AAA Session ID traceback Traceback recording user A AA user definitions Cisco(config)#aaa authorization ? auth - proxy For Authentication Proxy Services cache For AAA cache configuration commands For exec (shell) commands. config - commands For configuration m ode commands. configuration For downloading configurations from AAA server console For enabling console authorization credential - download For downloading EAP credential from Local/RADIUS/LDAP exec For starting a n exec (shell). multicast For downloading Multicast configurations from an AAA server network For network services. (PPP, SLIP, ARAP) policy - if For diameter policy interface application. pre paid For diameter prepaid services. radius - proxy For proxying radius packets reverse - access For reverse access connections subscriber - service For iEdge subscriber services (VPDN etc) template Enable template authorization Cisco (config)#aaa authorization console Cisco(config)#aaa authorization exec ? WORD Named authorization list (max 31 characters, longer will be rejected). default The default authorization list. Cisco(config)#aaa auth orization exec default ? cache Use Cached - group group Use server - group. if - authenticated Succeed if user has authenticated. krb5 - instance Use Kerberos instance privilege maps. local Use local database. n one No authorization (always succeeds). Cisco(config)#aaa authorization exec default group ? WORD Server - group name ldap Use list of all LDAP hosts. radius Use list of all Radius hosts. tacacs+ Use list of all Tacacs+ hosts . Cisco(config)#aaa authorization exec default group tacacs+ ? cache Use Cached - group group Use server - group. if - authenticated Succeed if user has authenticated. krb5 - instance Use Kerberos instance privilege maps. lo cal Use local database. none No authorization (always succeeds). <cr> Cisco(config)#aaa authorization exec default group tacacs+

245. 244 System Description: ProCurve J9299A Switch 2520G - 24 - PoE, revision J.14.54, ROM J.14.05 (/sw/code/build/walle(J_t4b)) Time remaining: 99 seconds System Capabilities: B Enabled Capabilities: B Management Addresses: IP: 10.0.111.2 Auto Negotiation - supported, enabled Physical media capabilities: 1000baseT(FD) 100base - TX(FD) 100base - TX(HD) 10base - T(FD) 10base - T(HD) Media Attachment Unit type: 30 Vlan ID: - not advertised Total entries displayed: 1

272. 271 schedule Define a schedule [Comware7]scheduler job ? STRING<1 - 47> Name of the job [Comware7]scheduler job save - config ? <cr> [Comware7]scheduler job save - config [Comware7 - job - save - config]? Job view commands: cfd Conne ctivity Fault Detection (CFD) module command Specify a command diagnostic - logfile Diagnostic log file configuration display Display current system information ip Specify IP configuration logfile Log file configuration monitor System monitor ping Ping function quit Exit from current command view return Exit to User View save Save current configuration security - logf ile Security log file configuration tracert Tracert function undo Cancel current setting [Comware7 - job - save - config]command ? INTEGER<0 - 4294967295> ID of command [Comware7 - job - save - config]command 1 ? TEXT Command of the job [Comware7 - job - save - config]command 1 tftp 10.0.100.111 put startup.cfg ? TEXT Command of the job <cr> [Comware7 - job - save - config]command 1 tftp 10.0.100.111 put startup.cfg [Comware7 - job - save - config]quit [Comware7]scheduler schedule ? STR ING<1 - 47> Name of the schedule [Comware7]scheduler schedule saveconfig ? <cr> [Comware7]scheduler schedule saveconfig [Comware7 - schedule - saveconfig]? Schedule view commands: cfd Connectivity Fault Detection (CFD) module diagnostic - logfile Diagnostic log file configuration display Display current system information ip Specify IP configuration job Assign a job to the schedule logfile Log file configuration monitor System monitor ping Ping function quit Exit from current command view return Exit to User View save Save current configuration security - logfile Security log file configuration time Specify the time to run the schedule tracert Tracert function

273. 272 undo Cancel current setting user - role Specify the user role for executing the schedule [Comware7 - schedule - saveconfig]time ? a t Specify the execution time once Run the schedule for once repeating Run the schedule repeatedly [Comware7 - schedule - saveconfig]time once ? at Specify the execution time delay Specify the delay time [Comware7 - schedule - saveconf ig]time once at ? TIME Execution time (HH:MM) [Comware7 - schedule - saveconfig]time once at 01:45 ? month - date Specify the day of the month week - day Specify the days of the week <cr> [Comware7 - schedule - saveconfig]time once at 01:45 [Comware7 - s chedule - saveconfig]job ? STRING<1 - 47> Name of the job [Comware7 - schedule - saveconfig]job save - config ? <cr> [Comware7 - schedule - saveconfig]job save - config [Comware7]dis play scheduler ? job Display job information logfile Display schedul er logs reboot Display the reboot time schedule Display schedule information [Comware7]display scheduler job ? > Redirect it to a file >> Redirect it to a file in append mode STRING<1 - 47> Name of the job | Matching output <cr> [Comware7]dis play scheduler job Job name: save - config tftp 10.0.100.111 put startup.cfg [Comware7]dis play scheduler schedule ? > Redirect it to a file >> Redirect it to a file in append mode STRIN G<1 - 47> Name of the schedule | Matching output <cr> [Comware7]dis play scheduler schedule Schedule name : saveconfig Schedule type : Run on Sun Jun 26 01:45:00 2016 Start time : Sun Jun 26 01:45:00 2016 Last executi on time : Yet to be executed ----------------------------------------------------------------------- Job name Last execution status save - config - NA -

302. 301 [Comware5 - GigabitEthernet1/0/6]port trunk ? permit Allowed VLANs pvid Specify current Trunk port's PVID VLAN characteristics [Comware5 - GigabitEthernet1/0/6]port trunk permit ? vlan Allowed VLAN [Comware5 - GigabitEthernet1/0/6]port trunk permit vlan ? INTEGER<1 - 4094> VLAN ID all All the VLANs [Comware5 - GigabitEthernet1/0/6]port trunk permit vlan 100 220 [Comware5]v lan 220 [Comware5 - vlan220]? Vlan view commands: arp Specify ARP configuration information arp - snooping ARP snooping cfd Connectivity fault detection (IEEE 802.1ag) description Description of VLAN display Display current system information igmp - snooping IGMP snooping ip - subnet - vlan IP subnet - based VLAN ipv6 IPv6 status and configuration information isolate - user - vlan Specify is olate - user - VLAN characteristic isolated - vlan Specify isolated VLAN characteristic mac - address Configure MAC address mac - forced - forwarding Specify MAC - forced forwarding configuration information mld - snoo ping Configure MLD snooping characteristic mtracert Trace route to multicast source name Name of VLAN pim - snooping Configure PIM snooping characteristic ping Ping function port Add ports to or delete ports from VLAN protocol - vlan Protocol - based VLAN quit Exit from current command view return Exit to User View save Save current configuration subvlan Specify Sub VLAN supervlan Specify the VLAN to be a Super VLAN tracert Trace route function undo Cancel current setting [Comware5 - vlan220]port ? GigabitEthernet GigabitEthernet interface [Comware5 - vlan220]port g1/0/4 ? GigabitEthernet GigabitEthernet interface to Range of interfaces <cr> [Comware5 - vlan220]port g1/0/4 [Comware5]display vlan 220 VLAN ID: 220 VLAN Type: static Route Interface: not configu red Description: VLAN 0220 Name: test Tagged Ports: GigabitEthernet1/0/6

305. 304 dcbx Data Center Bridge Capability Exchange Protoc ol default Restore the default settings description Describe the interface dhcp DHCP module diagnostic - logfile Diagnostic log file configuration display Display current system informa tion dldp DLDP module dot1x 802.1X module duplex Status of duplex eee Energy efficient ethernet enable Enable functions evb Edge Virtual Br idging (EVB) module flex10 Configure Flex10 flow - control Enable flow control function flow - interval Set the interface statistics interval igmp - snooping IGMP snooping module ip Specif y IP configuration ipv6 Specify IPv6 configuration jumboframe Specify jumbo frame forwarding l2vpn Layer 2 Virtual Private Network (L2VPN) module lacp Configure LACP protocol link - a ggregation Specify link aggregation group configuration information link - delay Set the physical state change suppression lldp Link Layer Discovery Protocol(802.1ab) logfile L og file configuration loopback Specify loopback of current port loopback - detection Loopback detection module mac - address Configure MAC address mac - authentication MAC authentication module mac - forced - forwarding Sp ecify MAC - forced forwarding configuration information mac - vlan MAC VLAN configuration mdix - mode Specify mdix type mirroring - group Specify mirroring group mld - snooping MLD snooping module monitor System monitor mrp Multiple registration protocol multicast - suppression Multicast storm suppression function mvrp Multiple VLAN registration protocol oam OAM module packet - filter Packet filter settings pbb Provider Backbone Bridge (PBB) module ping Ping function poe Power over Ethernet port Set port attributes port - isolate Port isol ation configuration port - security Port security module priority - flow - control Priority - based flow control (PFC) configuration ptp Precision Time Protocol (PTP) module qcn Quantized Congestion Notificat ion (QCN) module qinq 802.1QinQ function qos Quality of Service (QoS) module quit Exit from current command view return Exit to User View rmon RMON module save Save current configuration security - logfile Security log file configuration service - instance Configure a service instance sflow sFlow function shutdown Shut down the interface smar t - link Smart Link module spbm SPBM configuration speed Specify speed of current port storm - constrain Port storm control stp Spanning Tree Protocol (STP) module

315. 314 Cisco Cisco(config)#interface vlan 220 Cisco( config - if)#ip address 10.1.220.4 255.255.255.0 Cisco(co nfig - if)#no shutdown Cisco#show ip interface brief Interface IP - Address OK? Method Status Protocol Vlan1 10.0.111.41 YES NVRAM up up Vlan220 10.1.220.4 YES manu al up up FastEthernet0 unassigned YES NVRAM administratively down down GigabitEthernet1/0/1 unassigned YES unset up up GigabitEthernet1/0/2 unassigned YES unset down down GigabitEthernet1/0/3 unassigned YES unset down down GigabitEthernet1/0/4 unassigned YES unset down down GigabitEthernet1/0/5 unassigned YES unset down down GigabitEthernet1/0/6 u nassigned YES unset up up GigabitEthernet1/0/7 unassigned YES unset down down GigabitEthernet1/0/8 unassigned YES unset down down GigabitEthernet1/0/9 unassigned YES unset d own down GigabitEthernet1/0/10 unassigned YES unset down down GigabitEthernet1/0/11 unassigned YES unset down down GigabitEthernet1/0/12 unassigned YES unset down down GigabitEthernet1/0/13 unassigned YES unset down down GigabitEthernet1/0/14 unassigned YES unset down down GigabitEthernet1/0/15 unassigned YES unset down down GigabitEthernet1/0/16 u nassigned YES unset down down GigabitEthernet1/0/17 unassigned YES unset down down GigabitEthernet1/0/18 unassigned YES unset down down GigabitEthernet1/0/19 unassigned YES unset down down GigabitEthernet1/0/20 unassigned YES unset down down GigabitEthernet1/0/21 unassigned YES unset down down GigabitEthernet1/0/22 unassigned YES unset down do wn GigabitEthernet1/0/23 unassigned YES unset down down GigabitEthernet1/0/24 unassigned YES unset down down GigabitEthernet1/0/25 unassigned YES unset down down GigabitEthernet1/0/26 unassigned YES unset down down GigabitEthernet1/0/27 unassigned YES unset down down GigabitEthernet1/0/28 unassigned YES unset down down Te1/0/1 unassigned YES unse t down down Te1/0/2 unassigned YES unset down down

336. 335 association Cisco(config - if)#switchport p rivate - vlan host - association 150 ? <1006 - 4094> Secondary extended range VLAN ID of the private VLAN host port association <2 - 1001> Secondary normal range VLAN ID of the private VLAN host port association Cisco(config - if)#switchport private - vlan host - association 150 151 ? <cr> Cisco(config - if)#switchport private - vlan host - association 150 151 Cisco(config - if)#int g1/0/13 Cisco(config - if)#switchport mode private - vlan host Cisco(config - if)#switchport private - vlan ho st - association 150 151 Cisco(config)#int g1/0/14 Cisco(config - if)#switchport mode private - vlan host Cisco(config - if)#switchport private - vlan host - association 150 152 Cisco(config - if)#int g1/0/15 Cisco(config - if)#switchport mode private - vlan host Cisc o(config - if)#switchport private - vlan host - association 150 152 Cisco(config - if)#exit Cisco(config)#int erface vl an 150 Cisco(config - if)#ip addr 10.150.3.1 255.255.255.0 Cisco(config - if)#? Interface configuration commands: aaa Authe ntication, Authorization and Accounting. access - expression Build a bridge boolean access expression arp Set arp type (arpa, probe, snap) or timeout or log options bandwidth Set bandwid th informational parameter bgp - policy Apply policy propagated by bgp community string bridge - group Transparent bridging interface parameters carrier - delay Specify delay for interface transitions cdp CDP interface subcommands clns CLNS interface subcommands crypto Encryption/Decryption commands cts Configure Cisco Trusted Security dampening Enable event dampening datal ink Interface Datalink commands default Set a command to its defaults delay Specify interface throughput delay description Interface specific description eou EAPoUDP I nterface Configuration Commands exit Exit from interface configuration mode flow - sampler Attach flow sampler to the interface glbp Gateway Load Balancing Protocol interface commands help Description of the interactive help system history Interface history histograms - 60 second, 60 minute and 72 hour hold - queue Set hold queue depth

402. 401 mst Mul tiple spanning tree port - priority Change an interface's spanning tree port priority portfast Enable an interface to move directly to forwarding on link up stack - port Enable stack port vlan VLAN Switch Spanning Tree Cisco(confi g - if)#spanning - tree portfast Cisco(config - if)#spanning - tree cost 10000 Cisco(config - if)#spanning - tree port - priority 160 (note - increments of 16 , default setting is 128 ) Cisco(config - if)#spanning - tree mst 1 cost 10000 Cisco(config - if)#spanning - tree mst 1 port - priority 160 (note - increments of 16 , default setting is 128 ) Cisco#show spanning - tree ? active Report on active interfaces only backbonefast Show spanning tree backbonefast status blockedports Show blocked p orts bridge Status and configuration of this bridge detail Detailed information inconsistentports Show inconsistent ports interface Spanning Tree interface status and configuration mst Multiple spa nning trees pathcost Show Spanning pathcost options root Status and configuration of the root bridge summary Summary of port states uplinkfast Show spanning tree uplinkfast status vlan VLAN Switch Spanning Trees | Output modifiers <cr> Cisco #show spanning - tree MST0 Spanning tree enabled protocol mstp Root ID Priority 8192 Address 009c.02d5.3980 Cost 0 Port 6 (GigabitEthernet1/0/6) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 20480 (priority 20480 sys - id - ext 0) Address 0022.91ab.4380 Hello Time 2 sec Max Age 20 sec Forw ard Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Gi1/0/1 Desg FWD 20000 128.1 P2p Gi1/0/6 Root FWD 20000 128.6 P2p Gi1/0/9 Desg FWD 10000 160.9 P2p Edge MST1 Spanning tree enabled protocol mstp Root ID Priority 8193 Address 0023.89d5.a059 Cost 40000 Port 6 (GigabitEthernet1/0/6) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

414. 413 root Specify root switch timer Specify timer configuration to Range of VLAN [ Comware7 ]s tp vlan 1 priority ? INTEGER<0 - 61440> Bridge priority, in steps of 4096 [ Comware7 ]stp vlan 1 priority 16384 [ Comware7]stp vlan 220 priority 20480 [ Comware7]stp vlan 100 priority 8192 [ Comware7]stp vlan 240 priority 12288 [ Comware7 ]stp global enab le [Comware7 ]dis play stp ? > Redirect it to a file >> Redirect it to a file in append mode abnormal - port Display abnormal ports bpdu - statistics BPDU statistics brief Brief inf ormation down - port Port information of protocol down history History of port roles instance Specify the spanning tree instance list interface Specify interface region - configuration Region config uration root Display status and configuration of the root bridge slot Specify the slot number tc Port TC count vlan Specify the VLAN list | Matching output <cr> [ Comware 7 ]display stp root VLAN ID Root Bridge ID ExtPathCost IntPathCost Root Port 1 8192.009c - 02d5 - 3980 0 20 GE1/0/6 100 8192.cc3e - 5f73 - bacb 0 0 220 8192.0023 - 89d5 - a059 0 2 0020 GE1/0/6 230 32768.0022 - 91ab - 4380 0 20020 GE1/0/6 240 8192.0022 - 91ab - 4380 0 20020 GE1/0/6 [ Comware 7 ]display stp ------- [VLAN 1 Global Info] ------- Protocol status : Enabled Bridge ID : 16384.cc3e - 5f73 - bacb Bridge times : Hello 2s MaxAge 20s FwdDelay 15s VlanRoot ID/RPC : 8192.009c - 02d5 - 3980, 20 RootPort ID : 128.6 BPDU - Protection : Disabled TC or TCN received : 0 Time since last TC : 0 days 2h:18m:16s ---- [Port1(GigabitEthernet1/0/1)][FORWARDING] ---- Port protocol : Enabled Port role : Designated Port Port ID : 128.1 Port cost(Legacy) : Config=auto, Active=20 Desg.bridge/port : 16384.cc3e - 5f73 - bacb, 128.1 Port edge d : Config=disabled, Active=disabled Point - to - Point : Config=auto, Active=true

432. 431 lsdb Link state database nexthop Nexthop information peer Specify a neighbor router request - queue Link state request list retrans - queue Link state ret ransmission list routing OSPF route table sham - link Sham Link vlink Virtual link information [ Comware ] display ospf interface OSPF Process 1 with Router ID 10.0.0.31 Interfaces Area: 0.0.0.0 IP Address Type State Cost Pri DR BDR 10.1.220.3 Broadcast BDR 1 1 10.1.220.1 10.1.220.3 Area: 0.0.0.1 IP Address Type State Cost Pri DR BDR 10.1.100.3 Broadcast B DR 1 1 10.1.100.1 10.1.100.3 Area: 0.0.0.2 IP Address Type State Cost Pri DR BDR 10.1.230.3 Broadcast BDR 1 1 10.1.230.4 10.1.230.3 [ Comware ] display ospf peer OS PF Process 1 with Router ID 10.0.0.31 Neighbor Brief Information Area: 0.0.0.0 Router ID Address Pri Dead - Time Interface State 10.0.0.21 10.1.220.1 1 36 Vlan220 Full/DR 10.0.0 .41 10.1.220.4 1 34 Vlan220 Full/DROther 10.0.0.51 10.1.220.5 1 32 Vlan220 Full/DROther Area: 0.0.0.1 Router ID Address Pri Dead - Time Interface State 10.0.0.21 10. 1.100.1 1 35 Vlan100 Full/DR 10.0.0.41 10.1.100.4 1 40 Vlan100 Full/DROther 10.0.0.51 10.1.100.5 1 36 Vlan100 Full/DROther Area: 0.0.0.2 Router ID Address Pri Dead - Time Interface State 10.0.0.21 10.1.230.1 1 30 Vlan230 Full/DROther 10.0.0.41 10.1.230.4 1 40 Vlan230 Full/DR 10.0.0.51 10.1.230.5 1 39 Vlan230 Full/DROther [ Comware ] display ospf lsdb OSPF Process 1 with Router ID 10.0.0.31 Link State Database Area: 0.0.0.0 Type LinkState ID AdvRouter Age Len Sequence Metric Router 1 0.0.0.41 10.0.0.41 540 36 80000004 0 Router 10.0.0.51 10.0.0.51 383 36 80000015 0 Router 10.0.0.31 10.0.0.31 536 36 80000012 0 Router 10.0.0.21 10.0.0.21 385 36 8000000E 0 Network 10.1.220.5 10.0.0.51 384 40 80000004 0 Sum - Net 10.1.230.0 10.0.0.31 887 28 80000003 10

476. 475 Cisco(config - ext - nacl)#inte rface vlan 22 0 Cisco(config - if)#ip access - group 100 in Ci sco(config - if)#interface vlan 10 0 Cisco(config - if)#ip access - group ext_acl in

505. 504 Chapter 30 IP Multicast This chapter compares the commands you use to configure Protocol Independent Multicast Dense Mode (PIM - DM) and PIM S parse Mode (PIM - SM) . It also covers Internet Group Management Protocol (IGMP). PIM provides IP multicast forwarding by leveraging the static routes or unicast routing tables that any unicast routing protocol generates , such as Routing Information Protocol ( RIP ) , Open Shortest Pa th First ( OSPF ) , or Border Gateway Protocol ( BGP ) . You can implement multicast routing i ndependent of the unicast routing protocols running on the device, as long as the corresponding multicast routing entries are created through unicast routes. PIM uses t he reverse path forwarding (RPF) mechanism to implement multicast forwarding. When a multicast packet arrives on an interface of the device, it is subject to an RPF check. If the RPF check succeeds, the device creates the corresponding routing entry and fo rwards the packet. If the RPF check fails, the device discards the packet. In a network that transmits IP multicast traffic for multimedia applications, such traffic is blocked at routed interface (VLAN) boundaries unless a multicast routing protocol is ru nning. PIM is a family of routing protocols that form s multicast trees to forward traffic from multicast sources to subnets that have used a protocol such as Internet Group Management Protocol ( IGMP ) to request the traffic. PIM relies on the unicast routin g tables that any of several unicast routing protocols use to identify the path back to a multicast source ( RPF). With this information, PIM sets up the distribution tree for the multicast traffic. The PIM - DM and PIM - SM protocols on the switches covered in this chapter enable and control multicast traffic routing. IGMP provides the multicast traffic link between a host and a multicast router running PIM - DM or PIM - SM. You must enable IGMP and either PIM - DM or PIM - SM on VLANs whose member ports have directly connected hosts with a valid need to join multicast groups. You use PIM - DM in networks where, at any given time, multicast group members exist in relatively large numbers and are present in most subnets. You use PIM - SM in networks where multicast sources and group members are sparsely distributed over a wide area and can result in unnecessary multicast traffic on routers outside the distribution paths needed for traffic between a given multicast source and the hosts belonging to the multicast group. In su ch networks, PIM - SM can reduce the effect of multicast traffic flows in network areas where they are not needed. And because PIM - SM does not automatically flood traffic, it is a logical choice in lower bandwidth situations such as WAN environments.

534. 533 [Comware5] dhcp - snooping [Comware5] dhcp - snooping binding database filename Comware5_dhcp.txt [Comware5]interface g1/0/6 [Comware5 - GigabitEthernet1/0/6 ]dhcp - snooping ? check Check the DHCP packet informati on Specify Option 82 service no - user - binding Forbid DHCP Snooping learning rate - limit Limit DHCP packet rate trust Trusted port [Comware5 - GigabitEthernet1/0/6 ]dhcp - snooping trust ? <cr> [Comware5 - GigabitEthernet1/0/6 ]dhcp - snooping trust [Comware5 - G igabitEthernet1/0/6 ]dhcp - snooping information ? circuit - id Specify the circuit ID enable Enable Option 82 format Specify the mode of option 82 remote - id Specify the remote ID strategy Specify the strate gy to handle Option 82 sub - option Specify sub - options of Option 82 vlan Specify VLAN [Comware5 - GigabitEthernet1/0/6 ]dhcp - snooping information enable ? <cr> [Comware5 - GigabitEthernet1/0/6 ]dhcp - snooping information format ? normal Norma l mode private Private mode standard Standard mode verbose Verbose mode [Comware5 - GigabitEthernet1/0/6 ]dhcp - snooping information remote - id ? format - type Specify the format of remote ID string Specify the content of remote ID [Comwar e5 - GigabitEthernet1/0/6 ]dhcp - snooping information strategy ? append Append strategy drop Drop strategy keep Keep strategy replace Replace strategy [Comware5 - GigabitEthernet1/0/6 ]dhcp - snooping information vlan ? INTEGER<1 - 4094> VLAN I D [Comware5 - GigabitEthernet1/0/6 ]dhcp - snooping information vlan 220 ? circuit - id Specify the circuit ID remote - id Specify the remote ID sub - option Specify sub - options of Option 82 [Comware5] display dhcp - snooping ? binding Specify DHCP S nooping bindings information Specify Option 82 service ip Single client ip packet Packet statistics function

18. 17 Cisco Cisco(config)#line console 0 Cisco(config - line)#exec - timeout ? <0 - 35791> Timeout in minutes (10 is the default configuration setting) C isco(config - line)#exec - timeout 20 ? <0 - 2147483> Timeout in seco nds (0 is the default configuration setting) Cisco(config - line)#exec - timeout 20 1 0 Cisco(config - line)# [also] Cisco(config)#line vty 0 C isco(config - line)#exec - timeout 20 1 0

47. 46 [Comware 5 ]super password level 3 hash simple ? STRING<1 - 16> P lain text password string [Comware 5 ]super password level 3 hash simple password ? <cr> [ Comware 5 ] local - user ? STRING<1 - 55> Specify the user name, the max length of username is 55 characters and the domainname can n ot be included. [Comware 5 ]local - user manager ? <cr> [ Comware 5 ] local - user manager New local user added. [Comware 5 - luser - manager]? Luser view commands: access - limit Specify access limit of local user authorization - attribute Specify auth orization attribute of user bind - attribute Specify bind attribute of user cfd Connectivity fault detection (IEEE 802.1ag) display Display current system information expiration - date Specify ex piration date configuration information group Specify user group of user mtracert Trace route to multicast source password Specify password of local user password - control Specify password c ontrol ping Ping function quit Exit from current command view return Exit to User View save Save current configuration service - type Specify service - type of local user state Specify state of local user tracert Trace route function undo Cancel current setting validity - date Specify validity date configuration information [ Comware 5 - luser - manager]password ? cipher Specify a ciphertext password hash Save and display the hash value of the password simple Specify a plaintext password <cr> [ Comware 5 - luser - manager]password simple ? STRING<1 - 63> Plaintext password string [ Comwar e 5 - luser - manager]password simple password ? < cr > [ Comware 5 - luser - manager]password simple password [ Comware 5 - luser - manager]authorization - attribute ? acl Specify ACL number of user callback - number Specify dialing character string for ca llback user idle - cut Specify idle - cut of local user level Specify level of user user - profile Specify user profile of user user - role Specify role of local user vlan Specify VLAN ID of user work - directory Specify directory of user [ Comware 5 - luser - manager]authorization - attribute level ? INTEGER<0 - 3> Level of user

57. 56 Enter your choice(0 - 9): Select 7 in order for switch to l oad its default configuration file, then select 0 to Reboot the switch. Cisco Depending on configuration of the “password - recovery” feature (see section c , Protect Local Password ), there are two methods available; both require direct access to the switc h (with console cable) and depressing the appropriate front panel button. See the Cisco product documentation for exact procedure.

71. 70 mode saf_ec_cfg Saf external - clients configuration mode saf_ec_client_cfg Saf external - client configuration mode sampl er Sampler configuration mode scope scope configuration mode scope address - family Address Family configuration mode scope address - family topology Topology configuration mode sep - init - config WSMA Initiator profile Mode sep - listen - config WSMA Listener profile Mode sf_client_reg_mode service - family exec test mode sg - radius Radius Server - group Definition sg - tacacs+ Tacacs+ Server - group Definition sisf - sourceguard IPv6 sourceguarde mode ssh - pubkey SSH public key identification mode ssh - pubkey - server SSH public key entry mode ssh - pubkey - user SSH public key entry mode subscriber - policy Subscriber policy configuration mode tcl Tcl mode template Template configuration mode template - peer - policy peer - policy configuratio n mode template - peer - session peer - session configuration mode top - af - base AF base topology configuration mode top - talkers Netflow top talkers config mode tracking - config Tracking configur ation mode transceiver Transceiver type config mode vc - class VC class configuration mode view View configuration mode vrf Configure VRF parameters vrf - a f Configure IP VRF parameters wsma - config - agent WSMA Config Agent Profile configuration mode wsma - exec - agent WSMA Exec Agent Profile configuration mode wsma - filesys - agent WSMA FileSys Ag ent Profile configuration mode wsma - notify - agent WSMA Notify Agent Profile configuration mode xml - app XML Application configuration mode xml - transport XML Transport configuration mode Cisco(config - view)#commands exec ? exclude Exclude the command from the view include Add command to the view include - exclusive Include in this view but exclude from others Cisco(config - view)#commands exec include ? LINE Keywords of the command all wild card support Cisco(config - view)#commands exec include show interface summary ? LINE <cr> Cisco(config - view)#commands exec include show interface summary Cisco(config - view)#commands exec include show ip interface brief Cisco(con fig - view)#exit Cisco(config)#username test1 privilege 15 view network - admin2 password 0 password

78. 77 > Redirect it to a file >> Redirect it to a file in append mode blacklist Display blacklist user informati on super Display the password control information of the super passwords | Matching output <cr> [Comware7]display password - control Global password control configurations: Password control: Enabled Password aging: Enabled (90 days) Password length: Enabled (10 characters) Password composition: Enabled (4 types, 2 characters per type) Password history: Enabled (max history records:4) Earl y notice on password expiration: 7 days Maximum login attempts: 3 Action for exceeding login attempts: Lock user for 1 minutes Minimum interval between two updates:24 hours User account idle time: 90 days Logins with aged pas sword: 3 times in 30 days Password complexity: Enabled (username checking) Enabled (repeated characters checking) Cisco Cisco(config)#aaa ? accounting Accounting configurations parameters. attribute AAA attribute definitions authentication Authentication configurations parameters. authorization Authorization configurations parameters. cache AAA cache definitions common - criteria AAA Common Criter ia configuration Authorization configuration parameters. dnis Associate certain AAA parameters to a specific DNIS number group AAA group definitions local AAA Local method options max - sessions Adjust initi al hash size for estimated max sessions memory AAA memory parameters nas NAS specific configuration new - model Enable NEW access control commands and functions.(Disables OLD commands.) password Configure password/secret related settings pod POD processing policy AAA policy parameters server Local AAA server service - profile Service - Profile parameters session - id AAA Session ID traceback T raceback recording user AAA user definitions Cisco(config)#aaa new - model ? <cr> Cisco(config)#aaa new - model Cisco(config)#aaa common - criteria ? policy Policy definition Cisco(config)#aaa common - criteria policy ? WORD Policy name Cisco(config)#aaa common - criteria policy pwcomplex ?

111. 110 scp: Copy to scp: f ile system startup - config Copy to startup configuration syslog: Copy to syslog: file system system: Copy to system: file system tftp: Copy to tftp: file system tmpsys: Copy to tmpsys: file system Cisco#copy fla sh:Cisco.cfg flash:Cisco_2.cfg Cisco#copy flash:Cisco.cfg tftp:// 10. 0.100.111 /Cisco_2.cfg Address or name of remote host [ 10. 0.100.111 ]? Destination filename [Cisco_2.cfg]? Cisco#copy flash:Cisco.cfg scp: Address or name of remote host []? 10.0.100.111 D estination username [manager]? Destination filename [Cisco.cfg]? Writing Cisco.cfg Password: Cisco#erase startup - config Cisco#copy tftp:// 10. 0.100.111 /Cisco_config3.cfg config.text Destination filename [ config.text ]? Accessing tftp:// 10. 0.100.111 /Cisco_c onfig3.cfg... Cisco#copy scp: ? flash1: Copy to flash1: file system flash: Copy to flash: file system null: Copy to null: file system nvram: Copy to nvram: file system running - config Update (merge with) curr ent system configuration startup - config Copy to startup configuration syslog: Copy to syslog: file system system: Copy to system: file system tmpsys: Copy to tmpsys: file system Cisco#copy scp: startup - config Address or na me of remote host []? 10.0.100.111 Source username [manager]? Source filename []? Cisco_startup - config.cfg Destination filename [startup - config]? Password: Cisco#copy tftp:// 10. 0.100.111 /Cisco_config2.cfg flash:Cisco_config2.cfg Destination filename [Cis co_config2.cfg]? Cisco#copy scp: flash: Address or name of remote host []? 10.0.100.111 Source username [manager]? Source filename []? Cisco_config2.cfg Destination filename [Cisco_config2.cfg]? Password: Cisco#show flash: Directory of flash:/ 2 - rwx 11135796 Mar 1 1993 00:10:48 +00:00 c3750 - advipservicesk9 - mz.122 - 46.SE.bin 7 - rwx 2019 Mar 9 1993 07:30:27 +00:00 config.text 8 - rwx 2019 Mar 9 1993 07:25:59 +00:00 Cisco.cfg

117. 116 filter Specify logging filter history Configure syslog histor y table host Set syslog server IP address and parameters message - counter Configure log message to include certain counter value monitor Set terminal line (monitor) logging parameters on Enable log ging to all enabled destinations origin - id Add origin ID to syslog messages persistent Set persistent logging parameters queue - limit Set logger message queue size rate - limit Set messages per second limit re load Set reload logging level server - arp Enable sending ARP requests for syslog servers when first configured smartlog Smartlog Global Configuration Commands source - interface Specify inte rface for source address in logging transactions trap Set syslog server logging level userinfo Enable logging of user info on privileged mode enabling C isco(config)#logging 10.0.100.111 Cisco(config )#logging facility ? auth Authorization system cron Cron/at facility daemon System daemons kern Kernel local0 Local use local1 Local use local2 Local use local3 Local use local4 Local use local5 Local use local6 Local use local7 Local use lpr Line printer system mail Mail system news USENET news sys10 System use sys11 System use sys12 System use sys13 System use sys14 System use sys9 System use syslog Syslog itself user User process uucp Unix - to - Unix copy system Cisco(config)#logging console ? <0 - 7> Logging severity level alerts Immediate action needed (severity=1) critical Critical conditions (severity=2) de bugging Debugging messages (severity=7) discriminator Establish MD - Console association emergencies System is unusable (severity=0) errors Error conditions (severity=3) filtered E nable filtered logging guaranteed Guarantee console messages informational Informational messages (severity=6) notifications Normal but significant conditions (severity=5) warnings Warning conditions (severity= 4) xml Enable logging in XML <cr>

118. 117 Cisco(config)#service ? call - home Enable call - home service compress - config Compress the nvram configuration file config TFTP load config files counters Control aging of interface counters dhcp Enable DHCP server and relay agent disable - ip - fast - frag Disable IP particle - based fast fragmentation exec - callback Enable exec callback exec - wait Delay EXEC sta rtup on noisy lines finger Allow responses to finger requests hide - telnet - addresses Hide destination addresses in telnet command linenumber enable line number banner for each exec nagle Enable Nagle's c ongestion control algorithm old - slip - prompts Allow old scripts to operate with slip/ppp pad Enable PAD commands password - encryption Encrypt system passwords password - recovery Disable password recovery prompt Enable mode specific prompt pt - vty - logging Log significant VTY - Async events sequence - numbers Stamp logger messages with a sequence number slave - log Enable log capability of slave IPs tcp - keepalives - in Gene rate keepalives on idle incoming network connections tcp - keepalives - out Generate keepalives on idle outgoing network connections tcp - small - servers Enable small TCP servers (e.g., ECHO) telnet - zeroidle Set TCP window 0 when connection is idle timestamps Timestamp debug/log messages udp - small - servers Enable small UDP servers (e.g., ECHO) Cisco(config)#service timestamps ? debug Timestamp debug messages log Ti mestamp log messages <cr> Cisco(config)#service timestamps log ? datetime Timestamp with date and time uptime Timestamp with system uptime <cr> Cisco(config)#service timestamps log datetime ? localtime Use local time zone for timestamp s msec Include milliseconds in timestamp show - timezone Add time zone information to timestamp year Include year in timestamp <cr> Cisco(config)#service timestamps log datetime localtime ? msec Include milliseconds in timestamp show - timezone Add time zone information to timestamp year Include year in timestamp <cr> Cisco(config)#service timestamps log datetime localtime Cisco#show logging ? count Show counts of each logging message histor y Show the contents of syslog history table onboard Onboard logging information persistent Show the contents of the logging persistent smartlog Smartlog show commands xml Show the contents of XML logging buffer | Out put modifiers <cr>

138. 137 vpn - instance Specify VPN instance [ Comware5 ] snmp - agent target - host trap address udp - domain 10.0.1 11.210 udp - port 161 pa rams ? sec urityname Specify the name for the principal on whose behalf SNMP messages will be generated [ Comware5 ] snmp - agent target - host trap address udp - domain 10.0.1 11.210 udp - port 161 pa rams securityname ? STRING<1 - 32> Specify the character s tring of security name [ Comware5 ] snmp - agent target - host trap address udp - domain 10.0.1 11.210 udp - port 161 pa rams securityname private ? v1 Specify security model of SNMPv1 to generate SNMP messages v2c Specify security model of SNMPv2c to genera te SNMP messages v3 Specify security model of SNMPv3 to generate SNMP messages <cr> [ Comware5 ] snmp - agent target - host trap address udp - domain 10.0.1 11.210 udp - port 161 pa rams securityname private [ Comware5 ] snmp - agent community ? read Read - only access for this community string write Read - write access for this community string [ Comware5 ] snmp - agent community read ? STRING<1 - 32> SNMP community string [ Comware5 ]snmp - agent community read public ? acl Set access control list for this c ommunity mib - view MIB view for which this community is restricted <cr> [ Comware5 ] snmp - agent community read public [ Comware5 ]snmp - agent community write ? STRING<1 - 32> SNMP community string [ Comware5 ] snmp - agent community write private ? acl Set access control list for this community mib - view MIB view for which this community is restricted <cr> [ Comware5 ] snmp - agent community write private [ Comware5 ] snmp - agent sys - info ? contact Set the contact information for system maintenance location Set the physical position information of this node version Enable the SNMP protocol version [ Comware5 ] snmp - agent sys - info location ? TEXT The phy sical location of this node<1 - 255 > [ Comware5 ] snmp - agent sys - info location Lab [ Comware5 ] s nmp - agent sys - info contact ? TEXT Contact person information for this node<1 - 255> [ Comware5 ] snmp - agent sys - info contact Lab _ Engr [ Comware5 ] snmp - agent sys - info version ? all Enable the device to support SNMPv1, SNMPv2c and SNMPv3 v1 Enable the d evice to support SNMPv1 v2c Enable the device to support SNMPv2c v3 Enable the device to support SNMPv3

140. 139 group Set an SNMP group based on USM inform Set the parameters of SNMP inform local - engineid Set the engine ID for the local SNMP agent log Enable the logging function mib - view Set an SNMP MIB view packet Set the SNMP packet size port Specify an SNMP port remote Configure a remote engine sys - info Set system information of the agent target - host Set a target host to receive SNMP not ifications trap Set the parameters of SNMP notifications usm - user Add an SNMP user to an SNMP group <cr> [Comware7]snmp - agent target - host ? inform Set a target host to receive SNMP informs trap Set a target host to receive SNMP traps [Comware7]snmp - agent target - host trap ? address Specify the transport address of the target host [Comware7]snmp - agent target - host trap address ? udp - domain Use UDP to transport SNMP information [Comware7]snmp - agent target - host t rap address udp - domain ? STRING<1 - 253> IP address or hostname of the target host ipv6 IPv6 address of the target host [Comware7]snmp - agent target - host trap address udp - domain 10 .0.111.210 ? params Specify SNMP information to be use d in the generation of SNMP notifications udp - port Set port to receive notifications for the target host vpn - instance Specify VPN instance [ Comware7 ]snmp - agent target - host trap address udp - domain 10.0.111.210 udp - port ? INTEGER <0 - 65535> Port number [Comware7]snmp - agent target - host trap address udp - domain 10.0.111.210 udp - port 161 ? params Specify SNMP information to be used in the generation of SNMP notifications vpn - instance Specify VPN instance [ Comware7]snmp - agent target - host trap address udp - domain 10 .0.111.210 udp - port 161 params ? securityname Specify the security name for the principal on whose behalf SNMP notifications will be generated [Comware7]snmp - agent target - host tr ap address udp - domain 10 .0.111.210 udp - port 161 params securityname ? STRING<1 - 32> Security name [Comware7]snmp - agent target - host trap address udp - domai n 10 .0.111.210 udp - port 161 params securityname private ? v1 Set the security model to SNMPv1 f or generating SNMP notifications v2c Set the security model to SNMPv2 for generating SNMP notifications v3 Set the security model to SNMPv3 for generating SNMP notifications <cr> [Comware 7 ] snmp - agent target - host trap address udp - domain 10.0.1 11 .210 udp - port 161 pa rams securityname private [Comware7]snmp - agent community ? STRING<1 - 32> Plaintext community name cipher Specify a ciphertext community name read Assign the community the read - only access to MIB objects simple Specify a plaintext community name

171. 170 Comware7 [Comware7]public - key ? local Local key pairs peer Configure peer's public key [Comware7]pu blic - key local ? create Create a local key pair destroy Destroy local key pairs export Print or export the public key [Comware7]public - key local create ? dsa DSA key pair ecdsa ECDSA key pair rsa RSA key pairs [Comware7]public - key local create rsa ? name Specify the name of the key pair <cr> [Comware7]public - key local create rsa The range of public key modulus is (512 ~ 2048). If the key modulus is greater than 512, it will take a few minutes. Press CTRL+C to abort. Input the modulus length [default = 1024]: Generating Keys... [Comware7]user - interface vty 0 63 [Comware7 - line - vty0 - 63]authentication - mode ? none Login without authentication password Password authentication scheme Authentication use AAA [Comwar e7 - line - vty0 - 63]authentication - mode scheme ? <cr> [Comware7 - line - vty0 - 63]authentication - mode scheme [Comware7 - line - vty0 - 63]protocol ? inbound Incoming protocols [Comware7 - line - vty0 - 63]protocol inbound ? all All protocols ssh SSH protoco l telnet Telnet protocol [Comware7 - line - vty0 - 63]protocol inbound ssh ? <cr> [Comware7 - line - vty0 - 63]protocol inbound ssh [Comware 7 ] local - user <name> [Comware7 - luser - manage - ssh - manager]password simple password [Comware7 - luser - manage - ssh - manager]se rvice - type ? ftp FTP service http HTTP service type https HTTPS service type pad X.25 PAD service ssh Secure Shell service telnet Telnet service terminal Terminal access service

188. 187 Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Signature Algorithm: MD5 with RSA Encryption Fingerprint MD5: DFDE 78 DB F9836CBF 9034F 31 F AC631A7B Fingerprint SHA1: E075DAB4 B344 56 097 6BCF3470 2249CD92 CE795CC4 X509v3 extensions: X509v3 Subject Key ID: 2A08544F 3 4 5 B765D EA8BCB28 4E0A2AFD 0F73E9CD X509v3 Basic Constraints: CA: TRUE X509v3 Subject Alternative Name: Cisco.test X509v3 Authority Key ID: 2A08544F 337 12 65D EA8BCB28 4E0A2AFD 0F73E9CD Authority Info Access: Associated Trust points: TP - self - signed - 2443920256 Storage: nvram:IOS - Self - Sig#3.cer Cisco#sh ow ip http server connection HTTP server current connections: local - ipaddress:port remote - ipaddress:port in - bytes out - bytes 10.0.111.41:443 10.1.1.108:55952 1997 58595

198. 197 return Exit to User View save Save current configuration self - se rvice - url Specify self - service URL(Uniform Resource Locator) of domain state Specify state of domain tracert Trace route function undo Cancel current setting [Comware5 - isp - lab]authentication ? default Specify default AAA configuration lan - access Specify lan - access AAA configuration login Specify login AAA configuration portal Specify portal AAA configuration super Specify super A AA configuration [Comware5 - isp - lab]authentication default ? hwtacacs - scheme Specify HWTACACS scheme local Specify local scheme none Specify none scheme radius - scheme Specify RADIUS scheme [Comware5 - isp - lab]authenticatio n default radius - scheme ? STRING<1 - 32> Scheme name [Comware5 - isp - lab]authentication default radius - scheme radius - auth [Comware5 - isp - lab]authorization default radius - scheme radius - auth [Comware5 - isp - lab]accounting default radius - scheme radius - auth [C omware5] domain default enable lab [Comware 5 ]user - interface aux 0 [Comware 5 - ui - aux0]authentication - mode ? none Login without checking password Authentication use password of user terminal interface scheme Authentication use AAA [Comware 5 - ui - aux0]authentication - mode scheme ? <cr> [Comware 5 - ui - aux0]authentication - mode scheme [ Comware5 ]user - interface vty 0 15 [ Comware5 - ui - vty0 - 15]authentication - mode ? none Login without checking password Authentication use password of user te rminal interface scheme Authentication use AAA [ Comware5 - ui - vty0 - 15]authentication - mode scheme ? <cr> [ Comware5 - ui - vty0 - 15]authentication - mode scheme [Comware5 - ui - vty0 - 15]user ? privilege Specify the login priority of user terminal interface [Comware5 - ui - vty0 - 15]user privilege ? level Specify the privilege level of user interface

209. 208 Maximum doneQ length: NA NA 1 Total responses seen: 57 0 57 Packets with responses: 17 0 17 Packets without responses: 10 0 10 Access Rejects : 41 Average response delay(ms): 2024 0 2024 Maximum response delay(ms): 2148 0 2148 Number of Radius timeouts: 40 0 40 Duplicate ID detects: 0 0 0 Buffer Allocation Failures: 0 0 0 Maximum Buffer Size (bytes): 89 0 89 Malformed Responses : 0 0 0 Bad Authenticators : 0 0 0 Unknown Responses : 0 0 0 Source Port Range: (2 ports only) 1645 - 1646 La st used Source Port/Identifier: 1645/27 1646/0 Elapsed time since counters last cleared: 4h9m

237. 236 known. dot1x For dot1x sessions. exec For starting an exec (shell). gigawords 64 bit inter face counters to support Radius attributes 52 & 53. include Include attributes in accounting records unconditionally jitter Set jitter parameters for periodic interval multicast For multicast accountin g. nested When starting PPP from EXEC, generate NETWORK records before EXEC - STOP record. network For network services. (PPP, SLIP, ARAP) redundancy AAA platform redundancy accounting behavior send Send records to accounting server. session - duration Set the preference for calculating session durations suppress Do not generate accounting records for a specific type of user. system For system eve nts. update Enable accounting update records. vrrs For VRRS accounting. Cisco(config)#aaa accounting exec ? WORD Named Accounting list (max 31 characters, longer will be rejected). default The default accounting list. Cisco(config)#aaa accounting exec default ? none No accounting. start - stop Record start and stop without waiting stop - only Record stop when service terminates. <cr> C isco(config)#aaa accounting exec default start - stop ? broadcast Use Broadcast for Accounting group Use Server - group Cisco(config)#aaa accounting exec default start - stop group ? WORD Server - group name radius Use list of all Radius hosts. tacacs+ Use list of all Tacacs+ hosts. Cisco(config)#aaa account ing exec default start - stop group tacacs+ ? group Use Server - group <cr> Cisco(config)#aaa accounting exec default start - stop group tacacs+ Cisco(config)#aaa accounting network default start - stop group tacacs+ Cisco(config)#aaa accounting system def ault start - stop group tacacs+ Cisco(config)#aaa accounting commands 15 default stop - only group tacacs+ Cisco #show aaa user all -------------------------------------------------- Unique id 11 is currently in use. Unique id 11 is freed while doing sho w aaa user. Debg: No data available Radi: No data available Interface: TTY Num = - 1 Stop Received = 0 Byte/Packet Counts till Call Start: Start Bytes In = 0 Start Bytes Out = 0

257. 256 data - size Specify the ping data size. interval Specify the interval between pings in seconds. repetitions Ping the device multiple times. source Specify the ping source. timeout Specify the ping timeout in seconds. <cr> ProVision# ping 10.199.111.51 source ? IP - ADDR The source IPv4 address. loopback Specify the sou rce loopback interface. oobm Use the OOBM interface. VLAN - ID The source VLAN. ProVision# ping 10.199.111.51 source oobm ? data - fill Specify the data pattern to send. data - size Specify the ping dat a size. interval Specify the interval between pings in seconds. repetitions Ping the device multiple times. timeout Specify the ping timeout in seconds. <cr> ProVision# ping 10.199.111.51 source oobm 10.199.111.51 is alive, time = 1 ms ProVision# copy tftp flash 10. 1 99.111.200 KA_16_01_0006.swi primary ? oobm Use the OOBM interface to reach TFTP server. <cr> ProVision# copy tftp flash 10. 1 99.111.200 KA_16_01_0006.swi primary oobm ? <cr> ProVi sion# copy tftp flash 10. 1 99.111.200 KA_16_01_0006.swi primary oobm ProVision# show lldp info remote - device ? oobm Show local or remote device information for the OOBM port. [ethernet] PORT - LIST Show local or remote device information for the specified ports. <cr> ProVision# show lldp info remote - device oobm ? <cr> ProVision# show lldp info remote - device oobm LLDP Remote Device Information Detail Local Port : OOBM ChassisType : mac - address ChassisId : 00 25 61 d7 c5 60 PortType : local PortId : 1 SysName : 2520 - 8 - OOBM System Descr : ProCurve J9137A Switch 2520 - 8 - PoE, revision S.14.03, ROM ... PortDescr : 1 Pvid : System Capabilities Supported : bridge System Capabilities Ena bled : bridge Remote Management Address Type : ipv4 Address : 10.199.111.2

258. 257 Comware5 Not available Comware7 [Comware7]interface M - GigabitEthernet 0/0/0 [Comware7 - M - GigabitEthernet0/0/0]? M - gigabitethernet interface view comma nds: arp ARP module bandwidth Specify the expected bandwidth bfd BFD module cfd Connectivity Fault Detection (CFD) module ddns Dynamic Domain Name System (DDNS) module def ault Restore the default settings description Describe the interface dhcp Dynamic Host Configuration Protocol (DHCP) commands diagnostic - logfile Diagnostic log file configuration display Display curre nt system information duplex Status of duplex ip Specify IP configuration ipsec IP Security (IPsec) module ipv6 Specify IPv6 configuration isis Configure interface paramete rs for IS - IS link - delay Set the physical state change suppression lldp Link Layer Discovery Protocol(802.1ab) logfile Log file configuration mad Multi - active detection monitor System monitor mtu Specify Maximum Transmission Unit(MTU) of the interface ospf OSPF interface commands ospfv3 OSPFv3 interface commands packet - filter Packet filter settings ping Ping fun ction quit Exit from current command view return Exit to User View rip Configure interface parameters for RIP ripng Configure interface parameters for RIPng save Save curren t configuration security - logfile Security log file configuration shutdown Shut down the interface speed Specify speed of current port tracert Tracert function undo Cancel current setting [C omware7 - M - GigabitEthernet0/0/0]ip ? address Set the IP address of an interface binding Bind the interface with a VPN instance forwarding - table IP forwarding table irdp Enable the ICMP Router Discovery Protocol [Co mware7 - M - GigabitEthernet0/0/0]ip address ? X.X.X.X IP address bootp - alloc Obtain an IP address through BOOTP dhcp - alloc Obtain an IP address through DHCP [Comware7 - M - GigabitEthernet0/0/0]ip address 10.199.111.51 255.255.255.0 ? irf - member Specify an IP address for an IRF member device sub Indicate a subordinate address

260. 259 unicast - server Specify a NTP server [Comware7]ntp source ? M - GigabitEthernet MGE interface Vlan - interface VLAN interface [Comware7]ntp source M - GigabitEthernet 0/0/0 ? <cr> [Comware7] ntp source M - GigabitEthernet 0/0/0 [Comware7]ping ? - a Specify the source IP address - c Specify the number of echo requests - f Specify packets not to be fragmented - h Specify the TTL value - i Specify an outgoing interface - m Specify the interval for sending echo requests - n Numeric output only. No attempt will be made to lookup host addresses for symbolic names - p No more than 8 "pad" hexadecimal characters to fill out the sent packet. For example, - p f2 will fill the sent packet with 000000f2 repeatedly - q Display only summary - r Record route. Include the RECORD_ROUTE option in the ECHO_REQUEST packets and display the route - s Specify the payload length - t Specify the wait time for each reply - tos Specify the TOS value - v Display the received ICMP p ackets other than ECHO - RESPONSE packets - vpn - instance Specify a VPN instance STRING<1 - 253> IP address or hostname of remote system ip IP information ipv6 IPv6 information mpls MPLS ping trill TRansparent Interconnection of Lots of Links (TRILL) module [Comware7]ping - i ? M - GigabitEthernet MGE interface Vlan - interface VLAN interface [Comware7]ping - i M - GigabitEthernet 0/0/0 ? - a Specify the source IP address - c Specify the number of echo requests - f Specify packets not to be fragmented - h Specify the TTL value - m Specify the interval for sending echo requests - n Numeric output only. No attempt w ill be made to lookup host addresses for symbolic names - p No more than 8 "pad" hexadecimal characters to fill out the sent packet. For example, - p f2 will fill the sent packet with 000000f2 repeatedly - q Display only summary - r Record route. Include the RECORD_ROUTE option in the ECHO_REQUEST packets and display the route - s Specify the payload length - t Specify the wait time for each reply - tos Specify the TOS value - v Display the received ICMP packets other than ECHO - RESPONSE packets - vpn - instance Specify a VPN instance STRING<1 - 253> IP address or hostname of remote syste m

291. 290 topology Configure routing topology on the interface transmit - interface Assign a transmit interface to a receive - only interface tx - ring - limit Configure PA level transmit ring limit udld Configure UDLD enabled or disabled and ignore global UDLD setting vtp Enable VTP on this interface Cisco(config - if)#description ? LINE Up to 20 0 characters describing this inter face Cisco (config - if)#description link - to - core Cisco(config - if)#duplex ? auto Enable AUTO duplex configuration full Force full duplex operation half Force half - duplex operation Cisco(config - if)#duplex auto Cisco(config - if)#speed ? 10 Fo rce 10 Mbps operation 100 Force 100 Mbps operation 1000 Force 1000 Mbps operation auto Enable AUTO speed configuration Cisco(config - if)#speed auto Cisco(config - if)#shutdown Cisco(config - if)#no shutdown

301. 300 information mac - vlan Specify MAC VLAN mdi Specify mdi type mirroring - group Specify mirroring - group mirroring - port Specify mirroring port mld - snooping Configure MLD snooping characteristic monitor - port Specify m onitor port mrp Multiple Register Protocol mtracert Trace route to multicast source multicast - suppression Specify the multicast storm control mvrp Multiple VLAN Registration Protocol ndp Neighbor discovery protocol ntdp Specify NTDP configuration information oam OAM protocol packet - filter Specify packet filter ping Ping function poe Con figure PoE port port Configure or modify aggregate parameters on a port port - isolate Specify port - isolate configuration information port - security Specify port - security configuration information portal Portal protocol qinq Specify 802.1Q - in - Q VPN function qos Command of QoS(Quality of Service) quit Exit from current command view return Exit to User View rmon Specify RMON save Save current configuration sflow Specify sFlow configuration information shutdown Shut down this interface smart - link Configure smart link speed Specify speed of current port storm - constrain Port storm - constrain stp Spanning tree protocol tracert Trace route function undo Cancel current setting unicast - suppression Specify th e unicast storm control virtual - cable - test Virtual cable test information vlan Set VLAN precedence voice Specify voice VLAN [Comware5 - GigabitEthernet1/0/6]port ? access Specify current Access port 's characteristics auto - power - down Auto power down mode bridge Configure port bridge hybrid Specify current Hybrid port's characteristics isolate - user - vlan Specify isolate - user - VLAN characteristic link - aggregation Li nk aggregation group link - mode Switch the specified interface to layer2 or layer3 ethernet link - type Specify port link - type monitor - link Specify monitor link multicast - vlan Multicast VLAN pvid Set port PVID service - loopback Service loop back group smart - link Specify smart link trunk Specify current Trunk port's characteristics [Comware5 - GigabitEthernet1/0/6]port link - type ? access Access link - type hyb rid Hybrid VLAN link - type trunk VLAN Trunk link - type [Comware5 - GigabitEthernet1/0/6]port link - type trunk

369. 368 Interface Mode Ports Ports Type ------------------------------------------------------------------------------- BAGG1 S none 2 0 Sh ar [ Comware ]dis play link - aggregation verbose Loadsharing Type: Shar -- Loadsharing, NonS -- Non - Loadsharing Port Status: S -- Selected, U -- Unselected Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Co llecting, F -- Distributing, G -- Defaulted, H -- Expired Aggregation Interface: Bridge - Aggregation1 Aggregation Mode: Static Loadsharing Type: Shar Port Status Priority Oper - Key ---------------------------------------------------- ---------------------------- GE1/0/23 S 32768 1 GE1/0/24 S 32768 1 [ Comware ]dis link - aggregation member - port Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, D -- Synchronization, E -- Collect ing, F -- Distributing, G -- Defaulted, H -- Expired GigabitEthernet1/0/23: Aggregation Interface: Bridge - Aggregation1 Port Number: 23 Port Priority: 32768 Oper - Key: 1 GigabitEthernet1/0/24: Aggregation Interface: Bridge - Aggregation1 Port Number: 24 Port Priority: 32768 Oper - Key: 1 [ Comware ]display vlan 220 VLAN ID: 220 VLAN Type: static Route Interface: configured IPv4 address: 10.1.220.3 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0220 Name: test Tagged Ports: Bridge - Aggregat ion1 GigabitEthernet1/0/6 GigabitEthernet1/0/23 GigabitEthernet1/0/24 Untagged Ports: GigabitEthernet1/0/4 GigabitEthernet1/0/5

398. 397 Rapid transition : True Num of VLANs mapped : 1 Port times : RemHops 19 ------- [MSTI 2 Global Info] ------- Bridge ID : 8192.cc3e - 5f73 - bacb RegRoot ID/IRPC : 8192.cc3e - 5f73 - bacb, 0 RootPort ID : 0.0 Master bridge : 8192.009c - 02d5 - 3980 Cost to master : 20 TC received : 0 ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port protocol : Enabled Port role : Designated Port Port ID : 128.6 Port cost( Legacy) : Config=auto, Active=20 Desg.bridge/port : 8192.cc3e - 5f73 - bacb, 128.6 Protection type : Config=none, Active=none Rapid transition : True Num of VLANs mapped : 1 Port times : RemHops 20 ---- [Port9(GigabitEthernet1/0/9)][F ORWARDING] ---- Port protocol : Enabled Port role : Designated Port Port ID : 128.9 Port cost(Legacy) : Config=auto, Active=200 Desg.bridge/port : 8192.cc3e - 5f73 - bacb, 128.9 Protection type : Config=none, Active=no ne Rapid transition : True Num of VLANs mapped : 1 Port times : RemHops 20 ------- [MSTI 3 Global Info] ------- Bridge ID : 12288.cc3e - 5f73 - bacb RegRoot ID/IRPC : 8192.0022 - 91ab - 4380, 20020 RootPort ID : 128.6 Master bridge : 8192.009c - 02d5 - 3980 Cost to master : 20 TC received : 0 ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port protocol : Enabled Port role : Root Port Port ID : 128.6 Port cost(Legacy) : Co nfig=auto, Active=20 Desg.bridge/port : 20480.009c - 02d5 - 3980, 128.13 Protection type : Config=none, Active=none Rapid transition : True Num of VLANs mapped : 1 Port times : RemHops 19 [Comware 7 ] display stp brief MST ID Port Role STP State Protection 0 GigabitEthernet1/0/1 DESI FORWARDING NONE 0 GigabitEthernet1/0/6 ROOT FORWARDING NONE 0 GigabitEthernet1/0/9 DESI FORWARDING NONE 1 GigabitEthernet1/0/6 ROOT FORWARDING NONE 2 GigabitEthernet1/0/6 DESI FORWARDING NONE 2 GigabitEthernet1/0/9 DESI FORWARDING NONE 3 GigabitEthernet1/0/6 ROOT FORWARDING NONE

400. 399 Rapid transition : True Num of VLANs mapped : 0 Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s RemHops 19 BPDU sent : 5763 TCN: 0, Config: 0, RST: 876, MST: 4887 BPDU r eceived : 0 TCN: 0, Config: 0, RST: 0, MST: 0 ... [ Comware 7 ]display stp instance 1 ------- [MSTI 1 Global Info] ------- Bridge ID : 20480.cc3e - 5f73 - bacb RegRoot ID/IRPC : 8192.0023 - 89d5 - a059, 20020 RootPort ID : 128 .6 Master bridge : 8192.009c - 02d5 - 3980 Cost to master : 20 TC received : 0 ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port protocol : Enabled Port role : Root Port Port ID : 128.6 Port cost(Lega cy) : Config=auto, Active=20 Desg.bridge/port : 12288.009c - 02d5 - 3980, 128.13 Protection type : Config=none, Active=none Rapid transition : True Num of VLANs mapped : 1 Port times : RemHops 19 [Comware7] display stp instance 2 --- ---- [MSTI 2 Global Info] ------- Bridge ID : 8192.cc3e - 5f73 - bacb RegRoot ID/IRPC : 8192.cc3e - 5f73 - bacb, 0 RootPort ID : 0.0 Master bridge : 8192.009c - 02d5 - 3980 Cost to master : 20 TC received : 0 ---- [Port6(Gi gabitEthernet1/0/6)][FORWARDING] ---- Port protocol : Enabled Port role : Designated Port Port ID : 128.6 Port cost(Legacy) : Config=auto, Active=20 Desg.bridge/port : 8192.cc3e - 5f73 - bacb, 128.6 Protection type : C onfig=none, Active=none Rapid transition : True Num of VLANs mapped : 1 Port times : RemHops 20 ---- [Port9(GigabitEthernet1/0/9)][FORWARDING] ---- Port protocol : Enabled Port role : Designated Port Port ID : 1 28.9 Port cost(Legacy) : Config=auto, Active=200 Desg.bridge/port : 8192.cc3e - 5f73 - bacb, 128.9 Protection type : Config=none, Active=none Rapid transition : True Num of VLANs mapped : 1 Port times : RemHops 20

417. 416 mst Multiple spanning tree configuration pathcost Spanning tree pathcost options portfast Spanning tree portfast options transmit STP transmit pa rameters uplinkfast Enable UplinkFast Feature vlan VLAN Switch Spanning Tree Cisco(config)#spanning - tree mode ? mst Multiple spanning tree mode pvst Per - Vlan spanning tree mode rapid - pvst Per - Vlan rapid spanning tree mode Cisco(config)#spanning - tree mode rapid - pvst (note – this is the default spanning - tree mode, command is shown for refernece ) Cisco(config)#spanning - tree vlan ? WORD vlan range, example: 1,3 - 5,7,9 - 11 Cisco(config)#spanning - tree vlan 1 ? forwa rd - time Set the forward delay for the spanning tree hello - time Set the hello interval for the spanning tree max - age Set the max age interval for the spanning tree priority Set the bridge priority for the spanning tree root C onfigure switch as root <cr> Cisco(config)#spanning - tree vlan 1 priority ? <0 - 61440> bridge priority in increments of 4096 Cisco(config)#spa nning - tree vlan 1 priority 20480 Cisco(config)#spann ing - tree vlan 220 priority 16384 Cisco(config)#spanning - t ree vlan 100 priority 12288 Cisco(config)#spanning - t ree vlan 240 priority 8192 Cisco#show spanning - tree ? active Report on active interfaces only backbonefast Show spanning tree backbonefast status blockedports Show block ed ports bridge Status and configuration of this bridge detail Detailed information inconsistentports Show inconsistent ports interface Spanning Tree interface status and configuration mst Multiple spanning trees pathcost Show Spanning pathcost options root Status and configuration of the root bridge summary Summary of port states uplinkfast Show spanning tree uplinkfast status vlan VLAN Switch Spanning Trees | Output modifiers <cr> Cisco#show spanning - tree summary Switch is in pvst mode Root bridge for: VLAN0230, VLAN0240 EtherChannel misconfig guard is enabled Extended system ID is enabled Portfast De fault is disabled PortFast BPDU Guard Default is disabled Portfast BPDU Filter Default is disabled Loopguard Default is disabled UplinkFast is disabled

418. 417 BackboneFast is disabled Configured Pathcost m ethod used is short Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- VLAN0001 0 0 0 2 2 VLAN0100 0 0 0 2 2 VLAN0220 0 0 0 2 2 VLAN0230 0 0 0 2 2 VLAN0240 0 0 0 1 1 ---------------------- -------- --------- -------- ---------- ---------- 5 vlans 0 0 0 9 9 Cisco#show spanning - tree root Root Hello Max Fwd V lan Root ID Cost Time Age Dly Root Port ---------------- -------------------- --------- ----- --- --- ------------ VLAN0001 8193 009c.02d5.3980 4 2 20 15 Gi1/0/6 VLAN0100 8292 cc3e.5f73.bacb 20004 2 20 15 Gi1/0/6 VLAN0220 8412 0023.89d5.a059 20004 2 20 15 Gi1/0/6 VLAN0230 32998 0022.91ab.4380 0 2 20 15 VLAN0240 8432 0022.91ab.4380 0 2 20 15

421. 420 Route type RouteMap Options ---------- ------------------------------ ------------------ connected Comware [ Comware ] rip 1 [ Comware - rip - 1]version 2 [ Comware - rip - 1]network 10.1.220.0 [ Comware - rip - 1]import - route direct [C omware ]display rip ? INTEGER<1 - 65535> Process ID vpn - instance VPN Instance | Matching output <cr> [ Comware ] display rip Public VPN - instance name : RIP process : 1 RIP version : 2 Preference : 100 C heckzero : Enabled Default - cost : 0 Summary : Enabled Hostroutes : Enabled Maximum number of balanced paths : 8 Update time : 30 sec(s) Timeout time : 180 sec(s) Suppress time : 120 sec(s) Garbage - c ollect time : 120 sec(s) update output delay : 20(ms) output count : 3 TRIP retransmit time : 5 sec(s) TRIP response packets retransmit count : 36 Silent interfaces : None Default routes : Disabled Veri fy - source : Enabled Networks : 10.0.0.0 Configured peers : None Triggered updates sent : 20 Number of routes changes : 25 Number of replies to queries : 0 [Comware ]display rip 1 ? database Database inte rface RIP interface information route Route Information | Matching output <cr> [ Comware ] display rip 1 interface Vlan - interface 220 Interface - name: Vlan - interface220 Address/Mask:10.1.220.3/24 Version:RIPv2 MetricIn:0 MetricIn route policy:Not designated MetricOut:1 MetricOut route policy:Not designated Split - horizon/Poison - reverse:on/off Input/Output:on/on Default route:off Current packets number/Maximum pack ets number:0/2000

438. 437 Pro Vision(config)# router bgp 64502 ProVision(bgp)# bgp allowas - in Specify the number of times the local AS may appear in an AS - path. always - compare - med Compare MEDs for routes from neighbors in different ASs. bestpath Configure various BGP best - path options. client - to - client - r... Enable or Disable client - to - client route reflection. cluster - id Spec ify the cluster ID to be used when the BGP router is used as a route - reflector. default - metric Specify a BGP MED to be set on routes when they are advertised to peers. graceful - restart Configure B GP graceful restart timers. log - neighbor - changes Enable or disable BGP event logging. maximum - prefix Specify the maximum number of routes that BGP will add to its routing table. open - on - accept Configure BGP to send an Open message immediately when the TCP connection has been established for configured peers. router - id Configure a BGP router - id to be used during neighbor session establishment and in BGP best - p ath selection. ProVision(bgp)# bgp router - id ? IP - ADDR A 32 - bit integer in ipv4 - address format to be used as the BGP router - id ProVisi on(bgp)# bgp router - id 10.0.0.2 ProVision(bgp)# ? bgp Configu re various BGP parameters. disable Disable BGP on the router. distance Configure the administrative distances for BGP routes. enable Enable BGP on the router. neighbor Add/Modify/delete entries of the BGP peer table. network Advertise a network to the BGP neighbors if the network exists in the routing table. redistribute Advertises routes from the specified protocol to the BGP ne ighbors. timers Configure global keepalive and hold - time values for BGP. ProVision(bgp)# neighbor 10.0.10 1.31 ? allowas - in Specify the number of times the local AS # may appear in an AS - path. as - override Replace all occurrences of the peer AS number with the router's own AS number before advertising the route. description Configure description for this BGP peer or peer - group. dynamic Enable or dis able advertisement of dynamic capability to the peer. ebgp - multihop Enable or disable multi - hop peering with the specified EBGP peer, and optionally indicate the maximum number of hops (TTL). graceful - restart Enable or Disable the advertisement of graceful - restart capability. ignore - leading - as Allow any received routes that do not have their own AS appended to the as - path. local - as Configure the local AS # used for peering with this peer . maximum - prefix Specify the maximum number of routes BGP will accept from the specified peer. next - hop - self Force BGP to use the router's outbound interface address as the next hop for the route updates to the peer. out - delay Specify the delay - time before advertising the route updates to the peer. passive If enabled, do not initiate a peering connection to the p eer. password Use MD5 authentication for the peer and set the password to be used. If in enhanced secure - mode, you will be prompted for the password. remote - as Add an entry to the nei ghbor table, specifying the AS # of the BGP

439. 438 peer. remove - private - as Specify whether the private AS # should be removed from the as - path attribute of updates to the EBGP peer. route - map Specify a route - map to be applied for filtering routes received from or sent to the peer. route - reflector - cl... Act as a route reflector for the peer. route - refresh Enable or disable the advertisement of route - refresh capability i n the Open message sent to the peer. send - community Enable or disable sending the community attribute in route updates to the peer. shutdown Shutdown the BGP peering session without removi ng the associated peer configuration. timers Configure the keepalive and hold - time values for the peer. ttl - security Configure the TTL security for this peer. update - source Specify the source addres s to accept TCP connections from the peer. use - med Enable or disable the comparison of MED attribute for the same route received from two different autonomous systems. weight Spec ify the weight for all routes received from the specified peer. ProVision(bgp)# nei ghbor 10.0.101.31 remote - as 64503 ? <cr> ProVision(bgp)# nei ghbor 10.0.101.31 remote - as 64503 ProVision(bgp)# nei ghbor 10.0.101.41 remote - as 645 04 ProVision(bgp)# nei ghbor 10.0.101.51 remote - as 64505 ProVision(bgp)# redistribute connected ProVision(bgp)# redistribute static ProVision(bgp)# ena ble ProVision(bgp)# network 10.0.221.0/24 ProVision# show ip bgp ? as - path Show s list of unique as - paths learnt by this router. community Show routes belonging to the specified communities. general Show a global configuration details. IP - ADDR/MASK - LENGTH Show routes matching this network ipv4 address. neighbor Show information about the state of BGP peering session<ip - addr> - Show information only for this peer. redistribute Show protocols being redistributed into BGP. regexp Show BGP routes whose as - path information matches the supplied regular expression. route Displays as - path or community information of the BGP routes. summary Show a summary of BGP peer state information. <cr> ProVis ion # show ip bgp summary Peer Information Remote Address Remote - AS Local - AS State Admin Status

459. 458 options bandwidth Set bandwidth informational parameter bgp - policy Apply policy propagated by bgp community string carrier - delay Specify delay for interface transitions cdp CDP interface subcommands cts Configure Cisco Trusted Security dampening Enable event dampening datalink Interface Datalink commands default Set a command to its defau lts delay Specify interface throughput delay description Interface specific description eou EAPoUDP Interface Configuration Commands exit Exit from interface configuration mode flow - sampler Attach flow sampler to the interface help Description of the interactive help system history Interface history histograms - 60 second, 60 minute and 72 hour hold - que ue Set hold queue depth ip Interface Internet Protocol config commands link Configure Link load - interval Specify interval for load calculation for an interface logging Configure logging for interface loopback Configure internal loopback on an interface macro Command macro max - reserved - bandwidth Maximum Reservable Bandwidth on an Interface mka MACsec Key Agreement (MKA) interface configuration neighbor interface neighbor configuration mode commands network - policy Network Policy nmsp NMSP interface configuration no Ne gate a command or set its defaults ntp Configure NTP private - vlan Configure private VLAN SVI interface settings rate - limit Rate Limit routing Per - interface routing configuration service - policy Configure CPL Service Policy shutdown Shutdown the selected interface snmp Modify SNMP interface parameters source Get config from another source spanning - tree Spanning Tr ee Subsystem standby HSRP interface configuration commands timeout Define timeout values for this interface topology Configure routing topology on the interface traffic - shape Enable Traffic S haping on an Interface or Sub - Interface vrrp VRRP Interface configuration commands vtp Enable VTP on this interface Cisco(config - if)#vrrp ? <1 - 255> Group number Cisco(config - if)#vrrp 1 00 ? authentication Authentication string description Group specific description ip Enable Virtual Router Redundancy Protocol (VRRP) for IP preempt Enable preemption of lower priority Master priority Priority of this VRRP group timers Set the VRRP timers track Event Tracking Cisco(config - if)#vrrp 100 ip ? A.B.C.D VRRP group IP address Cisco(config - if)#vrrp 100 ip 10.1.100.1 ? secondary Specify an additional VRRP address for this gro up

560. 559 [Comware5 - isp - 8021x]accounting lan - access radius - scheme radius - auth ? local Specify local scheme none Specify none scheme <cr> [Comware5 - isp - 8021x]accounting lan - access radius - scheme radius - auth [Comware5]domain default enable 8021x [Comware5] dot1x ? authentication - method Specify system authentication method domain - delimiter Specify a set of domain delimiters free - ip Specify free IP configurations guest - vlan Specify guest vlan configuration in formation of port interface Specify interface configuration information max - user Specify maximal on - line user number per port port - control Specify port authenticated status port - method Specify port co ntrolled method quiet - period Enable quiet period function retry Specify maximal request times timer Specify timer parameters url Specify URL of the redirection server <cr> [Comware5] dot1x 802.1x is enabled globally. [Comware5] dot1x authentication - method ? chap CHAP(Challenge Handshake Authentication Protocol) authentication method. It's default. eap EAP(Extensible Authentication Protocol) authentication method pap PAP(Password Authentication Protocol) authentication method [Comware5] dot1x authentication - method eap ? <cr> [Comware5] dot1x authentication - method eap EAP authentication is enabled [Comware5] int erface g1/0/14 [Comware5 - GigabitEthernet1/0/14 ]dot1x ? attempts Specify 802.1X authentication attempts auth - fail Specify a VLAN for clients failing the 802.1X authentication on the port binding - mac MAC address binding function critical Specify critical vlan configuration eapol EAPOL packet guest - vlan Specify guest vlan configuration information of port handshake Enable handshake with online user(s) mandatory - domain Specify the domain for 802.1X max - user Specify maximal on - line user number per port multicast - trigger Enable multicast trigger at specify interface port - control Specify port authenticated status port - method Specify port controlled method re - authenticate Enable periodic reauthentication of the online user(s) unicast - trigger Enable unicast trigger user - ip User ip address voice Specify voice vlan configuration <cr>

580. 579 Cisco(config - if)#authentication ? control - direction Set the control - direction on the interface event Set actio n for authentication events fallback Enable the Webauth fallback mechanism host - mode Set the Host mode for authentication on this interface linksec Configure link security parameters open Enable or Disabl e open access on this port order Add an authentication method to the order list periodic Enable or Disable Reauthentication for this port port - control Set the port - control value priority Add an authentication method to the priority list timer Set authentication timer values violation Configure action to take on security violations Cisco(config - if)#authentication order ? dot1x Authentication method "dot1x" allowed mab Auth entication method "mab" allowed webauth Authentication method "webauth" allowed Cisco(config - if)#authentication order mab ? dot1x Authentication method "dot1x" allowed webauth Authentication method "webauth" allowed <cr> Cisco(config - if)#aut hentication order mab Cisco(config - if)#authentication host - mode single - host Cisco(config - if)#authentication port - control auto Cisco(config - if)#authentication event fail action authorize vlan 99 Cisco#show dot1x ? all Show 802.1x information for all interfaces interface Interface information to display | Output modifiers <cr> Cisco#show dot1x interface g1/0/16 details Dot1x Info for GigabitEthernet1/0/16 ----------------------------------- PAE = AUTHENTI CATOR PortControl = AUTO ControlDirection = Both HostMode = SINGLE_HOST QuietPeriod = 60 ServerTimeout = 0 SuppTimeout = 30 ReAuthMax = 2 MaxReq = 2 TxPeriod = 30 Dot1x Authenticator Client List Empty Cisco#show authentication ? interface Shows Auth Manager interface information method The name of the Authentication method registrations Shows Auth Manager registrations

34. 33 Telnet Activity Source IP Selection: Outgoing Interface -------------------------------------------------------- Session : ** 1 Privilege: Manager From : Console To : -- ------------------------------------------------------ Session : 2 Privilege: Manager From : 10.0.100.87 To : Comware 5 < Comware 5 > free ? ftp Free FTP user user - interface User terminal interface web - users Web ma nagement users < Comware 5 > free user - interface ? INTEGER<0 - 40 > Specify one user terminal interface aux Aux user terminal interface vty Virtual user terminal interface < Comware 5 >free user - interface 25 ? <cr> < Comware 5 >free us er - interface 25 Are you sure to free user - interface vty0? [Y/N]:y [OK] < Comware 5 > free user - interface vty ? INTEGER<0 - 15 > Specify one user terminal interface < Comware 5 > free user - interface vty 0 Are you sure to free user - interface vty0? [Y/N]:y [OK] < Comware 5 > dis play users The user application information of the user interface(s): Idx UI Delay Type Userlevel F 0 AUX 0 00:00:00 3 + : Current operation user. F : Current operation user work in async mode. Comware7 <Comwa re7>free ? ftp FTP configuration information line Line user - interface Line web Web configuration <Comware7>free user - interface ? INTEGER<0 - 192> Specify one line aux AUX line vty Vi rtual type terminal (VTY) line

64. 63 STRING<1 - 63> User role name [Comware7]role name network - admin2 ? <cr > [Comware7]role name network - admin2 [Comware7 - role - network - admin2]%Jun 25 21:48:33:154 2016 Comware7 RBAC/6/INFO: Anonymous user created role network - admin2 successfully. [Comware7 - role - network - admin2]? Role view commands: cfd Connecti vity Fault Detection (CFD) module description Describe the user role diagnostic - logfile Diagnostic log file configuration display Display current system information interface Specify the privilege of processing interf ace ip Specify IP configuration logfile Log file configuration monitor System monitor ping Ping function quit Exit from current command view return Exit to User View rule Specify a privilege control rule for the user role save Save current configuration security - logfile Security log file configuration tracert Tracert function undo Cancel curren t setting vlan Specify the privilege of processing VLAN vpn - instance Specify the privilege of processing VPN instance [Comware7 - role - network - admin2]rule ? INTEGER<1 - 256> Rule number [Comware7 - role - network - admin2]rule 1 ? de ny Deny access to the matched commands permit Permit access to the matched commands [Comware7 - role - network - admin2]rule 1 permit ? command Specify a command matching string execute Specify the execute (X) type commands read Specify the re ad (R) type commands write Specify the write (W) type commands [Comware7 - role - network - admin2]rule 1 permit command ? TEXT<1 - 128> Command matching string. It may comprise multiple segments separated by semicolons. Each segment repres ents one or more commands and can contain multiple wildcards (*). The commands of the next segment, if any, must be subcommands of the previous segment. [Comware7 - role - network - admin2]rule 1 permit command displ ay interface brief ? TEXT<1 - 104> Command matching string. It may comprise multiple segments separated by semicolons. Each segment represents one or more commands and can contain multiple wildcards (*). The commands of the next segment, if any, must be subcommands of the previous segment. <cr> [Comware7 - role - network - admin2]rule 1 permit command display interface brief [Comware7 - role - network - admin2]rule 2 permit command display ip interface br ief Comware7]local - user ? STRING<1 - 55> Local user name, which cannot contain the domain name

115. 114 [Comware5]info - center loghost 10.0.100.111 ? channel Assign channel to the logging host dscp Differentiated Services Code Point (DSCP) facility Set logging host facility port Assign port number to the logging host <cr> [Comware5]inf o - center loghost 10.0.100.111 [Comware5]info - center loghost 10.0.100.111 facility ? local0 Logging host facility local1 Logging host facility local2 Logging host facility local3 Logging host facility local4 Logging host facility local5 L ogging host facility local6 Logging host facility local7 Logging host facility [Comware5] info - center timestamp ? debugging Set the time stamp type of the debug information log Set the time stamp type of the log information loghost S et the time stamp type of the information to loghost trap Set the time stamp type of the alarm information [Comware5] info - center timestamp loghost ? date Information time stamp of date type iso Information time stamp of form at in ISO 8601 no - year - date Information time stamp of date without year type none None information time stamp [Comware5] info - center timestamp loghost date ? <cr> [Comware5] info - center timestamp loghost date [Comware5] display logbuffer ? level Only show items whose level match the designated level reverse Display entries chronologically, with the most recent entry at the top size Limit display to the most recent specified number of events slot Only show ite ms which are from the designated slot summary A summary of the logging buffer | Output modifiers <cr> Comware 7 [Comware7]info - center ? diagnostic - logfile Diagnostic log file configuration enable Enable the information cen ter format Format of syslog message logbuffer Log buffer configuration logfile Log file configuration logging Specify log configuration loghost Log host configuration security - logfile Security log file configuration source Informational source settings synchronous Enable synchronous information output syslog Setting of syslog configuration timestamp Set the time stamp format of the l og trace - logfile Trace log file configuration [Comware7]info - center loghost ? STRING<1 - 253> Hostname of the log host

126. 125 source Configure interface for source address trusted - key Key numbers for trusted time sources Cisco(config)#ntp server ? A.B.C.D IP address of peer W ORD Hostname of peer X:X:X:X::X IPv6 address of peer ip Use IP for DNS resolution ipv6 Use IPv6 for DNS resolution Cisco(config)#ntp server 10.0.100.251 ? burst Send a burst when peer is reachable iburst Send a burs t when peer is unreachable key Configure peer authentication key maxpoll Maximum poll interval minpoll Minimum poll interval prefer Prefer this peer when possible source Interface for source address version Configure NTP version < cr> Cisco(config)#ntp server 10.0.100.251 Cisco#show ntp ? associations NTP associations status NTP status Cisco#show ntp associations address ref clock st when poll reach delay offset disp *~10.0.100.251 216.21 8.192.20 2 25 64 177 2.322 2.130 64.390 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured Cisco#show ntp status Clock is synchronized, stratum 3, reference is 10.0.100.251 nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17 reference time is D8A9E976.CDEA704C (22:06:46.804 UTC Tue Mar 10 2015) clock offset is 2.1303 msec, root delay is 102.49 msec root dispersion is 447.09 msec, peer dispersion is 64.39 msec loopfilter state is 'CTRL' (Norma l Controlled Loop), drift is 0.000000007 s/s system poll interval is 64, last update was 178 sec ago. Cisco(config)#clock ? initialize Initialize system clock on restart save backup of clock with NVRAM summer - time Configure summer (dayli ght savings) time timezone Configure time zone Cisco(config)#clock timezone ? WORD name of time zone Cisco(config)#clock timezone US - Central ? < - 23 - 23> Hours offset from UTC Cisco(config)#clock timezone US - Central - 6 ? <0 - 59> Minutes o ffset from UTC <cr> Cisco(config)#clock timezone US - Central - 6 %Time zone name is limited to 7 characters Cisco(c onfig)#clock timezone US - Cent - 6

136. 135 ProVision(config)# snmp - server location ASCII - STR Enter an ASCII string. ProVision(config)# snmp - server location Lab ProVision(config)# snmp - server contact ASCII - STR Enter an ASCII string. ProVision(config)# snmp - server contact Lab_Engr ProVision(config)# snmp - server enable traps Enable/disable event traps to be sent by the switch. <cr> ProVision(config)# snmp - server enable traps arp - protect Traps for Dynamic ARP Protection. auth - server - fail Traps reporting authentication server unreachable. dhcp - server Traps for DHCP - Server dhcp - snooping Traps for DHCP - Snooping. dhcpv6 - snooping Set the traps for DHCPv6 snooping. dyn - ip - lockdown Traps for Dynamic Ip Lockdown dyn - ipv6 - lockdown Traps fo r Dynamic IPv6 Lockdown. link - change Traps for link - up and link - down. login - failure - mgr Traps for management interface login failure. mac - count - notify Traps for MAC addresses learned on the specified ports exceeds the threshold. mac - notify Traps for (learned/removed) MAC address table changes. password - change - mgr Traps for management interface password change. port - security Traps for port access authentication failure. running - config - chan ge Traps for running config change. snmp - authentication Select RFC - 1157 (standard) or HP - ICF - SNMP (extended) traps. startup - config - change Traps for changes to the startup config. ProVision(config)# snmp - server enable ProVision# show snmp - server S NMP Communities Community Name MIB View Write Access -------------------------------- -------- ------------ public Operator Restricted private Manager Unrestricted Trap Receiv ers Link - Change Traps Enabled on Ports [All] : All Traps Category Current Status _____________________________________ __________________ SNMP Authentication : Extended Password change : Enabled Login failures : Enabled Port - Security : Enabled Authorization Server Contact : Enabled DHCP - Snooping : Enabled DHCPv6 - Snooping Out of Resource : Enabled DHCPv6 - Snooping Errant Replies : Enabled Dynamic ARP Protection : Enabled Dynamic IP Lockdown : Enabled Dynamic IPv6 Lockdown Out of Resource : Enabled Dynamic IPv6 Lockdown Violations : En abled Startup Config change : Disabled

142. 141 log Enable logging of Notifications periodical - interval Spec ify the interval for sending periodical notifications queue - size Set the length of the notification queue source Set the source IP address for notifications [Comware7]snmp - agent trap enable ? arp ARP module bgp Enable BGP notifications configuration Enable configuration management notifications ike Enable SNMP notifications for IKE ipsec Enable SNMP notifications for IPsec events isis IS - IS module l3vpn Enable L3VPN notifications ldp Enable LDP notifications mac - address Enable MAC address notification mpls Enable MPLS notifications ospf OSPF module ospfv3 OSPFv3 module radius RADIUS module sp bm Enable SPBM notifications standard Enable standard SNMP notification system Enable system management notifications trill Enable TRILL notifications vrrp Enable VRRP notifications <cr> [Comware 7 ] snmp - agent trap enable [Comware 7 ] snmp - agent [Comware7]display snmp - agent sys - info The contact information of the agent: Lab_Engr The location information of the agent: lab The SNMP version of the agent: SNMPv1 SNMPv2c [Comware7]di splay snmp - agent community Community name: private Group name: private Storage - type: nonVolatile Community name: public Group name: public Storage - type: nonVolatile Cisco Cisco(config)#snmp - server ? cache Enable SNMP cache chassis - id String to uniquely identify this chassis community Enable SNMP; set community string and access privs contact Text for mib object sysContact context Create/Delete a context apart from default enable Enable SNMP Traps engineID Configure a local or remote SNMPv3 engineID file - transfer File transfer related commands group Define a User Security Model group host Specify hosts to rec eive SNMP notifications ifindex Enable ifindex persistence inform Configure SNMP Informs options ip IP ToS configuration for SNMP traffic location Text for mib object sysLocation

144. 143 snmp Allow SNMP - type notifications stackwise All ow SNMP stackwise traps storm - control Allow SNMP storm - control traps stpx Allow SNMP STPX MIB traps syslog Allow SNMP syslog traps tty Allow TCP connection traps udp - port The notification host's UDP port number (default port 162) vlan - membership Allow SNMP VLAN membership traps vlancreate Allow SNMP VLAN created traps vlandelete Allow SNMP VLAN deleted traps vstack Allow SNMP Smart Install traps vtp Allow SNMP VTP traps <cr> Cisco(config)#snmp - server host 10.0.1 11.210 version 2c private Cisco(config)#snmp - server community ? WORD SNMP community string Cisco(config)#snmp - server community public ? <1 - 99> Std IP accesslist allowing acc ess with this community string <1300 - 1999> Expanded IP accesslist allowing access with this community string WORD Access - list name ro Read - only access with this community string rw Read - write access with this community string view Restrict this community to a named MIB view <cr> Cisco(config)#snmp - server community public ro ? <1 - 99> Std IP accesslist allowing access with this community string <1300 - 1999> Expanded IP accesslist allow ing access with this community string WORD Access - list name ipv6 Specify IPv6 Named Access - List <cr> Cisco(config)#snmp - server community public ro Cisco(config)#snmp - server community private ? <1 - 99> Std IP ac cesslist allowing access with this community string <1300 - 1999> Expanded IP accesslist allowing access with this community string WORD Access - list name ro Read - only access with this community string rw Re ad - write access with this community string view Restrict this community to a named MIB view <cr> Cisco(config)#snmp - server community private rw ? <1 - 99> Std IP accesslist allowing access with this community string <1300 - 1999> Expand ed IP accesslist allowing access with this community string WORD Access - list name ipv6 Specify IPv6 Named Access - List <cr> Cisco(config)#snmp - server community private rw Cisco(config)#snmp - server location ? LINE T he physical location of this node Cisco(config)#snmp - server location Lab

174. 173 Cisco(config)#ip domain - name test Cisco(config)#crypto ? ca Certification authority key Long term key operations pki Public Key components Cisco(config)#crypto key ? decrypt Decry pt a keypair. encrypt Encrypt a keypair. export Export keys generate Generate new keys import Import keys move Move keys pubkey - chain Peer public key chain management storage default storage location f or keypairs zeroize Remove keys Cisco(config)#crypto key generate ? rsa Generate RSA keys <cr> Cisco(config)#crypto key generate The name for the keys will be: Cisco.test Choose the size of the key modulus in the range of 360 to 2048 for yo ur General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: % Generating 512 bit RSA keys, keys will be non - exportable...[OK] Cisco(config)#ip ssh ? authentication - retries Specify n umber of authentication retries break - string break - string dh Diffie - Hellman dscp IP DSCP value for SSH traffic logging Configure logging for SSH maxstartups Maximum co ncurrent sessions allowed port Starting (or only) Port number to listen on precedence IP Precedence value for SSH traffic pubkey - chain pubkey - chain rsa Configure RSA keypair name for SS H source - interface Specify interface for source address in SSH connections stricthostkeycheck Enable SSH Server Authentication time - out Specify SSH time - out interval version Speci fy protocol version to be supported Cisco(config)#ip ssh version ? <1 - 2> Protocol version Cisco(config)#ip ssh version 2 Cisco(config)#line vty 0 15 Cisco(config - line)#login ? local Local password checking <cr> Cisco(config - line)#login loc al ? <cr>

175. 17 4 Cisco(config - line)#login local Cisco(config - line)#transport ? input Define which protocols to use when connecting to the terminal server output Define which protocols to use for outgoing connections preferred Spec ify the preferred protocol to use Cisco(config - line)#transport input ? all All protocols none No protocols ssh TCP/IP SSH protocol telnet TCP/IP Telnet protocol Cisco(config - line)#transport input ssh ? telnet TCP/IP Telnet protocol <cr> Cisco(config - line)#transport input ssh Cisco(config)#username <name> privilege 15 password <password> Cisco#show ip ssh SSH Enabled - version 2.0 Authentication timeout: 120 secs; Authentication retries: 3 Minimum expected Diffie Hellman key s ize : 1024 bits IOS Keys in SECSH format(ssh - rsa, base64 encoded): ssh - rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDEbwH5h57hZcqQbC07QmgIUC7icCexxBtx52vejCnp ZAsaZzXMXahBSiGYs+GTZePb 12345678905 Zrk1BwpoZICOO5S8Fk7Gu0e9ilfRdETAstz01YmboasSJ 5rUp3sIasRHGMp3CZHQt520Dv22 bDHoCBGEQ8+JF5IJ0kgYkhw== Cisco#show ssh Connection Version Mode Encryption Hmac State Username 0 2.0 IN aes256 - cbc hmac - sha1 Session started manager 0 2.0 OUT aes256 - cbc hmac - sha1 Sess ion started manager %No SSHv1 server connections running. Cisco#show crypto key mypubkey rsa % Key pair was generated at: 18:03:26 US - Cent Feb 28 1993 Key name: TP - self - signed - 2443920256 Storage Device: private - config Usage: General Purpose Key Key is not exportable. Key Data: 30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00C46F01 F9879EE1 65CA906C 2D3B4268 08502EE2 7027B1C4 1B71E76B DE8C29E9 640B1A67 35CC5DA8 414A2198 B3E19365 E3 123 84E 9A386D0D D80699AE 4D41C29A 1920238E E52F0593 B1AED1EF 6295F45D 11302CB7 3D356266 E86A 456 9 E6B529DE C21AB111 C6329DC2 64742DE7 6D03BF6D 9B0C7A02 046110F3 E245E482 74920624 87020301 0001 % Key pair was generated at: 01:34:01 US - Cent Mar 27 2015 Key name: TP - self - signed - 2443920256.server Te mporary key Usage: Encryption Key Key is not exportable. Key Data: 307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00B51791 797FFD80 F0484B82 1F944989 BF 123 82B 035B1DC4 92B6C4D9 F9FF1AE8 B8D6CDFF B6AF6BDF A9764C7B CB1B9E58 C711892E 1C2B11F5 D1A38AA2 1C 456 427 2D3F2A49 5757F8D4 8F9D0DA4 FBD0AD43 CC513CA3 91F790F1 0B57EBC6 2164D46E 85020301 0001 % Key pair was generated at: 02:28:42 US - Cent Mar 27 2015 Key name: Cisco.test

176. 175 Storage Device: not specified Usage: General Purpose Key Key is not exportable. Key Data: 305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00AB1487 78C90D6E 3332E08F AD4B26DB 54 123 3F8 1D56986A 5F89DB27 074 456 AD 07022442 F6DB3765 4CF3E3FE 7C55A9A7 F958A17C 2CDFCD8B 1E7F86C6 B41894EB 6B020301 0001

204. 203 level - 9 level - 10 level - 11 level - 12 level - 13 level - 14 level - 15 security - audit [Comware7 - line - vty0 - 63]user - role network - admin ? <cr> [Comware7 - line - vty0 - 63]user - role network - admin [Comware7] display radius ? scheme RADIUS scheme information statistics Statistics informa tion [Comware7] display radius scheme ? > Redirect it to a file >> Redirect it to a file in append mode STRING<1 - 32> Name of RADIUS scheme | Matching output <cr> [Comware7] display radius scheme radius - auth RAD IUS scheme name: radius - auth Index: 1 Primary Auth Server: Host name: Not Configured IP : 10.0.100.111 Port: 1812 State: Active VPN : Not configured Primary Acct Server: Host name: Not Configured IP : 10.0.100.111 Port: 1813 State: Active VPN : Not configured Accounting - On function : Disabled Retransmission times : 50 Retransmission interval(seconds) : 3 Ti meout Interval(seconds) : 3 Retransmission Times : 3 Retransmission Times for Accounting Update : 5 Server Quiet Period(minutes) : 5 Realtime Accounting Interval(minutes) : 12 NAS IP Addre ss : Not configured VPN : Not configured User Name Format : Without - domain Data flow unit : Byte Packet unit : One Attribute 15 check - mode : Strict [Comware7]display radius statistics ? > Redirect it to a file >> Redirect it to a file in append mode | Matching output <cr> [Comware7]display radius statistics Auth. Acct. SessCtrl. Request Packet: 7 14 0 Retry Packet: 0 0 -

212. 211 memory AAA memory parameters nas NAS specific configuration new - model Enable NEW access control commands and functions.(Disables OLD commands.) pod POD processing policy AAA policy parameters server Local AAA server service - profile Service - Profile parameters session - id AAA Session ID traceback Traceback recording user AAA user definitions Cisco(config)#aaa authorization ? auth - proxy For Authentication Proxy Services cache For AAA cache configuration commands For exec (shell) commands. config - commands For configuration mode commands. configuration For downloading confi gurations from AAA server console For enabling console authorization credential - download For downloading EAP credential from Local/RADIUS/LDAP exec For starting an exec (shell). multicast For downloading Mul ticast configurations from an AAA server network For network services. (PPP, SLIP, ARAP) policy - if For diameter policy interface application. prepaid For diameter prepaid services. radius - proxy For proxying radius packets reverse - access For reverse access connections subscriber - service For iEdge subscriber services (VPDN etc) template Enable template authorization Cisco(config)#aaa authorization console ? <cr> Cisco(config)#aaa authorization exec ? WORD Named authorization list (max 31 characters, longer will be rejected). default The default authorization list. Cisco(config)#aaa authorization exec default ? cache Use C ached - group group Use server - group. if - authenticated Succeed if user has authenticated. krb5 - instance Use Kerberos instance privilege maps. local Use local database. none No authorization (always succeeds ). Cisco(config)#aaa authorization exec default group ? WORD Server - group name ldap Use list of all LDAP hosts. radius Use list of all Radius hosts. tacacs+ Use list of all Tacacs+ hosts. Cisco(config)#aaa authorization exec default gr oup radius ? cache Use Cached - group group Use server - group. if - authenticated Succeed if user has authenticated. krb5 - instance Use Kerberos instance privilege maps. local Use local database. none No authorization (always succeeds). <cr> Cisco(config)#aaa authorization exec default group radius

225. 224 save Save current configuration self - service - url Specify self - service URL(Uniform Resource Locator) of domain state Speci fy state of domain tracert Trace route function undo Cancel current setting [ Comware5 - isp - tacacs]authentication ? default Specify default AAA configuration lan - access Specify lan - access AAA configuration login Specify login AAA configuration portal Specify portal AAA configuration super Specify super AAA configuration [ Comware5 - isp - tacacs]authentication default ? hwtacacs - scheme Specify HWTACACS scheme local Specify local scheme none Specify none scheme radius - scheme Specify RADIUS scheme [ Comware5 - isp - tacacs]authentication default hwtacacs - scheme ? STRING<1 - 32> Scheme name [Comware5 - isp - tacacs]authentication default hwtacacs - scheme tacacs - aut h [Comware5 - isp - tacacs]authorization default hwtacacs - scheme tacacs - auth [Comware5 - isp - tacacs]accounting default hwtacacs - scheme tacacs - auth [Comware5] domain default enable tacacs [Comware5 ]user - interface aux 0 [Comware5 - ui - aux0]authentication - mod e ? none Login without checking password Authentication use password of user terminal interface scheme Authentication use AAA [Comware5 - ui - aux0]authentication - mode scheme ? <cr> [ Comware5 - ui - aux0]authentication - mode scheme [ Comware5 ]us er - interface vty 0 15 [ Comware5 - ui - vty0 - 15]authentication - mode ? none Login without checking password Authentication use password of user terminal interface scheme Authentication use AAA [ Comware5 - ui - vty0 - 15]authentication - mode scheme ? <cr> [ Comware5 - ui - vty0 - 15]authentication - mode scheme [Comware5] display hwtacacs ? STRING<1 - 32> Scheme name slot Specify slot number | Matching output <cr>

226. 225 [Comware5 ]display hwtacacs HWTACACS scheme name : tacacs - auth Pri mary Authen Server: IP: 10.0.100.111 Port: 49 State: Active VPN instance : Not configured Encryption Key : ****** Primary Author Server: IP: 10.0.100.111 Port: 49 State: Ac tive VPN instance : Not configured Encryption Key : ****** Primary Account Server: IP: 10.0.100.111 Port: 49 State: Active VPN instance : Not configured Encryption Key : ****** NAS IP address : Not configured Authentication key : Not configured Authorization key : Not configured Accounting key : Not configured VPN instanc e : Not configured Quiet interval(min) : 5 Realtime accounting interval(min) : 12 Response timeout interval(sec) : 5 Retransmission times of stop - accounting p acket : 100 Username format : without - domain Data flow unit : Byte Packet unit : one ------------------------------------------------------------------- -------- Total 1 HWTACACS scheme(s). [Comware5]dis play hwtacacs tacacs - auth statistics Slot: 1 HWTACACS scheme name: tacacs - auth Primary authentication server: 10.0.100.111 HWTACACS server open number: 4 HWTACACS server close number: 4 HWTACACS au then client access request packet number: 4 HWTACACS authen client access response packet number: 4 HWTACACS authen client unknown type number: 0 HWTACACS authen client timeout number: 0 HWTACACS authen client packet dropped number: 0 HWTACACS au then client access request change password number: 0 HWTACACS authen client access request login number: 2 HWTACACS authen client access request send authentication number: 0 HWTACACS authen client access request send password number: 0 HWTACACS au then client access connect abort number: 0 HWTACACS authen client access connect packet number: 2 HWTACACS authen client access response error number: 0 HWTACACS authen client access response failure number: 0 HWTACACS authen client access response follow number: 0 HWTACACS authen client access response getdata number: 0 HWTACACS authen client access response getpassword number: 2 HWTACACS authen client access response getuser number: 0 HWTACACS authen client access response pass number: 2 HWTACACS authen client access response restart number: 0 HWTACACS authen client malformed access response number: 0 HWTACACS authen client round trip time(s): 1 Primary authorization server: 10.0.100.111 HWTACACS server open number: 2 HWTACACS ser ver close number: 2 HWTACACS author client request packet number: 2 HWTACACS author client response packet number: 2 HWTACACS author client timeout number: 0 HWTACACS author client packet dropped number: 0 HWTACACS author client unknown type numb er: 0 HWTACACS author client request EXEC number: 2

243. 242 [Comware7]lldp global e nable [Comware7]interface g1/0/1 [Comware7 - GigabitEthernet1/0/1]lldp enable [Comware 7 ]display lldp ? local - information Display local information neighbor - information Display neighbor information statistics Display statistics infor mation status Display LLDP status and configuration tlv - config Display TLV configuration [Comware 7 ]display lldp neighbor - information ? > Redirect it to a file >> Redirect it to a file in append mode age nt Specify LLDP agent interface Specify interface list Neighbor list verbose Verbose message | Matching output <cr> [Comware7]display lldp neighbor - information list Chassis ID : * -- -- Nearest nontpmr bridge neighbor # -- -- Nearest customer bridge neighbor Default -- -- Nearest bridge neighbor System Name Local Interface Chassis ID Port ID 2520G - 1 GE1/0/1 c091 - 3483 - 8d80 13 [Comware7]display lldp neighbor - in formation interface g1/0/1 ? > Redirect it to a file >> Redirect it to a file in append mode agent Specify LLDP agent verbose Verbose message | Matching output <cr> [Comware7]display lldp neighbor - information interface g1/0/1 LLDP neighbor - information of port 1[GigabitEthernet1/0/1]: LLDP agent nearest - bridge: LLDP neighbor index : 1 ChassisID/subtype : c091 - 3483 - 8d80/MAC address PortID/subtype : 13/Locally assigned Capabilities : Bridge [Comware7]disp lay lldp neighbo r - information interface g1/0/1 verbose LLDP neighbor - information of port 1[GigabitEthernet1/0/1]: LLDP agent nearest - bridge: LLDP neighbor index : 1 Update time : 0 days, 0 hours, 1 minutes, 57 seconds Chassis type : MAC a ddress Chassis ID : c091 - 3483 - 8d80 Port ID type : Locally assigned Port ID : 13 Time to live : 120 Port description : 13 System name : 2520G - 1 System description : ProCurve J9299A Switch 2520G - 24 - PoE, r evision J.14.54, RO M J.14.05 (/sw/code/build/walle(J_t4b)) System capabilities supported : Bridge System capabilities enabled : Bridge Management address type : IPv4

256. 255 ProVision( oobm)# ip address ? dhcp - b ootp Configure the interface to use DHCP/Bootp server to acquire parameters. IP - ADDR/MASK - LENGTH Interface IP address/mask. ProVision( oobm )# ip address 10.199.111.21/24 ? <cr> ProVision( oobm )# ip address 10.199.111.21 /24 ProVision(oobm)# ip default - gateway ? IP - ADDR IPv4 address of the default gateway. ProVision(oobm)# ip default - gateway 10.199.111.1 ? <cr> ProVision(oobm)# ip default - gateway 10.199.111.1 ProVision(config)# telnet - server listen ? o obm Enable Telnet Server on OOBM Interface only. data Enable Telnet Server on Data Plane only. both Enable Telnet Server on both OOBM and Data planes. ProVision(config)# telnet - server listen oobm ProV ision(config)# ip ssh listen ? oobm Enable SSH on OOBM Interface only. data Enable SSH on Data Plane only. both Enable SSH on both OOBM and Data planes. ProVision(config)# ip ssh listen oobm ProVisio n(config)# web - management listen ? oobm Enable HTTP Server on OOBM Interface only. data Enable HTTP Server on Data Plane only. both Enable HTTP Server on both OOBM and Data planes. ProVision(config)# w eb - management listen oobm ProVision(config)# ntp server 10. 199.111 .251 ? burst Enables burst mode. iburst Enables initial burst (iburst) mode. key - id Set the authentication key to use for this server. max - poll Configures the maximum time intervals in seconds. min - poll Configures the minimum time intervals in seconds. oobm Use the OOBM interface to connect to the server. <cr> ProVision(config)# ntp server 10. 19 9.111 .251 oobm ? burst Enables burst mode. iburst Enables initial burst (iburst) mode. key - id Set the authentication key to use for this server. max - poll Configures the maximum time intervals i n seconds. min - poll Configures the minimum time intervals in seconds. <cr> ProVision(config)# ntp server 10. 199.111 .251 oobm ProVision# ping 10.199.111.51 ? ip - option Specify the IP options to use. tos Spec ify the Type of Service value to send. data - fill Specify the data pattern to send.

264. 263 load - sharing Style of load sharing local - proxy - arp Enable local - proxy ARP mask - reply Enable sending ICMP Mask Reply messages mrm Configure IP Multicast Routing Monitor tester mroute - cache Enable switching cache for incoming multicast packets mtu Set IP Maximum Transmission Unit multicast IP multicast interface commands next - hop - self Configures EIGRP - IPv4 next - hop - self ospf OSPF interf ace commands pim PIM interface commands policy Enable policy routing probe Enable HP Probe support proxy - arp Enable proxy ARP rarp - server Enable RARP server for static arp entries red irects Enable sending ICMP Redirect messages rgmp Enable/disable RGMP rip Router Information Protocol route - cache Enable fast - switching cache for outgoing packets router IP router interf ace commands rsvp RSVP Interface Commands rtp RTP parameters sap Session Advertisement Protocol interface commands security DDN IP Security Option split - horizon Perform split horizon sticky - arp Allow the creation of sticky ARP entries summary - address Perform address summarization tcp TCP interface commands unnumbered Enable IP processing without an explicit address unreachables En able sending ICMP Unreachable messages urd Configure URL Rendezvousing verify Enable per packet validation vrf VPN Routing/Forwarding parameters on the interface wccp WCCP interface comman ds Cisco(config - if)#ip address ? A.B.C.D IP address dhcp IP Address negotiated via DHCP pool IP Address autoconfigured from a local DHCP pool Cisco(config - if)#ip address 10.199.111.41 255.255.255.0 ? secondary Make this IP address a sec ondary address <cr> Cisco(config - if)#ip address 10.199.111.41 255.255.255.0 Cisco(config)#ip telnet ? comport Specify RFC 2217 options hidden Don't display telnet addresses or hostnames quiet Don't display non - er ror telnet messages source - interface Specify source interface tos Specify type of service Cisco(config)#ip telnet source - interface ? Async Async interface Auto - Template Auto - Template interface BVI Bridge - Group Virtual Interface CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEthernet IEEE 802.3 Filter Filter interface Filtergroup Filter Group interface GigabitEthe rnet GigabitEthernet IEEE 802.3z GroupVI Group Virtual interface Lex Lex interface

266. 265 Cisco(config)#ip ssh source - interface fastEthe rnet 0 Cisco(config)#ntp source ? Async Async interface Auto - Template Auto - Template interface BVI Bridge - Group Virtual Interface CTunnel CTunnel interface Dialer Dialer interface Fa stEthernet FastEthernet IEEE 802.3 Filter Filter interface Filtergroup Filter Group interface GigabitEthernet GigabitEthernet IEEE 802.3z GroupVI Group Virtual interface Lex Lex interfac e Loopback Loopback interface Null Null interface Port - channel Ethernet Channel of interfaces Portgroup Portgroup interface Pos - channel POS Channel of interfaces TenGigabitEthernet Ten Gigabit Ethernet Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual - Template Virtual Template interface Virtual - TokenRing Virtual TokenRing Vlan Catalyst Vlans fcpa Fiber Ch annel Cisco(config)#ntp source fastEthernet 0 ? <cr> Cisco(config)#ntp source fastEthernet 0 Cisco(config)#ip tftp source - interface ? Async Async interface Auto - Template Auto - Template interface BVI Bridge - Gro up Virtual Interface CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEthernet IEEE 802.3 Filter Filter interface Filtergroup Filter Group interface GigabitEthernet Giga bitEthernet IEEE 802.3z GroupVI Group Virtual interface Lex Lex interface Loopback Loopback interface Null Null interface Port - channel Ethernet Channel of interfaces Portgroup Portgroup interface Pos - channel POS Channel of interfaces TenGigabitEthernet Ten Gigabit Ethernet Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual - Template Virtual Template interface V irtual - TokenRing Virtual TokenRing Vlan Catalyst Vlans fcpa Fiber Channel Cisco(config)#ip tftp source - interface fastEthernet 0 ? <cr> Cisco(config)#ip tftp source - interface fastEthernet 0

286. 285 mirroring - group Specify mirroring group mld - snooping MLD snooping module monitor System monitor mrp Multiple registration protocol multicast - suppression Multicast storm suppression function mvrp Multiple VLAN registration protocol oam OAM module packet - filter Packet filter settings pbb Provider Backbone Bridge (PBB) module ping Ping function poe Power over Ethernet port Set port attributes port - isolate Port isolation configuration port - security Port security module priority - flow - control Priority - based flow control (PFC) configuration ptp Precision Time Protocol (PTP) module qcn Quantized Congestion Notification (QCN) module qinq 802.1QinQ function qos Quality of Service (QoS) module quit Exit from current command view return Exit to User View rmon RMON module save Save current configuration security - logfile Security log file configuration service - instance Configure a service instance sflow sFlow function shutdown Shut down the interface smart - link Smart Link modul e spbm SPBM configuration speed Specify speed of current port storm - constrain Port storm control stp Spanning Tree Protocol (STP) module tracert Tracert function trill TRansparent Interconnection of Lots of Links (TRILL) module undo Cancel current setting unicast - suppression Unicast storm suppression function virtual - cable - test Test cable connection for an interface vlan Set VLAN precedence voice - vlan Voice VLAN configuration [Comware 7 - GigabitEthernet1/0/1 ]description ? TEXT Interface description, 1 to 255 characters [Comware - GigabitEthernet1/0/1 ]description l i nk - to - core [Comware 7 - GigabitEthernet1/0/1 ]duplex ? auto Enable port's duplex negotiation automatically full Full - duplex half Half - duplex [Comware 7 - GigabitEthernet1/0/1 ]duplex auto [Comware 7 - GigabitEthernet1/0/1 ]speed ? 10 Specify speed a s 10 Mbps 100 Specify speed as 100 Mbps 1000 Specify speed as 1000 Mbps auto Enable port's speed negotiation automatically [Comware 7 - GigabitEthernet1/0/1 ]speed auto [Comware 7 - GigabitEthernet1/0/1 ]shutdown

295. 294 [Comware7 - vlan220]? Vlan view commands: arp ARP modul e cfd Connectivity Fault Detection (CFD) module description Configure the VLAN description diagnostic - logfile Diagnostic log file configuration display Display current system information igmp - snoop ing IGMP snooping module ip - subnet - vlan ipv6 Specify IPv6 configuration logfile Log file configuration mac - address Configure MAC address mac - forced - forwarding Specify MAC - forced forwarding con figuration information mld - snooping MLD snooping module monitor System monitor name Configure the VLAN name pim - snooping PIM snooping module ping Ping function port Assign ports to or remove ports from the VLAN private - vlan Private VLAN function protocol - vlan Protocol - based VLAN quit Exit from current command view return Exit to User View save Save current configuration security - logfile Security log file configuration subvlan Specify sub - VLAN supervlan Specify the VLAN as a super VLAN tracert Tracert function undo Cancel current setting [Comware7 - vlan220]name ? TEXT Name string, 32 characters at most [Comware7 - vlan220]name test [Comware7]display vlan ? > Redirect it to a file >> Redirect it to a file in append mod e INTEGER<1 - 4094> VLAN ID all All VLANs brief Brief information about all VLANs dynamic Dynamic VLANs mapping Display VLAN mapping information reserved Reserved VLANs static Static VLANs | Matching output <cr> [Comware7]display vlan Total VLANs: 3 The VLANs include: 1(default), 100, 220 [Comware7]display vlan all VLAN ID: 1 VLAN type: Static Route interface: Configured IPv4 address: 10.0.111.51 IPv4 sub net mask: 255.255.255.0 Description: VLAN 0001 Name: VLAN 0001 Tagged ports: None Untagged ports: FortyGigE1/0/53 FortyGigE1/0/54

304. 303 0 unicasts, 16 broadcasts, 40 multicasts, 0 pauses Input: 0 input errors, 0 runts, 0 giants, 0 throttles 0 CRC, 0 frame, - overruns, 0 aborts - igno red, - parity errors Output (total): 14 packets, 2732 bytes 5 unicasts, 0 broadcasts, 9 multicasts, 0 pauses Output (normal): 14 packets, - bytes 5 unicasts, 0 broadcasts, 9 multicasts, 0 pauses Output: 0 output errors, - underruns, - buffer failures 0 aborts, 0 deferred, 0 collisions, 0 late collisions 0 lost carrier, - no carrier [Comware5]display interface g1/0/5 GigabitEthernet1/0/5 current state: DOWN IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 002 3 - 89d5 - a074 Description: GigabitEthernet1/0/5 Interface Loopback is not set Media type is twisted pair Port hardware type is 1000_BASE_T Unknown - speed mode, unknown - duplex mode Link speed type is autonegotiation, link duplex type is autonegotiation Flow - control is not enabled The Maximum Frame Length is 9216 Broadcast MAX - ratio: 100% Unicast MAX - ratio: 100% Multicast MAX - ratio: 100% Allow jumbo frame to pass PVID: 100 Mdi type: auto Port link - type: access Tagged VLAN ID : none Untagged VLAN ID : 100 Port priority: 0 Last clearing of counters: Never Peak value of input: 0 bytes/sec, at 2000 - 04 - 26 06:02:01 Peak value of output: 0 bytes/sec, at 2000 - 04 - 26 06:02:01 Last 300 seconds input: 0 packets/sec 0 bytes/sec - % Last 300 second s output: 0 packets/sec 0 bytes/sec - % Input (total): 0 packets, 0 bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Input (normal): 0 packets, - bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Input: 0 input errors, 0 runts, 0 giants, 0 throttles 0 CRC, 0 frame, - overruns, 0 aborts - ignored, - parity errors Output (total): 0 packets, 0 bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Output (normal): 0 packets, - bytes 0 uni casts, 0 broadcasts, 0 multicasts, 0 pauses Output: 0 output errors, - underruns, - buffer failures 0 aborts, 0 deferred, 0 collisions, 0 late collisions 0 lost carrier, - no carrier Comware7 [Comware7 ]interface g1/0/6 [Comware7 - Gigab itEthernet1/0/6]? Gigabitethernet_l2 interface view commands: apply Apply a PoE profile arp ARP module bandwidth Specify the expected bandwidth bpdu - drop Specify BPDU drop function bro adcast - suppression Broadcast storm suppression function cdp Non standard IEEE discovery protocol cfd Connectivity Fault Detection (CFD) module

306. 305 tracert Tracert function trill TRansparent Interconnection of Lots of Links (TRILL) module undo Cancel current setting unicast - suppression Unicast storm suppression function virtual - c able - test Test cable connection for an interface vlan Set VLAN precedence voice - vlan Voice VLAN configuration [Comware7 - GigabitEthernet1/0/6]port ? access Set access port attributes auto - power - down A uto power down an idle interface bridge Configure bridging hybrid Set hybrid port attributes link - aggregation Link aggregation group link - mode Switch the specified interface to layer2 or layer3 ethernet link - type Set the link type monitor - link Monitor Link module multicast - vlan Specify a multicast VLAN private - vlan Private VLAN function pvid Forward packets within the PVID service - loopback Service loop back group smart - l ink Smart Link module trunk Set trunk port attributes up - mode Forcibly bring up an interface without a fiber connection [Comware7 - GigabitEthernet1/0/6]port link - type ? access Set the link type to access hybrid Set t he link type to hybrid trunk Set the link type to trunk [Comware7 - GigabitEthernet1/0/6]port link - type trunk [Comware7 - GigabitEthernet1/0/6]port trunk ? permit Assign the port to VLANs pvid Specify the port PVID [Comware7 - GigabitEthernet1/0/6 ]port trunk permit ? vlan Specify permitted VLANs [Comware7 - GigabitEthernet1/0/6]port trunk permit vlan ? INTEGER<1 - 4094> VLAN ID all All VLANs [Comware7 - GigabitEthernet1/0/6]port trunk permit vlan 100 220 [Comware7 ]vlan 220 [Comw are7 - vlan220]? Vlan view commands: arp ARP module cfd Connectivity Fault Detection (CFD) module description Configure the VLAN description diagnostic - logfile Diagnostic log file configuration d isplay Display current system information igmp - snooping IGMP snooping module ip - subnet - vlan ipv6 Specify IPv6 configuration logfile Log file configuration mac - address Configure M AC address mac - forced - forwarding Specify MAC - forced forwarding configuration information mld - snooping MLD snooping module monitor System monitor name Configure the VLAN name

312. 311 Cisco(config)#interface g 1/ 0/4 Cisco(config - if)#switchp ort Cisco(config - if)#switchport access vlan 220 Cisco(config - if)#switchport mode access Cisco#show vlan id 220 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 220 t est active Gi1/0/4, Gi1/0/6 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 220 enet 100220 1500 - - - - - 0 0 Remote SPAN VLAN ---------------- Disabled Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ Cisco#show vlan id 100 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 100 VLAN0100 active Gi1/0/5, Gi1/0/6, Gi1/0/9 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Tra ns2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 100 enet 100100 1500 - - - - - 0 0 Remote SPAN VLAN ---------------- Disabled Primary Secondary Type Ports ------- ---- ----- ----------------- ------------------------------------------ Cisco#show vlan id 1 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3 Gi1/0/7, Gi1/0/8, Gi1/0/10 Gi1/0/11, Gi1/0/12, Gi1/0/13 Gi1/0/14, Gi1 /0/15, Gi1/0/16 Gi1/0/17, Gi1/0/18, Gi1/0/19 Gi1/0/20, Gi1/0/21, Gi1/0/22 Gi1/0/23, Gi1/0/24, Te1/0/1 Te1/0/2 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 Remote SPAN VLAN ---------------- Disabled

324. 323 forbid Prevent ports from becoming a member of the current VLAN. igmp - proxy Associate an IGMP proxy domain with a VLAN. ip Configure various IP parameters for the VLAN. ip - recv - mac - address Associates a L3 - mac - address with a VLAN. ipv6 Configure various IPv6 parameters for the VLAN. isolate - list Configure a list of isolated ports for the VLAN. jumbo Labels this VLAN as a Jumbo VLAN, allowing you to pass packets up to 9216 bytes in size. monitor Define whether the VLAN is to be monitored or not. name Set the VLAN's name. n tp Enable/configure NTP operation on the VLAN/OOBM. portal Enable BYOD redirection on this VLAN. private - vlan Configure private VLAN settings. protocol Set a predefined protocol for the current VLAN . qos Configure VLAN - based traffic prioritization. service - policy Apply a service - policy on the VLAN. tagged Assign ports to current VLAN as tagged. untagged Assign ports to current VLAN as untagged. voice Labels this VLAN as a Voice VLAN, allowing you to separate, prioritize, and authenticate voice traffic moving through your network. vrrp Enable/configure VRRP operation on the VLAN. <cr> ProVision(config)# vlan 150 private - vlan ? community Configure the community VLAN IDs for this private VLAN. isolated Configure the isolated VLAN ID for this private VLAN. primary Configure thi s VLAN as the primary VLAN. ProVision(config)# vlan 150 private - vlan primary ? <cr> ProVision(config)# vlan 150 private - vlan primary All primary VLAN ports are automatically configured as trusted for DHCP Snooping and ND Snooping. ProVision(config)# vl an 150 private - vlan isolated ? VLAN - ID Enter a VLAN identifier or the VLAN name if configured. ProVision(config)# vlan 150 private - vlan isolated 151 ? <cr> ProVision(config)# vlan 150 private - vlan isolated 151 ProVision(config)# vlan 150 private - vlan community ? [vlan]VLAN - ID - LIST Enter a list of VLAN identifiers or one VLAN identifier. ProVision(config)# vlan 150 private - vlan community 152 ? <cr> ProVision(config)# vlan 150 private - vlan community 152 ProVision(config)# interface 10 ? arp - protect Configure the port as trusted or untrusted. bandwidth - min Configure guaranteed minimum bandwidth settings. broadcast - limit Limit network bandwidth used by broadcast traffic. dhcp - snooping Configure port - specific DHCP snooping parameters. dhcpv6 - snooping Configure DHCPv6 snooping on the port. disable Disable the port. dldp Enable or disable the Device Link Detection Protocol (DLDP) to monitor l ink status. enable Enable the port. energy - efficient - e... Enable energy - efficient - ethernet on the port. flow - control Enable flow control negotiation on the port during link establishment.

334. 333 Cisco(config - vlan)#exit Cisco(config)#vlan 151 Cisco(config - vlan)#private - vlan ? association Configure association between private VLANs community Configure the VLAN as a community private VLAN isolated Configure the VLAN as an isolated private VLAN primary Configure the VLAN as a primary private VLAN Cisco(config - vlan)#private - vlan isolated ? <cr> Cisco(config - v lan)#private - vlan isolated Cisco(config - vlan)#exit Cisco(config)#vlan 152 Cisco(config - vlan)#private - vlan ? association Configure association between private VLANs community Configure the VLAN as a community private VLAN isolated Configure the VLAN as an isolated private VLAN primary Configure the VLAN as a primary private VLAN Cisco(config - vlan)#private - vlan community ? <cr> Cisco(config - vlan)#private - vlan community Cisco(config - vlan)#exit Cisco(config)#vlan 150 Cisco(config - vlan)#private - vlan ? association Configure association between private VLANs community Configure the VLAN as a community private VLAN isolated Configure the VLAN as an isolated private VLAN primary Configure the VLAN as a primary priva te VLAN Cisco(config - vlan)#private - vlan association ? WORD VLAN IDs of the private VLANs to be configured add Add a VLAN to private VLAN list remove Remove a VLAN from private VLAN list Cisco(config - vlan)#private - vlan association add ? WO RD VLAN IDs of the private VLANs to be configured Cisco(config - vlan)#private - vlan association add 151 - 152 ? <cr> Cisco(config - vlan)#private - vlan association add 151 - 152 Cisco(config)#interface g1/0/10 Cisco(config - if)#switchport ? access Set access mode characteristics of the interface autostate Include or exclude this port from vlan link up calculation backup Set backup for the interface block Disable forwarding of unknown uni/multi cast addresses host Set port host mode Set trunking mode of the interface nonegotiate Device will not engage in negotiation protocol on this interface

343. 342 information link - delay Set the physical state change suppression lldp Link Layer Discovery Protocol(802.1ab) logfile Log file config uration loopback Specify loopback of current port loopback - detection Loopback detection module mac - address Configure MAC address mac - authentication MAC authentication module mac - forced - forwarding Specify MAC - forc ed forwarding configuration information mac - vlan MAC VLAN configuration macsec MAC security module mdix - mode Specify mdix type mirroring - group Specify mirroring group mka MACsec Key Agreement protocol mld - snooping MLD snooping module monitor System monitor mrp Multiple registration protocol multicast - suppression Multicast storm suppression function mvrp Mult iple VLAN registration protocol oam OAM module packet - filter Packet filter settings pbb Provider Backbone Bridge (PBB) module ping Ping function poe Power over Et hernet port Set port attributes port - isolate Port isolation configuration port - security Port security module priority - flow - control Priority - based flow control (PFC) configuration ptp Precis ion Time Protocol (PTP) module qcn Quantized Congestion Notification (QCN) module qinq 802.1QinQ function qos Quality of Service (QoS) module quit Exit from current command v iew return Exit to User View rmon RMON module save Save current configuration security - logfile Security log file configuration service - instance Configure a service instance sflow sFlow function shutdown Shut down the interface smart - link Smart Link module spbm SPBM configuration speed Specify speed of current port storm - constrain Port stor m control stp Spanning Tree Protocol (STP) module tracert Tracert function trill TRansparent Interconnection of Lots of Links (TRILL) module undo Cancel c urrent setting unicast - suppression Unicast storm suppression function virtual - cable - test Test cable connection for an interface vlan Set VLAN precedence voice - vlan Voice VLAN configuration [Comware7 - GigabitEthe rnet1/0/1]mvrp ? enable Enable multiple VLAN registration protocol registration Specify MVRP registration mode [Comware7 - GigabitEthernet1/0/1]mvrp enable ? <cr> [Comware7 - GigabitEthernet1/0/1]mvrp enable

362. 361 Local Local Port Oper LACP Tx Port Trunk System ID Port Priority Key Mode Timer ------ ------ -------------- ----- --------- ------- -------- ----- 19 Trk1 002389 - d5a059 23 32768 1 Active Slow 20 Trk1 002389 - d5a059 24 32768 1 Active Slow 21 Trk2 cc3e5f - 73bacb 23 32768 1 Active Slow 22 Trk2 cc3e5f - 73bacb 24 32768 1 Active Slow 23 Trk3 002291 - ab4380 280 32768 1 Active Slow 24 Trk3 002291 - ab4380 28 1 32768 1 Active Slow ProVision# show lacp counters LACP Port Counters. LACP LACP Marker Marker Marker Marker Port Trunk PDUs Tx PDUs Rx Req. Tx Req. Rx Resp. Tx Resp. Rx Error ---- ------ ------- -- --------- -------- -------- -------- -------- -------- 19 Trk1 19 18 0 0 0 0 0 20 Trk1 18 17 0 0 0 0 0 21 Trk2 41 40 0 0 0 0 0 22 Trk2 40 39 0 0 0 0 0 23 Trk3 8 8 0 0 0 0 0 24 Trk3 8 8 0 0 0 0 0 ProVision# show vlan s 220 Status and Counters - VLAN Information - VLAN 220 VLAN ID : 220 Name : test Status : Port - based Voice : No Jumbo : No Port Information Mode Unknown VLAN Status ---------------- -------- ------------ ---------- 4 Untagged Learn Down 5 Untagged Learn Down 6 Tagged Learn Down 7 Tagged Learn Down 8 Tagged Learn Down Trk1 Tagged Learn Up Trk2 Tagged Learn Up Trk3 Tagged Learn Up ProVision# show vlans ports trk1 detail Status and Counters - VLAN Information - for ports Trk1 VLAN ID Name | Status Voice Jumbo Mode ---- --- -------------------- + ---------- ----- ----- -------- 1 DEFAULT_VLAN | Port - based No No Untagged 220 test | Port - based No No Tagged Comware [ Comware ] interface Bridge - Aggregation 1 [ Comware - Bridge - A ggregation1]description LACP - link - to - ProVision

364. 363 GigabitEthernet1/0/23: Aggregation Interface: Bridge - Aggr egation1 Local: Port Number: 23 Port Priority: 32768 Oper - Key: 1 Flag: {ACDEF} Remote: System ID: 0x3980, 009c - 02d5 - 3980 Port Number: 19 Port Priority: 0 Oper - Key: 562 Flag: {ACDEF} Received LACP Packets: 12 packet(s) Il legal: 0 packet(s) Sent LACP Packets: 12 packet(s) GigabitEthernet1/0/24: Aggregation Interface: Bridge - Aggregation1 Local: Port Number: 24 Port Priority: 32768 Oper - Key: 1 Flag: {ACDEF} Remote: System ID: 0x3980, 009c - 02d5 - 3980 Po rt Number: 20 Port Priority: 0 Oper - Key: 562 Flag: {ACDEF} Received LACP Packets: 11 packet(s) Illegal: 0 packet(s) Sent LACP Packets: 11 packet(s) [ Comware ]display vlan 220 VLAN ID: 220 VLAN Type: static Route Interface: configured IPv4 a ddress: 10.1.220.3 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0220 Name: test Tagged Ports: Bridge - Aggregation1 GigabitEthernet1/0/6 GigabitEthernet1/0/23 GigabitEthernet1/0/24 Untagged Ports: GigabitEthernet1/0/4 Gigab itEthernet1/0/5 Cisco Cisco(config)#interface port - channel 1 Cisco(config - if)#switchport trunk encapsulation dot1q Cisco(config - if)# switchport trunk allowed vlan 2 2 0 Cisco( config - if)#switchport mode access

366. 365 Port Flags State Priority Key Key Number State Gi1/0/24 SA bndl 32768 0x1 0x1 0x119 0x3D Partner's information: LACP port Admin Oper Port Port Port Flags Priority Dev ID Age key Key Number State Gi1/0/24 SA 0 009c.02d5.3980 13s 0x0 0x234 0x18 0x3D Age o f the port in the current state: 0d:00h:03m:09s ---- Port - channel1:Port - channel1 (Primary aggregator) Age of the Port - channel = 0d:00h:06m:29s Logical slot/port = 10/1 Number of ports = 2 HotStandBy port = null Port state = Port - c hannel Ag - Inuse Protocol = LACP Port security = Disabled Ports in the Port - channel: Index Load Port EC state No of bits ------ + ------ + ------ + ------------------ + ----------- 0 00 Gi1/0/23 Active 0 0 00 Gi1/0/24 Active 0 Time since last port bundled: 0d:00h:03m:09s Gi1/0/24 Cisco#show vlan name test VLAN Name Status Ports ---- -------------------------------- --------- ---------------------- --------- 220 test active Gi1/0/4, Gi1/0/5 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 220 enet 100220 1500 - - - - - 0 0 Remote SPAN VLAN ---------------- Disabled Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------

384. 383 Pro Vision(config)# spanning - tree 9 admin - edge - port [ Comware5 - GigabitEthernet1/0/9 ]stp edged - port enable Cisco(config - if)#spanning - tree port fast ProVision(config)# spanning - tree 9 path - cost 10000 [Comware5 - GigabitEthernet1/0/9 ]stp cost 10000 Cisco(config - if)#spanning - tree cost 10000 ProVision(config)# spanning - tree 9 priority 10 [Comware5 - GigabitEthernet1/0/9 ]stp port priority 160 Cisco(config - if)#spanning - tree port - priority 160 ProVision(config)# spanni ng - tree instance 1 9 path - cost 10000 [Comware5 - Gigab itEthernet1/0/9 ]stp instance 1 cost 10000 Cisco(config - if)#spanning - tree mst 1 cost 10000 ProVision(config)# spanning - tree instance 1 9 priority 10 [Comware5 - GigabitEthernet1/0/9 ]stp instance 1 port priority 160 Cisco(config - if)#spanning - tree mst 1 port - priority 160 ProVision# show spanning - tree [Comware5] display st p Cisco#show spanning - tree [Comware5] display stp brief Cisco#show spanning - tree mst ProVision# show spanning - tree mst - config [Comware5] display stp region - configura tion Cisco#show spanning - tree mst configuration ProVision# show spanning - tree instance ist [Comware5] display stp instance 0 Cisco#show spanning - tree mst 0 ProVision# show spanning - tree instance 1 [Comware5] display stp instance 1 Cisco#show spanning - tree mst 1 Cisco#show spanning - tree mst 3 Comware7 [Comware7 ]stp region - configuration [Comware7 - mst - region]region - name ProVision - Comware - Cisco [Comware7 - mst - region]revision - level 1 [Comware7 - mst - region]insta nce 1 vlan 220 [Comware7 - mst - region]instance 2 vlan 1 00 [Comware7 - mst - region]instance 3 vlan 240 [Comware7 - mst - region]active region - configuration [Comware7] stp priority 16384 [Comware7] stp instance 1 prior ity 20480 [Comware7] stp instance 2 priority 8192 [Comware7] stp instance 3 priority 12288 [Comware7]interface g1/0/9 [ Comware7 - GigabitEthernet1/0/9 ]stp edged - port [Comware7 - GigabitEthernet1/0/9 ]stp cost 10000 [Comware7 - GigabitEthernet 1/0/9 ]stp port priority 160 [Comware7 -

412. 411 PortTimes :Hello 2s MaxAge 20s FwDl y 15s MsgAge 2s ------- [VLAN 220 Global Info] ------- Protocol Status :enabled Bridge ID :8192.0023 - 89d5 - a059 Bridge Times :Hello 2s MaxAge 20s FwDly 15s Root ID / RPC :8192.0023 - 89d5 - a059 / 0 RootPortId :0.0 BPDU - Protec tion :disabled TC or TCN received :4 Time since last TC :0 days 1h:7m:38s ---- [Port5(GigabitEthernet1/0/5)][FORWARDING] ---- Port Protocol :enabled Port Role :Designated Port Port Priority :128 Port Cost(Legacy) :Config=a uto / Active=200 Desg. Bridge/Port :8192.0023 - 89d5 - a059 / 128.5 Port Edged :Config=disabled / Active=disabled Point - to - point :Config=auto / Active=true Transmit Limit :10 packets/hello - time Protection Type :None Rapid transit ion :false PortTimes :Hello 2s MaxAge 20s FwDly 15s MsgAge 0s ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port Protocol :enabled Port Role :Designated Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :8192.0023 - 89d5 - a059 / 128.6 Port Edged :Config=disabled / Active=disabled Point - to - point :Config=auto / Active=true Transmit Limit :10 packets/hello - time Protection Type :None Rapid transition :true PortTimes :Hello 2s MaxAge 20s FwDly 15s MsgAge 0s ------- [VLAN 230 Global Info] ------- Protocol Status :enabled Bridge ID :32768.0023 - 89d5 - a059 Bridge Times :Hello 2s MaxAge 20s FwDly 15s Root ID / RPC :32768 .0022 - 91ab - 4380 / 20020 RootPortId :128.6 BPDU - Protection :disabled TC or TCN received :2 Time since last TC :0 days 0h:40m:25s ---- [Port5(GigabitEthernet1/0/5)][FORWARDING] ---- Port Protocol :enabled Port Role :Designate d Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=200 Desg. Bridge/Port :32768.0023 - 89d5 - a059 / 128.5 Port Edged :Config=disabled / Active=disabled Point - to - point :Config=auto / Active=true Transmit Limit :10 packets/hello - time Protection Type :None Rapid transition :false PortTimes :Hello 2s MaxAge 20s FwDly 15s MsgAge 2s ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port Protocol :enabled Port Role :Root Port P ort Priority :128

443. 442 routes low - memory - exempt Exempt the EBGP peers from low - memory shutdown password Specify a password route - update - interval Specify the interval for sendin g the same update to the peers substitute - as Replace the AS number in the AS_PATH attribute with the local timer Configure timers for the peers ttl - security Configu re the Generalized TTL Security Mechanism (GTSM) [ Comware 7 - bgp]peer 10.0.101.21 as - number 64502 ? <cr> [ Comware 7 - bgp] peer 10.0.101.21 as - number 64502 [Comware7 - bgp]address - family ? ipv4 Specify the IPv4 address family ipv6 Specify the IPv6 ad dress family l2vpn Specify the L2VPN address family vpnv4 Specify the VPNv4 address family vpnv6 Specify the VPNv6 address family [Comware7 - bgp]address - family ipv4 ? unicast Specify the unicast address family <cr> [Comware7 - bgp]address - fam ily ipv4 unicast ? <cr> [Comware7 - bgp]address - family ipv4 unicast [Comware7 - bgp - ipv4]? Bgp - ipv4 protocol view commands: aggregate Create a summary route balance Configure BGP load balancing bestroute Change the default best route selection cfd Connectivity Fault Detection (CFD) module compare - different - as - med Compare the MEDs of routes from different ASs dampening Enable route - flap dampening default Set default value for BGP default - route Default route operation diagnostic - logfile Diagnostic log file configuration display Display current system information fast - reroute Configur e fast reroute filter - policy Filter networks in route updates import - route Import routes from another routing protocol logfile Log file configuration monitor System monitor network Specify a network to advertise via BGP peer Specify BGP peers pic Enable Prefix Independent Convergence (PIC) ping Ping function preference Configure the p reference of BGP routes quit Exit from current command view reflect Configure route reflection reflector Configure the route reflector return Exit to User View save Save current configuration security - logfile Security log file configuration summary Summarize subnet routes to classful network routes tracert Tracert function undo Can cel current setting [Comware7 - bgp - ipv4]peer 10.0.101.21 ?

565. 564 [Comware7 - isp - 8021x]accounting lan - access radius - scheme radius - auth ? local Specify local scheme none Specify none scheme <cr> [Comware7 - isp - 8021x]accounting lan - access radius - scheme radius - auth [Comware7]domain default enable 8021x [Comware7] dot1x ? authentication - method Specify an 802.1X authentication domain - delimiter Specify a set of domain name delimiters ead - assistant Specify the assistant function for the EAD quick employment quiet - period Enable the quiet timer retry Specify the maximum number of attempts for sending an authentication request smarton Configure the SmartOn function timer Set 802.1X timers <cr> [Comware7] dot1x [Comware7] dot1x authentication - method ? chap CHAP(Challenge Handshake Authentication Protocol) authentication eap EAP(Extensible Authentication Protocol) authentication pap PAP(Password Authe ntication Protocol) authentication [Comware7] dot1x authentication - method eap ? <cr> [Comware7] dot1x authentication - method eap [Comware7] int erface g1/0/14 [Comware7 - GigabitEthernet1/0/14 ]dot1x ? auth - fail Auth - Fail VLAN configuration cri tical Critical VLAN configuration guest - vlan Specify a guest VLAN with restricted services for non - authenticated 802.1X users handshake Configure the handshake function mandatory - domain Specify a mand atory 802.1X authentication domain max - user Specify the max number of online 802.1X users multicast - trigger Enable the multicast trigger function on the interface port - control Specify a port control status on the interface port - met hod Specify a port control method on the interface re - authenticate Configure the periodic re - authentication function smarton Configure the SmartOn function unicast - trigger Enable the unicast trigger function <cr> [Comware7 - GigabitEthernet1/0/14 ]dot1x 802.1x is enabl ed on port GigabitEthernet1/0/14 . [Comware7 - GigabitEthernet 1/0/14 ]undo dot1x handshake [Comware7 - GigabitEthernet1/0/14 ]dot1x auth - fail vlan 99 [Comware7 - GigabitEthernet1/0/14]dot1x max - user 1 [Comware7 - Gigabi tEthernet1/0/14 ] stp edged - port

566. 565 [ Comware7 ]display dot1x ? > Redirect it to a file >> Redirect it to a file in append mode connection Display connection information of online users interface Specify an interface sessions Display 802.1X sessions statistics Display 802.1X statistics | Matching output <cr> [Comware7] display dot1x sessions GigabitEthernet1/0/14 is link - up Online 802.1X users: 1 MAC address Auth state 0023 - 7de7 - 3a db Authenticated [Comware7]display dot1x connection Slot ID: 1 User MAC address: 0023 - 7de7 - 3adb Access interface: GigabitEthernet1/0/14 Username: user1 Authentication domain: 8021x Authentication method: EAP Initial VLAN: 1 Authorization untagged VLAN : 220 Authorization tagged VLAN list: N/A Authorization ACL ID: N/A Authorization user profile: N/A Termination action: N/A Session timeout period: N/A Online from: 2015/05/19 14:50:38 Online duration: 0h 5m 12s Total 1 connections matched. [Comware7]d isplay dot1x interface g1/0/14 Global 802.1X parameters: 802.1X authentication : Enabled EAP authentication : Enabled Max - tx period : 30 s Handshake period : 15 s Quiet timer : Disabled Quiet period : 60 s Supp timeout : 30 s Server timeout : 100 s Reauth period : 3600 s Max auth requests : 2 SmartOn supp timeout : 30 s SmartOn retry counts : 3 EAD assistant function : Disabled EAD ti meout : 30 min Domain delimiter : @ Max 802.1X users : 4294967295 per slot Online 802.1X users : 1 GigabitEthernet1/0/14 is link - up 802.1X authentication : Enabled Handshake : Disabled Handsha ke security : Disabled Unicast trigger : Disabled Periodic reauth : Disabled Port role : Authenticator

626. 625 show interface private - vlan mapping , 337 show interfaces , 288, 310, 368, 375 show inventory , 25 show ip , 327, 526, 530 show ip admission cache , 607 show ip arp, 562 show ip arp inspection interfaces, 569 show ip bgp sum mary , 454 show ip dhcp snooping, 552 show ip helper - address , 329 show ip host - public - key , 173 show ip interface , 329 show ip interface brief , 327 show ip ospf , 446 show ip rip , 434 show ip ssh , 173 show job , 280 show job save - config , 280 show kron schedule , 280 show lacp, 375 show lldp info remote - device , 249 show lldp info remote - device oobm , 265 show lldp neighbors, 249 show lldp neighbors fastEthernet 0, 265 show logging , 117 show mls qos, 508 show modules , 25 show monitor , 619, 625, 626 show mvrp config , 351 show mvrp state , 351 show ntp associations , 124 show ntp status , 124 show password - configuration , 75 show port - access authenticator , 577 show port - access mac - based , 597 show port - access web - based config , 607 show power inline , 362 show power - over - eth ernet , 362 show qos , 508 show radius , 198 show radius authentication , 198 show radius host , 198 show radius statistics, 198 show run , 38 show running - config , 100 show snmp, 140, 153 show snmp - server , 140 show snmpv3 , 153 show sntp , 134 show spanning - tree , 387, 399, 422 show spanning - tree root , 422 show spanning - tree summary , 422 show stacking , 634 show switch detail , 638 show system fans , 25, 33 show system power - supply , 25 show system temperature , 25 show tacacs , 229 show tech , 8, 36 show tech - support , 8, 36 show telnet , 30, 166 show time , 124 show trunks , 382 show usb - port, 23 show users , 30, 166 show version , 60, 85 show vlan, 310 show vlan brief , 304, 577 show vlan private - vlan , 337 show vlan private - vlan type , 337 show vlans , 304, 310, 368, 382, 577 sho w vlans private - vlan , 336 show vrrp , 471 shutdown , 288 snmp - agent , 140 snmp - agent group v3 , 153 snmp - agent trap source Vlan - interface , 41 snmp - server , 140 snmp - server group <name> v3 , 153 snmp - server trap - source , 41 snmpv3 , 153 sntp , 134 sntp enable , 134 s ntp server priority , 134 sntp unicast - server , 134 spanning - tree , 387, 398, 399, 421 spanning - tree 6 bpdu - filter , 548 spanning - tree 6 root - guard , 551 spanning - tree 6 tcn - guard , 551 spanning - tree bpdufilter enable , 548 spanning - tree bpduguard enable , 548 spa nning - tree bpdu - protection - timeout , 548 spanning - tree guard loop , 549 spanning - tree guard root , 551 spanning - tree instance , 399 spanning - tree mode , 398

50. 49 level - 5 level - 6 level - 7 level - 8 level - 9 level - 10 level - 11 level - 12 level - 13 level - 14 level - 15 security - audit [Comware7]super password role network - admin ? hash Spec ify a hashtext password simple Specify a plaintext password <cr> [Comware7]super password role network - admin simple ? STRING<1 - 63> Plaintext password string [Comware7]super password role network - admin simple password ? <cr> [Comware7]super pas sword role network - admin simple password [Comware7]super password role network - admin hash ? STRING<1 - 110> Hashtext password string [Comware7]super password role network - admin hash password ? <cr> [Comware7]super password role network - admin hash pas sword [Comware 7 ] local - user ? STRING<1 - 55> Local user name, which cannot contain the domain name [Comware 7 ]local - user manager ? <cr> [Comware 7 ] local - user manager New local user added. [Comware7 - luser - manage - manager]? Local - user protocol view co mmands: access - limit Specify the maximum concurrent access number for the local user authorization - attribute Specify authorization attributes of local user bind - attribute Specify binding attributes of local user cfd Connectivity Fault Detection (CFD) module diagnostic - logfile Diagnostic log file configuration display Display current system information group Specify user group of loc al user logfile Log file configuration monitor System monitor password Specify password of local user password - control Password control feature ping Ping function qui t Exit from current command view return Exit to User View save Save current configuration security - logfile Security log file configuration service - type Specify a service type for the local user state Specify state of local user

67. 66 network - operator level - 0 level - 1 level - 2 level - 3 level - 4 level - 5 level - 6 level - 7 level - 8 level - 9 level - 10 level - 11 level - 12 level - 13 level - 14 level - 15 security - audit network - admin2 [Comware7]display role name network - admin2 ? > Redirect it to a file >> Redirect it to a file in appe nd mode | Matching output <cr> [Comware7]display role name network - admin2 Role: network - admin2 Description: VLAN policy: permit (default) Interface policy: permit (default) VPN instance policy: permit (default) -------------------------- ----------------------------------------- Rule Perm Type Scope Entity ------------------------------------------------------------------- 1 permit command display interface brief 2 permit command di splay ip interface brief R:Read W:Write X:Execute [Comware7]display local - user ? > Redirect it to a file >> Redirect it to a file in append mode class Specify a class for the local user idle - cut Display local users with idle cut function service - type Display local users of specified service type state Display local users in state of active or block user - name Display local users using specified user name vlan Display local users in specified VLAN | Matching output <cr> [Comware7]display local - user user - name ? STRING<1 - 55> User name [Comware7]display local - user user - name test1 ? class Specify a class for the local user [Comware7]display local - user user - name te st1 class ? manage Device management user network Network access user [Comware7]display local - user user - name test1 class manage ? > Redirect it to a file >> Redirect it to a file in append mode | Matching output

68. 67 <cr> [Comware7]d isplay local - user user - name test1 class manage Total 1 local users matched. Device management user test1: State: Active Service type: Telnet User group: system Bind attributes: Authorization attributes: Work directory: flash: User role list: network - admin2 Cisco Cisco(config)#aaa new - model Cisco(config)#parser ? cache Configure parser cache command Configure command serialization config Configure config generation m aximum specify performance maximums for CLI operations view View Commands Cisco(config)#parser view ? WORD View Name Cisco(config)#parser view network - admin2 ? superview SuperView Commands <cr> Cisco(config)#parser view network - admin2 Ci sco(config - view)#? View commands: commands Configure commands for a view default Set a command to its defaults exit Exit from view configuration mode no Negate a command or set its defaults secret Set a secret for the current vi ew Cisco(config - view)#secret ? 0 Specifies an UNENCRYPTED password will follow 5 Specifies an ENCRYPTED secret will follow LINE The UNENCRYPTED (cleartext) view secret string Cisco(config - view)#secret 0 ? LINE The UNENCRYPTED (cleartext ) view secret string Cisco(config - view)#secret 0 password ? LINE <cr> Cisco(config - view)#secret 0 password Cisco(config - view)#commands ? SASL - profile SASL profile configuration mode aaa - attr - list AAA attribute l ist config mode aaa - user AAA user definition acct_mlist AAA accounting methodlist definitions address - family Address Family configuration mode archive Archive the rout er configuration mode arp - nacl ARP named ACL configuration mode bgp address - family Address Family configuration mode

100. 99 (hostname, IPv4 or IPv6 address). ProVision# copy running - config sftp 10. 0.100.111 ? FILENAME - STR Specify filename for the SFTP transfer port TCP port of the SSH server on the remote system. ProVision# copy running - config sftp 10. 0.100.111 config2 .cfg ? <cr> ProVision# copy running - config sftp 10. 0.100.111 config2 .cfg Attempting username/password authentication... Enter manager@10.0.100.111's password: ******** SFTP download in progress. ProVision# copy running - c onfig usb ? FILENAME - STR Specify filename for the USB transfer. ProVision# copy running - config usb config2 ProVision# copy running - config xmodem ? pc Change CR/LF to PC style. unix Change CR/LF to unix styl e. <cr> ProVision# copy running - config xmodem Press 'Enter' and start XMODEM on your host... ProVision# copy startup - config default - config Copy source file to custom default configuration. sftp Copy data to an SFTP server tft p Copy data to a TFTP server. usb Copy data to a USB flash drive. xmodem Use xmodem on the terminal as the data destination. ProVision# copy startup - config default - config ? <cr> ProVision# copy startup - config default - config ProVision# copy startup - config tftp ? HOST - NAME - STR Specify hostname of the TFTP server. IP - ADDR Specify TFTP server IPv4 address. IPV6 - ADDR Specify TFTP server IPv6 address. ProVision# copy star tup - config tftp 10. 0.100.111 ? FILENAME - STR Specify filename for the TFTP transfer. ProVision# copy startup - config tftp 10. 0.100.111 ProVision _startup - config.cfg ProVision# copy startup - config sftp ? HOST - NAME - STR Specify hostname of t he SFTP server. IP - ADDR Specify SFTP server IPv4 address. IPV6 - ADDR Specify SFTP server IPv6 address. user Specify the username on the remote system USERNAME@IP - STR Specify the username along with remote system information (hostname, IPv4 or IPv6 address). ProVision# copy startup - config sftp 10.0.100.111 ? FILENAME - STR Specify filename for the SFTP transfer port TCP port of the SSH server on the remote s ystem. ProVision# copy startup - config sftp 10.0.100.111 ProVision_startup.cfg ? oobm Use the OOBM interface to reach SFTP server. <cr>

101. 100 ProVision# copy startup - config sftp 10.0.100.111 ProVision_startup.cfg Attempting username/password authentication... Enter manager@10.0.100.111's password: ******** SFTP download in progress. ProVision# copy config ? config1 config2 ProVision# copy config config1 ? config Copy data to the specified switch configuration file. defaul t - config Copy source file to custom default configuration. sftp Copy data to an SFTP server tftp Copy data to a TFTP server. usb Copy data to a USB flash drive. xmodem Use xmodem on the terminal as the data destination. ProVision# copy config config1 config ? ASCII - STR Enter an ASCII string for the 'conf ig' command/parameter. ProVision# copy config config1 config config2 ? <cr> ProVision# cop y config config1 config config2 ProVision# copy config config1 tftp 10. 0.100.111 config1 .cfg ProVision# copy con fig config1 s ftp 10. 0.100.111 config1 .cfg Attempting username/password authentication... Enter manager@10.0.100.111's password: ******** SFTP download in progress. ProVision# erase startup - config ? <cr> ProVision# erase startup - config Configuration will be deleted and device rebooted, continue [y/n]? ProVision# copy tftp startup - config 10. 0.100.111 config6.cfg Device may be rebooted, do yo u want to continue [y/n]? ProVision# copy sftp startup - config 10.0.100.111 config6.cfg Device may be rebooted, do you want to continue [y/n]? y Attempting username/password authentication... Enter manager@10.0.100.111's password: ******** SFTP download i n progress. ProVision# copy tftp config config3 10. 0.100.111 config3 .cfg ProVision# copy sftp config config3 10.0.100.111 config3.cfg Attempting username/password authentication... Enter manager@10.0.100.111's password: ******** SFTP download in progress . ProVision# show config files Configuration files: id | act pri sec | name --- + ------------- + ----------------- ------------------------------- 1 | * * | config1 2 | * | config2

120. 119 ProVision ProVision(config)# ntp ? authentication Configure NTP authen tication. broadcast Operate in broadcast mode. enable Enable/disable NTP. max - association Maximum number of Network Time Protocol (NTP) associations. server Configure a NTP server to poll for time synchro nization. trap Enable/disable NTP traps. unicast Operate in unicast mode. ProVision(config)# ntp server ? IP - ADDR The IPv4 address of the server IPV6 - ADDR The IPv6 address of the server ProVi sion(config)# ntp server 10.0.100.251 ? burst Enables burst mode. iburst Enables initial burst (iburst) mode. key - id Set the authentication key to use for this server. max - poll Configures the m aximum time intervals in seconds. min - poll Configures the minimum time intervals in seconds. oobm Use the OOBM interface to connect to the server. <cr> ProVision(config)# ntp server 10.0.100.251 ProVision(config)# ntp un icast ? <cr> ProVision(config)# ntp unicast ProVision(config)# timesync ? ntp Update the system clock using NTP. sntp Update the system clock using SNTP. timep Update the system clock using TIMEP. t imep - or - sntp Update the system clock using TIMEP or SNTP. ProVision(config)# timesync nt p ? <cr> ProVision(config)# timesy nc nt p ProVision(config)# show ntp associations NTP Associations Entries Remote St T When Poll Reach Delay Offset Dispersion --------------- ---- ---- ------ ----- -------- -------- -------- ---------- 10.0.100.251 2 u 497 6 177 0.000 0.000 8.02417 ProVision# show ntp status NTP Status I nformation NTP Status : Enabled NTP Mode : Unicast Synchronization Status : Synchronized Peer Dispersion : 0.00000 sec Stratum Number : 3 Leap Direction : 0 Reference Assoc ID : 0 Clock Offset : - 490.51406 sec Reference ID : 10.0.100.251 Root Delay : 0.09215 sec Precision : 2** - 18 Root Dispersion : 490.54954 sec NTP Up Time : 0d 0h 20m Time Resolution : 440 nsec Drift : 0.00000 sec/sec System Time : Wed Apr 27 17:43:49 2016 Reference Time : Wed Apr 27 16:21:27 2016

137. 136 Running Config Change : Disabled MAC address table changes : Disabled MAC Address Count : Disabled DHCP - Server : Enab led Address Community Events Type Retry Timeout ---------------------- ---------------------- -------- ------ ------- ------- 10.0.1 11.210 private All trap 3 15 Excluded MIBs Snmp Response Pdu Source - IP Information Selection Policy : rfc1517 Trap Pdu Source - IP Information Selection Policy : configuredIP IP Address : 10.0.111.21 Comware 5 [ Comware5 ] snmp - agent ? calculate - password Calculate the secre t key of the plain password community Set a community for the access of SNMPv1&SNMPv2c group Set a SNMP group based on USM ifmib IF - MIB commands local - engineid Set the engineID of local SNMP entity log Set the log function mib - view Set SNMP MIB view information packet Set SNMP packet's parameters sys - info Set system information of the node target - host Set the target hosts to receive SNMP n otification/traps trap Set the parameters of SNMP trap/notification usm - user Set a new user for access to SNMP entity <cr> [ Comware5 ] snmp - agent target - host ? trap Specify trap host target [ Comware5 ] snmp - agent target - hos t trap ? address Specify the transport addresses to be used in the generation of SNMP messages [ Comware5 ] snmp - agent target - host trap address ? udp - domain Specify transport domain over UDP for the target host [ Comware5 ] snmp - agent target - h ost trap address udp - domain ? STRING<1 - 255> IP address or hostname of target host ipv6 Specify an ipv6 address as the target host address [ Comware5 ] snmp - agent target - host trap address udp - domain 10.0.1 11.210 ? dscp Differentiated Services Code Point params Specify SNMP target information to be used in the generation of SNMP messages udp - port Set port to receive traps/notifications for this target host vpn - instance Specify VPN instance [ Comware5 ] snmp - agent target - host trap address udp - domain 10.0.111.210 udp - port ? INTEGER<0 - 65535> The port number of target host [ Comware5 ] snmp - agent target - host trap address udp - domain 10.0.1 11.210 udp - port 161 ? dscp Differentiated Services Codepoi nt (DSCP) params Specify SNMP target information to be used in the generation of SNMP messages

179. 178 [Comware5]ip ? as - path Specify an as - path community - list Add a community - list entry extcommunity - list Add an extended community - li st entry forward - broadcast Enable forwarding directed - broadcast host Add a new IP host name and address to the IP host name table http Hypertext transfer protocol https Config HTTPS ser ver ip - prefix Specify an address prefix list ipv6 - prefix Specify an IPv6 address prefix list local Specify local attribute redirects ICMP redirect function route - static Establish a static route rpf - ro ute - static Establish Multicast static route source Source address of packet ttl - expires ICMP TTL - expire function unreachables ICMP unreachable function urpf Unicast reverse path forward function vpn - instan ce VPN - Instance [Comware5]ip http ? acl Specify acl filtering dscp Differentiated Services Codepoint (DSCP) enable Start http server port Specify port [Comware5]ip http enable ? <cr> [ Comware5 ]ip http enable [Comware5]displa y web ? users Web management users [Comware5]display web users ? | Matching output <cr> [Comware5]display web users UserID Name Language Level State LinkCount LoginTime LastTime ab0c0000 manager English Management Enabl e 0 14:44:45 14:44:51 Comware7 HTTP is not enabled by default. [Comware 7 ]local - user manager [Comware7 - luser - manage - manager ] password simple password [Comware7 - luser - manage - manager ] authorization - attribute user - role network - admin [Comware7 - l user - manage - manager]service - type http [Comware7]ip ?

187. 186 Cisco(config)#ip http ? access - class Restrict http server access by access - class active - session - modules Set up active http server session modules authentication Set http server authentication method client Set http clien t parameters help - path HTML help root URL max - connections Set maximum number of concurrent http server connections path Set base path for HTML port Set http server port secure - active - session - modules Set up active http secure server session modules secure - ciphersuite Set http secure server ciphersuite secure - client - auth Set http secure server with client authentication secure - port Set http secure server port number for listening secure - server Enable HTTP secure serv er secure - trustpoint Set http secure server certificate trustpoint server Enable http server session - module - list Set up a http(s) server session module list timeout - policy Set http ser ver time - out policy parameters Cisco(config)#ip http secure - server ? <cr> Cisco(config)#ip http secure - server N ote: ip http secure - server is enabled by default and a self - signed certifi cate is automatically generated. Cisco(config)#no ip http serve r Cisco#show crypto ? key Show long term public keys pki Show PKI Cisco#show crypto pki certificates ? WORD Trustpoint Name storage show certificate storage location verbose Display in verbose mode | Output modifiers <cr> C isco#show crypto pki certificates verbose Router Self - Signed Certificate Status: Available Version: 3 Certificate Serial Number (hex): 01 Certificate Usage: General Purpose Issuer: cn=IOS - Self - Signed - Certificate - 2443 68 0256 Subject: Name : IOS - Self - Signed - Certificate - 24439 43 256 cn=IOS - Self - Signed - Certificate - 2443920256 Validity Date: start date: 18:05:27 US - Cent Feb 28 1993 end date: 18:00:00 US - Cent Dec 31 2019 Subject Key Info:

219. 218 ProVision(config)# tacacs - server host 10.0.100.111 key password [ Comware5 - hwtacacs - tacacs - auth]primary authentication 10.0.100.111 key simple password [ Comware5 - hwtacacs - tacacs - auth]primary authorization 10.0.100.111 key simple password [ Comware5 - hwtacacs - ta cacs - auth] primary accounting 10.0.100.111 key simple password [ Comware5 - hwtacacs - tacacs - auth]user - name - format without - domain Cisco(config)#tacacs - server host 10.0.100.111 key password ProVision(config)# aaa authentication console login tacacs local Cisco(config)#aaa authentication login default group tacacs+ local ProVision(config)# aaa authentication console enable tacacs local Cisco(config)#aaa auth entication enable default group tacacs+ local ProVision(config)# aaa authentication telnet login tacacs none Cisco(config)#aaa authentication login default group tacacs+ ProVision(config)# aaa authentication telnet enable tacacs none Cisco(config)#aaa authentication enabl e default group tacacs+ ProVision(config)# aaa authentication ssh login tacacs none Cisco(config)#aaa authentication login default group tacacs+ ProVision(config)# aaa authentication ssh enable tacacs none Cisco(config)#aaa a uthentication enable default group tacacs+ [ Comware5 ] domain tacacs [ Comware5 - isp - tacacs]authentication default hwtacacs - scheme ta cacs - auth [ Comware5 - isp - tacacs]authorization default hwtacacs - scheme tacacs - auth [ Comware5 - isp - tacacs]accounting default hwtacacs - scheme tacacs - auth [ Comware5 ] domain default enable tacacs [ Comware5 ]user - int erface aux 0 [ Comware5 - ui - aux0]authentication - mode scheme [ Comware5 ]user - interface vty 0 15 Cisco(config)#line vty 0 15 [ Comware5 - ui - vty0 - 15]authentication - mode scheme Cisco(config - line)#login authentication default

230. 229 password Password authentication scheme Authentication use AAA [Comware7 - line - vty0 - 63]authentication - mode s cheme ? <cr> [Comware7 - line - vty0 - 63]authentication - mode scheme [Comware7]display hwtacacs ? scheme Specify HWTACACS scheme [Comware7]display hwtacacs scheme ? > Redirect it to a file >> Redirect it to a file in append mo de STRING<1 - 32> HWTACACS scheme name | Matching output <cr> [Comware7]display hwtacacs scheme Total 1 TACACS schemes ------------------------------------------------------------------ HWTACACS Scheme Name : tacacs - auth Index : 0 P rimary Auth Server: Host name: Not Configured IP : 10.0.100.111 Port: 49 State: Active VPN Instance: Not configured Single - connection: Disabled Primary Author Server: Host name: Not Configured IP : 10.0.100.111 Port: 4 9 State: Active VPN Instance: Not configured Single - connection: Disabled Primary Acct Server: Host name: Not Configured IP : 10.0.100.111 Port: 49 State: Active VPN Instance: Not configured Single - connection: Disabled VPN Instance : Not configured NAS IP Address : Not configured Server Quiet Period(minutes) : 5 Realtime Accounting Interval(minutes) : 12 Response Timeout Interval(seconds) : 5 Userna me Format : without - domain ------------------------------------------------------------------ Cisco Cisco(config)#tacacs - server ? administration Start tacacs+ deamon handling administrative messages attribute Customi ze selected tacacs attributes cache AAA auth cache default server group directed - request Allow user to specify tacacs server to use with `@server' dns - alias - lookup Enable IP Domain Name System Alias lookup for TACACS servers domain - stripping Strip the domain from the username host Specify a TACACS server key Set TACACS+ encryption key. packet Modify TACACS+ packet options timeout Time to wait for a TACACS serv er to reply Cisco(config)#tacacs - server host ? Hostname or A.B.C.D IP address of TACACS server

261. 260 [Comware7]ping - i M - GigabitEthernet 0/0/0 10.199.111.41 ? <cr> [Comware7]ping - i M - GigabitEthernet 0/0/0 10.199.111.41 Ping 10.199.111.41 (10.199.111.41): 56 data bytes, press CTRL_C to break 56 bytes from 10.199.111.41: icmp_seq=0 ttl=255 time=3.488 ms 56 bytes from 10.199.111.41: icmp_seq=1 ttl=255 time=3.065 ms 56 bytes from 10.199.111.41: icmp_seq=2 ttl=255 time=1.773 ms 56 bytes from 10.199.111.41: icmp_seq=3 ttl=255 time=90.936 ms 56 bytes from 10.199.111.41: icmp_seq=4 ttl=255 time=21.390 ms - -- Ping statistics for 10.199.111.41 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round - trip min/avg/max/std - dev = 1.773/24.130/90.936/34.177 ms [Comware7]%Jun 10 14:42:08:954 2016 Comware7 PING/6/PING_STATIS_INFO: Ping statistics fo r 10.199.111.41: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round - trip min/avg/max/std - dev = 1.773/24.130/90.936/34.177 ms. <Comware7>tftp ? STRING<1 - 253> IP address or hostname of the TFTP Server ipv6 IPv6 TFTP Clien t <Comware7>tftp 10.199.111.200 ? get Download a file from the TFTP server put Upload a local file to the TFTP server sget Download a file from the TFTP server securely <Comware7>tftp 10.199.111.200 get ? STRING<1 - 255> Source filename <Com ware7>tftp 10.199.111.200 get 5900_5920 - CMW710 - R2422P01.ipe ? STRING<1 - 255> Destination filename dscp Set the Differentiated Services Codepoint (DSCP) value source Specify the source address for outgoing TFTP packets vpn - instance Specify a VPN instance <cr> <Comware7>tftp 10.199.111.200 get 5900_5920 - CMW710 - R2422P01.ipe source ? interface Use the primary address of an interface ip Use a local IP address <Comware7>tftp 10.199.111.200 get 5900_5920 - CMW710 - R2422P01 .ipe source interface ? M - GigabitEthernet MGE interface Vlan - interface VLAN interface <Comware7>tftp 10.199.111.200 get 5900_5920 - CMW710 - R2422P01.ipe source interface M - GigabitEthernet 0/0/0 ? dscp Set the Differentiated Services Codepoint (D SCP) value <cr> <Comware7>tftp 10.199.111.200 get 5900_5920 - CMW710 - R2422P01.ipe source interface M - GigabitEthernet 0/0/0 <Comware7>display lldp ? local - information Display local information neighbor - information Display neighbor information statistics Display statistics information status Display LLDP status and configuration tlv - config Display TLV configuration <Comware7>display lldp neighbor - information ? > Redirect it to a file >> Redirect it to a file in append mode

270. 269 reboot Run the job as soon as possible after every switch boot. failover Run the job as soon as possible after standby failover. [H H:]MM The time when the job should run. ProVision(config)# job save - config at 01:00 ? COMMAND - STR The command to execute when this job runs. Use quotes for multi - word commands. config - save Save co nfiguration changes made by the job. on Schedule the job to run on specified days. ProVision(config)# job save - config at 01:00 "copy run tftp 10.0.100.111 provision.cfg" ? count Specify the number of times the job shou ld run. <cr> ProVision(config)# job save - config at 01:00 "copy run tftp 10.0.100.111 provision.cfg" ProVision # show job ? JOB - NAME - STR A job name to show additional detail about. <cr> ProVision # show job Job Scheduler Status and Configur ation Scheduler Status : Running Event or Repeat Save Name Time Count Cfg Command ------------------ -------------------- ------ ---- ------------------------- save - config 01 :00 -- No copy run tftp 10.0.100.111 provi... ProVision # show job save - config Job Information Job Name : save - config Runs At : 01:00 Config Save : No Repeat Count: -- Job Status : Enabled Run Count : 0 Error Count : 0 Command : copy run tftp 10.0.100.111 provision.cfg Comware5 [Comware5]job ? STRING<1 - 32> Name of the task [Comware5]job save - config ? <cr> [Comware5]job save - config [Comware5 - job - save - config]? Job view commands: cfd Co nnectivity fault detection (IEEE 802.1ag) display Display current system information mtracert Trace route to multicast source ping Ping function quit Exit from current command view return Exit to User View

297. 296 ste Ma ximum number of Spanning Tree Explorer hops for this VLAN (or zero if none specified) stp Spanning tree characteristics of the VLAN tb - vlan1 ID number of the first translational VLAN for this VLAN (or zero if none) tb - vlan2 ID number of the second translational VLAN for this VLAN (or zero if none) Cisco(config - vlan)#name ? WORD The ascii name for the VLAN Cisco(config - vlan)#name test Cisco#show vlan ? access - log VACL Loggi ng access - map Vlan access - map brief VTP all VLAN status in brief dot1q Display dot1q parameters filter VLAN filter information group VLAN group(s) information id VTP VLAN status by VLAN id ifindex SNMP ifIndex internal VLAN internal usage mtu VLAN MTU information name VTP VLAN status by VLAN name private - vlan Private VLAN information remote - span Remote SPAN VLANs summary VLAN summary information | Output modifiers <cr> Cisco#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi1/0/1, Gi1/ 0/2, Gi1/0/3 Gi1/0/4, Gi1/0/5, Gi1/0/6 Gi1/0/7, Gi1/0/8, Gi1/0/9 Gi1/0/10, Gi1/0/11, Gi1/0/12 Gi1/0/13, Gi1/0/14, Gi1/0/15 Gi1/0/16, Gi1/0/17, Gi1/0/18 Gi1/0/19, Gi1/0/20, Gi1/0/21 Gi1/0/22, Gi1/0/23, Gi1/0/24 Te1/0/1, Te1/0/2 100 VLAN0100 active 220 test active 1002 fddi - default act/unsup 1003 token - ring - def ault act/unsup 1004 fddinet - default act/unsup 1005 trnet - default act/unsup

300. 299 Ove rridden Port VLAN configuration Port Mode ------ ------------ ProVision# show vlans ports 6 detail Status and Counters - VLAN Information - for ports 6 VLAN ID Name | Status Voice Jumbo Mode ------- -------------------- + ---------- ----- ----- -------- 1 DEFAULT_VLAN | Port - based No No Untagged 100 VLAN100 | Port - based No No Tagged 220 test | Port - based No No Tagged ProVision# show vlans ports 5 detail Status and Counters - VLAN Information - for ports 5 VLAN ID Name | Status Voice Jumbo Mode ------- -------------------- + ---------- ----- ----- -------- 100 VLAN100 | Port - based No No Untagged C omware5 [Comware 5 ]interface g1/0/6 [Comware 5 - GigabitEthernet1/0/6]port link - type ? access Access link - type hybrid Hybrid VLAN link - type trunk VLAN Trunk link - type [Comware5 - GigabitEthernet1/0/6]? Gigabitethernet_l2 interface view commands: a pply Apply Poe - profile arp Configure ARP for the interface bpdu - drop Drop BPDU packets. bpdu - tunnel Specify BPDU tunnel function broadcast - suppression Specify the broadcast storm control cfd Connectivity fault detection (IEEE 802.1ag) default Restore the default settings description Describe the interface dhcp - snooping DHCP Snooping display Display current syste m information dldp Specify configuration information of DLDP dot1x Specify 802.1X configuration information duplex Status of duplex enable Enable function flow - control F low control command flow - interval Set interval of interface statistic garp Generic Attribute Registration Protocol gvrp GARP VLAN Registration Protocol igmp - snooping Configure IGMP snooping char acteristic ip Specify IP configurations for the system ipv6 IPv6 status and configuration information jumboframe Jumboframe command lacp Configure LACP Protocol link - aggregation Link aggregation group link - delay Set the delay time of holding link - up and link - down lldp Link Layer Discovery Protocol(802.1ab) loopback Specify loopback of current port loopback - detection Det ect if loopback exists mac - address Configure MAC address mac - authentication MAC authentication configuration mac - forced - forwarding Specify MAC - forced forwarding configuration

319. 318 relay Configure a DHCP rela y agent select Specify process mode of DHCP packet server Configure a DHCP server [Comware 7 - Vlan - interface220]dhcp select ? relay Relay mode server Server mode [Comware 7 - Vlan - interface220]dhcp select relay ? <cr> [Comware 7 - Vlan - interface2 20]dhcp select relay [Comware7 - Vlan - interface220]dhcp relay ? check Check the DHCP packet information DHCP relay agent information server - address Specify the IP address of DHCP server [Comware7 - Vlan - interface220]dhcp relay server - ad dress ? X.X.X.X IP address [Comware7 - Vlan - interface220]dhcp relay server - address 10.0.100.251 ? <cr> [Comware7 - Vlan - interface220]dhcp relay server - address 10.0.100.251 [Comware7]dis play dhcp relay server - address Interface name Serv er IP address Vlan220 10.0.100.251 [Comware7]display dhcp relay statistics interface Vlan - interface 220 DHCP packets dropped: 0 DHCP packets received from clients: 17 DHCPDISCOVER: 10 DHCPREQUEST: 3 DHCPINFORM: 4 DHCPRELEASE: 0 DHCPDECLINE: 0 BOOTPREQUEST: 0 DHCP packets received from servers: 9 DHCPOFFER : 2 DHCPACK: 7 DHCPNAK: 0 BOOTPREPLY: 0 DHCP packets relayed to servers: 17 DHCPDISCOVER: 10 DHCPREQUEST: 3 DHCPINFORM: 4 DHCPRELEASE: 0 DHCPDECLINE: 0 BOOTPREQUEST: 0 DHCP packets relayed to clients: 9 DHCPOFFER: 2 DHCPACK: 7 DHCPNAK: 0 BOOTPREPLY: 0 DHCP packets sent to servers: 0 DHCPDISCOVER: 0 DHCPREQUEST: 0 DHCPINFORM: 0 DHCPRELEASE: 0 DHCPDECLINE: 0

321. 320 unnumbered Enable IP processing without an explicit address unreachables Enable sending ICMP Unreachable messages urd Configure URL Rendezvousing verify Enable per packet validation Cisco(config - if)#ip helper - address ? A.B.C.D IP destination address global Helper - address is global vrf VRF name for helper - address (if different from interface VRF) Cisco(config - if)#ip helper - address 10.0.100.251 Cisco #show ip interface vlan 220 Vlan220 is up, line protocol is up Internet address is 10.1.220.4/24 Broadcast address is 255.2 55.255.255 Address determined by setup command MTU is 1500 bytes Helper address is 10.0.100.251 ...

337. 336 ip Interface Interne t Protocol config commands ipv6 IPv6 interface subcommands isis IS - IS commands iso - igrp ISO - IGRP interface subcommands line - proto - delay Enable line proto dealy interface link Configure Link load - interval Specify interval for load calculation for an interface logging Configure logging for interface loopback Configure internal loopback on an interfac e macro Command macro max - reserved - bandwidth Maximum Reservable Bandwidth on an Interface mka MACsec Key Agreement (MKA) interface configuration neighbor interface neighbor configuration mode co mmands network - policy Network Policy nmsp NMSP interface configuration no Negate a command or set its defaults ntp Configure NTP private - vlan Configure private VLAN S VI interface settings rate - limit Rate Limit routing Per - interface routing configuration service - policy Configure CPL Service Policy shutdown Shutdown the selected interface snmp Modify SNMP interface parameters source Get config from another source spanning - tree Spanning Tree Subsystem standby HSRP interface configuration commands timeout Define timeout values for this interface topology Configure routing topology on the interface traffic - shape Enable Traffic Shaping on an Interface or Sub - Interface vrf VPN Routing/Forwarding parameters on the interface vrrp VRRP Interface configuration commands vtp Enable VTP on this interface Cisco(config - if)#private - vlan ? mapping Set the private VLAN SVI interface mapping Cisco(config - if)#private - vlan m apping ? WORD Secondary VLAN IDs of the private VLAN SVI interface mapping add Add a VLAN to private VLAN list remove Remove a VLAN from private VLAN list Cisco(config - if)#private - vlan mapping add ? WORD Secondary VLAN IDs of the private VLAN SVI interface mapping Cisco(config - if)#private - vlan mapping add 151 - 152 ? <cr> Cisco(config - if)#private - vlan mapping add 151 - 152 Cisco# show vlan private - vlan Primary Secondary Type Ports ------- --------- ----------------- ------- ----------------------------------- 150 151 isolated Gi1/0/10, Gi1/0/12, Gi1/0/13 150 152 community Gi1/0/10, Gi1/0/14, Gi1/0/15 Cisco#show vlan private - vlan type Vlan Type ---- ----------------- 150 primary

349. 348 System Power Status : No redundancy PoE Power Status : No redundancy Chassis power - over - et hernet: Total Available Power : 573 W Total Failover Power : 0 W Total Redundancy Power : 0 W Total Used Power : 8 W +/ - 6W Total Remaining Power : 565 W Internal Power Main Power PS (Watts) Status -- --- ------------- --------------------- 1 573 POE+ Connected 2 0 Not Connected ProVision# show power - over - ethernet brief Status and Counters - Port Power Status System Power Status : No redundancy PoE Power Sta tus : No redundancy Available: 573 W Used: 8 W Remaining: 565 W Module 1 - 26 Power Available: 573 W Used: 8 W Remaining: 565 W PoE | Power Power Alloc Alloc Actual Config Detection Power Pre - std Port | Enable Priority By Power Power Type Status Class Detect ------ + ------ -------- ----- ----- ------ -------- ----------- ----- ------ 1 | Yes low usage 17 W 0.0 W Searching 0 off 2 | Yes low usage 17 W 0.0 W Searching 0 off 3 | Yes low usage 17 W 0.0 W Searching 0 off 4 | Yes low usage 17 W 0.0 W Searching 0 off 5 | Yes low usage 17 W 7.0 W Delivering 3 o ff 6 | Yes low usage 17 W 0.0 W Searching 0 off 7 | Yes low usage 17 W 0.0 W Searching 0 off 8 | Yes low usage 17 W 0.0 W Searching 0 off 9 | Yes low usage 17 W 0.0 W Searching 0 off 10 | Yes low usage 17 W 0.0 W Searching 0 off 11 | Yes low usage 17 W 0.0 W Searching 0 off 12 | Yes low usage 17 W 0.0 W Searching 0 off 13 | Yes low usage 17 W 0.0 W Searching 0 off 14 | Yes low usage 17 W 0.0 W Searching 0 off 15 | Yes low usage 17 W 0.0 W Searching 0 off 16 | Yes low usage 17 W 0.0 W Searching 0 off 17 | Yes low usage 17 W 0.0 W Searching 0 off 18 | Yes low usage 17 W 0.0 W Searching 0 off 19 | Yes lo w usage 17 W 0.0 W Searching 0 off 20 | Yes low usage 17 W 0.0 W Searching 0 off 21 | Yes low usage 17 W 0.0 W Searching 0 off 22 | Yes low usage 17 W 0.0 W Searching 0 off 23 | Yes low usage 17 W 0.0 W Searching 0 off 24 | Yes low usage 17 W 0.0 W Searching 0 off ProVision# show power - over - ethernet 5 Status and Counters - Port P ower Status for port 5

351. 350 device Available PSE interface Specify the PoE Port pse PSE information [ Comware ] display poe device PSE ID SlotNo SubSNo PortNum MaxPower(W) State Model 4 1 0 2 4 370 on PD67024 [ Comware ]display poe interface Interface Status Priority CurPower Operating IEEE Detection (W) Status Class Status PSE : 4 GE1/0/1 disabled low 0.0 off 0 disabled GE1/0/2 disabled low 0.0 off 0 disabled GE1/0/3 disabled low 0.0 off 0 disabled GE1/0/4 disabled low 0.0 off 0 disabled GE1/0/5 enabled low 4.0 on 2 delivering - power GE1/0/6 disabled low 0.0 off 0 disabled GE1/0/7 disabled low 0.0 off 0 disabled GE1/0/8 disabled low 0.0 off 0 disabled GE1 /0/9 disabled low 0.0 off 0 disabled GE1/0/10 disabled low 0.0 off 0 disabled GE1/0/11 disabled low 0.0 off 0 disabled GE1/0/12 disabled low 0.0 off 0 disabled GE1/0/13 disabled low 0.0 off 0 disabled GE1/0/14 disabled low 0.0 off 0 disabled GE1/0/15 disabled low 0.0 off 0 disabled GE1/0/16 disabled low 0.0 off 0 disabled GE1/0/17 disabled low 0.0 off 0 disabled GE1/0/18 disabled low 0.0 off 0 disabled GE1/0/19 disabled low 0.0 off 0 disabled GE1/0/20 disabled l ow 0.0 off 0 disabled GE1/0/21 disabled low 0.0 off 0 disabled GE1/0/22 disabled low 0.0 off 0 disabled GE1/0/23 disabled low 0.0 off 0 disabled GE1/0/2 4 disabled low 0.0 off 0 disabled --- 1 port(s) on, 3.9 (W) consumed, 366.1 (W) remaining --- [ Comware ] display poe interface g1/0/5 Port Power Enabled : enabled Port Power Priority : low Po rt Operating Status : on Port IEEE Class : 2 Port Detection Status : delivering - power Port Power Mode : signal Port Current Power : 4000 mW Port Average Power : 39 94 mW Port Peak Power : 4100 mW Port Max Power : 15400 mW Port Current : 79 mA Port Voltage : 50.4 V Port PD Description : [ Comware ] interfac e g1/0/5 [ Comware - GigabitEthernet1/0/5 ]undo poe enable [ Comware ]display poe interface g1/0/5 Port Power Enabled : disabled Port Power Priority : low Port Operating Status : off

371. 370 ---- Port - channel1: Age o f the Port - channel = 0d:01h:29m:27s Logical slot/port = 10/1 Number of ports = 2 GC = 0x00000000 HotStandBy port = null Port state = Port - channel Ag - Inuse Protocol = - Port security = Disabled Ports in the Port - channel: Index Load Port EC state No of bits ------ + ------ + ------ + ------------------ + ----------- 0 00 Gi1/0/23 On 0 0 00 Gi1/0/24 On 0 Time since last port bundled: 0d:00h:01m:52s Gi1/0/24 Time since last port Un - bundled: 0d:00h:37m:22s Gi1/0/24 Cisco#show vlan name test VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 220 test active Gi1/0/4, Gi1/0/5 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 220 enet 100220 1500 - - - - - 0 0 Remote SPAN VLAN ---------------- Disabled Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------

381. 380 BPDU - Prot ection : Disabled Bridge Config - Digest - Snooping : Disabled TC or TCN received : 32 Time since last TC : 0 days 0h:37m:8s ... ---- [Port1(GigabitEthernet1/0/1)][FORWARDING] ---- Port protocol : Enabled Port role : Designated P ort (Boundary) Port ID : 128.1 Port cost(Legacy) : Config=auto, Active=20 Desg.bridge/port : 16384.cc3e - 5f73 - bacb, 128.1 Port edged : Config=disabled, Active=disabled Point - to - Point : Config=auto, Active=true Transmit l imit : 10 packets/hello - time TC - Restriction : Disabled Role - Restriction : Disabled Protection type : Config=none, Active=none MST BPDU format : Config=auto, Active=802.1s Port Config - Digest - Snooping : Disabled Rapid transit ion : True Num of VLANs mapped : 1 Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 1s RemHops 20 BPDU sent : 1528 TCN: 0, Config: 0, RST: 818, MST: 710 BPDU received : 1143 TCN: 0, Config: 0, RST: 0, MST: 1143 ... ---- [Port4(GigabitEthernet1/0/4)][FORWARDING] ---- Port protocol : Enabled Port role : Designated Port (Boundary) Port ID : 96.4 Port cost(Legacy) : Config=10000, Active=10000 Desg.bridge/port : 16384.cc3 e - 5f73 - bacb, 96.4 Port edged : Config=enabled, Active=enabled Point - to - Point : Config=auto, Active=true Transmit limit : 10 packets/hello - time TC - Restriction : Disabled Role - Restriction : Disabled Protection type : Conf ig=none, Active=none MST BPDU format : Config=auto, Active=802.1s Port Config - Digest - Snooping : Disabled Rapid transition : False Num of VLANs mapped : 1 Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 1s RemHops 20 BPDU se nt : 2669 TCN: 0, Config: 0, RST: 818, MST: 1851 BPDU received : 0 TCN: 0, Config: 0, RST: 0, MST: 0 ... ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port protocol : Enabled Port role : Root Port (Boundary) Port ID : 128.6 Port cost(Legacy) : Config=auto, Active=20

387. 386 bpdu - protection Show spanning tree BPDU protection status information. bpdu - throttle Displays the configured throttle value. config Show spanning tree configuration information. debug - counters Show spanning tree debug cou nters information. detail Show spanning tree extended details Port, Bridge, Rx, and Tx report. inconsistent - ports Show information about inconsistent ports blocked by spanning tree protectio n functions. instance Show the spanning tree instance information. mst - config Show multiple spanning tree region configuration. pending Show spanning tree pending configuration. [ethernet] PORT - LIST Limit the port information printed to the set of the specified ports. port - role - change - h... Show the last 10 role change entries on a port in a VLAN/instance. pvst - filter Show spanning tree PVST filter status information. pvst - protect ion Show spanning tree PVST protection status information. root - history Show spanning tree Root changes history information. system - limits Show system limits for spanning - tree topo - change - history Show spanning tree topology chan ges history information. traps Show spanning tree trap information. vlan Show VLAN information for RPVST. <cr> ProVision# show spanning - tree Multiple Spanning Tree (MST) Information STP Enabled : Yes Force Ver sion : MSTP - operation IST Mapped VLANs : 1 - 99,101 - 219,221 - 239,241 - 4094 Switch MAC Address : 009c02 - d53980 Switch Priority : 8192 Max Age : 20 Max Hops : 20 Forward Delay : 15 Topology Change Count : 69 Time Since Last Change : 6 mins CST Root MAC Address : 009c02 - d53980 CST Root Priority : 8192 CST Root Path Cost : 0 CST Root Port : This switch is root IST Regional Root MAC Address : 009c02 - d53980 IST Regional Root Priority : 8192 IST Regional Root Path C ost : 0 IST Remaining Hops : 20 Root Guard Ports : Loop Guard Ports : TCN Guard Ports : BPDU Protected Ports : BPDU Filtered Ports : PVST Protected Ports : PVST Filtered Ports : Root Inconsistent Ports : L oop Inconsistent Ports : | Prio | Designated Hello Port Type | Cost rity State | Bridge Time PtP Edge ------ --------- + --------- ---- ------------ + ------------- ---- --- ---- 1 100/1000T | 20000 128 Forwarding | 009c02 - d53980 2 Yes No 2 100/1000T | Auto 128 Disabled | 2 Yes No

389. 388 3 100/1000T Auto 128 Disabled Disabled 4 100/1000T Auto 96 Disabled Disabled 5 100/1000T 20000 128 Designated Forwarding 009c02 - d53980 6 100/1000T Auto 128 Disabled Disabled 7 100/1000T Auto 128 Disabled Disabled 8 100/1000T Auto 128 Disabled Disabled 9 100/1000T 20000 160 Designated Forwarding 009c02 - d53980 10 100/1000T Auto 128 Disabled Disabled 11 100/1000T 20000 128 Designated Forwarding 009c02 - d53980 12 100/1000T Auto 128 Disabled Disabled 13 100/1000T 20000 128 Designated Forwarding 009c02 - d53980 14 100/1000T Auto 128 Disabled Disabled 15 100/1000T 20000 1 28 Designated Forwarding 009c02 - d53980 16 100/1000T Auto 128 Disabled Disabled 17 100/1000T Auto 128 Disabled Disabled 18 100/1000T Auto 128 Disabled Disabled 25 Auto 128 Di sabled Disabled 26 Auto 128 Disabled Disabled Trk1 Auto 64 Disabled Disabled Trk2 Auto 64 Disabled Disabled Trk3 Auto 64 Disabled Disabled ProVisio n# show spanning - tree instance 1 MST Instance Information Instance ID : 1 Mapped VLANs : 220 Switch Priority : 12288 Topology Change Count : 62 Time Since Last Change : 9 mins Regional Root MAC Address : 002389 - d5a059 Regional Root Priority : 8192 Regional Root Path Cost : 20000 Regional Root Port : 11 Remaining Hops : 19 Root Inconsistent Ports : Loop Inconsistent Ports : Designat ed Port Type Cost Priority Role State Bridge ----- --------- --------- -------- ---------- ------------ -------------- 1 100/1000T 20000 128 Designated Forwarding 009c02 - d53980 2 100/1000T Auto 128 Disabled Disabled 3 100/1000T Auto 128 Disabled Disabled 4 100/1000T Auto 128 Disabled Disabled 5 100/1000T 20000 128 Designated Forwarding 009c02 - d53980 6 100/1000T Auto 128 Disable d Disabled 7 100/1000T Auto 128 Disabled Disabled 8 100/1000T Auto 128 Disabled Disabled 9 100/1000T 20000 160 Designated Forwarding 009c02 - d53980 10 100/1000T Auto 128 Disabled Disabl ed 11 100/1000T 20000 128 Root Forwarding 002389 - d5a059 12 100/1000T Auto 128 Disabled Disabled 13 100/1000T 20000 128 Designated Forwarding 009c02 - d53980 14 100/1000T Auto 128 Disabled Disabled 15 100/1000T 20000 128 Designated Forwarding 009c02 - d53980 16 100/1000T Auto 128 Disabled Disabled 17 100/1000T Auto 128 Disabled Disabled 18 100/1000T Auto 128 Disabled Disabled 25 Auto 128 Disabled Disabled

390. 389 26 Auto 128 Disabled Disabled Trk1 Auto 64 Disabled Disabled Trk2 Auto 64 Disabled Disabled Trk3 Auto 64 Disabled Disabled Comware5 [Comware5]stp ? bpdu - protection Specify BPDU protection bridge - diameter Specify bridge diameter config - digest - snooping Specify configuration digest snooping disable Disable s panning tree protocol enable Enable spanning tree protocol instance Spanning tree instance max - hops Specify max hops mcheck Specify mcheck mode Specify state machi ne mode pathcost - standard Specify STP port path cost standard port - log Specify port status logging priority Specify bridge priority region - configuration Enter MSTP region view root Specify root switch tc - protection Specify TC protection function tc - snooping Specify TC snooping timer Specify timer configuration timer - factor Specify aged out time factor vlan Virtu al LAN [Comware5]stp enable [Comware5 ]stp region - configuration [Comware5 - mst - region]? Mst - region view commands: active Active region configuration cfd Connectivity fault detection (IEEE 802.1ag) check Check the reg - configuration under - construction display Display current system information instance Spanning tree instance mtracert Trace route to multicast source ping Ping function quit Exit from current command vie w region - name Specify region name return Exit to User View revision - level Specify revision level save Save current configuration tracert Trace route function undo Cancel current setting vlan - mapping Vlan mapping [Comware5 - mst - region]region - name ProVision - Comware - Cisco [Comware5 - mst - region]revision - level 1 [Comware5 - mst - region]instance 1 vlan 220 [Comware5 - mst - region]instance 2 vlan 1 00 [Comware5 - mst - region]instance 3 vlan 240 [Comware5 - mst - region]active region - configuration [Comware5]stp priority 12288 (note - increments of 4096 , default setting is 32768 ) [Comware5] stp instance 1 priority 8192 (note – in steps of 4096 , default setting is 32768 )

409. 408 <cr> ProVision # show spanning - tree Spanning Tree Information STP Enabled [No] : Yes Mode : RPVST Extended System ID : Enabled Ignore PVID Inconsistency : Disabled RPVST Enabled VLA Ns : 1,100,220,230,240 Switch MAC Address : 009c02 - d53980 Root Guard Ports : Loop Guard Ports : TCN Guard Ports : BPDU Protected Ports : BPDU Filtered Ports : Auto Edge Ports : 1 - 18,25 - 26,Trk1 - Trk3 Admin Edge Ports : 9 VLAN Root Mac Root Root Root Hello ID Address Priority Path - Cost Port Time(sec) ----- --------------- ---------- ---------- ------- ------------- --------- 1 009c02 - d53980 8192 0 This switch is root 2 100 cc3e5f - 73bacb 8192 20,000 13 2 220 002389 - d5a059 8192 20,000 11 2 230 002291 - ab4380 3 2,768 20,000 15 2 240 002291 - ab4380 8192 20,000 15 2 Comware5 [ Comware5 ]stp ? bpdu - protection Specify BPDU protection bridge - diameter Specify bridge diameter config - digest - snooping Specify configuration digest snooping disable Disable spanning tree protocol enable Enable spanning tree protocol instance Spanning tree instance max - hops Specify max hops m check Specify mcheck mode Specify state machine mode pathcost - standard Specify STP port path cost standard port - log Specify port status logging priority Specify bridge priority region - configuration Enter MSTP region view root Specify root switch tc - protection Specify TC protection function tc - snooping Specify TC snooping timer Specify timer configuration t imer - factor Specify aged out time factor vlan Virtual LAN [ Comware5 ]stp mode ? mstp Multiple spanning tree protocol mode pvst Per - VLAN spanning tree protocol mode rstp Rapid spanning tree protocol mode stp Span ning tree protocol mode [Comware5]stp mode pvst [ Comware5 ]stp vlan ? INTEGER<1 - 4094> Vlan ID [ Comware5 ]stp vlan 1 ?

410. 409 INTEGER<1 - 4094> Vlan ID bridge - diameter Specify bridge diameter enable Enable spanning tree protocol priority Specify bridge priority root Specify root switch timer Specify timer configuration to Range of vlan [ Comware5 ]stp vlan 1 priority ? INTEGER<0 - 61440> Bridge priority, in steps of 4096 [ Comware5 ]stp vlan 1 priority 12288 [ Comware5]stp vlan 220 priority 8192 [ Comware5]stp vlan 100 priority 20480 [ Comware5]stp vlan 240 priority 16384 [ Comware5 ]stp enable [Comware5]dis play stp ? abnormal - port Display abnormal ports bpdu - statistics STP BPDU statistics brief Brief information down - port Port information of protocol down history Root or alternate port history instance Spanning tree instance interface Specify inter face region - configuration Region configuration root Display status and configuration of the root bridge slot Slot Number tc Port TC count vlan Virtual LAN | Matching output <cr> [ Comware5 ]display stp root VLAN Root Bridge ID ExtPathCost IntPathCost Root Port 1 8192.009c - 02d5 - 3980 0 20 GigabitEthernet1/0/6 100 8192.cc3e - 5f73 - bacb 0 20020 GigabitEthe rnet1/0/6 220 8192.0023 - 89d5 - a059 0 0 230 32768.0022 - 91ab - 4380 0 20020 GigabitEthernet1/0/6 240 8192.0022 - 91ab - 4380 0 20020 GigabitEthernet1/0/6 [ Comware5 ]display stp ------- [VLAN 1 Global Info] ---- --- Protocol Status :enabled Bridge ID :12288.0023 - 89d5 - a059 Bridge Times :Hello 2s MaxAge 20s FwDly 15s Root ID / RPC :8192.009c - 02d5 - 3980 / 20 RootPortId :128.6 BPDU - Protection :disabled TC or TCN received :2 Time since last TC :0 days 1h:7m:13s ---- [Port1(GigabitEthernet1/0/1)][FORWARDING] ---- Port Protocol :enabled Port Role :Designated Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :12288.00 23 - 89d5 - a059 / 128.1

420. 419 ProVision ProVision(config)# router rip ProVision (rip)# enable ProVision(rip )# vlan 220 ip rip ProVision (rip)# redistribute connected ProVision# show ip rip general Show RIP basic configura tion and operational information. interface Show RIP interfaces' information. peer Show RIP peers. redistribute List protocols which are being redistributed into RIP. restrict List routes which will no t be redistributed via RIP. <cr> ProVision# show ip rip RIP global parameters RIP protocol : enabled Auto - summary : enabled Default Metric : 1 Distance : 120 Route changes : 0 Queries : 0 RIP interface information IP Address Status Send mode Recv mode Metric Auth --------------- ----------- ---------------- ---------- ----------- ---- 10.1.220.1 enabled V2 - only V2 - only 1 none RIP peer information IP Addres s Bad routes Last update timeticks --------------- ----------- --------------------- 10.1.220.3 0 5 ProVision# show ip rip interface vlan 220 RIP configuration and statistics for VLAN 220 RIP interface information for 10.1.22 0.1 IP Address : 10.1.220.1 Status : enabled Send mode : V2 - only Recv mode : V2 - only Metric : 1 Auth : none Bad packets received : 0 Bad routes received : 0 Sent updates : 0 ProVision# show ip rip redistribute RIP redistribu ting

431. 43 0 OSPF Link State Database for Area 0.0.0.0 Advertising LSA Type Link State ID Router ID Age Sequence # Checksum ----------- --------------- --------------- ---- ----------- ---------- Router 10.0.0.21 10.0.0.21 313 0x8000000e 0x0000b05e Router 10.0.0.3 1 10.0.0.31 468 0x80000012 0x0000060f Router 10.0.0.41 10.0.0.41 474 0x80000004 0x0000ad40 Router 10.0.0.51 10.0.0.51 315 0x80000015 0x00001790 Network 10.1.220.5 10.0.0.51 315 0x800 00004 0x0000d754 Summary 10.1.100.0 10.0.0.21 322 0x80000001 0x0000dbd1 Summary 10.1.100.0 10.0.0.31 91 0x80000004 0x00007b45 Summary 10.1.100.0 10.0.0.41 1439 0x80000009 0x0000533e Summary 10 .1.100.0 10.0.0.51 662 0x80000009 0x00003532 Summary 10.1.230.0 10.0.0.21 323 0x80000001 0x00009a87 Summary 10.1.230.0 10.0.0.31 821 0x80000003 0x00003cf9 Summary 10.1.230.0 10.0.0.41 853 0x80000008 0x000014f2 Summary 10.1.230.0 10.0.0.51 840 0x80000003 0x0000ffe1 OSPF Link State Database for Area 0.0.0.1 Advertising LSA Type Link State ID Router ID Age Sequence # Checksum ----------- --------------- --------------- ---- ----------- ---------- Router 10.0.0.21 10.0.0.21 312 0x80000011 0x00006898 Router 10.0.0.31 10.0.0.31 471 0x80000015 0x0000bd49 Router 10.0.0.41 10. 0.0.41 1451 0x80000002 0x00006f75 Router 10.0.0.51 10.0.0.51 314 0x8000001b 0x0000c8cd Network 10.1.100.5 10.0.0.51 314 0x80000007 0x00001d86 Summary 0.0.0.0 10.0.0.21 325 0x80000001 0x00 003dd7 Summary 0.0.0.0 10.0.0.31 90 0x80000003 0x00007ab8 Summary 0.0.0.0 10.0.0.41 1454 0x80000001 0x000060aa Summary 0.0.0.0 10.0.0.51 765 0x80000002 0x0000409f Summary 10.1.220.0 10.0.0.21 315 0x80000009 0x0000bc72 Summary 10.1.220.0 10.0.0.31 94 0x80000009 0x000062e2 Summary 10.1.220.0 10.0.0.41 1447 0x80000009 0x000044d6 Summary 10.1.220.0 10.0.0.51 760 0x80000008 0x000028c9 Summary 10.1.230.0 10.0.0.21 316 0x8000000d 0x0000a077 Summary 10.1.230.0 10.0.0.31 826 0x80000002 0x00005cdc Summary 10.1.230.0 10.0.0.41 858 0x80000009 0x000030d7 Summary 10.1.23 0.0 10.0.0.51 844 0x8000000c 0x00000cce OSPF Link State Database for Area 0.0.0.2 Advertising LSA Type Link State ID Router ID Age Sequence # Checksum ----------- --------------- -------------- - ---- ----------- ---------- Router 10.0.0.21 10.0.0.21 324 0x80000013 0x000034bd Router 10.0.0.31 10.0.0.31 328 0x80000019 0x00008570 Router 10.0.0.41 10.0.0.41 865 0x80000006 0x0000379c Ro uter 10.0.0.51 10.0.0.51 844 0x8000001b 0x000098f0 Network 10.1.230.4 10.0.0.41 323 0x80000003 0x00003917 Summary 0.0.0.0 10.0.0.21 330 0x80000001 0x00003dd7 Summary 0.0.0.0 10.0.0.3 1 959 0x80000001 0x00007eb6 Summary 0.0.0.0 10.0.0.41 883 0x80000001 0x000060aa Summary 0.0.0.0 10.0.0.51 910 0x80000001 0x0000429e Comware [ Comware ] display ospf ? INTEGER<1 - 65535> Process ID abr - a sbr Information of the OSPF ABR and ASBR asbr - summary Information of aggregate addresses for OSPF(only for ASBR) brief brief information of OSPF processes cumulative Statistics information error Error in formation interface Interface information

487. 486 Extended ACL Cisco(config)#ip access - list exten ded 121 Cisco(config - ext - nacl)#deny ip 10.1.220.0 0.0.0.255 10.0.100.111 0.0.0.0 Cisco(config - ext - nacl)#permit ip any any Cisco(config)#ip access - list extended ext_pacl Cisco(config - ext - nacl)#deny ip 10.1.220.0 255.255.255.0 10.0.100.111 255.255.255.2 55 Cisco(config - ext - nacl)#permit ip any any Cisco(config)#interface g 1/ 0/4 Cis co(config - if)#ip access - group 12 1 in Cis co(config - if)#ip access - group ext_pacl in

490. 489 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 ef cs0 cs1 cs2 cs3 cs4 cs5 cs6 cs7 <cr> ProVision(config)# qos type - of - service diff - se rvices ProVision(config)# interface 5 ProVision (eth - 5 )# qos ? dscp Specify the DSCP policy to use. priority Specify the 802.1p priority to use. ProVision(eth - 5)# qos priority ? 0 1 2 3 4 5 6 7 ProVision (eth - 5 )# qos priority 6 ProVision(config)# vlan 23 0 ProVision (vlan - 23 0)# qos ? dscp Specify the DSCP policy to use. priority Specify the 802.1p priority to use. ProVision(vlan - 230)# qos priority ? 0 1 2 3 4 5 6 7 ProVis ion (vlan - 23 0)# qos priority 6 ProVision# show qos ? device - priority Show IP address - based traffic prioritization settings.

507. 506 ProVision (vlan - 220)# ip pim - dense ProVision# show ip pim ? bsr Show Bootstrap Rou ter information. interface Show PIM interface information. mroute Show PIM - specific information from the IP multicast routing table. neighbor Show PIM neighbor information. pending Show (*,G) and (S ,G) Join Pending Information. rp - candidate Show Candidate - RP operational and configuration information. rp - set Show RP - Set information available on the router. rpf - override Show the PIM RPF override entries. <cr> ProV ision# show ip mroute ? interface Show IP multicast routing interfaces' information. IP - ADDR Show detailed information for the specified entry from the IP multicast routing table. <cr> Comware5 [Comware 5] multicast routing - enable [Comware5] interface Vlan - interface 220 [Comware5 - Vlan - interface220]pim ? bfd Enable BFD for PIM on interface bsr - boundary Bootstrap router boundary dm Enable PIM dense mod e hello - option Specify hello option holdtime Specify holdtime ipv6 PIM IPv6 status and configuration information neighbor - policy Policy to accept PIM hello messages require - genid Require g eneration id sm Enable PIM sparse/SSM mode state - refresh - capable State - refresh capability timer Specify PIM timer triggered - hello - delay Triggered hello delay [Comware5 - Vlan - interface220]pim dm ? <cr> [Comw are5 - Vlan - interface220]pim dm [Comware5] display pim ? all - instance All vpn - instances bsr - info Bootstrap router information claimed - route PIM claim route information control - message PIM control message information df - info Designated forwarder information of bidirectional PIM grafts PIM unacknowledged grafts' information interface PIM - enabled interface ipv6 PIM IPv6 status and configuration information join - prune PIM join prune qu eue neighbor PIM neighbor information routing - table PIM routing table rp - info RP information vpn - instance Specify vpn - instance [Comware5]dis play multicast routing - table ? X.X.X.X Group address

607. 606 Chapter 37 HP 3800 Stacking / HP IRF / Cisco Switch Stack s This chapter describes the comma nds used to configure stacking - related technologies on each of the three platforms. These features allow multiple switches (within their respective platforms) to be configured to act as a single switch for both data and management. The feature capabilitie s are not interoperable between platforms/operating systems, but the basics of operations is similar. In HP 3800 Sta c king, o ne switch in the stack is designated as “Commander” and one switch is elected to be the “Standby.” The other switches are designate d “Member (s) .” The Commander is responsible for the overall management of the stack. The Standby provides redundancy for the stack and takes over stack management operations should the Commander fail, or if an administrator forces a Commander failover. The Members are not part of the overall stack management; however, they must manage their local subsystems and ports to operate correctly as part of the stack. The Commander and Standby are also responsible for their own local subsystems and ports. For featur es that you configure on specific switch ports in a stack, the configuration proce dures are the same as for stand alone switches, but the port designations for the ports in the stack are modified. Each port is identified by the stack member ID of its switch , followed by a slash and then the port number as it is shown on the switch. For example, for a switch with stack member ID 3, port 10 on that switch would be identified as port 3/10. HP 3800 stacking is different from the stacking feature that is implemen ted on some other HP Networking switches. HP 3800 Stacking requires a dedicated module installed in the HP 3800 switch. The other feature is implemented via the front - panel networking cables, uses a sin gle IP address to manage the st a ck, and does not have the high bandwidth and redundancy features of HP 3800 stacking. HP Intelligent Resilient Framework (IRF) technology creates a n IRF fabric from multiple switches to provide data center class availability and scalability. When switches form an IRF fabric, t hey elect a master to manage the IRF fabric, and all other switches back up the master. When the master switch fails, the other switches automatically elect a new master from among them to take over. Generally, IRF requires you to install expansion interfa ce cards with dedicated 10 - G b E ports in Comware capable switches. For features that you configure on specific switch ports in an IRF fabric, the configuration proce dures are the same as for stand alone switches, but the port designations for the ports in th e fabric are modified. Each port is identified by the member - id of its switch, followed by a slash and then the slot number of the interface card , and then the port index as it is shown on the switch. For example, for a

63. 62 ProVision(config)# aaa authentication local - user test1 ? aging - period Configures the password aging time for a user. clear - history - record Clears the history of the password for a user. group Specify the group for a username. min - pwd - length Configures the minimum password length for a user. ProVision(config)# aaa authentication local - user test1 group ? GROUPNAME - S TR The group name. ProVision(config)# aaa authentication local - user test1 group network - admin 2 ? password Specify the password. <cr> ProVision(config)# aaa authentication local - user test1 group network - admin 2 password ? plaintext Use plain text password. sha1 Use SHA - 1 hash. ProVision(config)# aaa authentication local - user test1 group network - admin 2 password plaint e xt ? <cr> ProVision(config)# aaa authentication local - user test1 group network - admi n 2 password plaint ext New password for test1: ******** Please retype new password for test1: ******** ProVision # sh ow authorization group ? GROUPNAME - STR The group name. <cr> ProVision # sh ow authorization group network - admin2 Local Manag ement Groups - Authorization Information Group Name : network - admin2 Group Privilege Level : 4 Users ---------------- test1 Seq. Num. | Permission Rule Expression Log ---------- + ---------- --------- --------------------------------- ------- 1 | Permit command:show interfaces brief Enable 2 | Permit command:show ip Enable Comware5 Not an available feature Comware7 [Comware7]r ole ? default - role Specify the default user role configuration feature - group Specify a feature group name Specify a name for the user role [Comware7]role name ?

73. 72 aging - period Configures the password aging time for a system. alert - before - expiry Sets the number of da ys before password aging during which the user is warned of the pending password expiration. expired - user - login Configures additional logins within a specified period during which a user is allowed to acces s the switch without changing an expired password. history Enables the password history check. history - record Configures the maximum number of history password records for each user. log - on - details Disables execution of the 'show authentication last - login' command so that the logon details are not displayed. update - interval - time The period of waiting, in hours, before an existing password can be changed. ProVision(config)# password configuration aging ? aging aging - period ProVision(config)# password configuration aging ? <cr> ProVision(config)# password configuration aging ProVision(config)# password configuration history ? his tory history - record ProVision(config)# password configuration history ? <cr> ProVision(config)# password configuration history ProVision(config)# password complexity ? all Configures the repeat password character check, repeat passw ord check and user name check. repeat - char - check Configuration to ensure that password does not contain three of the same characters used consecutively. repeat - password - check Configures the repeat passwor d character check. user - name - check Ensures that the password does not contain repeat or reverse of the associated username. ProVision(config)# password complexity all ? <cr> ProVision(config)# password complexity all [As seen from the login screen] Username: manager Password: <password> [note, password was not displayed) Please change the password to logon to the system. Old password: New password: <PA55word!^zaQW@> [n ote, password was not displayed) Re - enter the new password: ProVision # sh ow password - configuration Global password control configuration Password control : Enabled Password history : Enabled

75. 74 INTEGER<1 - 4> Minimum types of characters the password contains [Comware5]password - control composition type - number 4 ? type - length Specify minimum characters for each required type <cr> [Comware5]password - control composition type - number 4 type - length ? INTEGER<1 - 63> Minimum characters of each required type contains [Comware5]password - control composition type - number 4 type - length 2 ? <cr> [Comware5]password - control composition type - number 4 type - length 2 [Comware5]password - c ontrol composition enable ? <cr> [Comware5]password - control composition enable Info: Password composition is enabled for all users. [Comware5]password - control complexity ? same - character Specify same - character user - name Specify username [C omware5]password - control complexity same - character ? check Enable password complexity checking at login [Comware5]password - control complexity same - character check ? <cr> [Comware5]password - control complexity same - character check Info: Check of pass word include repeat same char is enabled for all users. [Comware5]password - control complexity user - name ? check Enable password complexity checking at login [Comware5]password - control complexity user - name check ? <cr> [Comware5]password - control com plexity user - name check Info: Check of password include username is enabled for all users. [As seen from a login screen] Login authentication Username:manager Password: <password> [note, password was not displayed) Info: First l ogged in. For security reasons you will need to change your password. Please enter your new password. Password: <PA55word!^> [note, password displayed as asterisks) Confirm : ********** Updating user(s) information, please wait...... [ As seen at the console screen] #Jun 25 15:03:43:626 2016 Comware5 SHELL/4/LOGIN: Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.1:manager login from VTY %Jun 25 15:03:43:768 2016 Comware5 LS/4/LS_PWD_CHGPWD_FOR_FIRSTLOGIN: User manager changed the password because f irst login. %Jun 25 15:03:43:921 2016 Comware5 SHELL/5/SHELL_LOGIN: manager logged in from 10.1.1.109.

94. 93 boot Specify a boot image file flash: Device name usba0: Device name <Comware7>boot - loader file flash:/5900_5920 - CMW710 - R2311P05.ipe ? all Set the startup software image for all the slot slot Specify the slot <Comware7>boot - loader file flash:/5900_5920 - CMW710 - R2311P05.ipe slot ? <1> Slot number <Comware7>boot - loader file flash:/5900_5920 - CMW710 - R2311P05.ipe slot 1 ? backup Specify the packages as the backup startup software ima ges main Specify the packages as the main startup software images <Comware7>boot - loader file flash:/5900_5920 - CMW710 - R2311P05.ipe slot 1 main ? <cr> <Comware7>boot - loader file flash:/5900_5920 - CMW710 - R2311P05.ipe slot 1 main Cisco Cisco#show fla sh: 2 - rwx 556 Mar 30 2011 00:07:35 - 06:00 vlan.dat 508 - rwx 2345 Aug 30 1993 00:54:39 - 06:00 IPv6 - 3750E - 1 - base - 12042014 - 1700.cfg 509 - rwx 18586280 Mar 29 2011 20:09:52 - 06:00 c3750e - universalk9 - mz.150 - 1.SE.bin 510 - r wx 2077 Feb 28 1993 18:14:58 - 06:00 cisco - 1 - base - config - 03052015 - 0010.cfg 514 - rwx 4120 Feb 28 1993 18:02:19 - 06:00 multiple - fs 516 - rwx 2542 Feb 28 1993 18:02:18 - 06:00 config.text 517 - rwx 1915 Feb 28 1993 18:0 2:18 - 06:00 private - config.text 57409536 bytes total (3827712 bytes free) Cisco#show version Cisco IOS Software, C3750E Software (C3750E - UNIVERSALK9 - M), Version 15.0(1)SE ... System image file is "flash:c3750e - universalk9 - mz.150 - 1.SE.bin" ... Cisco#cop y ? /erase Erase destination file system. /error Allow to copy error file. /noverify Don't verify image signature before reload. /verify Verify image signature before reload. bs: Copy from bs: file syst em cns: Copy from cns: file system flash1: Copy from flash1: file system flash: Copy from flash: file system ftp: Copy from ftp: file system http: Copy from http: file system https: Copy from https: file system logging Copy logging messages null: Copy from null: file system nvram: Copy from nvram: file system rcp: Copy from rcp: file system running - config Copy from current system configurat ion scp: Copy from scp: file system startup - config Copy from startup configuration system: Copy from system: file system tar: Copy from tar: file system tftp: Copy from tftp: file system tmpsys: Copy from tmpsys: file system xmodem: Copy from xmodem: file system ymodem: Copy from ymodem: file system Cisco#copy tftp:?

114. 113 syslog lpr news uucp sys9 sys10 sys11 sys12 sys13 sys14 cron local0 local1 local2 local3 local4 local5 local6 local7 ProVision(config)# logging severity ? major error warning info debug ProVision# show logging ? - a Display all log events, includi ng those from previous boot cycles. - b Display log events as time since boot instead of date/time format. - r Display log events in reverse order (most recent first). - s Display commander and stand by commander log events. - t Display log events in granularity in 10 milli seconds. - m Major event class. - e Error event class. - p Performance event class. - w Warning event class. - i Information event class. - d Debug event class. filter Display log filter configuration and status information. OPTION - STR Filter events shown. <cr> Comware5 [ Comware5] info - center ? channel Specify the name of information channel console Settings of console configuration enable Enable the information center format Format of syslog message logbuffer Sett ings of logging buffer configuration loghost Settings of logging host configuration monitor Settings of monitor configuration security - logfile Specify security log file configuration snmp Settings of snmp configura tion source Informational source settings synchronous Synchronize info - center output syslog Setting of syslog configuration timestamp Set the time stamp type of information trapbuffer Settings of trap bu ffer configuration [Comware5] info - center loghost ? STRING<1 - 255> Logging host ip address or hostname ipv6 Specify an IPv6 address source Set the source address of packets sent to loghost vpn - instance Specify a VPN instance

116. 115 X.X.X.X IP address of the log host ipv6 Specify an IPv6 log host source Specify the source IP a ddress for log information vpn - instance Specify the VPN instance to which the log host belongs [Comware7]info - center loghost 10.0.100.111 ? facility Specify the logging facility of the log host port Specify the port number of the log host <cr> [ Comware 7 ] info - center loghost 10.0.100.11 1 [Comware7]info - center loghost 10.0.100.111 facility ? local0 Set the logging facility to local0 local1 Set the logging facility to local1 local2 Set the logging facility to local2 local3 Set th e logging facility to local3 local4 Set the logging facility to local4 local5 Set the logging facility to local5 local6 Set the logging facility to local6 local7 Set the logging facility to local7 [Comware7]info - center timestamp ? boot T he time taken to boot up the system date The current system date and time loghost Log host configuration none No time information is provided [Comware7]info - center timestamp loghost ? date The current system date and time iso Set the time stamp to ISO 8601 format no - year - date The current system date and time (year exclusive) none No time information is provided [ Comware 7 ] info - center timestamp loghost date ? <cr> [ Comware 7 ] info - center timestamp loghos t date [Comware7]display logbuffer ? > Redirect it to a file >> Redirect it to a file in append mode level Display log entries with the specified severity level reverse Display log entries chronologically, with the most recent en try at the top size Display specified number of log entries slot Specify the slot number summary Display summary information of the log buffer | Matching output <cr> Cisco Cisco(config)#logging ? Hostname or A.B.C. D IP address of the logging host buffered Set buffered logging parameters buginf Enable buginf logging for debugging cns - events Set CNS Event logging level console Set console logging parameters c ount Count every log message and timestamp last occurance delimiter Append delimiter to syslog messages discriminator Create or modify a message discriminator esm Set ESM filter restrictions excepti on Limit size of exception flush output facility Facility parameter for syslog messages file Set logging file parameters

153. 152 UserStatus: active Comware7 [ SNMP v3 is default enabled version] (Note, if SNMP v1 & v2c has been configured and now only v3 is required, undo v1 v2c using this command undo snmp - agent sys - inf o version v1 v2c , and configure v3) [Comware7] snmp - agent sys - info version v3 [Comware7]snmp - agent group ? v1 Specify SNMPv1 security mode for the group v2c Specify SNMPv2c security mode for the group v3 Specify SNMPv3 security mode for the group [Comware7]snmp - agent group v3 ? STRING<1 - 32> Group name [Comware7]snmp - agent group v3 managerpriv ? acl Apply a basic ACL to filter NMSs authentication Set the security level to AuthNoPriv notify - view Specify notify views for the group privacy Set the security level to AuthPriv read - view Specify read views for the group write - view Specify write views for the group <cr> [Comware7]snmp - agent group v3 managerpriv privacy ? acl Apply a ba sic ACL to filter NMSs notify - view Specify notify views for the group read - view Specify read views for the group write - view Specify write views for the group <cr> [Comware7]snmp - agent group v3 managerpriv privacy [Comware7]snmp - agent usm - u ser ? v1 SNMPv1 security model v2c SNMPv2c security model v3 SNMPv3 security model [Comware7]snmp - agent usm - user v3 ? STRING<1 - 32> Username [Comware7]snmp - agent usm - user v3 test ? STRING<1 - 32> Group name user - role Specify the role of the SNMPv3 user [Comware7]snmp - agent usm - user v3 test managerpriv ? acl Set access control list for this user cipher Specify a ciphertext key remote Specify the remote engine associated with the user simple Specify a plaintext key <cr> [Comware7]snmp - agent usm - user v3 test managerpriv simple ? authentication - mode Specify an authentication algorithm [Comware7]snmp - agent usm - user v3 test managerpriv simple authentication - mode ? md5 Use the HMAC MD5 authentication algorithm sha Use the HMAC SHA authentication algorithm

184. 183 ProVision(config)# no web - management plaintext ProVision# show crypto ? autorun - cert Display trusted certificate. autorun - key Display autorun key. client - public - key Display ssh authorized client public keys. host - public - key Display ssh host RSA public key. pki Displays the PKI related information. ProVision# show crypto pki ? identity - profile Show the configured switch identity. local - certificate Show local certificate informat ion. ta - profile Show Trust Anchor profile specific details. ProVision# show crypto pki local - certificate ? CERT - NAME Enter the Certificate name to get the details summary Displays the summary of all the certificates in the switch <cr> ProVision# show crypto pki local - certificate Name Usage Expiration Parent / Profile -------------------- ---------- -------------- -------------------- localcert Web 2016/03/27 d efault ProVision# show crypto pki local - certificate localcert Certificate Detail: Version: 3 (0x2) Serial Number: 32:ef:31:80:90:17:da:5a:f2:da:b4:42:96:b9:57:40:57:4e:99:77 Signature Algorithm: sha256withRSAEncryption Issuer: CN=ProVision, OU=Lab, O=T est, L=Any City, ST=Any State, C=US Validity Not Before: Mar 27 17:22:13 2015 GMT Not After : Mar 27 23:59:59 2016 GMT Subject: CN=ProVision, OU=Lab, O=Test, L=Any City, ST=Any State, C=US Subject Public Key Info: Public Key Algorithm: rsaEncrypti on RSA Public Key: (1024 bit) Modulus (1024 bit): bb:35:e9:41:ec:ad:80:d9:3d:95:21:8a:48:77:63: 93:7f:73:99:60:5e:0f:73:1f:9d:86:b5:6b:19:d9: 40:e2:b5:fd:6f:0f:74:89:60:40:59:91:2c:71:f3: 1c:5d:6b:e0:f6:d7:a 6:64:7f:8a:02:57:ff:be:a9: 1d:59:4b:e9:41:49:ba:bc:e1:ff:35:00:c0:09:a7: c5:e9:9d:59:05:bd:2f:1e:32:62:76:eb:95:5b:40: 42:8a:61:7c:05:0b:f2:d0:ad:66:0b:0e:e2:94:8a: 71:ce:31:00:bd:cd:cb:84:80:03:47:b7:43:88:2e: f7:d3:de:39:b9:c3:15:c5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement, Decipher Only X509v3 Extended Key Usage: TLS Web Server Authentication S ignature Algorithm: sha256withRSAEncryption 3e:c2:63:05:b0:e0:2c:a3:50:f9:7c:3e:a5:39:92:3d:d3:47: 4a:bd:57:8c:80:33:e6:e2:bc:0f:bd:73:68:83:e4:a0:5f:04: 20:71:26:fa:c7:c0:2a:26:a1:00:76:7b:46:f6:9f:43:96:94: e5:44:23:b9:38:85:bb:0d:64:8c:18:f0 :0f:25:83:b3:99:30: 33:e0:5e:f3:50:53:15:01:74:dc:41:f8:4d:5d:bc:1e:4d:a1: c3:a1:e9:6a:47:70:d5:39:42:69:38:02:9f:be:a7:05:a9:01: 77:cc:05:6e:56:07:f8:7c:bb:e8:28:6b:be:bf:3b:4a:73:f3:

202. 201 INTEGER<1 - 65535> Accounting port number, generally is 18 13 key Specify the shared key for secure communication with the server vpn - instance Specify a VPN instance <cr> [Comware7 - radius - radius - auth]primary accounting 10.0.100.111 key ? cipher Specify a ciphertext key simple Specify a plaintext key [Comware7 - radius - radius - auth]primary accounting 10.0.100.111 key simple ? STRING<1 - 64> Plaintext key string [Comware7 - radius - radius - auth]primary accounting 10.0.100.111 key simple password ? INTEGER<1 - 65535> Ac counting port number, generally is 1813 vpn - instance Specify a VPN instance <cr> [Comware7 - radius - radius - auth]primary accounting 10.0.100.111 key simple password [Comware7 - radius - radius - auth]user - name - format ? keep - original User name unchan ged with - domain User name like XXX@XXX without - domain User name like XXX [Comware7 - radius - radius - auth]user - name - format without - domain ? <cr> [Comware7 - radius - radius - auth]user - name - format without - domain [Comware7] domain lab New Domain added. [Comware7 - isp - lab]? Isp view commands: accounting Specify accounting scheme authentication Specify authentication scheme authorization Specify authorization scheme authorization - attribute Configure authorization attributes of the domain cfd Connectivity Fault Detection (CFD) module diagnostic - logfile Diagnostic log file configuration display Display current system information logfile Log file co nfiguration monitor System monitor ping Ping function quit Exit from current command view return Exit to User View save Save current configuration se curity - logfile Security log file configuration state Specify state of domain tracert Tracert function undo Cancel current setting [Comware7 - isp - lab]authentication ? advpn Specif y AAA configuration for ADVPN user default Specify default AAA configuration for all types of users ike Specify AAA configuration for IKE user lan - access Specify AAA configuration for lan - access service login Specify AAA configur ation for login user portal Specify AAA configuration for PORTAL user ppp Specify AAA configuration for PPP user super Specify AAA configuration for super user

203. 202 [Comware7 - isp - lab]authentication default ? hwtacacs - scheme Specify HWTACACS scheme ldap - scheme Specify LDAP scheme local Specify local scheme none Specify none scheme radius - scheme Specify RADIUS scheme [Comware7 - isp - lab]authentication default radius - scheme ? STRING<1 - 32> Scheme name [Comware7 - isp - lab]authentication default radius - scheme radius - auth ? hwtacacs - scheme Specify HWTACACS scheme local Specify local scheme none Specify none scheme <cr> [Comware7 - isp - lab]authentication default radius - sch eme radius - auth [Comware7 - isp - lab]authorization default radius - scheme radius - auth [Comware7 - isp - lab]accounting default radius - scheme radius - auth [Comware7] domain default enable lab [Comware7]user - interface aux 0 [Comware7 - line - aux0]authentication - mo de ? none Login without authentication password Password authentication scheme Authentication use AAA [Comware7 - line - aux0]authentication - mode scheme ? <cr> [Comware7 - line - aux0]authentication - mode scheme [ Comware7 ]user - interface vty 0 63 [Comware7 - line - vty0 - 63]authentication - mode ? none Login without authentication password Password authentication scheme Authentication use AAA [Comware7 - line - vty0 - 63]authentication - mode scheme ? <cr> [Comware7 - line - vty0 - 63]authenticat ion - mode scheme [Comware7 - line - vty0 - 63]user - role ? STRING<1 - 63> User role name network - admin network - operator level - 0 level - 1 level - 2 level - 3 level - 4 level - 5 level - 6 level - 7 level - 8

294. 293 save Save current configuration subvlan Specify Sub VLAN supervlan Specify the VLAN to be a Super VLAN tracert Trace route function undo Cancel cur rent setting [Comware5 - vlan220]name ? TEXT Up to 32 characters for name of this VLAN [Comware5 - vlan220]name test [Comware5]display vlan ? INTEGER<1 - 4094> VLAN ID all All the VLANs dynamic Dynamic VLAN ID reserved Reserved VLAN ID static Static VLAN ID | Matching output <cr> [Comware5]display vlan Total 3 VLAN exist(s). The following VLANs exist: 1(default), 100, 220, [Comware5]display vlan all VLAN ID: 1 VLAN Type: static Route Interface: configured IPv4 address: 10.0.111.31 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0001 Name: VLAN 0001 Tagged Ports: none Untagged Ports: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3 GigabitE thernet1/0/4 GigabitEthernet1/0/5 GigabitEthernet1/0/6 GigabitEthernet1/0/7 GigabitEthernet1/0/8 GigabitEthernet1/0/9 GigabitEthernet1/0/10 GigabitEthernet1/0/11 GigabitEthernet1/0/12 GigabitEthernet1/0/13 GigabitEthern et1/0/14 GigabitEthernet1/0/15 GigabitEthernet1/0/16 GigabitEthernet1/0/17 GigabitEthernet1/0/18 GigabitEthernet1/0/19 GigabitEthernet1/0/20 GigabitEthernet1/0/21 GigabitEthernet1/0/22 GigabitEthernet1/0/23 GigabitEthernet1 /0/24 GigabitEthernet1/0/25 GigabitEthernet1/0/26 GigabitEthernet1/0/27 GigabitEthernet1/0/28 VLAN ID: 100 VLAN Type: static Route Interface: not configured Description: VLAN 0100 Name: VLAN 0100 Tagged Ports: none Untagged Ports: n one VLAN ID: 220 VLAN Type: static Route Interface: not configured Description: VLAN 0220 Name: test Tagged Ports: none Untagged Ports: none Comware7 [Comware7] vlan 220

296. 295 GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3 GigabitEthern et1/0/4 GigabitEthernet1/0/5 GigabitEthernet1/0/6 GigabitEthernet1/0/7 GigabitEthernet1/0/8 GigabitEthernet1/0/9 GigabitEthernet1/0/10 GigabitEthernet1/0/11 GigabitEthernet1/0/12 GigabitEthernet1/0/13 GigabitEthernet1/0/14 GigabitEthernet1/0/15 GigabitEthernet1/0/16 GigabitEthernet1/0/17 GigabitEthernet1/0/18 GigabitEthernet1/0/19 GigabitEthernet1/0/20 GigabitEthernet1/0/21 GigabitEthernet1/0/22 GigabitEthernet1/0/23 GigabitEthernet1/0/24 GigabitEthernet1/0/25 GigabitEthernet1/0/26 GigabitEthernet1/0/27 GigabitEthernet1/0/28 GigabitEthernet1/0/29 GigabitEthernet1/0/30 GigabitEthernet1/0/31 GigabitEthernet1/0/32 GigabitEthernet1/0/33 GigabitEthernet1/0/34 GigabitEthernet1/0/35 GigabitEthernet1/0/36 GigabitEthernet1/0/37 GigabitEthernet1/0/38 GigabitEthernet1/0/39 GigabitEthernet1/0/40 Gigabi tEthernet1/0/41 GigabitEthernet1/0/42 GigabitEthernet1/0/43 GigabitEthernet1/0/44 GigabitEthernet1/0/45 GigabitEthernet1/0/46 GigabitEthernet1/0/47 GigabitEthernet1/0/48 Ten - GigabitEthernet1/0/49 Ten - Giga bitEthernet1/0/50 Ten - GigabitEthernet1/0/51 Ten - GigabitEthernet1/0/52 VLAN ID: 100 VLAN type: Static Route interface: Not configured Description: VLAN 0100 Name: VLAN 0100 Tagged ports: None Untagged ports: None VLAN ID: 220 VLAN type: Static Route interface: Not configured Description: VLAN 0220 Name: test Tagged ports: None Untagged ports: None Cisco Cisco(config)#vlan 220 Cisco(config - vlan)#? VLAN configuration commands: are Maximum number of All Route Explorer hops for this VLAN (or zero if none specified) backupcrf Backup CRF mode of the VLAN bridge Bridging characteristics of the VLAN exit Apply changes, bump revision number, and exit mode media Media type of the VLAN mtu VLAN Maximum Transmission Unit name Ascii name of the VLAN no Negate a command or set its defaults parent ID number of the Parent VLAN of FDDI or Token Ring type VLANs private - vlan Configure a p rivate VLAN remote - span Configure as Remote SPAN VLAN ring Ring number of FDDI or Token Ring type VLANs said IEEE 802.10 SAID shutdown Shutdown VLAN switching state Operational state of the VLAN

332. 331 xconnect Bind a VSI [Comware7 - Vlan - interface150]private - vlan ? secondary Specify the secondary VLANs which can communicate at Layer 3 [Comware7 - Vlan - interface150]private - vlan sec ondary ? INTEGER<1 - 4094> Secondary VLAN ID [Comware7 - Vlan - interface150]private - vlan secondary 151 to 152 ? INTEGER<1 - 4094> Secondary VLAN ID <cr> [Comware7 - Vlan - interface150]private - vlan secondary 151 to 152 [Comware7 - Vlan - interface150]quit [ Comware7]dis play private - vlan Primary VLAN ID: 150 Secondary VLAN ID: 151 - 152 VLAN ID: 150 VLAN type: Static Private VLAN type: Primary Route interface: Configured IPv4 address: 10.150.2.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0150 N ame: VLAN 0150 Tagged ports: None Untagged ports: GigabitEthernet1/0/10 GigabitEthernet1/0/12 GigabitEthernet1/0/13 GigabitEthernet1/0/14 GigabitEthernet1/0/15 VLAN ID: 151 VLAN type: Static Private VLAN type: Isolated S econdary Route interface: Configured IPv4 address: 10.150.2.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0151 Name: VLAN 0151 Tagged ports: None Untagged ports: GigabitEthernet1/0/10 GigabitEthernet1/0/12 GigabitEthernet1/0/ 13 VLAN ID: 152 VLAN type: Static Private VLAN type: Secondary Route interface: Configured IPv4 address: 10.150.2.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0152 Name: VLAN 0152 Tagged ports: None Untagged ports: GigabitEthernet1/ 0/10 GigabitEthernet1/0/14 GigabitEthernet1/0/15 Cisco

335. 334 port - security Security related command priority Set appliance 802.1p priorit y private - vlan Set the private VLAN configuration protected Configure an interface to be a protected port trunk Set trunking characteristics of the interface voice Voice appliance attributes <cr> Cisco(config - if)#switchp ort mode ? access Set trunking mode to ACCESS unconditionally dot1q - tunnel set trunking mode to TUNNEL unconditionally dynamic Set trunking mode to dynamically negotiate access or trunk mode private - vlan Set private - vlan mode trunk Set trunking mode to TRUNK unconditionally Cisco(config - if)#switchport mode private - vlan ? host Set the mode to private - vlan host promiscuous Set the mode to private - vlan promiscuous Cisco(config - if)#switchport mode private - vlan pro miscuous ? <cr> Cisco(config - if)#switchport mode private - vlan promiscuous Cisco(config - if)#switchport private - vlan ? association Set the private VLAN association host - association Set the private VLAN host association mapping Set the private VLAN promiscuous mapping Cisco(config - if)#switchport private - vlan mapping ? <1006 - 4094> Primary extended range VLAN ID of the private VLAN promiscuous port mapping <2 - 1001> Primary normal range VLAN ID of the private VL AN promiscuous port mapping Cisco(config - if)#switchport private - vlan mapping 150 ? WORD Secondary VLAN IDs of the private VLAN promiscuous port mapping add Add a VLAN to private VLAN list remove Remove a VLAN from private VLAN list Cisco(config - if)#switchport private - vlan mapping 150 add ? WORD Secondary VLAN IDs of the private VLAN promiscuous port mapping Cisco(config - if)#switchport private - vlan mapping 150 add 151 - 152 ? <cr> Cisco(config - if)#switchport private - vlan m apping 150 add 151 - 152 Cisco(config)#interface g1/0/12 Cisco(config - if)#switchport mode private - vlan ? host Set the mode to private - vlan host promiscuous Set the mode to private - vlan promiscuous Cisco(config - if)#switchport mode private - vlan host Cisco(config - if)#switchport private - vlan ? association Set the private VLAN association host - association Set the private VLAN host association mapping Set the private VLAN promiscuous mapping Cisco(config - if)#switchport priva te - vlan host - association ? <1006 - 4094> Primary extended range VLAN ID of the private VLAN host port association <2 - 1001> Primary normal range VLAN ID of the private VLAN port

375. 374 config Show spanning tree configuration information. debug - counters S how spanning tree debug counters information. detail Show spanning tree extended details Port, Bridge, Rx, and Tx report. inconsistent - ports Show information about inconsistent ports blocked by spanning tree protection functions. instance Show the spanning tree instance information. mst - config Show multiple spanning tree region configuration. pending Show spanning tree pending configuration. [ethernet ] PORT - LIST Limit the port information printed to the set of the specified ports. port - role - change - h... Show the last 10 role change entries on a port in a VLAN/instance. pvst - filter Show spanning tree PVST filter status information. pvst - protection Show spanning tree PVST protection status information. root - history Show spanning tree Root changes history information. system - limits Show system limits for spanning - tree topo - change - history Show spanning tree topology changes history information. traps Show spanning tree trap information. vlan Show VLAN information for RPVST. <cr> ProVision# show spanning - tree Multiple Spanning Tree (MST) Information STP E nabled : Yes Force Version : RSTP - operation IST Mapped VLANs : 1 - 4094 Switch MAC Address : 009c02 - d53980 Switch Priority : 8192 Max Age : 20 Max Hops : 20 Forward Delay : 15 Topology Change Count : 29 Time Since Last Change : 31 m ins CST Root MAC Address : 009c02 - d53980 CST Root Priority : 8192 CST Root Path Cost : 0 CST Root Port : This switch is root IST Regional Root MAC Address : 009c02 - d53980 IST Regional Root Priority : 8192 IST Regional Root Pa th Cost : 0 IST Remaining Hops : 20 Root Guard Ports : Loop Guard Ports : TCN Guard Ports : BPDU Protected Ports : BPDU Filtered Ports : PVST Protected Ports : PVST Filtered Ports : Root Inconsistent Ports : Loop Inconsistent Ports : | Prio | Designated Hello Port Type | Cost rity State | Bridge Time PtP Edge ------ --------- + --------- ---- ------------ + ------------- ---- --- - --- 1 100/1000T | 20000 128 Forwarding | 009c02 - d53980 2 Yes No 2 100/1000T | Auto 128 Disabled | 2 Yes No 3 100/1000T | Auto 128 Disabled | 2 Yes No 4 100/1000T | 10000 96 Forwarding | 009c02 - d53980 2 Yes Yes

413. 412 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :32768.009c - 02d5 - 3980 / 128.11 Port Edged :Config=disabled / Active=disabled Point - to - point :Config=auto / Active=true Transmit Limit :10 packe ts/hello - time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s MsgAge 1s ------- [VLAN 240 Global Info] ------- Protocol Status :enabled Bridge ID :16384.0023 - 89d5 - a059 Bridge Times :Hello 2s MaxAge 20s FwD ly 15s Root ID / RPC :8192.0022 - 91ab - 4380 / 20020 RootPortId :128.6 BPDU - Protection :disabled TC or TCN received :25 Time since last TC :0 days 0h:53m:46s ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port Protocol :enable d Port Role :Root Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20 Desg. Bridge/Port :20480.009c - 02d5 - 3980 / 128.11 Port Edged :Config=disabled / Active=disabled Point - to - point :Config=auto / Active =true Transmit Limit :10 packets/hello - time Protection Type :None PortTimes :Hello 2s MaxAge 20s FwDly 15s MsgAge 1s Comware7 [ Comware7 ]stp ? bpdu - protection Specify BPDU protection function bridge - diameter Specify b ridge diameter global Specify global parameter instance Specify the spanning tree instance list max - hops Specify max hops mode Specify state machine mode pathcost - standard Specify port path cost standard port - log Specify port status logging priority Specify bridge priority region - configuration Enter MSTP region view root Specify root switch tc - protection Specify TC protection function tc - snooping Specify TC snooping timer Specify timer configuration timer - factor Specify aged out time factor vlan Specify the VLAN list [ Comware7 ]stp mode ? mstp Multiple spanning tre e protocol mode pvst Per - Vlan spanning tree mode rstp Rapid spanning tree protocol mode stp Spanning tree protocol mode [Comware7]stp mode pvst [ Comware7 ]stp vlan ? INTEGER<1 - 4094> Vlan ID [ Comware7 ]stp vlan 1 ? INTEGER<1 - 4094> VLAN ID bridge - diameter Specify bridge diameter enable Enable STP in VLANs priority Specify bridge priority

415. 414 Transmit limit : 10 packets/hello - time Protection type : Config=none, Active=none Rapid transition : True Port times : Hello 2s MaxAge 20 s FwdDelay 15s MsgAge 1s ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port protocol : Enabled Port role : Root Port Port ID : 128.6 Port cost(Legacy) : Config=auto, Active=20 Desg.bridge/port : 8192.009c - 02d5 - 398 0, 128.13 Port edged : Config=disabled, Active=disabled Point - to - Point : Config=auto, Active=true Transmit limit : 10 packets/hello - time Protection type : Config=none, Active=none Rapid transition : True Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s ------- [VLAN 100 Global Info] ------- Protocol status : Enabled Bridge ID : 8192.cc3e - 5f73 - bacb Bridge times : Hello 2s MaxAge 20s FwdDelay 15s VlanRoot ID/RPC : 8192.cc3e - 5f73 - bacb, 0 RootPort ID : 0.0 BPDU - Protection : Disabled TC or TCN received : 0 Time since last TC : 0 days 2h:19m:15s ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port protocol : Enabled Port role : Designated Port Port I D : 128.6 Port cost(Legacy) : Config=auto, Active=20 Desg.bridge/port : 8192.cc3e - 5f73 - bacb, 128.6 Port edged : Config=disabled, Active=disabled Point - to - Point : Config=auto, Active=true Transmit limit : 10 packets/ hello - time Protection type : Config=none, Active=none Rapid transition : True Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s ---- [Port9(GigabitEthernet1/0/9)][FORWARDING] ---- Port protocol : Enabled Port role : Designated Port Port ID : 128.9 Port cost(Legacy) : Config=auto, Active=200 Desg.bridge/port : 8192.cc3e - 5f73 - bacb, 128.9 Port edged : Config=enabled, Active=enabled Point - to - Point : Config=auto, Active=true Transmit limit : 10 packets/hello - time Protection type : Config=none, Active=none Rapid transition : True Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s ------- [VLAN 220 Global Info] ------- Protocol status : Enabled Bridge ID : 20480.cc3e - 5f73 - bacb Bridge times : Hello 2s MaxAge 20s FwdDelay 15s VlanRoot ID/RPC : 8192.0023 - 89d5 - a059, 20020 RootPort ID : 128.6 BPDU - Protection : Disabled TC or TCN received : 0 Time since last TC : 0 days 2h:19m:15s ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ----

416. 415 Port protocol : Enabled Port role : Root Port Port ID : 128.6 Port cost(Legacy) : Config=auto, Active=20 Desg.bridge/port : 12288.009c - 02d5 - 3980, 128.13 Po rt edged : Config=disabled, Active=disabled Point - to - Point : Config=auto, Active=true Transmit limit : 10 packets/hello - time Protection type : Config=none, Active=none Rapid transition : True Port times : Hello 2s Ma xAge 20s FwdDelay 15s MsgAge 1s ------- [VLAN 230 Global Info] ------- Protocol status : Enabled Bridge ID : 32768.cc3e - 5f73 - bacb Bridge times : Hello 2s MaxAge 20s FwdDelay 15s VlanRoot ID/RPC : 32768.0022 - 91ab - 4380, 20020 Roo tPort ID : 128.6 BPDU - Protection : Disabled TC or TCN received : 0 Time since last TC : 0 days 2h:19m:15s ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port protocol : Enabled Port role : Root Port Port ID : 128.6 Port cost(Legacy) : Config=auto, Active=20 Desg.bridge/port : 32768.009c - 02d5 - 3980, 128.13 Port edged : Config=disabled, Active=disabled Point - to - Point : Config=auto, Active=true Transmit limit : 10 packets/hello - tim e Protection type : Config=none, Active=none Rapid transition : False Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 1s ------- [VLAN 240 Global Info] ------- Protocol status : Enabled Bridge ID : 12288.cc3e - 5f73 - bac b Bridge times : Hello 2s MaxAge 20s FwdDelay 15s VlanRoot ID/RPC : 8192.0022 - 91ab - 4380, 20020 RootPort ID : 128.6 BPDU - Protection : Disabled TC or TCN received : 0 Time since last TC : 0 days 2h:19m:15s ---- [Port6(GigabitEt hernet1/0/6)][FORWARDING] ---- Port protocol : Enabled Port role : Root Port Port ID : 128.6 Port cost(Legacy) : Config=auto, Active=20 Desg.bridge/port : 20480.009c - 02d5 - 3980, 128.13 Port edged : Config=disab led, Active=disabled Point - to - Point : Config=auto, Active=true Transmit limit : 10 packets/hello - time Protection type : Config=none, Active=none Rapid transition : True Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 1s Cisco Cisco(config)#spanning - tree ? backbonefast Enable BackboneFast Feature etherchannel Spanning tree etherchannel specific configuration extend Spanning Tree 802.1t extensions logging Enable Spanning tree logging loopguard Spanning tree loopguard options mode Spanning tree operating mode

422. 421 [ Comware ] display rip 1 database 10.0.0.0/8, cost 0, ClassfulSumm 10.0.111.0/24, cost 0, nexthop 10.0.111.31, Rip - interface 10.1.100.0/24, cost 0, nexthop 10.1.100.3, Rip - interface 10.1.220.0/24, cost 0, nexthop 1 0.1.220.3, Rip - interface 10.1.230.0/24, cost 0, nexthop 10.1.230.3, Rip - interface 10.1.240.0/24, cost 0, nexthop 10.1.240.3, Rip - interface Cisco Cisco(config)#router rip Cisco(config - router)#network 10.1.220.0 Cisco(config - router)#version 2 Cisco(config - router)#redistribute connected Cisco#sh ow ip rip database 10.0.0.0/8 auto - summary 10.0.111.0/24 directly connected, Vlan1 10.1.100.0/24 directly connected, Vlan100 10.1.220.0/24 directly connected, Vlan220 10.1.230.0/24 [1] via 10.1.240.3, 00:00:22, Vlan240 [1] via 10.1.220.3, 00:00:22, Vlan220 [1] via 10.1.100.3, 00:00:22, Vlan100 [1] via 10.1.220.1, 00:00:05, Vlan220 10.1.240.0/24 directly connected, Vlan240 Cisco#show ip rip database 10.1.220.0 255.255 .255.0 10.1.220.0/24 directly connected, Vlan220

434. 433 retransmission - list Link state retransmission list rib Routing Information Base (RIB) sham - links Sham link information statistics Various OSPF Statistics summary - address Summary - address redistribution Information timers OSPF timers information topology - info Topology Info traffic Traffic related statistics virtual - links Virtual link information | Ou tput modifiers <cr> Cisco#show ip ospf interface brief Interface PID Area IP Address/Mask Cost State Nbrs F/C Interface PID Area IP Address/Mask Cost State Nbrs F/C Vl220 1 0 10.1.220.4/2 4 1 DROTH 2/3 Vl100 1 1 10.1.100.4/24 1 DROTH 2/3 Vl230 1 0.0.0.2 10.1.230.4/24 1 DR 3/3 Cisco#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.0.0.21 1 FULL/DR 00:00:36 10.1.220.1 Vlan220 10.0.0.31 1 FULL/BDR 00:00:38 10.1.220.3 Vlan220 10.0.0.51 1 2WAY/DROTHER 00:00:34 10.1.220.5 Vlan220 10.0.0.21 1 FULL/DR 00:00:36 10.1.100.1 Vlan100 10.0.0.31 1 FULL/BDR 00:00:34 10.1.100.3 Vlan100 10.0.0.51 1 2WAY/DROTHER 00:00:38 10.1.100.5 Vlan100 10.0.0.21 1 FULL/DROTHER 00:00:32 10.1 .230.1 Vlan230 10.0.0.31 1 FULL/BDR 00:00:38 10.1.230.3 Vlan230 10.0.0.51 1 FULL/DROTHER 00:00:31 10.1.230.5 Vlan230 Cisco#show ip ospf database OSPF Router with ID (10.0.0.41) (Process ID 1 ) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 10.0.0.21 10.0.0.21 474 0x8000000E 0x00B05E 1 10.0.0.31 10.0.0.31 626 0x80000012 0x00060F 1 1 0.0.0.41 10.0.0.41 630 0x80000004 0x00AD40 1 10.0.0.51 10.0.0.51 473 0x80000015 0x001790 1 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 10.1.220.5 10 .0.0.51 473 0x80000004 0x00D754 Summary Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 10.1.100.0 10.0.0.21 482 0x80000001 0x00DBD1 10.1.100.0 10.0.0.31 249 0x80000004 0x007B45 10.1.100.0 10.0.0.41 1594 0x80000009 0x00533E 10.1.100.0 10.0.0.51 819 0x80000009 0x003532 10.1.230.0 10.0.0.21 482 0x80000001 0x009A87 10.1.230.0 10.0.0.31 978 0x80000003 0x003CF9 10.1.230.0 10.0.0.41 1007 0x80000008 0x0014F2 10.1.230.0 10.0.0.51 995 0x80000003 0x00FFE1 Router Link States (Area 1)

445. 444 [Comware7]display bgp peer ipv4 BGP local router ID: 10.0.0.5 Local AS number: 64505 Total number of peers: 1 Peers in established state: 1 * - Dynamically created peer Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 10.0.101.21 64502 78 80 0 3 01:10:44 Establis hed Cisco Cisco(config)#router bgp ? <1 - 4294967295> Autonomous system number <1.0 - XX.YY> Autonomous system number Cisco(config)#router bgp 64504 ? <cr> Cisco(config)#router bgp 64504 Cisco(config - router)#bgp ? aggregate - timer Con figure Aggregation Timer always - compare - med Allow comparing MED from different neighbors asnotation Change the default asplain notation bestpath Change the default bestpath selection client - to - client Configur e client to client route reflection cluster - id Configure Route - Reflector Cluster - id (peers may reset) confederation AS confederation parameters dampening Enable route - flap dampening def ault Configure BGP defaults deterministic - med Pick the best - MED path among paths advertised from the neighboring AS dmzlink - bw Use DMZ Link Bandwidth as weight for BGP multipaths enforce - fi rst - as Enforce the first AS for EBGP routes(default) fast - external - fallover Immediately reset session if a link to a directly connected external peer goes down graceful - restart Graceful restart capability parame ters inject - map Routemap which specifies prefixes to inject log - neighbor - changes Log neighbor up/down and reset reason maxas - limit Allow AS - PATH attribute from any neighbor imposing a limit on num ber of ASes nexthop Nexthop tracking commands nopeerup - delay Set how long BGP will wait for the first peer to come up before beginning the update delay or graceful restart tim ers (in seconds) redistribute - internal Allow redistribution of iBGP into IGPs (dangerous) regexp Select regular expression engine route - map route - map control commands router - id Override configured rout er identifier (peers will reset) scan - time Configure background scanner interval slow - peer Configure slow - peer soft - reconfig - backup Use soft - reconfiguration inbound only when route - refresh is not negotiated suppress - inactive Suppress routes that are not in the routing table transport global enable/disable transport session parameters update - delay Set the max initial delay for sending update upgrade - cli Upgrade to hierarchical AFI mode Cisco(config - router)#bgp router - id ? A.B.C.D Manually configured router identifier vrf vrf - specific router id configuration

512. 511 ProVision# show ip pim ? bsr Show Bootstrap Router information. interface Show PIM interface information. mroute Show PIM - specific information from the IP multicast routing table. neighbor Show PIM neighbor information. pending Show (*,G) and (S,G) Join Pending Information. rp - candidate Show Candidate - RP operational and configuration information. rp - set Show RP - Set information available on the r outer. rpf - override Show the PIM RPF override entries. <cr> ProVision# show ip mroute interface Show IP multicast routing interfaces' information. IP - ADDR Show detailed information for the specified entry from the I P multicast routing table. <cr> Comware5 [Comware5] multicast routing - enable [Comware5] interface Vlan - interface 220 [Comware5 - Vlan - interface220]pim ? bfd Enable BFD for PIM on interface bsr - boundary Bootstrap router boundary dm Enable PIM dense mode hello - option Specify hello option holdtime Specify holdtime ipv6 PIM IPv6 status and configuration information neighbor - policy Policy to accept PIM hello messages require - genid Require generation id sm Enable PIM sparse/SSM mode state - refresh - capable State - refresh capability timer Specify PIM timer triggered - hello - delay Triggered hello delay [Comware5 - Vlan - interface220]pim sm ? <cr> [Comware5 - Vlan - interface220]pim sm [Comware5 - Vlan - interface220] pim [Comware5 - pim]? Pim protocol view commands: auto - rp Auto rendezvous point bidir - pim Specify parameters for bidirectional PIM bsm - fragment Semantic fragmentation of bootstrap messages bsr - policy Policy to accept PIM BSR messages c - bsr Candidate bootstrap rout er c - rp Candidate rendezvous point cfd Connectivity fault detection (IEEE 802.1ag) crp - policy Policy to accept PIM CRP messages display Display current syst em information dscp Differentiated Services Codepoint (DSCP) hello - option Specify hello option holdtime Specify holdtime jp - pkt - size Maximum join/prune packet size j p - queue - size Maximum join/prune entries sent once mtracert Trace route to multicast source ping Ping function probe - interval Probe interval

546. 545 Cisco(config)#ip dhcp snooping Cisco(config)#ip arp inspection ? filter Sp ecify ARP acl to be applied log - buffer Log Buffer Configuration smartlog Smartlog all the logged pkts validate Validate addresses vlan Enable/Disable ARP Inspection on vlans Cisco(config)#ip arp inspection vlan 220 Cisco(config)#in terface g1/0/6 Cisco(config - if)#ip arp ? inspection Arp Inspection configuration Cisco(config - if)#ip arp inspection ? limit Configure Rate limit of incoming ARP packets trust Configure Trust state C isco(config - if)#ip arp inspection trust ? <c r> Cisco(config - if)#ip arp inspection trust Cisco#show ip arp inspection ? interfaces Interface status log Log Buffer statistics Packet statistics on DAI configured vlans vlan Selected vlan range | Output modifiers <cr> Cisco# show ip arp inspection Source Mac Validation : Disabled Destination Mac Validation : Disabled IP Address Validation : Disabled Vlan Configuration Operation ACL Match Static ACL ---- ------------- ------- -- --------- ---------- 220 Enabled Active Vlan ACL Logging DHCP Logging Probe Logging ---- ----------- ------------ ------------- 220 Deny Deny Off Vlan Forward ed Dropped DHCP Drops ACL Drops ---- --------- ------- ---------- --------- 220 15 1 1 0 Vlan DHCP Permits ACL Permits Probe Permits Source MAC Failures - --- ------------ ----------- ------------- ------------------- 220 0 0 0 0 Vlan Dest MAC Failures IP Validation Failures Invalid Protocol Data ---- ----------------- -------- -------------- --------------------- 220 0 0 0 Cisco#show ip arp inspection interfaces ? FastEthernet FastEthernet IEEE 802.3

552. 551 Cisco No specific Cisco feature compared to this ProVision feature. Cisco’s Dynamic ARP Inspection provides rate limiting capability of incoming ARP packets. Cisco(config - if)#interface g 1/0/20 Cisco(config - if)#ip arp inspection ? limit Configure Rate limit of incoming ARP packets trust Configure Trust state Cisco(config - if)#ip arp inspection limit ? none No limit rate R ate Limit Cisco(config - if)#ip arp inspection limit rate ? <0 - 2048> Packets per second Cisco(config - if)#ip arp inspection limit rate 100 ? burst Configure Burst parameters for ARP packets <cr> Cisco(config - if)#ip arp inspection limit rate 100 C isco#sh ow ip arp inspection interfaces Interface Trust State Rate (pps) Burst Interval --------------- ----------- ---------- -------------- Gi1/0/1 Untrusted 15 1 Gi1/0/2 Untrusted 15 1 Gi1/0/3 Untrusted 15 1 Gi1/0/4 Untrusted 15 1 Gi1/0/5 Untrusted 15 1 Gi1/0/6 Untrusted 15 1 Gi1/0/7 Untrusted 15 1 Gi1/0/8 Untrusted 15 1 Gi1/0/9 Untrusted 15 1 Gi1/0/10 Untrusted 15 1 Gi1/0/11 Untrusted 15 1 Gi1/0/12 Untrusted 15 1 Gi1/0/13 Untrusted 15 1 Gi1/0/14 Untrusted 15 1 Gi1/0/15 Untrusted 15 1 Gi1/0/16 Untrusted 15 1 Gi1/0/17 Untrusted 15 1 Gi1/0/18 Untrusted 1 5 1 Gi1/0/19 Untrusted 15 1 Gi1/0/20 Untrusted 100 1 Gi1/0/21 Untrusted 15 1 Gi1/0/22 Untrusted 15 1 Gi1/0/23 Untrusted 15 1 Gi1/0/24 Untrusted 15 1 Gi1/0/25 Untrusted 15 1 Gi1/0/26 Untrusted 15 1 Gi1/0/27 Untrusted 15 1 Gi1/0/28 Untrusted 15 1 Te1/0/1 Untrusted 15 1 Te1/0/2 Untrusted 15 1 Po1 Untrusted 15 1

555. 554 authentication Configure authentication parameters on the switch. authorization Configure authorization parameters on the switch. port - access Configure 802.1X (Port Based Network Access), MAC address based network access, or web authentication based network access on the devic e. server - group Place the RADIUS server into the RADIUS server group. ProVision(config)# aaa authentication ? allow - vlan Configure authenticator ports to apply VLAN changes immediately. console Configure authentication mechanism used to control access to the switch console. disable - username Bypass the username during authentication while accessing the switch to get Manager or Operator access. local - user Cre ate or remove a local user account. lockout - delay The number of seconds after repeated login failures before a user may again attempt login. login Specify that switch respects the authentication server's pri vilege level. mac - based Configure authentication mechanism used to control mac - based port access to the switch. num - attempts The number of login attempts allowed. port - access C onfigure authentication mechanism used to control access to the network. ssh Configure authentication mechanism used to control SSH access to the switch. telnet Configure auth entication mechanism used to control telnet access to the switch. web Configure authentication mechanism used to control web access to the switch. web - based Configure authenticat ion mechanism used to control web - based port access to the switch. ProVision(config)# aaa authentication port - access ? local Use local switch user/password database. eap - radius Use EAP capable RADIUS ser ver. chap - radius Use CHAP (MD5) capable RADIUS server. ProVision(config)# aaa authentication port - access eap - radius ? none Do not use backup authentication methods. authorized Allow access without authentication. cached - reauth Grant access in case of reauthentication retaining the current session attributes. server - group Specify the server group to use. <cr> ProVision(config)# aaa authentication port - access eap - radius Pr oVision(config)# aaa port - access ? authenticator Configure 802.1X (Port Based Network Access) authentication on the device or the device's port(s). gvrp - vlans Enable/disable the use of RADIUS - assigned dynamic (GV RP) VLANs. local - mac Configure Local MAC address based network authentication on the device or the device's port(s). mac - based Configure MAC address based network authentication on the device or the device's port(s). [ethernet] PORT - LIST Manage general port security features on the device port(s). supplicant Manage 802.1X (Port Based Network Access) supplicant on the device ports. web - based Configure web authentication based network authentication. ProVision(config)# aaa port - access authenticator ? active Activate/deactivate 802.1X authenticator. cached - reauth - delay Set period of time, in seconds, during which authent icator will

556. 555 not initiate reauthentications after a cached reauthentication. [ethernet] PORT - LIST Manage 802.1X on the device port(s). ProVision(config)# aaa port - access authenticator 14 ? auth - vid Configures VLAN whe re to move port after successful authentication (not configured by default). cached - reauth - period Time in seconds, during which cached reauthentication is allowed on the port.The minimum reauthentication peri od should be greater than 30 seconds. clear - statistics Clear the authenticator statistics. client - limit Set the maximum number of clients to allow on the port.With no client limit, authenticatio n happens in port - based mode, otherwise in client - based mode. control Set the authenticator to Force Authorized, Force Unauthorized or Auto state (default Auto). initialize Reinitiali ze the authenticator state machine. logoff - period Set period of time after which a client will be considered removed from the port for a lack of activity. max - requests Set maximum number of times the switch retrans mits authentication requests (default 2). quiet - period Set the period of time the switch does not try to acquire a supplicant (default 60 sec.). reauth - period Set the re - authentication timeou t (in seconds, default 0); set to '0' to disable re - authentication. reauthenticate Force re - authentication to happen. server - timeout Set the authentication server response timeout (default 300 sec.). supplicant - timeo ut Set the supplicant response timeout on an EAP request (default 30 sec.). tx - period Set the period of time the switch waits until retransmission of EAPOL PDU (default 30 sec.). unauth - period Set period of time the switch waits for authentication before moving the port to the VLAN for unauthenticated clients. unauth - vid Configures VLAN where to keep port while there is an unauthe nticated client connected (not configured by default). <cr> ProVision(config)# aaa port - access authenticator 1 4 ProVision(config)# a aa port - access authenticator 14 unauth - vid 99 ProVision(config)# aaa port - access authenticator 14 client - limit 1 ProVis ion(config)# aaa port - access authenticator active ProVision# show port - access authenticator ? [ethernet] PORT - LIST Show information for specified ports only. clients Show the current 802.1X client session statistics. config Show 802.1X authenticator configuration. session - counters Show 802.1X current (or last if no current sessions open) sessions counters. statistics Show authentication sessions statistics for 802.1X authenticator. vlan Show authorized and unauthorized vlans for 802.1X authenticator. <cr> ProVision# show port - access authenticator Port Access Authenticator Status Port - access authenticator activated [No] : Yes Allow RADIUS - assigned dynamic (G VRP) VLANs [No] : No Auths/ Unauth Untagged Tagged % In RADIUS Cntrl Port Guests Clients VLAN VLANs Port COS Limit ACL Dir Port Mode ---- ------- ------- -------- ------ --------- ----- ------ ----- ----------

594. 593 Cisco(config - if)#dot1x ? authenticator Configure authenticator parameters credentials Credentials profile config uration default Configure Dot1x with default values for this port max - reauth - req Max No. of Reauthentication Attempts max - req Max No. of Retries max - start Max No. of EAPOL - Start requests pae Set 802.1x interface pae type supplicant Configure supplicant parameters timeout Various Timeouts Cisco(config - if)#dot1x pae ? authenticator Set pae type as Authenticator both Set pae type as both Supplicant and Authenticator supplicant Set pae type as Supplicant Cisco(config - if)#dot1x pae authenticator ? <cr> Cisco(config - if)#dot1x pae authenticator Cisco(config - if)#authentication ? control - direction Set the control - direction on the interface event Set action for a uthentication events fallback Enable the Webauth fallback mechanism host - mode Set the Host mode for authentication on this interface linksec Configure link security parameters open Enable or Disable open access on this port order Add an authentication method to the order list periodic Enable or Disable Reauthentication for this port port - control Set the port - control value priority Add an authentication method to the priority list timer Set authentication timer values violation Configure action to take on security violations Cisco(config - if)#authentication fallback fallback1 Cisco(config - if)#authentication order webauth Cisco(config - if)#authentication port - control auto Cisco(config - if)#ip access - group web - auth - policy1 in Cisco(config - if)#ip admission web - auth - rule1 Cisco#show ip admission cache Authentication Proxy Cache Total Sessions: 1 Init Sessions: 0 Client IP 10.1.220.102 P ort 49647, timeout 60, state ESTAB Cisco#show authentication interface g1/0/18 Client list: Interface MAC Address Method Domain Status Session ID Gi1/0/18 705a.b6e8.6783 webauth DATA Authz Success 0A00002900000007006B16FC Ava ilable methods list: Handle Priority Name 3 0 dot1x 1 2 webauth Runnable methods list: Handle Priority Name 1 0 webauth

606. 605 Cisco#show monitor Session 1 --------- Type : Remote Destination Session Source RSPAN VLAN : 950 Destination Ports : Gi1/0/4 Encapsulation : Replicate Ingress : Disabled Cisco#show monitor session 1 detail Session 1 --------- Type : Remote Destination Session Description : - Source Ports : RX Only : None TX Only : None Both : None Source VLANs : RX Only : None TX Only : None Both : None Source RSPAN VLAN : 950 Destination Ports : Gi1/0/4 Encapsulation : Replicate Ingress : Disabled Filter VLANs : None Dest RSPAN VLAN : None IP Access - group : None MAC Access - group : None IPv6 Access - group : None

80. 79 Cisco(config - cc - policy)# exit Cisco(config)#username man ager privilege 15 ? aaa AAA directive access - class Restrict access by access - class algorithm - type Algorithm to use for hashing the plaintext secret for the user autocommand Automatically issue a command after the user logs in callback - dialstring Callback dialstring callback - line Associate a specific line with this callback callback - rotary Associate a rotary group with this callback common - crit eria - policy Enter the common - criteria policy name dnis Do not require password when obtained via DNIS mac This entry is for MAC Filtering where username=mac nocallback - verify Do not require authentication after callback noescape Prevent the user from using an escape character nohangup Do not disconnect after an automatic command nopassword No password is required for the user to log in password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user user - maxlinks Limit the user's number of inbound links view Set view name <cr> Cisco(config)#username manager privilege 15 common - criteria - policy ? WORD Name of policy Cisco(config)#username manager privilege 15 common - criteria - policy pwcomplex ? aaa AAA directive access - class Restrict ac cess by access - class algorithm - type Algorithm to use for hashing the plaintext secret for the user autocommand Automatically issue a command after the user logs in callback - dialstring Callback dialst ring callback - line Associate a specific line with this callback callback - rotary Associate a rotary group with this callback common - criteria - policy Enter the common - criteria policy name dnis Do not require passw ord when obtained via DNIS mac This entry is for MAC Filtering where username=mac nocallback - verify Do not require authentication after callback noescape Prevent the user from using an escape character nohan gup Do not disconnect after an automatic command nopassword No password is required for the user to log in password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user user - maxlinks Limit the user's number of inbound links view Set view name <cr> Cisco(config)#username manager privilege 15 common - criteria - policy pwcomplex password ? 0 Specifies an UNENCRYPTED password will follow 7 Specifies a HIDDEN password will follow LINE The UNENCRYPTED (cleartext) user password Cisco(config)#username manager privilege 15 common - criteria - policy pwcomplex password PA55word!^ ? Cisco( config)#username manager privilege 15 common - criteria - policy pwcomplex password PA55word!^ LINE <cr> Cisco(config)#username manager privilege 15 common - criteria - policy pwcomplex password

88. 87 < Comware 5 > display version HP Comware Platform Software Comware Software, Version 5.20.99, Release 2221P07 Copyright (c) 2010 - 2014 Hewlett - Packard Development Company, L.P. HP A5500 - 24G - PoE+ EI Switch with 2 Interface Slots uptime is 0 week, 0 day, 0 hour, 38 minutes HP A5500 - 24G - PoE+ EI Switch with 2 Interface Slots with 1 Processor 256M bytes SDRA M 32768K bytes Flash Memory Hardware Version is REV.C CPLD Version is 002 Bootrom Version is 721 [SubSlot 0] 24GE+4SFP+POE Hardware Version is REV.C < Comware 5 > tftp ? STRING<1 - 20> IP address or hostname of a remote system ipv6 IPv6 TFTP cl ient < Comware 5 > tftp 10. 0.100.111 ? get Download file from remote TFTP server put Upload local file to remote TFTP server sget Download securely from remote TFTP server < Comware 5 > tftp 10. 0.100.111 get ? STRING<1 - 135> Source filename < Comwar e 5 > tftp 10. 0.100.111 get A5500EI - CMW520 - R2221P0 7 .bin ? STRING<1 - 135> Destination filename source Specify a source vpn - instance Specify a VPN instance <cr> < Comware 5 > tftp 10. 0.100.111 get A5500EI - CMW520 - R2221P0 7 .bin <Comware 5 >scp ? STRING<1 - 20> Address or host name of the remote system ipv6 IPv6 protocol <Comware 5 >scp 10.0.100.111 ? INTEGER<0 - 65535> Port number get Download a file put Upload a file <Comwa re 5 >scp 10.0.100.111 get ? ST RING<1 - 135> Source file name <Comware 5 >scp 10.0.100.111 get A5500EI - CMW520 - R2221P07.bin ? STRING<1 - 135> Destination file name identity - key Specify the algorithm for publickey authentication prefer - ctos - cipher Specify the preferred enc ryption algorithm from client to server prefer - ctos - hmac Specify the preferred HMAC algorithm from client to server prefer - kex Specify the preferred key exchange algorithm prefer - stoc - cipher Sp ecify the preferred encryption algorithm from server to client prefer - stoc - hmac Specify the preferred HMAC algorithm from server to client username Specify the user name <cr>

217. 216 system For sy stem events. update Enable accounting update records. vrrs For VRRS accounting. Cisco(config)#aaa accounting exec ? WORD Named Accounting list (max 31 characters, longer will be rejected). default The default accountin g list. Cisco(config)#aaa accounting exec default ? none No accounting. start - stop Record start and stop without waiting stop - only Record stop when service terminates. <cr> Cisco(config)#aaa accounting exec default start - stop ? broadc ast Use Broadcast for Accounting group Use Server - group Cisco(config)#aaa accounting exec default start - stop group ? WORD Server - group name radius Use list of all Radius hosts. tacacs+ Use list of all Tacacs+ hosts. Cisco(config)#aaa accounting exec default start - stop group radius ? group Use Server - group <cr> Cisco(config)#aaa accounting exec default start - stop group radius Cisco(config)#aaa accounting network default start - stop group radius Cisco(config)#aaa accounting sys tem default start - stop group radius Cisco #show aaa user all -------------------------------------------------- Unique id 1 is currently in use. Accounting: log=0x18001 Events recorded : CALL START INTERIM START INTERIM STOP update method (s) : NONE update interval = 0 Outstanding Stop Records : 0 Dynamic attribute list: 03802C08 0 00000001 connect - progress(44) 4 No Progress 03802C1C 0 00000001 pre - session - time(272) 4 269025(41AE1) 03802C30 0 00000001 elapsed_time(339) 4 0(0) 03802C44 0 00000001 pre - bytes - in(268) 4 0(0) 03802C58 0 00000001 pre - bytes - out(269) 4 0(0) 039A269C 0 00000001 pre - paks - in(270) 4 0(0) 039A26B0 0 00000001 pre - paks - out(271) 4 0(0) No data for type EXEC No data for type CONN NE T: Username=(n/a) ...

238. 237 Start Paks In = 0 Start Paks Out = 0 Byte/Packet Counts till Service Up: Pre Bytes In = 0 Pre Bytes Out = 0 Pre Paks In = 0 Pre Paks Out = 0 Cumulative Byte/Packet Counts : Bytes In = 0 Bytes Out = 0 Paks In = 0 Paks Out = 0 StartTime = 18:05:16 US - Cent Feb 28 1993 Authen: no data Kerb: No data available Meth: No data available Preauth: No Preauth data. General: No General data. PerU: No data available Service Profile: No Service Profile data. ...

268. 267 flash1: Copy to flash1: file system flash: Copy to flash: file system null: Copy to null: fil e system nvram: Copy to nvram: file system running - config Update (merge with) current system configuration startup - config Copy to startup configuration syslog: Copy to syslog: file system system: Copy to system: file sy stem tmpsys: Copy to tmpsys: file system Cisco#copy tftp://10.199.111.200/ c3750e - universalk9 - mz.150 - 2.SE7.bin flash:/boot/ c3750e - universalk9 - mz.150 - 2.SE7.bin Destination filename [/boot/ c3750e - universalk9 - mz.150 - 2.SE7.bin ]? Accessing tftp://10.1 99.111.200/ c3750e - universalk9 - mz.150 - 2.SE7.bin ... Loading c3750e - universalk9 - mz.150 - 2.SE7.bin from 10.199.111.200 (via FastEthernet0): Cisco#show lldp neighbors ? FastEthernet FastEthernet IEEE 802.3 GigabitEthernet GigabitEthernet IEEE 80 2.3z TenGigabitEthernet Ten Gigabit Ethernet detail Show detailed information | Output modifiers <cr> Cisco#show lldp neighbors fastEthernet 0 ? detail Show detailed information | Output modifiers <cr> Cisco#show lldp neighbors fastEthernet 0 Capability codes: (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other Device ID Local Intf Hold - time Capability Po rt ID 2520 - 8 - OOBM Fa0 98 B 7 Total entries displayed: 1

307. 306 pim - snooping PIM s nooping module ping Ping function port Assign ports to or remove ports from the VLAN private - vlan Private VLAN function protocol - vlan Protocol - based VLAN quit Exit from curr ent command view return Exit to User View save Save current configuration security - logfile Security log file configuration subvlan Specify sub - VLAN supervlan Specify the VLAN as a super VLAN tracert Tracert function undo Cancel current setting [Comware7 - vlan220]port ? FortyGigE FortyGigE interface GigabitEthernet GigabitEthernet interface Ten - GigabitEthernet Ten - GigabitE thernet interface [Comware7 - vlan220]port g1/0/4 ? FortyGigE FortyGigE interface GigabitEthernet GigabitEthernet interface Ten - GigabitEthernet Ten - GigabitEthernet interface to Range of interfaces <cr> [Comware7 - vlan220]port g1/0/4 [Comware 7 ] display vlan 220 VLAN ID: 220 VLAN type: Static Route interface: Not configured Description: VLAN 0220 Name: test Tagged ports: GigabitEthernet1/0/6 Untagged ports: GigabitEthernet1/0/4 [Comware 7 ] display vlan 100 VLAN ID: 100 VLAN type: Static Route interface: Not configured Description: VLAN 0100 Name: VLAN 0100 Tagged ports: GigabitEthernet1/0/6 Untagged ports: GigabitEthernet1/0/5 GigabitEthernet1/0/9 [Comware7 ]dis play vl an 1 VLAN I D: 1 VLAN type: Static Route interface: Configured IPv4 address: 10.0.111.51 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0001 Name: VLAN 0001 Tagged ports: None Untagged ports: FortyGigE1/0/53 FortyGigE1/0/54 GigabitEt hernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3 GigabitEthernet1/0/6 GigabitEthernet1/0/7 GigabitEthernet1/0/8

320. 319 BOOTPREQUEST: 0 DHCP packets sent to clients: 0 DHCPOFFER: 0 DHCPAC K: 0 DHCPNAK: 0 BOOTPREPLY: 0 Cisco Cisco(config)#interface vlan 220 Cisco(config - if)#ip ? Interface IP configuration subcommands: access - group Specify access c ontrol for packets accounting Enable IP accounting on this interface address Set the IP address of an interface admission Apply Network Admission Control auth - proxy Apply authenticaton proxy authentication authentication subcommands bandwidth - percent Set EIGRP bandwidth limit broadcast - address Set the broadcast address of an interface cef Cisco Express Forwarding interface commands cgmp Enable/disable CGMP da mpening - change Percent interface metric must change to cause update dampening - interval Time in seconds to check interface metrics dhcp Configure DHCP parameters for this interface directed - broadcast Enable forwarding of directed b roadcasts flow NetFlow related commands header - compression IPHC options hello - interval Configures EIGRP - IPv4 hello interval helper - address Specify a destination address for UDP broadcasts hold - time Configures E IGRP - IPv4 hold time igmp IGMP interface commands information - reply Enable sending ICMP Information Reply messages irdp ICMP Router Discovery Protocol load - sharing Style of load sharing local - proxy - arp En able local - proxy ARP mask - reply Enable sending ICMP Mask Reply messages mroute - cache Enable switching cache for incoming multicast packets mtu Set IP Maximum Transmission Unit multicast IP multicast interfa ce commands next - hop - self Configures EIGRP - IPv4 next - hop - self ospf OSPF interface commands pim PIM interface commands probe Enable HP Probe support proxy - arp Enable proxy ARP rarp - ser ver Enable RARP server for static arp entries redirects Enable sending ICMP Redirect messages rgmp Enable/disable RGMP rip Router Information Protocol route - cache Enable fast - switching cache for outgoing packets rsvp RSVP Interface Commands rtp RTP parameters sap Session Advertisement Protocol interface commands security DDN IP Security Option split - horizon Perform split horizon sticky - arp Allow the creation of sticky ARP entries summary - address Perform address summarization tcp TCP interface commands

341. 340 mdi Specify mdi type mirroring - group Specify mirroring - group mirroring - port Specify mirroring port mld - snooping Configure MLD snooping characteristic monitor - port Specify monitor port mrp Multiple Register Protocol mtracert Trace route to multicast source multicast - suppression Specify the multicast storm control mvrp Multiple VLAN Registration Protocol ndp Neighbor discovery p rotocol ntdp Specify NTDP configuration information oam OAM protocol packet - filter Specify packet filter ping Ping function poe Configure PoE port port Configure or modify aggregate parameters on a port port - isolate Specify port - isolate configuration information port - security Specify port - security configuration information portal Portal protocol qinq Specify 802.1Q - in - Q VPN function qos Command of QoS(Quality of Service) quit Exit from current command view return Exit to User View rmon Specify RMON save Save current configuration sflow Specify sFlow configuration information shutdown Shut down this interface smart - link Configure smart link speed Specify speed of current port storm - constrain Port storm - constrain stp Spanning tree protocol tracert Trace route function undo Cancel current setting unicast - suppression Specify the unicast storm control virtua l - cable - test Virtual cable test information vlan Set VLAN precedence voice Specify voice VLAN [Comware5 - GigabitEthernet1/0/1]mvrp ? enable Enable MVRP on port registration MVRP registration mode [Com ware5 - GigabitEthernet1/0/1]mvrp enable ? <cr> [Comware5 - GigabitEthernet1/0/1]mvrp enable [Comware5 - GigabitEthernet1/0/1]quit [Comware5]display mvrp ? running - status MVRP running status state MVRP machine information statistics MVRP packet statistics vlan - operation Dynamic VLAN operation information [Comware5]display mvrp running - status ? interface Specify the interface | Matching output <cr> [Comware5]display mvrp running - status ------- [MVRP Global Info] --- ---- Global Status : Enabled

359. 358 Voice VLAN enabled ports and their modes: Port VLAN Mode CoS DSCP GigabitEthernet1/0/5 230 AUTO 6 46 <Comware7>dis play voice - vlan mac - address OUI Address Mask Description 0001 - e300 - 0000 ffff - ff00 - 0000 Siemens phone 0003 - 6b00 - 0000 ffff - ff00 - 0000 Cisco phone 0004 - 0d00 - 0000 ffff - ff00 - 0000 Avaya phone 000f - e200 - 0000 ffff - ff00 - 0000 H3C Aolynk phone 0 013 - 6000 - 0000 ffff - ff00 - 0000 Cisco - 7960 0060 - b900 - 0000 ffff - ff00 - 0000 Philips/NEC phone 00d0 - 1e00 - 0000 ffff - ff00 - 0000 Pingtel phone 00e0 - 7500 - 0000 ffff - ff00 - 0000 Polycom phone 00e0 - bb00 - 0000 ffff - ff00 - 0000 3Com phone Cisco Cisco(config)#vlan 2 30 Cisco(config - vlan)#name voice Cisco(config)#interface g 1/0/5 Cisco(config - if)#switchport Cisco(con fig - if)#switchport access vlan 220 Cisco(config - if)#switchport mode access Cisco(con fig - if)#switchport voice vlan 230 Cisco#show interfaces g1/0/5 switchport Name: Gi1/0/5 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: Off Access Mode VLAN: 220 (test) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: 230 (voice) Administrative private - vlan host - association: none Administrative private - vlan mapping: none Administrative private - vlan trunk native VLAN: no ne Administrative private - vlan trunk Native VLAN tagging: enabled Administrative private - vlan trunk encapsulation: dot1q Administrative private - vlan trunk normal VLANs: none Administrative private - vlan trunk associations: none Administrative private - vlan t runk mappings: none Operational private - vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2 - 1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none

370. 369 Cisco Cisco(config)#interface port - channel 1 Cisco(config - if)#switchport trunk encapsulation dot1q Cisco (config - if)#switchport trunk allowed vlan 22 0 Cisco(config - if)#switchport mode access Cisco(config - if)#switchport nonegotiate Cisco(config)#interface range g 1/ 0/23 - 24 Cisco(config - if - range)#switchport trunk encapsulation dot1q Cisco(config - if - range )#switchport trunk allowed vlan 22 0 Cisco(config - if - range)#switchport mode access Cisco(config - if - range)#switchport nonegotiate Cisco(config - if - range)#channel - group 1 mode on Cisco#show etherchannel 1 summary Flags: D - down P - bundled in por t - channel I - stand - alone s - suspended H - Hot - standby (LACP only) R - Layer3 S - Layer2 U - in use f - failed to allocate aggregator M - not in use, minimum links not met u - unsuitable for bundl ing w - waiting to be aggregated d - default port Number of channel - groups in use: 1 Number of aggregators: 1 Group Port - channel Protocol Ports ------ + ------------- + ----------- + --------------------------------------------- -- 1 Po1(SU) - Gi1/0/23(P) Gi1/0/24(P) Cisco#show interfaces etherchannel ---- GigabitEthernet1/0/23: Port state = Up Mstr In - Bndl Channel group = 1 Mode = On Gcchange = - Port - channel = Po1 GC = - Pseudo port - channel = Po1 Port index = 0 Load = 0x00 Protocol = - Age of the port in the current state: 0d:00h:01m:53s ---- GigabitEthernet1/0/24: Port state = Up Mstr In - Bndl Channel group = 1 Mode = On Gcchange = - Port - channel = Po1 GC = - Pseudo port - channel = Po1 Port index = 0 Load = 0x00 Protocol = - Age of the port in the current state: 0d:00h:01m:51s

377. 376 config - digest - snooping Specify configuration digest snooping cost Specify port path cost disable Disable spanning tree protocol on a port edged - port Specify edge port enable Enable spanning tree protocol on a port instance Spanning tree instance loop - protection Specif y loop protection mcheck Specify mcheck no - agreement - check Specify port ignore agreement information point - to - point Specify point to point link port Specify port parameter root - protection Specify root protection transmit - limit Specify transmission limit count vlan Virtual LAN [Comware5 - GigabitEthernet1/0/ 4 ]stp edged - port enable [Comware5 - GigabitEthernet1/0/4 ]stp cost 10000 [Comware5 - GigabitEthernet1/0/4 ]s tp port priority 96 (note – in steps of 16 , default setting is 128 ) [Comware5]display stp ? abnormal - port Display abnormal ports bpdu - statistics STP BPDU statistics brief Brief information down - port Po rt information of protocol down history Root or alternate port history instance Spanning tree instance interface Specify interface region - configuration Region configuration root Display sta tus and configuration of the root bridge slot Slot Number tc Port TC count vlan Virtual LAN | Matching output <cr> [Comware 5 ] display stp ------- [CIST Global Info][Mode RST P] ------- CIST Bridge :12288.0023 - 89d5 - a059 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :8192.009c - 02d5 - 3980 / 20 CIST RegRoot/IRPC :12288.0023 - 89d5 - a059 / 0 CIST RootPortId :128.6 BPDU - Protection :dis abled Bridge Config - Digest - Snooping :disabled TC or TCN received :0 Time since last TC :0 days 0h:32m:50s ... ---- [Port1(GigabitEthernet1/0/1)][FORWARDING] ---- Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=20

378. 377 Desg. Bridge/Port :12288.0023 - 89d5 - a059 / 128.1 Port Edged :Config=disabled / Active=disabled Point - to - point :Config=auto / Active=true Transmit Limit :10 packets/hello - time Protection Type :None MST BPDU Format :Config=auto / Active=802.1s Port Config - Digest - Snooping :disabled Rapid transition :true Num of Vlans Mapped :1 PortTimes :Hello 2s MaxAge 20s FwDly 15s MsgAge 1s RemHop 20 BPDU Sent :1026 TCN: 0, Config: 0, RST: 985, MST: 41 BPDU Received :2 TCN: 0, Config: 0, RST: 0, MST: 2 ... ---- [Port4(GigabitEthernet1/0/4)][FORWARDING] ---- Port Protocol :enabled Port Role :CIST Designated Port Port Priority :96 Port Cost(Legacy) :Config=10000 / Active=10000 Desg. Bridge/Port :12288.0023 - 89d5 - a059 / 96.4 Port Edged :Config=enabled / Active=enabled Point - to - point :Config=auto / Active=true Transmit Limit :10 pac kets/hello - time Protection Type :None MST BPDU Format :Config=auto / Active=legacy Port Config - Digest - Snooping :disabled Rapid transition :false Num of Vlans Mapped :1 PortTimes :Hello 2s MaxAge 20s FwDly 15s MsgAge 1s RemH op 20 BPDU Sent :1028 TCN: 0, Config: 0, RST: 988, MST: 40 BPDU Received :0 TCN: 0, Config: 0, RST: 0, MST: 0 ---- [Port5(GigabitEthernet1/0/5)][FORWARDING] ---- Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=200 Desg. Bridge/Port :12288.0023 - 89d5 - a059 / 128.5 Port Edged :Config=disabled / Active=disabled Point - to - point :Config=auto / Active=true Transmit Li mit :10 packets/hello - time Protection Type :None MST BPDU Format :Config=auto / Active=legacy Port Config - Digest - Snooping :disabled Rapid transition :false Num of Vlans Mapped :3 PortTimes :Hello 2s MaxAge 20s FwDly 15 s MsgAge 1s RemHop 20 BPDU Sent :1028 TCN: 0, Config: 0, RST: 988, MST: 40 BPDU Received :0 TCN: 0, Config: 0, RST: 0, MST: 0

380. 379 [ Comware 7 ] stp priority 16384 (note – in steps of 4096 , default setting is 32768 ) [Comware7]int erface g1/0/4 [Comware7 - GigabitEthernet1/0/4]stp ? compliance Specify MST BPDU Format config - digest - snooping Specify c onfiguration digest snooping cost Specify port path cost edged - port Specify edge port enable Enable STP instance Specify the spanning tree instance list loop - protection Speci fy loop protection mcheck Specify mcheck no - agreement - check Specify port ignore agreement information point - to - point Specify point to point link port Specify port parameter role - restriction Forbid the port to be a root port root - protection Specify root protection tc - restriction Restrict propagation of TC message transmit - limit Specify transmission limit count vlan Specify the VLAN list [ Comware 7 - GigabitEthernet1/0/ 4]stp edged - port [ Comware 7 - GigabitEthernet1/0/4 ]stp cost 10000 [ Comware 7 - GigabitEthernet1/0/4 ]stp port priority 96 (note – in steps of 16 , default setting is 128 ) [Comware7]display stp ? > Redirect i t to a file >> Redirect it to a file in append mode abnormal - port Display abnormal ports bpdu - statistics BPDU statistics brief Brief information down - port Port information of protocol d own history History of port roles instance Specify the spanning tree instance list interface Specify interface region - configuration Region configuration root Display status and configuratio n of the root bridge slot Specify the slot number tc Port TC count vlan Specify the VLAN list | Matching output <cr> [ Comware 7 ] display stp ------- [CIST Global Info][Mode R STP] ------- Bridge ID : 16384.cc3e - 5f73 - bacb Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20 Root ID/ERPC : 8192.009c - 02d5 - 3980, 20 RegRoot ID/IRPC : 16384.cc3e - 5f73 - bacb, 0 RootPort ID : 128.6

397. 396 Digest - Snooping : Disabled TC or TCN received : 68 Time since last TC : 0 days 0h:2 9m:41s ... ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port protocol : Enabled Port role : Root Port Port ID : 128.6 Port cost(Legacy) : Config=auto, Active=20 Desg.bridge/port : 8192.009c - 02d5 - 3980, 128.13 Port edged : Config=disabled, Active=disabled Point - to - Point : Config=auto, Active=true Transmit limit : 10 packets/hello - time TC - Restriction : Disabled Role - Restriction : Disabled Protection type : Config=none, Active=none MST BPDU format : Config=auto, Active=802.1s Port Config - Digest - Snooping : Disabled Rapid transition : True Num of VLANs mapped : 1 Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s RemHops 20 BPDU sent : 2745 TCN: 0, Config: 0, RST: 3, MST: 2742 BPDU received : 5273 TCN: 0, Config: 0, RST: 1426, MST: 3847 ... ---- [Port9(GigabitEthernet1/0/9)][FORWARDING] ---- Port protocol : Enabled Port role : Designated Port Port ID : 160.9 Port cost(Legacy) : Config=10000, Active=10000 Desg.bridge/port : 16384.cc3e - 5f73 - bacb, 160.9 Port edged : Config=enabled, Active=enabled Point - to - Point : Config=auto, Active=true Transmit limit : 10 packets /hello - time TC - Restriction : Disabled Role - Restriction : Disabled Protection type : Config=none, Active=none MST BPDU format : Config=auto, Active=802.1s Port Config - Digest - Snooping : Disabled Rapid transition : True Num of VLANs mapped : 0 Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s RemHops 19 BPDU sent : 5604 TCN: 0, Config: 0, RST: 876, MST: 4728 BPDU received : 0 TCN: 0, Config: 0, RST: 0, MST: 0 ... ------- [MSTI 1 Global Info] ------- Bridge ID : 20480.cc3e - 5f73 - bacb RegRoot ID/IRPC : 8192.0023 - 89d5 - a059, 20020 RootPort ID : 128.6 Master bridge : 8192.009c - 02d5 - 3980 Cost to master : 20 TC received : 0 ---- [Port6(Giga bitEthernet1/0/6)][FORWARDING] ---- Port protocol : Enabled Port role : Root Port Port ID : 128.6 Port cost(Legacy) : Config=auto, Active=20 Desg.bridge/port : 12288.009c - 02d5 - 3980, 128.13 Protection type : Config= none, Active=none

401. 400 Cisco Cisco(confi g)#spanning - tree ? backbonefast Enable BackboneFast Feature etherchannel Spanning tree etherchannel specific configuration extend Spanning Tree 802.1t extensions logging Enable Spanning tree logging loopguard Spanning tree loop guard options mode Spanning tree operating mode mst Multiple spanning tree configuration pathcost Spanning tree pathcost options portfast Spanning tree portfast options transmit STP transmit parameters uplinkfa st Enable UplinkFast Feature vlan VLAN Switch Spanning Tree Cisco(config)#spanning - tree mode ? mst Multiple spanning tree mode pvst Per - Vlan spanning tree mode rapid - pvst Per - Vlan rapid spanning tree mode Cisco(confi g)#spanning - tree mode mst Cisco(config)#spanning - tree mst configuration Cisco(config - mst)#? abort Exit region configuration mode, aborting changes exit Exit region configuration mode, applying changes instance Map vlans to an MST instance name Set configuration name no Negate a command or set its defaults private - vlan Set private - vlan synchronization revision Set configuration revision number show Display region configurations Cisc o(config - mst)#name ProVision - Comware - Cisco Cisco(config - mst)#revision 1 Cisco (config - mst)# instance 1 vlan 220 Cisco(config - mst)# instance 2 vlan 100 Cisco(config - mst)# instance 3 vlan 240 Cisco(config)#sp anning - tree mst 0 priority 20480 (note - in crements of 4096 , default setting is 32768 ) Cisco(config)#s panning - tree mst 1 priority 16384 (note - increments of 4096 , default setting is 32768 ) Cisco(config)#sp anning - tree mst 2 priority 12288 (note - increments of 4096 , default setting is 32768 ) Cisco(config)#s panning - tree mst 3 priority 8192 (note - increments of 4096 , default setting is 32768 ) Cisco(config)#interface g1/0/9 Cisco(config - if)#spanning - tree ? bpdufilter Don't send or receive BPDUs on this interface bpduguard D on't accept BPDUs on this interface cost Change an interface's spanning tree port path cost guard Change an interface's spanning tree guard mode link - type Specify a link type for spanning tree protocol use

447. 446 shutdown Adminis tratively shut down this neighbor slow - peer Configure slow - peer soft - reconfiguration Per neighbor soft reconfiguration soo Site - of - Origin extended community timers BGP per neighbor timers translate - update Translate Update to MBGP format transport Transport options ttl - security BGP ttl security check unsuppress - map Route - map to selectively unsuppress suppressed rou tes update - source Source of routing updates version Set the BGP version to match a neighbor weight Set default weight for routes from this neighbor Cisco (config - router)#neighbor 10.0.10 1.21 remote - as ? <1 - 4294967295> AS of remote neighbor <1.0 - XX.YY> AS of remote neighbor Cisco (config - router)#neighbor 10.0.10 1. 21 remote - as 64502 ? shutdown Administratively shut down this neighbor <cr> Cisco (config - router)#neighbor 10.0.101.21 remote - as 645 02 Cisco(config - router)#redistribute connected Cisco(config - router)#network 10.0.241.0 ? backdoor Specify a BGP backdoor route mask Network mask nlri Specify nlri type for network route - map Route - map to modify the attributes < cr> Cisco(config - router)#network 10.0.241.0 mask ? A.B.C.D Network mask Cisco(config - router)#network 10.0.241.0 mask 255.255.255.0 Cisco#show ip bgp ? A.B.C.D Network in the BGP routing table to display A.B.C.D/nn IP prefix < network>/<length>, e.g., 35.0.0.0/8 all All address families cidr - only Display only routes with non - natural netmasks community Display routes matching the communities community - list Display routes matching the c ommunity - list dampening Display detailed information about dampening extcommunity - list Display routes matching the extcommunity - list filter - list Display routes conforming to the filter - list import Display route topology import / export activity inconsistent - as Display only routes with inconsistent origin ASs injected - paths Display all injected paths ipv4 Address family ipv6 Address family l2vpn Address family la bels Display Labels for IPv4 NLRI specific information neighbors Detailed information on TCP and BGP neighbor connections nexthops Nexthop address table nsap Address family oer - paths Display all oer controlled paths paths Path information peer - group Display information on peer - groups

457. 456 Auth Type : None Virtual IP : 10.1.220.1 Master IP : 10.1.220.10 [Comware5] display vrrp IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 1 Inter face VRID State Run Adver Auth Virtual Pri Timer Type IP --------------------------------------------------------------------- Vlan220 220 Backup 100 1 None 10.1.220.1 [Comware5] display vrrp interface Vlan - interface 220 IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers on interface Vlan220 : 1 Interface VRID State Run Adver Auth Virtual Pri Timer Type IP --------------------------------------------------------------------- Vlan220 220 Backup 100 1 None 10.1.2 20.1 Comware7 [Comware7]interface Vlan - interface 100 [Comware7 - Vlan - interface100]vrrp ? check - ttl Enable TTL check on VRRP packets dot1q Specify a VRRP control VLAN ipv6 Specify IPv6 Virtual Router version Specify version of VRRP vrid Specify the virtual router by its identifier [Comware7 - Vlan - interface100]vrrp vrid ? INTEGER<1 - 255> Virtual router identifier [Comware7 - Vlan - interface100]vrrp vrid 100 ? authentication - mode Configure authentication mode and authenticat ion key preempt - mode Enable preemption on the router priority Configure the priority of the router shutdown Shut down the virtual router source - interface Specify the source interface for the VRRP group timer Configure the value of the timer track Associate a track entry with the VRRP group to control master switchover in the VRRP group according to the state change of the track entry virtual - ip Assign an virtual IP address to the virtual router [Comware7 - Vlan - interface100]vrrp vrid 100 virtual - ip 10.1.100.1 ? <cr> [Comware7 - Vlan - interface100]vrrp vrid 100 virtual - ip 10.1.100.1 [Comware7 - Vlan - interface100]vrrp vrid 100 pri ority ? INTEGER<1 - 254> Priority value [Comware7 - Vlan - interface100]vrrp vrid 100 pri ority 254 [Comware7 - Vlan - interface100]vrrp ? check - ttl Enable TTL check on VRRP packets dot1q Specify a VRRP control VLAN

460. 459 <cr> Cisco(config - if)#vrrp 100 ip 10.1.100.1 Cisco(config - if)#vrrp 100 priority ? <1 - 254> Priority level Cisco(config - if)#vrrp 100 priority 100 ? <cr> Cisco(config - if)#vrrp 100 priority 100 Cisco#sh ow vrrp ? all Include groups in disabled state brief Brief output interface VRRP interface status and configuration | Output modifiers <cr> Cisco#sh ow vrrp Vlan100 - Group 100 State is Backup Virtual IP address is 10.1.100.1 Virtual MAC address is 0000.5e00 .0164 Advertisement interval is 1.000 sec Preemption enabled Priority is 101 Master Router is 10.1.100.5, priority is 254 Master Advertisement interval is 1.000 sec Master Down interval is 3.605 sec (expires in 3.043 sec) Cisco#sh ow vrrp brie f Interface Grp Pri Time Own Pre State Master addr Group addr Vl100 100 101 3605 Y Backup 10.1.100.5 10.1.100.1 Cisco#show vrrp interface vlan 100 Vlan100 - Group 100 State is Backup Virtual IP address is 10. 1.100.1 Virtual MAC address is 0000.5e00.0164 Advertisement interval is 1.000 sec Preemption enabled Priority is 101 Master Router is 10.1.100.5, priority is 254 Master Advertisement interval is 1.000 sec Master Down interval is 3.605 sec (ex pires in 2.909 sec)

479. 478 ProVision (vlan - 22 0)# ip access - group 11 0 vlan ProVision (vlan - 22 0)# ip access - group ext_ v acl vlan Comware5 Ethernet frame header ACL [ Comware 5 ]acl number ? INTEGER<2000 - 2999> Specify a basic acl INTEGER<3000 - 3999 > Specify an advanced acl INTEGER<4000 - 4999> Specify an ethernet frame header acl [ Comware 5 ]acl number 4000 [Comware 5 - acl - ethernetframe - 4000]? Acl - ethernetframe view commands: cfd Connectivity fault detection (IEEE 802.1ag) descriptio n Specify ACL description display Display current system information hardware - count Enable hardware ACL statistics mtracert Trace route to multicast source ping Ping function quit Exit from current comman d view return Exit to User View rule Specify an acl rule save Save current configuration step Specify step of acl sub rule ID tracert Trace route function undo Cancel current setting [ Comware 5 - acl - ethernetframe - 4000]rule ? INTEGER<0 - 65534> ID of acl rule deny Specify matched packet deny permit Specify matched packet permit remark Specify Rule Remark [ Comware 5 - acl - ethernetframe - 4000]rule de ny ? cos Specify 802.1p priority counting Specify Rule Counting dest - mac Specify dest mac address lsap Specify lsap type source - mac Specify source mac address time - range Specify a special time type Specify protoc ol type <cr> [ Comware 5 - acl - ethernetframe - 4000]rule deny dest - mac ? H - H - H 48 - bit hardware address [ Comware 5 - acl - ethernetframe - 4000]rule deny dest - mac 00aa - bbcc - ddee ? H - H - H 48 - bit hardware address mask [ Comware 5 - acl - ethernetframe - 4000]rule deny source - mac 00aa - bb00 - 0000 0000 - 00ff - ffff ? cos Specify 802.1p priority counting Specify Rule Counting

498. 497 [Comware7] display qos ? car Committed Access Rate (CAR) information gts Generic Traffic Shaping (GTS) information lr Line Rate (LR) information map - table Pri ority mapping table information policy QoS policy information qmprofile Queue management profile information queue Queue information queue - statistics Port queue statistics trust Priority trust mode and port priority information vlan - policy Apply a QoS policy to VLANs information wred Weighted Random Early Detection (WRED) information Cisco Cisco(config)#mls qos ? aggregate - policer Named aggregate policer map qos map keyword queue - set Choose a queue set for this queue rewrite Rewrite Packet/Frame srr - queue Configure SRR receive queues <cr> Cisco(config)#mls qos Cisco(config)#interface g1/ 0/5 Cisco(config - if)#mls qos ? cos cos keyword dscp - mutation dscp - mutation keyword ipe ipe keyword trust trust keyword vlan - based vlan - based keyword Cisco(config - if)#mls qos trust ? cos cos keyword device trusted device class dscp dscp keyword ip - precedence ip - precedence keyword <cr> Cisco(config - if)#mls qos trust dscp ? <cr> Cisco(config - if)#mls qos trust dscp Cisco(config)#mls qos map ? cos - dscp cos - dscp map: eight dscp values for cos 0 - 7 dscp - cos dscp - cos map keyword dscp - mutation dscp - mutation map keyword ip - prec - dscp dscp values for ip precedences 0 - 7 policed - dscp policed - dscp map keyword Cisco(config)#mls qos map dscp - cos ? <0 - 63> DSCP values separated by space s (up to 8 values total) Cisco(config)#mls qos map dscp - cos 0 8 16 24 32 40 48 56 ? to to keyword Cisco(config)#mls qos map dscp - cos 0 8 16 24 32 40 48 56 to ? <0 - 7> cos value Cisco(config)#mls qos map dscp - cos 0 8 16 24 32 40 48 56 to 0 ?

537. 536 [Comware7]display dhcp snooping packet statistics DHCP packets r eceived : 38 DHCP packets sent : 3 Invalid DHCP packets dropped : 0 Cisco Cisco(config)#ip dhcp snooping ? database DHCP snooping database agent information DHCP Snooping information verify DHCP snooping verify vlan DHCP Snooping vlan <cr> Cisco(config)#ip dhcp snooping Cisco(config)#ip dhcp snoo ping database tftp://10.0.100.111 /Cisco_dhcp.txt Cisco(config)#ip dhcp snooping information ? option DHCP Snooping informati on option Cisco(config)#ip dhcp snooping information option ? allow - untrusted DHCP Snooping information option allow - untrusted format Option 82 information format <cr> Cisco(config)#ip dhcp snooping information option allow - untrusted ? <cr> Cisco(config)#ip dhcp snooping information option format ? remote - id Remote id option 82 format Cisco(config)#ip dhcp snooping information option format remote - id ? hostname Use configured hostname for remote id string User defined st ring for remote id Cisco(config)#ip dhcp snooping verify ? mac - address DHCP snooping verify mac - address no - relay - agent - address DHCP snooping verify giaddr Cisco(config)#ip dhcp snooping verify mac - address ? <cr> Cisco(config)#ip dhcp snooping verify no - relay - agent - address ? <cr> Cisco(config)#ip dhcp snooping vlan ? WORD DHCP Snooping vlan first number or vlan range, example: 1,3 - 5,7,9 - 11 Cisco(config)#ip dhcp snooping vlan 220 Cisco(config)#interface g 1/ 0/6 Cisco(config - if )#ip dhcp snooping ? information DHCP Snooping information limit DHCP Snooping limit

538. 537 trust DHCP Snooping trust config vlan DHCP Snooping vlan Cisco(config - if)#ip dhcp snooping trust Cisco#show ip dhcp snooping ? binding DHCP snooping bindings database DHCP snooping database agent statistics DHCP snooping statistics | Output modifiers <cr> Cisco#show ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs: 220 DHCP snooping is operational on following VLANs: 220 Smartlog is configured on following VLANs: none Smartlog is operational on following VLANs: none DHCP snooping is configured on the following L3 Interfaces: Insertion of option 82 is enabled circ uit - id default format: vlan - mod - port remote - id: 0022.91ab.4380 (MAC) Option 82 on untrusted port is not allowed Verification of hwaddr field is enabled Verification of giaddr field is enabled DHCP snooping trust/rate is configured on the following Inter faces: Interface Trusted Allow option Rate limit (pps) ----------------------- ------- ------------ ---------------- GigabitEthernet1/0/6 yes yes unlimited Custom circuit - ids: Cisco#show ip dhcp snooping database Agent URL : tftp://10.0.100.111/Cisco_dhcp.txt Write delay Timer : 300 seconds Abort Timer : 300 seconds Agent Running : No Delay Timer Expiry : 164 (00:02:44) Abort Timer Expiry : Not Running Last Succeded Time : 18:03:54 US - Cent Sun May 17 2015 Last Failed Time : 17:59:18 US - Cent Sun May 17 2015 Last Failed Reason : Expected more data on read. Total Attempts : 7 Startup Failures : 2 Successful Transfers : 2 Failed Transfers : 5 Successful Reads : 1 Failed Reads : 3 Successful Writes : 1 Failed Writes : 0 Media Failures : 0 Cisco#show ip dhcp snooping statistics detail Packets Processed by DHCP Snooping = 2 Packets D ropped Because IDB not known = 0 Queue full = 0

559. 55 8 state Specify state of domain tracert Trace route function undo Cancel current se tting [Comware5 - isp - 8021x]authentication ? default Specify default AAA configuration lan - access Specify lan - access AAA configuration login Specify login AAA configuration portal Specify portal AAA configuration super Speci fy super AAA configuration [Comware5 - isp - 8021x]authentication lan - access ? local Specify local scheme none Specify none scheme radius - scheme Specify RADIUS scheme [Comware5 - isp - 8021x]authentication lan - access radius - scheme ? S TRING<1 - 32> Scheme name [Comware5 - isp - 8021x]authentication lan - access radius - scheme radius - auth ? local Specify local scheme none Specify none scheme <cr> [Comware5 - isp - 8021x]authentication lan - access radius - scheme radius - auth [Comware5 - isp - 8021x]authorization ? command Specify command AAA configuration default Specify default AAA configuration lan - access Specify lan - access AAA configuration login Specify login AAA configuration portal Specify portal AAA configur ation [Comware5 - isp - 8021x]authorization lan - access ? local Specify local scheme none Specify none scheme radius - scheme Specify RADIUS scheme [Comware5 - isp - 8021x]authorization lan - access radius - scheme ? STRING<1 - 32> Scheme nam e [Comware5 - isp - 8021x]authorization lan - access radius - scheme radius - auth ? local Specify local scheme none Specify none scheme <cr> [Comware5 - isp - 8021x]authorization lan - access radius - scheme radius - auth [Comware5 - isp - 8021x]accounting ? comm and Specify command AAA configuration default Specify default AAA configuration lan - access Specify lan - access AAA configuration login Specify login AAA configuration optional Optional accounting mode portal Specify portal A AA configuration [Comware5 - isp - 8021x]accounting lan - access ? local Specify local scheme none Specify none scheme radius - scheme Specify RADIUS scheme [Comware5 - isp - 8021x]accounting lan - access radius - scheme ? STRING<1 - 32> Schem e name

578. 577 fixed Use a shared account for all MAC authentication users mac - address Use MAC - based user accounts for MAC authentication users [Comware7] mac - authentication user - name - format mac - address ? wi th - hyphen Hyphenate the MAC address, for example xx - xx - xx - xx - xx - xx without - hyphen Exclude hyphens from the MAC address, for example xxxxxxxxxxxx <cr> [Comware7] mac - authentication user - name - format mac - address without - hyphen ? lowercase Letters in lowercase uppercase Letters in uppercase <cr> [Comware7] mac - authentication user - name - format mac - address without - hyphen [Comware7] display mac - authentication ? interface Display MAC - authentication interface configuration | Matching o utput <cr> [Comware7]display mac - authentication connection Slot ID: 1 User MAC address: e069 - 9578 - 4883 Access interface: GigabitEthernet1/0/16 Username: e06995784883 Authentication domain: 8021x Initial VLAN: 1 Authorization untagged VLAN: 220 Authoriza tion ACL ID: N/A Authorization user profile: N/A Termination action: N/A Session timeout period: N/A Online from: 2015/05/19 15:18:14 Online duration: 0h 3m 53s Total 1 connections matched. [Comware7] display mac - authentication interface g1/0/16 Global MAC authentication parameters: MAC authentication : Enabled User name format : MAC address in lowercase(xxxxxxxxxxxx) Username : mac Password : Not configured Offline detect period : 300 s Quiet peri od : 60 s Server timeout : 100 s Authentication domain : 8021x Max MAC - auth users : 4294967295 per slot Online MAC - auth users : 1 Silent MAC users: MAC address VLAN ID From port Port inde x GigabitEthernet1/0/16 is link - up MAC authentication : Enabled Authentication domain : Not configured Auth - delay timer : Disabled Re - auth server - unreachable : Logoff Guest VLAN : Not configured C ritical VLAN : Not configured Host mode : Single VLAN Max online users : 4294967295 Authentication attempts : successful 1, failed 0

591. 590 Cisco(config)#aaa ? accounting Accounting configurations parameters. attribute AAA attribute definitions authentication Authentication configurations parameters. authorization Authorization configurations parameters. cache AAA cache definitions con figuration Authorization configuration parameters. dnis Associate certain AAA parameters to a specific DNIS number group AAA group definitions local AAA Local Authen/Authz Method Lists local AAA Local method options max - sessions Adjust initial hash size for estimated max sessions memory AAA memory parameters nas NAS specific configuration new - model Enable NEW access control commands and functions.(Disables OLD commands.) pod POD processing policy AAA policy parameters server Local AAA server service - profile Service - Profile parameters session - id AAA Session ID traceback Traceback record ing user AAA user definitions Cisco(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting logi n/authentication. dot1x Set authentication lists for IEEE 802.1x. enable Set authentication list for enable. eou Set authentication lists for EAPoUDP fail - message Message to use for failed login/authentication. login Set authentication lists for logins. password - prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. suppress Do not send access request for a specific type of user. username - prompt Text to use when prompting for a username Cisco(config)#aaa authentication login ? WORD Named authentication list (max 31 characters, longer will be rejected). default The default authentication list. Cisco(config)#aaa authentication login default ? cache Use Cached - group enable Use enable password for authentication. group Use Server - group krb5 Use Kerberos 5 authentication. kr b5 - telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local - case Use case - sensitive local username au thentication. none NO authentication. passwd - expiry enable the login list to provide password aging support Cisco(config)#aaa authentication login default group ? WORD Server - group name ldap Use list of all LDAP hosts. radius Use list of all Radius hosts. tacacs+ Use list of all Tacacs+ hosts. Cisco(config)#aaa authentication login default group radius ? cache Use Cached - group

597. 596 [ Comware ] mirroring - group ? INTEGER<1 - 4> Mirroring group number [ Comware ] mir roring - group 1 ? local Local mirroring group mirroring - port Specify mirroring port monitor - egress Specify monitor - egress port monitor - port Specify monitor port reflector - port Specify reflector port remote - des tination Remote destination mirroring group remote - probe Specify remote probe VLAN remote - source Remote source mirroring group [ Comware ] mirroring - group 1 local ? <cr> [ Comware ] mirroring - group 1 local [ Comware ] mirroring - group 1 mirro ring - port ? GigabitEthernet GigabitEthernet interface [ Comware ] mirrorin g - group 1 mirroring - port g1/0/6 ? GigabitEthernet GigabitEthernet interface both Monitor the inbound and outbound packets inbound Monitor the inbound pac kets outbound Monitor the outbound packets to Range of interfaces [ Comware ] mirrorin g - group 1 mirroring - port g1/0/6 both ? <cr> [ Comware ] mirrorin g - group 1 mirroring - port g1/0/6 both [Comware] mirroring - group 1 monitor - port ? Bridge - Aggregation Bridge - Aggregation interface GigabitEthernet GigabitEthernet interface [Comware] mirro ring - group 1 monitor - port g1/0/4 ? <cr> [Comware] mirro ring - group 1 monitor - port g1/0/4 [ Comware ] display mirroring - group ? INTEGER<1 - 4> Mirroring group number all all mirroring group local Local mirroring group remote - destination Remote destination mirroring group remote - source Remote source mirroring group [ Comware ]dis mirroring - group al l mirroring - group 1: type: local status: active mirroring port: GigabitEthernet1/0/6 both monitor port: GigabitEthernet1/0/4 [ Comware ] display mirroring - group 1 mirroring - group 1: type: local

130. 129 ProVision(config)# clock timezone ? gmt Number of hours your timezone is to the West ( - ) or East(+) of GMT. us Timezone for US locations. ProVision(config)# clock timezone us alaska aleutian arizona central east_indiana eastern hawaii michigan mountain pacific samoa ProVision(config)# clock timezone us cen tral <cr> ProVision(config)# clock summer - time <cr> ProVision(config)# time ? begin - date The begin date of daylight savings time MM/DD[/[YY]YY] New date daylight - time - rule The daylight savings time rule for your location end - d ate The end date of daylight savings time HH:MM[:SS] New time timezone The number of minutes your location is West( - ) or East(+) of GMT <cr> ProVision(config)# time daylight - time - rule ? none alaska continental - us - and - canada middle - europe - and - portugal southern - hemisphere western - europe user - defined ProVision(config)# time daylight - time - rule continental - us - and - canada ? begin - date The begin date of daylight savings time MM/DD[/[YY]YY] New dat e end - date The end date of daylight savings time HH:MM[:SS] New time timezone The number of minutes your location is West( - ) or East(+) of GMT <cr> ProVision(config)# time daylight - time - rule continental - us - and - cana da ProVision# show time Tue Mar 10 15:50:11 2015 Comware 5 not supported Comware7 [Comware7]sntp enable [Comware7]sntp unicast - server 10.0.100.251 ? authentication - keyid Specify an authentication key ID source Specify a source int erface

55. 54 Cisco(co nfig)#username operator privilege 0 password password [the next command sets the use of uid/pw for login via console] Cisco(config)#line console 0 Cisco(config - line)#login ? local Local password checking <cr> Cisco(config - line)#login local ? < cr> Cisco(config - line)#login local [the next command sets the use of password for login via console ] Cisco(config)#line console 0 Cisco(config - line)#login % Login disabled on line 0, until 'password' is set Cisco(config - line)#password ? 0 Specif ies an UNENCRYPTED password will follow 7 Specifies a HIDDEN password will follow LINE The UNENCRYPTED (cleartext) line password Cisco(config - line)#password 0 password ? LINE <cr> Cisco(config - line)#password 0 password

103. 102 < Comware5 > backup startup - configuration to ? STRING<1 - 20> IP address or hostname of TFTP Server < Comware5 > backup startup - configuration to 10. 0.100.111 comware5_ startup - config.cfg < Comware5 > copy ? STRING [drive][path][file name] flash: Device name < Comware 5>copy flash:/? flash:/comware_main.cfg flash:/startup.cfg flash:/startup1.cfg < Comware5 > copy f lash:/ comware_ main.cfg ? STRING [drive][path][file name] flash: Device name < Comware5 > copy flash:/ comware_ main.cfg flash:/ comware_ main2.cfg ? <cr> < Comware5 > copy flash:/ comware_ main.cfg flash:/ comware_ main2.cfg < Comware5 > tftp ? STRING<1 - 20> IP address or hostname of a remote system ipv6 IPv6 TFTP client < Comware5 > tftp 10. 0.100.111 ? get Download file from remote TFTP server put Upload local file to remote TFTP server sget Download securely from remote TFTP server < Comw are5 5>tftp 10.0.100.111 put ? STRING<1 - 135> Source filename < Comware5 > tftp 10. 0.100.111 put comware_ main.cfg ? STRING<1 - 135> Destination filename source Specify a source vpn - instance Specify a VPN instance <cr> < Comware5 > tftp 10. 0. 100.111 put comware_ main.cfg comware_ startup - config.cfg ? source Specify a source <cr> < Comware5 > tftp 10. 0.100.111 put comware_ main.cfg comware_ startup - config.cfg < Comware5 >sftp ? STRING<1 - 20> IP address or hostname of remote system ipv6 Specify IPv6 address or hostname of remote system < Comware5 >sftp 10.0.100.111 ? INTEGER<0 - 65535> Specified port number identity - key Specify the algorithm for publickey authentication prefer - ctos - cipher Specify the preferred encryption algorithm from client to server prefer - ctos - hmac Specify the preferred HMAC algorithm from client to server prefer - kex Specify the preferred key exchange algorithm prefer - stoc - cipher Specify t he preferred encryption algorithm from server to client prefer - stoc - hmac Specify the preferred HMAC algorithm from server to

122. 121 Comware5 [Comware5] ntp - service ? access NTP access control authentication Authenticate NTP time source authent ication - keyid Specify NTP authentication keyid dscp Differentiated Services Codepoint (DSCP) max - dynamic - sessions Specify the maximum connections reliable Specify trusted keyid of NTP source - interface Interface corresponding to sending NTP packet unicast - peer Specify NTP peer unicast - server Specify NTP server [Comware5] ntp - service unicast - server ? STRING<1 - 20> Host name of a remote system X.X.X.X IP address vpn - instance Specify VPN - Instance of MPLS VPN [Comware5] ntp - service unicast - server 10.0.100.251 ? authentication - keyid Specify authentication keyid priority Prefer to this remote host if possible source - interface Interface corresponding to sending NTP packet version Specify NTP version <cr> [Comware5] ntp - service unicast - server 10.0.100.251 [Comware5 ]display ntp - service ? sessions NTP connection status NTP status and configuration information trace Trace the time synch ronization information <Comware5>dis ntp - service sessions source reference stra reach poll now offset delay disper ******************************************************************************** [12345]10.0.100.251 216.218.192 .202 2 255 1024 37 6.4 3.3 7.3 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured Total associations : 1 [Comware5] display ntp - service status Clock status: synchronized Clock stratum: 12 Reference clock ID: 10.0 .100.251 Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^18 Clock offset: - 1.1988 ms Root delay: 75.71 ms Root dispersion: 510.97 ms Peer dispersion: 500.41 ms Reference time: 21:15:29.197 UTC Mar 10 2015(D8A9DD71.32 82E87D) [Comware5] clock ? summer - time Configure summer time timezone Configure time zone [Comware5 ]clock timezone ? STRING<1 - 32> Name of time zone [Comware5]clock timezone US - Central ? add Add time zone offset minus Minus time zone offset [Comware5]clock timezone US - Central minus ?

123. 122 TIME Time zone offset (HH:MM:SS) [Comware5]clock timezone US - Central minus 06:00:00 ? <cr> [Comware5]clock timezone US - Central minus 06:00:00 [Comware5] clock summer - time ? STRING<1 - 32> Name of time zone in summer [Comware5] clock summer - time US - Central ? one - off Configure absolute summer time repeating Configure recurring summer time [Comware5] clock summer - time US - Central one - off ? TIME Time to start (HH:MM:SS) [Comware5] clock summ er - time US - Central one - off 02:00:00 ? DATE Date to start (MM/DD/YYYY or YYYY/MM/DD, valid year: 2000 - 2035) [Comware5] clock summer - time US - Central one - off 02:00:00 03/08/2015 ? TIME Time to end (HH:MM:SS) [Comware5] clock summer - time US - Central one - o ff 02:00:00 03/08/2015 02:00:00 ? DATE Date to end (MM/DD/YYYY or YYYY/MM/DD, valid year: 2000 - 2035) [Comware5] clock summer - time US - Central one - off 02:00:00 03/08/2015 02:00:00 11/01/2015 ? TIME Time added to the current system time (HH:MM:SS) [Com ware5] clock summer - time US - Central one - off 02:00:00 03/08/2015 02:00:00 11/01/2015 01:0 0:00 ? <cr> [Comware5] clock summer - time US - Central one - off 02:00:00 03/08/2015 02:00:00 11/01/2015 01:0 0:00 [Comware5] display clock 16:26:54 US - Central Tue 03/10/ 2015 Time Zone : US - Central minus 06:00:00 Summer - Time : US - Central one - off 02:00:00 03/08/2015 02:00:00 11/01/2015 01:00:00 Comware7 [Comware7]ntp - service ? authentication Configure NTP authentication authentication - keyid Specify an authen tication key ID dscp Set the Differentiated Services Codepoint (DSCP) value enable Enable NTP service ipv6 IPv6 protocol max - dynamic - sessions Specify the maximum number of dynamic NTP sessions pee r Permit full access query Permit control query refclock - master Configure the local clock as a master clock reliable Specify a trusted key server Permit server access and query so urce Specify a source interface synchronization Permit server access only unicast - peer Specify a NTP peer unicast - server Specify a NTP server [Comware7]ntp - service unicast - server ? STRING<1 - 253> Host name of the NTP server X.X.X.X IP address of the NTP server [Comware7]ntp - service unicast - server 10.0.100.251 ?

124. 123 authentication - keyid Specify an authentication key ID priority Specify the NTP peer as the first choice under the same condition source Specify a source interface version Specify NTP version vpn - instance Specify a VPN instance <cr> [Comware 7 ] ntp - service unicast - server 10.0.100.251 [Comware7]ntp - service en able ? <cr> [Comware7]ntp - service enable [Comware 7 ]display ntp - service ? sessions NTP connection status NTP status and configuration information trace Trace the time synchronization information [Comware7]display ntp - service sessions source reference stra reach poll now offset delay disper ******************************************************************************** [12345]10.0.100.251 216.218.192.202 2 255 64 18 3.1524 2.6092 4.0741 Notes: 1 source (master), 2 source(peer), 3 selected, 4 candidate, 5 configured. Total sessions: 1 [Comware7]display ntp - service status Clock status: synchronized Clock stratum: 3 System peer: 10.0.100.251 Local mode: client Reference clock ID: 10.0.100.251 Leap indicator: 00 Clock jitter: 0.000153 s Stability: 0.000 pps Clock precision: 2^ - 17 Root delay: 94.17725 ms Root dispersion: 11.99341 ms Reference time: d8be1d3e.190e4251 Thu, Mar 26 2015 0:53:02.097 [Comware7]clock ? protocol Specify a tim e protocol summer - time Configure daylight saving time timezone Configure time zone [Comware 7 ]clock timezone ? STRING<1 - 32> Name of time zone [Comware 7 ]clock timezone US - Central ? add Add time zone offset minus Minus time zone offset [Comware 7 ]clock timezone US - Central minus ? TIME Time zone offset ( hh:mm:ss ) [Comware 7 ]clock timezone US - Central minus 06:00:00 ? <cr> [Comware 7 ]clock timezone US - Central minus 06:00:00 [Comware 7 ] clock summer - time ?

132. 131 TIME Time to end (hh:mm:ss) [Comware7]clock summ er - time US - Central 02:00:00 03/08 02:00:00 ? STRING<1 - 32> Date to end (MM/DD) [Comware7]clock summer - time US - Central 02:00:00 03/08 02:00:00 11/01 ? TIME Time offset (hh:mm:ss) [Comware7]clock summer - time US - Central 02:00:00 03/08 02:00:00 11/01 01 :00:00 ? <cr> [Comware7]clock summer - time US - Central 02:00:00 03/08 02:00:00 11/01 01:00:00 [Comware7]display clock 01:29 :21 US - Central Thu 03/26/2015 Time Zone : US - Central minus 06:00:00 Summer Time : US - Central 02:00:00 03/08 02:00:00 11/01 01:00:0 0 Cisco not supported on newer Cisco switches

135. 134 COMMU NITY - NAME - STR Name of the SNMP community (up to 32 characters). ProVision(config)# snmp - server host 10.0. 1 11.210 community private ? informs Specify if informs will be sent, rather than notifications. oobm Use OOBM inte rface to connect to server trap - level Specify the trap level [none|debug|all|not - info|critical]. <cr> ProVision(config)# snmp - server host 10.0. 1 11.210 community private trap - level ? none Send no log messages. debug Send debug traps (for Internal use). all Send all log messages not - info Send all but informational - only messages. critical Send critical - level log messages. ProVision(config)# snmp - server host 10.0. 1 1 1.210 community private trap - level all ? informs Specify if informs will be sent, rather than notifications. oobm Use OOBM interface to connect to server <cr> ProVision(config)# snmp - server host 10.0. 1 11.210 community priv ate trap - level all ProVision(config)# snmp - server community ? ASCII - STR Enter an ASCII string. ProVision(config)# snmp - server community public ? operator The community can access only limited set of MIB objects which includes monitoring objects and a limited set of configuration objects. manager The community can access all MIB objects. restricted MIB variables cannot be set, only read. unrestricted Any MIB variable that has read/write access can be set. <cr> ProVision(config)# snmp - server community public operator ? restricted MIB variables cannot be set, only read. unrestricted Any MIB variable that has read/write access can be set. <cr> ProVision(config)# snmp - server community public operator restricted ? <cr> ProVision(config)# snmp - server community public operator restricted ProVision(config)# snmp - server community private ? operator The community ca n access only limited set of MIB objects which includes monitoring objects and a limited set of configuration objects. manager The community can access all MIB objects. restricted MIB variables cannot be set, only read. unrestricted Any MIB variable that has read/write access can be set. <cr> ProVision(config)# snmp - server community private manager ? restricted MIB variables cannot be set, only read. unrestrict ed Any MIB variable that has read/write access can be set. <cr> ProVision(config)# snmp - server community private manager unrestricted ? <cr> ProVision(config)# snmp - server community private manager unrestricted

164. 163 password Specify the password of line [Comware7 - line - vty0 - 63]set authentication passw ord ? hash Specify a hashtext password simple Specify a plaintext password [Comware7 - line - vty0 - 63]set authentication password simple ? STRING<1 - 16> Plaintext password string [Comware7 - line - vty0 - 63]set authentication password simple password ? <cr> [Comware7 - line - vty0 - 63]set authentication password simple password [Comware7]display users Idx Line Idle Time Pid Type F 0 AUX 0 00:00:00 Mar 26 17:12:50 436 129 VTY 0 00:00:38 Mar 26 17:35:18 500 TEL Following are more details. VTY 0 : Location: 10.0.100.84 + : Current operation user. F : Current operation user works in async mode. [Comware7]display users all Idx Line Idle Time Pid Type F 0 AUX 0 00:00:00 Mar 26 17:12:50 436 + 129 VTY 0 00:01:03 Mar 26 17:35:18 500 TEL 130 VTY 1 131 VTY 2 132 VTY 3 133 VTY 4 134 VTY 5 135 VTY 6 136 VTY 7 137 VTY 8 138 VTY 9 139 VTY 10 ... 189 VTY 60 190 VTY 6 1 191 VTY 62 192 VTY 63 Following are more details. VTY 0 : Location: 10.0.100.84 + : Line is active. F : Line is active and works in async mode. Cisco Cisco(config)#line vty 0 15 Cisco(config - line)#login ? local Local passw ord checking <cr> [the next command sets the use of user - id & password (locally configured) for login via vty] Cisco(config - line)#login local ? <cr>

165. 164 Cisco(config - line)#login local [the next command sets the use of password only for login via vty] Cisco(config)#line vty 0 15 Cisco(config - line)#login Cisco(config - line)#password ? 0 Specifies an UNENCRYPTED password will follow 7 Specifies a HIDDEN password will follow LINE The UNENCRYPTED (cleartext) line password Cisco(config - li ne)#password 0 ? LINE The UNENCRYPTED (cleartext) line password Cisco(config - line)#password 0 password ? LINE <cr> Cisco(config - line)#password 0 password Cisco#show users Line User Host(s) Idle Location * 0 con 0 manager idle 00:00:00 1 vty 0 idle 00:00:14 10.0.100.84 Interface User Mode Idle Peer Address

185. 184 87:c3 MD5 Fingerprint: c361 035b a941 cb31 334e c383 0a2b 7 526 SHA1 Fingerprint: f6b0 eefb 57b8 ba32 6efa cc56 9f2d 8053 4ed3 e692 Comware5 [Comware5]local - user manager [Comware5 - luser - manager]password simple password [Comware5 - luser - manager]authorization - attribute level 3 [Comware5 - lu ser - manager]service - typ e web [ Comware5 ]ip http? http https [ Comware5 ]ip https ? acl Specify acl filtering certificate Specify certificate access - control - policy of HTTPS server enable Start HTTPS server port Specify port ssl - server - policy Specify SSL server policy of HTTPS server [ Comware5 ]ip https enable ? <cr> [ Comware5 ]ip http s enable [ Comware5 ] undo ip http enable [Comware5]display web users UserID Name Language Level State LinkCount L oginTime LastTime ab140000 manager English Management Enable 0 17:38:02 17:38:14 Comware7 [Comware7]local - user manager [Comware7 - luser - manage - manager]password simple password [Comware7 - luser - manage - manager]authorization - attribute user - role network - admin [Comware7 - luser - manage - manager]service - type https [ Comware ]ip http? http https [Comware7]ip http? http https [Comware7]ip https ? acl Specify a basic IPv4 ACL to filter hosts that use HTTPS service certificate Specify certificate - based identity authentication enable Enable HTTPS server port Specify an HTTPS server port number ssl - server - policy Specify an SSL server policy for HTTPS access contro l [Comware7]ip https enable ? <cr>

205. 204 Timeout Packet: 0 0 - Access Challenge: 0 - - Account Start: - 7 - Account Update: - 0 - Account Stop: - 7 - Terminate Request: - - 0 Set Policy: - - 0 Packet With Response: 7 14 0 Packet Without Response: 0 0 - Access Rejects: 0 - - Dropped Packet: 0 0 0 Check Failures: 0 0 0 Cisco Cisco(config)#aaa ? new - model En able NEW access control commands and functions.(Disables OLD commands.) Cisco(config)#aaa new - model Cisco(config)#radius - server ? accounting Accounting information configuration attribute Customize selected radius att ributes authorization Authorization processing information backoff Retry backoff pattern(Default is retransmits with constant delay) cache AAA auth cache default server group challenge - noecho Data echoing to screen is disabled during Access - Challenge configure - nas Attempt to upload static routes and IP pools at startup dead - criteria Set the criteria used to decide when a radius server is marked dead deadtime Time to stop using a server that doesn't respond directed - request Allow user to specify radius server to use with `@server' domain - stripping Strip the domain from the username host Specify a RADIUS server key encryption key shared with the radius servers load - balance Radius load - balancing options. optional - passwords The first RADIUS request can be made without requesting a password retransm it Specify the number of retries to active server retry Specify how the next packet is sent after timeout. source - ports source ports used for sending out RADIUS requests throttle Throttle requests to radius se rver timeout Time to wait for a RADIUS server to reply transaction Specify per - transaction parameters unique - ident Higher order bits of Acct - Session - Id vsa Vendor specific attribute configuration Cisco(co nfig)#radius - server host ? Hostname or A.B.C.D IP address of RADIUS server Cisco(config)#radius - server host 10.0.100.111 ? acct - port UDP port for RADIUS accounting server (default is 1646) alias 1 - 8 aliases for this server (max. 8) au th - port UDP port for RADIUS authentication server (default is 1645) backoff Retry backoff pattern (Default is retransmits with constant delay) key per - server encryption key (overrides default) key - wrap per - ser ver keywrap configuration non - standard Parse attributes that violate the RADIUS standard pac Generate per - server Protected Access Credential key retransmit Specify the number of retries to active server (overrides defaul t) test Configure server automated testing.

263. 262 iso - igrp ISO - IGRP interface subcommands keepalive Enable keepalive link Configure Link lldp LLDP interface subcommands load - interval Specify interva l for load calculation for an interface location Interface location information logging Configure logging for interface loopback Configure internal loopback on an interface mac ro Command macro max - reserved - bandwidth Maximum Reservable Bandwidth on an Interface mka MACsec Key Agreement (MKA) interface configuration neighbor interface neighbor configuration mode commands network - policy Network Policy nmsp NMSP interface configuration no Negate a command or set its defaults ntp Configure NTP pagp PAgP interface subcommands po wer Power configuration rate - limit Rate Limit routing Per - interface routing configuration service - policy Configure CPL Service Policy shutdown Shutdown the selected interface small - frame Set rate limit parameters for small frame snmp Modify SNMP interface parameters source Get config from another source spanning - tree Spanning Tree Subsystem speed Configure speed operation. standby HSRP interface configuration commands timeout Define timeout values for this interface topology Configure routing topology on the interface traffic - shape Enable Traffic Shaping on an Interface or Sub - Interface transmit - interface Assign a transmit interface to a receive - only interface tx - ring - limit Configure PA level transmit ring limit vrf VPN Routing/Forwarding parameters on the interface vrrp VRRP Interface configuration commands vtp Enable VTP on this interface Cisco(config - if)#ip ? Interface IP configuration subcommands : access - group Specify access control for packets accounting Enable IP accounting on this interface address Set the IP address of an interface admission Apply Network Admission Control auth - proxy App ly authenticaton proxy authentication authentication subcommands bandwidth - percent Set EIGRP bandwidth limit bgp BGP interface commands broadcast - address Set the broadcast address of an interface cef Cisco Express Forwarding interface commands cgmp Enable/disable CGMP dampening - change Percent interface metric must change to cause update dampening - interval Time in seconds to check interface metrics dhcp Configure DHC P parameters for this interface directed - broadcast Enable forwarding of directed broadcasts flow NetFlow related commands header - compression IPHC options hello - interval Configures EIGRP - IPv4 hello interval helper - address Specify a destination address for UDP broadcasts hold - time Configures EIGRP - IPv4 hold time igmp IGMP interface commands information - reply Enable sending ICMP Information Reply messages irdp ICMP Router Di scovery Protocol

275. 274 at Date of kron occurrence eg. 14:30 Feb 13 in Delta time to kron occurrence Cisco(config)#kron occurrence saveconfig at ? hh:mm Time of day for occurrence (hh:min eg. 14:30) Cisco(config)# kron occurrence saveconfig at 09 :30 ? <1 - 31> Day of month DAY Day of Week eg mon, tue, etc MONTH Month of year eg jan, feb, etc oneshot Schedule kron occurrence exactly once recurring Schedule kron occurr ence repeatedly Cisco(config)# kron occurrence saveconfig at 09 :30 oneshot ? <cr> Cisco(config)# kron occurrence saveconfig at 09 :30 oneshot Cisco(config - kron - occurrence)#policy - list ? WORD Name of Policy to be executed Cisco(config - kron - occurrence) #policy - list save - config ? <cr> Cisco(config - kron - occurrence)#policy - list save - config Cisco(config - kron - occurrence)#exit Cisco(config)#exit Cisco#show kron ? schedule Show when and what occurrences are scheduled Cisco#show kron schedule ? | Ou tput modifiers <cr> Cisco#show kron schedule Kron Occurrence Schedule saveconfig inactive, will run once in 0 days 00:01:19 at 9 :30 on Cisco#show kron schedule Kron Occurrence Schedule (job was completed and since it was a one time run, is now removed from kroon schedule)

282. 281 rmon Specify RMON save Save current configuration sflow Specify sFlow configuration information shutdown Shut down this interface smart - link Configure smart link speed Specify speed of current port storm - constrain Port storm - constrain stp Spanning tree protocol tracert Trace route function undo Cancel current setting unicast - suppression Specify the unicast storm control virtual - cable - test Virtual cable test information vlan Set VLAN precedence voice Specify voice VLAN [ Comware 5 - GigabitEthernet1/0/1 ]description ? TEXT Up to 80 characters fo r description of the interface [ Comware 5 - GigabitEthernet1/0/1 ]description l ink - to - core [ Comware 5 - GigabitEthernet1/0/1 ]duplex ? auto Enable port's duplex negotiation automatically full Full - duplex half Half - duplex [ Comware 5 - GigabitEthernet1/0/1 ]duplex auto [ Comware 5 - GigabitEthernet1/0/1 ]speed ? 10 Specify speed as 10 Mbps 100 Specify speed as 100 Mbps 1000 Specify speed as 1000 Mbps auto Enable port's speed negotiation automatically [ Comware 5 - GigabitEthernet1/0/1 ]speed auto [ Comware 5 - GigabitEthernet1/0/1 ]shutdown [ Comware 5 - GigabitEthernet1/0/1 ]undo shutdown Comware7 <Comware 7 > display interface ? > Redirect it to a file >> Redirect it to a file in append mode FortyGigE F ortyGigE interface GigabitEthernet GigabitEthernet interface InLoopBack InLoopBack interface M - GigabitEthernet MGE interface NULL NULL interface Register - Tunnel Register Tunnel interface Ten - GigabitEtherne t Ten - GigabitEthernet interface Vlan - interface VLAN interface brief Brief information of status and configuration for interface(s) range Display range information | Matc hing output <cr> <Comware7>display interface brief ? > Redirect it to a file >> Redirect it to a file in append mode description Display the complete description information down Display all down ports brief informa tion

325. 324 forbid Prevent this port from becoming a member of the specified VLAN(s). gvrp Set the GVRP timers for the port. ignore - untagged - mac ip Apply the specified IPv4 ACL to inbound or outbound packets on this interface. ipv6 Configure various IPv6 parameters for the VLAN. lacp Define whether LACP is enabled on the port, and whether it is in active or passive mode when enabled. link - keepalive Configure UniDirectional Link Detection (UDLD) on the port. mac - count - notify Send a trap when the number of MAC addresses learned on the specified ports exceeds the threshold. mac - notify Configure SNMP traps fo r changes in the MAC address table. mdix - mode Set port MDI/MDIX mode (default: auto). monitor Monitor traffic on the port. mvrp Configure the Multiple VLAN Registration Protocol (MVRP). name A ssign an interface name. poe - allocate - by Configure the power allocation method. poe - lldp - detect Allow the link partner to specify power allocation using LLDP. poe - value Set the maximum power allocation for the port. power - over - e thernet Enable per - port power distribution. private - vlan Configure ports as promiscuous members of private VLANs. qos Configure port - based traffic prioritization. rate - limit Enable rate limiting for various types of traffic. service - policy Apply a service - policy on the interface. smart - link Configure the control VLANs for receiving flush packets. speed - duplex Define mode of operation for the port(s). tagged Configure th is port as a tagged member of the specified VLAN(s). unknown - vlans Configure the GVRP mode. untagged Configure this port as an untagged member of the specified VLAN. <cr> ProVision(config)# interface 10 private - vlan ? promiscuous Configure ports as promiscuous ports. ProVision(config)# interface 10 private - vlan promiscuous ? <cr> ProVision(config)# interface 10 private - vlan promiscuous ProVision(config)# vl an 150 untag 10 Ports 10 automatically configured as trusted for DHCP Snooping and ND Snooping because they are members of a primary VLAN. ProVision(config)# vlan 151 untag 12,13 ProVision(config)# vlan 152 untag 14,15 ProVision(config)# vlan 150 ip address 10.150.1.1/24 ProVision # show vlans ? custom Show VLAN parameters in a customized order. isolate - list Show the isolated ports configuration. ports Show VLANs that have a port from specified list as a member. private - vlan Show VLAN parameters in a customized o rder. VLAN - ID Show detailed information for a single VLAN. <cr> ProVision # show vlans private - vlan ? <cr> ProVision # show vlans private - vlan Configuration and Association – private VLANs: primary secondary VLAN Type

394. 393 CIST RegRoot/IRPC :8192.009c - 02d5 - 3980 / 20 CIST RootPortId :128.6 BPDU - Protection :disabled Bridge Config - Digest - Snooping :disabl ed TC or TCN received :26 Time since last TC :0 days 0h:24m:21s ... ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port Protocol :enabled Port Role :CIST Root Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active= 20 Desg. Bridge/Port :8192.009c - 02d5 - 3980 / 128.11 Port Edged :Config=disabled / Active=disabled Point - to - point :Config=auto / Active=true Transmit Limit :10 packets/hello - time Protection Type :None MST BPDU Format :Confi g=auto / Active=802.1s Port Config - Digest - Snooping :disabled Num of Vlans Mapped :1 PortTimes :Hello 2s MaxAge 20s FwDly 15s MsgAge 0s RemHop 20 BPDU Sent :3253 TCN: 0, Config: 0, RST: 0, MST: 3253 BPDU Received :3344 TCN: 0, Config: 0, RST: 0, MST: 3344 ... ---- [Port9(GigabitEthernet1/0/9)][FORWARDING] ---- Port Protocol :enabled Port Role :CIST Designated Port Port Priority :160 Port Cost(Legacy) :Config=10000 / Active=100 00 Desg. Bridge/Port :12288.0023 - 89d5 - a059 / 160.9 Port Edged :Config=enabled / Active=enabled Point - to - point :Config=auto / Active=true Transmit Limit :10 packets/hello - time Protection Type :None MST BPDU Format :Config= auto / Active=legacy Port Config - Digest - Snooping :disabled Rapid transition :true Num of Vlans Mapped :0 PortTimes :Hello 2s MaxAge 20s FwDly 15s MsgAge 0s RemHop 19 BPDU Sent :3327 TCN: 0, Config: 0, RST: 0, MST : 3327 BPDU Received :0 TCN: 0, Config: 0, RST: 0, MST: 0 ... [ Comware 5 ]display stp instance 1 ------- [MSTI 1 Global Info] ------- MSTI Bridge ID :8192.0023 - 89d5 - a059 MSTI RegRoot/IRPC :8192.0023 - 89d5 - a059 / 0 MSTI RootPortId : 0.0 Master Bridge :8192.009c - 02d5 - 3980 Cost to Master :20 TC received :14 Time since last TC :0 days 0h:26m:4s ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port Role :Designated Port Port Priority :128 Port Cos t(Legacy) :Config=auto / Active=20

425. 424 Cisco(config - router)#redistribute ? bgp Border Gateway Protocol (BGP) connected Connected eigrp Enhanced Interior Gateway Routing Protocol (EIGRP) isis ISO IS - IS iso - igrp IGRP for OSI networks maximum - prefix Maximum number of prefixes redistributed to protocol metric Metric for redistributed routes metric - type OSPF/IS - IS exterior metric type for redistributed routes mobile Mobile routes nssa - only Limit redistributed routes to NSSA areas odr On Demand stub Routes ospf Open Shortest Path First (OSPF) rip Routing Information Protocol (RIP) route - map Route map ref erence static Static routes subnets Consider subnets for redistribution into OSPF tag Set tag for routes redistributed into OSPF <cr> Cisco(config - router)#redistribute connected

442. 441 Comware 7 [ Comware 7 ]bgp ? INTEGER<1 - 4294967295> Autonomous system number [ Comware 7 ]bgp 64503 ? <cr> [ Comware 7 ]bgp 64503 [ Comware 7 - bgp]? Bgp protocol view commands: address - family Specify an address family advertise - rib - active Advertise the best route in IP routing table bgp BGP specific commands cfd Connectivity Fault Detection (CFD) module confederation Configure AS confederation parameters diagnostic - logfile Diagnostic log file configuration display Display current system information ebgp - interface - sensitive Immediately reset session if a link connected peer goes down graceful - restart Configure Graceful Restart (GR) capability group Create a peer group ignore - first - as Ignore the first AS number of eBGP route updates ip Specify Internet Protocol (IP) configuration information log - peer - change Log any session status and event change information logfile Log file configuration monitor System monitor non - stop - routing Enable NSR peer Specify BGP peers ping Ping function primary - path - detect Enable primary path detect function quit Exit fr om current command view return Exit to User View router - id Configure router ID save Save current configuration security - logfile Security log file configuration timer Configure timers for BGP tracert Tracert function undo Cancel current setting vpn Set forwarding mode of MPLS L3VPN on egress PE [ Comware 7 - bgp]router - i d 10.0.0.5 [ Comware 7 - bgp]peer ? STRING<1 - 47> Specify a peer group by its name X.X.X.X IPv4 address X:X::X:X IPv6 address [ Comware 7 - bgp]pee r 10.0.10 1.21 ? INTEGER<0 - 32> Specify a Mask length of IPv4 address as - number AS number bfd Enable BFD for the peers capability - advertise Advertise capability connect - interface Set interface name to be used as session's output interface description Configure description information about the peers ebgp - max - hop EBGP Multihop fake - as Configure a fake AS number for the peers group Specify a peer - group ignore Disable session establishment with the peers ignore - originatorid Ignore the originator ID attribute in received BGP

444. 443 INTEGER<0 - 32> Specify a Mask length of IPv4 address advertise - community Send community attribute to the peers advertise - ext - community Advertise extended community allow - as - loop Configure permit of as - path loop as - path - acl Specify an AS path ACL default - route - advertise Advertise default route to the peers enable Enable the specified peers filter - policy Filter netw orks in route updates keep - all - routes Save original routing information from the peers label - route - capability Send labeled route to the peers next - hop - local Specify local address as the next hop of routes advertised to the peers preferred - value Assign a preferred value to routes received from the peers prefix - list Specify BGP route filtering policy based on a prefix list pu blic - as - only Do not keep private AS numbers in BGP updates reflect - client Configure the peers as route reflectors route - limit Configure the maximum number of routes that can be received from t he peers route - policy Specify a routing policy [Comware7 - bgp - ipv4]peer 10.0.101.21 enable ? <cr> [Comware7 - bgp - ipv4]peer 10.0.101.21 enable [Comware7 - bgp - ipv4]import - route direct [Comware7 - bgp - ipv4]network 10.0.251.0 24 [ Comware 7 ] dis play bgp ? dampening BGP dampening information group Display peer group information l2vpn Specify the L2VPN address family network Routing information advertised with the network command or short - cut route information non - stop - routing Display BGP NSR information paths Path attribute information peer Display peer information routing - table Display BGP routes update - group Display update group i nformation [Comware7]display bgp peer ? ipv4 Specify the IPv4 address family ipv6 Specify the IPv6 address family l2vpn Specify the L2VPN address family vpnv4 Specify the VPNv4 address family vpnv6 Specify the VPNv6 address family [Comwa re7]display bgp peer ipv4 ? > Redirect it to a file >> Redirect it to a file in append mode X.X.X.X IPv4 address group - name Specify a peer group by its name standby Display information on the standby process unicast Specify the unicast address family verbose Detailed information vpn - instance Specify a VPN instance | Matching output <cr>

456. 455 ProVision# show vrrp vlan 220 VRRP Virtual Router Statistics Information Vlan ID : 220 Virtual Router ID : 220 Protocol Version : 2 State : Master Up Time : 12 mins Virtual MAC Address : 00005e - 0001dc Master's IP Address : 10.1.220.10 Associated IP Addr Count : 1 Near Failovers : 0 Advertise Pkts Rx : 13 Become Master : 2 Zero Priority Rx : 0 Zero Priority Tx : 0 Bad Length Pkts : 0 Bad Type Pkts : 0 Mismatched Interval Pkts : 0 Mismatched Addr List Pkts : 0 Mismatched IP TTL Pkts : 0 Mismatched Auth Type Pkts : 0 Comware5 [Comware5] interface vlan 220 [Comware5 - Vlan - interface220]vrrp ? dot1q IEEE 802.1Q encapsulation ipv6 Specify IPv6 Virtual Router un - check Uncheck VRRP packet TTL value version Specify a VRRP version vrid Specify Virtual Router Identifier [Comware5 - Vlan - interface220]vrrp vrid ? INTEGER<1 - 255> Virtual Router Identifier [Comware5 - Vlan - interface220]vrrp vrid 220 ? authentication - mode Specify password and authentication mode preempt - mode Specify pree mpt mode priority Specify priority timer Specify timer track Specify object tracked virtual - ip Specify virtual IP address weight Specify VRRP weight track function [Comware5 - Vlan - interface220]vrrp vrid 220 virtual - ip 10.1.220.1 [Comware5 - Vlan - interface220]vrrp vrid 220 priority ? INTEGER<1 - 254> The level of priority [Comware5 - Vlan - interface220]vrrp vrid 220 priority 100 [Comware5 - Vlan - interface220]vrrp version ? INTEGER <2 - 3> Version number [Comware5 - Vlan - interface220]vrrp version 2 [Comware5] display vrrp verbose IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 1 Interface Vlan - interface22 0 VRID : 220 Adver Timer : 1 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Become Master : 3450ms le ft

495. 494 [Comware7]interface g1/0/5 [Comware7 - GigabitEthernet1/0/5 ]qos ? apply Apply specific QoS policy on interface bandwidth Set the queue bandwidth gts Configure Generic Traffic Shaping (GTS) lr Configure Line Rate (LR) priority Configure port priority sp Configure Strict Priority (SP) queuing trust Configure priority trust mode wfq Configure Weighted Fair Queuing (WFQ) wred Configure Weighted Random Early Detection (WRED) wrr Configure Weighted Round Robin (WRR) queuing [Comware7 - GigabitEthernet1/0/5 ]qos priority ? INTEGER<0 - 7> Port priority value [Comware7 - Giga bitEthernet1/0/5]qos priority 6 ? <cr> [Comware 7 - GigabitEthernet1/0/5 ]qos priority 6 Step - 1 [Comware7 ]traffic ? behavior Specify traffic behavior classifier Specify traffic classifier [Comware7 ]traffic classifier ? STRING<1 - 31> Name of classifier [Comware7] traffic classifier any [Comware7 - classifier - any]? Classifier view commands: cfd Connectivity Fault Detection (CFD) module diagnostic - logfile Diagnostic log file configuration display Display curren t system information if - match Specify a match criterion for classifier logfile Log file configuration monitor System monitor ping Ping function quit Exit from current command view return Exit to User View save Save current configuration security - logfile Security log file configuration tracert Tracert function undo Cancel current setting [Comware7 - classifier - any]if - m atch ? acl Specify ACL to match any Specify any packets to match control - plane Specify control plane pre - defined matching rule customer - dot1p Specify customer 802.1p priority to match customer - vlan - id Specify c ustomer VLAN ID to match destination - mac Specify destination MAC address to match dscp Specify DSCP to match ip - precedence Specify IP precedence to match protocol Specify protocol to match qos - local - id Specify QoS local ID to match service - dot1p Specify service 802.1p priority to match service - vlan - id Specify service VLAN ID to match source - mac Specify source MAC address to match

503. 502 Cis co(config)#ip access - list extended 13 0 Cisco(config - ext - nacl)#permit ip any any step - 2 Cisco(config)#class - map ? WORD class - map name match - all Logical - AND all matching statements under this classmap match - any Logical - OR all matching statements under this classmap type Configure CPL Class Map Cisco(config)#class - map all_traffic ? <cr> Cisco(config)# class - map all_traffic Cisco(config - cmap)#? Class - map configuration commands: description Class - Map description exit Exit from class - map configuration mode match classification criteria no Negate or set default values of a command Cisco(config - cmap)#match ? access - group Access group input - interface Select an input interface to match ip IP specific values Cisco(config - cmap)#match access - group ? <1 - 2799> Access list index name Named Access List Cisco(config - cmap)#match access - group 1 3 0 step - 3 Cisco(config)#policy - map ? WORD policy - map name type type of the policy - map Cisco(config)#policy - map rate_limit ? <cr> Cisco(config)#policy - map rate_limit Cisco(config - pmap)#class ? WO RD class - map name class - default System default class matching otherwise unclassified packets Cisco(config - pmap)#class all_traffic ? fragment configure qos fragment class service - fragment configure qos service - fragment class <cr> Cisco(config - pmap)#class all_traffic Cisco(config - pmap - c)#police ? <8000 - 10000000000> Bits per second (postfix k, m, g optional; decimal point allowed) aggregate Choose aggregate policer for current class

513. 512 prune P rune delay quit Exit from current command view register - policy Register policy register - suppression - timeout Register suppress time register - whole - checksum Checksum the whole of register packet return Exit to User View save Save current configuration source - lifetime Source lifetime source - policy Source policy spt - switch - threshold Data speed threshold for switc hover to the SPT ssm - policy SSM policy state - refresh - interval State refresh interval state - refresh - rate - limit State refresh rate limit state - refresh - ttl TTL of PIM DM state refresh message static - rp Static rendezvous point timer Specify PIM timer tracert Trace route function undo Cancel current settings [Comware5 - pim]static - rp ? X.X.X.X Static rendezvous point address [Comware5 - pim]static - rp 10.1.220.1 ? INTEGER<2000 - 2999> Apply basic acl bidir Bidirectional PIM preferred Prefer to choose static RP if there are conflicts with BSR and Auto - RP mechanisms <cr> [Comware5 - pim]static - rp 10.1 .220.1 [Comware5 - pim]c - rp ? LoopBack LoopBack interface Vlan - interface VLAN interface advertisement - interval Candidate rendezvous point advertisement - interval holdtime Ca ndidate rendezvous point holdtime [Comware5 - pim]c - rp Vlan - interface 220 ? advertisement - interval Candidate rendezvous point advertisement - interval bidir Bidirectional PIM group - policy Candidate rendezvous point acl numb er holdtime Candidate rendezvous point holdtime priority Candidate rendezvous point priority <cr> [Comware5 - pim]c - rp Vlan - interface 220 [Comware5 - pim]c - bsr ? LoopBack LoopBack interface Vlan - interface VLAN interface admin - scope Administrative scope candidate bootstrap router global Global scope candidate bootstrap router group Candidate bootstrap router group hash - length Mask length of the RP Hash function holdtime Candidate bootstrap router holdtime interval Candidate bootstrap router interval priority Candidate bootstrap router priority [Comware5 - pim]c - bsr Vlan - interface ? <1,100,220,230,240> VLAN interface [Comware5 - pim]c - bsr Vlan - interface 220 ? INTEGER<0 - 32> Mask length of the RP Hash function <cr>

525. 524 [Comware7]dldp global enable ? <cr> [Comware7]dldp global enable [ Comware 7 ] interface g1/0/ 1 7 [ Comware 7 - GigabitEthernet1/0/ 1 7]dldp ? enable Enable DLDP [ Comware 7 - GigabitEthernet1/0/ 1 7]dldp enable [Comware7 ]display dldp ? > Redirect it to a file >> Redirect it to a file in append mode interface Specify an interface statistics DLDP packet statistics | Matching output <cr> [ Comware 7 ]display dldp DLDP gl obal status: Enabled DLDP advertisement interval: 5s DLDP authentication - mode: None DLDP unidirectional - shutdown mode: Auto DLDP delaydown - timer value: 1s Number of enabled ports: 1 Interface GigabitEthernet1/0/17 DLDP port state: Unidirectional Nu mber of the port's neighbors: 0 [Comware7 ]display dldp statistics Interface GigabitEthernet1/0/17 Packets sent: 66 Packets received: 0 Invalid packets received: 0 Loopback packets received: 0 Authentication - failed packets received: 0 Valid packets r eceived: 0 Cisco Cisco(co nfig)#interface g 1/ 0/17 Cisco(config - if)#udld ? port Enable UDLD protocol on this interface Cisco(config - if)#udld port ? aggressive Enable UDLD protocol in aggressive mode on this interface <cr> Cisco(config - if)#udld p ort Cisco#show udld ? Async Async interface Auto - Template Auto - Template interface BVI Bridge - Group Virtual Interface CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEthernet IEEE 802.3 Filter Filter interface Filtergroup Filter Group interface

545. 544 [Comware7] display arp detection statistics State: U - Untrusted T - Trusted ARP packets dropped by ARP inspect checking: Interface(State) IP Src - MAC Dst - MAC Inspect BAGG1(U) 0 0 0 0 FGE1 /0/53(U) 0 0 0 0 FGE1/0/54(U) 0 0 0 0 GE1/0/1(U) 0 0 0 0 GE1/0/2(U) 0 0 0 0 GE1/0/3(U) 0 0 0 0 GE1/0/4(U) 0 0 0 0 GE1/0/5(U) 0 0 0 0 GE1/0/6(T) 0 0 0 1 GE1/0/7(U) 0 0 0 0 GE1/0/8(U) 0 0 0 0 GE1/0/9(U) 0 0 0 0 GE1/0/10(U) 0 0 0 0 GE1/0/11(U) 0 0 0 0 GE1/0/12(U) 0 0 0 0 GE1/0/13(U) 0 0 0 0 GE1/0/14(U) 0 0 0 0 GE1/0/15(U) 0 0 0 0 GE1/0/16 (U) 0 0 0 0 GE1/0/17(U) 0 0 0 0 GE1/0/18(U) 0 0 0 0 GE1/0/19(U) 0 0 0 0 GE1/0/20(U) 0 0 0 0 GE1/0/21(U) 0 0 0 0 GE1/0/22(U) 0 0 0 0 GE1/0/23(U) 0 0 0 0 GE1/0/24(U) 0 0 0 0 GE1/0/25(U) 0 0 0 0 GE1/0/26(U) 0 0 0 0 GE1/0/27(U) 0 0 0 0 GE1/0/28(U) 0 0 0 0 GE1/0/29(U) 0 0 0 0 GE1/0/30(U) 0 0 0 0 GE1/0/31(U) 0 0 0 0 GE1/0/32(U) 0 0 0 0 GE1/0/33(U) 0 0 0 0 GE1/0/34(U) 0 0 0 0 GE1/0/35(U) 0 0 0 0 GE1/0/36(U) 0 0 0 0 GE1/0/37(U) 0 0 0 0 GE1/0/38(U) 0 0 0 0 GE1/0/39(U) 0 0 0 0 GE1/0/40(U) 0 0 0 0 GE1/0/41(U) 0 0 0 0 GE1/0/42(U) 0 0 0 0 GE1/0/43(U) 0 0 0 0 GE1/0/44(U) 0 0 0 0 GE1/0/45(U) 0 0 0 0 GE1/0/46(U) 0 0 0 0 GE1/0/47(U) 0 0 0 0 GE1/0/48(U) 0 0 0 0 XGE1/0/49(U) 0 0 0 0 XGE1/0/50(U) 0 0 0 0 XGE1/0/51(U) 0 0 0 0 XGE1/0/52(U) 0 0 0 0 Cisco

562. 561 Handshake is disabled Handshake secure is disabled 802.1X unicast - trigger is disabled 802.1X user - ip freeze is disabled Periodic reauthentication is disabled The port is an authentic ator Authentication Mode is Auto Port Control Type is Mac - based 802.1X Multicast - trigger is enabled Mandatory authentication domain: NOT configured Guest VLAN: NOT configured Auth - Fail VLAN: 99 Critical VLAN: NOT configured Critical recovery - action: NOT configured Voice VLAN: NOT configured Max number of on - line users is 1 EAPOL Packet: Tx 45, Rx 45 Sent EAP Request/Identity Packets : 11 EAP Request/Challenge Packets: 0 EAP Success Packets: 6, Fail Packet s: 0 Received EAPOL Start Packets : 6 EAPOL LogOff Packets: 0 EAP Response/Identity Packets : 11 EAP Response/Challenge Packets: 22 Error Packets: 0 1. Authenticated user : MAC address: 0023 - 7de7 - 3adb Controlled User(s) amount to 1 [Comware5] display interface brief The brief information of interface(s) under route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Main IP Descri ption Loop0 UP UP(s) 10.0.0.31 NULL0 UP UP(s) -- Vlan1 UP UP 10.0.111.31 Vlan100 UP UP 10.1.100.3 test2 Vlan220 UP UP 10.1.220.3 data Vlan230 UP UP 10.1.230.3 voice Vlan240 UP UP 10.1.240.3 The brief information of interface(s) under bridge mode: Link: ADM - administratively down; Stby - standby Speed or Duplex: (a)/A - auto; H - half; F - full Ty pe: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description BAGG1 DOWN auto A T 1 Trunk - link - to - ProVision GE1/0/1 ADM auto A A 1 link - to - core GE1/0/2 DOWN auto A A 1 GE1/0/3 DOWN auto A A 1 GE1/0/4 UP 100M(a) F(a) A 220 GE1/0/5 DOWN auto A H 220 GE1/0/6 UP 1G(a) F(a) T 1 GE1/0/7 DOWN au to A A 1 GE1/0/8 DOWN auto A A 1 GE1/0/9 DOWN auto A A 100 GE1/0/10 DOWN auto A A 1 GE1/0/11 DOWN auto A A 1 GE1/0/12 DOWN auto A A 1 GE1/0/13 DOWN auto A A 1 GE1/0/14 UP 1G(a) F(a) A 220 GE1/0/15 DOWN auto A A 1

564. 563 ike Specify AAA configuration for IKE user lan - access Specify AAA configuration for lan - access service login Specify AAA configuration for login user portal Specify AAA configuration for PORTAL user ppp Specify AAA configuration for PPP user super Specify AAA configuration for super user [Comware7 - isp - 8021x]authentication lan - acces s ? ldap - scheme Specify LDAP scheme local Specify local scheme none Specify none scheme radius - scheme Specify RADIUS scheme [Comware7 - isp - 8021x]authentication lan - access radius - scheme ? STRING<1 - 32> Scheme name [Comware 7 - isp - 8021x]authentication lan - access radius - scheme radius - auth ? local Specify local scheme none Specify none scheme <cr> [Comware7 - isp - 8021x]authentication lan - access radius - scheme radius - auth [Comware7 - isp - 8021x]authorization ? advpn Specify AAA configuration for ADVPN user command Specify AAA configuration for command service default Specify default AAA configuration for all types of users lan - access Specify AAA configuration for lan - access service login Specif y AAA configuration for login user portal Specify AAA configuration for PORTAL user ppp Specify AAA configuration for PPP user [Comware7 - isp - 8021x]authorization lan - access ? local Specify local scheme none Specify n one scheme radius - scheme Specify RADIUS scheme [Comware7 - isp - 8021x]authorization lan - access radius - scheme ? STRING<1 - 32> Scheme name [Comware7 - isp - 8021x]authorization lan - access radius - scheme radius - auth ? local Specify local scheme none Sp ecify none scheme <cr> [Comware7 - isp - 8021x]authorization lan - access radius - scheme radius - auth [Comware7 - isp - 8021x]accounting ? advpn Specify AAA configuration for ADVPN user command Specify AAA configuration for command service default Specify default AAA configuration for all types of users lan - access Specify AAA configuration for lan - access service login Specify AAA configuration for login user portal Specify AAA configuration for PORTAL user ppp Specif y AAA configuration for PPP user [Comware7 - isp - 8021x]accounting lan - access ? local Specify local scheme none Specify none scheme radius - scheme Specify RADIUS scheme [Comware7 - isp - 8021x]accounting lan - access radius - scheme ? STR ING<1 - 32> Scheme name

584. 583 or the device's port(s). [eth ernet] PORT - LIST Manage general port security features on the device port(s). supplicant Manage 802.1X (Port Based Network Access) supplicant on the device ports. web - based Configure web authentication based network authentication. ProVision(config)# aaa port - access web - based ? access - denied - message Specify the message to be displayed on the login page when a user's login fails. dhcp - addr Set the base address / mask for t he temporary pool used by DHCP (base address default is 192.168.0.0, mask default is 24 - 255.255.255.0). dhcp - lease Set the lease length of the IP address issued by DHCP (default 10). ewa - server IP address or hostname of the enhanced web authentication server on the device. [ethernet] PORT - LIST Manage web authentication based network authentication on the device port( s). ProVision(config)# aaa port - access web - based 18 ? auth - vid Configures VLAN port will become a member of after successful authentication (not configured by default). cached - reauth - period Time in seconds, during whi ch cached reauthentication is allowed on the port.The minimum reauthentication period should be greater than 30 seconds. client - limit Set the port's maximum number of authenticated clients (default 1). client - moves Set whether the client can move between ports (default disabled - no moves). logoff - period Set the period of time of inactivity that the switch considers an implicit logoff (default 300 seconds). max - requests Set maximum number of times the switch retransmits authentication requests (default 3). max - retries Set number of times a client can enter their credentials before authentication is considered to have failed (default 3). quiet - period Set the period of time the switch does not try to authenticate (default 60 seconds). reauth - period Set the re - aut hentication timeout in seconds; set to '0' to disable re - authentication (default 0). reauthenticate Force re - authentication to happen. redirect - url Set the URL that the user should be redirected to after successful login (default none), Specify url up to 127 characters length. server - timeout Set the authentication server response timeout (default 300 seconds). ssl - login Set whether to enable SSL login (https on port 443) (default disabled). unauth - vid Configures VLAN port is a member of while there is an unauthorized client connected (not configured by default). <cr> ProVision(config)# aaa por t - access web - based 18 ProVision(config)# aaa port - access web - based 18 unauth - vid 99 ProVision(config)# aaa port - access web - based 18 client - limit 5 ProVision # sho port - access ? [ethernet] PORT - LIST Show Web/MAC Authentication statistics and configurat ion. authenticator Show 802.1X (Port Based Network Access) authenticator current status, configuration or last session counters. config Show status of 802.1X, Web Auth, and MAC Auth configurations. local - mac Show Local MAC Authentication statistics and configuration. mac - based Show MAC Authentication statistics and configuration. summary Show summary configuration information for all ports, including that overridden by RADIUS attributes.

586. 585 accounting Specify accounting scheme authentication Specify authentication scheme authorization Specify authorization scheme authorization - attribute Specify authorization attributes of domai n cfd Connectivity fault detection (IEEE 802.1ag) display Display current system information dscp Specify a DSCP value for user packets of this domain idle - cut Specify idle - c ut attribute of domain mtracert Trace route to multicast source ping Ping function quit Exit from current command view return Exit to User View save Sav e current configuration self - service - url Specify self - service URL(Uniform Resource Locator) of domain state Specify state of domain tracert Trace route function undo Cancel current setting [Comware5 - isp - web - auth]authentication ? default Specify default AAA configuration lan - access Specify lan - access AAA configuration login Specify login AAA configuration portal Specify portal AAA conf iguration super Specify super AAA configuration [Comware5 - isp - web - auth]authentication portal ? local Specify local scheme none Specify none scheme radius - scheme Specify RADIUS scheme [Comware5 - isp - web - auth]authentication portal radius - scheme ? STRING<1 - 32> Scheme name [Comware5 - isp - web - auth]authentication portal radius - scheme radius - auth ? local Specify local scheme <cr> [Comware5 - isp - web - auth]authentication portal radius - scheme radius - auth [Comware5 - isp - web - auth]authorization ? command Specify command AAA configuration default Specify default AAA configuration lan - access Specify lan - access AAA configuration login Specify login AAA configuration portal Specify portal AAA configura tion [Comware5 - isp - web - auth]authorization portal ? local Specify local scheme none Specify none scheme radius - scheme Specify RADIUS scheme [Comware5 - isp - web - auth]authorization portal radius - scheme ? STRING<1 - 32> Scheme name [Comware5 - isp - web - auth]authorization portal radius - scheme radius - auth ? local Specify local scheme <cr> [Comware5 - isp - web - auth]authorization portal radius - scheme radius - auth [Comware5 - isp - web - auth]accounting ? command Specify command AAA con figuration

605. 604 Cisco 2 #show monitor Session 1 --------- Type : Remote Source Session Source Ports : Both : Fa 1/ 0/1 Dest RSPAN VLAN : 950 Cisco 2 #show monitor session 1 detail Session 1 --------- Type : Remote Source Session Description : - Source Ports : RX Only : None TX Only : None Both : Fa 1/ 0/21 Source VLANs : RX Only : None TX Only : None Both : None Source RSPAN VLAN : None Destination Ports : None Filter VLANs : None Dest RSPAN VLAN : 950 IP Access - group : None MAC Access - group : None (switch where analyzer is connected) Cisco(config)#vlan 950 Cisco(config - vlan)#remote - span Cisco(config)#interface g 1/ 0/12 Cisco(config - if)#switchport trunk encapsulation dot1 q Cisco(config - if)#sw itchport trunk allowed vlan 950 Cisco(config - if)#switchport mode trunk Cisco(config - if)#switchport nonegotiate Cisco(config)#monitor session 1 source ? interface SPAN source interface remote SPAN source Remote vlan SPAN source VLAN Cisco(config)#monitor session 1 source remote ? vlan Remote SPAN source RSPAN VLAN Cisco(config)#monitor session 1 source remote vlan 950 ? <cr> Cisco(config)#monitor session 1 source remote vlan 950 Cisco(config)#monitor s essio n 1 destination interface g 1/ 0/4 encapsulation replicate

614. 613 Appendix A Comware Platforms – Default configuration Before the HP 5500EI family, there were another 2 product families, i.e 3Com 4800G and H3C S5500EI, shipped to market. All three of these product families have the same hardware and soft ware specification s except brand name and all can run the same Comware operating system . This chapter compares the default configuration state for features or options between the two previously manufactured switch and router products from 3Com and H3C as w ell as the settings after the ‘brand hp’ command has been invoked. Feature/Option 3Com Switch 3Com Switch ‘brand hp’ 3Com Router H3C Switch H3C Switch ‘brand hp’ H3C Router console baud rate 19200 9600 9600 9600 9600 960 0 default configuration filename 3 comoscfg.cfg startup.cfg startup.cfg startup.cfg startup.cfg startup.cfg default console login admin no password none none none none none default hostname 4800G HP H3C H3C HP H3C default interface state enabled enabled enabled enabled enabled enabled d efault lldp state enabled enabled disabled enabled enabled disabled default PoE enabled disabled n/a disabled disabled n/a default SNMP state enabled disabled disabled disabled disabled disabled default SNMP version v3 v3 v3 v3 v3 v3 default STP state enabled disabled disabled disabled disabled disabled default STP version MSTP MSTP MSTP MSTP MSTP MSTP telnet enabled disabled disabled enabled disabled disabled 3Com branded switches had the most differences in default settings when running older vers ion s of code . Some HP, H3C, and 3Com switches can form an HP IRF fabric (see chapter 34 and product manuals) and their MPUs are interchangeable. If different brand MPUs are used on your switch or IRF fabric, change the MPU names to be the same to prevent a n active/standby MPU switchover or master re - election from causing network management problems. Invoke the command ‘brand hp’ in order to configure the same HP switch id configuration to all switches in an HP IRF Fabric . NOTE: The default settings vary wit h different brands. Changing the brand name might affect the running configuration. After you change the brand name of a member switch, verify the configuration and re - configure the switch if necessary.

20. 19 ProVision# sh ow reload ? after Shows the time until a warm reboot is scheduled. at Shows the time and date a warm reboot is sch eduled. ProVision# sh ow reload after Reload scheduled for 23:00:57 03/04/2015 (in 0 days, 23 hours, 9 minutes) ProVision(config)# no reload ProVision(config)# sh ow reload after reload is not scheduled Comware 5 < Comware 5 > reboot ? slot Specify the slot number <cr> < Comware 5 >reboot - or - < Comware 5 >reboot slot ? INTEGER<1> Slot number < Comware 5 >reboot slot 1 ? <cr> [ for timed reboot ] < Comware 5 >schedule reboot ? at Specify the exact time delay Specify the tim e interval < Comware 5 >schedule reboot at ? STRING Exact time(hh:mm) < Comware 5 >schedule reboot at 23 :00 ? DATE Date to reboot (mm/dd/yyyy or yyyy/mm/dd) <cr> < Comware 5 >schedule reboot at 2 3 :00 03/04/2015 ? <cr> <Comware 5 >schedule reboot at 23:0 0 03/04/2015 Reboot system at 23:00 03/04/2015(in 23 hour(s) and 14 minute(s)). confirm? [Y/N]:y <Comware 5 > %Mar 3 23:45:24:781 2015 Comware5 CMD/5/CMD_REBOOT_SCHEDULED: aux0 set schedule reboot parameters at 23:45:24 03/03/2015, and system will reboot at 23:00 03/04/2015. <Comware 5 > - or - < Comware 5 >schedule reboot delay ? STRING Time interval(mm or hh:mm) < Comware 5 >schedule reboot delay 30 ? <cr> < Comware 5 >schedule reboot delay 30

49. 48 return Exit to User View save Save current configuration screen - length Specify the lines displayed on one screen set Specify user terminal inte rface parameters shell Enable terminal user service speed Specify the TX/RX rate of user terminal interface stopbits Specify the stop bit of user terminal interface terminal Specify terminal typ e tracert Trace route function undo Cancel current setting user Specify user's parameter of terminal interface [ Comware 5 - ui - aux0]authentication - mode ? none Login without checking password Authen tication use password of user terminal interface scheme Authentication use AAA [ Comware 5 - ui - aux0]authentication - mode scheme ? <cr> [ Comware 5 - ui - aux0]authentication - mode scheme [ the next command set s the use of password only for login via console ] [ Comware 5 ]user - interface aux 0 [ Comware 5 - ui - aux0]authentication - mode password ? <cr> [ Comware 5 - ui - aux0]authentication - mode password [ Comware 5 - ui - aux0]set authentication password ? cipher Set the password with cipher text hash Save and disp lay the hash value of the password simple Set the password with plain text [ Comware 5 - ui - aux0]set authentication password simple ? STRING<1 - 16> Plain text password [ Comware 5 - ui - aux0]set authentication password simple password ? <cr> [ Comware 5 - ui - aux0]set authentication password simple password Comware7 [Comware7]super ? authentication - mode Specify the authentication mode for user role switching default Default target user role password Set the password used to swi tch to a user role [Comware7]super password ? hash Specify a hashtext password role Specify the user role simple Specify a plaintext password <cr> [Comware7]super password role ? STRING<1 - 63> User role name network - admin netwo rk - operator level - 0 level - 1 level - 2 level - 3 level - 4

69. 68 call - home call - home config mode call - home - profile call - home pro file config mode cc - policy policy - map config mode cfg - af - topo Configure non - base topology mode cns - connect - config CNS Connect Info Mode cns - connect - intf - config CNS Connect Intf Info Mode cns - tmpl - connect - config CNS Template Connect Info Mode conf - attr - map LDAP attribute map config mode conf - ldap - server LDAP server config mode conf - ldap - sg LDAP server group config mode conf - rad - filter RADIUS filter config mode conf - rad - server RADIUS server config mode conf - tac - server Tacacs Server Definition config - sensor - cdplist Subscriber CDP attribute list config - sensor - dhcplist Subscriber DHCP attribute list config - sensor - lldplist Subscriber LLDP attribute list configure Global configuration mode crypto - identity Crypto identity config mode crypto - ipsec - profile IP Sec policy profile mode crypto - keyring Crypto Keyring command mode crypto - map Crypto map config mode crypto - map - fail - close Crypto map fail close mode crypto - transform Crypto transform confi g mode dhcp DHCP pool configuration mode dhcp - class DHCP class configuration mode dhcp - guard IPv6 dhcp guard configuration mode dhcp - pool - class Per DHCP pool class con figuration mode dhcp - relay - info DHCP class relay agent info configuration mode dhcp - subnet - secondary Per DHCP secondary subnet configuration mode dot1x CTS dot1x configuration mode dot1x - credential - m ode dot1x credential profile configuration mode eap - mprofile - mode eap method profile configuration mode eap - profile - mode eap profile configuration mode eigrp_af_classic_submode Address Family configuration mo de eigrp_af_intf_submode Address Family interfaces configuration mode eigrp_af_submode Address Family configuration mode eigrp_af_topo_submode Address Family Topology configuration mode eigrp_sf_intf_submode Service Family interfaces configuration mode eigrp_sf_submode Service Family configuration mode eigrp_sf_topo_submode Service Family Topology configuration mode exec Exec mode extcomm - list IP Extended community - list configuration mode fallback - profile - mode fallback profile configuration mode fh_applet FH Applet Entry Configuration fh_applet_trigger FH Applet Trigger Configuration fi lterserver AAA filter server definitions flow - cache Flow aggregation cache config mode flow - sampler - map Flow sampler map config mode flowexp Flow Exporter configuration mode flowmon Flow Monitor configuration mode flowrec Flow Record configuration mode identity - policy - mode identity policy configuration mode identity - profile - mode identity profile configurat ion mode if - topo Configure interface topology parameters interface Interface configuration mode ip - sla IP SLAs entry configuration ip - sla - dhcp IP SLAs dhcp confi guration ip - sla - dns IP SLAs dns configuration ip - sla - ftp IP SLAs ftp configuration ip - sla - http IP SLAs http configuration ip - sla - http - rr IP SLAs HTTP raw request Configurati on ip - sla - icmpEcho IP SLAs icmpEcho configuration ip - sla - pathEcho IP SLAs pathEcho configuration ip - sla - pathJitter IP SLAs pathJitter configuration ip - sla - tcp IP SLAs tcpConnect configu ration

70. 69 ip - sla - udpEcho IP SLAs udpEcho configuration ip - sla - udpJitter IP SLAs udpJitter configuration ip - sla - video IP SLAs video configuration ipczone IPC Zone config mode ipcz one - assoc IPC Association config mode ipenacl IP named extended access - list configuration mode iprbacl IP role - based access - list configuration mode ipsnac l IP named simple access - list configuration mode ipv6 - router IPv6 router configuration mode ipv6 - snooping IPv6 snooping mode ipv6acl IPv6 access - list configuration mode ipv6dhcp IPv6 DHCP configuration mode ipv6dhcpvs IPv6 DHCP Vendor - specific configuration mode ipv6rbacl IPv6 role - based access - list configuration mode isakmp - profile Cr ypto ISAKMP profile command mode kron - occurrence Kron Occurrence SubMode kron - policy Kron Policy SubMode line Line configuration mode log_config Log configuration chang es made via the CLI mac - enacl MAC named extended ACL configuration mode mac_address_config MAC address group configuration mode macro_auto_trigger_cfg Configuration mode for autosmartport user triggers manual CTS manual configuration mode map - class Map class configuration mode map - list Map list configuration mode mka - policy MKA Policy config mode mmon - fmon Flow Monitor configuration mode mmon - fmon - if - inline Flow Monitor inline configuration mode under inline policy mmon - fmon - pmap - inline Flow Monitor inline c onfiguration mode under policy class mstp_cfg MSTP configuration mode mt - flowspec mt flow specifier mt - path mt path - config mt - prof - perf mt profile perf - monitor mt - prof - perf - params mt profile perf - monitor parameters mt - prof - perf - rtp - params mt profile perf - monitor rtp parameters mt - prof - sys mt profile system mt - prof - sys - params mt pr ofile system parameters mt - sesparam mt session - params multicast - flows - classmap multicast - classmap config mode nd - inspection IPv6 NDP inspection configuration mode nd - raguard IPv6 RA guar d configuration mode null - interface Null interface configuration mode parser_test Test mode for internal test purposes policy - list IP Policy List configuration mode preauth AAA Preauth definitions profile - map profile - map config mode radius - attrl Radius Attribute - List Definition radius - da - locsvr Radius Application configuration radius - locsvr - client Radius C lient configuration radius - policy - device - locsvr Radius Application configuration radius - proxy - locsvr Radius Application configuration radius - sesm - locsvr Radius Application configuration rib_rwatch_test RIB_R WATCH test configuration mode route - map Route map config mode router Router configuration mode router - af - topology Topology configuration mode router_eigrp_classic EIGRP Router confi guration classic mode router_eigrp_named EIGRP Router configuration named mode rsvp - local - if - policy RSVP local policy interface configuration mode rsvp - local - policy RSVP local policy configuration mode rsvp - local - subif - policy RSVP local policy sub - interface configuration

99. 98 config1 ProVision ProVision# show running - config change - history Show the change - history logs of the running configuration. interface Sho w the running configuration for interfaces. oobm Show the running configuration for OOBM. router Show the running configuration for layer 3 protocols such as BGP, OSPF, OSPFv3, PIM, RIP and VRRP. st atus Show if the running configuration differs from the startup configuration. structured Show the running configuration in a grouped format. vlan Show the running configuration for VLANs. <cr> ProVision# copy ? command - output Specify a CLI command to copy output of. config Copy named configuration file. core - dump Copy coredump file from flash. crash - data Copy the switch crash data file. c rash - log Copy the switch log file. default - config Copy custom default configuration. event - log Copy event log file. fdr - log Copy FDR logs from the switch to TFTP server, USB or xmodem t erminal. flash Copy the switch system image file. running - config Copy running configuration file. sftp Copy data from a SFTP server. ssh - client - known - h... Copy the known hosts file. ssh - server - pub - key Copy th e switch's SSH server public key. startup - config Copy in - flash configuration file. tftp Copy data from a TFTP server. usb Copy data from a USB flash drive. xmodem Use xmodem on the terminal as th e data source. ProVision# copy running - config ? sftp Copy data to an SFTP server tftp Copy data to a TFTP server. usb Copy data to a USB flash drive. xmodem Use xmodem on the terminal as the data destination. ProVision# copy running - config tftp ? HOST - NAME - STR Specify hostname of the TFTP server. IP - ADDR Specify TFTP server IPv4 address. IPV6 - ADDR Specify TFTP server IPv6 address. ProVision# copy r unning - config tftp 10. 0.100.111 ? FILENAME - STR Specify filename for the TFTP transfer. ProVision# copy running - config tftp 10.0.100.111 config2.cfg ? oobm Use the OOBM interface to reach TFTP server. pc Chan ge CR/LF to PC style. unix Change CR/LF to unix style. <cr> ProVision# copy running - config tftp 10. 0.100.111 config2 .cfg ProVision# copy running - config sftp ? HOST - NAME - STR Specify hostname of the SFTP server. IP - ADDR Specify SFTP server IPv4 address. IPV6 - ADDR Specify SFTP server IPv6 address. user Specify the username on the remote system USERNAME@IP - STR Specify the username along with remote system information

168. 167 3 ssh | 10.0.100.80 59987 4 inactive | 5 inactive | 6 inactive | 7 inactiv e | ProVision# show crypto host - public - key SSH host public key: ssh - rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2tfJ6jJIdewRSD8D5YV8/wqWPLa0leK5VDBDBZeqmAIJ GL7JQmO+N+WgPVvbIm8V20QCqR1WHVsVNUAE6O6ErFybfk098Y089HuA7v6ej8lTF9r0U0BMQuNLp5C4 ++92wCh/mWJmwTUBIqY2w2tfq4 rtNxap 123456789054 /6o5wIHHC8fNjUf5pwil+nxYOk/migsklDAG CyH6OdUWWO2Rb2J/nouBOyz/VKLLuT4kO8LF728rxPBQfk7m/a3cKBKkSAM9O+cuTDzT1u3hOnc3zKGh Q38nMfTPvCCQZLTljhGGywHl0uGxzHbSFShRyIRyIrMpvQtX85GcLcZLhw== - or - ProVision# show ip host - public - key SSH host public key: ssh - rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2tfJ6jJIdewRSD8D5YV8/wqWPLa0leK5VDBDBZeqmAIJ GL7JQmO+N+WgPVvbIm8V20QCqR1WHVs 123456789054 Fybfk098Y0HuA7v6ej8lTF9r0U0BMQuNLp5C4 ++92wCh/mWJmwTUBIqY2w2tfq4rtNxapHN+NTQAiPQIc/6o5wIHHC8fNjUf5pwil+nxYOk/migsklDAG CyH6OdU WWO2Rb2J/nouBOyz/VKLLuT4kO8LF728rxPBQfk7m/a3cKBKkSAM9O+cuTDzT1u3hOnc3zKGh Q38nMfTPvCCQZLTljhGGywHl0uGxzHbSFShRyIRyIrMpvQtX85GcLcZLhw== Comware5 [ Comware5 ] public - key ? local Local public key pair operations peer Peer public key configuration [ Com ware5 ] public - key local ? create Create new local key pair destroy Destroy the local key pair export Print or export the local key pair [ Comware5 ] public - key local create ? dsa Key type DSA ecdsa Key type ECDSA rsa Key type RSA [ Co mware5 ] public - key local create rsa ? <cr> [ Comware5 ] public - key local create rsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus [default = 1024]: Generating Keys... [ Comware5 ]user - interface vty 0 15 [ Comware5 - ui - vty0 - 4]authentication - mode ? none Login without checking password Authentication use password of user terminal interface scheme Authentication use AAA [ C omware5 - ui - vty0 - 15 ]authentication - mode scheme ? <cr>

210. 209 b ) Privilege Mode This feature provides a dedicated login at a specific user level, based on the reply the authentication server sends to the switch. Must execute the basic configuration (section a) first. ProVision Comware Cisco (R equires special configuration on the RADIUS server) (Requires special configuration on the RADIUS server) No additional Comware RADIUS configuration required to support this op tion. (R equires special configuration on the RADIUS server) ProVision(config)# aaa authentication login privilege - mode Cisco(config)# aaa authorization console Cisco( config)#aaa authorization exec default group radius ProVision# show authentication ProVision (R equires special configuration on the RADIUS server) ProVision(config)# aaa ? accounting Co nfigure accounting parameters on the switch. authentication Configure authentication parameters on the switch. authorization Configure authorization parameters on the switch. port - access Configure 802.1X (Port Based Network Acce ss), MAC address based network access, or web authentication based network access on the device. server - group Place the RADIUS server into the RADIUS server group. ProVision(config)# aaa authenticati on ? allow - vlan Configure authenticator ports to apply VLAN changes immediately. console Configure authentication mechanism used to control access to the switch console. disable - username Bypass the use rname during authentication while accessing the switch to get Manager or Operator access. local - user Create or remove a local user account. lockout - delay The number of seconds after repeated login failures before a user may again attempt login. login Specify that switch respects the authentication server's privilege level. mac - based Configure authentication mechanism used to control mac - ba sed port access to the switch. num - attempts The number of login attempts allowed. port - access Configure authentication mechanism used to control access to the network. ssh Configure authentication mechanism used to control SSH access to the switch. telnet Configure authentication mechanism used to control telnet access to the switch. web Confi gure authentication mechanism used to control web access to the switch.

250. 249 [Comware 7 ]l ldp compliance cdp [Comware 7 - GigabitEthernet1/0/5]lldp ? admin - status Specify transmit/receive mode of LLDP on the port agent Specify LLDP agent check - change - interval Specify interval of checking system chang es compliance Enable compliance with another link layer discovery protocol enable Enable capability encapsulation Specify lldp frame formats management - address - format Sp ecify management - address formats notification Enable the trap capability tlv - enable Enable optional TLV [Comware 7 - GigabitEthernet1/0/5]lldp compliance ? admin - status Specify the mode for transmitting/receiving frames o f the specified link layer discovery protocol on the port [Comware 7 - GigabitEthernet1/0/5]lldp compliance admin - status ? cdp Non standard IEEE discovery protocol [Comware 7 - GigabitEthernet1/0/5]lldp compliance admin - status cdp ? disabl e Disable transmitting and receiving frames of the specified link layer discovery protocol txrx Enable transmitting and receiving frames of the specified link layer discovery protocol [Comware 7 - GigabitEthernet1/0/5]lldp compli ance admin - status cdp txrx ? <cr> [Comware 7 - GigabitEthernet1/0/5]lldp compliance admin - status cdp txrx [Comware 7 ]display lldp ? local - information Display local information neighbor - information Display neighbor information statistics Display statistics information status Display LLDP status and configuration tlv - config Display TLV configuration [Comware 7 ]display lldp neighbor - information ? > Redirect it to a file >> Redirect it to a file in append mode agent Specify LLDP agent interface Specify interface list Neighbor list verbose Verbose message | Matching output <cr> [Comware 7 ]display lldp neighbor - information LLDP neighbor - information of por t 1[GigabitEthernet1/0/1]: LLDP agent nearest - bridge: LLDP neighbor index : 1 ChassisID/subtype : c091 - 3483 - 8d80/MAC address PortID/subtype : 13/Locally assigned Capabilities : Bridge CDP neighbor - information of port 5[GigabitEthernet1/0 /5]: LLDP agent nearest - bridge: CDP neighbor index : 1 Chassis ID : SEP0013608622A2 Port ID : Port 1

251. 250 [Comware 7 ]display lldp neighbor - information interface ? FortyGigE FortyGigE interface GigabitEthernet Gigabi tEthernet interface M - GigabitEthernet MGE interface Ten - GigabitEthernet Ten - GigabitEthernet interface [Comware 7 ]display lldp neighbor - information interface g1/0/5 ? > Redirect it to a file >> Redirect it to a file in append mode agent Specify LLDP agent verbose Verbose message | Matching output <cr> [Comware7]display lldp neighbor - information interface g1/0/5 CDP neighbor - information of port 5[GigabitEthernet1/0/5]: LLDP agent nearest - bridge: CDP neighbor inde x : 1 Chassis ID : SEP0013608622A2 Port ID : Port 1 [Comware7]display lldp neighbor - information interface g1/0/5 verbose ? > Redirect it to a file >> Redirect it to a file in append mode | Matching output <cr> [ Comware7]display lldp neighbor - information interface g1/0/5 verbose CDP neighbor - information of port 5[GigabitEthernet1/0/5]: LLDP agent nearest - bridge: CDP neighbor index : 1 Chassis ID : SEP0013608622A2 Addresses : 10.0.111.102 Po rt ID : Port 1 Software version : P00307020400 Platform version : Cisco IP Phone 7960 Duplex : Full Time to live : 180 Cisco ( Enabled by default , both globally and per port ) (if needed) Cisco(config)#cdp ? a dvertise - v2 CDP sends version - 2 advertisements holdtime Specify the holdtime (in sec) to be sent in packets run Enable CDP timer Specify the rate at which CDP packets are sent (in sec) tlv Enable exchange of specif ic tlv information Cisco(config)#cdp run ? <cr> Cisco(config)#cdp run Cisco#show cdp ? entry Information for specific neighbor entry interface CDP interface status and configuration neighbors CDP neighbor entries traffic CDP statist ics | Output modifiers

271. 270 save Save current configuration time Execute the scheduled command at the specified time tracert Trace route function undo Undo Command Group view Specify the command view for the task [Comware5 - job - save - config]view ? STRING<1 - 90> Name of the c ommand view [Comware5 - job - save - config]view monitor ? <cr> [Comware5 - job - save - config]view monitor [Comware5 - job - save - config]time ? INTEGER<1 - 10> The identifier of time [Comware5 - job - save - config]time 1 ? at Specify the exact time one - of f Execute the specified command only once repeating Execute a specified command periodically [Comware5 - job - save - config]time 1 one - off ? at Specify the exact time delay Specifies the execution waiting time of a specified command [Comware5 - j ob - save - config]time 1 one - off at 02:07 ? command Specify the scheduled command month - date Specify the day of the month week - day Specify the day(s) of the week [Comware5 - job - save - config]time 1 one - off at 02:07 command ? TEXT The scheduled command [Comware5 - job - save - config]time 1 one - off at 02:07 command tftp 10.0.100.111 put startup.cfg ? TEXT <cr> [Comware5 - job - save - config]time 1 one - off at 02:07 command tftp 10.0.100.111 put startup.cfg [Comware5]display job ? STRING<1 - 32> N ame of the task | Matching output <cr> [Comware5]dis play job save - config Job name: save - config Specified view: monitor Time 1: Execute command tftp 10.0.100.111 put startup.cfg at 02:07 today or tomorrow [Comware5]dis play job save - co nfig Job name: save - config Specified view: monitor Time 1: Execute command tftp 10.0.100.111 put startup.cfg at 02:07 today or tomorrow has been executed Comware7 [Comware7]scheduler ? job Define a job logfile Scheduler log file confi guration

279. 278 100 - full 100 Mbps, full duplex. 100 0 - full 1000 Mbps, full duplex. auto Use Auto Negotiation for speed and duplex mode. auto - 10 10 Mbps, use Auto Negotiation for duplex mode. auto - 100 100 Mbps, use Auto Negotiation for duplex mode. auto - 1000 1000 Mbps, use Auto Negotiation for duplex mode. auto - 10 - 100 10 or 100 Mbps, use Auto Negotiation for duplex mode. auto - 10g 10 Gbps, use Auto Negotiation for duplex mode. ProVision ( eth - 1 )# speed - duplex auto ProVision ( eth - 1 )# disable ProVision ( eth - 1 )# enable Comware 5 < Comware 5 > display interface ? GigabitEthernet GigabitEthernet interface NULL NULL interface Vlan - interface VLAN interface brief Brief information of status a nd configuration for interface(s) | Matching output <cr> < Comware 5 > display interface brief The brief information of interface(s) under route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spo ofing Interface Link Protocol Main IP Description NULL0 UP UP(s) -- Vlan1 UP UP 10.0.111.31 The brief information of interface(s) under bridge mode: Link: ADM - administratively down; Stby - st andby Speed or Duplex: (a)/A - auto; H - half; F - full Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description GE1/0/1 UP 1G(a) F(a) A 1 GE1/0/2 DOWN auto A A 1 G E1/0/3 DOWN auto A A 1 GE1/0/4 DOWN auto A A 1 GE1/0/5 DOWN auto A A 1 GE1/0/6 DOWN auto A A 1 GE1/0/7 DOWN auto A A 1 GE1/0/8 DOWN auto A A 1 GE1/0/9 DOWN auto A A 1 GE1/0/10 DOWN auto A A 1 GE1/0/11 DOWN auto A A 1 GE1/0/12 DOWN auto A A 1 GE1/0/13 DOWN auto A A 1 GE1/0/14 DOWN auto A A 1 GE1/0/15 DOWN auto A A 1 GE1/0/16 DOWN auto A A 1 GE1/0/17 DOWN auto A A 1 GE1/0/18 DOWN auto A A 1 G E1/0/19 DOWN auto A A 1 GE1/0/20 DOWN auto A A 1 GE1/0/21 DOWN auto A A 1 GE1/0/22 DOWN auto A A 1 GE1/0/23 DOWN auto A A 1 GE1/0/24 DOWN auto A A 1 GE1/0/25 ADM auto A A 1

327. 326 Private VLAN : isolated Associated Primary VID : 150 Associated Secondary VIDs : none Port Information Mode Unknown VLAN Status ---------------- -------- ------------ ---------- 12 Unt agged Learn Up 13 Untagged Learn Up P roVision # show vlans 152 Status and Counters - VLAN Information - VLAN 152 VLAN ID : 152 Name : VLAN152 Status : Port - based Voice : No Jumbo : No Private VLAN : community Associated Primary VID : 150 Associated Secondary VIDs : none Port Information Mode Unknown VLAN Status ---------------- -------- ------------ ---------- 14 Untagged Learn Up 15 Untagged Learn Up Comware5 Not an available feature. Comware7 [Comware7]vlan 150 [Comware7 - vlan150]? Vlan view commands: arp ARP module cfd Connectivity Fault Detection (CFD) module description Configure the VLAN description diagnostic - logfile Diagnostic log file configuration display Display current system information igmp - snooping IGMP snooping module ip Specify IP configuration ip - subnet - vlan ipv6 Specify IPv6 configuration logfile Log file configuration mac - address Configure MAC address mac - forced - forwarding Specify MAC - forced forwarding configuration information mld - snooping MLD snooping m odule monitor System monitor name Configure the VLAN name pim - snooping PIM snooping module ping Ping function port Assign ports to or remove ports from the VLAN priv ate - vlan Private VLAN function protocol - vlan Protocol - based VLAN quit Exit from current command view return Exit to User View save Save current configuration security - logfile Security log file configuration subvlan Specify sub - VLAN supervlan Specify the VLAN as a super VLAN

339. 338 mac - notify Configure SNMP traps for changes in th e MAC address table. mdix - mode Set port MDI/MDIX mode (default: auto). monitor Monitor traffic on the port. mvrp Configure the Multiple VLAN Registration Protocol (MVRP). name Assign an interf ace name. poe - allocate - by Configure the power allocation method. poe - lldp - detect Allow the link partner to specify power allocation using LLDP. poe - value Set the maximum power allocation for the port. power - over - ethernet Enabl e per - port power distribution. private - vlan Configure ports as promiscuous members of private VLANs. qos Configure port - based traffic prioritization. rate - limit Enable rate limiting for various types of traffic. se rvice - policy Apply a service - policy on the interface. smart - link Configure the control VLANs for receiving flush packets. speed - duplex Define mode of operation for the port(s). tagged Configure this port as a ta gged member of the specified VLAN(s). unknown - vlans Configure the GVRP mode. untagged Configure this port as an untagged member of the specified VLAN. <cr> ProVision(config)# interface 1 mvrp ? disable Disable MVRP. enable Enable MVRP. join - timer Set the join timer for the port. leave - timer Set the leave timer for the port. leaveall - timer Set the leaveall timer for the port. periodic - timer Set the periodic timer t ransmission interval for the port. periodic - timer - enable Enable periodic timer transmission for the port. registration Configure how the port responds to MRP messages. ProVision(config)# interface 1 mvrp enable ? <cr> ProVision(config)# inter face 1 mvrp enable ProVision# show mvrp ? config Show the MVRP configuration for all ports. state Show the MVRP state. statistics Show MVRP statistics. ProVision# show mvrp config ? <cr> ProVision# show mv rp config Configuration and Status - MVRP Global MVRP status : Enabled Port Status Periodic Registration Join Leave LeaveAll Periodic Timer Type Time Timer Timer Timer ------- -------- -------- ------- ----- ---- -------- -------- -------- 1 Enabled Enabled Normal 20 300 1000 100 2 Disabled Enabled Normal 20 300 1000 100 3 Disabled Enabled Normal 20 300 1000 100 4 Disabled Enabled Normal 20 300 1000 100 5 Disabled Enabled Normal 20 300 1000 100 6 Disabled Enabled Normal 20 300 1000 100 (output omitted) ProVision# show mvrp state ? VLAN - ID Enter a VLAN identifier or the VLAN name if configured.

340. 339 ProVision# show mvrp state 1 ? [ethernet] PORT - NUM <cr> ProVision# show mvrp state 1 Configuration and Status - MVRP state for VLAN 1 Port VLAN Registrar Applicant Forbid State State Mode -------- ----- --------- --------- --------- 1 1 MT QA No Comware5 [Comware5]mvrp ? global Specify the global configuration gvrp - compliance Specify the GVRP - compliant mode [Comware5]mvrp global ? enable Enable MVRP [Comware5]mvrp global enable ? <cr> [Comware5]mvrp global enable [Comware5]int erface g1/0/1 [Comware5 - GigabitEthernet1/0/1]? Gigabitethernet_l2 interface view commands: apply Apply Poe - profile arp Configure ARP for the interface bpdu - drop Drop BPDU packets. bpdu - tunnel Specify BPDU tunnel function broadcast - suppression Specify the broadcast storm control cfd Connect ivity fault detection (IEEE 802.1ag) default Restore the default settings description Describe the interface dhcp - snooping DHCP Snooping display Display current system information dldp Specify configuration information of DLDP dot1x Specify 802.1X configuration information duplex Status of duplex enable Enable function flow - control Flow control command flow - inter val Set interval of interface statistic garp Generic Attribute Registration Protocol gvrp GARP VLAN Registration Protocol igmp - snooping Configure IGMP snooping characteristic ip Specify IP configurations for the system ipv6 IPv6 status and configuration information jumboframe Jumboframe command lacp Configure LACP Protocol link - aggregation Link aggregation group l ink - delay Set the delay time of holding link - up and link - down lldp Link Layer Discovery Protocol(802.1ab) loopback Specify loopback of current port loopback - detection Detect if loopback exists mac - add ress Configure MAC address mac - authentication MAC authentication configuration mac - forced - forwarding Specify MAC - forced forwarding configuration information mac - vlan Specify MAC VLAN

458. 457 ipv6 Specify IPv6 Virtua l Router version Specify version of VRRP vrid Specify the virtual router by its identifier [Comware7 - Vlan - interface100]vrrp ver sion ? INTEGER<2 - 3> Version of VRRP [Comware7 - Vlan - interface100]vrrp ver sion 2 [Comware7] dis play vrrp ? > Redirect it to a file >> Redirect it to a file in append mode interface Specify the interface ipv6 Specify IPv6 Virtual Router statistics VRRP statistics verbose Verbose information | Matching output <cr> [Comware7] dis play vrrp verbose IPv4 Virtual Router Information: Running mode : Standard Total number of virtual routers : 1 Interface Vlan - interface100 VRID : 100 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 254 Running Pri : 254 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 10.1.100.1 Virtual MAC : 0000 - 5e00 - 0164 Master IP : 10.1.100.5 [Comware7] dis play vrrp IPv4 Virtual Router Information: Running mode : Standard Total number of virtual routers : 1 Interface VRID State Running Adver Auth Virtual Pri Timer Type IP --------------------------------------------------------------------- Vlan100 100 Master 254 100 None 10.1.100.1 [Comware7]display vrrp interface Vlan - interface 100 verbose IPv4 Virtual Router Information: Running mode : Standard Total number of virtual routers on interface Vlan - interface100 : 1 Interface Vlan - interface100 VRID : 100 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 254 Running Pri : 254 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 10.1.100.1 Virtual MAC : 0000 - 5e00 - 0164 Master I P : 10.1.100.5 Cisco Cisco(config)#int erface vl an 100 Cisco(config - if)#? Interface configuration commands: aaa Authentication, Authorization and Accounting. arp Set arp type (arpa, probe, snap) or timeout or log

468. 467 match - order Set an ACL's match order name Specify a named ACL <cr> [Comware7] acl number 3000 [Comware7 - acl - adv - 3000]? Acl - adv view commands: cfd Connectivity Fault Detection (CFD) module description Specify ACL description diagnostic - logfile Diagnostic log file configuration display Display current system information logfile Log file configuration monitor S ystem monitor ping Ping function quit Exit from current command view return Exit to User View rule Specify an ACL rule save Save current configuration security - logfile Security log file configuration step Specify a rule numbering step for an ACL tracert Tracert function undo Cancel current setting [Comware7 - acl - adv - 3000]rule ? INTEGER<0 - 65534> ID of an ACL rule deny Specify matched packet deny permit Specify matched packet permit [Comware7 - acl - adv - 3000]rule deny ? INTEGER<0 - 255> Protocol number gre GRE tunneling (47) icmp Internet Control Message Protocol (1) i gmp Internet Group Management Protocol (2) ip Any IP protocol ipinip IP in IP tunneling (4) ospf OSPF routing protocol (89) tcp Transmission Control Protocol (6) udp User Datagra m Protocol (17) [Comware7 - acl - adv - 3000]rule deny ip ? counting Specify rule counting destination Specify a destination address dscp Specify DSCP fragment Check fragment packet logging Log matched packet precedence Specify precedence source Specify a source address time - range Specify a special time tos Specify TOS vpn - instance Specify VPN - Instance <cr> [Comware7 - acl - adv - 3000]rule deny ip source ? X.X.X.X Source address any A ny source address [Comware7 - acl - adv - 3000]rule deny ip s ource 10.1.2 2 0 .0 0.0.0.255 ? counting Specify rule counting destination Specify a destination address dscp Specify DSCP fragment Check fragment packet logging Log matched packet precedence Specify precedence time - range Specify a special time

539. 538 Interface is in errdisabled = 0 Rate limit exceeded = 0 Re ceived on untrusted ports = 0 Nonzero giaddr = 0 Source mac not equal to chaddr = 0 No binding entry = 0 Insertion of opt82 fai l = 0 Unknown packet = 0 Interface Down = 0 Unknown output interface = 0 Misdirected Packets = 0 Packets with Invalid Size = 0 Packets with Invalid Option = 0

557. 556 14 1/ 0 0 220 No No No No both 1000FDx ProVision# show port - access authenticator vlan Port Access Authenticator VLAN Configuration Port - access authenticator activated [No] : Yes Allow RADIUS - assigned dynamic (GVRP) VLAN s [No] : No Access Unauth Auth Port Control VLAN ID VLAN ID ---- ------- ------- ------- 14 Auto 99 0 ProVision# show vlans ports 14 detail Status and Counters - VLAN Information - VLAN 220 VLAN ID : 220 Name : test Sta tus : Port - based Voice : No Jumbo : No Port Information Mode Unknown VLAN Status ---------------- -------- ------------ ---------- 4 Untagged Learn Down 5 Untagged Learn Up 6 Tag ged Learn Down 11 Tagged Learn Up 13 Tagged Learn Up 14 802.1x Learn Up 15 Tagged Learn Up Trk1 Tagged Learn Down Trk2 Tagged Learn Down Trk3 Tagged Learn Down Overridden Port VLAN configuration Port Mode ------ ------------ 14 No ProVision# show vlans 1 Status and Counters - VLAN Information - VLAN 1 VLAN ID : 1 Name : DEFAULT_VLAN Status : Port - based Voice : No Jumbo : No Port Information Mode Unknown VLAN Status ---------------- -------- ------------ ---------- 1 Untagged Learn Up 2 Untagged Learn Down 3 Untagged Learn Down 6 Untagged Learn Down 7 Untagged Learn Down 8 Untagged Learn Down 10 Untagged Learn Down

567. 566 Authorization mode : Auto Port access control : MAC - based Multicast trigg er : Enabled Mandatory auth domain : Not configured Guest VLAN : Not configured Auth - Fail VLAN : 99 Critical VLAN : Not configured Re - auth server - unreachable : Logoff Max online users : 1 SmartOn : Disabled EAPOL packets: Tx 39, Rx 39 Sent EAP Request/Identity packets : 10 EAP Request/Challenge packets: 24 EAP Success packets: 5 EAP Failure packets: 0 Received EAPOL Star t packets : 5 EAPOL LogOff packets: 0 EAP Response/Identity packets : 10 EAP Response/Challenge packets: 24 Error packets: 0 Online 802.1X users: 1 MAC address Auth state 0023 - 7de 7 - 3adb Authenticated [Comware7] display interface brief Brief information on interfaces in route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Primary IP Description InLoop0 UP UP(s) -- Loop0 UP UP(s) 10.0.0.51 M - GE0/0/0 DOWN DOWN -- NULL0 UP UP(s) -- REG0 UP -- -- Vlan1 UP UP 10.0.111.51 Vlan100 UP UP 10.1.100.5 test2 Vlan220 UP UP 10.1.220.5 Vlan230 UP UP 10.1.230.5 voice Vlan240 UP UP 10.1.240.5 Brief information on interfaces in bridge mode: Link: ADM - administrati vely down; Stby - standby Speed: (a) - auto Duplex: (a)/A - auto; H - half; F - full Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description BAGG1 DOWN auto A T 1 LACP - link - to - ProV ision FGE1/0/53 DOWN auto A A 1 FGE1/0/54 DOWN auto A A 1 GE1/0/1 ADM auto A A 1 link - to - core GE1/0/2 DOWN auto A A 1 GE1/0/3 DOWN auto A A 1 GE1/0/4 DOWN auto A A 220 GE1/0/5 DOWN auto A H 220 GE1/0/6 UP 1G(a) F(a) T 1 GE1/0/7 DOWN auto A A 1 GE1/0/8 DOWN auto A A 1 GE1/0/ 9 DOWN auto A A 100 GE1/0/10 DOWN auto A A 1 GE1/0/11 DOWN auto A A 1 GE1/0/12 DOWN auto A A 1 GE1/0/13 DOWN auto A A 1 GE1/0/14 UP 1G(a) F(a) A 220

569. 568 dot1x Set authentication lists for IEEE 802.1x. enable Set authentication list for enable. eou Set authentic ation lists for EAPoUDP fail - message Message to use for failed login/authentication. login Set authentication lists for logins. password - prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. suppress Do not send access request for a specific type of user. username - prompt Text to use when prompting for a username Cisco(config)#aaa authentication dot1x ? WORD Named au thentication list (max 31 characters, longer will be rejected). default The default authentication list. Cisco(config)#aaa authentication dot1x default ? cache Use Cached - group group Use Server - group local Use local username authent ication. Cisco(config)#aaa authentication dot1x default group ? WORD Server - group name ldap Use list of all LDAP hosts. radius Use list of all Radius hosts. Cisco(config)#aaa authentication dot1x default group radius ? cache Use Cached - g roup group Use Server - group local Use local username authentication. <cr> Cisco(config)#aaa authentication dot1x default group radius Cisco(config)#aaa authorization ? auth - proxy For Authentication Proxy Services cache For AAA cache configuration commands For exec (shell) commands. config - commands For configuration mode commands. configuration For downloading configurations from AAA server console For enabling console autho rization credential - download For downloading EAP credential from Local/RADIUS/LDAP exec For starting an exec (shell). multicast For downloading Multicast configurations from an AAA server network For network services. (PPP, SLIP, ARAP) policy - if For diameter policy interface application. prepaid For diameter prepaid services. radius - proxy For proxying radius packets reverse - access For revers e access connections subscriber - service For iEdge subscriber services (VPDN etc) template Enable template authorization Cisco(config)#aaa authorization network ? WORD Named authorization list (max 31 characters, longer will be rejected). default The default authorization list. Cisco(config)#aaa authorization network default ? cache Use Cached - group group Use server - group. if - authenticated Succeed if user has authenticated. local Use local database.

570. 569 none No authorization (always succeeds). Cisco(config)#aaa authorization network default group ? WORD Server - group name ldap Use list of all LDAP hosts. radius Use list of all Radius hosts. tacacs + Use list of all Tacacs+ hosts. Cisco(config)#aaa authorization network default group radius ? cache Use Cached - group group Use server - group. if - authenticated Succeed if user has authenticated. local Use loca l database. none No authorization (always succeeds). <cr> Cisco(config)#aaa authorization network default group radius Cisco(config)#dot1x ? credentials Configure 802.1X credentials profiles critical Set 802.1x Critical Authentication parameters guest - vlan Configure Guest Vlan and 802.1x Supplicant behavior logging Set logging parameters supplicant 802.1X supplicant configuration system - auth - control Enable or Disable SysA uthControl test Configure dot1x test related parameters Cisco(config)#dot1x system - auth - control Cisco(config)#interface g1/0/14 Cisco(config - if)#switchport mode access Cisco(config - if)#dot1x ? authenticator Configure authenticato r parameters credentials Credentials profile configuration default Configure Dot1x with default values for this port max - reauth - req Max No. of Reauthentication Attempts max - req Max No. of Retries max - start Max No. of EA POL - Start requests pae Set 802.1x interface pae type supplicant Configure supplicant parameters timeout Various Timeouts Cisco(config - if)#dot1x pae ? authenticator Set pae type as Authenticator both Set pae ty pe as both Supplicant and Authenticator supplicant Set pae type as Supplicant Cisco(config - if)#dot1x pae authenticator ? <cr> Cisco(config - if)#dot1x pae authenticator Cisco(config - if)#authentication ? control - direction Set the control - direct ion on the interface event Set action for authentication events fallback Enable the Webauth fallback mechanism host - mode Set the Host mode for authentication on this interface linksec Configure link securi ty parameters open Enable or Disable open access on this port order Add an authentication method to the order list

571. 570 periodic Enable or Disable Reauthentication for this port port - control Set the port - contro l value priority Add an authentication method to the priority list timer Set authentication timer values violation Configure action to take on security violations Cisco(config - if)#authentication host - mode ? multi - au th Multiple Authentication Mode multi - domain Multiple Domain Mode multi - host Multiple Host Mode single - host SINGLE HOST Mode Cisco(config - if)#authentication host - mode single - host ? <cr> Cisco(config - if)#authentication host - mode single - ho st Cisco(config - if)#authentication port - control ? auto PortState set to automatic force - authorized PortState set to AUTHORIZED force - unauthorized PortState set to UnAuthorized Cisco(config - if)#authentication port - control auto ? <cr> Cisco(config - if)#authentication port - control auto Cisco(config - if)#authentication event ? fail Configure failed authentication actions/parameters linksec Configure actions for link security events no - response Configure non - resp onsive host actions server Configure actions for AAA server events Cisco(config - if)#authentication event fail ? action Required action for authentication event retry Number of times to retry failed authentications Cisco(config - if)#authenti cation event fail action ? authorize Authorize the port next - method Move to next authentication method Cisco(config - if)#authentication event fail action authorize ? vlan Configure Authentication Fail vlan Cisco(config - if)#authentication event fail action authorize vlan ? <1 - 4094> Enter a VlanId Cisco(config - if)#authentication event fail action authorize vlan 99 ? <cr> Cisco(config - if)#authentication event fail action authorize vlan 99 Cisco#show dot1x ? all Show 802.1x informa tion for all interfaces interface Interface information to display | Output modifiers <cr> Cisco#show dot1x all ? count Show total no of authorized and unauthorized clients details Show 802.1x details for all interfaces sta tistics Show 802.1x statistics for all interfaces summary Show 802.1x summary for all interfaces

581. 580 sessions Shows Auth Manager session information statistics Statistics for authentications Cisco#show authentication interface g1/0/16 Client list: Interface MAC Address Method Domain Status Session ID Gi1/0 /16 e069.9578.4883 mab DATA Authz Success 0A00002900000008019590EA Available methods list: Handle Priority Name 3 0 dot1x 4 1 mab Runnable methods list: Handle Priority Name 4 0 mab

608. 607 switch with member - id 3, slot number 0, and port index 10 on that switch would be identified as port 3/0/10. Cisco Switch Stacks operate similar to HP 3800 Stacking . O ne of the switches controls the operation of the stack and is called the stack master. The stack master and the other switch es in the stack are stack members. The stack master is the single point of management for the stack. All stack members are eligible stack masters. If the stack master becomes unavailable, the remaining stack members participate in electing a new stack mast er. One of the factors used to determine which switch is elected the stack master is the stack member priority value. The switch with the highest priority value becomes the stack master. For features that you configure on specific switch ports in the switc h stack , the configuration procedures are th e same as for stand alone switches, but the port designations for the ports in the stack are modified. Each port is identified by the member - id of its switch, followed by a slash and then the slot number of the in terface card , and then the port index as it is shown on the switch. For example, for a switch with member - id 3, slot number 0, and port index 10 on that switch would be identified as port 3/0/10. Cisco Switch Stacks require that the StackWise ports be inte rconnected between all the switches in the stack. Cisco Switch Stacking is different from the clustering feature that is implemented on some other Cisco switches. Cisco Switch Stacking requires the dedicated StackWise ports . The clustering feature is imple mented via the front - panel networking cables, uses a single IP address to manage the stcak, and does not have the high bandwidth and redundancy features of Switch Stacking . Commands in this chapter are not “compared” as they are in other chapters, because the technologies are completely different designs . The commands listed are simply what is required to configure each individual platform. ProVision Note : In the default configuration, stacking is enabled on HP 3800 switches. However, if an HP 3800 switc h is powered on and it does not have a Stacking Module installed, stacking is disabled. If a Stacking Module is subsequently installed in the switch, stacking must be enabled from the switch CLI (in the config context) by entering the following command: H P Switch 3800 (config)# stacking enable The maximum number of HP 3800 swit ches allowed in the stack is sixteen . Power on the first switch to be the Commander switch (with Stacking Module installed).

23. 22 Mar 5 06:43:40.282: %SYS - 5 - SCHEDULED_RELOAD: Reload requested for 23:00:00 central Thu Mar 5 2015 at 00:43:27 central Thu Mar 5 2015 by console. Cisco# - or - Cisco#reload in ? Delay before reload (mmm or hhh:mm) Cisco#reload in 23:10 ? LINE Reason for reload <cr> Cisco#show reload Reload scheduled for 23:00:00 central Thu Mar 5 2015 (in 22 hours and 15 minutes) by console Cisco#reload cancel Cisco# *** *** --- SHUTD OWN ABORTED --- *** Mar 5 06:45:38.016: %SYS - 5 - SCHEDULED_RELOAD_CANCELLED: Scheduled reload cancelled at 00:45:38 central Thu Mar 5 2015

112. 111 11 - rwx 2019 Mar 9 1993 07 :26:51 +00:00 Cisco2.cfg (will need to view files to determine which are configuration files) Cisco#show boot BOOT path - list : flash:/c3750 e - universalk9 - mz.150 - 1.SE.bin Config file : flash:/config.text Private Config file : flash:/private - config.text Enable Break : no Manual Boot : no HELPER path - list : Auto upgrade : yes Auto upgrade path : NVRAM/Config file buffer size: 524288 Timeout for Config Download: 0 seconds Config Download vi a DHCP: disabled (next boot: disabled) Cisco(config)#boot ? auto - copy - sw enable auto - copy of compatible software to stack members that have joined the stack in version - mismatch mode auto - download - sw url specif ying pathname used for automatic software upgrades boothlpr Boot Helper System Image buffersize Specify the buffer size for filesystem - simulated NVRAM config - file Configuration File enable - break Enable Break while booting helper Helper Image(s) helper - config - file Helper Configuration File host Router - specific config file manual Manual Boot private - config - file Private Configuration F ile system System Image time Set the boot time of a switch Cisco(config)#boot config - file ? WORD config file name Cisco(config)#boot config - file flash:Cisco.cfg

195. 194 | Enable Enable Enable Access Task | Primary Server Group Seconda ry -------------- + ---------- ------------ ---------- Console | Radius radius Local Telnet | Radius radius None Webui | Radius radius None SSH | Radius radius None ProV ision# show radius authentication Status and Counters - RADIUS Authentication Information NAS Identifier : ProVision Invalid Server Addresses : 0 UDP Server IP Addr Port Timeouts Requests Challenges Accepts Reje cts --------------- ---- ---------- ---------- ---------- ---------- ---------- 10.0.100.111 1812 0 6 0 5 1 ProVision# show radius host 10.0.100.111 Status and Counters - RADIUS Server Information Server I P Addr : 10.0.100.111 Authentication UDP Port : 1812 Accounting UDP Port : 1813 Round Trip Time : 0 Round Trip Time : 0 Pending Requests : 0 Pending Requests : 0 Retransmissions : 0 Retransmissions : 0 Timeouts : 0 Timeouts : 0 Malformed Responses : 0 Malformed Responses : 0 Bad Authenticators : 0 Bad Authenticators : 0 Unknown Types : 0 Unknown Types : 0 Packets Dropped : 0 Packets Dropped : 0 Access Requests : 6 Accounting Requests : 0 Access Challenges : 0 Accounting Responses : 0 Access Accepts : 5 Access Rejects : 1 Comware5 (If you are planning to use Telnet or SSH, you should configure those features before you configure AAA support.) Special note on using AAA authentication. By default Comware5 is expecting a user to login as “user@domain”, this allows for multiple domain support. In order to support a user to supply only their UID without the “@domain”, the ‘ user - name - format without - domain ’ parameter can be configured within the radius scheme, which allows Comware5 to send just a UID to the RADIUS server. [Comware5] radius ? client Radius Client config dscp Set DSCP (DiffServ CodePoints) value of RADIUS packets ipv6 Specify IPv6 configuration nas - backup - ip Specify RADIUS client backup IP address nas - ip Specify RADIUS client IP address scheme Add RADIUS scheme or modify radius - scheme attributes trap Specify trap configuration [Comware5] radius scheme ? STRING<1 - 32> Radius scheme name

233. 232 b ) Privilege Mode This feature provides a dedicated login at a specific user level, based on the reply the authentication server sends to the switch. Must execute the basic configuration in the preceeding section first. ProVision Comware Cisco (R equires special configuration on the TACACS server) (Requires special configuration on the TACACS server) No additional Comware HWTACACS configuration required to s upport this option. (R equires special configuration on the TACACS server) ProVision(config)# aaa authentication login privilege - mode Cisco(config)# aaa authorization console Cisco(config)#aaa authorization exec default group tacacs + ProVision# show authentication ProVision (R equires special configuration on the TACACS server) P roVision(config)# aaa ? accounting Configure accounting parameters on the switch. authentication Configure authentication parameters on the switch. authorization Configure authorization parameters on the switch. port - access Configure 802.1X (Port Based Network Access), MAC address based network access, or web authentication based network access on the device. server - group Place the RADIUS server into the RADIUS s erver group. ProVision(config)# aaa authentication ? allow - vlan Configure authenticator ports to apply VLAN changes immediately. console Configure authentication mechanism used to control access to the sw itch console. disable - username Bypass the username during authentication while accessing the switch to get Manager or Operator access. local - user Create or remove a local user account. lockout - delay The num ber of seconds after repeated login failures before a user may again attempt login. login Specify that switch respects the authentication server's privilege level. mac - based Config ure authentication mechanism used to control mac - based port access to the switch. num - attempts The number of login attempts allowed. port - access Configure authentication mechanism used to control access to the network. ssh Configure authentication mechanism used to control SSH access to the switch. telnet Configure authentication mechanism used to control telnet access to the switch. web Configure authentication mechanism used to control web access to

352. 351 Port IEEE Class : 0 Port Detection Status : disabled Port Power Mode : signal Port Current Power : 0 mW Port Average Power : 0 mW Port Peak Power : 0 mW Port Max Power : 15400 mW Port Current : 0 mA Port Voltage : 0.0 V Port PD Description : [Comware]interface g1/0/5 [ Comware - Gi gabitEthernet1/0/5 ]poe enable [ Comware ]display poe inte rface g1/0/5 Port Power Enabled : enabled Port Power Priority : low Port Operating Status : on Port IEEE Class : 2 Port Detection Status : delivering - power Port Power Mode : signal Port Current Power : 4000 mW Port Average Power : 3220 mW Port Peak Power : 4000 mW Port Max Power : 15400 mW Port Current : 79 mA P ort Voltage : 50.4 V Port PD Description : Cisco Cisco#show power inline Module Available Used Remaining (Watts) (Watts) (Watts) ------ --------- -------- --------- 1 370. 0 6.3 363.7 Interface Admin Oper Power Device Class Max (Watts) --------- ------ ---------- ------- ------------------- ----- ---- Fa1/0/1 auto off 0.0 n/a n/a 15.4 Fa1/0/2 auto off 0.0 n/a n/a 15.4 Fa1/0/3 auto off 0.0 n/a n/a 15.4 Fa1/0/4 auto off 0.0 n/a n/a 15.4 Fa1/0/5 auto on 6.3 IP Phone 7960 n/a 15.4 Fa1/0/6 auto off 0.0 n/a n/a 15.4 Fa1/0/7 auto off 0.0 n/a n/a 15.4 Cisco#show power inline f1/0/5 Interface Admin Oper Power Device Class Max (Watts) --------- ------ ---------- ------- ------------------- ----- ---- Fa1/0/5 auto on 6.3 IP Phone 7960 n/a 15.4 Interface AdminPowerMax AdminConsumption (Watts) (Watts) -------- -- --------------- -------------------- Fa1/0/5 15.4 15.4 Cisco(config)#interface f1/0/5

355. 354 [Comware7] voice - vlan mac - address 0013 - 6000 - 0000 mask ffff - ff00 - 0000 description Cisco - 7960 [Comware7] vlan 230 [Comware7 - vlan 2 30 ]name voice [Comware7] int erface g1/0/ 5 [Comware7 - GigabitEthernet1/0/5]port link - type access [Com ware7 - GigabitEthernet1/0/5]port link - type hybrid [Comware7 - GigabitEthernet1/0/5]port hybrid vlan 220 untagged [Comware7 - GigabitEthernet1/0/5]port hybrid pvid vlan 220 [Comware7 - Gig abitEthernet1/0/5]voice vlan 230 enable [Comware7 - GigabitEther net1/0/5 ]poe enable <Comware7> dis play vlan 230 <Comware7> display interface g1/0/ 5 <Comware7>display voice - vlan state <Comware7>display voice - vlan mac - address ProVision ProVision(config)# vlan 230 ProVision (vlan - 230)# voice ProVision( v lan - 230 )# vlan 220 ProVision (vlan - 220)# untagged 5 ProVision( vlan - 22 0 )# vlan 23 0 ProVision (vlan - 230)# tagged 5 ProVision# show vlans 230 Status and Counters - VLAN Information - VLAN 230 VLAN ID : 230 Name : voice Status : Port - based Voice : Yes Jumbo : No

356. 355 Port Information Mode Unknown VLAN Status ---------------- -------- ------------ ---------- 5 Tagged Learn Up ProVision# show vlan port s 5 detail Status and Counters - VLAN Information - for ports 5 VLAN ID Name | Status Voice Jumbo Mode ------- -------------------- + ---------- ----- ----- -------- 220 test | Port - based No No Untagged 230 voice | Port - based Yes No Tagged Comware5 Comware determines whether a received packet is a voice packet by checking its source MAC address. There are a few built - in preconfigured OUI addresses defined in Comware, but as there are many newer voice capable devices on the market, generall y additional MAC address prefix definitions may be required. We show the addition of one such MAC prefix in this example configuration. [Comware5]voice ? vlan Specify voice VLAN [Comware5]voice vlan ? aging Aging time mac - address MAC Addre ss security Specify voice VLAN security mode track Learn oui from lldp [Comware5]voice vlan mac - address ? H - H - H MAC address [Comware5]voice vlan mac - address 001a - a100 - 0000 ? mask MAC address mask [Comware5]voice vlan mac - address 001 a - a100 - 0000 mask ffff - ff00 - 0000 ? description MAC address description <cr> [Comware5]voice vlan mac - address 001a - a100 - 0000 mask ffff - ff00 - 0000 description ? TEXT MAC address description(up to 30 characters) [Comware5]voice vlan mac - address 001a - a 100 - 0000 mask ffff - ff00 - 0000 description Cisco - 7961 ? TEXT <cr> [Comware5]voice vlan mac - address 001a - a100 - 0000 mask ffff - ff00 - 0000 description Cisco - 7961 [Comware5] vl an 230 [Comware5 - vlan 2 30 ]name voice [Comware5] int erface g1/0/5 [Comware5 - Gig abitEthernet1/0/5 ]port link - type access [Comware5 - GigabitEthernet1/0/5 ]port link - type hybrid [Comware5 - GigabitEt hernet1/0/5]port hybrid vlan 220 untagged [Comware5 - GigabitEtherne t1/0/5]port hybrid pvid vlan 220

374. 373 mstp - operation The protocol operates as Multiple STP on all ports where compatibility to the old STP protocol versions is not required. ProVision(confi g)# spanning - tree force - version rstp - operation ? bpdu - protection - ti... Set the time for protected ports to be in down state after receiving unauthorized BPDUs. forward - delay Set time the switch waits between transitioning from listening to learning and from learning to forwarding states. Not applicable in RPVST mode. hello - time Set time between messages transmission when the switch is root. Not applicable in RPVST mode. max - hops Set the max number of hops in a region before the MST BPDU is discarded and the information held for a port is aged (default is 20). maximum - age Set maximum age of received STP information before it is discarded. Not applicable in RPVST mode. priority Set the device STP priority (the value is in range of 0 - 61440 divided into steps of 4096 that are numbered from 0 to 15, default is step 8). Not applicable in RPVST mode. root Configure root for STP. <cr> ProVision(config)# spanning - tree force - version rstp - operation ProVision(config)# spanning - tre e prior ity 2 (note - multiplier is 4096 , default setting is 8 ) ProVision(config)# spanning - tree 4 ? admin - edge - port Set the administrative edge port status. auto - edge - port Set the automatic edge port detection. bpdu - filter Stop a spe cific port or ports from transmitting BPDUs, receiving BPDUs, and assume a continuous fowarding state. bpdu - protection Disable the specific port or ports if the port(s) receives STP BPDUs. hello - time Set message transmission interval (in sec.) on the port. Not applicable in RPVST mode. loop - guard Set port to guard against the loop and consequently to prevent it from becoming Forwarding Port. mcheck Force the port to transmit RST BPDUs. Not applicable in RPVST mode. path - cost Set port's path cost value. Not applicable in RPVST mode. point - to - point - mac Set the administrative point - to - point status. priority Set port priority (the value is in range of 0 - 240 divided into steps of 16 that are numbered from 0 to 15, default is step 8). Not applicable in RPVST mode. pvst - filter Stop a specific port or ports from receiving and retransmitting PVST BPDUs. Not applicable in RPVST mode. pvst - protection Disable the specific port or ports if the port(s) receives PVST BPDUs. Not applicable in RPVST mode. root - guard Set port to ignore superior BPDUs to prevent it from becoming Root Port. tcn - guard Set port to stop propagating received topology changes notificat ions and topology changes to other ports. ProVision(config)# spanning - tree 4 admin - edge - port ProVision(config)# spanning - tree 4 path - cost 10000 ProVision(config)# spanning - tree 4 priority 6 (note - multiplier is 16 , default setting is 8 ) ProVision# show spanning - tree ? bpdu - protection Show spanning tree BPDU protection status information. bpdu - throttle Displays the configured throttle value.

433. 432 Sum - Net 10.1.230.0 10.0.0.51 906 28 80000003 10 Sum - N et 10.1.230.0 10.0.0.41 920 28 80000008 10 Sum - Net 10.1.230.0 10.0.0.21 393 28 80000001 10 Sum - Net 10.1.100.0 10.0.0.31 159 28 80000004 1 Sum - Net 10.1.100.0 10.0.0.51 730 28 80000009 1 Sum - Net 10.1.100.0 10.0.0.41 1507 28 80000009 1 Sum - Net 10.1.100.0 10.0.0.21 393 28 80000001 1 Area: 0.0.0.1 Type LinkState ID AdvRoute r Age Len Sequence Metric Router 10.0.0.41 10.0.0.41 1518 36 80000002 0 Router 10.0.0.51 10.0.0.51 381 36 8000001B 0 Router 10.0.0.31 10.0.0.31 537 36 80000015 0 Router 10.0.0.21 10.0.0.21 382 36 80000011 0 Network 10.1.100.5 10.0.0.51 382 40 80000007 0 Sum - Net 0.0.0.0 10.0.0.51 832 28 80000002 1 Sum - Net 0.0.0.0 1 0.0.0.41 1522 28 80000001 1 Sum - Net 0.0.0.0 10.0.0.31 157 28 80000003 1 Sum - Net 0.0.0.0 10.0.0.21 395 28 80000001 11 Sum - Net 10.1.230.0 10.0.0.51 908 28 80000 00C 10 Sum - Net 10.1.230.0 10.0.0.21 383 28 8000000D 10 Sum - Net 10.1.230.0 10.0.0.41 922 28 80000009 10 Sum - Net 10.1.230.0 10.0.0.31 889 28 80000002 10 Sum - Net 10.1.220.0 10.0.0.31 159 28 80000009 1 Sum - Net 10.1.220.0 10.0.0.51 827 28 80000008 1 Sum - Net 10.1.220.0 10.0.0.21 384 28 80000009 1 Sum - Net 10.1.220.0 10.0.0.41 1513 28 80000009 1 Area: 0.0.0.2 Type LinkState ID AdvRouter Age Len Sequence Metric Router 10.0.0.41 10.0.0.41 930 36 80000006 0 Router 10.0.0.51 10.0.0.51 909 36 8000001B 0 Router 10.0.0.31 10.0.0.31 393 36 80000019 0 Router 10.0.0.21 10.0.0.21 390 36 80000013 0 Network 10.1.230.4 10.0.0.41 388 40 80000003 0 Sum - Net 0.0.0.0 10.0.0.31 1023 28 80000001 1 Sum - Net 0.0.0.0 10.0.0.51 974 28 80000001 1 Sum - Net 0.0.0.0 10.0.0.41 948 28 80000001 1 Sum - Net 0.0.0.0 10.0.0.21 398 28 80000001 11 AS External Database Type LinkState ID AdvRouter Age Len Sequence Metric External 10.0.111.0 10.0.0.31 160 36 80000009 1 External 10.1.220.0 10.0.0.31 180 36 80000002 1 External 10.1.240.0 10.0.0.31 180 36 80000002 1 External 10.1.100.0 10.0.0.31 178 36 80000002 1 External 10.1.230.0 10.0.0.31 176 36 80000002 1 External 10.0.111.0 10.0.0.51 933 36 80000008 1 External 10.0.111.0 10.0.0.21 390 36 80000008 10 External 10.1.220.0 10.0.0.51 933 36 80000008 1 External 10.1.240.0 10.0. 0.51 934 36 80000008 1 External 10.1.240.0 10.0.0.21 391 36 80000008 10 External 10.1.100.0 10.0.0.51 934 36 80000008 1 External 10.1.230.0 10.0.0.51 394 36 80000008 1 Cisco Cisco#show ip ospf ? <1 - 65535> Process ID number border - routers Border and Boundary Router Information database Database summary events OSPF event information flood - list Link st ate flood list interface Interface information max - metric Max - metric origination information mpls MPLS related information neighbor Neighbor list nsf NSF state information reques t - list Link state request list

454. 453 Chapter 2 7 VRRP This chapter compares the commands used to configure Virtual Router Redundancy Protocol (VRRP). Ci sco also supports Hot Standby Router Protocol ( HSRP ), which is not compatible with VRR P . In many networks, edge devices are often configured to send packets to a statically configured default router. If this router becomes unavailable, the devices that use it as their first - hop router become isolated from the network. VRRP , which is based o n RFC 5798 , uses dynamic failover to ensure the availability of an end node’s default router. This is done by assigning the IP address used as the default route to a “virtual router ,” or VR. On a given VLAN, a VR includes two or more member routers that yo u configure with a virtual IP address that is the default gateway’s IP address . The VR includes an owner router assigned to forward traffic designated for the virtual router (If the owner is forwarding traffic for the VR, it is the master router for that V R) and one or more prioritized backup routers (If a backup is forwarding traffic for the VR, it has replaced the owner as the master router for that VR.) ProVision Comware 5 Cisco ProVision(config)# router vrrp ProVision(vrrp)# ipv4 enable ProVision(vr rp )# vlan 220 [ Comware 5 ] interface vlan 220 Cisco(config)#interface vlan 100 ProVision (vlan - 220)# vrrp vrid 220 ProVision (vlan - 220 - vrid - 220)# virtual - ip - address 10.1.220.1 [ C omware 5 - Vlan - interface220]vrrp vrid 220 virtual - ip 10.1.220.1 Cisco(config - if)#vrrp 100 ip 10.1.100.1 ProVision(vlan - 220 - vrid - 220)# priority 254 [Comware5 - Vlan - interface220]vrrp vrid 220 priority 100 Cisco(config - if)#vrrp 100 priority 100 ProVision (vlan - 220 - vrid - 220)# enable [Comware5 - Vlan - interface220]vrrp version 2 ProVision# show vrrp [Comware5] display vrrp verbose Cisco#show vrrp [Comware5] display vrrp Cisco#show vrrp brief ProVision# show vrrp vlan 220 [Comware5] display vrrp interface Vlan - interface 220 Cisco#show vrrp interface vlan 100 Comware7 [Comware7]interface Vlan - interface 100 [Comware7 - Vlan - interface100]vrrp vrid 100 virtual - ip 10.1.100.1 [Comware7 - Vlan - interfac e100]vrrp vrid 100 priority 254 [Comware7 - Vlan - interface100]vrrp version 2 [Comware7] display vrrp

492. 491 classifier Specify traffic classifier [Comware5 ]traffic classifier ? STRING<1 - 31> Name of classifier [Comware5] traffic classifier a ny [Comware5 - classifier - any]? Classifier view commands: cfd Connectivity fault detection (IEEE 802.1ag) display Display current system information if - match Specify matching statement for classification mtracert Trace route to multicast s ource ping Ping function quit Exit from current command view return Exit to User View save Save current configuration tracert Trace route function undo Cancel current setting [Comware5 - classifier - any]if - match ? acl Specify ACL to match any Specify any packets to match customer - dot1p Specify IEEE 802.1p customer COS to match customer - vlan - id Specify customer VLAN ID to match destination - mac Specify destination MAC address to ma tch dscp Differentiated Services Codepoint (DSCP) ip - precedence Specify IP precedence to match protocol Specify protocol to match service - dot1p Specify IEEE 802.1p service COS to match service - vlan - id Specify servi ce VLAN ID to match source - mac Specify source MAC address to match system - index Specify index of pre - defined matching rule [Comware5 - classifier - any]if - match any ? <cr> [Comware5 - classifier - any]if - match any Step - 2 [Comware5]traffic b ehavior ? STRING<1 - 31> Name of behavior [Comware5]traffic behavior pri6 ? <cr> [Comware5]traffic behavior pri6 [Comware5 - behavior - pri6]? Behavior view commands: accounting Specify Accounting feature car Specify CAR (Committed Access Ra te) feature cfd Connectivity fault detection (IEEE 802.1ag) display Display current system information filter Specify packet filter feature mirror - to Specify flow mirror feature mtracert Trace route to multicast source nes t Nest top - most VLAN TAG or customer VLAN TAG ping Ping function quit Exit from current command view redirect Specify Redirect feature remark Remark QoS values of the packet return Exit to User View

543. 542 [Comware5 - vlan220]arp detection enable ? <cr> [Comware5 - vlan220]arp detection enable [Comware5]interface g1/0/ 6 [Comware5 - G igabitEthernet1/0/6 ]arp ? detection Specify ARP detection function filter Filter ARP packets max - learning - num Set the maximum number of dynamic arp entries learned on the interface rate - limit Limit ARP packet rate [Comware5 - GigabitEthernet1/0/6 ]arp detection ? trust Specify port trust state [Comware5 - GigabitEthernet1/0/6 ]arp detection trust ? <cr> [Comware5 - GigabitEthernet1/0/6 ]arp detection trust [Comware5 ]display arp detection ? statistics Display ARP detection statistics | Matching output <cr> [Comware5] display arp detection ARP detection is enabled in the following VLANs: 220 ARP detection: [Comware5] display arp detection statistics ? interface Displ ay statistics by interface | Matching output <cr> [Comware5] display arp detection statistics State: U - Untrusted T - Trusted ARP packets dropped by ARP inspect checking: Interface(State) IP Src - MAC Dst - MAC Inspe ct BAGG1(U) 0 0 0 0 GE1/0/1(U) 0 0 0 0 GE1/0/2(U) 0 0 0 0 GE1/0/3(U) 0 0 0 0 GE1/0/4(U) 0 0 0 2 GE1/0/5(U) 0 0 0 0 GE1/0/6(T) 0 0 0 0 GE1/0/7(U) 0 0 0 0 GE1/0/8(U) 0 0 0 0 GE1/0/9(U) 0 0 0 0 GE1/0/10(U) 0 0 0 0 GE1/0/11(U) 0 0 0 0 GE1/0/12(U) 0 0 0 0 GE1/0/13(U) 0 0 0 0 GE1/0/14(U) 0 0 0 0 GE1/0/15(U) 0 0 0 0 GE1/0/16(U) 0 0 0 0 GE1/0/17(U) 0 0 0 0 GE1/0/18(U) 0 0 0 0 GE1/0/19(U) 0 0 0 0 GE1/0/20(U) 0 0 0 0

563. 562 GE1/0/16 DOWN auto A A 1 GE1/0/17 DOWN auto A A 1 GE1/0/18 DOWN auto A A 1 GE1/0/19 DOWN auto A A 1 GE1/0/20 DOWN auto A A 1 GE1/0/21 DOWN auto A A 1 GE1/0/22 DOWN auto A A 1 GE1/0/23 DOW N auto A T 1 LACP - link - to - ProVision GE1/0/24 DOWN auto A T 1 LACP - link - to - ProVision GE1/0/25 ADM auto A A 1 GE1/0/26 ADM auto A A 1 GE1/0/27 ADM auto A A 1 GE1/0/28 ADM auto A A 1 [Comware5] display vlan 220 VLAN ID: 220 VLAN Type: static Route Interface: configured IPv4 address: 10.1.220.3 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0220 Name: test Tagged Ports: Bridge - Aggregation1 GigabitEthernet1/0/6 GigabitEthernet1/0/23 GigabitEthernet1/0/24 Untagged Ports: GigabitEthernet1/0/4 GigabitEthernet1/0/5 GigabitEthernet1/0/14 Comware7 [Comware7]radius scheme <radius - auth > [Comw are7 - radius - radius - auth]primary authentication 10.0.100.111 1812 [Comware7 - radius - radius - auth]primary accounting 10.0.100.111 1813 [Comware7 - radius - radius - auth]key authentication password [Comware7 - radius - radius - auth]user - name - format without - domain [C omware7]domain 8021x [ Comware7 - isp - 8021x]? Isp view commands: accounting Specify accounting scheme authentication Specify authentication scheme authorization Specify authorization scheme authorization - attribute Configure authorization attributes of the domain cfd Connectivity Fault Detection (CFD) module diagnostic - logfile Diagnostic log file configuration display Display current system information logfile Log file configuration monitor System monitor ping Ping function quit Exit from current command view return Exit to User View save Save cur rent configuration security - logfile Security log file configuration state Specify state of domain tracert Tracert function undo Cancel current setting [Comware7 - isp - 8021x]authenticat ion ? advpn Specify AAA configuration for ADVPN user default Specify default AAA configuration for all types of users

576. 575 <cr> [Comware5] mac - authentication Mac - auth is enabled globally. [Comware5]interface g1/0/16 [Comware5 - GigabitEthernet1/0/16 ]mac - authentication ? cri tical Specify critical vlan configuration domain Specify domain server configuration guest - vlan Specify guest VLAN configuration information max - user Specify maximum number of Mac - auth users allowed to access the port time r Timer configuration <cr> [Comware5 - GigabitEthernet1/0/16 ]mac - authentication Mac - auth is enabl ed on port GigabitEthernet1/0/16 . [Comware5] mac - authentication domain 8021x [Comware5] mac - authentication user - name - format ? fixed Use fixed account mac - address Use user's source MAC address as user name [Comware5] mac - authentication user - name - format mac - address ? with - hyphen MAC address with ' - ', just like XX - XX - XX - XX - XX - XX without - hyphen MAC address without ' - ', just like XXXXXXXX XXXX <cr> [Comware5] mac - authentication user - name - format mac - address without - hyphen ? lowercase In lowercase uppercase In uppercase <cr> [Comware5] mac - authentication user - name - format mac - address without - hyphen [Comware5] display mac - authenticat ion ? interface Display MAC - authentication interface configuration | Matching output <cr> [Comware5] display mac - authentication interface g1/0/16 MAC address authentication is enabled. User name format is MAC address in lowercase,like xxxx xxxxxxxx Fixed username:mac Fixed password:not configured Offline detect period is 300s Quiet period is 60s Server response timeout value is 100s Guest vlan reauthentication timeout value is 30s The max allowe d user number is 1024 per slot Current user number amounts to 1 Current domain is 8021x Silent MAC User info: MAC Addr From Port Port Index GigabitEthernet1/0/16 is link - up MAC address authenticatio n is enabled Authenticate success: 1, failed: 0 Max number of on - line users is 256 Current online user number is 1 MAC Addr Authenticate State Auth Index

592. 591 enable Use enable password for authentication. group Use Server - group k rb5 Use Kerberos 5 authentication. line Use line password for authentication. local Use local username authentication. local - case Use case - sensitive local username authentication. none NO authentication. <cr> Cisco(c onfig)#aaa authentication login default group radius Cisco(config)#aaa authorization ? auth - proxy For Authentication Proxy Services cache For AAA cache configuration commands For exec (shell) commands. config - c ommands For configuration mode commands. configuration For downloading configurations from AAA server console For enabling console authorization credential - download For downloading EAP credential from Local/RADIUS/LDAP exe c For starting an exec (shell). multicast For downloading Multicast configurations from an AAA server network For network services. (PPP, SLIP, ARAP) policy - if For diameter pol icy interface application. prepaid For diameter prepaid services. radius - proxy For proxying radius packets reverse - access For reverse access connections subscriber - service For iEdge subscriber services (VPDN etc) temp late Enable template authorization Cisco(config)#aaa authorization auth - proxy ? default The default authorization list. Cisco(config)#aaa authorization auth - proxy default ? cache Use Cached - group group Use server - group. local Use local database. Cisco(config)#aaa authorization auth - proxy default group ? WORD Server - group name ldap Use list of all LDAP hosts. radius Use list of all Radius hosts. tacacs+ Use list of all Tacacs+ hosts. Cisco(config)#aaa authorizat ion auth - proxy default group radius ? cache Use Cached - group group Use server - group. local Use local database. <cr> Cisco(config)#aaa authorization auth - proxy default group radius Cisco(config)#ip device tracking Cisco(config)#ip admissio n ? absolute - timer Absolute Timeout in minutes auth - proxy - audit Authentication Proxy Auditing auth - proxy - banner Authentication Proxy Banner http Configure maximum HTTP process inactivity - timer Inactivity Timeout in min utes init - state - time Init State Timeout max - login - attempts Max Login attempts per user name Specify an Authentication Proxy Rule

593. 592 proxy Authentication proxy protocol ratelimit Session Ratelimit service - policy Service Policy source - interface IP Admission Source Interface watch - list Watch - list Cisco(config)#ip admission name ? WORD Name of Authentication Rule Cisco(config)#ip admission name web - auth - rule1 ? consent Consent pa ge parameters eapoudp EAPoUDP Validate Posture Credentials proxy Authentication Proxy Protocol Cisco(config)#ip admission name web - auth - rule1 proxy ? http HTTP Protocol Cisco(config)#ip admission name web - auth - rule1 proxy http ? absolute - tim er Absolute Timeout in minutes inactivity - time Inactivity timeout in minutes list Specify an access - list to apply to authentication proxy service - policy Service Policy <cr> Cisco(config)#ip admission name web - auth - rule1 proxy htt p Cisco(config)#ip admission auth - proxy - banner ? file Specify the banner file for HTTP http HTTP Protocol Banner Cisco(config)#ip admission auth - proxy - banner http ? LINE c banner - text c, where 'c' is a delimiting character <cr> Cisco(config) #ip admission auth - proxy - banner http Cisco(config)#ip access - list extended web - auth - policy1 Cisco(config - ext - nacl)#permit udp any any Cisco(config - ext - nacl)#permit tcp any any eq www Cisco(config - ext - nacl)#deny ip any any Cisco(config)#fallback ? profile Create a Fallback profile Cisco(config)#fallback profile ? WORD Specify a policy name Cisco(config)#fallback profile fallback1 Cisco(config - fallback - profile)#ip access - group web - auth - policy1 in Cisco(config - fallback - profile)#ip admission we b - auth - rule1 Cisco(config)#interface g1/0/18 Cisco(config - if)#switchport mode access Cisco(config - if)#switchport access vlan 220

281. 280 Route - Aggregation Route - Aggregation interface Tunnel Tunnel interface Vlan - interface VLAN interface range Specify the interface range [ Comware 5 ] interface g1/0/1 [ Comware 5 - GigabitEthernet1/0/1 ]? Gigabitethernet_l2 interface view com mands: apply Apply Poe - profile arp Configure ARP for the interface bpdu - drop Drop BPDU packets. bpdu - tunnel Specify BPDU tunnel function broadcast - suppression Specify the broadcast stor m control cfd Connectivity fault detection (IEEE 802.1ag) default Restore the default settings description Describe the interface dhcp - snooping DHCP Snooping display Display cur rent system information dldp Specify configuration information of DLDP dot1x Specify 802.1X configuration information duplex Status of duplex enable Enable function flow - control Flow control command flow - interval Set interval of interface statistic garp Generic Attribute Registration Protocol gvrp GARP VLAN Registration Protocol igmp - snooping Configure IGMP sno oping characteristic ip Specify IP configurations for the system ipv6 IPv6 status and configuration information jumboframe Jumboframe command lacp Configure LACP Protocol link - ag gregation Link aggregation group link - delay Set the delay time of holding link - up and link - down lldp Link Layer Discovery Protocol(802.1ab) loopback Specify loopback of current port loopback - detecti on Detect if loopback exists mac - address Configure MAC address mac - authentication MAC authentication configuration mac - forced - forwarding Specify MAC - forced forwarding configuration information mac - vlan Specify MAC VLAN mdi Specify mdi type mirroring - group Specify mirroring - group mirroring - port Specify mirroring port mld - snooping Configure MLD snooping characteristic monitor - port Specify monitor port mrp Multiple Register Protocol mtracert Trace route to multicast source multicast - suppression Specify the multicast storm control mvrp Multiple VLAN Registration Protocol n dp Neighbor discovery protocol ntdp Specify NTDP configuration information oam OAM protocol packet - filter Specify packet filter ping Ping function poe Configure PoE port port Configure or modify aggregate parameters on a port port - isolate Specify port - isolate configuration information port - security Specify port - security configuration information portal Portal protocol qinq Specify 802.1Q - in - Q VPN function qos Command of QoS(Quality of Service) quit Exit from current command view return Exit to User View

309. 308 Output (normal): 16 packets, - bytes 3 unicasts, 6 broadcasts, 7 multicasts, 0 pauses Output: 0 output errors, - underruns, - buffer failures 0 aborts, 0 deferred, 0 collisions, 0 late collisions 0 lost carrier, - no carrier [Comware 7 ] display interface g1/0/5 GigabitEthernet1/0/5 Current state: DOWN Line protocol state: DOWN IP packet frame type: Ethernet II, hardware address: cc3e - 5f73 - baf8 Description: GigabitEthernet1/0/5 Interface Bandwidth: 1000000 kbps Loopback is not set Media type is twisted pair Port hardware type is 1000_BASE_T Unknown - speed mode, unknown - duplex mode Link speed type is autonegotiation, link duplex type is autonegotiation Flow - control is not enabled Maximum frame length: 10000 Allow jumbo frames to p ass Broadcast max - ratio: 100% Multicast max - ratio: 100% Unicast max - ratio: 100% PVID: 100 MDI type: automdix Port link - type: Access Tagged VLANs: None Untagged VLANs: 100 Port priority: 0 Last clearing of counters: Never Peak input rate: 0 bytes/sec, at 2010 - 12 - 31 18:01:19 Peak output rate: 0 bytes/sec, at 2010 - 12 - 31 18:01:19 Last 300 second input: 0 packets/sec 0 bytes/sec - % Last 300 second output: 0 packets/sec 0 bytes/sec - % Input (total): 0 packets, 0 bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Input (normal): 0 packets, - bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Input: 0 input errors, 0 runts, 0 giants, 0 throttles 0 CRC, 0 frame, - overruns, 0 aborts - ignored, - parity errors Output (total): 0 packets, 0 bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Output (normal): 0 packets, - bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Output: 0 output errors, - underruns, - buffer failures 0 aborts, 0 deferred, 0 collisions, 0 late collisions 0 lost carrier, - no carrier Cisco Cisco(config)#interface g 1/ 0/6 Cisco(config - if)#? Interface configuration commands: aaa Authentication, Authorization and Accounting. arp Set arp type (arpa, probe, snap) or timeout or log options auto Configure Automation bandwidth Set bandwidth informational parameter bgp - policy Apply po licy propagated by bgp community string carrier - delay Specify delay for interface transitions cdp CDP interface subcommands channel - group Etherchannel/port bundling configuration channel - protocol Selec t the channel protocol (LACP, PAgP)

317. 316 DHCP Relay Agent : Enabled DHCP Request Hop Count Increment : Enabled Option 82 : Disabled Response validation : Disabled Option 82 handle policy : replace Remote ID : mac DHCP Relay Statistics: Client Requests Server Responses Valid Dropped Valid Dropped ---------- ---------- ---------- ---------- 17 0 6 0 DHCP Relay Option 82 Statistics: Client Requ ests Server Responses Valid Dropped Valid Dropped ---------- ---------- ---------- ---------- 0 0 0 0 Comware 5 [ Comware 5 ] dhcp ? client DHCP client configuration subcommands dscp Specify the DSC P value in DHCP/BOOTP client packet enable DHCP service enable relay Specify DHCP(Dynamic Host Configuration Protocol) relay configuration information server DHCP server [ Comware 5 ] dhcp enable DHCP is enabled successfully! [ Comware 5 ] d hcp relay ? release Release one IP address security Specify DHCP(Dynamic Host Configuration Protocol) relay security configuration information server - detect Detect fake DHCP server server - group Specify the server gr oup number [ Comware 5 ] dhcp relay server - group ? INTEGER<0 - 19> The DHCP server group number [ Comware 5 ] dhcp relay server - group 1 ? ip Specify DHCP server IP address [ Comware 5 ] dhcp relay server - group 1 ip ? X.X.X.X The IP address of the DHCP server [ Comware 5 ] dhcp relay server - group 1 ip 10.0.100.251 ? <cr> [ Comware 5 ] dhcp relay server - group 1 ip 10.0.100.251 [ Comware 5 ] interface Vlan - interface 220 [ Comware 5 - Vlan - interface220]dhcp ? relay Specify DHCP(Dynamic Host Configuration Protocol) rel ay configuration information select Specify process mode of DHCP packet server DHCP server [ Comware 5 - Vlan - interface220]dhcp select ?

318. 317 relay Relay mode server Server mode [ Comware 5 - Vlan - interface220]dhcp select relay ? <cr> [ Comwa re 5 - Vlan - interface220]dhcp select relay [ Comware 5 - Vlan - interface220]dhcp relay ? address - check Check address check Check the DHCP packet client - detect Detect off - line client through ARP entries information Specify option 82 service server - select Choose DHCP server group [ Comware 5 - Vlan - interface220]dhcp relay server - select ? INTEGER<0 - 19> The DHCP server group number [ Comware 5 - Vlan - interface220]dhcp relay server - select 1 ? <cr> [ Comware 5 - Vlan - interface220]dhcp relay server - s elect 1 [ Comware 5 ] dis play dhcp relay all Interface name Server - group Vlan - interface220 1 [ Comware 5 ] dis play dhcp relay server - group 1 No. Group IP 1 10.0.100.251 [Comware5]dis play dhcp relay statistics server - group 1 DHCP relay server - group #1 Packet type Packet number Client - > Server: DHCPDISCOVER 119 DHCPREQUEST 2 DHCPINFORM 2 DHCPRELEASE 0 DHCPDECLINE 0 BOOTPREQUEST 0 Server - > Client: DHCPOFFER 1 DHCPACK 2 DHCPNAK 0 BOOTPREPLY 0 Comware7 [Comware7]dhcp ? class Create a DHCP class client Configure a DHCP client dscp Set the Differentiated Services Codepoint (DSCP) value enable Enable DHCP relay Configure a DHCP relay agent server Configure a DHCP server snooping Configure DHCP snooping [Comware 7 ] dhcp enable [Comware 7 ] interface Vlan - interface 220 [Comware 7 - Vlan - interface220]dhcp ? client Configure a DHCP client

399. 398 [Comware 7 ] display stp region - configuration Oper Configuration Format selector : 0 Region name : ProVision - Comware - Cisco Revision level : 1 Configuration digest : 0xcee7f8d6e076e3201f92550cb1d2cb9 2 Instance VLANs Mapped 0 1 to 99, 101 to 219, 221 to 239, 241 to 4094 1 220 2 100 3 240 [Comware 7 ] display stp instance 0 ------- [CIST Global Info][Mode MSTP] ------- Bridge ID : 16384.cc3e - 5f73 - bacb Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20 Root ID/ERPC : 8192.009c - 02d5 - 3980, 0 RegRoot ID/IRPC : 8192.009c - 02d5 - 3980, 20 RootPort ID : 128.6 BPDU - Protection : Disabled Bridge Config - Digest - Snoopi ng : Disabled TC or TCN received : 68 Time since last TC : 0 days 0h:34m:59s ... ---- [Port6(GigabitEthernet1/0/6)][FORWARDING] ---- Port protocol : Enabled Port role : Root Port Port ID : 128.6 Port cost(Legacy) : C onfig=auto, Active=20 Desg.bridge/port : 8192.009c - 02d5 - 3980, 128.13 Port edged : Config=disabled, Active=disabled Point - to - Point : Config=auto, Active=true Transmit limit : 10 packets/hello - time TC - Restriction : Disabled R ole - Restriction : Disabled Protection type : Config=none, Active=none MST BPDU format : Config=auto, Active=802.1s Port Config - Digest - Snooping : Disabled Rapid transition : True Num of VLANs mapped : 1 Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s RemHops 20 BPDU sent : 2904 TCN: 0, Config: 0, RST: 3, MST: 2901 BPDU received : 5431 TCN: 0, Config: 0, RST: 1426, MST: 4005 ... ---- [Port9(GigabitEthernet1/0/9)][FORWARDING] ---- Port protocol : Enabled Port role : Designated Port Port ID : 160.9 Port cost(Legacy) : Config=10000, Active=10000 Desg.bridge/port : 16384.cc3e - 5f73 - bacb, 160.9 Port edged : Config=enabled, Active=enabled Po int - to - Point : Config=auto, Active=true Transmit limit : 10 packets/hello - time TC - Restriction : Disabled Role - Restriction : Disabled Protection type : Config=none, Active=none MST BPDU format : Config=auto, Active=802.1s Por t Config - Digest - Snooping : Disabled

441. 440 advertise - ext - community Advertise extended community allow - as - loop Configure permit of as - path loop as - number AS number as - path - acl Set the filter list of peer or peer group bfd Enable BFD for this peer capability - advertise Advertise capability connect - interface Set interface name to be used as session's output interface default - route - advertise Advertise default route to this peer description Configure description information about peer dscp Differentiated Services Codepoint (DSCP) ebgp - max - hop EBGP Multihop enable Enable peer fake - as Configure a fake AS number for the peer filter - policy BGP filter list group Specify a peer group ignore Suspend the peer session for this peer ip - prefix Specify BGP route filtering policy based on ip - prefix keep - all - routes Keep all original ro utes' information from the peer log - change Log any session status and event change information next - hop - local Specify local address as the next hop of routes advertised to the peer password Peer password preferred - value Set route PrefVal to this peer public - as - only Remove private AS number from outbound updates reflect - client Configure a peer as a route reflector client route - limit Numb er of routes limited from this peer route - policy Apply route - policy route - update - interval Route update interval substitute - as Substitute with local AS timer Configure timers for a peer [ Comware 5 - bgp]pee r 10.0.101.21 as - number 64502 ? <cr> [ Comware 5 - bgp] peer 10.0.101.21 as - number 64502 [Comware5 - bgp]import - route dir ect [ Comware 5 - bgp]network 10.0.231.0 24 [ Comware 5 ]dis play bgp ? group Peer groups ipv6 IPv6 address family multicast Multicast address family network Routes advertised through network command paths Path attribute information peer Specify a peer router routing - table Display BGP routes vpnv4 VPNv4 address family vpnv6 VPNv6 address family Comware 5 ]dis play bgp peer BGP local router ID : 10.0.0.3 Local AS number : 64503 Total number of peers : 1 Peers in established state : 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 10.0.101.21 64502 96 96 0 3 01:32:32 Established

470. 469 log - update Control access list log updates logging Control access list logging resequence Resequence Access List role - based Role - based Access List standard Standard Access List Cisco(config)#ip access - list extended ? <100 - 199> Extended IP access - list number <2000 - 2699> Extended IP access - list number (expanded range) WORD Access - list name Cisco(config)#ip access - list extended 100 Cisco(config - ext - nacl)#? Ext Access List configuration commands: <1 - 2147483647> Sequence Number default Set a command to its defaults deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs evaluate Evaluate an acc ess list exit Exit from access - list configuration mode no Negate a command or set its defaults permit Specify packets to forward remark Access list entry comment Cisco(config - ext - nacl)#deny ? <0 - 255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Mess age Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Tr ansmission Control Protocol udp User Datagram Protocol Cisco(config - ext - nacl)#deny ip ? A.B.C.D Source address any Any source host host A single source host Cisco( config - ext - nacl)#deny ip 10.1.2 2 0 .0 0.0.0.255 ? A.B.C.D Destinati on address any Any destination host host A single destination host Cisco( config - ext - nacl)#deny ip 10.1.2 2 0 .0 0.0.0.255 10.0.100.111 0.0.0.0 Cisco(config - ext - nacl)#permit ip any any Cisco(config)#ip access - list extended ext_acl Cisco( confi g - ext - nacl)#deny ip 10.1. 10 0 .0 0.0.0.255 10.0.100.111 0.0.0.0 Cisco(config - ext - nacl)#permit ip any any

480. 479 lsap Specify lsap type source - mac Specify source mac address time - range Specify a special time type Specify protoco l type <cr> [ Comware 5 - acl - ethernetframe - 4000]rule deny dest - mac 00aa - bb00 - 0000 00 aa - bb ff - ffff [Comware5]interface Vlan - interface 220 [Comware5 - Vlan - in terface220]packet - filter 4000 out Comware7 Ethernet frame header ACL [ Comware 7 ]acl number ? INTEGER<2000 - 2999> Specify a basic ACL INTEGER<3000 - 3999> Specify an advanced ACL INTEGER<4000 - 4999> Specify an ethernet frame header ACL INTEGER<5000 - 5999> Specify an ACL about user - defined frame or packet head [ Comware 7 ]acl number 4000 [Comw are 7 - acl - ethernetframe - 4000]? Acl - ethernetframe view commands: cfd Connectivity Fault Detection (CFD) module description Specify ACL description diagnostic - logfile Diagnostic log file configuration display Displ ay current system information logfile Log file configuration monitor System monitor ping Ping function quit Exit from current command view return Exit to User View rule Specify an ACL rule save Save current configuration security - logfile Security log file configuration step Specify a rule numbering step for an ACL tracert Tracert function undo Ca ncel current setting [ Comware 7 - acl - ethernetframe - 4000]rule ? INTEGER<0 - 65534> ID of an ACL rule deny Specify matched packet deny permit Specify matched packet permit [ Comware 7 - acl - ethernetframe - 4000]rule deny ? cos Specify 802.1p priority counting Specify rule counting dest - mac Specify dest mac address lsap Specify lsap type source - mac Specify source mac address time - range Specify a special time type Specify protocol type

499. 498 <cr> Cisco(config)#mls qos map dscp - cos 0 8 16 24 32 40 48 56 to 0 Cisco(config)#interface g1/ 0/5 Cisco(config - if)#mls qos ? cos cos keyword dscp - mutation dscp - mutation keyword ipe ipe keyword trust trust keyword vl an - based vlan - based keyword Cisco(config - if)#mls qos cos ? <0 - 7> class of service value between 0 and 7 override override keyword Cisco(config - if)#mls qos cos 6 Cisco#show mls qos ? aggregate - policer aggregate - policer keyword input - q ueue input - queue keyword interface interface keyword maps maps keyword queue - set queue - set keyword vlan VLAN keyword | Output modifiers <cr>

517. 516 register - source Source address for PIM Register rp - address PIM RP - address (Rendezvous Point) rp - announce - filter Auto - RP annou nce message filter rp - candidate To be a PIMv2 RP candidate send - rp - announce Auto - RP send RP announcement send - rp - discovery Auto - RP send RP discovery message (as RP - mapping agent) sparse This command is specific to P IM - Sparse Mode spt - threshold Source - tree switching threshold ssm Configure Source Specific Multicast state - refresh PIM DM State - Refresh configuration v1 - rp - reachability Send PIMv1 RP - reachability packet vrf Select VPN Routing/Forwarding instance Cisco(config)#ip pim rp - address ? A.B.C.D IP address of Rendezvous - point for group Cisco(config)#ip pim rp - address 10.1.220.1 ? <1 - 99> Access - list reference for group <1300 - 1999> Access - list reference for group (expanded range) WORD IP Named Standard Access list override Overrides dynamically learnt RP mappings <cr> Cisc o(config)#ip pim rp - address 10.1 .220.1 Cisco(config)#ip pim rp - candidate ? Async As ync interface Auto - Template Auto - Template interface BVI Bridge - Group Virtual Interface CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEthernet IEEE 802.3 Filter Filter interface Filtergroup Filter Group interface GigabitEthernet GigabitEthernet IEEE 802.3z GroupVI Group Virtual interface Lex Lex interface Loopback Loopback interface Null Null interface Port - channel Ethernet Channel of interfaces Portgroup Portgroup interface Pos - channel POS Channel of interfaces TenGigabitEthernet Ten Gigabit Ethernet Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual - Template Virtual Template interface Virtual - TokenRing Virtual TokenRing Vlan Catalyst Vlans fcpa Fiber Channel Cisco(config)#ip pim rp - candidate vlan ? <1 - 4094> Vlan interface number Cisco(config)#ip pim rp - candidate vlan 220 ? group - list group - list interval RP candidate advertisement interval priority RP candidate priority <cr> Cisco(config)#ip pim rp - candidate vlan 220 Cisco(config)#ip pim bsr - candidate ? Async Async interface Auto - Template Auto - Template interface BVI Bridge - Group Virtual Interface

518. 517 CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEt hernet IEEE 802.3 Filter Filter interface Filtergroup Filter Group interface GigabitEthernet GigabitEthernet IEEE 802.3z GroupVI Group Virtual interface Lex Lex interface Loopback Loopback interface Null Null interface Port - channel Ethernet Channel of interfaces Portgroup Portgroup interface Pos - channel POS Channel of interfaces TenGigabitEthernet Ten Gigabit Ethernet Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual - Template Virtual Template interface Virtual - TokenRing Virtual TokenRing Vlan Catalyst Vlans fcpa Fiber Channel Cisco(config)#ip pim bsr - candidate vlan ? <1 - 4094> Vlan interface number Cisco(config)#ip pim bsr - candidate vlan 220 ? <0 - 32> Hash Mask length for RP selection <cr> Cisco(config)#ip pim bsr - candidate vlan 220 Cisco#show ip pim ? autorp Global AutoRP info rmation boundary debug boundary comand bsr - router Bootstrap router (v2) interface PIM interface information mdt Multicast tunnel information neighbor PIM neighbor information rp PIM Rendezvous Point (RP) information rp - hash RP to be chosen based on group selected vrf Select VPN Routing/Forwarding instance Cisco#show ip mroute ? Hostname or A.B.C.D Source or group IP name or address active Active multicast sources bidirectional Show bidirectional multicast routes count Route and packet count data dense Show dense multicast routes interface Interface information proxy List proxies pruned Pruned rout es sparse Show sparse multicast routes ssm show SSM multicast routes static Static multicast routes summary Provide abbreviated display verbose Verbose vrf Select VPN Routing/Forwarding instance | Output modifiers <cr>

547. 546 GigabitEthernet GigabitEthernet IEEE 802.3z Port - channel Ethernet Channel of interfaces TenGigabitEthernet Ten Gigabit Ethernet | Output modifiers <cr> Cisco#show ip arp inspection interfaces Interface Trust State Rate (pps) Burst Interval --------- ------ ----------- ---------- -------------- Gi1/0/1 Untrusted 15 1 Gi1/0/2 Untrusted 15 1 Gi1/0/3 Untrusted 15 1 Gi1/0/4 Untrusted 15 1 Gi1/0/5 Untrusted 15 1 Gi1/0/6 Trusted None N/A Gi1/0/7 Untrusted 15 1 Gi1/0/8 Untrusted 15 1 Gi1/0/9 Untrusted 15 1 Gi1/0/10 Untrusted 15 1 Gi1/0/11 Untrusted 15 1 Gi1/0/12 Untr usted 15 1 Gi1/0/13 Untrusted 15 1 Gi1/0/14 Untrusted 15 1 Gi1/0/15 Untrusted 15 1 Gi1/0/16 Untruste d 15 1 Gi1/0/17 Untrusted 15 1 Gi1/0/18 Untrusted 15 1 Gi1/0/19 Untrusted 15 1 Gi1/0/20 Untrusted 15 1 Gi1/0/21 Untrusted 15 1 Gi1/0/22 Untrusted 15 1 Gi1/0/23 Untrusted 15 1 Gi1/0/24 Untrusted 15 1 Gi1/0/25 Untrusted 15 1 Gi1/0/26 Untrusted 15 1 Gi1/0/27 Untrusted 15 1 Gi1/0/28 Untrusted 15 1 Te1/0/1 Untrusted 15 1 Te1/0/2 Untrusted 15 1 Po1 Untrusted 15 1

551. 550 [ Comware7 ]arp ? active - ack Specify ARP active acknowledgement function check Specify ARP item check status detection Specify ARP detection function fixup Specify ARP fixed function ip - conflict Specify ARP IP address conflict information printing prompt function max - learning - number Set the maximum number of dynamic ARP entries that can be learned multiport Configure a multiport ARP entry rate - limit Specify ARP packet rate limit resolving - route Specify ARP resolving - route function source - mac Specify ARP fixed source MAC address anti - attack funct ion source - suppression Specify ARP source suppression function static Static ARP entry timer Specify ARP timer valid - check Specify ARP valid check function [ Comware7 ]arp source - suppression ? enable Enable ARP source suppression function limit Specify ARP source suppression limit information [ Comware7 ]arp source - suppression enable ? <cr> [ Comware7 ]arp source - suppression enable [ Comware7 ]arp source - suppression limit ? INTEGER<2 - 1024> Value of lim it [ Comware7 ]arp source - suppression limit 15 ? <cr> [ Comware7 ]arp source - suppression limit 15 [Comware7]interface g1/0/20 [ Comware7 - GigabitEthernet1/0/20]arp ? detection Specify ARP detection function filter Filter ARP packet s max - learning - num Set the maximum number of dynamic ARP entries learned on the interface rate - limit Specify ARP packet rate limit [ Comware7 - GigabitEthernet1/0/20]arp rate - limit ? disable Disable ARP packet rate limit rate Specify ARP packet rate [ Comware7 - GigabitEthernet1/0/20]arp rate - limit rate ? INTEGER<5 - 200> Rate value (packet per second) <cr> [ Comware7 - GigabitEthern et1/0/20]arp rate - limit rate 75 ? <cr> [ Comware7 - GigabitEthern et1/0/20]arp rate - limi t rate 75 [ Comware7 ]display arp source - suppression ARP source suppression is enable Current suppression limit: 15

561. 560 [Comware5 - GigabitEthernet1/0/14 ]dot1x 802.1x is enabl ed on port GigabitEthernet1/0/14 . [Comware5 - GigabitEthernet 1/0/14 ]undo dot1x handshake [Comware5 - GigabitEthernet1/0/14 ]dot1x auth - fail vlan 99 [Comware5 - GigabitEthernet1/0/14]dot1x max - user 1 [Comware5 - GigabitEthernet1/0/14 ] stp edged - port enable [ Comware5 ]disp lay dot1x ? interface Show information of interfaces sessions Sessions information statistics Statistics information | Matching output <cr> [Comware5] display dot1x sessions Equipment 802.1X protocol is enabled EAP authenticatio n is enabled The maximum 802.1X user resource number is 1024 per slot Total current used 802.1X resource number is 1 GigabitEthernet1/0/1 is link - down 802.1X protocol is disabled Handshake is enabled Handshake secure is disabled 802.1X un icast - trigger is disabled 802.1X user - ip freeze is disabled Controlled User(s) amount to 0 ... GigabitEthernet1/0/14 is link - up 802.1X protocol is enabled Handshake is disabled Handshake secure is disabled 802.1X unicast - trigger is disa bled 802.1X user - ip freeze is disabled 1. Authenticated user : MAC address: 0023 - 7de7 - 3adb Controlled User(s) amount to 1 ... [Comware5]display dot1x interface g1/0/14 Equipment 802.1X protocol is enabled EAP authentication is enabled EAD qui ck deploy is disabled Configuration: Transmit Period 30 s, Handshake Period 15 s Quiet Period 60 s, Quiet Period Timer is disabled Supp Timeout 30 s, Server Timeout 100 s Reauth Period 3600 s The maximal retransmitting times 2 EAD quick deploy configuration: EAD timeout: 30 m The maximum 802.1X user resource number is 1024 per slot Total current used 802.1X resource number is 1 GigabitE thernet1/0/14 is link - up 802.1X protocol is enabled

568. 567 GE1/0/15 DOWN auto A A 1 GE1/0/16 DOWN auto A A 1 GE1/0/17 DOWN auto A A 1 GE1/0/18 DOWN auto A A 1 GE1/0/19 DOWN auto A A 1 GE1/0/20 DOWN auto A A 1 GE1/0/21 DOWN auto A A 1 GE1/0/22 DOWN auto A A 1 GE1/0/23 DOWN auto A T 1 LACP - link - to - ProVision GE1/0/24 DOW N auto A T 1 LACP - link - to - ProVision GE1/0/25 DOWN auto A A 1 GE1/0/26 DOWN auto A A 1 GE1/0/27 DOWN auto A A 1 GE1/0/28 DOWN auto A A 1 GE1/0/29 DOWN auto A A 1 GE1/0/30 DOWN auto A A 1 GE1/0/31 DOWN auto A A 1 GE1/0/32 DOWN auto A A 1 GE1/0/33 DOWN auto A A 1 GE1/0/34 DOWN auto A A 1 GE1/0/35 DOWN auto A A 1 GE1/0/36 DOWN auto A A 1 GE1/0/37 DOWN auto A A 1 GE1/0/38 DOWN auto A A 1 GE1/0/39 DOWN auto A A 1 GE1/0/40 DOWN auto A A 1 GE1/0/41 DOWN auto A A 1 GE1/0/42 DOWN auto A A 1 GE1/0/43 DOWN auto A A 1 GE1/0/44 DOWN auto A A 1 GE1/0/45 DOWN auto A A 1 GE1/0/46 DOWN auto A A 1 GE1/0/47 DOWN auto A A 1 GE1/0/48 DOWN auto A A 1 XGE1/0/49 ADM auto A A 1 XGE1/0/50 ADM auto A A 1 XGE1/0/51 DOWN auto A A 1 XGE1/0/52 DOWN auto A A 1 [Comware7] display vlan 220 VLAN ID: 220 VLAN type: Static Route interface: Configured IPv4 address: 10.1.220.5 IPv4 subnet mask: 255.25 5.255.0 Description: VLAN 0220 Name: test Tagged ports: Bridge - Aggregation1 GigabitEthernet1/0/6 GigabitEthernet1/0/23 GigabitEthernet1/0/24 Untagged ports: GigabitEthernet1/0/4 GigabitEthernet1/0/5 GigabitEthernet 1/0/14 Cisco Cisco(config)#radius - server host 10.0.100.111 auth - port 1812 acct - port 1813 key password Cisco(config)#aaa new - model Cisco(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maxi mum number of authentication attempts banner Message to use when starting login/authentication.

579. 578 Current online users : 1 MAC address Auth stat e e069 - 9578 - 4883 Authenticated [Comware7] display mac - authentication MAC address authentication is enabled. User name format is MAC address in lowercase,like xxxxxxxxxxxx Fixed username:mac Fixed password:not configured Offline de tect period is 300s Quiet period is 60s Server response timeout value is 100s Guest vlan reauthentication timeout value is 30s The max allowed user number is 1024 per slot Current user number amounts to 1 Current domain is 8021x ... GigabitEthernet1/0/16 is link - up MAC address authentication is enabled Authenticate success: 1, failed: 0 Max number of on - line users is 256 Current online user number is 1 MAC Addr Authenticate State Auth Index e069 - 9578 - 4883 MAC_AUTHENTICATOR_SUCCESS 2 ... Cisco Cisco(config)#radius - server host 10.0.100.111 auth - port 1812 acct - port 1813 key password Cisco(config)#interface g1/0/16 Cisco(config - if)#switchport mode access Cisco(config - if)#dot1x ? authenticator Configure authenticator parameters credentials Credentials profile configuration default Configure Dot1x with default values for this port max - reauth - req Max No. of Reauthentication Attempts max - req Max No. of Retries max - start Max No. of EAPOL - Start requests pae Set 802.1x interface pae type supplicant Configure supplicant parameters timeout Various Timeouts Cisco(config - if)#dot1x pae ? authen ticator Set pae type as Authenticator both Set pae type as both Supplicant and Authenticator supplicant Set pae type as Supplicant Cisco(config - if)#dot1x pae authenticator ? <cr> Cisco(config - if)#dot1x pae authenticator Cisco(confi g - if)#mab ? eap Use EAP authentication for MAC Auth Bypass <cr> Cisco(config - if)#mab eap ? <cr> Cisco(config - if)#mab

96. 95 Cisco#copy flash: ? flash1: Copy to flash1: file system flash: Copy to flash: file system ftp: Copy to ftp: file system http: Copy to http: file system https: Copy to https: file system null: Copy to null : file system nvram: Copy to nvram: file system rcp: Copy to rcp: file system running - config Update (merge with) current system configuration scp: Copy to scp: file system startup - config Copy to startup configurat ion syslog: Copy to syslog: file system system: Copy to system: file system tftp: Copy to tftp: file system tmpsys: Copy to tmpsys: file system Cisco#copy flash: tftp: ? <cr> Cisco#copy flash: tftp: Source file name []? c3750e - universalk9 - mz.150 - 1.SE.bin Address or name of remote host []? 10.0.100.111 Destination filename [c3750e - universalk9 - mz.150 - 1.SE.bin]? Cisco#copy flash: scp: ? <cr> Cisco#copy flash: scp: Source filename [c3750e - universalk9 - mz.150 - 1.SE .bin]? Address or name of remote host []? 10.0.100.111 Destination username [manager]? test Destination filename [c3750e - universalk9 - mz.150 - 1.SE.bin]? Cisco(config)#boot system ? WORD pathlist of boot file(s) ... file1;file2;... switch Set system image for switches in the stack Cisco(config)# boot system flash: c3750 - advipservicesk9 - mz.122 - 46.SE.bin ? <cr> Cisco(config)# boot system flash: c3750 - advipservicesk9 - mz.122 - 46.SE.bin

154. 153 [Comware7]snmp - agent usm - user v3 test managerpriv simple authentication - mode md5 ? STRING<1 - 64> Plaintext key string [Comware7]snmp - agent usm - user v3 test managerpriv simple authentication - mode md5 password ? acl Set access control list for this user privacy - mode Specify an encryption algorithm for privacy <cr> [Comware7]snmp - agent usm - user v3 test managerpriv simple authentication - mode md5 password privacy - mode ? 3des Use the 3DES encryp tion algorithm aes128 Use the 128 - bit AES encryption algorithm des56 Use the 56 - bit DES encryption algorithm [Comware7]snmp - agent usm - user v3 test managerpriv simple authentication - mode md5 password privacy - mode des ? STRING<1 - 64> Plaintext key string [Comware7]snmp - agent usm - user v3 test managerpriv simple authentication - mode md5 password privacy - mode des password ? acl Set access control list for this user <cr> [Comware7]snmp - agent usm - user v3 test managerpriv simple authentication - mode md5 password privacy - mode des password [Comware7]snmp - agent target - host ? inform Set a target host to receive SNMP informs trap Set a target host to receive SNMP traps [Comware7]snmp - agent target - host trap ? address Specify the transport ad dress of the target host [Comware7]snmp - agent target - host trap address ? udp - domain Use UDP to transport SNMP information [Comware7]snmp - agent target - host trap address udp - domain ? STRING<1 - 253> IP address or hostname of the target host ipv6 IPv6 address of the target host [Comware7]snmp - agent target - host trap address udp - domain 10.0.111.210 ? params Specify SNMP information to be used in the generation of SNMP notifications udp - port Set port to receive n otifications for the target host vpn - instance Specify VPN instance [Comware7]snmp - agent target - host trap address udp - domain 10.0.111.210 params ? securityname Specify the security name for the principal on whose behalf SNMP notifica tions will be generated [Comware7]snmp - agent target - host trap address udp - domain 10.0.111.210 params securityname ? STRING<1 - 32> Security name [Comware7]snmp - agent target - host trap address udp - domain 10.0.111.210 params securityname test ? v1 Se t the security model to SNMPv1 for generating SNMP notifications v2c Set the security model to SNMPv2 for generating SNMP notifications v3 Set the security model to SNMPv3 for generating SNMP notifications <cr> [Comware7]snmp - agent target - host trap address udp - domain 10.0.111.210 params securityname test v3 ? authentication Set the security level to AuthNoPriv privacy Set the security level to AuthPriv

216. 215 Status and Counters - RADIUS Accounting Information NAS Identifier : ProVision Invalid Server Addresses : 0 UDP Server IP Addr Port Timeouts Requests Responses --------------- ---- ---------- ---------- ---------- 10.0. 100.111 1813 5 6 5 ProVision# show accounting ? sessions Show accounting data for all active sessions. <cr> ProVision# show accounting Status and Counters - Accounting Information Interval(min) : 0 Suppress Emp ty User : No Sessions Identification : Unique Type | Method Mode Server Group -------- + ------ ---------- ------------ Network | Radius Start - Stop radius Exec | Radius Start - Stop radius System | Radius Start - Stop radius Com mands | Radius Stop - Only radius ProVision# show accounting sessions ? <cr> ProVision# show accounting sessions Active Accounted actions on SWITCH, User (n/a) Priv (n/a), Acct - Session - Id 0x002700000001, System Accounting record, 00:01:14 Elapsed sys tem event 'Accounting On' Comware (B asic support only, no other specific feature support) Cisco Cisco(config)#aaa accounting ? auth - proxy For authentication proxy events. commands For exec (shell) commands. connection For outbound connections. (telnet, rlogin) delay - start Delay PPP Network start record until peer IP address is known. dot1x For dot1x sessions. exec For starting an exec (shell). gigawords 64 b it interface counters to support Radius attributes 52 & 53. include Include attributes in accounting records unconditionally jitter Set jitter parameters for periodic interval multicast For multicast a ccounting. nested When starting PPP from EXEC, generate NETWORK records before EXEC - STOP record. network For network services. (PPP, SLIP, ARAP) redundancy AAA platform redundancy accounting behavior send Send records to accounting server. session - duration Set the preference for calculating session durations suppress Do not generate accounting records for a specific type of user.

222. 221 web - based Configure authentication mechanism used to control web - based port access to the switch. ProVision(config)# aaa authentication console ? enable Configure access to the privileged mode commands. login Configure login access to the switch. ProVision(config)# aaa authentication console login ? local Use local switch user/password database. tacacs Use TACACS+ server. radius Use RADIUS server. peap - mschapv2 Use RADIUS server with PEAP - MSChapv2. ProVision(config)# aaa authen tication console login tacacs ? local Use local switch user/password database. none Do not use backup authentication methods. authorized Allow access without authentication. server - group Specify the server group to use. <cr> ProVision(config)# aaa authentication console login tacacs local ? <cr> ProVision(config)# aaa authentication console login tacacs local ProVision(config)# aaa authentication console enable tacacs local ProVision(config)# aa a authentication telnet login tacacs none ProVision(config)# aaa authentication telnet enable tacacs none ProVision(config)# aaa authentication ssh login tacacs none ProVision(config)# aaa authentication ssh enable tacacs none ProVision# show tacacs Status and Counters - TACACS Information Timeout : 5 Source IP Selection : 10.0.111.21 Encryption Key : Server IP Addr Opens Closes Aborts Errors Pkts Rx Pkts Tx OOBM --------------- ------ ------ ------ ------ ------- ------- ---- 10.0. 100.111 6 4 2 0 12 14 0 ProVision# show authentication Status and Counters - Authentication Information Login Attempts : 3 Lockout Delay : 0 Respect Privilege : Disabled Bypass Username For Operator and Manage r Access : Disabled | Login Login Login Access Task | Primary Server Group Secondary -------------- + ---------- ------------ ---------- Console | Tacacs Local Telnet | Tacacs None

244. 243 Management address : 10.0.111.2 Ma nagement address interface type : IfIndex Management address interface ID : Unknown Management address OID : 0 Auto - negotiation supported : Yes Auto - negotiation enabled : Yes OperMau : Speed(1000)/Duplex(Full) Cisco (N ot enabled by default) Cisco(config)#lldp run Cisco#show lldp ? entry Information for specific neighbor entry errors LLDP computational errors and overflows interface LLDP interface status and configuration neighbors LLDP neighbor entries traffic LLDP statistics | Output modifiers <cr> Cisco#show lldp neighbors ? FastEthernet FastEthernet IEEE 802.3 GigabitEthernet GigabitEthernet IEEE 802.3z TenGigabitEthernet Ten Gigabit Ethernet detail Show detailed information | Output modifiers <cr> Cisco#show lldp neighbors Capability codes: (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Othe r Device ID Local Intf Hold - time Capability Port ID 2520G - 1 Gi 1/0/1 120 B 15 Total entries displayed: 1 Cisco#show lldp neighbors g1/0/1 ? detail Show detailed information | Output modifiers <cr> Cisco#show lldp neighbors g1/0/1 Capability codes: (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other Device ID Local Intf Hold - time Capabilit y Port ID 2520G - 1 Gi1/0/1 120 B 15 Total entries displayed: 1 Cisco#show lldp neighbors g1/0/1 detail ------------------------------------------------ Chassis id: c091.3483.8d80 Port id: 15 Port Description: 1 5 System Name: 2520G - 1

274. 273 [Comware7]dis play schedule r schedule Schedule name : saveconfig Schedule type : Run on Sun Jun 26 01:45:00 2016 Start time : Sun Jun 26 01:45:00 2016 Last execution time : Sun Jun 26 01:45:00 2016 Last completion time : Sun Jun 26 01:45:06 2016 Execution co unts : 1 ----------------------------------------------------------------------- Job name Last execution status save - config Successful Cisco Cisco(config)#file ? pro mpt Prompt level for file operations scripts - url URL to store scripts. verify Verify compressed IOS image checksum Cisco(config)#file prompt ? alert Prompt only for destructive file operations noisy Confirm all file operation parame ters quiet Seldom prompt for file operations <cr> Cisco(config)#file prompt quiet ? <cr> Cisco(config)#file prompt quiet Cisco(config)#kron ? occurrence Define the name, time, interval of kron occurrence policy - list Define the name and ty pe of policy - list Cisco(config)#kron policy - list ? WORD Name of the policy - list being defined Cisco(config)#kron policy - list save - config ? conditional Execution of the list of cli will stop on failure return values <cr> Cisco(config)#kron policy - list save - config Cisco(config - kron - policy)#? KRON Specific commands for this Policy: cli Specify the exec level cli to be executed exit Exit from kron submode no Remove a CLI from the list Cisco(config - kron - policy)#cli ? LINE Exec level c li to be executed Cisco(config - kron - policy)#cli copy run tftp://10.0.100.111/cisco - startup.cfg ? LINE <cr> Cisco(config - kron - policy)#cli copy run tftp://10.0.100.111/cisco - startup.cfg Cisco(config - kron - policy)#exit Cisco(config)#kron occurrence ? WORD The name of this occurrence Cisco(config)#kron occurrence saveconfig ?

293. 292 untagged Assign ports to current VLAN as untagged. voice Usage: [no] voiceDescription: Labels this VLAN as a Voice VLAN, allowing you to separate, prioritize, and authenticate voice traffic moving through your network. vrrp Enable/confi gure VRRP operation on the VLAN. ProVision(vlan - 220)# name ? ASCII - STR Enter an ASCII string. ProVision (vlan - 220)# name test (also as compound statement) ProVision(config)# vlan 230 name test2 ProVision(config)# show vlans ? custom Show vlan parameters in customized order. ports Show VLANs that have at least one port from the 'PORT - LIST' as a member. VLAN - ID Show detailed VLAN information for the VLAN with the ID supp lied. <cr> ProVision(config)# show vlans Status and Counters - VLAN Information Maximum VLANs to support : 256 Primary VLAN : DEFAULT_VLAN Management VLAN : VLAN ID Name | Status Voice Jumbo ------- --------- ----------------------- + ---------- ----- ----- 1 DEFAULT_VLAN | Port - based No No 100 VLAN100 | Port - based No No 220 test | Port - based No No 230 te st2 | Port - based No No Comware 5 [Comware 5 ] vlan 220 [Comware5 - vlan220]? Vlan view commands: arp Specify ARP configuration information arp - snooping ARP snooping cfd Connec tivity fault detection (IEEE 802.1ag) description Description of VLAN display Display current system information igmp - snooping IGMP snooping ip - subnet - vlan IP subnet - based VLAN ipv6 IPv 6 status and configuration information isolate - user - vlan Specify isolate - user - VLAN characteristic isolated - vlan Specify isolated VLAN characteristic mac - address Configure MAC address mac - forced - forwarding Specify MAC - force d forwarding configuration information mld - snooping Configure MLD snooping characteristic mtracert Trace route to multicast source name Name of VLAN pim - snooping Configure PIM snooping characteristic ping Ping function port Add ports to or delete ports from VLAN protocol - vlan Protocol - based VLAN quit Exit from current command view return Exit to User View

323. 322 secondary 151 to 152 [Comware7 - vlan150]quit vlan association add 151 - 152 Cisco(config - vlan)#exit ProVision(config)# interface 10 private - vlan promiscuous ProVision(c onfig)# vlan 150 untag 10 [Comware7]interface g1/0/10 Cisco(config)#interface g1/0/10 [Comware7 - GigabitEthernet1/0/10]port private - vlan 150 promiscuous Cisco(config - if)#switchport mode private - vlan promiscuous Cisco(config - if)#switchport private - vlan mapping 150 add 151 - 152 ProVision(config)# vlan 151 untag 12,13 [Comware7 - GigabitEthernet1/0/10]interface g1/0/12 Cisco(config)#interface g1/0/12 [Comware7 - GigabitEthernet1/0/12] port private - vlan host Cisco(config - if)#switchport mode private - vlan host [Comware7 - GigabitEthernet1/0/12]port access vlan 151 Cisco(config - if)#switchport private - vlan host - association 150 151 ProVision(config)# vlan 152 untag 14,15 [Comware7 - GigabitEthernet1/0/12]interface g1/0/14 Cisco(config)#int g1/0/14 [Comware7 - GigabitEthernet1/0/14]port private - vlan host Cisco(config - if)#switchport mode private - vlan host [Comware7 - Gigabit Ethernet1/0/14]port access vlan 152 [Comware7 - GigabitEthernet1/0/14]quit Cisco(config - if)#switchport private - vlan host - association 150 152 ProVision(config)# vlan 150 ip address 10.150.1.1/24 [Comware7]interface vlan 150 Cisco(config)#interface vlan 150 [Comware7 - Vlan - interface150]ip address 10.150.2.1 24 Cisco(config - if)#ip addr 10.150.3.1 255.255.255.0 [Comware7 - Vlan - interface150]pr ivate - vlan secondary 151 to 152 Cisco(config - if)#private - vlan mapping add 151 - 152 ProVision# show vlans private - vl an [Comware7]display private - vlan Cisco#show vlan private - vlan ProVision# show vlans 150 private - vlan Cisco#show vlan private - vlan type Cisco#show interface private - vlan mapping ProVision# show vlans 150 ProVision# show vlans 151 ProVision# show vlans 152 ProVision ProVision(config)# vlan 150 ? connection - rate - fi... Reenable access to a host or set of hosts previously blocked by the connection rate filter. dhcp - server Enable the DHCP service on the VLAN. dhcp - snooping Enable DHCP snooping on the VLAN. dhcpv6 - snooping Enable DHC Pv6 snooping on the VLAN. disable Disable various features on the device.

326. 325 ------- --------- --------- 150 151 isolated 152 community ProVision # show vlans 150 ? private - vlan Show VLAN parameters in a customized order. <cr> ProVision # show vlans 150 private - vlan ? <cr> ProVision # show vlans 150 private - vlan Private VLAN Configuration Information : VLAN 150 VLAN Type : primary Port Type Ports ------------------ -------------- ------------------------------------ Promiscuous 10 Member Associated Secondary VLANs: VLAN ID VLAN Type Access Ports ---------- ------------- -------------------------------------------------- 151 isolated 12 - 13 152 community 14 - 15 ProVision # show private - vlan promiscuous - ports ? <cr> ProVision # show private - vlan promiscuous - ports primary VLAN Port --------------- -------------------------------------------------- 150 10 ProVisio n # show vlans 150 Status and Counters - VLAN Information - VLAN 150 VLAN ID : 150 Name : VLAN150 Status : Port - based Voice : No Jumbo : No Private VLAN : primary Associated Primary VID : none Associated Secondary VIDs : 151 - 152 Port I nformation Mode Unknown VLAN Status ---------------- -------- ------------ ---------- 10 Untagged Learn Up ProVision # show vlans 151 Status and Counters - VLAN Information - VLAN 151 VLAN ID : 151 Name : VLAN151 Statu s : Port - based Voice : No Jumbo : No

342. 341 Compliance - GVRP : False [Comware5]display mvrp state ? interface Specify the interface [Comware5]display mvrp state interface g1/0/1 ? vlan Specify the VLAN ID [Comware5]display mvrp state interface g1/0/1 vlan ? INTEGER<1 - 4094> VLAN ID [Comware5]display mvrp state interface g1/0/1 vlan 1 ? | Matching output <cr> [Comware5]display mvrp state interface g1/0/1 vlan 1 Comware7 [Comware7]mvrp ? global Specify global configuration gvrp - compliance Specify GVRP - compliance configuration [Comware7]mvrp global ? enable Enable multiple VLAN registration protocol [Comware7]mvrp global enable ? <cr> [Comware7]mvrp global enable [Comware7]interface g1/0/1 [Comware7 - GigabitEthernet1/0/ 1]? Gigabitethernet_l2 interface view commands: apply Apply a PoE profile arp ARP module bandwidth Specify the expected bandwidth bpdu - drop Specify BPDU drop function broadcast - suppres sion Broadcast storm suppression function cdp Non standard IEEE discovery protocol cfd Connectivity Fault Detection (CFD) module dcbx Data Center Bridge Capability Exchange Protocol default Restore the default settings description Describe the interface dhcp DHCP module diagnostic - logfile Diagnostic log file configuration display Display current system information dldp DLDP module dot1x 802.1X module duplex Status of duplex eee Energy efficient ethernet enable Enable functions evb Edge Virtual Bridging (EVB) m odule flex10 Configure Flex10 flow - control Enable flow control function flow - interval Set the interface statistics interval igmp - snooping IGMP snooping module ip Specify IP configura tion ipv6 Specify IPv6 configuration jumboframe Specify jumbo frame forwarding l2vpn Layer 2 Virtual Private Network (L2VPN) module lacp Configure LACP protocol link - aggregation Specify link aggregation group configuration

396. 395 (note – in steps of 4096 , default setting is 32768 ) [Comware 7 ] stp instance 3 priority 1 228 8 (note – in steps of 4096 , default setting is 32768 ) [Comware 7 ]interface g1/0/9 [Comware7 - GigabitEthernet1/0/9]stp ? compliance Specify MST BPDU Format config - digest - snooping Specify configuration digest snooping cost Specify port path cost edged - port Specify edge port enable Enable STP instance Specify the spanning tree instance list loop - protection Specify loop protection mcheck Spe cify mcheck no - agreement - check Specify port ignore agreement information point - to - point Specify point to point link port Specify port parameter role - restriction Forbid the port to be a root port root - protec tion Specify root protection tc - restriction Restrict propagation of TC message transmit - limit Specify transmission limit count vlan Specify the VLAN list [ Comware 7 - GigabitEthernet1/0/9 ]stp edged - port [C omware 7 - GigabitEthernet1/0/9 ]stp cost 10000 [Comware 7 - GigabitEthernet1/0/9]stp port priority 160 (note – in steps of 16 , default setting is 128 ) [Comware 7 - Gigab itEthernet1/0/9 ]stp instance 1 cost 10000 [Comware 7 - GigabitEthernet1/0/9]stp instance 1 po rt priority 160 (note – in steps of 16 , default setting is 128 ) [Comware7]display stp ? > Redirect it to a file >> Redirect it to a file in append mode abnormal - port Display abnormal ports bpdu - st atistics BPDU statistics brief Brief information down - port Port information of protocol down history History of port roles instance Specify the spanning tree instance list interface Specify interface region - configuration Region configuration root Display status and configuration of the root bridge slot Specify the slot number tc Port TC count vlan Specify the VLAN list | Matching output <cr> [Comware7 ] display stp ------- [CIST Global Info][Mode MSTP] ------- Bridge ID : 16384.cc3e - 5f73 - bacb Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20 Root ID/ERPC : 8192.009c - 02d5 - 3980, 0 RegRoot ID/IRPC : 8192.009c - 02d5 - 3980, 20 RootPort ID : 128.6 BPDU - Protection : Disabled Bridge Config -

464. 463 ip Match all IP packets. sctp Match SCTP packets, as further specified. tcp Match TCP packets, as further specified. udp Match UDP packets, as further specified. ProVision(config - ext - nacl)# deny ip ? any Match packets from any IP address. host Match packets from the specified IP address. IP - ADDR/MASK - LENGTH Match packets fr om the specified subnet. ProVision(c onfig - ext - nacl)# deny ip 10.0.2 2 0 .0 0.0.0.255 ? any Match packets to any IP address. IP - ADDR/MASK - LENGTH Match packets to the specified subnet. host Match packets to the specified IP address. ProVision(config - ext - nacl)# deny ip 10.1.2 2 0 .0 0.0.0.255 10.0.100.111 0.0.0.0 ProVision(config - ext - nacl)# permit ip any any ProVision(config)# ip access - list extended ext_acl ProVision(config - ext - nacl)# deny ip 10.1. 10 0 .0/24 10.0.100.111/ 32 ProVision(config - ext - nacl)# permit ip any any Comware5 Basic ACL [Comware5] acl ? copy Specify a source acl ipv6 IPv6 acl logging Log matched packet name Specify a named acl number Specify a numbered acl [Comware5] acl nu mber ? INTEGER<2000 - 2999> Specify a basic acl INTEGER<3000 - 3999> Specify an advanced acl INTEGER<4000 - 4999> Specify an ethernet frame header acl [Comware5] acl number 2000 ? match - order Set an acl's match order name Specify a named ac l <cr> [Comware5] acl number 2000 [Comware5 - acl - basic - 2000]? Acl - basic view commands: cfd Connectivity fault detection (IEEE 802.1ag) description Specify ACL description display Display current system information hardware - count Enable hardware ACL statistics mtracert Trace route to multicast source ping Ping function quit Exit from current command view return Exit to User View rule Specify an acl rule save Save current configuration step Specify step of acl sub rule ID tracert Trace route function undo Cancel current setting

482. 481 Cisco(config - access - map)#match ? ip IP based match mac MAC based match Cisco(config - access - map)#match ip ? address Match IP address to access c ontrol. Cisco(config - access - map)#match ip address ? <1 - 199> IP access list (standard or extended) <1300 - 2699> IP expanded access list (standard or extended) WORD Access - list name Cisco(config - access - map)#match ip address 10 ? <1 - 199 > IP access list (standard or extended) <1300 - 2699> IP expanded access list (standard or extended) WORD Access - list name <cr> Cisco(config - access - map)#match ip address 10 Cisco(config - access - map)#action ? drop Drop packets for ward Forward packets Cisco(config - access - map)#action drop ? log Log dropped packets <cr> Cisco(config - access - map)#action drop step - 3 Cisco(config)#vlan filter ? WORD VLAN map name Cisco(config)#vlan filter vacl_1 ? vlan - list VLANs to appl y filter to Cisco(config)#vlan filter vacl_1 vlan - list ? <1 - 4094> VLAN id all Add this filter to all VLANs Cisco(config)#vlan filter vacl_1 vlan - list 220 ? , comma - hyphen <cr> Cisco(config)#vlan filter vacl_1 vlan - list 220 Exten ded ACL step - 1 Cisco(config)#access - list 110 permit icmp any host 10.1.220. 10 2 Cisco(config)#access - list 111 permit icmp any any step - 2 Cisco(config)#vlan access - map ? WORD Vlan access map tag

483. 482 Cisco(config)#vlan access - map vacl_2 ? <0 - 65535> Se quence to insert to/delete from existing vlan access - map entry <cr> Cisco(config)#vlan access - map vacl_2 10 ? <cr> Cisco(config)#vlan access - map vacl_2 10 Cisco(config - access - map)#? Vlan access - map configuration commands: action Take the action default Set a command to its defaults exit Exit from vlan access - map configuration mode match Match values. no Negate a command or set its defaults Cisco(config - access - map)#match ip address ? <1 - 199> IP access list (standard or extended) <1300 - 2699> IP expanded access list (standard or extended) WORD Access - list name Cisco(config - access - map)#match ip address 110 Cisco(config - access - map)#action ? drop Drop packets forward Forward packets Cisco(config - a ccess - map)#action drop ? <cr> Cisco(config - access - map)#action drop Cisco(config - access - map)#exit Cisco(config)#vlan access - map vacl_2 20 Cisco(config - access - map)#match ip address 111 Cisco(config - access - map)#action forward step - 3 Cisco(config)#vl an filter vacl_2 vlan - list 220

526. 525 GigabitEthernet GigabitEthernet IEEE 802.3z Group - Async Async Group interface GroupVI Group Virtual interface Lex Lex interface Loopback Loopback interface Null Null interface Port - channel Ethernet Channel of interfaces Portgroup Portgroup interface Pos - channel POS Channel of interfaces TenGigabitEthernet Ten Gigabit Ethernet Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual - Template Virtual Template interface Virtual - TokenRing Virtual TokenRing Vlan Catalyst Vlan s fcpa Fiber Channel neighbors UDLD Neighbors Summary | Output modifiers <cr> Cisco#show udld g1/0/17 Interface Gi1/0/17 --- Port enable administrative configuration setting: Enabled Port enable operati onal state: Enabled Current bidirectional state: Unknown Current operational state: Advertisement Message interval: 7 Time out interval: 5 No neighbor cache information stored

535. 534 trust Trusted port | Matching output <cr> [Comware5] dis play dhcp - snooping DHCP Snooping is enable d. The client binding table for all ports. Type : D -- Dynamic , S -- Static , R -- Recovering Type IP Address MAC Address Lease VLAN SVLAN Interface ==== =============== ============== ============ ==== ===== ================= D 10.1.220. 105 68b5 - 99d8 - f726 86319 220 N/A GE1/0/4 --- 1 dhcp - snooping item(s) found --- [Comware5] display dhcp - snooping trust DHCP Snooping is enabled. DHCP Snooping trust becomes active. Interface Trusted ========================= ============ GigabitEthernet1/0/6 Trusted [ Comware5 ]display dhcp - snooping binding database File name : flash:/Comware5_dhcp.txt Update interval : Not configured Latest read time : - Latest write time : May 17 2015 16:45:03 Status : Last write succeeded. [ Comware5 ]display dhcp - snooping packet statistics DHCP packets received : 66 DHCP packets s ent : 4 Packets dropped due to rate limitation : 0 Dropped invalid packets : 0 Comware 7 [Comware7]dhcp ? class Create a DHCP class client Configure a DHCP client dscp Set the Differentiated Services Codepoint (DSCP) value enable Enable DHCP relay Configure a DHCP relay agent server Configure a DHCP server snooping Configure DHCP snooping [Comware7]dhcp snooping ? binding DHCP snooping entries enable Enable DHCP snooping [C omware7]dhcp snooping enable ? <cr> [Comware7]dhcp snooping enable [ Comware 7 ] dhcp snooping binding database filename url tftp://10.0.100.111/Comware7_dhcp.txt [ Comware 7 ] interface g1/0/6 [Comware7 - GigabitEthernet1/0/6]dhcp snooping ? binding DHCP snooping entries check Check DHCP packets deny Specify this port as a DHCP packet blocking port information DHCP snooping information

574. 573 ProVision(config)# radius - server host 10.0.100.111 key password ProVision(config)# aaa port - access ? authenticator Configure 802.1X (Port Based Network Access) authentication on the device or the device's port(s). gvrp - vlans Enable/disable the use of RADIUS - assigned dynamic (GVRP) VLANs. local - mac Configure Local M AC address based network authentication on the device or the device's port(s). mac - based Configure MAC address based network authentication on the device or the device's port(s). [ethernet] PORT - L IST Manage general port security features on the device port(s). supplicant Manage 802.1X (Port Based Network Access) supplicant on the device ports. web - based Configure web authentication based network auth entication. ProVision(config)# aaa port - access mac - based ? addr - format Set the MAC address format to be used in the RADIUS request message (default no - delimiter). [ethernet] PORT - LIST Manage MAC address based network au thentication on the device port(s). password Specify the password for the MAC authentication. If in enhanced secure - mode, you will be prompted for the password. unauth - redirect Configure ma cAuth redirect registration server feature. ProVision(config)# aaa port - access mac - based 16 ? addr - limit Set the port's maximum number of authenticated MAC addresses (default 1). addr - moves Set whether the MA C can move between ports (default disabled - no moves). auth - vid Configures VLAN where to move port after successful authentication (not configured by default). cached - reauth - period Time in seco nds, during which cached reauthentication is allowed on the port.The minimum reauthentication period should be greater than 30 seconds. logoff - period Set the period of time of inactivity that the switc h considers an implicit logoff (default 300 seconds). max - requests Set maximum number of times the switch retransmits authentication requests (default 3). quiet - period Set the period of time the switch does not try to authenticate (default 60 seconds). reauth - period Set the re - authentication timeout in seconds; set to '0' to disable re - authentication (default 0). reauthenticate Fo rce re - authentication to happen. server - timeout Set the authentication server response timeout (default 300 seconds). unauth - period Set period of time the switch waits before moving the port to the VLAN for unauthenticated clients. unauth - vid Configures VLAN where to keep port while there is an unauthorized client connected (not configured by default). <cr> ProVision(config)# aaa port - access mac - based 16 Pro Vision(confi g)# aaa port - access mac - based 16 unauth - vid 99 ProVision # show port - access ? [ethernet] PORT - LIST Show Web/MAC Authentication statistics and configuration. authenticator Show 802.1X (Port Based Network Access) authenticator current status, configuration or last session counters. config Show status of 802.1X, Web Auth, and MAC Auth configurations. local - mac Show Local MAC Authentication statistics and configuration. mac - based Show MAC Authentication statistics and configuration. summary Show summary configuration information for all ports, including that overridden by RADIUS attributes.

585. 584 supplicant Show 802.1X (Port Based Network Access) supplicant current status and configuration. web - based Show Web Authentication statistics and configuration. ProVi sion # sho port - access web - based ? [ethernet] PORT - LIST Specify ports for which Web Authentication information will be shown. clients Show the current web client session statistics. config Show the cur rent configuration of Web Authentication. <cr> ProVision# show port - access web - based Port Access Web - Based Status Auths/ Unauth Untagged Tagged % In RADIUS Cntrl Port Guests Clients VLAN VLANs Port COS Limit ACL Dir Por t Mode ---- ------- ------- -------- ------ -------- ----- ------ ----- ---------- 18 1/0 0 220 No No No No both 1000FDx ProVision# show port - access web - based clients Port Access Web - Based Client Status Port Cl ient Name MAC Address IP Address Client Status ---- ------------------ ------------- --------------- -------------------- 18 user1 705ab6 - e86783 10.1.220.102 authenticated ProVision# show po rt - access web - based config 1 8 Port Access Web - Based Configuration DHCP Base Address : 192.168.0.0 DHCP Subnet Mask : 255.255.255.0 DHCP Lease Length : 10 Allow RADIUS - assigned dynamic (GVRP) VLANs [No] : No Access Denied Message : System Default Client Client Logoff Re - Auth Unauth Auth Cntrl Port Enabled Limit Moves Period Period VLAN ID VLAN ID Dir ------ ------- ------ ------ --------- --------- ------- ------- ----- 18 Yes 5 No 300 0 99 0 both Comware5 [Comware5]radius scheme <radius - auth > [Comware5 - radius - radius - auth]primary authentication 10.0.100.111 1812 [Comware5 - radius - radius - auth]primary accounting 10.0.100.111 1813 [Comware5 - radius - radius - auth]key authentic ation password [Comware5 - radius - radius - auth]user - name - format without - domain [Comware5 - radius - radius - auth]server - type extended [Comware5] domain web - auth New Domain added. [Comware5 - isp - web - auth]? Isp view commands: access - limit Specify a ccess limit of domain

622. 621 crypto key generate , 172 D deny ip , 479, 489, 496, 503, 606 description link_to_core , 288 dhcp enable , 329 dhcp relay , 329 dhcp relay server - address 10.0.100.251 , 329 dhcp selec t relay , 329 dhcp snooping enable , 552 dhcp - snooping , 552 dir , 23, 85, 102 dir usba0:/ , 23 disable , 288 display arp detection , 562 display arp source - suppression , 569 display bgp peer , 454 display boot - loader , 102 display clock , 124, 125 display current - co nfiguration , 38, 100 display device manuinfo , 25 display device usb , 23 display dhcp relay , 329 display dhcp relay server - address , 329 display dhcp - snooping , 552 display diagnostic - information , 8, 36 display dldp , 544 display dot1x , 577 display environment , 25 display fan , 25, 33 display hwtacacs , 229 display interface , 288, 310, 368 display ip interface brief , 327 display irf , 636 display irf configuration , 635, 637 display irf link , 637 display irf topology , 637 display job , 280 display link - aggregation , 375, 382 display lldp neighbor - information , 249, 256 display lldp neighbor - information interface M - GigabitEthernet 0/0/0 , 266 display lldp neighbor - information list , 249 display logbuffer , 117 display mac - authentication , 597 display mirroring - group , 619, 6 26 display mvrp running - status , 351 display mvrp state interface , 351 display ntp - service sessions , 124 display ntp - service status , 125 display ospf , 446 display password - control , 75 display pim , 526, 530 display poe device , 362 display poe interface , 362 display portal connection statistics al , 607 display power , 25 display private - vlan , 336 display qos , 508 display radius scheme , 198 display radius statistics , 198 display rip , 434 display role name , 64 display schedule reboot , 18 display scheduler , 18 dis play scheduler job , 280 display scheduler schedule , 280 display snmp - agent , 153 display snmp - agent sys - info , 140 display ssh server , 173 display startup , 60, 102 display stp , 387, 399, 400, 422 display stp root , 422 display users , 30, 166 display version , 85 display vlan , 304, 310, 368, 375, 382, 577 display voice vlan , 369 display vrrp , 471 display web users , 183 dldp enable , 544 dldp global enable , 544 domain 8021x , 576 domain default enable lab , 198 domain tacacs , 229 domain web - auth , 605 dot1x , 576 dot1 x mac - auth - bypass , 596 dot1x system - auth - control , 576 duplex auto , 288 E enable , 13, 288, 471 enable password , 44 enable secret, 44 encapsulation s - vid 2 , 359 erase startup - config , 101

21. 20 Reboot system at 15:43 03/03 /2015(in 0 hour(s) and 30 minute(s)). c onfirm? [Y/N]:y <Comware5> %Mar 3 15:13:55:852 2015 Comware5 CMD/5/CMD_REBOOT_SCHEDULED: aux0 set schedule reb oot parameters at 15:13:55 03/03 /2015, and s ystem will reboot at 15:43 03/03 /2015. <Comware 5 >display schedule reboot System will reboot at 23:0 0 03/04/2015 (in 22 hours and 58 minutes). <Comware 5 >undo schedule reboot <Comware 5 > %Mar 3 23:45:36:426 2015 Comware5 CMD/5/CMD_REBOOT_CANCEL: aux0 cancelled reboot parameters at 23:45:36 03/03/2015. Comware7 <Comware7> reboot ? force Forcibly reb oot without checking slot Specify the slot number <cr> <Comware7>reboot - or - <Comware7>reboot force ? <cr> <Comware7>reboot force <Comware7>reboot slot ? <1> Slot number <Comware7>reboot slot 1 ? force Forcibly reboot without checkin g subslot Specify the subslot number <cr> <Comware7>reboot slot 1 [for timed reboot] <Comware7>scheduler reboot ? at Specify the execution time delay Specify the delay time <Comware7>scheduler reboot at ? TIME Execution time (HH:MM) <Comware7>scheduler reboot at 23:00 ? DATE Execution date (MM/DD/YYYY or YYYY/MM/DD) <cr> <Comware7>scheduler reboot at 23:00 03/09/2015 ? <cr> <Comware7>scheduler reboot at 23:00 03/09/2015 Reboot system at 23:00:00 03/09/2015(in 7 hours and 51 m inutes). Confirm?[Y/N]:y <Comware7>%Mar 9 15:08:34:699 2015 Comware7 SCH/5/SCH_REBOOT_SCHEDULED: aux0 set schedule reboot parameters at 15:08:30 03/09/2015, and system will reboot at 23:00:00 03/09/2015. <Comware7>

89. 88 <Comware 5 >scp 10 .0.100.111 get A5500EI - CMW520 - R2221P07.bin Username: manager Trying 10.0.100.111 ... Press CTRL+K to abort Connected to 10.0.100.111 ... Enter password: < Comware 5 >xmodem ? get Obtain remote data file < Comware 5 >xmodem get ? STRING [drive][path][fil e name] flash: Device name < Comware 5 >xmodem get flash:/ ? <cr> < Comware 5 >xmodem get flash:/ < Comware 5 > tftp 10. 0.100.111 put a5500ei - cmw520 - r2221p07 .bin ? STRING<1 - 135> Destination filename source Specify a source vpn - instance Spec ify a VPN instance <cr> < Comware 5 > tftp 10. 0.100.111 put a5500ei - cmw520 - r2221p07.bin <Comware 5 >scp 10.0.100 .111 put a5500ei - cmw520 - r2221p07 .bin ? STRING<1 - 135> Destination file name identity - key Specify the algorithm for publickey aut hentication prefer - ctos - cipher Specify the preferred encryption algorithm from client to server prefer - ctos - hmac Specify the preferred HMAC algorithm from client to server prefer - kex Specify th e preferred key exchange algorithm prefer - stoc - cipher Specify the preferred encryption algorithm from server to client prefer - stoc - hmac Specify the preferred HMAC algorithm from server to client usernam e Specify the user name <cr> <Comware 5 >scp 10.0.100.111 put a5500ei - cmw520 - r2221p0 7 .bin Username: manager Trying 10.0.100.111 ... Press CTRL+K to abort Connected to 10.0.100.111 ... Enter password: <Comware 5 >boot - loader ? file File pat h update Update image file <Comware 5 >boot - loader file ? STRING [drive][path][file name] flash: Device name <Comware 5 >boot - loader file flash:/a5500ei - cmw520 - r22 21p07 .bin ? slot Specify the slot number <Comware 5 > boot - loader file flash:/a5500ei - cmw520 - r22 21p07 .bin slot ?

90. 89 INTEGER<1> Slot number all All current slot number <Comware 5 > boot - loader file flash:/a5500ei - cmw520 - r22 21p07 .bin slot 1 ? backup Set backup attribute main Set main attribute <Comware 5 > boot - loader file flas h:/a5500ei - cmw520 - r22 21p07 .bin slot 1 main ? <cr> <Comware 5 > boot - loader file flash:/a5500ei - cmw520 - r22 21p07 .bin slot 1 main Comware7 In this chapter, SCP (Secure Copy) is used for secure file transfers. SFTP (Secure File Trasnfer Protocol) is used in Chapter 4 for secure file transfers. <Comware7>dir ? /all Display all files and directories in the current directory /all - filesystems Display the files and directories in the root directories of all storage media > Redirect it to a file >> Redirect it to a file in append mode STRING [drive][path][file name] flash: Device name slot1#flash: Device name slot1#usba0: Device name usba0: Device name | Matching output <cr> <Comware7>dir Directory of flash: 1 - rw - 10986496 Feb 04 2015 17:52:26 5900_5920 - cmw710 - boot - r2416.bin 2 - rw - 66350080 Feb 04 2015 17:54:43 5900_5920 - cmw710 - system - r2416.bin 3 drw - - Dec 31 2010 18:00:23 diagfile 4 - rw - 1580 Mar 23 2015 18:30:53 ifindex.dat 5 - rw - 5 778 Mar 23 2015 18:30:54 startup .cfg 6 - rw - 175617 Mar 23 2015 18:30:55 startup .mdb 7 - rw - 0 Oct 06 2014 12:02 :16 lauth.dat 8 drw - - Dec 31 2010 18:00:24 license 9 drw - - Jan 01 2011 18:00:23 logfile 10 drw - - Sep 15 2014 10:45:45 pki 11 drw - - Dec 31 2010 18:00:23 seclog 12 drw - - Feb 04 2015 18:00:57 versionInfo 524288 KB total (436412 KB free) <Comware7>display version HP Comware Software, Version 7.1.045, Release 2416 Copyright (c) 2010 - 2014 Hewlett - Packard Development Company, L.P. HP 5900AF - 48G - 4XG - 2QSFP+ Switch uptime is 0 weeks, 1 day, 2 hours, 46 minutes Last reboot reason : Cold reboot Boot image: flash:/5900_5920 - cmw710 - boot - r2416.bin Boot image version: 7.1.045, Release 2416 Compiled Dec 09 2014 16:02:10 System image: flash:/5900_5920 - cmw710 - system - r2416.bin System image ver sion: 7.1.045, Release 2416 Compiled Dec 09 2014 16:02:10 Slot 1:

197. 196 [Comware5 - radius - radius - auth]primary accounting ? X.X.X.X Any valid IP address ipv6 Specify IPV6 address [Comware5 - radius - radius - auth]primary accounting 10.0.100.111 ? INTEGER<1 - 65535> Accounting - port : generally is 1813 key Specify the shared encryption key of RADIUS server vpn - instance Specify VPN instance <cr> [Comware5 - radius - radius - auth]primary acc ounting 10.0.100.111 key ? STRING<1 - 64> Plaintext key string cipher Specify a ciphertext key simple Specify a plaintext key [Comware5 - radius - radius - auth]primary accounting 10.0.100.111 key simple ? STRING<1 - 64> Plaintext key string [Comware5 - radius - radius - auth]primary accounting 10.0.100.111 key simple password ? INTEGER<1 - 65535> Accounting - port : generally is 1813 vpn - instance Specify VPN instance <cr> [Comware5 - radius - radius - auth]primary accounting 10.0.100.111 key s imple password [Comware5 - radius - radius - auth]user - name - format ? keep - original User name unchanged with - domain Include the domain name in the username, such as XXX@YYY without - domain Exclude the domain name from the username [Comware5 - radius - radius - auth]user - name - format without - domain ? <cr> [Comware5 - radius - radius - auth]user - name - format without - domain [Comware5 - radius - radius - auth]server - type ? extended Server based on RADIUS extensions standard Server based on RFC protocol(s) [Comw are5 - radius - radius - auth]server - type extended ? <cr> [Comware5 - radius - radius - auth]server - type extended [Comware5] domain lab New Domain added. [Comware5 - isp - lab]? Isp view commands: access - limit Specify access limit of domain accountin g Specify accounting scheme authentication Specify authentication scheme authorization Specify authorization scheme authorization - attribute Specify authorization attributes of domain cfd Conn ectivity fault detection (IEEE 802.1ag) display Display current system information dscp Specify a DSCP value for user packets of this domain idle - cut Specify idle - cut attribute of domain mtracert Trace route to multicast source ping Ping function quit Exit from current command view

199. 198 [Comware5 - ui - vty0 - 15]user privilege level ? INTEGER<0 - 3> Specify privilege level [Comware5 - ui - vty0 - 15]user privilege level 3 ? <cr> [Comware5 - ui - vty0 - 15]u ser privilege level 3 [Comware5] display radius ? scheme The RADIUS scheme information statistics Statistics information [Comware5] display radius scheme ? STRING<1 - 32> The RADIUS scheme name in the system. If not inputted, show the information of all the RADIUS scheme(s) slot Specify slot number | Matching output <cr> [Comware5] display radius scheme radius - auth ------------------------------------------------------------------ SchemeName : radius - a uth Index : 0 Type : extended Primary Auth Server: IP: 10.0.100.111 Port: 1812 State: active Encryption Key : ****** VPN instance : N/A Probe username : N/A Probe interval : N/A Primary Acct Server: IP: 10.0.100.111 Port: 1813 State: active Encryption Key : ****** VPN instance : N/A Auth Server Encryption Key : N/A Acct Server Encryption Key : N/A VPN instance : N/A Accounting - On packet disable, send times : 50 , interval : 3s Interval for timeout(second) : 3 Retransmission times for timeout : 3 Interval for realtime accounting(minute) : 12 Retransmission times of realtime - accounting packet : 5 Retransmission times of stop - accounting packet : 500 Quiet - interval(min) : 5 Username format : with - dom ain Data flow unit : Byte Packet unit : one ------------------------------------------------------------------ Total 1 RADIUS scheme(s). [Comware5] display radius st atistics ? slot Specify slot number <cr> [Comware5] display radius statistics Slot 1:state statistic(total=4096): DEAD = 4093 AuthProc = 0 AuthSucc = 0 AcctStart = 0 RLTSend = 0 RLTWait = 3 AcctStop = 0 OnLin e = 3 Stop = 0 StateErr = 0 Received and Sent packets statistic: Sent PKT total = 8

200. 199 Received PKT total = 8 Resend Times Resend total Total 0 RADIUS received packets statistic: Code = 2 Num = 3 Err = 0 Code = 3 Num = 2 Err = 0 Code = 5 Num = 3 Err = 0 Code = 11 Num = 0 Err = 0 Running statistic: RADIUS received messages statistic: Auth request Num = 5 Err = 0 Succ = 5 Account request Num = 3 Err = 0 Succ = 3 Account off request Num = 0 Err = 0 Succ = 0 PKT auth timeout Num = 0 Err = 0 Succ = 0 PKT acct_timeout Num = 0 Err = 0 Succ = 0 Realtime Account timer Num = 0 Err = 0 Succ = 0 PKT response Num = 8 Err = 0 Succ = 8 Session ctrl pkt Num = 0 Err = 0 Succ = 0 Normal author request Num = 0 Err = 0 Succ = 0 Set policy result Num = 0 Err = 0 Succ = 0 Accounting on request Num = 1 Err = 0 Succ = 1 Accounting on response Num = 0 Err = 0 Succ = 0 Distribute request Num = 0 Err = 0 Succ = 0 RADIUS sent messages statistic: Auth accept Num = 3 Auth reject Num = 2 Auth continue Num = 0 Account success Num = 3 Account failure Num = 0 Server ctrl req Num = 0 RecError_MSG_sum = 0 SndMSG_Fail_sum = 0 Timer_Err = 0 Alloc_Mem_Err = 0 State Mismatch = 0 Other_Error = 0 No - response - acct - stop packet = 0 Discarded No - response - acct - stop packet for buffer overflow = 0 Comware7 (If you are planning to use Telnet or SSH, you should configure those features before you configure AAA support.) Special note on using AAA authentication. By default Comware7 is expecting a user to login as “user@domain”, this allows for multiple domain support. In order to support a user to supply only their UID without the “@domain”, the ‘ user - name - format without - domain ’ parameter can be configured within the radius scheme, which allows Comware7 to send just a UID to the RADIUS server. [Comware7] radius ? nas - ip Specify the RADIUS client IP address schem e Specify RADIUS scheme session - control RADIUS session control function [Comware7] radius scheme ? STRING<1 - 32> Radius scheme name [Comware7] radius scheme radius - auth New Radius scheme

201. 200 [Comware7 - radius - radius - auth]? Radius protocol view c ommands: accounting - on Specify accounting - On function attribute Customize RADIUS attributes cfd Connectivity Fault Detection (CFD) module data - flow - format Specify the data unit diagnostic - logfile Diagnostic log file configuration display Display current system information key Specify a key for secure RADIUS communication logfile Log file configuration monitor System m onitor nas - ip Specify the RADIUS client IP address ping Ping function primary Specify a primary RADIUS server quit Exit from current command view retry Speci fy retransmission times return Exit to User View save Save current configuration secondary Specify a secondary RADIUS server security - logfile Security log file configuration security - policy - server Specify a security policy server state Specify state of RADIUS server timer Specify timer parameters tracert Tracert function undo Cancel current setting user - name - fo rmat Specify user - name format sent to RADIUS server vpn - instance Specify a VPN instance [Comware7 - radius - radius - auth]primary ? accounting Specify the primary RADIUS accounting server authentication Specify the primary RADIUS authentication server [Comware7 - radius - radius - auth]primary authentication ? STRING<1 - 253> Host name X.X.X.X IP address ipv6 Specify an IPv6 address [Comware7 - radius - radius - auth]primary authentication 10.0.100.111 ? INTEGER<1 - 655 35> Authentication port number, generally is 1812 key Specify the shared key for secure communication with the server vpn - instance Specify a VPN instance <cr> [Comware7 - radius - radius - auth]primary authenticatio n 10.0.100.111 key ? cipher Specify a ciphertext key simple Specify a plaintext key [Comware7 - radius - radius - auth]primary authentication 10.0.100.111 key simple ? STRING<1 - 64> Plaintext key string [Comware7 - radius - radius - auth]primary authenticati on 10.0.100.111 key simple password ? INTEGER<1 - 65535> Authentication port number, generally is 1812 vpn - instance Specify a VPN instance <cr> [Comware7 - radius - radius - auth]primary authentication 10.0.100.111 key simple password [Comware7 - rad ius - radius - auth]primary accounting ? STRING<1 - 253> Host name X.X.X.X IP address ipv6 Specify an IPv6 address [Comware7 - radius - radius - auth]primary accounting 10.0.100.111 ?

227. 226 HWTACACS author client request PPP number: 0 HWTACACS author client request VPDN number: 0 HWTACACS author client response error number: 0 HWTACACS author client response EXEC number: 2 HWTACA CS author client response PPP number: 0 HWTACACS author client response VPDN number: 0 HWTACACS author client round trip time(s): 0 Primary accounting server: 10.0.100.111 HWTACACS server open number: 3 HWTACACS server close number: 3 HWTACACS ac count client request packet number: 3 HWTACACS account client response packet number: 3 HWTACACS account client unknown type number: 0 HWTACACS account client timeout number: 0 HWTACACS account client packet dropped number: 0 HWTACACS account cli ent request command level number: 0 HWTACACS account client request connection number: 0 HWTACACS account client request EXEC number: 3 HWTACACS account client request network number: 0 HWTACACS account client request system event number: 0 HWTAC ACS account client request update number: 0 HWTACACS account client response error number: 0 HWTACACS account client round trip time(s): 0 Comware7 (If you are planning to use Telnet or SSH, you should configure those features before you configure A AA support.) Special note on using AAA authentication. By default Comware is expecting a user to login as “user@domain”, this allows for multiple domain support. In order to support a user to supply only their UID without the “@domain”, the ‘ user - name - fo rmat without - domain ’ parameter can be configured within the hwtacacs scheme, which allows Comware to send just a UID to the HWTACACS server. [Comware7]hwtacacs ? nas - ip Specify the HWTACACS client IP address scheme Specify HWTACACS scheme [Comware 7]hwtacacs scheme ? STRING<1 - 32> HWTACACS scheme name [Comware7]hwtacacs scheme tacacs - auth ? <cr> [Comware7]hwtacacs scheme tacacs - auth Create a new HWTACACS scheme. [Comware7 - hwtacacs - tacacs - auth]? Hwtacacs protocol view commands: cfd Connectivity Fault Detection (CFD) module data - flow - format Specify the data unit diagnostic - logfile Diagnostic log file configuration display Display current system information key Specify a key for secure HWT ACACS communication logfile Log file configuration monitor System monitor nas - ip Specify the HWTACACS client IP address ping Ping function primary Specify a primary HWTACACS server quit Exit from current command view return Exit to User View save Save current configuration

419. 418 Chapter 2 4 RIP – v1 and v2 This chapter compares the commands you use to enable and configure Routing Information Protocol (RIP) v2 . RIP uses a distance vector (a number representing distance) to measure the cost of a given route. The cost is a distance vector because the cost o ften is equivalent to the number of router hops between the router and the destination network. A hop is another router through which packets must travel to reach the destination. A RIP router can receive multiple paths to a destination. The software evalu ates the paths, selects the best path, and saves the path in the IP route table as the route to the destination. Typically, the best path is the path with the fewest hops. If the router receives an RIP update from another router that contains a path with f ewer hops than the path stored in the router's route table, the router replaces the older route with the newer one. The router then includes the new path in the updates it sends to other RIP routers. RIP routers also can modify a route's cost, generally by adding to it, to bias the selection of a route for a given destination. In this case, the actual number of router hops may be the same, but the route has an administratively higher cost and is thus less likely to be used than other, lower - cost routes. A R IP route can have a maximum cost of 15. Any destination with a higher cost is considered unreachable. Although limiting to larger networks, the low maximum hop count prevents endless loops in the network. RIP is a simple I nt erior Gateway P rotocol (IGP), ma inly used in small - sized networks, such as academic networks and simple LANs. It is not applicable to complex networks. RIP has been widely used because it is easy to implement, configure, and maintain. ProVision Comware Cisco ProVision(config)# router ri p ProVision (rip)# enable [ Comware ] rip 1 Cisco(config)#router rip ProVision(rip )# vlan 220 ip rip [ Comware - rip - 1]network 10.1.220.0 Cisco(config - router)#network 10.1.220.0 [ Comware - rip - 1]version 2 Cisco(config - router)#version 2 ProVision (rip)# redistribute connected [ Comware - rip - 1]import - route direct Cisco(config - router)#redistribute connected ProVision# show ip rip [ Comware ] display rip Cisco#sh ow ip rip database ProVision# show ip rip interface vlan 220 [ Comware ] display rip 1 interface Vlan - interface 220 [ Comware ] display rip 1 database Cisco#show ip rip database 10.1.220.0 255.255.255 .0 ProVision# show ip rip redistribute

448. 447 pending - prefixes Display prefixes pending deletion prefix - list Display routes matching the prefix - list quote - regexp Dis play routes matching the AS path "regular expression" regexp Display routes matching the AS path regular expression replication Display replication status of update - group(s) rib - failure Display bgp routes that failed to inst all in the routing table (RIB) route - map Display routes matching the route - map summary Summary of BGP neighbor status template Display peer - policy/peer - session templates topology Routing topology instance update - group Display information on update - groups update - sources Update source interface table version Display prefixes with matching version numbers vpnv4 Address family vpnv6 Addr ess family | Output modifiers <cr> Cisco#show ip bgp summary BGP router identifier 10.0.0.4, local AS number 64504 BGP table version is 5, main routing table version 5 4 network entries using 544 bytes of memory 4 path entries using 2 08 bytes of memory 4/4 BGP path/bestpath attribute entries using 496 bytes of memory 3 BGP AS - PATH entries using 72 bytes of memory 0 BGP route - map cache entries using 0 bytes of memory 0 BGP filter - list cache entries using 0 bytes of memory BGP using 1320 total bytes of memory BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.101.21 4 64502 8 8 5 0 0 00:03:23 3

587. 586 default Specify default AAA configuration lan - access Specify lan - access AAA configuration login Specify login AAA configuration optional Optional accounting mode portal Specify portal AAA configuration [Comware5 - isp - web - auth]accounting portal ? local Specify local scheme none Specify none scheme radius - scheme Specify RADIUS scheme [Comware5 - isp - web - auth]accounting portal radius - scheme ? STRING<1 - 32> Scheme name [Comware5 - isp - web - auth]ac counting portal radius - scheme radius - auth ? local Specify local scheme <cr> [Comware5 - isp - web - auth]accounting portal radius - scheme radius - auth [Comware5] interface LoopBack 12 [ Comware5 - LoopBack12]ip address 1.1.1.1 255.255.255.255 [ Comware5 ]po rtal ? delete - user Delete user free - rule Configure free rule local - server Configure local portal server max - user Specify the maximum number of online users move - mode Specify port admission mode for layer 2 portal user moving from one access port to another redirect - url Specify the URL address of the page to be pushed to user after Portal authentication success server Configure portal server web - proxy Specify Web proxy information of portal client [ Comware5 ]portal local - server ? http Enable HTTP protocol https Enable HTTPS protocol ip Specify listening IP address of local portal server [Comware5 ]portal local - server ip ? X.X.X.X Listening IP address [ Comware5 ]portal local - server ip 1.1.1.1 ? <cr> [ Comware5 ]portal local - server ip 1.1.1.1 [ Comware5 ]portal local - server http [Comware5]interface g1/0/18 [ Comware5 - GigabitEthernet1/0/18 ]port link - type hybrid [ Comware5 - GigabitEthernet1/0/18 ]mac - vlan enable [ Comware 5 - GigabitEthernet1/0/18 ]portal ? auth - fail Specify a VLAN for clients failing the portal authentication on the port domain Configure domain local - server Configure local portal server

611. 610 [ Comware - 2 ] irf - port 2/2 [Comware - 2 - irf - port2/2]port group interface te2/0/49 [Comware - 2 - irf - port2/2]port group interface te2/0/50 [Comware - 2 - irf - port2/2]quit [Comware - 2]irf - port 2/1 [Comware - 2 - irf - port2/1]port group interface te2/0/51 [Comware - 2 - irf - port2/1]port gr oup interface te2/0/52 [Comware - 2 - irf - port2/1]quit [Comware - 2]irf - port - configuration active [Comware - 2]interface range te2/0/49 to te2/0/52 [Comware - 2 - if - range]undo shutdown [Comware - 2 - if - range]quit [Comware - 2]save Un do shut down on the TenG ports o n the IRF master switch ( Comware ). [Comware ]interface range te1/0/49 to te1/0/52 [Comware - if - range] undo shut down [Comware - if - range]quit < Comware > save Note : As the IRF interfaces come up, the IRF slave switch ( Comware - 2) will automatically reboot. [C omware]display irf ? > Redirect it to a file >> Redirect it to a file in append mode configuration IRF configuration that will be valid after reboot link Display link status topology Topology information | Matching output <cr> [ Comware ] display irf MemberID Role Priority CPU - Mac Description *+1 Master 32 00e0 - fc0f - 8c02 --- 2 Standby 1 00e0 - fc0f - 8c03 --- -------------- ------------------------------------ * indicates the device is the master.

376. 375 5 100/1000T | 20000 128 Forwarding | 009c02 - d53980 2 Yes Yes 6 100/1000T | Auto 128 Disabled | 2 Yes No 7 100/1000T | Auto 128 Disabled | 2 Yes No 8 100/1000T | Auto 128 Disabled | 2 Yes No 9 100/1000T | Auto 128 Disabled | 2 Yes No 10 100/1000T | Auto