Link aggregation
- Dynamic LAG:
- Create LAG of nb_links links: lacp linkagg <id> size <nb_links> admin state enable
- Set an admin key: lacp linkagg <id> actor admin key <key>
- Configure interfaces with the key: lacp agg <slot/port> actor admin key <key
- Static LAG:
- Create LAG of nb_links links: static linkagg <id> size <nb_links> admin state enable
- Add a name: static linkagg <id> name <name>
- Associate interfaces with the LAG: static agg <slot/port> agg num <id>
Hardware
When stacking is operational, one switch is primary, one other secondary and the others in idle state. If the primary disappears, the secondary becomes primary and the first ilde becomes secondary.
Get info about the chassis: show chassis and about the stack: show stack topology.
Interface:
- get info about an interface (admin status, MAC, speed, duplex, errors, ...): show interface [port|status|<slot>/<port>|...]
- change an interface: interface <slot>/<port> [speed <10_100_1000>|duplex <half_full>|autoneg <state>|flood rate <rate>] (to switch from autoneg to 100FD: autoneg off, speed 100 and duplex full – if forced in 100FD while autoneg is on, the port will stay down)
- Disable an interface: interface <slot>/<port> admin down
- To clear the counters: interfaces <slot>[/port1-port2] no l2 statistics
To monitor the health of the system: show health all (cpu|memory)
To show CMM (Control Management Module) information: show cmm
System
Uptime, date, name, contact, location: show system
To change:
- system name <“name”>
- system contact <“contact”>
- system location <“location”>
The default prompt is “->”. session prompt default “sw1->” changes it to “sw1->”. You can get the other session parameters with show session config
When a command lists to many lines on the screen, it's possible to use more to see page by page: more size <size> where <size> is the number of lines shown. Use more to activate the mode and more size <size>to set the number of lines shown. Cancel this mode with no more.
To change the timeout of the telnet/ssh sessions: session timeout cli <timeout>
NTP
Set a server: ntp server <server_ip>. Even if the DNS is configured, you can't specify a name for the NTP server. Then activate NTP: ntp client enable.
Get NTP info:
- show ntp client: tells if NTP is on or off, when was the last update, ...
- show ntp server-list: get the servers'list and with which server the switch is synchronized
Logs
Show logging configuration: show swlog
Show switch logs:
- show log swlog: get all logs
- show log swlog timestamp <mounth/day/year> <hour:minute>: only logs since the specified hour
- empty logs: swlog clear
Enable syslog with: swlog output socket <syslog_server_ip>
STP
STP can operates in two modes: flat and 1x1. In flat mode, there is only one instance for the whole switch whereas in 1x1 mode, there is one instance per VLAN. I recommand the 1x1 mode (now the default one). Change STP mode: bridge mode (flat|1x1)
Get STP configuration: show spantree
It is possible to deactivate STP on specified vlans/ports : vlan <vlan_number> stp (enable|disable) and bridge <vlan_number> <slot>/<port> (enable|disable)
Change STP algorithm: bridge protocol (802.1D|STP|RTSP). I didn't managed to set rstp for all vlan as a global config, I had to set it vlan per vlan using: bridge 1x1 <vlan_number> protocol (802.1D|STP|RTSP).
DNS
- Name servers: ip name-server <IP1> <IP2>
- Domain name: ip domain-name <domain-name>
- Activate DNS client: ip domain-lookup
DHCP relay
- ip service udp-relay
- DHCP relay only for specified VLANs: ip helper per-vlan only
- DHCP server address: ip helper address <dhcp_server> vlan <vlan_number>
- Enable DHCP relay: ip udp relay BOOTP
Services
Activate/deactivate services: [no] ip service (ftp|ssh|telnet|http|secure-http|udp-relay|snmp|all). List of activated services: show ip service.
For https: ip http ssl
AAA
Authentification can be local or made with a radius
To activate a service, the authentication has to be set: aaa authentication default “local”, aaa authentication (console|ssh|ftp|802.1X|vlan|...) “local”
ARP
ARP table: show arp
Mac Address table: show mac-address-table
Add a static MAC/IP entry: arp <IP> <MAC>, no arp <IP> to remove it.
Clear dynamic arp entries: clear arp-table
To specify when an dynamic entry timeouts (default: 300seconds): mac-address-table aging-time <seconds> [vlan <vlan_number>]
