| Parameter | Description |
|---|
List management
|
| list | Allows to manage list values. Lists are used as a set of acceptable values for rules. |
| LISTNAME | List name. Each list must have a unique name and must be one of these types: iface, mac, numrange, match. List name may consist of letters and digits, but should not start with a digit, is case-insensitive. If list name contains spaces, it should be put in quotes. |
[{iface | mac | numrange | match}] | Each list must be assigned to one of the following types: - "iface" – list type which consists of network interfaces names.
- "mac" – list type which consists of a set of MAC addresses.
- "numrange" – list type that consists positive integer numbers ranges set. The range of numbers is specified as "<min>[-<max>]". The range may consist of one number if "<min>=<max>". If a range of numbers is added to existing list and two ranges values intersect, these ranges will be concatenated. When deleting a range that intersects with the existing one in the list, completely nested ranges are deleted and / or the overlapping intersections with the deleted one are removed.
- "match" – by context, "match" expressions are identical to expressions lists but should consist of one element – the expression itself. The expression should be written in PCAP format. If an expression has spaces it should be put into quotes.
|
| {add | del} [VALUE ...] | Parameters "add" and "del" are used to add or delete values to the specified list (except "match"). - "VALUE" – one or several values to be added or deleted from the list.
|
dump [name] [WILDCARD] | Displays the list content. - "name" – list name.
- "WILDCARD" – search filter.
|
rename NEWNAME | Renames the list. - "NEWNAME" – new list name.
|
file FILENAME | A source file can be specified for the list. The source file should contain the list of values with each value taking one line.
The file can be located on an FTP server, to which the configured device has network access. The values are loaded into the list from the source automatically when the switch starts or when the source name changes. |
[flush|remove] | - "flush" – clears the list content.
- "remove" – deletes the list from the switch configuration.
|
Switch Group Management
|
| group | Allows to manage switch group. |
| ID | Numeric switch group identifier in range 1...4999. |
{add | del} IFNAME[:{TAG|0}] ... | Adds or deletes specified interfaces to/from the switch group: - "add|del" – adds/deletes specified interfaces to/from the switch group. If "add" parameter is used and there is no switch group with ID identifier, it will be automatically created.
- "IFNAME" – network interface name which should be added or deleted from the switch group.
- "TAG" – allows different manipulations with VLAN tags of the packet when the packet is sent through this interface. The following options are available:
- "TAG" is specified for the interfaces and its value is >0. That means that any packet forwarded to the interface by the switch will be tagged with a VLAN tag "TAG". If the packet already had a tag, this tag will be retagged to "TAG".
- "TAG" is not specified. This means that the packet stays unmodified.
- "TAG" is specified and its value is zero. This means that the packet sent through this interface will be untagged if it was previously tagged or sent without any changes if it was not tagged.
|
| {repeater|trunk|uncoupled} {on|off} | Enables/disables switching mode. The following modes are available in WANFleX: - "repeater" – group switches the packets simply by sending them to all the device’s interfaces except the one the packet was received from.
- "trunk" – the group switches all the packets received through "eth*" interfaces in such a way that when packets are sent to "rf*" interfaces, these packets are places in a group with a number corresponding to the packet’s VLAN TAG. When receiving the packet from "rf*" interfaces, trunk group sends these packets to "eth*" interface tagging them with a switch group number this packet was received from.
- "uncoupled" – if a ring/redundant network is connected to a core network in multiple points, STP loops can be formed in the core network. Thus, STP enabled switches may block some of the links and leed to inefficient network loading. Switch groups with "uncoupled" parameter blocks the traffic between each other even if they have the same switch group number. This does not affect the traffic to come into the wireless network. For the incoming traffic intermediate nodes only use the closest uncoupled node. This improves the effectiveness of network utilization.
|
| {(up|down)stream} {SCID|0} | In order to deal with upstream multicast flows in video surveillance systems two additional parameters are introduced: - "downstream" – device is used to send downstream traffic.
- "upstream" – device is used to upstream traffic.
- "SCID|0" – switch link identifier 0, 1, 2. Must be equal on "upstream" and "downstream" devices.
|
in-trunk [{ID|0}] | Allows to create several disjoint trunk groups within the same network, with the VLAN flows inside. Is used on a subscriber station.
|
| [x]vlan {TAG|LIST|0} [[no]bidir] | Defines that the group will switch the packets, which a VLAN tag has one of the following values: - "TAG" – VLAN tag is specified.
- "LIST" – value is specified in a "numrange" list type.
- "0" – cancels VLAN filtration.
- "bidir" – enables two-way traffic classification by VLAN ID (from and into the wired segment). The option can be useful for a ring (or redundant) topology network transmitting multiple VLANs when the traffic with certain VLAN IDs is picked up at junction points.
- "[x]" – allows the group to process packets without a VLAN tag.
| Note |
|---|
| When enabling this VLAN tag filter other rules do not work. |
|
nvlan {[on]|off} | Defines that group will switch only the packets not tagged with VLAN tag.
|
info INFO_STRING | Allows adding comments to switch group description.
|
setid NEWID | Changes switch group ID. |
dump [interface] [WILDCARD]]
| Displays the database of all known MAC addresses. - "interface" – displays the database of all known MAC addresses by grouping them according to interfaces.
- "WILDCARD" – the output will be filtered according to the selected criteria.
|
| stat | Shows selected group statistic. |
| showrules | showblack | - "showrules" – displays detailed information about the group’s classification rules, including the hits counter for each rule.
- "showblack" – displays the list of MAC addresses that are blocked due to the indeterminacy of their owner.
|
| dbdelete MACADDRESS | Deletes all records from MAC address database connected with a specified MAC address. |
| start [discard] |stop | remove | Starts/stops a specified switch group, deletes a specified group from the switch configuration. |
stp { off | on | dump } | Enables/disables STP support for selected group. - "dump" – allows to see STP state of the group.
|
stp priority [PRIO] | Sets STP priority of a switch. - "PRIO" – priority value. If priority is not specified then default value (57344) is set. When setting priority value it will be automatically rounded down to a value divisible by 4096.
|
stp forwarddelay [DELAY] | Sets STP "forward delay" parameter, which determines a time that switch spend in "listening" and "learning" states. - "DELAY" – time value in seconds. If not specified default value is 15 seconds.
|
stp maxage [TIME] | Sets STP "MAX age" parameter, which determines time for switch to deliver BPDU-packet. - "TIME" – value in seconds. If not specified default value is 20 seconds.
|
stp port IFNAME priority [PRIO] | Sets the switch port STP priority. - "IFNAME" – interface name.
- "PRIO" – port priority value. If not specified default value is 128. When setting priority value it will be automatically rounded down to a value divisible by 16.
|
stp port IFNAME cost [COST] | Sets STP "cost" parameter of switch port, which determines switch port cost. - "COST" – cost value. If not specified default value is 200000 for RSTP, 65535 for STP.
|
stp [vlan TAG] | Sets VLAN tag for STP in selected switch group. |
igmp { off | on } | Enables/disables the "IGMP-snooping" function for the switch group. |
setpri|addpri PRIO | Allows to set/increase the priority of packets passing through the group.
- "setpri" – changes a priority to the value specified in the command. When using "-1" value a package priority is dropped to the lowest priority.
- "addpri" – changes a priority only in case it is higher than the previous one (the smaller is the value the higher is the priority). So you can only increase priority using "addpri" parameter.
|
qmch CHAN | Allows to set service class "CHAN" to the Ethernet frame entering switch group. Service classes are created by "qm chan" command. |
{deny | permit} | Permits/denies processing and sending out the packets which belong to this group.
|
igmp dump [detail] [name] | Displays IGMP hosts list which are subscribed to multicast group. - "detail" – shows detailed information on multicast-subscribers.
- "name" – shows information for a specific gateway.
|
igmp lmqt Value | Sets "Last Member Query Time" value i.e. the maximum time during which the switch will wait for the answer from active subscribers after receiving "IGMP leave". If no answer is received the switch will stop Multicast packets delivery to the particular Gateway. Gateway is an Ethernet interface or radio interface with a device MAC address on the other side of the link. |
igmp gmi Value | Sets "Group Membership Interval" value i.e. the amount of time that must pass before a Multicast Router decides there are no more clients subscribed to a Multicast group (no more "IGMP report" messages in the group). |
igmp static-add MCAST IF_NAME [MAC] | Creates Multicast address static subscription.
|
igmp static-del MCAST IF_NAME [MAC] | Deletes Multicast address static subscription. |
igmp router-port { off | on } | The switch to forward multicast streams not only to subsсriber ports, but also to all router (querier) ports.
|
igmp flood-reports { off | on } | Enables IGMP report packets forwarding to all ports, not just the routers (querier) ports. By default is off.
|
igmp srcip IP | Replace a source IP address in IGMP Report packets on the address specified in the "IP" field of this parameter. |
igmp zero-query-permit { off | on } | Enables processing for packets with 0.0.0.0 source IP address. By default is off.
|
igmp querier [vlan N] {start|stop|clear} | Enables/disables the "Querier" function, which substitutes the functions of Multicast Router in video systems with "IGMP Snooping" using. - "vlan N" – enables multicast packets transmittion with using VLAN.
- "clear" – deletes "IGMP Querier" configuration.
|
igmp querier [[no]election] [source IP] [mcast X[,Y,...]] | - "[no]election" – when the IGMP Querier function is enabled, disables/enables the process of election of the IGMP Querier operating on the network segment. According to the standards, each network segment should have a single IGMP Querier, that has the lowest source IP address. By default is enabled.
- "source X" – sets source IP address for Multicast packets.
- "mcast X[,Y,...]" – sets concrete Multicast Group (or a number of groups) to be allowed for subscription.
|
igmp querier interval Value | Sets the interval to send IGMP Querier packets in seconds. |
igmp join-limit [IF_NAME] N [include $ACL] [except $ACL] | Limits the number of active unique IGMP multicast group. Once the group limit is reached, subsequent join requests are rejected.
- "IF_NAME" – network interface to make limitation.
- "include $ACL" – list of addresses/networks covered by this limitation.
- "except $ACL" – list of exceptions.
|
flood-unicast { off | on } | Enables/disables "flood-unicast" mode, allowing to send unicast packets as broadcast, sending them through all interfaces included in the switch group. |
inband { off | on } | If the traffic sent by the switch group does not contain (should not contain) the information intended for this device (only transit flow), then the analysis of broadcast packets can be disabled, thus reducing the load on the processor. By default, analysis is enabled.
|
order N | In the process of data packets distribution to switch groups, the groups are viewed in order they are situated in the configuration. The first group that is suitable for a packet is chosen and the process is stopped.
The parameter sets the order in which the concrete group will be run over during the assigning process. |
| dhcp-snooping { off | on } | Enables/disables DHCP snooping function, providing protection against attacks using a DHCP. By default is off. |
| dhcp-snooping [no]trust IFNAME | Marks the interface as trusted/untrusted. By default, all interfaces are marked as untrusted.
|
| dhcp-snooping [no]verify-mac | Enables/disables checking for the sender MAC addresses correspondence with specified in the DHCP request. |
| dhcp-snooping option-82 [no]insert | Enables/disables adding Option 82 in DHCP request. By default is on. |
| dhcp-snooping option-82 format { string ASCII-string | hex HEX-string | mac } | Sets the DHCP relay identifier format in Option 82.
- "mac" – MAC address by default.
- "ASCII-string" – ASCII encoded identifier.
- "HEX-string" – HEX encoded identifier.
|
dhcp-snooping option-82 untrusted-policy { drop | keep | replace } | Configures the action to be made if a packet containing Option 82 hits an untrusted interface. By default, packets are discarded. |
Interface management |
interface IFNAME mac-limit N | Use to limit the number of dynamically learned MAC addresses per interface. Once the limit is reached no more MAC addresses will be learned. Traffic with source MAC addresses that have not been learned will be blocked. |
Switching rules management |
| group ID | interfce IFNAME | Number of the group or interface name. |
| rule NUMBER | Sequential rule number. |
| set NEWNUMBER | Changes the rule number. |
remove | Deletes the rule. |
src, dst, vlan, iface, proto, match LIST | Specifies the lists of acceptable values for the corresponding parameter of the packet. For more information see the "Switching rules" subsection. - "LIST" – acceptable valueslist name.
|
deny | permit | Sets the decision for the corresponding rule. |
| setpri|addpri PRIO | Sets/increases the priority of packets passing through the group. - "setpri" – changes a priority to the value specified in the command. When using "-1" value a package priority is dropped to the lowest priority.
- "addpri" – changes a priority only in case it is higher than the previous one (the smaller is the value the higher is the priority). So you can only increase priority using "addpri" parameter.
|
Management commands |
resynchronize | Forces to reload the acceptable values list contents, the data source of which is external file.
|
trace { off | on | verbose | filter "pcap expr"} | Disables/ enables logging the service information into the system log.
- "verbose" – enables more detailed information logging.
- "filter “pcap expr" – enables tracing how packets of the corresponding PCAP filter are being processed by the switch.
|
stptrace { off | on } | Disables/ enables logging of the STP service information such as changing the ports state, changing connections into the system log. By default is disabled. |
stpblock { off | on } | - "on" – prevents STP frames forwarding in the switch mode when STP support is disabled.
- "off" – allows STP frames forwarding.
|
| stpmint { off | on } | Enables/disables the STP MINT mode. STP MINT mode is used to exclude the wired switches with the enabled STP protocol influence on the network operation. The mode blocks the BPDU frames of the STP protocol configured on wired switches so that the switch cannot detect the loop and block its ports. STP MINT mode in conjunction with the RSTP protocol enabled in the Infinet devices allows to break the loop and support the PRF protocol functioning that operates through the wired segment. |
dead-interval <DEAD_INTERVAL_IN_SECONDS> | Switch MAC address database is a routing table of MAC layer which contains information on how the packet should be delivered to its destination (dst). Each switch group has an independent database. Records in the database are formed automatically based on the source address of the packet which was received by one of the interfaces included into a switch group.
Moreover, the database always contains records corresponding with interfaces included into the switch group. These records are called local records. Each records has its life span.
The parameter sets record "life span". If, during this life span, none of the interfaces have received a packet with a source address from this record, this record is deleted from the database. By default, life span is 300 seconds. |
{start | stop | restart} | Starts/stops/restarts the switch. |
{destroy} | Clears the switch configuration.
|
statistics [(clear|help|ID)] | Displays switch statistic. Shows the information on forwarded/flooded/dropped packets and records of the switch MAC address table (DB Records). Unicast, broadcast and flood packets statistic is made separately. - "clear" – clears the switch statistic.
- "help" – shows a list of the drooped packets reasons descriptions used in the switch statistics command output.
- "ID" – switch group ID. If specified the output displays separate packet stats for each VLAN that belongs to that switch group.
|
| igmp[-snooping] dump [name] [detail] | Displays IGMP hosts list, which are subscribed to a multicast group from all groups. - "detail" – shows detailed information about subscribers.
- "name" – shows the information for a specific gateway.
|
| MACADDRESS | Displays the information for the specific MAC address. |
maxsources (MAXSOURCES|0) | Sets the maximum allowed number of records in the switch MAC address table. The default number of records is 5000. If "0" value is used the number of records is set to minimum possible (500). |