Command Line Reference
Ethernet Switching
MAC Configuration
67 min
show mac flapping config show mac flapping config \[command] show mac flapping config \[purpose] view the configuration information of mac address flapping detection function \[view] system view \[use cases] sonic# show mac flapping config + + + + + + \| vlan | level | aging | action | enabled | +=========+=========+=========+============+===========+ \| vlan400 | 10 | 600 | error down | true | + + + + + + show mac flapping status show mac flapping status \[command] show mac flapping status \[purpose] view records of mac address flapping \[view] system view \[use cases] sonic# show mac flapping status + + + + + + \| vlan | mac | times | lastupdate | errordown | +=========+===================+=========+==============+=============+ \| vlan400 | 00 00 01 01 02 01 | 3 | ethernet1 | no | + + + + + + description of the description of the show mac flapping status command output item description vlan vlans undergoing migration mac migrated mac addresses times number of migrations for a mac address lastupdate interface of the last migration errordown whether the interface is shut down show mac address show mac address \[command] show mac address \[ interface type interface name] \[purpose] display mac table \[parameter] parameter description interface type interface type, optional ethernet, link aggregation interface name interface name \[view] system view \[use cases] sonic# show mac address no vlan macaddress port type \ 1 200 18 17 25 37 67 3e vttnl10 1 0 226 10 1 0 101 static 2 300 18 17 25 37 67 3c vttnl10 1 0 226 10 1 0 101 static total number of entries 2 show mac limit show mac limit \[command] show mac limit \[{port interface name | vlan vlan id }] \[purpose] view the configured limit on the number of mac address learning entries \[view] system view \[use cases] sonic# show mac limit interface mac limit \ vlan800 1000 clear mac address clear mac address \[command] clear mac address \[{ethernet|link aggregation interface name } ] \[vlan vlan id ] \[{static|dynamic}] \[purpose] empty the mac table \[parameter] parameter description interface name interface name vlan id vlan id, range 1 4094 \[view] system view \[usage scenario] the mac address table space on a device is limited when the mac address table becomes full, it cannot learn new mac address entries until the aging time expires this can lead to new users having to broadcast their packets, wasting network resources in such cases, this command can be used to remove unnecessary mac address entries from the table \[notes] by default, this command will clear all mac addresses on the device, including static mac entries be cautious when using it to avoid unintended consequences \[use cases] sonic# clear mac address all fdb entries are cleared mac address static mac address static \[command] mac address static hh\ hh\ hh\ hh\ hh \ hh vlan vlan id {ethernet|link aggregation} interface name no mac address static hh\ hh\ hh\ hh\ hh \ hh vlan vlan id \[purpose] configure static mac \[parameter] parameter description hh\ hh\ hh\ hh\ hh \ hh mac address interface name interface name vlan id vlan id,range 1 4094 \[view] system configuration view \[usage scenario] manually configuring static mac address entries is typically done to enhance security network administrators can manually add specific mac address entries to the mac address table, binding user devices to interfaces, in order to prevent unauthorized users from accessing data \[notes] if a dynamic mac address table entry exists in the mac address table with the same static mac address, the added static mac address table entry will automatically overwrite the dynamic mac address table entry \[use cases] sonic# configure terminal sonic(config)# mac address static 00\ aa\ aa\ aa\ aa\ aa vlan 4 ethernet 1 mac address blackhole mac address blackhole \[command] mac address blackhole hh\ hh\ hh\ hh\ hh \ hh vlan vlan id no mac address blackhole hh\ hh\ hh\ hh\ hh \ hh vlan vlan id \[purpose] configuring the blackhole mac \[parameter] parameter description hh\ hh\ hh\ hh\ hh \ hh mac address vlan id vlan id,range 1 4094 \[view] system configuration view \[usage scenario] to prevent hackers from using mac address attacks on user devices or networks, you can configure the mac addresses of untrusted users as blackhole mac addresses when the device receives a packet with a destination mac address or source mac address that matches a blackhole mac address, it will simply discard the packet this helps enhance network security \[use cases] sonic# configure terminal sonic(config)# mac address blackhole aa\ bb\ bb\ bb\ bb\ bb vlan 5 mac address timer mac address timer \[command] mac address timer aging time mac address timer no aging \[purpose] configure mac aging time \[parameter] parameter description time aging time, in seconds, default aging time is 600s, range 30s 7200s no aging no aging mac table entries \[view] system configuration view \[usage scenario] as network topology evolves, devices will learn an increasing number of mac addresses to prevent the mac address table from growing excessively, it's essential to use this command to set an appropriate aging time for dynamic mac table entries this helps in timely removal of obsolete mac address entries from the table, preventing it from becoming too large \[notes] mac table entry aging time is a parameter that affects the switch mac self learning dynamic mac table entries that exceed the aging time are automatically deleted, and the device relearns the mac and builds a new mac table entry static mac table entries are not affected by the aging time \[use cases] sonic# configure terminal sonic(config)# mac address timer aging 3600 sonic(config)# mac address timer no aging mac flapping detect enable mac flapping detect enable \[command] mac flapping detect enable no mac flapping detect enable \[purpose] enable the mac address flapping suppression function \[view] vlan view \[usage scenario] mac address drifting refers to a situation where a mac address learned on one interface of a device is also learned on another interface within the same vlan, with the later learned mac address entry overwriting the original entry when this feature is enabled, if mac address drifting occurs, the device will generate warning logs additionally, user can use the mac flapping detect action error down configuration to forcibly shut down physical interfaces experiencing mac address drifting mac address drifting can occur due to the following reasons l the presence of network loops l malicious attacks by unauthorized users within the network \[use cases] sonic(config)# vlan 400 sonic(config vlan 400)# mac flapping detect enable mac flapping detect action error down mac flapping detect action error down \[command] mac flapping detect action error down no mac flapping detect action error down \[purpose] configure the processing action of the interface after the mac address flapping is to shutdown the interface \[view] vlan view \[usage scenario] after configuring mac address flapping actions for a vlan, if the system detects that a mac address has drifted more times within the duration specified by the mac flapping detect aging command than the number configured with the mac flapping detect level command, the system will forcibly shut down the interface where the mac address was last learned \[notes] by default, the interface is not automatically restored after shutdown, and needs to be manually restored by the administrator after specifying the shutdown command and then executing the no shutdown command \[use cases] sonic(config)# vlan 400 sonic(config vlan 400)# mac flapping detect action error down mac flapping detect aging mac flapping detect aging \[command] mac flapping detect aging time \[purpose] configure the aging time of mac address flapping table entries \[parameter] parameter description time value range 10 7200, unit s \[view] vlan view \[use cases] sonic(config)# vlan 400 sonic(config vlan 400)# mac flapping detect aging 100 mac flapping detect level mac flapping detect level \[command] mac flapping detect level time \[purpose] configure the number of times mac address flapping is detected in a vlan \[parameter] parameter description time value range 5 500 \[view] vlan view \[usage scenario] a flapping is considered to have occurred when the mac address has migrated more than the configured number of flapping detections within the flapping aging time \[use cases] sonic(config)# vlan 400 sonic(config vlan 400)# mac flapping detect level 10 mac limit mac limit \[command] mac limit value no mac limit \[purpose] configure mac address learning entry limit \[parameter] parameter description value value range 1 32000 \[view] vlan view, interface view \[usage scenario] to control the number of access users or prevent mac address table attacks, you can limit the number of mac addresses that a switch is allowed to learn this helps control the number of access users and enhances network security \[notes] when the number of mac address table entries reaches the limit, the new mac address will not be learned \[use cases] sonic(config)# vlan 400 sonic(config vlan 400)# mac limit 1000 interface isolation group configuration interface isolation group configuration show port isolate group show port isolate group \[command] show port isolate group \[group id group id ] \[purpose] view the configured interface isolation group information \[parameter] parameter description group id interface isolation group id, range 1 128 \[view] system view \[use cases] sonic# show port isolate group group id 1 + + + + \| group id | interface | mode | +============+============+========+ \| 1 | ethernet1 | l2 | \| | ethernet2 | | \| | ethernet3 | | + + + + port isolate group port isolate group \[command] port isolate group group id no port isolate group group id \[purpose] create interface isolation groups \[parameter] parameter description group id interface isolation group id, range 1 128 \[view] system configuration view \[usage scenario] the isolation feature refers to isolating and forwarding broadcast, multicast, and unicast packets among interfaces within the same isolation group when combined with other business functions, it can implement a more secure network architecture and greatly reduce the occurrence of broadcast storms \[use cases] sonic(config)# port isolate group 1 port isolate port isolate \[command] port isolate group id no port isolate group id \[purpose] enables layer 2 broadcast isolation of the interface \[view] interface view \[use cases] sonic(config)# port isolate group 1 sonic(config)# port group ethernet 1 10 sonic(config port group 1 10)# port isolate 1 stp configuration stp configuration show stp mstp show stp mstp \[command] show stp mstp \[purpose] view spanning tree status \[view] system view \[use cases] sonic# show stp mstp show stp stpid show stp stpid \[command] show stp stpid stp id \[purpose] view spanning tree status of interfaces under the specified stp instance \[view] system view \[use cases] sonic# show stp stpid 1 show stp stpid show stp stpid \[command] show stp stpid \[{etherne |ink aggregation} interface name ] \[purpose] view the spanning tree status of a specific interface in a particular stp instance \[view] system view \[use cases] sonic# show stp stpid 1 ethernet 5 show stp bind show stp bind \[command] show stp mstp \[purpose] check the binding relationship between the specified stp instance and the vlan \[view] system view \[usage scenario] after configuring the mapping between instances and vlans on the device, you can execute this command to view the mapping by default, all vlans are bound to instance 0 unless mapped separately \[use cases] sonic# show stp bind stp enable mstp stp enable mstp \[command] stp enable mstp no stp enable mstp \[purpose] enable mstp mode \[view] system configuration view \[usage scenario] in complex layer 2 networks, in order to prevent loops or break loops, the spanning tree protocol (stp) can be deployed on switching devices the role of mstp is to prevent packets from continuously circulating and looping in a circular network, thereby avoiding performance degradation caused by devices repeatedly receiving the same packets mstp works by selecting the best path and blocking the remaining paths to ensure that there are no redundant paths and loops in the network this improves network reliability and stability \[use cases] sonic(config)# stp enable mstp stp bind vlan stp bind vlan \[command] stp bind vlan vlan id stp id no stp bind vlan \[purpose] bind vlan with stp instances \[parameter] parameter description vlan id vlan id, the range of value 1 4094 stp id stp id, the range of value 0 255 \[view] system configuration view \[usage scenario] after allowing the stp enabled switching device to start up normally, the stp related configuration for the current vlan defaults to stp instance with id 0 if you need to achieve business isolation for various access vlans through multiple processes, you can use this command to add the vlan where the access link is located to a specified stp instance \[use cases] sonic(config)# stp bind vlan 400 1 stp forward delay stp forward delay \[command] stp forward delay time \[purpose] configure the forward delay time of the device \[parameter] parameter description time value range 4 30, unit s \[view] system configuration view \[usage scenario] when the network topology changes, due to the time it takes for new bpdu configuration messages to propagate throughout the network, ports that should have been blocked may not have been blocked in time, and previously blocked ports should no longer be blocked this can potentially create a temporary loop to avoid temporary loops caused by this situation, you can configure the forward delay timer to set a delay period, during which all ports will be temporarily blocked \[notes] the port is temporarily blocked during the delay time set by the forward delay timer when configuring the hello time, forward delay and max age values, the configured values should satisfy the following relationships to ensure that the spanning tree algorithm of the entire network works effectively, otherwise the network will frequently oscillate 2 × (forward delay -1 0 s) ≥ max age max age ≥ 2 × (hello time + 1 0 s) \[use cases] sonic(config)# stp forward delay 5 stp hello stp hello \[command] stp hello time \[purpose] configure the time interval for the device to send bpdus \[parameter] parameter description time value range 1 10, unit s \[view] system configuration view \[usage scenario] in a network running spanning tree protocol (stp), switches periodically send bridge protocol data units (bpdus) to other devices in the same spanning tree to maintain the stability of the spanning tree by executing this command, user can set the interval for sending bpdus to maintain the stability of the network's topology \[use cases] sonic(config)# stp hello 5 stp max age stp max age \[command] stp max age time \[purpose] specify the aging time of bpdus on the device \[parameter] parameter description time value range 10 1000000, unit s \[view] system configuration view \[notes] the device will determine whether the bpdu received from the upstream device times out based on the max age time of the port if the bpdu times out, the device will age out the bpdu and block the port receiving the bpdu at the same time, and issue the bpdu with itself as the root bridge \[use cases] sonic(config)# stp max age 20 stp instance stp instance \[command] stp instance id no stp instance id \[purpose] create stp instances \[parameter] parameter description id value range 1 255 \[view] system configuration view \[usage scenario] mstp divides a switched network into multiple domains, each forming multiple spanning trees within the domain the spanning trees are independent of each other as long as two switches have the same mstp domain name and the same mapping between spanning trees and vlans, they belong to the same domain \[use cases] sonic(config)# stp instance 1 sonic(config stp 1)# stp name stp name \[command] stp name \[purpose] configure the stp instance name \[view] system configuration view \[usage scenario] mstp divides a switched network into multiple domains, each forming multiple spanning trees within the domain the spanning trees are independent of each other as long as two switches have the same mstp domain name and the same mapping between spanning trees and vlans, they belong to the same domain \[use cases] sonic(config)# stp name test port priority port priority \[command] port id priority value \[purpose] configure the priority of the interface in the spanning tree calculation \[parameter] parameter description value value range 0 15 \[view] stp view \[usage scenario] for switch device ports, the size of their port priority identifier (pid) may affect whether they are elected as designated ports during the spanning tree calculation, ports with smaller pids will be elected as designated ports \[notes] when port priority changes, the spanning tree will recompute the port roles and perform state transitions \[use cases] sonic(config)# stp instance 1 sonic(config stp 1)# port 1 priority 3 priority priority \[command] priority value \[purpose] configure the priority of the device in the specified instance \[parameter] parameter description value value range 0 15 \[view] stp view \[notes] the priority of a device is a crucial factor in the spanning tree calculation, and the priority of a switch device can impact the election of the root bridge a device with a lower priority value has a higher likelihood of being elected as the root bridge \[use cases] sonic(config)# stp instance 1 sonic(config stp 1)# priority 3 link aggregation priority link aggregation priority \[command] link aggregation id priority value \[purpose] configure the priority of the lag port in the specified instance \[parameter] parameter description value value range 0 15 \[use cases] sonic(config)# stp instance 0 sonic(config stp 0)# link aggregation 1 priority 3 stp bpdu filter enable stp bpdu filter enable \[command] stp bpdu filter enable no stp bpdu filter enable \[purpose] configure the current port as a bpdu filter port \[view] interface view \[usage scenario] in a layer 2 network running the spanning tree protocol, ports connected to end devices do not need to participate in the spanning tree calculation involving these ports in the calculation can affect the convergence speed of the network topology configure this command on edge devices to make edge ports not process or send bpdu packets this port will then be a bpdu filter port \[use cases] sonic(config)# interface ethernet 1 sonic(config if 1)# stp bpdu filter enable stp bpdu guard enable stp bpdu guard enable \[command] stp bpdu guard enable no stp bpdu guard enable \[purpose] configure edge port protection \[view] interface view \[usage scenario] in layer 2 networks running spanning tree protocol, ports connected to end user devices don't need to participate in spanning tree calculations their participation can slow down network topology convergence when malicious users send malicious bpdu (bridge protocol data unit) packets as part of an attack, it can cause network instability and disrupt user traffic by configuring bpdu protection on edge ports, if an edge port receives a bpdu packet, the port will be forcibly shut down \[notes] after an interface is shut down due to receiving a bpdu, user need to manually execute the no shutdown command to restore it \[use cases] sonic(config)# interface ethernet 1 sonic(config if 1)# stp bpdu guard enable qinq configuration qinq configuration show interface vlan stack show interface vlan stack \[command] show interface vlan stack \[purpose] view the vlan stack function configuration of the interface \[view] system view \[use cases] sonic# show interface vlan stack name vlan stack vlan remark 8021p remark tc mode \ ethernet1 100 101 null null tagged ethernet1 300 101 null null tagged ethernet1 400 101 null null tagged show interface qinq protocol show interface qinq protocol \[command] show interface qinq protocol \[ interface name ] \[purpose] view the qinq protocol configuration of the interface \[view] system view \[use cases] sonic# show interface qinq protocol 1 name protocol \ ethernet1 0x88a8 qinq protocol qinq protocol \[command] qinq protocol value no qinq protocol \[purpose] configure the tpid \[parameter] parameter description value 4 bit hexadecimal integer form, default value is 0x8100 \[view] interface view \[usage scenario] inbound direction in the inbound direction, the "qinq protocol" command is used for identifying vlan information in received packets if an interface receives qinq tagged packets and you don't want to modify the vlan information in the packet, the configuration should match the tpid (tag protocol identifier) of the incoming packet this means the tpid configuration should be consistent with the tpid used in the received packets outbound direction in the outbound direction, the "qinq protocol" command is used to modify the tpid value in outgoing packets \[use cases] sonic(config)# interface ethernet 1 sonic(config if 1)# qinq protocol 0x88a8 qinq enable qinq enable \[command] qinq enable \[purpose] enable basic qinq functionality on the interface \[view] interface view \[usage scenario] when the port enable switch is activated, all traffic entering the device from this port will be tagged with an additional layer corresponding to the port vlan id (pvid) if the packet does not have a vlan tag, it will be encapsulated with a layer corresponding to the pvid vlan if the packet already carries a vlan tag, an additional layer corresponding to the pvid vlan will be added \[use cases] sonic(config)# interface ethernet 1 sonic(config if 1)# qinq enable vlan stack {tagged|untagged} vlan stack {tagged|untagged} \[command] vlan stack {tagged|untagged} vlan id stack id \[remark dot1p dot1p value ] \[remark tc tc value ] no vlan stack untagged no vlan stack tagged \[purpose] configure the vlan stack function of the interface \[parameter] parameter description tagged interface received messages with vlan tag need to be overlaid as a two layer vlan untagged interface receives messages without vlan tags that require stacking two layer vlans vlan id vlan id of interface received with vlan tag packets or inner vlan id after qinq encapsulation of packets without vlan tag stack id specify the outer vlan tag after stacking dot1p value modify the 802 1p priority of the outer vlan tag tc value modify the priority of packets for local processing \[view] interface view \[usage scenario] vlan stacking is a layer 2 technology that allows the encapsulation of user packets with an outer vlan tag based on the user's vlan id this helps differentiate between different users' packets \[notes] to enable vlan stacking, it should be configured in the inbound direction if incoming packets are already vlan tagged, ensure that the tpid (tag protocol identifier) used for the outer vlan tag is different from the tpid configured on the interface if user need to remove the outer vlan tag, the interface should join the stacked vlan with an untagged mode if user don't need to remove the outer vlan tag, the interface should join the stacked vlan with a tagged mode \[use cases] sonic(config)# interface ethernet 1 sonic(config if 1)# qinq protocol 0x88a8 sonic(config if 1)# switchport access vlan 101 sonic(config if 1)# vlan stack tagged 100 101 remark dot1p 4 remark tc 4 loopback detection configuration loopback detection configuration show loopback detection config show loopback detection config \[command] show loopback detection config \[purpose] view interface loopback detection status configuration information \[view] system view \[use cases] sonic# show loopback detection config packets interval time 30 (sec) log interval time 0 (sec) port/vlan action recovery time status \ vlan55 enable show loopback detection config show loopback detection config \[command] show loopback detection config \[purpose] view interface loopback detection interface status information \[view] system view \[use cases] sonic# show loopback detection status you can re up err down ports one by one by "no shutdown" under interface config, re up all by "clear loopback detection", or configure "loopback detection recovery time" for automatic recovery loopback is detected port status caused by time \ ethernet57 shutdown ethernet61,vlan55 00 00 04 ethernet61 shutdown ethernet57,vlan55 00 00 04 loopback detection interval time loopback detection interval time \[command] loopback detection interval time interval \[purpose] configure interface loopback detection packet transmission interval \[parameter] parameter description interval value range 10 300, unit in seconds default value is 30 \[view] system configuration view \[usage scenario] this command configures the interval for periodically sending loopback detection packets users can adjust the loopback detection packet transmission interval based on network conditions a shorter interval results in more loopback detection packets being sent per unit of time, leading to more accurate interface loopback responses, but also consuming more system resources \[use cases] sonic(config)# loopback detection interval time 10 loopback detection log time loopback detection log time \[command] loopback detection log time interval \[purpose] configure the interface loopback detection alarm message transmission interval \[parameter] parameter description interval value range 10 300, unit in seconds default value is 0 \[view] system configuration view \[usage scenario] this command configures the interface loopback detection alarm message transmission interval, which specifies the period at which the information of disabled interfaces is printed when the default value is 0, it means that the warning message will not be printed repeatedly \[use cases] sonic(config)# loopback detection log time 10 loopback detection enable loopback detection enable \[command] loopback detection enable \[purpose] enable the loopback detection feature \[view] interface view、vlan view \[usage scenario] network loops can cause devices to repeatedly send broadcast, multicast, and unknown unicast packets, leading to network resource waste and even network paralysis to detect loops in a layer 2 network in real time and prevent serious impacts on the entire network, a detection technology is needed this technology should notify users promptly to check network connections and configurations when a loop is detected, and allow for placing the problematic interface into a controlled state loopback detection is such a detection technology it works by periodically sending detection packets from the interface, checking whether the packets return to the device (without requiring the same interface for both sending and receiving) this helps determine if there is a loop in the interface, the network or device connected to the device, or between two interfaces on the device upon detecting a loop, the loopback detection function triggers an alarm, logs the event, and, based on user configured settings, processes the interface (by default, disabling it) this places the interface into a controlled state, reducing the impact of the loop on the device and the entire network \[commit] configurations in the vlan view apply to all ports within the specified vlan, while configurations in the interface view apply only to the current port \[use cases] sonic(config)# vlan 10 sonic(config vlan 10)# loopback detection enable loopback detection action loopback detection action \[command] loopback detection action {logging|shutdown} \[purpose] configure the loopback detection handling action for the interface \[parameter] parameter description logging the interface only reports an alarm shutdown the interface is shut down \[view] interface view \[usage scenario] after enabling interface loopback detection, the interface will periodically check if it sends a loopback when the device detects a loop on the interface, the configuration set by this command can be used to take action on the interface, quickly minimizing the impact of the loop on the entire network \[notes] when the device detects a loop, it will automatically bring down the interface that received the detection packet however, the poe power supply to the interface will not be affected \[use cases] sonic(config)# interface ethernet 57 sonic(config if 57)# loopback detection action logging loopback detection recovery time loopback detection recovery time \[command] loopback detection recovery time interval \[purpose] configure the time for the interface to automatically recover to normal state after detecting a loopback \[parameter] parameter description interval value range 10 65535, unit in seconds \[view] interface view \[usage scenario] after enabling interface loopback detection, the interface will periodically send loopback detection packets upon detecting a loop, the configured action will be applied to the interface, and a timer will start users can configure the interface recovery time after the specified recovery time, the system will attempt to recover the interface if the loop is cleared by that time, the interface will be restored to its normal state \[use cases] sonic(config)# interface ethernet 57 sonic(config if 57)# loopback detection recovery time 60 clear loopback detection clear loopback detection \[command] clear loopback detection \[purpose] clear loopback detection information and enable all interfaces that are in a shutdown state \[view] system view \[usage scenario] when the loopback detection action is set to shutdown, after the loop is cleared, the interfaces that were error disabled cannot automatically recover you must manually execute the shutdown and no shutdown commands to restore the interface alternatively, you can use the clear loopback detection command to restart all interfaces that were shutdown \[use cases] sonic# clear loopback detection
