You are here: Home > CLI Commands > Just_CLI_Topics > interface gigabitethernet

interface gigabitethernet

interface

interface gigabitethernet <slot>/<module>/<port>

bandwidth-contract <name>|{{app <app-name>|appcategory <app-category-name>} <bw-contract-name>} upstream|downstream [exclude]

description <string>

duplex {auto|full|half}

ip access-group {in|out|session {vlan <vlanId>}} <name>

jumbo

lacp {group|port-priority|timeout}

lldp {fast-transmit-counter <1-8>|fast-transmit-interval <1-3600>|med|proprietary[<neighbor><discovery>]|receive|sys-tlv<disable>|transmit|transmit-hold <1-100>|transmit-interval <1-3600> }600>

no ...

openflow-disable

poe

port monitor {gigabitethernet <slot>/<module>/<port> | port-channel <pid>}

priority-map <name>

sfp-alternate-detection

shutdown

spanning-tree {[bpduguard]|[cost <value>]|[point-to-point]|[port-priority <value>]|[portfast] [vlan]}

speed {10|100|auto}

speed-mode {10Gbps|1Gbps|40Gbps}

switchport {access vlan <vlan>|mode {access|trunk}|trunk {allowed vlan {<vlans>|add <vlans>|all|except <vlans>|remove <vlans>|<WORD>}| native vlan <vlan>}}

transmit

trusted {vlan <word>}

tunneled-node-port

xsec {point-to-point <macaddr> <key> allowed vlan <vlans> [<mtu>]|vlan <vlan>}

Description

This command configures a GigabitEthernet interface.

Syntax

Parameter

Description

Range

Default

<slot/module/port>

Interface in <slot>/<module>/<port> format.

bandwidth-contract

Apply a bandwidth contract to all upstream of downstream traffic, or to traffic for a specified application or application category

<name>

Name of a bandwidth contract configured with the aaa bandwidth-contract command. If you specify a bandwidth contract name before you specify an application or application category, the bandwidth contract is applied to all downstream or upstream traffic.

 

 

app <name>

Name of the application to which the bandwidth contract is applied. For a complete list of supported applications, issue the command show dpi application all.

appcategory <name>

Name of the application category to which the bandwidth contract is applied. For a complete list of supported applications, issue the command show dpi application category all.

downstream

Apply the bandwidth contract to downstream traffic.

upstream

Apply the bandwidth contract to upstream traffic.

exclude <app>|<appcategory>

Use this parameter to exclude application or application category traffic from a bandwidth contract.

 

 

description

String that describes this interface.

duplex

Transmission mode on the interface: full or half-duplex or auto to automatically adjust transmission.

auto/full/half

auto

ip access-group

Applies the specified ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. to the interface. Use the ip access-list command to configure an ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

This parameter requires the PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license.

in

Applies ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. to interface’s inbound traffic.

out

Applies ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. to interface’s outbound traffic.

session

Applies session ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. to interface and optionally to a selected VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. associated with this port.

jumbo

Enables or disables jumbo frame MTUMaximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet. configured via firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. on a port.

disabled

lacp

Configure an LACPLink Aggregation Control Protocol. LACP is used for the collective handling of multiple physical ports that can be seen as a single channel for network traffic purposes. group to the interface.

group <id> mode [active|passive]

Enter the LAGLink Aggregation Group . A LAG combines a number of physical ports together to make a single high-bandwidth data path. LAGs can connect two switches to provide a higher-bandwidth connection to a public network. number (0-7) and specify the mode (active or passive).

Active mode—the interface is in active negotiating state. LACPLink Aggregation Control Protocol. LACP is used for the collective handling of multiple physical ports that can be seen as a single channel for network traffic purposes. runs on any link that is configured to be in the active state. The port in an active mode also automatically initiates negotiations with other ports by initiating LACPLink Aggregation Control Protocol. LACP is used for the collective handling of multiple physical ports that can be seen as a single channel for network traffic purposes. packets.

Passive mode—the interface is not in an active negotiating state. LACPLink Aggregation Control Protocol. LACP is used for the collective handling of multiple physical ports that can be seen as a single channel for network traffic purposes. runs on any link that is configured in a passive state. The port in a passive mode responds to negotiations requests from other ports that are in an active state. Ports in passive state respond to LACPLink Aggregation Control Protocol. LACP is used for the collective handling of multiple physical ports that can be seen as a single channel for network traffic purposes. packets.

port-priority

Enter the port-priority value. The higher the value, the lower the priority.

1-65535

255

timeout

Enter the keyword long to set the LACPLink Aggregation Control Protocol. LACP is used for the collective handling of multiple physical ports that can be seen as a single channel for network traffic purposes. session to 90 seconds.

Enter the keyword short to set the LACPLink Aggregation Control Protocol. LACP is used for the collective handling of multiple physical ports that can be seen as a single channel for network traffic purposes. session to 3 seconds.

90

lldp

Configures an LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. functionality on an interface.

fast-transmit-counter

Set the number of the LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. data units sent each time fast LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. data unit transmission is triggered

1-8

4

fast-transmit-interval

Set the LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. fast transmission interval in seconds.

1-3600

1

med

Enables the LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. MED protocol.

disabled

proprietary neighbor discovery

Configures proprietary neighbor discovery.

receive

Enables processing of LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. PDUPower Distribution Unit or Protocol Data Unit. Power Distribution Unit is a device that distributes electric power to the networking equipment located within a data center. Protocol Data Unit contains protocol control Information that is delivered as a unit among peer entities of a network. received.

disabled

sys-tlv disable

Disables system TLVType-length-value or Tag-Length-Value. TLV is an encoding format. It refers to the type of data being processed, the length of the value, and the value for the type of data being processed. options.

enabled

transmit

Enables LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. PDUPower Distribution Unit or Protocol Data Unit. Power Distribution Unit is a device that distributes electric power to the networking equipment located within a data center. Protocol Data Unit contains protocol control Information that is delivered as a unit among peer entities of a network. transmit.

disabled

transmit-hold <1-100>

Set the transmit hold multiplier.

1-100

4

transmit-interval <1-3600>

Sets the transmit interval in seconds.

1-3600

30

no

Negates any configured parameter.

openflow-disable

Enables or disables Openflow on Gigabit EthernetEthernet is a network protocol for data transmission over LAN.

disabled

poe

Enables PoEPower over Ethernet. PoE is a technology for wired Ethernet LANs to carry electric power required for the device in the data cables. The IEEE 802.3af PoE standard provides up to 15.4 W of power on each port. on the interface.

enabled

cisco

Enables Cisco-style PoEPower over Ethernet. PoE is a technology for wired Ethernet LANs to carry electric power required for the device in the data cables. The IEEE 802.3af PoE standard provides up to 15.4 W of power on each port. on the interface.

disabled

port monitor gigabitethernet

port-channel

Monitors another interface on the managed device.

priority-map

Applies a priority map to the interface. Use the priority-map command to configure a priority map which allows you to map ToSType of Service. The ToS field is part of the IPv4 header, which specifies datagrams priority and requests a route for low-delay, high-throughput, or a highly reliable service. and CoSClass of Service. CoS is used in data and voice protocols for classifying packets into different types of traffic (voice, video, or data) and setting a service priority. For example, voice traffic can be assigned a higher priority over email or HTTP traffic. values into high priority traffic queues.

sfp-alternate-detection

Enables detection of SFP+Small Form-factor Pluggable+. SFP+ supports up to data rates up to 16 Gbps. via alternative communications protocol. This paramater is required for some SFP+Small Form-factor Pluggable+. SFP+ supports up to data rates up to 16 Gbps. transceivers.

shutdown

Causes a hard shutdown of the interface.

spanning-tree

Enables Rapid spanning tree or Per-VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. spanning tree.

enabled

bpduguard

Enables bpduguard on the edge ports.

disabled

cost

Administrative cost associated with the spanning tree. The cost prioritizes routing to the destination. The lower the cost, the higher the priority.

1-65535

4

point-to-point

Set interface as point to point.

disabled

port-priority

Spanning tree priority of the interface. A lower setting brings the port closer to root port position (favorable for forwarding traffic) than does a higher setting. This is useful if ports may contend for root position if they are connected to an identical bridge.

0-255

128

portfast

Enables forwarding of traffic from the interface.

disabled

vlan

Configure a VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. instance or a range of VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. IDs for spanning tree.

1-4094

disabled

speed

Sets the interface speed: 10 MbpsMegabits per second, 100 MbpsMegabits per second, 1000 MbpsMegabits per second, or auto configuration.

10|100|1000|auto

auto

speed-mode {10Gbps|1Gbps|40Gbps}

Sets the interface speed-mode to one of the following values:

10 GbpsGigabits per second.- - You can configure this on the ports, G0/0/0, G0/0/4, G0/0/8, and G0/0/12.

1 GbpsGigabits per second.- - You can configure this on the ports, G0/0/8 and G0/0/12.

40 GbpsGigabits per second.- - You can configure this on the ports, G0/0/0 and G0/0/4.

The port range details are as follows:

G0/0/0 - When applied on this port, the speed change is applicable to the port range 0/0/0 - 0/0/3.

G0/0/4 - When applied on this port, the speed change is applicable to the port range 0/0/4 - 0/0/7.

G0/0/8 - When applied on this port, the speed change is applicable to the port range 0/0/8 - 0/0/11.

G0/0/12 - When applied on this port, the speed change is applicable to the port range 0/0/12 - 0/0/15.

NOTE: This parameter is applicable only to Aruba 7280 controllers.

NOTE: You must reboot the controller after configuring this parameter.

10|1|40

switchport

Sets switching mode parameters for the interface.

access vlan <id>

Sets the interface as an access port for the specified VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. The interface carries traffic only for the specified VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN..

1

mode {access | trunk}

Sets the mode of the interface to access or trunk mode only.

access|trunk

access

port-security maximum <num> [level [[drop] [logging]

[shutdown interval <seconds>]]

Sets the port security parameters such as the maximum number of addresses that can be configured on the port. Upon exceeding the maximum limit, the port drops the packets on the port.

You can also set one of the following levels for dropping the packets on exceeding the limit:

drop—drops the packets

logging—drops the packets and records a message in the log file. This is the default level.

shutdown—drops the packet, records a log message, and shuts the port down for the specified time interval.

trunk {allowed vlan

{<vlans>|add <vlans>|all|except <vlans> |remove <vlans>|<WORD>}

| native vlan <vlan>}}

Sets the interface as a trunk port for the specified VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. A trunk port carries traffic for multiple VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. using 802.1q tagging to mark frames for specific VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. You can include all VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. configured on the managed device, or add or remove specified VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. You can also remove all the VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. from the list of allowed VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. configured on a trunk port. Specify native to identify the native VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. for the trunk mode interface. Frames on the native VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. are not 802.1q tagged.

transmit max-rate mbits <txrate> scheduler-profile <profile-name>

Sets a maximum transmit rate in MbpsMegabits per second and assigns a scheduler profile. Allowed range for maximum transmit rate is 1-100 MbpsMegabits per second.

trusted

Set this interface and range of VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. to be trusted. VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. not included in the trusted range of VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. will be, by default, untrusted.

Trusted ports and VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. are typically connected to internal controlled networks, while untrusted ports connect to third-party APs, public areas, or other networks to which access controls should be applied. When Aruba APs are attached directly to the managed device, set the port to be trusted.

enabled

vlan <word>

Sets the supplied range of VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. as trusted. All remaining become untrusted automatically.

For example, If you set a VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. range as:
vlanVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. 1-10, 100-300, 301, 305-400, 501-4094

Then all VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. in this range are trusted and all others become untrusted by default. You can also use the no trusted vlan command to explicitly make an individual VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. untrusted. The no trusted vlanVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. command is additive and adds given vlansVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. to the existing untrusted vlanVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. set.

However, if you execute the trusted vlan <word> command, it overrides any earlier untrusted VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. or a range of untrusted VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. and creates a new set of trusted VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN..

A port supports a user VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. range from 1-4094. If you want to set all VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. (1-4094) on a port as untrusted then mark the port itself as untrusted. By default the port and all its associated VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. are trusted.

1-4094

tunneled-node-port

Enable tunneled node capability on the interface.

disabled

xsec

Enables and configures the Extreme Security (xSec) protocol.

NOTE: You must purchase and install the xSec software module license in the Mobility Master.

point-to-point

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the managed device that is the xSec tunnel termination point, and the 16-byte shared key used to authenticate the managed device to each other. The key must be the same on both managed device.

allowed vlan

VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. that are allowed on the xSec tunnel.

mtu

(Optional) MTUMaximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet. size for the xSec tunnel.

vlan

xSec VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. ID. For managed device-to-managed device communications, both managed device must belong to the same VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN..

1-4094

Usage Guidelines

Use this command to configure settings for Mobility Master interface, including duplex, LLDPLink Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. and switchport settings. You can issue the show port status command to obtain information about the interfaces currently available on the Mobility Master.

Interface Bandwidth Contracts

7000 Series  controllers have the ability to classify and identify applications on the network.You can create bandwidth contracts to limit traffic for individual applications (or categories of applications) either sent from or received by a selected interface. There are two basic models for using this feature.

Limiting lower-priority traffic: If there is a lower-priority application or application type that you want to limit, apply a bandwidth contract just to that application, and allow all other application traffic to pass without any limits.

Protecting higher-priority traffic: If you want to guarantee bandwidth for a company-critical application or application group, you can add that application to an exception list, then apply a bandwidth contract to all remaining traffic.

You can apply bandwidth contracts using one or both of these models. Each interface supports up to 64 bandwidth contracts.

Interface contract Precedence

An interface bandwidth contract is applied to downstream traffic before a user-role bandwidth contract is applied, and for upstream traffic, the user-role bandwidth contract is applied before the interface bandwidth contract. For all traffic using compression and encryption, bandwidth contracts are applied after that traffic is compressed and encrypted. If you apply more than one bandwidth contract to any specific category type, then the bandwidth contracts are applied in the following order.

1. A contract that explicitly excludes an application

2. A contract that explicitly excludes an application category

3. A contract that applies to a specific application

4. A contract that applies to a specific application category

5. A generic bandwidth contract, not specific to any application or application category

Example

The following commands configure an interface as a trunk port for a set of VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.:

(host) [mynode] (config) # interface gigabitethernet 0/0/0

(host) [mynode] (config-range)# switchport mode trunk

(host) [mynode] (config-range)# switchport trunk native vlan 10

(host) [mynode] (config-range)# switchport trunk allowed vlan 1,10,100

The following commands configure trunk port 0/0/0 with test-aclAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. session for VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. 2.

(host) [mynode] (config) # interface range gigabitethernet 0/0/0

(host) [mynode] (config-range)# switchport mode trunk

(host) [mynode] (config-range)# ip access-group

(host) [mynode] (config-range)# ip access-group test session vlan 2

The following commands configure a interface bandwidth contract for a high-priority application.

(host) [mynode] (config) # interface gigabitethernet 0/0/1

(host) [mynode] (config) # bw-contract protectskype4b exclude app alg-skype4b-voice downstream

Related Commands

Command

Description

show interface gigabitethernet

Displays information about a specified Gigabit EthernetEthernet is a network protocol for data transmission over LAN. port.

Command History

Release

Modification

ArubaOS 8.3.0.0

A new parameter, speed-mode, was added.

ArubaOS 8.2.0.0

The following changes were introduced:

Updated the new syntax as ip access-group {in|out|session {vlan <vlanId>}} <name>

A new sub parameter <WORD> was added under switchport trunk allowed parameter. You can specify none to remove all the VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. from the list of allowed VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. configured on the trunk port.

A new parameter, sfp-alternate-detection, was added.

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

This command is available in the base operating system. The ip access-group parameter requires the PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license. The xsec parameter requires the xSec license.

Config mode on Mobility Master.

/*]]>*/