manualshive.com logo in svg

Allied Telesis AT-8000S Series, Cli Reference Manual, Page: 25 / 304

Share
Download
Allied Telesis AT-8000S Series Cli Reference Manual Download Page 25

AAA Commands

Page 23

User Guidelines

The default and optional list names created with the

 aaa authentication login

 command are used with the 

login 

authentication 

command.

Create a list by entering the 

aaa authentication login list-name method 

command for a particular protocol, where 

list-name

 is any character string used to name this list. The 

method

 argument identifies the list of methods that the 

authentication algorithm tries, in the given sequence.

The additional methods of authentication are used only if the previous method returns an error, not if it fails. To 
ensure that the authentication succeeds even if all methods return an error, specify 

none

 as the final method in 

the command line.

Example

The following example configures the authentication login.

aaa authentication enable

The 

aaa

 

authentication enable 

Global Configuration mode command defines authentication method lists for 

accessing higher privilege levels. To return to the default configuration, use the 

no

 form of this command.

Syntax

aaa authentication enable 

{

default 

|

 list-name

method1

 [

method2

...]

no aaa authentication enable 

{

default 

|

 list-name

}

Parameters

default

 — Uses the listed authentication methods that follow this argument as the default list of methods, 

when using higher privilege levels.

list-name

 — Character string used to name the list of authentication methods activated, when using access 

higher privilege levels (Range: 1-12 characters).

method1

 [

method2

...] — Specify at least one from the following table:

Default Configuration

If the 

default 

list is not set, only the enable password is checked. This has the same effect as the command 

aaa 

authentication enable default enable

.

On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has 
the same effect as using the command 

aaa authentication enable default enable none

.

Console(config)# 

aaa authentication login default radius local enable none

K e y w o r d

D e s c r i p t i o n

enable

Uses the enable password for authentication.

line

Uses the line password for authentication.

none

Uses no authentication.

radius

Uses the list of all RADIUS servers for authentication. Uses username $enabx$., 
where x is the privilege level.

tacacs

Uses the list of all  servers for authentication. Uses username 
"$enabx$." where x is the privilege level.

Summary of Contents for AT-8000S Series

Page 1: ...Layer 2 Ethernet Switch Allied Telesyn AT 8000S CLI Reference Guide...

Page 2: ...Allied Telesyn AT 8000S CLI Reference Guide...

Page 3: ...erminal Command Buffer 18 Negating the Effect of Commands 19 Command Completion 19 Nomenclature 19 Keyboard Shortcuts 19 CLI Command Conventions 20 Copying and Pasting Text 20 Chapter 2 AAA Commands 2...

Page 4: ...r 4 Clock Commands 46 clock set 46 clock source 46 clock timezone 47 clock summer time 48 sntp authentication key 49 sntp authenticate 50 sntp trusted key 50 sntp client poll timer 51 sntp broadcast c...

Page 5: ...GVRP Commands 86 gvrp enable Global 86 gvrp enable Interface 86 garp timer 87 gvrp vlan creation forbid 88 gvrp registration forbid 88 clear gvrp statistics 89 show gvrp configuration 89 show gvrp st...

Page 6: ...116 Chapter 12 PHY Diagnostics Commands 118 test copper port tdr 118 show copper ports tdr 118 show copper ports cable length 119 Chapter 13 Port Channel Commands 122 interface port channel 122 interf...

Page 7: ...servers 150 Chapter 18 RMON Commands 152 show rmon statistics 152 rmon collection history 154 show rmon collection history 154 show rmon history 155 rmon alarm 158 show rmon alarm table 159 show rmon...

Page 8: ...t 187 spanning tree link type 188 spanning tree pathcost method 188 spanning tree bpdu 189 clear spanning tree detected protocols 190 spanning tree mst priority 190 spanning tree mst max hops 191 span...

Page 9: ...ter 23 System Management Commands 232 ping 232 reload 234 hostname 234 stack master 235 stack reload 236 stack display order 236 stack change unit id 237 show stack 238 show users 239 show sessions 24...

Page 10: ...264 map mac macs group 265 show vlan macs group 265 switchport forbidden vlan 266 ip internal usage vlan 266 show vlan 267 show vlan internal usage 268 show interfaces switchport 269 Chapter 27 Web Se...

Page 11: ...x period 286 dot1x max req 287 dot1x timeout supp timeout 287 dot1x timeout server timeout 288 show dot1x 289 show dot1x users 291 show dot1x statistics 292 dot1x guest vlan 294 dot1x guest vlan enabl...

Page 12: ...and history buffer size Chapter 11 Management ACL Commands Define a permit or deny a rule or configure a management access control list Chapter 12 PHY Diagnostics Commands Display the optical transcei...

Page 13: ...multaneously configuring multiple VLANs or adds or remove VLANs Chapter 27 Web Server Commands Enable configuring the device from a browser or display the HTTP server configuration Chapter 28 802 1x C...

Page 14: ...terials Authorization RMA number A product sent to Allied Telesyn without a RMA number will be returned to the sender at the sender s expense To obtain a RMA number contact Allied Telesyn s Technical...

Page 15: ...Preface Contacting Allied Telesyn Page 13 Page 13...

Page 16: ...rivileged EXEC mode gives access to commands that are restricted on User EXEC mode and provides access to the device Configuration mode The Global Configuration mode manages the device configuration o...

Page 17: ...Global Configuration mode commands apply to features that affect the system as a whole rather than just a specific interface The configure Privileged EXEC mode command is used to enter the Global Con...

Page 18: ...nfiguration The interface ethernet Global Configuration mode command is used to enter the Interface Configuration mode to configure an Ethernet type interface Port Channel Contains commands to configu...

Page 19: ...minal emulation application Note The default data rate is 115200 a Set the data format to 8 data bits 1 stop bit and no parity b Set Flow Control to none c Under Properties select VT100 for Emulation...

Page 20: ...s entered in place of a parameter The matched keyword or parameters for this command are displayed To assist in using the CLI there is an assortment of editing features The following features are desc...

Page 21: ...stand alone device and e3 stands for Fast Ethernet port 3 on a stand alone device whereas 1 g3 stands for Gigabit Ethernet port 3 on stacking unit 1 and 1 e3 stands for Fast Ethernet port 3 on stacki...

Page 22: ...e Convention Description In a command line square brackets indicates an optional entry In a command line curly brackets indicate a selection of compulsory parameters separated by the character One opt...

Page 23: ...Using the CLI Editing Features Page 21...

Page 24: ...list of authentication methods activated when a user logs in Range 1 12 characters method1 method2 Specify at least one from the following table Default Configuration The local user database is checke...

Page 25: ...name method1 method2 no aaa authentication enable default list name Parameters default Uses the listed authentication methods that follow this argument as the default list of methods when using highe...

Page 26: ...in authentication The login authentication Line Configuration mode command specifies the login authentication method list for a remote telnet or console To return to the default configuration specifie...

Page 27: ...ault set with the aaa authentication enable command Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the defau...

Page 28: ...authentication methods for HTTPS server users To return to the default configuration use the no form of this command Syntax ip https authentication method1 method2 no ip https authentication Parameter...

Page 29: ...ivileged EXEC mode command displays information about the authentication methods Syntax show authentication methods Default Configuration This command has no default configuration Command Mode Privile...

Page 30: ...No password is defined Command Mode Line Configuration mode User Guidelines If a password is defined as encrypted the required password length is 32 characters Example The following example specifies...

Page 31: ...configuration Default Configuration No user is defined Command Mode Global Configuration mode User Guidelines User account can be created without a password A single username can be defined for privi...

Page 32: ...fter age out time has expired secure The address is deleted after the port changes mode to unlock learning no port security command This parameter is only available when the port is in the learning lo...

Page 33: ...dge table and statically adds ports to the group To unregister the MAC address use the no form of this command Syntax bridge multicast address mac multicast address ip multicast address bridge multica...

Page 34: ...ulticast address add remove ethernet interface list port channel port channel number list no bridge multicast forbidden address mac multicast address ip multicast address Parameters add Adds ports to...

Page 35: ...and no spaces a hyphen is used to designate a range of ports port channel number list Separate nonconsecutive port channels with a comma and no spaces a hyphen is used to designate a range of port cha...

Page 36: ...disabled Command Mode Interface Configuration VLAN mode User Guidelines IGMP snooping dynamically discovers multicast device ports When a multicast device port is discovered all the multicast packets...

Page 37: ...has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example the bridge tables are cleared port security The po...

Page 38: ...of packets from unknown sources and sends traps every 100 seconds if a packet with an unknown source address is received port security mode The port security mode Interface Configuration mode command...

Page 39: ...Command Mode Interface Configuration Ethernet port channel mode User Guidelines This command is only relevant in dynamic learning modes Example In this example the maximum number of addresses that are...

Page 40: ...Privileged EXEC mode command displays all entries in the bridge forwarding database Syntax show bridge address table vlan vlan ethernet interface port channel port channel number Parameters vlan Speci...

Page 41: ...VLAN such as VLAN 1 interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode U...

Page 42: ...face A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are n...

Page 43: ...ddress format ip format mac Parameters vlan id A valid VLAN ID value mac multicast address A valid MAC multicast address ip multicast address A valid IP multicast address format ip mac Multicast addre...

Page 44: ...lticast address table Vlan MAC Address Type Ports 1 01 00 5e 02 02 03 static 1 e1 2 e2 19 01 00 5e 02 02 08 static 1 e1 e8 19 00 00 5e 02 02 08 dynamic 1 e9 e11 Forbidden ports for multicast addresses...

Page 45: ...ty The show ports security Privileged EXEC mode command displays the port lock status Syntax show ports security ethernet interface port channel port channel number Parameters interface A valid Ethern...

Page 46: ...dresses ethernet interface port channel port channel number Parameters interface A valid Ethernet port port channel number A valid port channel number Console show ports security Port Status Learning...

Page 47: ...ample dynamic addresses in currently locked port 1 e1 are displayed Console show ports security addresses Port Status Learning Current Maximum 1 e1 Disabled Lock 1 1 e2 Disabled Lock 1 1 e3 Enabled Ma...

Page 48: ...h using the first three letters by name Jan Dec year Current year 2000 2097 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are...

Page 49: ...ommand Syntax clock timezone hours offset minutes minutes offset zone acronym no clock timezone Parameters hours offset Hours difference from UTC Range 12 13 minutes offset Minutes difference from UTC...

Page 50: ...date Indicates that summer time should start on the first specific date listed in the command and end on the second specific date in the command usa The summer time rules are the United States rules...

Page 51: ...n March End Last Sunday in October Time 1 00 am 01 00 Examples The following example sets summer time starting on the first Sunday in April at 2 am and finishing on the last Sunday in October at 2 am...

Page 52: ...broadcast Examples The following example defines the authentication key for SNTP and grants authentication sntp trusted key The sntp trusted key Global Configuration mode command authenticates the id...

Page 53: ...tp client poll timer Parameters seconds Polling interval in seconds Range 60 86400 Default Configuration Polling interval is 1024 seconds Command Mode Global Configuration mode User Guidelines There a...

Page 54: ...client enable Global Configuration mode command enables SNTP anycast client To disable the SNTP anycast client use the no form of this command Syntax sntp anycast client enable no sntp anycast client...

Page 55: ...ts globally Use the sntp anycast client enable Global Configuration mode command to enable anycast clients globally Examples The following example enables the SNTP client on Ethernet port 1 e3 sntp un...

Page 56: ...nt poll timer Global Configuration mode command determines polling time Examples The following example enables polling for Simple Network Time Protocol SNTP predefined unicast clients sntp server The...

Page 57: ...lling time Examples The following example configures the device to accept SNTP traffic from the server on 192 1 1 1 show clock The show clock User EXEC mode command displays the time and date from the...

Page 58: ...Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays the current SNTP configuration of the device Console show clock 15 29 03 PDT...

Page 59: ...ng example shows the status of the SNTP Authentication is required for synchronization Trusted Keys 8 9 Unicast Clients Enabled Unicast Clients Polling Enabled Server Polling Encryption Key 176 1 1 8...

Page 60: ...33 117 79 176 1 8 179 Unknown 12 17 17 987 PDT Feb 19 2002 8 98 189 19 Anycast server Server Interface Status Last response Offset Delay mSec mSec 176 1 11 8 VLAN 118 Up 9 53 21 789 PDT Feb 19 2002 7...

Page 61: ...Clock Commands Page 59...

Page 62: ...running config Represents the current running configuration file startup config Represents the startup configuration file image If the source file represents the active image file If the destination...

Page 63: ...fig command The commands in the loaded configuration file are added to those in the running configuration file as if the commands were typed in the command line interface CLI Thus the resulting config...

Page 64: ...e delete Privileged EXEC mode command deletes a file from a flash memory device Syntax delete url Parameters url The location URL or reserved keyword of the file to be deleted Range 1 160 characters T...

Page 65: ...Configuration If the unit number is unspecified the default setting is the master unit number Command Mode Privileged EXEC mode User Guidelines Use the show bootvar command to find out which image is...

Page 66: ...onfig Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example dis...

Page 67: ...mode User Guidelines There are no user guidelines for this command Examples The following example displays the active system image file that is loaded by the device at startup interface ethernet 1 e1...

Page 68: ...ts Syntax show backup config Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples Th...

Page 69: ...Configuration and Image File Commands Page 67...

Page 70: ...ines There are no user guidelines for this command Example The following example enables configuring Ethernet port 5 e18 interface range ethernet The interface range ethernet Global Configuration mode...

Page 71: ...Configuration Ethernet port channel mode command disables an interface To restart a disabled interface use the no form of this command Syntax shutdown no shutdown Default Configuration The interface i...

Page 72: ...Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example adds a description to Ethernet port 1 e5 spe...

Page 73: ...configuration use the no form of this command Syntax duplex half full Parameters no duplex half Forces half duplex operation full Forces full duplex operation Default Configuration The interface is s...

Page 74: ...s of the port Command Mode Interface Configuration Ethernet port channel mode User Guidelines If capabilities were specified when auto negotiation was previously entered not specifying capabilities wh...

Page 75: ...x Default Configuration The default setting is on Command Mode Interface Configuration Ethernet mode User Guidelines Auto All possibilities to connect a PC with cross or normal cables are supported an...

Page 76: ...There are no user guidelines for this command Example In the following example back pressure is enabled on port 1 e5 clear counters The clear counters User EXEC mode command clears statistics on an in...

Page 77: ...Mode Privileged EXEC mode User Guidelines This command is used to activate interfaces that were configured to be active but were shutdown by the system for some reason e g port security Example The fo...

Page 78: ...rnet interface port channel port channel number Console show interfaces advertise Port Type Neg Operational Link Advertisement e1 100M Copper Enabled e2 100M Copper Enabled e3 100M Copper Enabled e4 1...

Page 79: ...uto e4 100M Copper Full 100 Enabled Off Up Disabled Auto e5 100M Copper Full 100 Enabled Off Up Disabled Auto e6 100M Copper Full 100 Enabled Off Up Disabled Auto e7 100M Copper Full 100 Enabled Off U...

Page 80: ...no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the status of all configured interfaces...

Page 81: ...t Full syntax unit port port channel number A valid port channel number Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no...

Page 82: ...valid port channel number Default Configuration This command has no default configuration Command Modes User EXEC mode User Guidelines There are no user guidelines for this command Examples The follo...

Page 83: ...MAC Rx Errors 0 Symbol Errors 0 Received Pause Frames 0 Transmitted Pause Frames 0 Field Description InOctets Counted received octets InUcastPkts Counted received unicast packets InMcastPkts Counted...

Page 84: ...torm control include multicast IC The port storm control include multicast Interface Configuration Ethernet mode command counts multicast packets in broadcast storm control To disable counting multica...

Page 85: ...broadcast storm control use the no form of this command Syntax port storm control broadcast enable no port storm control broadcast enable Default Configuration Broadcast storm control is disabled Comm...

Page 86: ...1M and 10M 250M in steps based on the requested rate For GE devices possible values are in a range of 0 1 000 000 Default Configuration For FE devices the default storm control broadcast rate is 100 K...

Page 87: ...terface A valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for...

Page 88: ...GVRP on the device use the no form of this command Syntax gvrp enable no gvrp enable Default Configuration GVRP is globally disabled Command Mode Global Configuration mode User Guidelines There are no...

Page 89: ...e no garp timer Parameters join leave leaveall Indicates the type of timer timer_value Timer values in milliseconds in multiples of 10 Range 10 2147483647 Default Configuration Following are the defau...

Page 90: ...face The creation or modification of dynamic VLAN registration entries as a result of the GVRP exchanges on an interface are restricted only to those VLANs for which static VLAN registration exists Ex...

Page 91: ...umber A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Exampl...

Page 92: ...cs The show gvrp statistics User EXEC mode command displays GVRP statistics Syntax show gvrp statistics ethernet interface port channel port channel number Parameters interface A valid Ethernet port F...

Page 93: ...el number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displa...

Page 94: ...0S Switch CLI Reference Guide Legend INVPROT Invalid Protocol Id INVALEN Invalid Attribute Length INVATYP Invalid Attribute Type INVEVENT Invalid Event INVAVAL Invalid Attribute Value Port INVPROT INV...

Page 95: ...GVRP Commands Page 93...

Page 96: ...ion mode User Guidelines IGMP snooping can only be enabled on static VLANs Example The following example enables IGMP snooping ip igmp snooping Interface The ip igmp snooping Interface Configuration V...

Page 97: ...d statically using the bridge multicast forward all Interface Configuration VLAN mode command Example The following example enables automatic learning of multicast device ports on VLAN 2 ip igmp snoop...

Page 98: ...LAN mode command is used for setting the aging out time after multicast device ports are automatically learned To return to the default configuration use the no form of this command Syntax ip igmp sno...

Page 99: ...t should be immediately removed from the members list after receiving IGMP Leave Default Configuration The default leave time out configuration is 10 seconds Command Mode Interface Configuration VLAN...

Page 100: ...p igmp snooping interface User EXEC mode command displays IGMP snooping configuration Syntax show ip igmp snooping interface vlan id Parameters vlan id VLAN number Default Configuration This command h...

Page 101: ...lines To see the full multicast address table including static addresses use the show bridge multicast address table Privileged EXEC command Example The following example shows IGMP snooping informati...

Page 102: ...Page 100 Allied Telesyn AT 8000S Switch CLI Reference Guide Vlan IP Address Ports 1 224 239 130 2 2 3 1 e19...

Page 103: ...IGMP Snooping Commands Page 101...

Page 104: ...30 Default Configuration No IP address is defined for interfaces Command Mode Interface Configuration VLAN mode User Guidelines A single IP address can be defined The IP address can be defined only on...

Page 105: ...rmation about itself to the DHCP server on the network If the ip address dhcp command is used with or without the optional keyword the DHCP option 12 field host name option is included in the DISCOVER...

Page 106: ...es Syntax show ip interface ethernet interface number vlan vlan id port channel port channel number Parameters interface number Valid Ethernet port vlan id Valid VLAN number port channel number Valid...

Page 107: ...IP Addressing Commands Page 105 IP address Interface Type 10 7 1 192 24 VLAN 1 Static...

Page 108: ...e access SSH Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following...

Page 109: ...tion mode command sets the line for automatic baud rate detection autobaud To disable automatic baud rate detection use the no form of the command Syntax autobaud no autobaud Default Configuration Aut...

Page 110: ...idelines To specify no timeout enter the exec timeout 0 command Examples The following example configures the interval that the system waits until user input is detected to 20 minutes history The hist...

Page 111: ...ser Guidelines This command configures the command history buffer size for a particular line To configure the command history buffer size for the current terminal session use the terminal history size...

Page 112: ...ters number of commands Specifies the number of commands the system may record in its command history buffer Range 10 216 Default Configuration The default command history buffer size is 10 Command Mo...

Page 113: ...ified the default value is console Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays the line configuration Console show...

Page 114: ...d using the permit Management and deny Management commands If no match criteria are defined the default is deny If you reenter an access list context the new rules are entered at the end of the access...

Page 115: ...ess mask A valid network mask of the source IP address prefix length Number of bits that comprise the source IP address prefix The prefix length must be preceded by a forward slash Range 0 32 service...

Page 116: ...efix The prefix length must be preceded by a forward slash Range 0 32 service Service type Possible values telnet ssh http https and snmp Default Configuration This command has no default configuratio...

Page 117: ...called mlist as the management access list show management access list The show management access list Privileged EXEC mode command displays management access lists Syntax show management access list...

Page 118: ...cess class Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example...

Page 119: ...Management ACL Commands Page 117...

Page 120: ...EXEC mode User Guidelines The port to be tested should be shut down during the test unless it is a combination port with fiber port active The maximum length of the cable for the TDR test is 120 meter...

Page 121: ...able length User EXEC mode command displays the estimated copper cable length attached to a port Syntax show copper ports cable length interface Parameters interface A valid Ethernet port Full syntax...

Page 122: ...witch CLI Reference Guide Example The following example displays the estimated copper cable length attached to all ports Console show copper ports cable length Port Length meters 1 e1 50 1 e2 Copper n...

Page 123: ...PHY Diagnostics Commands Page 121...

Page 124: ...be defined with up to eight member ports per port channel The aggregated links valid IDs are 1 8 Example The following example enters the context of port channel number 1 interface range port channel...

Page 125: ...ber of the valid port channel for the current port to join on Forces the port to join a channel without an LACP operation auto Allows the port to join a channel as a result of an LACP operation Defaul...

Page 126: ...ion This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information on all...

Page 127: ...Port Channel Commands Page 125...

Page 128: ...nables traffic on one port to be copied to another port or between the source port src interface and a destination port port being configured The following restrictions apply to ports configured as de...

Page 129: ...nes for this command Example The following example configures all ingress mirrored packets from port 1 e9 to be transmitted as tagged packets show ports monitor The show ports monitor User EXEC mode c...

Page 130: ...Page 128 Allied Telesyn AT 8000S Switch CLI Reference Guide 1 e1 1 e8 RX TX Active No 1 e2 1 e8 RX TX Active No 1 e18 1 e8 RX Active No...

Page 131: ...Port Monitor Commands Page 129...

Page 132: ...ng power to the device Default Configuration The device discovery protocol is enabled Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command E...

Page 133: ...nterface Configuration Ethernet mode command configures the inline power management priority of the interface To return to the default configuration use the no form of this command Syntax power inline...

Page 134: ...shold as a percentage to compare measured power Range 1 99 Default Configuration The default threshold is 95 percent Command Mode Global Configuration mode User Guidelines There are no user guidelines...

Page 135: ...information about inline power Syntax show power inline ethernet interface Parameters interface Valid Ethernet port Full syntax unit port Default Configuration This command has no default configurati...

Page 136: ...usage power in Watts Usage Threshold The usage threshold expressed in percents for comparing the measured power and initiating an alarm if threshold is exceeded Traps Indicates if inline power traps...

Page 137: ...s Page 135 Absent Counter Counts the number of times power has been removed because powered device dropout was detected Invalid Signature Counter Counts the number of times an invalid signature of a p...

Page 138: ...ion QoS is disabled on the device Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables QoS on the device show qos...

Page 139: ...ge 0 3 Default Configuration All queues are expedite queues Command Mode Global Configuration mode User Guidelines When the specified number of expedite queues is 0 the Strict Priority scheduling meth...

Page 140: ...command sets a shaper on an egress interface To disable the shaper use the no form of this command Syntax traffic shape committed rate committed burst no traffic shape Parameters committed rate The av...

Page 141: ...EXEC mode User Guidelines If no keyword is specified port QoS information e g DSCP trusted CoS trusted untrusted etc is displayed If no interface is specified QoS information about all interfaces is d...

Page 142: ...ion mode User Guidelines Queue 4 is reserved for stacking Example The following example maps CoS 7 to queue 2 qos map dscp queue The qos map dscp queue Global Configuration mode command modifies the D...

Page 143: ...ssified with packet DSCP values Default Configuration CoS is the default trust mode Command Mode Global Configuration mode User Guidelines Packets entering a quality of service QoS domain are classifi...

Page 144: ...The following example configures Ethernet port 1 e15 to the default trust state qos cos The qos cos Interface Configuration Ethernet port channel mode command defines the default CoS value of a port T...

Page 145: ...t configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the DSCP port queue map Console config interface ethern...

Page 146: ...4 Allied Telesyn AT 8000S Switch CLI Reference Guide The following table describes the significant fields shown above Column Description d1 Decimal Bit 1 of DSCP d2 Decimal Bit 2 of DSCP 01 04 Queue n...

Page 147: ...QoS Commands Page 145...

Page 148: ...IUS server is skipped over by transaction requests Range 0 2000 key string Specifies the authentication and encryption key for all RADIUS communications between the device and the RADIUS server This k...

Page 149: ...e RADIUS server This key must match the encryption used on the RADIUS daemon Range 0 128 characters Default Configuration The key string is an empty string Command Mode Global Configuration mode User...

Page 150: ...ver source ip Global Configuration mode command specifies the source IP address used for communication with RADIUS servers To return to the default configuration use the no form of this command Syntax...

Page 151: ...ser guidelines for this command Example The following example configures the timeout interval to 5 seconds radius server deadtime The radius server deadtime Global Configuration mode command improves...

Page 152: ...Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays...

Page 153: ...Radius Commands Page 151...

Page 154: ...el number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displa...

Page 155: ...f packets received less than 64 octets in length excluding framing bits but including FCS octets and either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with...

Page 156: ...ange 1 3600 Default Configuration RMON statistics group owner name is an empty string Number of buckets specified for the RMON collection history statistics group is 50 Number of seconds in each polli...

Page 157: ...ecifies the requested set of samples Range 1 65535 throughput Indicates throughput counters errors Indicates error counters other Indicates drop and collision counters seconds Specifies the period of...

Page 158: ...mple Set 1 Owner CLI Interface 1 e1 Interval 1800 Requested samples 50 Granted samples 50 Maximum table size 500 Time Octets Packets Broadcast Multicast Util Jan 18 2002 21 57 00 303595962 357568 3289...

Page 159: ...ng bits but including FCS octets between 64 and 1518 octets inclusive but had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number...

Page 160: ...the selected variable is compared directly with the thresholds at the end of the sampling interval If the method is delta the selected variable value of the last sample is subtracted from the current...

Page 161: ...hreshold event index 20 show rmon alarm table The show rmon alarm table User EXEC mode command displays the alarms table Syntax show rmon alarm table Default Configuration This command has no default...

Page 162: ...as no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays RMON 1 alarms Field Description Index An in...

Page 163: ...sampling interval If the value is delta the value of the variable at the last sample is subtracted from the current value and the difference compared with the thresholds Startup Alarm The alarm that...

Page 164: ...name is an empty string Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines If log is specified as the notification type an entry is...

Page 165: ...rrors Log CLI Jan 18 2002 23 58 17 2 High Broadcast Log Trap device Manager Jan 18 2002 23 59 48 Field Description Index An index that uniquely identifies the event Description A comment describing th...

Page 166: ...s Maximum number of history table entries Range 20 270 log entries Maximum number of log table entries Range 20 100 Default Configuration History table size is 270 Log table size is 200 Console show r...

Page 167: ...l Configuration mode User Guidelines The configured table size takes effect after the device is rebooted Example The following example configures the maximum RMON history table sizes to 100 entries Co...

Page 168: ...p A group defines the objects available to the community Range 1 30 characters view name Specifies the name of a previously defined view The view defines the objects available to the community Range 1...

Page 169: ...tring consisting of numbers such as 1 3 6 2 4 or a word such as system Replace a single sub identifier with the asterisk wildcard to specify a subtree family for example 1 3 4 included Indicates that...

Page 170: ...3 security model readview Specifies a string that is the name of the view that enables only viewing the contents of the agent If unspecified all objects except for the community table and SNMPv3 user...

Page 171: ...should be entered if authentication and privacy are required 32 bytes should be entered Each byte in the hexadecimal character string is two hexadecimal digits Each byte can be separated by a period...

Page 172: ...f the device If the SNMPv3 engine ID is deleted or the configuration file is erased SNMPv3 cannot be used By default SNMPv1 v2 are enabled on the device SNMPv3 is enabled only by defining the Local En...

Page 173: ...no form of the command Syntax snmp server enable traps no snmp server enable traps Default Configuration SNMP traps are enabled Command Mode Global Configuration mode User Guidelines There are no use...

Page 174: ...n be entered multiple times for the same filter record Later lines take precedence when an object identifier is included in two or more lines Examples The following example creates a filter that inclu...

Page 175: ...ximum number of times to resend an inform request If unspecified the default maximum number of retries is 3 Range 1 255 Default Configuration This command has no default configuration Command Mode Glo...

Page 176: ...ent before resending informs If unspecified the default timeout period is 15 seconds Range 1 300 retries Specifies the maximum number of times to resend an inform request If unspecified the default ma...

Page 177: ...tem contact information Range 0 160 characters Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Do not include spaces in the text...

Page 178: ...ble name MIB variable name name value List of name and value pairs In the case of scalar MIBs only a single pair of name values In the case of an entry in a table at least one pair of name and value f...

Page 179: ...e displays the SNMP communications status Console show snmp Community String Community Access View name IP address public read only user view All private read write Default 172 16 1 1 private su Defau...

Page 180: ...e following example displays the SNMP engine ID Version 3 notifications Target Address Type Username Security Level UDP Port Filter Name TO Sec Retries 192 122 173 42 Inform Bob Priv 162 15 3 System C...

Page 181: ...er guidelines for this command Example The following example displays the configuration of views show snmp groups The show snmp groups Privileged EXEC mode command displays the configuration of groups...

Page 182: ...d Mode Privileged EXEC mode Console show snmp groups Name Security Views Model Level Read Write Notify user group V3 priv Default managers group V3 priv Default Default managers group V3 priv Default...

Page 183: ...the user Range 1 30 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The followin...

Page 184: ...er guidelines for this command Example The following example enables spanning tree functionality spanning tree mode The spanning tree mode Global Configuration mode command configures the spanning tre...

Page 185: ...m of this command Syntax spanning tree forward time seconds no spanning tree forward time Parameters seconds Time in seconds Range 4 30 Default Configuration The default forwarding time for the IEEE S...

Page 186: ...ing tree bridge hello time to 5 seconds spanning tree max age The spanning tree max age Global Configuration mode command configures the spanning tree bridge maximum age To return to the default confi...

Page 187: ...096 Default Configuration The default bridge priority for IEEE Spanning Tree Protocol STP is 32768 Command Modes Global Configuration mode User Guidelines The bridge with the lowest priority is electe...

Page 188: ...efault Configuration Default path cost is determined by port speed and path cost method long or short as shown below Command Modes Interface Configuration Ethernet port channel mode User Guidelines Th...

Page 189: ...nfigures the spanning priority on Ethernet port 1 e15 to 96 spanning tree portfast The spanning tree portfast Interface Configuration mode command enables PortFast mode In PortFast mode the interface...

Page 190: ...ype is shared Default Configuration The device derives the port link type from the duplex mode A full duplex port is considered a point to point link and a half duplex port is considered a shared link...

Page 191: ...nes BPDU handling when the spanning tree is disabled globally or on a single interface To return to the default configuration use the no form of this command Syntax spanning tree bpdu filtering floodi...

Page 192: ...sed only when working in RSTP or MSTP mode Example The following example restarts the protocol migration process on Ethernet port 1 e11 spanning tree mst priority The spanning tree mst priority Global...

Page 193: ...ber of hops in an MST region before the BDPU is discarded Range 1 40 Default Configuration The default number of hops is 20 Command Mode Global Configuration mode User Guidelines There are no user gui...

Page 194: ...tree MST calculations If a loop occurs the spanning tree considers path cost when selecting an interface to put in the forwarding state To return to the default configuration use the no form of this...

Page 195: ...n an MST region must have the same VLAN mapping configuration revision number and name Example The following example configures an MST region instance mst The instance MST Configuration mode command m...

Page 196: ...and the same name Example The following example maps VLANs 10 20 to MST instance 1 name mst The name MST Configuration mode command defines the configuration name To return to the default setting use...

Page 197: ...ST Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the configuration revision to 1 show mst The show MST Configuration mode command...

Page 198: ...iguration This command has no default configuration Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command Example The following example exits the MST config...

Page 199: ...e instance id show spanning tree detail active blockedports instance instance id show spanning tree mst configuration Parameters interface number A valid Ethernet port port channel number A valid port...

Page 200: ...29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 e1 Enabled 128 1 20000 FWD Root No P2p RSTP 1 e2 Enabled 128 2 20000 FWD Desg...

Page 201: ...tree disabled BPDU filtering mode RSTP Default port cost method long Root ID Priority N A Address N A Path Cost N A Root Port N A Hello Time N A Max Age N A Forward Delay N A Bridge ID Priority 36864...

Page 202: ...Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 e1 Enabled 128 1 20000 FWD Root No P2p RSTP 1 e2 Enabled 128 2 20000 FWD Desg No Shared STP 1 e4 Enabled 128 4 20000...

Page 203: ...ges 2 last change occurred 2d18h ago Times hold 1 topology change 35 notification 2 hello 2 max age 20 forward delay 15 Port 1 1 e1 enabled State Forwarding Role Root Port id 128 1 Port cost 20000 Typ...

Page 204: ...A Port 4 1 e4 enabled State Blocking Role Alternate Port id 128 4 Port cost 20000 Type Shared configured auto STP Port Fast No configured no Designated bridge Priority 28672 Address 00 30 94 41 62 c8...

Page 205: ...received 120638 Console show spanning tree mst configuration Name Region1 Revision 1 Instance Vlans mapped State 0 1 9 21 4094 Enabled 1 10 20 Enabled Console show spanning tree Spanning tree enabled...

Page 206: ...29 89 76 Path Cost 20000 Root Port 4 1 e4 Rem hops 19 Bridge ID Priority 32768 Address 00 02 4b 29 7a 00 Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 e1 Enabled 128 1 20000 FWD Boun No...

Page 207: ...signated port id 128 25 Designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Port 2 1 e2 enabled State Forwarding Role Designated Port id 128 2 Port cost 2000...

Page 208: ...f topology changes 2 last change occurred 1d9h ago Times hold 1 topology change 2 notification 2 hello 2 max age 20 forward delay 15 Port 1 1 e1 enabled State Forwarding Role Boundary Port id 128 1 Po...

Page 209: ...ort id 128 4 Port cost 20000 Type Shared configured auto Internal Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path cost 20...

Page 210: ...d Delay 15 sec Max hops 20 Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 21 4094 CST Root ID Priority 32768 Address 00 01 42 97 e0 00...

Page 211: ...Spanning Tree Commands Page 209...

Page 212: ...lt Configuration The default port number is 22 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the port to...

Page 213: ...generated in pairs one public DSA key and one private DSA key If the device already has DSA keys a warning and prompt to replace the existing keys with new keys are displayed This command is not saved...

Page 214: ...generates RSA key pairs ip ssh pubkey auth The ip ssh pubkey auth Global Configuration mode command enables public key authentication for incoming SSH sessions To disable this function use the no form...

Page 215: ...To remove an SSH public key use the no form of this command Syntax user key username rsa dsa no user key username Console config crypto key pubkey chain ssh Console config pubkey chain user key bob Co...

Page 216: ...tring Configuration mode command manually specifies an SSH public key Syntax key string key string row key string Parameters row Indicates the SSH public key row by row key string Specifies the key in...

Page 217: ...nes for this command Console config crypto key pubkey chain ssh Console config pubkey chain user key bob rsa Console config pubkey key key string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRon...

Page 218: ...he DSA key Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show ip ssh SSH serve...

Page 219: ...er Guidelines There are no user guidelines for this command Examples The following example displays SSH public keys stored on the device Console show crypto key mypubkey rsa RSA key data 005C300D 0609...

Page 220: ...Telesyn AT 8000S Switch CLI Reference Guide Key 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 Fingerprint 9A CC 01 C5 78 39 27 86 79 CC 23...

Page 221: ...SSH Commands Page 219...

Page 222: ...ing messages at various destinations such as the logging buffer logging file or syslog server Logging on and off at these destinations can be individually configured using the logging buffered logging...

Page 223: ...vel is informational The default facility is local7 Command Mode Global Configuration mode User Guidelines Up to 8 syslog servers can be used If no specific severity level is specified the global valu...

Page 224: ...s logged in the buffer Possible values emergencies alerts critical errors warnings notifications informational debugging Default Configuration The default severity level is informational Command Mode...

Page 225: ...following example changes the number of syslog messages stored in the internal buffer to 300 clear logging The clear logging Privileged EXEC mode command clears messages from the internal logging buf...

Page 226: ...notifications informational and debugging Default Configuration The default severity level is errors Command Mode Global Configuration mode User Guidelines There are no user guidelines for this comman...

Page 227: ...Configuration Logging AAA login events is enabled Command Mode Global Configuration mode User Guidelines Other types of AAA events are not subject to this command Example The following example enables...

Page 228: ...The management logging global configuration command enables logging management access list ACL events To disable logging management access list events use the no form of this command Syntax managemen...

Page 229: ...Messages 0 Dropped severity Buffer logging level debugging Buffer Messages 11 Logged 200 Max File logging level notifications File Messages 0 Dropped severity Syslog server 192 180 2 27 logging errors...

Page 230: ...TO 5 UPDOWN Line protocol on Interface FastEthernet0 0 changed state to up 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet1 0 changed state to down 11 Aug 2004 15 41 39 LIN...

Page 231: ...Aug 2004 15 41 43 LINK 3 UPDOWN Interface Ethernet1 1 changed state to up 11 Aug 2004 15 41 43 LINK 3 UPDOWN Interface Ethernet1 2 changed state to up 11 Aug 2004 15 41 43 LINK 3 UPDOWN Interface Eth...

Page 232: ...ence Guide Example The following example displays the settings of the syslog servers Console show syslog servers Device Configuration IP address Port Severity Facility Description 192 180 2 27 514 Inf...

Page 233: ...Syslog Commands Page 231...

Page 234: ...6 1472 bytes packet_count Number of packets to send If 0 is entered it pings until stopped Range 0 65535 packets time_out Timeout in milliseconds to wait for each reply Range 50 65535 milliseconds Def...

Page 235: ...seq 1 time 8 ms 64 bytes from 10 1 1 1 icmp_seq 2 time 8 ms 64 bytes from 10 1 1 1 icmp_seq 3 time 7 ms 10 1 1 1 PING Statistics 4 packets transmitted 4 packets received 0 packet loss round trip ms mi...

Page 236: ...g downloaded at the time of reset Example The following example reloads the operating system hostname The hostname Global Configuration mode command specifies or modifies the device host name To remov...

Page 237: ...This command is not relevant to standalone devices The following algorithm is used to select a unit as the master If only one master enabled unit is in the stack 1 or 2 it becomes the master If a uni...

Page 238: ...vileged EXEC mode User Guidelines This command is not relevant to standalone devices If no unit is specified all units are reloaded Example The following example reloads Unit 2 of the stack stack disp...

Page 239: ...at the top of the display and unit 1 at the bottom stack change unit id Note This command is operational in the AT 8000S 24 AT 8000S 24POE AT 8000S 48 and AT 8000S 48POE devices The stack change unit...

Page 240: ...unit Parameters unit Specifies the number of the unit Range 1 6 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines This command is not relevan...

Page 241: ...Software Master Uplink Downlink Status 3 00 00 b0 87 12 13 1 0 0 0 1 4 Slave 4 00 00 b0 87 12 14 1 0 0 0 3 5 Slave 5 00 00 b0 87 12 15 1 0 0 0 4 6 Slave 6 00 00 b0 87 12 16 1 0 0 0 5 2 Slave 1 00 00...

Page 242: ...r Guidelines There are no user guidelines for this command Examples The following example lists open Telnet sessions The following table describes significant fields shown above Console show users Use...

Page 243: ...Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the system information show version The show version User EXEC mode co...

Page 244: ...Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays system version information only for demonstration purposes Console sho...

Page 245: ...System Management Commands Page 243...

Page 246: ...mber Specifies a server port number Range 0 65535 timeout Specifies the timeout value in seconds Range 1 30 key string Specifies the authentication and encryption key for all TACACS communications bet...

Page 247: ...must match the encryption used on the TACACS daemon Range 0 128 characters Default Configuration Empty string Command Mode Global Configuration mode User Guidelines There are no user guidelines for th...

Page 248: ...o return to the default configuration use the no form of this command Syntax tacacs server source ip source no tacacs server source ip source Parameters source Specifies the source IP address Default...

Page 249: ...leged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays configuration and statistical information about a TACACS server Console show tacac...

Page 250: ...ult Configuration The default privilege level is 15 Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example enters Privileged EXEC mode...

Page 251: ...iguration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example enters Privileged EXEC mode...

Page 252: ...efault Configuration This command has no default configuration Command Mode All configuration modes User Guidelines There are no user guidelines for this command Example The following example changes...

Page 253: ...XEC mode Syntax end Default Configuration This command has no default configuration Command Mode All configuration modes User Guidelines There are no user guidelines for this command Example The follo...

Page 254: ...bles dumping all output immediately after entering the show command This command is relevant only for the current session Example This example dumps all output immediately after entering a show comman...

Page 255: ...ering into and returning from configuration modes Example The following example displays all the commands entered while in the current Privileged EXEC mode show privilege The show privilege Privileged...

Page 256: ...itch CLI Reference Guide User Guidelines There are no user guidelines for this command Example The following example displays the current privilege level for the Privileged EXEC mode Console show priv...

Page 257: ...User Interface Commands Page 255...

Page 258: ...lines for this command Example The following example enters the VLAN database mode vlan Use the vlan VLAN Configuration mode command to create a VLAN To delete a VLAN use the no form of this command S...

Page 259: ...re are no user guidelines for this command Example The following example configures VLAN 1 with IP address 131 108 1 27 and subnet mask 255 255 255 0 interface range vlan The interface range vlan Glob...

Page 260: ...889 to receive the same command name The name Interface Configuration mode command adds a name to a VLAN To remove the VLAN name use the no form of this command Syntax name string no name Parameters s...

Page 261: ...ensuring that all Unicast Broadcast and Multicast traffic from these ports is only forwarded to uplink port s PVE requires only one VLAN on each device but not on every port this reduces the number o...

Page 262: ...ess vlan Interface Configuration mode command configures the VLAN ID when the interface is in access mode To return to the default configuration use the no form of this command Syntax switchport acces...

Page 263: ...phen designates a range of IDs Default Configuration This command has no default configuration Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guideli...

Page 264: ...rt general allowed vlan remove vlan list Parameters add vlan list Specifies the list of VLAN IDs to be added Separate nonconsecutive VLAN IDs with a comma and no spaces A hyphen designates a range of...

Page 265: ...ser Guidelines There are no user guidelines for this command Example The following example configures the PVID for Ethernet port 1 e16 when the interface is in general mode switchport general acceptab...

Page 266: ...mand has no default configuration Command Mode Interface Configuration Ethernet port channel mode User Guidelines MAC based VLAN rules cannot contain overlapping ranges on the same interface The prior...

Page 267: ...he group number Range 1 2147483647 Default Configuration This command has no default configuration Command Mode VLAN Configuration mode User Guidelines There are no user guidelines for this command Ex...

Page 268: ...nates a range of IDs Default Configuration All VLANs are allowed Command Mode Interface Configuration Ethernet port channel mode User Guidelines This command can be used to prevent GVRP from automatic...

Page 269: ...e user wants to use that VLAN as a static or dynamic VLAN the user should do one of the following Remove the IP interface Create the VLAN and recreate the IP interface Use this command to explicitly c...

Page 270: ...ode User Guidelines There are no user guidelines for this command Example The following example displays VLANs used internally by the device Console show vlan VLAN Name Ports Type Authorization 1 defa...

Page 271: ...onfiguration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the switchport configuration for Ethernet port 1 e1...

Page 272: ...ically configured to Vlan Name Egress rule 1 default untagged 11 VLAN011 tagged 19 IPv6 VLAN untagged 72 VLAN0072 untagged Forbidden VLANS VLAN Name 73 out Console show interface switchport ethernet 1...

Page 273: ...Type All Port 1 e2 is statically confgiured to Vlan Name Egress rule 8 VLAN0072 untagged 91 IP Telephony tagged Forbidden VLANS VLAN Name 73 out Port 2 e19 Static configuration PVID 2922 Ingress Filt...

Page 274: ...er Guidelines Only a user with access level 15 can use the Web server Example The following example enables configuring the device from a browser ip http port The ip http port Global Configuration mod...

Page 275: ...r no ip https server Default Configuration Disabled Command Mode Global Configuration mode User Guidelines Use the crypto certificate generate Global Configuration mode command to generate an HTTPS ce...

Page 276: ...ange 512 2048 common name Specifies the fully qualified URL or IP address of the device Range 1 64 organization Specifies the organization name Range 1 64 organization unit Specifies the organization...

Page 277: ...ers number Specifies the certificate number Range 1 2 common name Specifies the fully qualified URL or IP address of the device Range 1 64 organization unit Specifies the organization unit or departme...

Page 278: ...r Guidelines Use this command to enter an external certificate signed by Certification Authority to the device To end the session enter an empty line The imported certificate must be based on a certif...

Page 279: ...rs number Specifies the certificate number Range 1 2 Default Configuration Certificate number 1 Command Mode Global Configuration mode User Guidelines The crypto certificate generate command should be...

Page 280: ...g example displays the certificate show ip http The show ip http Privileged EXEC mode command displays the HTTP server configuration Console config ip https certificate 1 Console show crypto certifica...

Page 281: ...TPS server configuration Syntax show ip https Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this co...

Page 282: ...lesyn AT 8000S Switch CLI Reference Guide Certificate 2 is inactive Issued by self signed Valid from 8 9 2004 to 8 9 2005 Subject CN router gm com 0 General Motors C US Finger print 1873B936 88DC3411...

Page 283: ...Web Server Commands Page 281...

Page 284: ...elines Additional methods of authentication are used only if the previous method returns an error and not if the request for authentication is denied To ensure that authentication succeeds even if all...

Page 285: ...he port and the client force authorized Disables 802 1X authentication on the interface and causes the port to transition to the authorized state without any authentication exchange required The port...

Page 286: ...e no user guidelines for this command Examples The following example enables periodic re authentication of the client dot1x timeout re authperiod The dot1x timeout re authperiod Interface Configuratio...

Page 287: ...no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following command manually initiates a re authentication of 802 1...

Page 288: ...ed Examples The following example sets the number of seconds that the device remains in the quiet state following a failed authentication exchange to 3600 dot1x timeout tx period The dot1x timeout tx...

Page 289: ...unt Number of times that the device sends an EAP request identity frame before restarting the authentication process Range 1 10 Default Configuration The default number of times is 2 Command Mode Inte...

Page 290: ...rtain clients and authentication servers Examples The following example sets the timeout period before retransmitting an EAP request frame to the client to 3600 seconds dot1x timeout server timeout Th...

Page 291: ...of the device or specified interface Syntax show dot1x ethernet interface Parameters interface Valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration...

Page 292: ...nds Max req 2 Supplicant timeout 30 Seconds Server timeout 30 Seconds Session Time HH MM SS 08 19 17 MAC Address 00 08 78 32 98 78 Authentication Method Remote Termination Cause Supplicant logoff Auth...

Page 293: ...Protocol EAP request identity frame from the client before resending the request Max req The maximum number of times that the device sends an Extensible Authentication Protocol EAP request frame assum...

Page 294: ...t Default Configuration This command has no default configuration Console show dot1x users Port Username Session Time Auth Method MAC Address 1 e1 Bob 1d 03 08 58 Remote 0008 3b79 8787 1 e2 John 08 19...

Page 295: ...rce 00 08 78 32 98 78 Field Description EapolFramesRx The number of valid EAPOL frames of any type that have been received by this Authenticator EapolFramesTx The number of EAPOL frames of any type th...

Page 296: ...r leave the guest VLAN the port should not be a static member of the guest VLAN Example The following example defines VLAN 2 as a guest VLAN EapolReqFramesTx The number of EAP Request frames other tha...

Page 297: ...he dot1x guest vlan Interface Configuration mode command Example The following example enables unauthorized users on Ethernet port 1 e1 to access the guest VLAN show dot1x advanced The show dot1x adva...

Page 298: ...Page 296 Allied Telesyn AT 8000S Switch CLI Reference Guide Examples The following example displays 802 1X advanced features for the device Console show dot1x advanced Guest VLAN 2...

Page 299: ...802 1x Commands Page 297...

Page 300: ...imezone 47 Command Completion 19 configure 249 Contacting Allied Telesyn 12 copy 60 crypto certificate generate 274 crypto certificate import 276 crypto certificate request 275 crypto key generate dsa...

Page 301: ...r learn pim dvmrp 95 ip igmp snooping mrouter time out 96 ip internal usage vlan 266 ip ssh port 210 ip ssh pubkey auth 212 ip ssh server 210 K Keyboard Shortcuts 19 key string 214 L line 106 logging...

Page 302: ...certificate 278 show crypto key mypubkey 216 show crypto key pubkey chain ssh 217 show dot1x 289 show dot1x advanced 295 show dot1x statistics 292 show dot1x users 291 show gvrp configuration 89 show...

Page 303: ...client enable Interface 53 sntp client poll timer 51 sntp server 54 sntp trusted key 50 sntp unicast client enable 53 sntp unicast client poll 54 spanning tree 182 spanning tree bpdu 189 spanning tre...

Page 304: ...acs server key 245 tacacs server source ip 246 tacacs server timeout 245 Terminal Command Buffer 18 terminal history 109 terminal history size 110 test copper port tdr 118 traffic shape 138 U User EXE...

Reviews:

No comments