manualshive.com logo in svg

Aruba AT-8400 SERIES, User Manual

The Aruba AT-8400 SERIES is a cutting-edge networking solution designed for high-performance connectivity. Enhance your network with ease using the comprehensive User Manual available for free download on manualshive.com. Access detailed instructions and technical specifications to maximize the potential of your AT-8400 SERIES device. Elevate your network experience today.

Share
Download
background image

Chapter 26: 802.1x Port-Based Access Control Commands

278

SET PORTACCESS PORT AUTHENTICATOR

Syntax

set portaccess port=

port

|all authenticator 

[control=auto|forceauthenticate| 
forceunauthenticate] [quietperiod=

integer

[txperiod=

integer

] [reauthperiod=

integer

[supptimeOut=

integer

] [servtimeout=

integer

[maxreq=

integer

]

Parameters

port

Specifies the port whose Authenticator settings you 
want to set. You can specify more than one port at a 
time. To set all ports, specify ALL. The selected ports 
must already be set to the Authenticator role. To set 
port role, see 

SET PORTACCESS PORT ROLE 

on page 

280.

control

This parameter can take the following values:

Force-authenticate

: Disables 802.1X port-based 

authentication and causes the port to transition to the 
authorized state without any authentication 
exchange required. The port transmits and receives 
normal traffic without 802.1X-based authentication of 
the client. 

Force-unauthenticate

: Causes the port to remain in 

the unauthorized state, ignoring all attempts by the 
client to authenticate. The switch cannot provide 
authentication services to the client through the 
interface.

Auto

: Enables 802.1X port-based authentication and 

causes the port to begin in the unauthorized state, 
allowing only EAPOL frames to be sent and received 
through the port. The authentication process begins 
when the link state of the port changes. The switch 
requests the identity of the client and begins relaying 
authentication messages between the client and the 
authentication server. Each client that attempts to 
access the network is uniquely identified by the switch 
by using the client's MAC address. This is the default 
setting.

Summary of Contents for AT-8400 SERIES

Page 1: ...AT S60 Management Software AT S60 Command Line User s Guide AT 8400 SERIES SWITCH VERSION 2 0 0 PN 613 50401 00 Rev B...

Page 2: ...in are trademarks or registered trademarks of their respective owners Allied Telesyn Inc reserves the right to make changes in specifications and other information contained in this document without p...

Page 3: ...tes 13 Chapter 1 Starting a Command Line Management Session 14 Starting a Management Session 15 Command Line Interface Features 16 Command Formatting 17 Specifying Ports 17 Chapter 2 Basic Command Lin...

Page 4: ...ommands 58 ADD SNTPSERVER IPADDRESS 59 DELETE SNTPSERVER IPADDRESS 60 DISABLE SNTP 61 ENABLE SNTP 62 RESET SNTP 63 SET DATE 64 SET SNTP 65 SET TIME 66 SHOW SNTP 67 SHOW TIME 68 Chapter 5 SNMP Communit...

Page 5: ...er 10 Port Mirroring Commands 112 ADD SWITCH MIRROR 113 CREATE SWITCH MIRROR 114 DELETE SWITCH MIRROR 115 DESTROY SWITCH MIRROR 116 DISABLE SWITCH MIRROR 117 ENABLE SWITCH MIRROR 118 SET SWITCH MIRROR...

Page 6: ...TIVLANASSOC 177 SET MSTP PORT 178 SHOW MSTP 181 Chapter 16 VLANs and Multiple VLAN Commands 183 ADD VLAN 184 CREATE VLAN 187 DELETE VLAN 191 DESTROY VLAN 194 RESET VLAN 195 SET SWITCH MANAGEMENTVLAN 1...

Page 7: ...ting a Self Signed Certificate 238 Creating a CA Certificate 239 SHOW HTTP SERVER 241 Chapter 22 Encryption Commands 242 CREATE ENCO KEY 243 DESTROY ENCO KEY 246 SET ENCO KEY 247 SHOW ENCO KEY 248 Cha...

Page 8: ...CCESS 277 SET PORTACCESS PORT AUTHENTICATOR 278 SET PORTACCESS PORT ROLE 280 SET PORTACCESS PORT SUPPLICANT 281 SHOW PORTACCESS 283 Chapter 27 TACACS and RADIUS Commands 284 ADD RADIUSSERVER 285 ADD T...

Page 9: ...Telesyn on page 12 Obtaining Management Software Updates on page 13 How This Guide is Organized This section describes the organization of the chapters and provides information about the security feat...

Page 10: ...AN Registration Protocol Commands Chapter 18 MAC Address Table Commands Chapter 19 IGMP Snooping Commands Chapter 20 Statistics Commands Chapter 21 Web Server Commands Chapter 22 Encryption Commands C...

Page 11: ...blic Key Infrastructure PKI Secure Socket Layer SSL and Secure Shell SSH features only appear in the AT S60 version 2 0 0 software The authentication features 802 1x Port Based Access Control as well...

Page 12: ...tions Note Notes provide additional information Warning Warnings inform you that performing or omitting a specific action may result in bodily injury Caution Cautions inform you that performing or omi...

Page 13: ...ased Guides The installation and user guides for all Allied Telesyn products are available in Portable Document Format PDF from on our web site at www alliedtelesyn com You can view the documents on l...

Page 14: ...use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions Email and Telephone Support For Technical Support via email or telephone ref...

Page 15: ...ts can be downloaded from either of the following Internet sites the Allied Telesyn web site http www alliedtelesyn com the Allied Telesyn FTP server ftp ftp alliedtelesyn com To use the FTP server go...

Page 16: ...pter 1 Starting a Command Line Management Session This chapter contains the following topics Starting a Management Session on page 15 Command Line Interface Features on page 16 Command Formatting on p...

Page 17: ...net management session you will see the AT S60 Main Menu which contains the following option C Command Line Interface Type C to display the command line prompt The prompt will differ depending on whet...

Page 18: ...tures are supported in the command line interface Command history Use the up and down arrow keys Context specific help Press the question mark key at any time to see a list of legal next parameters Ke...

Page 19: ...Series switch containing the line card The AT 8400 Chassis has 12 slots for line cards Port is the port number on the line card For instance to indicate Port 4 on a line card in Slot 8 enter 8 4 For e...

Page 20: ...AT 8413 G BT line card comes with one 10 100 1000Base T twisted pair port and one GBIC expansion slot Only one port is active on the line card at a time The port number for the active port is always...

Page 21: ...QUIT on page 21 MENU on page 22 SAVE CONFIGURATION on page 23 SET PROMPT on page 24 SET SWITCH CONSOLEMODE on page 25 SHOW USER on page 26 Note Remember to save your changes with the SAVE CONFIGURATIO...

Page 22: ...Chapter 2 Basic Command Line Commands 20 CLEAR SCREEN Syntax clear screen Parameters None Description This command clears the screen Example The following command clears the screen clear screen...

Page 23: ...rs None Description Both commands perform the same function they end a management session If you are managing a slave switch the commands return you to the master switch from which you started the man...

Page 24: ...tax menu Parameters None Description This command displays the AT S60 Main Menu For instructions on how to use the management menus refer to the AT S60 Management Software User s Guide Example The fol...

Page 25: ...ating parameter of the switch such as enter a new IP address or create a new VLAN the change is stored in temporary memory It is lost the next time you reset the switch or power cycle the unit To perm...

Page 26: ...phanumeric characters Spaces and special characters are allowed The prompt must be enclosed in quotes Description This command changes the command prompt Assigning each switch a different command prom...

Page 27: ...n Menu This is the default cli Specifies the command line prompt Description You use this command to specify whether you want your management sessions to start by displaying the command line interface...

Page 28: ...r 2 Basic Command Line Commands 26 SHOW USER Syntax show user Parameter None Description Displays the user account you used to log on to the switch The user account is Manager or Operator Example show...

Page 29: ...ABLE TELNET on page 32 PING on page 33 PURGE IP on page 34 RESET ASYN on page 35 RESET IP on page 36 RESET IP ROUTE on page 37 RESET SYSTEM on page 38 RESTART REBOOT on page 39 RESTART SWITCH on page...

Page 30: ...51 SHOW DHCPBOOTP on page 52 SHOW IP on page 53 SHOW IP ROUTE on page 54 SHOW SWITCH on page 55 SHOW SWITCH LINECARD on page 56 SHOW SYSTEM on page 57 Note Remember to save your changes with the SAVE...

Page 31: ...uide 29 DISABLE DHCPBOOTP Syntax disable dhcpbootp Parameters None Description This command deactivates the DHCP and BOOTP client software on the switch Example The following command deactivates DHCP...

Page 32: ...None Description This command disables Telnet access to the switch Caution Before you enable the Secure Shell SSH feature disable Telnet access to the switch If you do not disable Telnet while SSH is...

Page 33: ...ontinuous requests for its IP configuration until a DHCP or BOOTP server responds If you assigned the switch an IP address manually the address is discarded when DHCP and BOOTP are activated The defau...

Page 34: ...ic Switch Commands 32 ENABLE TELNET Syntax enable telnet Parameters None Description This command enables Telnet access to the switch Example The following command enables Telnet access to the switch...

Page 35: ...itch to ping Description This command instructs the switch to ping an end node You can use this command to determine whether a valid link exists between the switch and another device Example The follo...

Page 36: ...returns the switch s IP address subnet mask and default gateway address to the default settings This command is similar in function to the RESET IP command Where they differ is that this command allow...

Page 37: ...the AT 8401 management fabric card to the default value of 9600 bps Note Ifyouaremanagingtheswitchlocally changingthebaudrateofthe serial port ends your management session For instructions on how to...

Page 38: ...the IP address subnet mask and gateway address to their default values which are IP address 0 0 0 0 Subnet mask 0 0 0 0 Default gateway address 0 0 0 0 To return one of the above parameters to its def...

Page 39: ...ute Parameter None Description This command returns the default gateway address to its default value of 0 0 0 0 You can use the PURGE IP on page 34 to perform the same function Example The following c...

Page 40: ...n of the switch Description This command deletes the switch s name the name of the network administrator responsible for managing the unit and the location of the unit Note To set the name contact or...

Page 41: ...command returns the switch s operating parameters to the default settings For a list of the default settings see Appendix A AT S60 Default Settings of the AT S60 Management Software User s Guide Examp...

Page 42: ...g the time required to run its internal diagnostics and reload the operating software Your local or remote management session with the switch ends when you reset the unit You must reestablish the sess...

Page 43: ...te of the serial port on the AT 8401 management card The serial port is used for local management of the switch Note Changing the baud rate of the serial port ends your management session if you are m...

Page 44: ...net mask if you manually assigned the switch an IP address Description This command configures the following switch parameters IP address Subnet mask This command can also activate the DHCP and BOOTP...

Page 45: ...set ip interface 1 ipaddress 140 35 22 22 netmask 255 255 255 0 The following command sets the subnet mask set ip interface 1 netmask 255 255 255 252 The following command activates the DHCP and BOOT...

Page 46: ...witch Description This command specifies the IP address of the default gateway for the AT 8400 Series switch This IP address is required if you intend to remotely manage the device from a remote manag...

Page 47: ...The password can be from 1 to 20 alphanumeric characters Allied Telesyn International recommends avoiding special characters such as spaces asterisks or exclamation points since some web browsers do n...

Page 48: ...The password can be from 1 to 20 alphanumeric characters Allied Telesyn International recommends avoiding special characters such as spaces asterisks or exclamation points since some web browsers do...

Page 49: ...ions If the AT S60 software does not detect any activity from a local or remote management station after the time set with the console timer it automatically ends the management session This security...

Page 50: ...often a building and room number The location can be from 1 to 15 alphanumeric characters in length and must be enclosed in quotes Spaces are permitted Description This command sets a switch s name t...

Page 51: ...operating temperature for the switch The range is 0 to 90 C The default is 80 C Description This command sets the switch s maximum operating temperature If the switch exceeds the temperature the AT S...

Page 52: ...owing operating parameters of the serial port on the AT 8401 management card Baud rate Parity Data bits Stop bits Of the above values only the baud rate is adjustable on the serial port To change it r...

Page 53: ...configuration file This is the configuration file the switch will use the next time it is reset or power cycled Current configuration file This is the configuration file the switch is currently using...

Page 54: ...on the switch The status is either enabled or disabled The default setting for DHCP and BOOTP is disabled To enable DHCP and BOOTP client software refer to ENABLE DHCPBOOTP on page 31 To disable the D...

Page 55: ...his command displays the current values for the following switch parameters IP address Subnet mask Default gateway To set the IP address and subnet mask refer to SET IP on page 42 To set the default g...

Page 56: ...tion This command displays the switch s default gateway address You can also display the gateway address using SHOW IP on page 53 To set the default gateway address refer to SET IP ROUTE on page 44 Ex...

Page 57: ...plication software build date Bootloader version Bootloader build date MAC address of the AT 8401 management card Switch VLAN mode Enhanced stacking mode Management disconnect timer interval Web serve...

Page 58: ...Specifies the slot number containing the line card whose information you want to view Description This command displays the following line card information Serial number Model name Operating temperatu...

Page 59: ...or responsible for managing the unit Location of the unit Distinguished name Temperature threshold Celsius For instructions on how to set the name contact and location of the switch see SET SYSTEM on...

Page 60: ...IPADDRESS on page 60 DISABLE SNTP on page 61 ENABLE SNTP on page 62 RESET SNTP on page 63 SET DATE on page 64 SET SNTP on page 65 SET TIME on page 66 SHOW SNTP on page 67 SHOW TIME on page 68 Note Rem...

Page 61: ...add sntpserver ipaddress ip address Parameter ipaddress Specifies the IP address of the SNTP server Description This command specifies the IP address of the SNTP server Example The following command a...

Page 62: ...sntpserver ipaddress ip address Parameter ipaddress Specifies the IP address of the SNTP server Description This command deletes the IP address of the SNTP server Example The following command deletes...

Page 63: ...AT S60 Command Line User s Guide 61 DISABLE SNTP Syntax disable sntp Parameters None Description This command disables SNTP Example The following command disables SNTP on the switch disable sntp...

Page 64: ...Chapter 4 SNTP Commands 62 ENABLE SNTP Syntax enable sntp Parameters None Description This command enables SNTP Example The following command enables SNTP enable sntp...

Page 65: ...AT S60 Command Line User s Guide 63 RESET SNTP Syntax reset sntp Parameters None Description This command resets SNTP to its default values Example The following command resets SNTP reset sntp...

Page 66: ...x set date dd mm yyyy Parameter date Specifies the date for the SNTP server in day month year format Description This command sets the date on the SNTP server Example The following command sets the da...

Page 67: ...e pollinterval The time interval between two successive queries to the SNTP server The range is 60 to 1200 seconds The default is 600 seconds utcoffset The time difference in hours between Universal C...

Page 68: ...yntax set time hh mm ss Parameter time Specifies the hour minutes and seconds of the current time in 24 hour format Description This command sets the system time Example The following command sets the...

Page 69: ...information Status Server IP address UTC Offset Daylight Savings Time DST enabled or disabled Poll Interval Last Delta The last adjustment that was applied to the system time It is the drift in the sy...

Page 70: ...Chapter 4 SNTP Commands 68 SHOW TIME Syntax show time Parameters None Description This command shows the current system time Example The following command shows the current system time show time...

Page 71: ...page 76 DISABLE SNMP on page 77 DISABLE SNMP AUTHENTICATETRAP on page 78 DISABLE SNMP COMMUNITY on page 79 ENABLE SNMP on page 80 ENABLE SNMP AUTHENTICATETRAP on page 81 ENABLE SNMP COMMUNITY on page...

Page 72: ...ce to which traps generated by the switch are sent A community string can have up to eight IP addresses of trap receivers but only one IP address can be added at a time with this command The MANAGER p...

Page 73: ...AT S60 Command Line User s Guide 71 The following command adds the IP address of 149 212 10 11 as a trap receiver to the public community string add snmp community public traphost 149 212 10 11...

Page 74: ...ng that any management workstation can use the string to access the switch no The community string is closed meaning that only those management workstations whose IP addresses are assigned to the stri...

Page 75: ...nt workstations whose IP addresses are assigned to the switch will be able to use the string The TRAPHOST parameter specifies the IP address of a trap receiver to receive traps from the switch A commu...

Page 76: ...the IP address of a management workstation create snmp community wind11 access write open no manager 149 35 24 22 The OPEN NO parameter could be omitted from the example since closed status is the de...

Page 77: ...community string Once an IP address is removed the switch will not send traps to the trap receiver represented by the address The MANAGER parameter removes a management station from the community str...

Page 78: ...delete from the switch Description This command deletes a SNMP community string from the switch Any IP addresses of management stations and trap receivers assigned to the community string are deleted...

Page 79: ...mp Parameters None Description This command disables SNMP on the switch When SNMP is disabled you cannot manage the switch from an SNMP management station The default setting for SNMP is disabled Exam...

Page 80: ...ps the switch from sending authentication failure traps to trap receivers However the switch will continue to send other system traps such as alarm traps The default setting for sending authentication...

Page 81: ...leaving SNMP and all other community strings active Any IP addresses of management stations or trap receivers assigned to the community string are also disabled A disabled community string cannot be u...

Page 82: ...iption This command activates SNMP on the switch When SNMP is activated you can remotely manage the unit with an SNMP application program from a management station on your network The default setting...

Page 83: ...station attempts to access the switch using an incorrect or invalid community string or the management station s IP address has not been added to a community string that has a closed access status Th...

Page 84: ...nity string Description This command enables a community string on the switch The default setting for a community string is enabled Use this command to enable a community string that you previously di...

Page 85: ...f the community string The options are yes The community string is open meaning that any management workstation can use the string to access the switch no The community string is closed meaning that o...

Page 86: ...SNMP Community Strings and Trap Commands 84 The following command changes the access level for the SNMP community string serv12 to read and write with open access set snmp community serv12 access writ...

Page 87: ...eter is disabled the switch will not send out authentication failure traps but it will send out other system traps The default setting is enabled To enable authentication failure traps refer to ENABLE...

Page 88: ...orkstations can use the string A string with a Open Access of No has a closed access status only those management workstations whose IP addresses have been assigned to the string can use it To change...

Page 89: ...nds ACCESS SWITCH on page 88 EXIT on page 90 SET SWITCH STACKMODE on page 91 SHOW REMOTELIST on page 92 Note Remember to save your changes with the SAVE CONFIGURATION command Note Refer to the AT S60...

Page 90: ...at supports enhanced stacking such as another AT 8400 Series switch or an AT 8000 Series switch You can specify the switch by switch number or by MAC address both of which are displayed with SHOW REMO...

Page 91: ...mples The following command starts a management session on switch number 12 access switch number 12 The following command starts a management session on a switch with a MAC address of 00 30 84 52 02 1...

Page 92: ...t session For a master switch this command actually disconnects the session However for a slave switch entering the EXIT command ends the slave session and displays the Stacking Services Menu on the m...

Page 93: ...lave does not need an IP address This is the default setting for a switch unavailable Specifies the switch s stacking mode as unavailable A switch with this status cannot be managed from an enhanced s...

Page 94: ...list does not include the master switch on which you started the management session Note You must perform the SHOW REMOTELIST command from a management session of a master switch This command will no...

Page 95: ...Parameter Commands This chapter contains the following commands RESET SWITCH PORT on page 94 SET SWITCH PORT on page 95 SHOW SWITCH PORT on page 99 Note Remember to save your changes with the SAVE CON...

Page 96: ...o specify ports refer to Command Formatting on page 17 Description This command resets a port The reset takes less that a second to complete You might reset a port if it is experiencing a problem esta...

Page 97: ...cifying Ports on page 17 status Specifies the operating status of the port Possible settings are enabled The port will forward Ethernet frames This is the default setting disabled The port will not fo...

Page 98: ...n the end node connected to the port This is the default setting This parameter applies only to twisted pair ports speed Sets the speed and duplex mode of the port Settings for this parameter are auto...

Page 99: ...received on the port are directed to the high priority egress queue Description This command sets a port s operating parameters You can set more than one parameter at a time with this command For an...

Page 100: ...ng command sets port priority to the high priority queue and activates the broadcast filter for Ports 5 and 8 on the line card in Slot 6 and Port 8 on the line card in Slot 12 set switch port 6 5 8 12...

Page 101: ...ion on how to enter ports refer to Specifying Ports on page 17 If you do not specify a port all ports are displayed Description This command displays a port s operating parameters such as speed and du...

Page 102: ...r contains the following command SET SWITCH PORT SECURITYMODE on page 101 Note Remember to save your changes with the SAVE CONFIGURATION command Note Refer to the AT S60 Management Software User s Gui...

Page 103: ...This is the default setting limited Sets the port to the Limited security mode The port learns a limited number of dynamic MAC addresses set with the LEARN parameter secure Sets the port to the Secure...

Page 104: ...set to trap or disable This option does not apply when intrusion action is set to discard Options are yes Enables the trap or disable intrusion action no Disables the trap or disable intrusion action...

Page 105: ...d in Slot 4 to the Limited mode specifies a limit of 5 dynamic MAC addresses and sets the intrusion action to send a trap set switch port 4 8 securitymode limited learn 5 intrusionaction trap particip...

Page 106: ...UNK on page 106 DELETE SWITCH TRUNK on page 108 DESTROY SWITCH TRUNK on page 109 SET SWITCH TRUNK on page 110 SHOW SWITCH TRUNK on page 111 Note Remember to save your changes with the SAVE CONFIGURATI...

Page 107: ...be added to the port trunk You can add more than one port at a time For information on how to enter ports refer to Specifying Ports on page 17 Description This command adds ports to an existing port...

Page 108: ...0m The ports of the trunk are operating at 1000 Mbps Description This command creates a port trunk To create the trunk you specify the ports on the switch that will constitute the trunk You must also...

Page 109: ...Line User s Guide 107 The following command creates a port trunk of two 1000 Mbps ports on two AT 8413 line cards in Slots 3 and 4 It assigns the trunk the name rm44 create switch trunk rm44 port 3 1...

Page 110: ...t Specifies the ports to be removed from the existing port trunk To remove all ports use the ALL option Description This command removes ports from a port trunk Note To completely remove a port trunk...

Page 111: ...s been deleted the ports that made up the trunk can be connected to different end nodes Caution Disconnect the cables from the port trunk on the switch before destroying the trunk Deleting a port trun...

Page 112: ...sitive speed Specifies the new speed of the trunk Options are 10_100m The ports of the trunk are operating at 10 or 100 Mbps 1000m The ports of the trunk are operating at 1000 Mbps Description This co...

Page 113: ...111 SHOW SWITCH TRUNK Syntax show switch trunk Parameters None Description This command displays the names and ports of the port trunks on the switch Example The following command displays port trunki...

Page 114: ...OR on page 115 DESTROY SWITCH MIRROR on page 116 DISABLE SWITCH MIRROR on page 117 ENABLE SWITCH MIRROR on page 118 SET SWITCH MIRROR on page 119 SHOW SWITCH MIRROR on page 120 Note Remember to save y...

Page 115: ...y more than one port at a time but there can be only one source port per line card Description This command adds new source ports to an existing port mirror Any source ports already assigned to the po...

Page 116: ...ort mirror Note To view existing port mirrors use the command SHOW SWITCH MIRROR on page 120 Examples The following command creates a port mirror where the destination port is Port 4 on the line card...

Page 117: ...to specify ports refer to Specifying Ports on page 17 ports Specifies the source port to be removed from an existing port mirror You can specify more than one port at a time Description This command r...

Page 118: ...ription This command deletes a port mirror Once a port mirror has been deleted the port that was functioning as the destination mirror port can be disconnected from the network analyzer and connected...

Page 119: ...ror The source ports continue to forward traffic to and from their respective end nodes but no traffic is copied to the destination port of the port mirror A port mirror is enabled when created To vie...

Page 120: ...n This command enables a port mirror Traffic from the source ports is again copied to the destination port A port mirror is enabled when created You would use this command if you had disabled a port m...

Page 121: ...pecify more than one port but there can be only one source port per line card Description This command specifies new source ports for an existing port mirror It is similar to the ADD SWITCH MIRROR com...

Page 122: ...SHOW SWITCH MIRROR Syntax show switch mirror Parameters None Description This command displays the source and destination ports of port mirrors on the switch Example The following command displays the...

Page 123: ...following commands COPY on page 122 CREATE CONFIG on page 123 DELETE FILE on page 124 RENAME on page 125 SET CONFIG on page 126 SHOW FILE on page 127 Note Refer to the AT S60 Management Software User...

Page 124: ...Z digits 0 9 and the characters _ Invalid characters are Three letter file extension ext can be any of the following cer cfg key and csr The extensions and their corresponding file types are shown in...

Page 125: ...er specifies the name of the configuration file to create The file extension must be cfg If the file already exists it is replaced If the file does not exist it is created The filename must be a valid...

Page 126: ...must be a valid filename between 1 and 16 characters long Valid characters are lowercase letters a z uppercase letters A Z digits 0 9 and the characters _ Invalid characters are Wildcards are not all...

Page 127: ...ecified file The source file name must identify an existing file and the destination file name must not already exist The source and destination file extensions must be the same For table of file exte...

Page 128: ...s file system To view the files in a switch s file system see SHOW FILE on page 127 Configuration files have a cfg extension To view the name of the configuration file the switch is currently using se...

Page 129: ...place any part of the file name to allow a more selective display The following extensions are permitted cer cfg csr img key If you specify a configuration file the contents of the file are displayed...

Page 130: ...mmands This chapter contains the following commands LOAD on page 129 UPLOAD on page 134 Note For background information on downloading and uploading software images and configuration files refer to th...

Page 131: ...er You can use the TFTP option from either a local or Telnet management session xmodem Specifies an Xmodem download via a local management session This download can only upgrade the switch to which th...

Page 132: ...You can specify more than one switch at a time for example 1 3 4 Description You can use this command to download the following types of files onto the switch AT S60 software image Configuration file...

Page 133: ...r is only used with a TFTP download When specifying the new name of a downloaded file you must be sure to give it the correct three letter extension depending on the file type The extensions are shown...

Page 134: ...r power cycling the switch Examples The following command uses Xmodem to download a new AT S60 software image load method xmodem destfile ats60 img When downloading the management software image the d...

Page 135: ...AT S60 image file on the master switch to switches 1 and 4 in an enhanced stack Switch numbers are displayed using the SHOW REMOTELIST command load method remoteswitch destfile ats60 img switchlist 1...

Page 136: ...This option is supported only from a local management session destfile Specifies the path and filename where the file is to be saved on the TFTP server This parameter is used with a TFTP upload serve...

Page 137: ...P upload The SERVER parameter specifies the IP address of the network node containing the TFTP server software The uploaded file will be stored on this node This parameter is only required for a TFTP...

Page 138: ...ot cfg After entering the command use your terminal emulator program to indicate where you want to store the file on your computer and its filename The following command uploads the switch s AT S60 im...

Page 139: ...n page 139 ENABLE STP on page 140 RESET STP on page 141 SET STP on page 142 SET STP PORT on page 145 SHOW STP on page 147 Note Remember to save your changes with the SAVE CONFIGURATION command Note Re...

Page 140: ...iring if you want to enable or disable the protocol when it is activated If you enable the protocol the management software designates STP as the active spanning tree protocol on the switch and enable...

Page 141: ...able stp Parameters None Description This command disables the Spanning Tree Protocol on the switch The default setting for STP is disabled To view the current status of STP refer to SHOW STP on page...

Page 142: ...efault setting for STP is disabled To view the current status of STP refer to SHOW STP on page 147 Note You cannot enable STP until after you have activated it with the ACTIVATE STP command Only one s...

Page 143: ...ion This command returns all STP bridge and port parameters to the default settings STP must be disabled in order for you to use this command To disable STP refer to DISABLE STP on page 139 Example Th...

Page 144: ...The bridge with the lowest priority number is selected as the root bridge If two or more bridges have the same priority value the bridge with the numerically lowest MAC address becomes the root bridge...

Page 145: ...col data units BPDUs are deleted by the bridge All bridges in a bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units BPDUs For example if...

Page 146: ...iority value to 45 056 increment 11 set stp priority 11 The following command sets the hello time to 7 seconds and the forwarding delay to 25 seconds set stp hellotime 7 forwarddelay 25 The following...

Page 147: ...ifies the port s cost The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost to the root bridge for that LAN The range is 0 Auto Detect to 200 000 000 The de...

Page 148: ...following command sets the port cost to 15 and the port priority to 192 increment 12 for Port 6 on the line card in Slot 10 set stp port 10 6 portcost 15 portpriority 12 Table 4 Port Priority Value In...

Page 149: ...ommand displays the current values for the following STP parameters STP status Bridge identifier Bridge priority Hello time Forwarding delay Maximum age timer You can also use this command to view the...

Page 150: ...age 150 ENABLE RSTP on page 151 RESET RSTP on page 152 SET RSTP on page 153 SET RSTP PORT on page 156 SHOW RSTP on page 159 Note Remember to save your changes with the SAVE CONFIGURATION command Note...

Page 151: ...tch When you activate RSTP a prompt is displayed inquiring if you want to enable or disable the protocol when it is activated If you enable the protocol the management software designates RSTP as the...

Page 152: ...STP Syntax disable rstp Parameters None Description This command disables the Rapid Spanning Tree Protocol on the switch To view the current status of RSTP use the SHOW RSTP command Example The follow...

Page 153: ...ocol on the switch The default setting for RSTP is disabled To view the current status of RSTP use the SHOW RSTP command You cannot enable RSTP until you have activated it with the ACTIVATE RSTP comma...

Page 154: ...meters None Description This command returns all RSTP bridge and port parameters to the default settings RSTP must be disabled before you can use this command To disable RSTP refer to DISABLE RSTP on...

Page 155: ...t bridge for RSTP The bridge with the lowest priority number is selected as the root bridge If two or more bridges have the same priority value the bridge with the numerically lowest MAC address becom...

Page 156: ...l data units BPDUs are deleted by the bridge All bridges in a bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units BPDUs For example if yo...

Page 157: ...efault values set rstp default The following command sets the bridge priority to 20480 increment 5 the hello time to 5 seconds and the forwarding delay to 20 seconds set rstp priority 5 hellotime 5 fo...

Page 158: ...ng Ports on page 17 default Returns the port s RSTP settings to their default values This parameter performs the same function as the RESET RSTP command portcost Specifies the port s cost The spanning...

Page 159: ...ng at half duplex mode and is not connected to any device running STP or RSTP Selections are yes The port is an edge port This is the default no The port is not an edge port pointtopoint Defines wheth...

Page 160: ...STP BPDUs set the migrationcheck parameter to yes allowing the port to send RSTP BPDUs Description This command sets a port s RSTP settings Examples The following command sets port cost to 1 000 000...

Page 161: ...isplay the RSTP parameter settings Values are displayed for the following parameters RSTP status Bridge identifier Bridge priority Hello time Maximum aging Forwarding delay You can also use this comma...

Page 162: ...Chapter 14 RSTP Commands 160 The following command displays RSTP port status for port 5 on the module in slot 8 show rstp portstate 8 5...

Page 163: ...TE MSTP on page 166 DESTROY MSTP MSTI on page 167 DISABLE MSTP on page 168 ENABLE MSTP on page 169 RESET MSTP on page 170 SET MSTP on page 171 SET MSTP CIST on page 174 SET MSTP MSTI on page 175 SET M...

Page 164: ...Chapter 15 MSTP Commands 162 Note Refer to the AT S60 Management Software User s Guide for background information on the Multiple Spanning Tree Protocol MSTP...

Page 165: ...e protocol when it is activated If you select to enable the protocol the management software designates MSTP as the active spanning tree protocol and enables it so that it is immediately active after...

Page 166: ...TIID parameter specifies the MSTI ID The MSTI must already exist on the switch To create a spanning tree instance see CREATE MSTP on page 165 The MSTIVLANASSOC parameter specifies the VIDs of the VLAN...

Page 167: ...iates VLANs to the new spanning tree instance The MSTIID parameter specifies the new MSTI ID The MSTIVLANASSOC parameter specifies the VID of the VLAN you want to associate with the new MSTI The VLAN...

Page 168: ...more than one VID at a time for example 2 5 44 Description This command removes a VLAN from a spanning tree instance A VLAN removed from a spanning tree instance is automatically returned to CIST The...

Page 169: ...MSTI ID of the spanning tree instance you want to delete You can specify only one MSTI ID at a time The range is 1 to 15 Description This command deletes a spanning tree instance VLANs associated to...

Page 170: ...Syntax disable mstp Parameters None Description This command disables the Multiple Spanning Tree Protocol on the switch To view the current status of MSTP refer to SHOW MSTP on page 181 Example The fo...

Page 171: ...ultiple Spanning Tree Protocol on the switch To view the current status of MSTP refer to SHOW MSTP on page 181 You must select MSTP as the active spanning tree on the switch before you can enable it w...

Page 172: ...es In order for you to use this command MSTP must be the active spanning tree protocol on the switch and the protocol must be disabled To select MSTP as the active spanning tree protocol on the switch...

Page 173: ...perate with MSTP or in an STP compatible mode If you select MSTP the bridge will operate all ports in MSTP except for those ports that receive STP or RSTP BPDU packets If you select Force STP Compatib...

Page 174: ...econds The range of this parameter is 6 to 40 seconds The default is 20 seconds Note The value for the maxage parameter must be less than 2 x hellotime 1 and less than 2 x forwarddelay 1 maxhops Speci...

Page 175: ...mand disables MSTP and returns all MSTP parameter settings to their default values set mstp default The following command sets the hop count to 10 the configuration name to Engineering Region and the...

Page 176: ...This number is used in determining the root bridge for the bridged network The bridge with the lowest priority number acts as the root bridge If two or more bridges have the same priority value the b...

Page 177: ...rement that represents the desired bridge priority value The default value is 32 768 which is increment 8 Description This command changes the MSTI priority value of a spanning tree instance on a brid...

Page 178: ...ero to 61 440 in increments of 4 096 with 0 being the highest priority Examples This command changes the MSTI priority value to increment 11 for the MSTI ID 4 set mstp msti mstiid 4 priority 11 This c...

Page 179: ...tree instances The MSTIID parameter specifies the ID of the spanning tree instance The spanning tree instance must already exist on the switch To create a spanning tree instance see CREATE MSTP on pa...

Page 180: ...as an internal port cost The range is 0 to 200 000 000 The default setting is Auto detect 0 which sets port cost depending on the speed of the port Default values are 2 000 000 for 10 Mbps ports 200...

Page 181: ...ge port pointtopoint Defines whether the port is functioning as a point to point port This type of port is connected to a device operating at full duplex mode Selections are yes The port is an point t...

Page 182: ...s set the migrationcheck parameter to yes allowing the port to send MSTP BPDUs Description This command sets a port s MSTP settings Examples The following command sets the internal port cost to 1 000...

Page 183: ...ed by this parameter refer to Description below msti Displays a list of the MSTIs on the switch and their associated VLANs The list does not include the CIST cist Displays the CIST priority and the VL...

Page 184: ...lays the following MSTP port status information MSTP port state MSTI ID MSTP role Point to point status Spanning tree version Port cost The MSTI parameter displays the following information for each s...

Page 185: ...AN on page 195 SET SWITCH MANAGEMENTVLAN on page 196 SET SWITCH SWITCHMODE on page 197 SET VLANMODE on page 198 SHOW VLAN on page 200 Note Remember to use the SAVE CONFIGURATION command to save your c...

Page 186: ...o Specifying Ports on page 17 frame Identifies the new ports as either tagged or untagged This parameter must be used with the PORT parameter taggedports Specifies the ports that is slot port to be ad...

Page 187: ...ce if you add Port 6 as an tagged port to a new VLAN Port 6 remains a tagged and untagged member of its other VLAN assignments Examples The following command uses Syntax 1 to add Ports 4 and 7 on the...

Page 188: ...Chapter 16 VLAN and MVLAN Commands 186 Using Syntax 2 you can add both types of ports with just one command add vlan Service untaggedports 2 7 8 taggedports 2 5...

Page 189: ...e as the name of an existing VLAN on the switch If the VLAN is unique in your network then the name needs to be unique as well If the VLAN spans multiple switches then the name for the VLAN needs to b...

Page 190: ...has two syntaxes You can use either syntax to create a port based or tagged VLAN The difference between the two syntaxes is how you specify which ports are members of the VLAN and whether the ports a...

Page 191: ...lan Sales vid 3 untaggedports 5 4 8 11 1 8 In the following command Syntax 1 is used to create a tagged VLAN called Production with a VID of 22 The VLAN will consist of two tagged ports Ports 3 and 6...

Page 192: ...and untagged ports all in one command Here is the command that would create our example create vlan Service vid 16 untaggedports 1 1 4 5 7 taggedports 8 1 2 That s the advantage of Syntax 2 over Synt...

Page 193: ...as tagged or untagged This parameter must be used with the PORT parameter taggedports Specifies the tagged ports that is slot port to be removed from the VLAN Specifying ALL removes all tagged ports f...

Page 194: ...of those VLANs If you remove an untagged port from the Default_VLAN without assigning it to another VLAN the port is excluded as an untagged member from all VLANs on the switch When you remove a tagge...

Page 195: ...N called Service and you wanted to delete from the VLAN tagged Port 2 and untagged Ports 6 to 8 on the line card in Slot 6 the commands would be delete vlan Service port 6 2 frame tagged delete vlan S...

Page 196: ...This parameter is optional Description This command deletes a VLAN from a switch All untagged ports in a deleted VLAN are automatically returned to the Default_VLAN You cannot delete the Default_VLAN...

Page 197: ...set vlan Parameters None Description This command deletes all port based and tagged VLANs on a switch except for the Default_VLAN All ports are returned to the Default_VLAN as untagged ports Example T...

Page 198: ...is Default_VLAN VID 1 Description This command sets the management VLAN The switch uses this VLAN to watch for management packets from Telnet and web browser management sessions For more information...

Page 199: ...the Basic VLAN mode The default is TAGGED Description This command configures a switch to support port based and tagged VLANs as well as the multiple VLAN modes or the Basic VLAN mode Only one mode c...

Page 200: ...ies the port on the switch to function as the uplink port when the switch is operating in one of the two multiple VLAN modes You can specify only one port Description You use this command to configure...

Page 201: ...gures the switch for the 802 1Q compliant multiple VLAN mode and specifies port 4 on line card 6 as the uplink port set vlanmode dotqmultiple uplinkport 6 4 The following command sets the switch so th...

Page 202: ...This command displays the following information VLAN mode VLAN name Untagged ports Tagged ports Examples The following command displays all the VLANs on the switch show vlan The following command disp...

Page 203: ...n page 209 SHOW GARP COUNTER on page 210 SHOW GARP DATABASE on page 212 SHOW GARP GIP on page 213 SHOW GARP MACHINE on page 214 Note Remember to save your changes with the SAVE CONFIGURATION command N...

Page 204: ...online help for this command contains an STP option The option is not supported Description This command disables GVRP on the switch Once disabled the switch will not learn any new dynamic GVRP VLANs...

Page 205: ...nables GARP Information Propagation GIP Note The online help for this command contains an STP option The option is not supported Description This command enables GVRP on the switch Once activated the...

Page 206: ...0 management software is GVRP Note The online help for this command contains an STP option The option is not supported Description This command disables GVRP on the switch and returns the GVRP timers...

Page 207: ...fies the GVRP mode of the port Modes are normal The port will participate in GVRP The port will process GVRP information and transmit PDUs This is the default none The port will not participate in GVR...

Page 208: ...Chapter 17 GARP VLAN Registration Protocol Commands 206 The following command activates GVRP on port 3 on the line card in slot 12 set garp gvrp port 12 3 mode normal...

Page 209: ...of a second The default is 20 centi seconds If you change this timer it must be in relation to the GVRP Leave Timer according to the following equation Join Timer 2 x GVRP Leave Timer leavetimer Speci...

Page 210: ...the Join Period timer to 0 1 second Leave Period timer to 0 35 seconds and the LeaveAllPeriod timer to 11 seconds for all GVRP applications set garp gvrp timer jointime 10 leavetime 35 leavealltime 11...

Page 211: ...software is GVRP Note The online help for this command contains an STP option The option is not supported Description This command displays current values for the following GARP application parameters...

Page 212: ...ommand displays the current values for the following GARP packet and message counters GARP application Receive Total GARP Packets Transmit Total GARP Packets Receive Invalid GARP Packets Receive Disca...

Page 213: ...Transmit GARP Messages LeaveEmpty Receive GARP Messages LeaveIn Transmit GARP Messages LeaveIn Receive GARP Messages Empty Transmit GARP Messages Empty Receive GARP Messages Bad Message Receive GARP M...

Page 214: ...oftware is GVRP Note The online help for this command contains an STP option The option is not supported Description This command displays the following parameters for the internal database for the GA...

Page 215: ...y AT S60 management software is GVRP Note The online help for this command contains an STP option The option is not supported Description This command displays the following parameters for the GIP con...

Page 216: ...Note The online help for this command contains an STP option The option is not supported Description This command displays the following parameters for the GID state machines for the GARP application...

Page 217: ...ITCH FDB on page 216 DELETE SWITCH FDB on page 218 SET SWITCH AGINGTIMER on page 219 SHOW SWITCH FDB on page 220 Note Remember to save your changes with the SAVE CONFIGURATION command Note Refer to th...

Page 218: ...d adds static unicast and multicast MAC addresses to the switch s MAC address table A MAC address added with this command is never timed out from the MAC address table even when the end node or in the...

Page 219: ...User s Guide 217 The following command adds the multicast MAC address 01 00 51 00 00 10 to Port 1 5 in Slot 6 The ports belongs to the Engineering VLAN add switch fdb macaddress 010051000010 port 6 1...

Page 220: ...ou must specify a VLAN if you are deleting a specific dynamic or static address Description This command deletes dynamic and static unicast and multicast addresses from the switch s MAC address table...

Page 221: ...amic MAC addresses from the MAC address table When the switch detects that no packets have been sent to or received from a particular MAC address in the table after the period specified by the aging t...

Page 222: ...on a particular port You can specify more than one port status Specifies the type of MAC addresses you want to view Choices are static dynamic and multicast vlan Specifies a VLAN Use this parameter t...

Page 223: ...ess 00A0D2181A11 The following command displays the MAC addresses learned on Port 2 on the line card in Slot 6 show switch fdb port 6 2 The following command displays the MAC addresses learned on the...

Page 224: ...the following commands SET IP IGMP on page 223 SHOW IP IGMP on page 225 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch Note Refer to the AT S60 Management Softw...

Page 225: ...Specifies the IGMP host node topology Options are singlehost Activates the Single Host Port setting which is appropriate when there is only one host node connected to a port on the switch This is the...

Page 226: ...dresses The default is 64 addresses routerport Specifies the ports on the switch connected to a multicast router Options are port Specifies the router ports manually auto Activates auto detect where t...

Page 227: ...ch that are connected to multicast routers Description This command displays the following IGMP parameters IGMP snooping status Multicast host topology Host router timeout interval Maximum multicast g...

Page 228: ...OUNTER on page 228 RESET SWITCH PORT COUNTER on page 229 SHOW SWITCH COUNTER on page 230 SHOW SWITCH LINECARD COUNTER on page 231 SHOW SWITCH PORT COUNTER on page 232 Note Remember to save your change...

Page 229: ...de 227 RESET SWITCH COUNTER Syntax reset switch counter Parameters None Description This command returns all statistic counters on the switch to zero Example The following command resets the statistic...

Page 230: ...card Specifies the slot containing the line card whose statistics counters you want to return to zero Description This command returns the statistics counters for the ports on a line card to zero Exam...

Page 231: ...cifies the port whose statistics counter you want to return to zero You can specify more than one port at a time Description This command returns the statistics counter for a port to zero Example The...

Page 232: ...ommand displays switch operating statistics such as the number of packets received and transmitted and the number of CRC errors For a list of and definitions for the statistics refer to the AT S60 Man...

Page 233: ...command displays the operating statistics for all the ports on a line card Examples of the statistics include the number of packets transmitted and received and the number of CRC errors For a list of...

Page 234: ...operating statistics for a port on the switch Examples of the statistics include the number of packets transmitted and received and the number of CRC errors For a list of and definitions for the stati...

Page 235: ...R on page 236 SET HTTP SERVER on page 237 SHOW HTTP SERVER on page 241 Note This chapter lists some encryption commands The encryption commands only appear in the AT S60 version 2 0 0 software Refer t...

Page 236: ...This command disables the HTTP server on the switch When HTTP is disabled you cannot manage the switch using a web browser management session To view the current status of the HTTP server see the com...

Page 237: ...n This command activates the HTTP server on the switch Activating HTTP allows you to manage the switch using a web browser management session To view the current status of the HTTP server see the comm...

Page 238: ...ameters None Description This command resets the HTTP server on the switch to its default values To view the current status of the HTTP server see the command SHOW HTTP SERVER on page 241 Example The...

Page 239: ...y the key See CREATE PKI CERTIFICATE on page 252 port Specifies the TCP port number that the HTTP server will listen on If you do not specify a value for the port parameter the following defaults are...

Page 240: ...he commands you need to enter and a cross reference to the commands 1 Set the date and time for the switch You can do this manually using SET DATE on page 64 and SET TIME on page 66 Or you can configu...

Page 241: ...ware Management User s Guide To create a CA certificate perform the following procedure This procedure lists the commands you need to enter and a cross reference to the commands 1 Set the date and tim...

Page 242: ...ificate set date 15 05 2004 set time 16 34 55 set syst distinguishedname cn Anu ou Engineering o Ace l Christ Church c nz create enco key 2 type rsa length 512 create enrollmentrequest verisignrequest...

Page 243: ...how http server Parameters None Description This command displays the following information about the HTTP server on the switch Status SSL security SSL key ID Port Listen port Example The following co...

Page 244: ...ENCO KEY on page 246 SET ENCO KEY on page 247 SHOW ENCO KEY on page 248 Note The encryption commands only appear in the AT S60 version 2 0 0 software Refer to the AT S60 Management Software User s Gu...

Page 245: ...me of the key for SSH applications Or specifies a descriptive name of the SSL web server You can enter up to 127 alphanumeric values including spaces Use double quotes when entering names with spaces...

Page 246: ...imported from or exported to the specified file If the FILE parameter is not specified then a random RSA key is generated The FILE parameter specifies name of a key file RSA public keys may be importe...

Page 247: ...To import an RSA key from the file RSA KEY which is in HEX format as key 3 create enco key 3 type rsa file rsa key format hex To export an RSA key with an existing key id of 4 in HEX format create enc...

Page 248: ...ommand destroys the specified encryption key The memory the key occupied is overwritten to ensure that the key is irretrievable The KEY parameter specifies the identification number for the key A key...

Page 249: ...er spaces enclosed them in double quotes Description This command changes the user defined description for a specified key The KEY parameter specifies the identification number for the key The specifi...

Page 250: ...meter key A number in the range of 0 to 65535 There is no default Description This command displays information about a specific encryption key Of course the key must already be configured Example Thi...

Page 251: ...ge 256 PURGE PKI on page 257 SET PKI CERTIFICATE on page 258 SET PKI CERTSTORELIMIT on page 260 SET SYSTEM DISTINGUISHEDNAME on page 261 SHOW PKI on page 262 SHOW PKI CERTIFICATE on page 263 Note The...

Page 252: ...gs are true Indicates you manually verified the certificate is from a trusted certificate authority CA false Indicates the certificate is from an untrusted CA This is the default type Specifies what t...

Page 253: ...verified that the certificate is from an untrusted CA In addition you can set this parameter to FALSE if you have not yet manually verified the state of the CA The default is FALSE Typically you set...

Page 254: ...d in double quotes Wildcards are not allowed keypair A decimal number in the range of 0 to 65535 There is no default The key must exist See CREATE ENCO KEY on page 243 serialnumber A decimal number in...

Page 255: ...rameter specifies the number to be inserted into the serial number field of the certificate Usually this parameter is set to 0 The FORMAT parameter specifies the type of encoding the certificate will...

Page 256: ...rmat that allows the certificate to be displayed in a text editor once it is generated type Formats the request according to PKCS 10 Description This command creates a certificate enrollment request T...

Page 257: ...The default is DER The PEM value specifies that the enrollment request is encoded using the Privacy Enhanced Mail format The PEM encoding format can be displayed in a text editor once it has been gene...

Page 258: ...ot allowed Description This command deletes one or all of the certificates stored in the switch s certificate database The CERTIFICATE parameter specifies the name of the certificate to be deleted Cau...

Page 259: ...nd deletes any certificates saved on the switch and resets the PKI parameters to their default values The following parameters are affected Maximum number of certificates is reset to 256 Example The f...

Page 260: ...ificate is from a trusted certificate authority CA false Indicates the certificate is from an untrusted CA This is the default type Specifies what type of certificate is being added Possible settings...

Page 261: ...AT S60 Command Line User s Guide 259 Example The following command configures a trusted certificate with a type of self set pki certificate giftcertificate trusted true type self...

Page 262: ...rameter certstorelimit A number between 12 and 256 The default is 256 Description This command sets the maximum number of certificates which can be stored in the switch s certificate database The defa...

Page 263: ...may require that a particular distinguished name is used Otherwise use a logical distinguished name The list of values that specify a distinguished name are common name cn organization name ou organi...

Page 264: ...ommands 262 SHOW PKI Syntax show pki Parameters None Description This command displays the following information about the PKI module Maximum of certificates Example This command shows PKI module info...

Page 265: ...haracters are any printable characters If the name contains spaces it must be enclosed in double quotes Wildcards are not allowed Description This command displays information about a certificate or a...

Page 266: ...ing command SET SSL on page 265 SHOW SSL on page 266 Note The SSL feature only appears in the AT S60 version 2 0 0 software Refer to the AT S60 Management Software User s Guide for background informat...

Page 267: ...rameters required to configure SSL The CACHETIMEOUT parameter determines the maximum amount of time that a session is retained in the cache The cache stores information about closed connections so the...

Page 268: ...x show ssl Parameters None Description This command displays current values for the following SSL parameters Version Ciphers Available Maximum Number of Sessions Cache Timeout Example The following co...

Page 269: ...268 ENABLE SSH SERVER on page 269 SET SSH SERVER on page 270 SHOW SSH on page 273 Note The SSL feature only appears in the AT S60 version 2 0 0 software Refer to the AT S60 Management Software User s...

Page 270: ...ne Description This command disables the Secure Shell server When the Secure Shell server is disabled connections from Secure Shell clients are not accepted By default the Secure Shell server is disab...

Page 271: ...es the key that is to be used for the Secure Shell server key The specified key must exist The EXPIRYTIME parameter specifies the time in hours after which the Secure Shell server key will expire and...

Page 272: ...is used for the Secure Shell server key The specified key must exist The EXPIRYTIME parameter specifies the time in hours after which the Secure Shell server key will expire and will be regenerated I...

Page 273: ...key is 1024 bits The second key the server key is a randomly created key which is re generated after the specified timeout The recommended size for the server key is 768 bits The server key must be 12...

Page 274: ...S see TACACS and RADIUS Commands on page 284 Example Here is an example of creating a SSH web server create enco key 1 type rsa length 1024 description host key format ssh create enco key 2 type rsa l...

Page 275: ...Versions supported Server Status Server Port Host Key ID Host Key Bits size of host key in bits Server Key ID Server Key Bits size of server key in bits Server Key Expiry hours Login Timeout seconds...

Page 276: ...ORTACCESS on page 277 SET PORTACCESS PORT AUTHENTICATOR on page 278 SET PORTACCESS PORT ROLE on page 280 SET PORTACCESS PORT SUPPLICANT on page 281 SHOW PORTACCESS on page 283 Note Refer to the AT S60...

Page 277: ...ion This command disables 802 1x Port based Access Control on your switch This is the default setting Note Enabling or disabling Port Access Control can only be performed in a local management session...

Page 278: ...ol on the switch Note Enabling or disabling Port Access Control can only be performed in a local management session Note You must activate and configure the RADIUS protocol on the switch before you ca...

Page 279: ...s the authentication method for the switch The default value for this parameter is RADIUSEAP There is no other value for this parameter Description This command sets RADIUS EAP as the authentication m...

Page 280: ...transition to the authorized state without any authentication exchange required The port transmits and receives normal traffic without 802 1X based authentication of the client Force unauthenticate C...

Page 281: ...eout Sets the switch to client retransmission time for the EAP request frame The default value for this parameter is 30 seconds The range is 1 to 600 seconds servtimeout This is the timer used by the...

Page 282: ...e Supplicant Sets the port to the Supplicant role This role requires the port to login to whatever device typically another switch the port is connected to None Disables port based access control on t...

Page 283: ...ins from retrying to re contact the authenticatorintheeventtheenduserprovidesan invalid username and or password Once the time period has expired the supplicant can attempt to log on again The range i...

Page 284: ...in alphanumeric characters A to Z a to z and 1 to 9 Do not use spaces or special characters such as asterisks or exclamation points The password is case sensitive Description This command configures t...

Page 285: ...ngs for a specific port Description Use this command to display port based access control information Examples The following command displays whether port based access control is enabled or disabled o...

Page 286: ...7 DELETE TACACSSERVER on page 288 DISABLE AUTHENTICATION on page 289 ENABLE AUTHENTICATION on page 290 RESET AUTHENTICATION on page 291 SET AUTHENTICATION on page 292 SHOW AUTHENTICATION on page 294 N...

Page 287: ...server and the order it is queried by the switch You may specify an encryption key and a UDP port Examples The following command adds a RADIUS server with an IP address of 149 245 22 22 and specifies...

Page 288: ...ption commands Description Use this command to add the IP address of a TACACS server to your switch along with the order the TACACS server is queried and an optional encryption key Examples The follow...

Page 289: ...s Parameter ipaddress Specifies the IP address of the RADIUS server to be deleted Description Use this command to delete the IP address of a RADIUS from your switch Example The following command delet...

Page 290: ...meter ipaddress Specifies the IP address of the TACACS server that you want to delete Description Use this command to delete the IP address of a TACACS server from your switch Example The following co...

Page 291: ...ers None Description Use this command to disable TACACS and RADIUS authentication on your switch When you disable authentication you retain your current authentication parameter settings Example The f...

Page 292: ...ABLE AUTHENTICATION Syntax enable authentication Parameters None Description Use this parameter to enable TACACS and RADIUS authentication on your switch Example The following command enables authenti...

Page 293: ...your current command settings including server IP addresses and encryption keys both local and global This command performs the same function as the DISABLE AUTHENTICATION command Note The encryption...

Page 294: ...witch assumes the server will not respond If the timeout expires and the server has not responded the switch queries the next server in the list Once the switch has exhausted the list of servers the s...

Page 295: ...ocol and specifies a global encryption key of tiger54 set authentication method tacacs secret tiger54 The following command selects RADIUS as the authentication protocol with a global encryption key o...

Page 296: ...otocol activated on your switch Either TACACS or RADIUS protocols may be active The TACACS protocol is the default The IP addresses of up to three authentication servers The server encryption keys if...

Page 297: ...MSTP command 163 ACTIVATE RSTP command 149 ACTIVATE STP command 138 ADD MSTP command 164 ADD PKI CERTIFICATE command 250 ADD RADIUS SERVER command 285 ADD SNMP COMMUNITY command 70 ADD SNTPSERVER IP A...

Page 298: ...E FILE command 124 DELETE MSTP command 166 DELETE PKI CERTIFICATE command 256 DELETE RADIUSSERVER command 287 DELETE SNMP COMMUNITY command 75 DELETE SNTPSERVER IPADDRESS command 60 DELETE SWITCH FDB...

Page 299: ...de setting 91 EXIT command 90 external port cost 178 F factory defaults 39 files copying 122 deleting 124 displaying file list 127 downloading 129 renaming 125 uploading 134 flow control 95 force vers...

Page 300: ...etting 170 setting 171 VLAN association 177 multicast router port 223 multiple VLAN mode 198 O operator password 46 P PING command 33 PKI certificate database 260 PKI certificate enrollment request cr...

Page 301: ...arameters displaying 50 speed resetting 35 setting 41 SET ASYN command 41 SET AUTHENTICATION command 292 SET CONFIG command 126 SET DATE command 64 SET ENCO KEY command 247 SET GARP PORT command 205 S...

Page 302: ...SNTP command 67 SHOW SSH command 273 SHOW SSL command 266 SHOW STP command 147 SHOW SWITCH command 55 SHOW SWITCH COUNTER command 230 SHOW SWITCH FDB command 220 SHOW SWITCH LINECARD command 56 SHOW...

Page 303: ...ished name setting 261 system files downloading 129 uploading 134 system name configuring 48 system time displaying 68 setting 66 T TACACS server adding 286 deleting 288 tagged port adding to VLAN 184...

Reviews:

No comments

Related manuals for AT-8400 SERIES

Balluff BNI IOL-314-S52-P012 Assembly Instructions Manual preview
BNI IOL-314-S52-P012
Brand: Balluff Pages: 22
Labgear 28574LAB User Manual preview
28574LAB
Brand: Labgear Pages: 4
ATEN ALTUSCN KH1508I User Manual preview
ALTUSCN KH1508I
Brand: ATEN Pages: 173
Key Digital KD-MS4x4G-2 Manual preview
KD-MS4x4G-2
Brand: Key Digital Pages: 20
Lantech TPGS-L6208XT User Manual preview
TPGS-L6208XT
Brand: Lantech Pages: 24
Radio Shack 15-316 User Manual preview
15-316
Brand: Radio Shack Pages: 8
CTC Union ITP-800-8PH24 Quick Installation Manual preview
ITP-800-8PH24
Brand: CTC Union Pages: 14
Thinklogical TLX1280 Product Manual preview
TLX1280
Brand: Thinklogical Pages: 45
ATEN Altusen KN9008 User Manual preview
Altusen KN9008
Brand: ATEN Pages: 178
ALC AHSS41 Quick Start Manual preview
AHSS41
Brand: ALC Pages: 2
VS LIGHTING SOLUTIONS Blu2Light PrimeLine 187042 Quick Start Manual preview
Blu2Light PrimeLine 187042
Brand: VS LIGHTING SOLUTIONS Pages: 2
Blueridge Digi-Touch DDN-SW1 Installation Manual preview
Digi-Touch DDN-SW1
Brand: Blueridge Pages: 13
Rockwell Automation Allen-Bradley Guardmaster 440G-LZ User Manual preview
Allen-Bradley Guardmaster 440G-LZ
Brand: Rockwell Automation Pages: 40
Aaeon FWS-7600 Manual preview
FWS-7600
Brand: Aaeon Pages: 76
KTI KCB-121 User Manual preview
KCB-121
Brand: KTI Pages: 16
Dahua Technology DH-PFS4428-24GT-370 User Manual preview
DH-PFS4428-24GT-370
Brand: Dahua Technology Pages: 44
ZLINK ZL-100 Manual preview
ZL-100
Brand: ZLINK Pages: 44
Solar Solve Marine Casslte Installation Instructions Manual preview
Casslte
Brand: Solar Solve Marine Pages: 12

Brands by name

Popular brands

Load more brands