Home
/
Cisco
/
SPS2024
/
Reference Manual

Cisco SPS2024, Reference Manual, Page: 470 / 552

Share

Page: 470 / 552

Cisco SPS2024 Reference Manual Download Page 470

User Interface Commands

history

SPS208G/SPS224G4/SPS2024 Command Line Interface Reference Guide

468

33

1. There is a valid command and a help request is made for

entering a parameter or argument (e.g. ‘show ?’). All possible

parameters or arguments for the entered command are displayed.

2. An abbreviated argument is entered and a help request is made

for arguments matching the input (e.g. ‘show pr?’).

history

The history Line Configuration mode command enables the command history
function. Use the

n

o form of the command to disable the command history

function.

Syntax

history

no history

Default Configuration

The command history function is enabled.

Command Mode

Line Configuration mode

User Guidelines

This command enables the command history function for a specified line. Use the
terminal history user EXEC mode command to enable or disable the command
history function for the current terminal session.

Example

The following example enables the command history function for Telnet.

«
...
468
469
470
471
472
...
»

Summary of Contents for SPS2024

Page 1: ...Cisco Small Business Pro SPS208G SPS224G4 SPS2024 Ethernet Switches Command Line Interface REFERENCE GUIDE ...

Page 2: ... id i Z jbVc CZildg VgZ igVYZbVg h0 8 Vc c i Z LVn LZ Ldg A kZ EaVn VcY AZVgc VcY 8 hXd HidgZ VgZ hZgk XZ bVg h0 VcY 6XXZhh GZ higVg 6 gdcZi 6hncXDH 7g c c i Z BZZi c Id Ndj 8ViVanhi 8896 889E 88 88 E 88C6 88CE 88HE 88KE 8 hXd i Z 8 hXd 8Zgi ZY ciZgcZildg meZgi ad d 8 hXd DH 8 hXd EgZhh 8 hXd HnhiZbh 8 hXd HnhiZbh 8Ve iVa i Z 8 hXd HnhiZbh ad d 8 hXd Jc in 8daaVWdgVi dc L i dji A b iVi dc i Zg Vhi...

Page 3: ...ntication login 33 aaa authentication enable 35 login authentication 36 enable authentication 37 ip http authentication 39 ip https authentication 40 show authentication methods 41 password 43 enable password 44 username 45 show users accounts 46 show privilege 47 Chapter 3 ACL Commands 48 ip access list 48 permit ip 49 deny IP 52 mac access list 56 permit MAC 57 deny MAC 58 service policy 60 serv...

Page 4: ...ion logging interval 71 show ip arp inspection 72 show ip arp inspection list 73 Chapter 5 Address Table Commands 75 bridge address 75 bridge multicast filtering 76 bridge multicast address 77 bridge multicast forbidden address 79 bridge multicast forward all 80 bridge multicast forbidden forward all 82 bridge aging time 83 clear bridge 84 port security 85 port security mode 86 port security max 8...

Page 5: ...summer time 103 sntp authentication key 105 sntp authenticate 106 sntp port 107 sntp trusted key 108 sntp client poll timer 109 sntp broadcast client enable 110 sntp anycast client enable 111 sntp client enable 112 sntp client enable Interface 113 sntp unicast client enable 114 sntp unicast client poll 115 sntp server 116 show clock 117 show sntp configuration 119 show sntp status 120 Chapter 7 Co...

Page 6: ...g database update freq 135 ip dhcp snooping binding 136 clear ip dhcp snooping database 137 show ip dhcp snooping 138 show ip dhcp snooping binding 139 Chapter 9 DHCP Relay Commands 141 ip dhcp relay enable global 141 ip dhcp relay enable interface 142 ip dhcp relay address 143 show ip dhcp relay 144 Chapter 10 DHCP Option 82 Commands 145 ip dhcp information option 145 show ip dhcp information opt...

Page 7: ...e 161 port jumbo frame 162 sfp speed 163 clear counters 164 set interface active 165 show interfaces configuration 166 show interfaces status 167 show interfaces advertise 169 show interfaces description 170 show interfaces counters 171 show ports jumbo frame 174 port storm control broadcast enable 175 port storm control broadcast rate 176 port storm control include multicast 177 port storm contro...

Page 8: ... Commands 192 ip igmp snooping global 192 ip igmp snooping Interface 193 ip igmp snooping mrouter 194 ip igmp snooping querier enable 195 ip igmp snooping host time out 196 ip igmp snooping mrouter time out 197 ip igmp snooping leave time out 198 ip igmp snooping multicast tv 199 ip igmp snooping map cpe vlan 200 show ip igmp snooping mrouter 201 show ip igmp snooping interface 202 show ip igmp sn...

Page 9: ...1 clear host 222 clear host dhcp 223 show hosts 224 Chapter 16 IP Source Guard Commands 226 ip source guard global 226 ip source guard interface 227 ip source guard binding 228 ip source guard tcam retries freq 229 show ip source guard configuration 230 show ip source guard status 231 show ip source guard inactive 233 Chapter 17 LACP Commands 235 lacp system priority 235 lacp port priority 236 lac...

Page 10: ...ny management 251 show management access list 252 show management access class 253 Chapter 20 PHY Diagnostics Commands 254 test copper port tdr 254 show copper ports tdr 255 show copper ports cable length 256 show fiber ports optical transceiver 257 Chapter 21 Port Channel Commands 260 interface port channel 260 interface range port channel 261 channel group 262 show interfaces port channel 263 Ch...

Page 11: ...7 set 279 police 280 qos aggregate policer 281 show qos aggregate policer 283 police aggregate 284 wrr queue bandwidth 285 wrr queue cos map 286 priority queue out num of queues 288 traffic shape 289 rate limit Ethernet 290 show qos interface 291 qos wrr queue threshold 293 qos map policed dscp 295 qos map dscp queue 296 qos map dscp dp 297 qos trust Global 298 qos trust Interface 299 qos cos 300 ...

Page 12: ...server timeout 311 radius server deadtime 312 show radius servers 313 Chapter 25 RMON Commands 314 show rmon statistics 314 rmon collection history 317 show rmon collection history 318 show rmon history 319 rmon alarm 323 show rmon alarm table 325 show rmon alarm 326 rmon event 329 show rmon events 330 show rmon log 331 rmon table size 333 Chapter 26 SNMP Commands 334 snmp server community 334 snm...

Page 13: ... set 352 show snmp 353 show snmp engineID 355 show snmp views 355 show snmp groups 356 show snmp filters 358 show snmp users 359 Chapter 27 RSA and Certificate Commands 361 crypto certificate generate 361 crypto key generate dsa 363 crypto key generate rsa 364 Chapter 28 Spanning Tree Commands 365 spanning tree 365 spanning tree mode 366 spanning tree forward time 367 spanning tree hello time 368 ...

Page 14: ...rotocols 379 spanning tree mst priority 380 spanning tree mst max hops 381 spanning tree mst port priority 382 spanning tree mst cost 383 spanning tree mst configuration 385 instance mst 386 name mst 387 revision mst 388 show mst 389 exit mst 390 abort mst 391 show spanning tree 392 Chapter 29 SSH Commands 403 ip ssh port 403 ip ssh server 404 ip ssh pubkey auth 405 crypto key pubkey chain ssh 406...

Page 15: ...ter 30 Syslog Commands 420 logging on 420 logging 421 logging console 422 logging buffered 423 logging buffered size 424 clear logging 425 logging file 426 clear logging file 427 aaa logging 428 file system logging 429 management logging 430 show logging 431 show logging file 432 show syslog servers 434 Chapter 31 System Management Commands 436 ping 436 traceroute 438 telnet 441 resume 445 reload ...

Page 16: ... Chapter 32 TACACS Commands 456 tacacs server host 456 tacacs server key 458 tacacs server timeout 459 tacacs server source ip 460 show tacacs 461 Chapter 33 User Interface Commands 463 login 463 configure 464 exit configuration 464 exit EXEC 465 end 466 help 467 history 468 history size 469 terminal history 470 terminal history size 471 terminal datadump 472 debug mode 473 show history 474 do 475...

Page 17: ... switchport access vlan 488 switchport access multicast tv vlan 489 switchport trunk allowed vlan 490 switchport trunk native vlan 491 switchport general allowed vlan 492 switchport general pvid 494 switchport general ingress filtering disable 495 switchport general acceptable frame type tagged only 496 switchport customer vlan 497 switchport customer multicast tv vlan 498 switchport forbidden vla...

Page 18: ...ip https 514 Chapter 36 802 1x Commands 516 aaa authentication dot1x 516 dot1x system auth control 517 dot1x port control 518 dot1x re authentication 519 dot1x timeout re authperiod 520 dot1x re authenticate 521 dot1x timeout quiet period 522 dot1x timeout tx period 523 dot1x max req 524 dot1x timeout supp timeout 525 dot1x timeout server timeout 527 show dot1x 528 show dot1x users 531 show dot1x ...

Page 19: ...lan 542 dot1x guest vlan enable 543 dot1x mac authentication 544 show dot1x advanced 545 Appendix A Alias Names 547 Alias Name Support 547 Appendix B Where to Go From Here 548 Product Resources 548 Related Documentation 548 Appendix C Additional Information 549 Regulatory Compliance and Safety Information 549 Warranty 549 End User License Agreement EULA 549 Appendix D Support Contacts 550 ...

Page 20: ...ing features CLI Command Modes For greater ease of use the Command Line Interface CLI is divided into four command modes arranged hierarchically by privilege level The command modes are in the order in which they are accessed User EXEC mode lowest privilege Privileged EXEC mode Global Configuration mode Interface Configuration mode highest privilege Each command mode has its own unique console pro...

Page 21: ...password when prompted Privileged EXEC Mode Privileged EXEC mode is password protected to prevent unauthorized use as many of its commands set operating system parameters The password is not displayed on the screen and is case sensitive Privileged users start in Privileged EXEC mode To enter this mode from User EXEC mode follow these steps STEP 1 At the prompt enter the enable command and press En...

Page 22: ...ode from Privileged EXEC mode enter the configure command at the Privileged EXEC mode prompt and press Enter The Global Configuration mode prompt consisting of the device host name followed by config is displayed Console config Use any of the following commands to return from Global Configuration mode to the Privileged EXEC mode exit end Ctrl Z The following example shows how to access Global Conf...

Page 23: ...guration The interface ethernet Global Configuration mode command is used to enter the Interface Configuration mode Port Channel Contains commands used to configure port channels for example assigning ports to a port channel Most of these commands are the same as the commands in the Ethernet interface mode and are used to manage the member ports as a single entity The interface port channel Global...

Page 24: ...used to access the Switch is connected to the Switch Using HyperTerminal over the Console Interface NOTE When using HyperTerminal with Microsoft Windows 2000 ensure that Windows 2000 Service Pack 2 or later is installed on your computer The arrow keys will not function properly using HyperTerminal s VT100 emulation in Windows 2000 prior to Service Pack 2 For information on Windows 2000 service pac...

Page 25: ...eference Guide 23 1 Figure1 Start All Programs Accessories Communications HyperTerminal STEP 3 Enter a name for this connection Select an icon for the application then click OK Figure 2 HyperTerminal Connection Description Screen STEP 4 Select a port to communicate with the switch Select COM1 or COM2 ...

Page 26: ...ace SPS208G SPS224G4 SPS2024 Command Line Interface Reference Guide 24 1 Figure 3 HyperTerminal Connect To Screen STEP 5 Set the serial port settings as follows then click OK Bits per Second 38400 Databits 8 Parity one Stop bits 1 Flow control None ...

Page 27: ...e Interface Reference Guide 25 1 Figure 4 HyperTerminal Properties Screen STEP 6 When the Command Line Interface appears enter admin at the User Name prompt and press Enter Figure 5 Command Line User Name Prompt The console prompt is displayed This prompt is where you enter CLI commands ...

Page 28: ...n Ethernet Interface Telnet provides a method of connecting to the Command Line Interface using TCP IP over a standard Ethernet connection A telnet session can be established in HyperTerminal or from a command prompt To establish a telnet session from the command prompt perform the following steps STEP 1 Click Start then select All Programs Accessories Command Prompt to open a command prompt Figur...

Page 29: ...erface will be displayed Enter admin at the User Name prompt and press Enter Figure 9 Command Line User Name Prompt STEP 4 The console prompt is displayed This prompt is where you enter CLI commands Figure10 Command Line You can now enter CLI commands to manage the Switch For detailed information on CLI commands refer to the appropriate chapter s of this Reference Guide ...

Page 30: ...ayed The command is not selected from a menu but is manually entered To see what commands are available in each mode or within an Interface Configuration the CLI does provide a method of displaying the available commands the command syntax requirements and in some instances parameters required to complete the command The standard command to request help is There are two instances where help inform...

Page 31: ...nds can be increased to 216 By configuring 0 the effect is the same as disabling the history buffer system For more information on configuring the command history buffer refer to the history size command To display the history buffer refer to the show history command Negating the Effect of Commands For many configuration commands the prefix keyword no can be entered to cancel the effect of a comma...

Page 32: ...system to identify a single matching command press to display the available commands matching the characters already entered Nomenclature Within the CLI Ethernet ports are denoted as follows The ports may be described on an individual basis or within a range Use format port number port number to specify a set of consecutive ports and port number port number to indicate a set of non consecutive por...

Page 33: ... Returns the most recent commands from the history buffer after recalling commands with the up arrow key Repeating the key sequence will recall successively more recent commands Ctrl A Moves the cursor to the beginning of the command line Ctrl E Moves the cursor to the end of the command line Ctrl Z End Returns back to the Privileged EXEC mode from any configuration mode Backspace Deletes one char...

Page 34: ...data like encrypted passwords or keys Encrypted data cannot be copied and pasted into the device press key Names of keys to be pressed are shown in bold Ctrl F4 Keys separated by the character are to be pressed simultaneously on the keyboard Screen Display Fixed width font indicates CLI prompts CLI commands entered by the user and system messages displayed on the console all When a parameter is re...

Page 35: ...ses the listed authentication methods that follow this argument as the default list of methods when a user logs in list name Character string used to name the list of authentication methods activated when a user logs in Range 1 12 characters method1 method2 Specify at least one method from the following list Keyword Description enable Uses the enable password for authentication line Uses the line ...

Page 36: ...eate a list by entering the aaa authentication login list name method command for a particular protocol where list name is any character string used to name this list The method argument identifies the list of methods that the authentication algorithm tries in the given sequence The additional methods of authentication are used only if the previous method returns an error not if it fails To ensure...

Page 37: ...he default list of methods when using higher privilege levels list name Character string used to name the list of authentication methods activated when using access higher privilege levels Range 1 12 characters method1 method2 Specify at least one method from the following list Default Configuration If the default list is not set only the enable password is checked This has the same effect as the ...

Page 38: ...ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line All aaa authentication enable default requests sent by the device to a RADIUS or TACACS server include the username enabx where x is the requested privilege level Example The following example sets the enable password for authentication when accessing higher privilege le...

Page 39: ...r Guidelines To change or rename an authentication method use the negate command and create a new rule with the new method name Example The following example specifies the default authentication method for a console Console config line console Console config line login authentication default enable authentication The enable authentication Line Configuration mode command specifies the authenticatio...

Page 40: ...t name Uses the indicated list created with the aaa authentication enable command Default Configuration Uses the default set with the aaa authentication enable command Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the default authentication method when accessing a higher privilege level from a console Cons...

Page 41: ...authentication method1 method2 no ip http authentication Parameters method1 method2 Specify at least one method from the following list Default Configuration The local user database is checked This has the same effect as the command ip http authentication local Command Mode Global Configuration mode Keyword Description local Uses the local username database for authentication none Uses no authenti...

Page 42: ...ig ip http authentication radius tacacs local none ip https authentication The ip https authentication Global Configuration mode command specifies authentication methods for HTTPS server users To restore the default configuration use the no form of this command Syntax ip https authentication method1 method2 no ip https authentication Parameters method1 method2 Specify at least one method from the ...

Page 43: ...the previous method returns an error not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line Example The following example configures HTTPS authentication Console config ip https authentication radius tacacs local none show authentication methods The show authentication methods Privileged EXEC mode command ...

Page 44: ...mple The following example displays the authentication configuration Console show authentication methods Login Authentication Method Lists Default Radius Local Line Enable Authentication Method Lists Default Radius Enable Console_Enable Enable None LineLogin Method ListEnable Method List ConsoleConsole_LoginConsole_Login TelnetDefaultDefault SSHDefaultDefault http Radius Local https Radius Local d...

Page 45: ...d Parameters password Password for this level Range 1 159 characters encrypted Encrypted password to be entered copied from another device configuration Default Configuration No password is defined Command Mode Line Configuration mode User Guidelines If a password is defined as encrypted the required password length is 32 characters Example The following example specifies the password called secre...

Page 46: ...ssword level level Parameters password Password for this level Range 1 159 characters level Level for which the password applies If not specified the level is 15 Range 1 15 encrypted Encrypted password entered copied from another device configuration Default Configuration No enable password is defined Command Mode Global Configuration mode User Guidelines There are no user guidelines for this comm...

Page 47: ...evel level encrypted no username name Parameters name The name of the user Range 1 20 characters password The authentication password for the user Range 1 159 characters level The user level Range 1 15 If a level is not specified the level is automatically set to 1 encrypted Encrypted password entered copied from another device configuration Default Configuration No user is defined Command Mode Gl...

Page 48: ...ssword lee level 15 show users accounts The show users accounts Privileged EXEC mode command displays information about the users local database Syntax show users accounts Default Configuration No default configuration for this command Command Mode Privileged EXEC mode User Guidelines User account can be created without a password Example The following example displays information about the users ...

Page 49: ...15 Smith 15 show privilege To display your current level of privilege use the show privilege command in EXEC mode Syntax show privilege Parameters This command has no arguments or key words Default Configuration This command has no default configuration Command Mode EXEC Example Console show privilege Current privilege level is 15 ...

Page 50: ...tes Layer 3 ACLs To delete an ACL use the no form of this command Syntax ip access list access list name no ip access list access list name Parameters access list name Specifies the name of the ACL Range 0 32 characters Use for empty string Default Configuration The default for all ACLs is deny all Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command...

Page 51: ...p precedence ip precedence permit igmp any source source wildcard any destination destination wildcard ny igmp type dscp dscp number ip precedence ip precedence permit tcp any source source wildcard any source port any destination destination wildcard ny destination port dscp dscp number ip precedence ip precedence flags list of flags permit udp any source source wildcard any source port any desti...

Page 52: ...tocols that can be specified IP Protocol Abbreviated Name Protocol Number Internet Control Message Protocol icmp 1 Internet Group Management Protocol igmp 2 IP in IP encapsulation Protocol ip 4 Transmission Control Protocol tcp 6 Exterior Gateway Protocol egp 8 Interior Gateway Protocol igp 9 User Datagram Protocol udp 17 Host Monitoring Protocol hmp 20 Reliable Data Protocol rdp 27 Inter Domain P...

Page 53: ...equest domain name reply skip and photuris Range 0 255 icmp code Specifies an ICMP message code for filtering ICMP packets ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code Range 0 255 igmp type IGMP packets can be filtered by IGMP message type Enter a number or one of the following values dvmrp host query host report im or trace Range 0 255 destinat...

Page 54: ... to enable the IP Access List Configuration mode Before an Access Control Element ACE is added to an ACL all packets are permitted After an ACE is added an implied deny any any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied Example The following example shows how to define a permit statement for an IP ACL Consol...

Page 55: ...f flags eny udp disable port any source source wildcard any source port any destination destination wildcard any destination port dscp number ip precedence number Parameters disable port Specifies that the port is disabled source Specifies the IP address or host name from which the packet was sent Specify any to indicate IP address 0 0 0 0 and mask 255 255 255 255 source wildcard Optional for the ...

Page 56: ...egp 8 Interior Gateway Protocol igp 9 User Datagram Protocol udp 17 Host Monitoring Protocol hmp 20 Reliable Data Protocol rdp 27 Inter Domain Policy Routing Protocol idpr 35 Ipv6 protocol ipv6 41 Routing Header for IPv6 ipv6 route 43 Fragment Header for IPv6 ipv6 frag 44 Inter Domain Routing Protocol idrp 45 Reservation Protocol rsvp 46 General Routing Encapsulation gre 47 Encapsulating Security ...

Page 57: ... has no default configuration Command Mode IP Access List Configuration mode User Guidelines Use the ip access list Global Configuration mode command to enable the IP Access List Configuration mode Before an Access Control Element ACE is added to an ACL all packets are permitted After an ACE is added an implied deny any any condition exists at the end of the list and those packets that do not matc...

Page 58: ...L use the no form of this command Syntax mac access list name no mac access list name Parameters name Specifies the name of the ACL Range 0 32 characters Use for empty string Default Configuration The default for all ACLs is deny all Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example shows how to create a MAC ACL Conso...

Page 59: ...e MAC address Use 1s in bit positions to be ignored destination Specifies the MAC address of the host to which the packet is being sent destination wildcard Specifies wildcard bits to be applied to the destination MAC address Use 1s in bit positions to be ignored vlan id Specifies the ID of the packet vlan Range 0 4094 cos Specifies the Class of Service CoS for the packet Range 0 7 cos wildcard Sp...

Page 60: ... Console config mac access list macl acl1 Console config mac al permit 6 6 6 6 6 6 0 0 0 0 0 0 ny vlan 6 deny MAC The deny MAC Access List Configuration mode command denies traffic if the conditions defined in the deny statement match Syntax deny disable port any source source wildcard any destination destination wildcard vlan vlan id cos cos cos wildcard ethtype eth type Parameters disable port I...

Page 61: ... denied This command defines an Access Control Element ACE An ACE can only be removed by deleting the ACL using the no mac access list Global Configuration mode command Alternatively the Web based interface canbe used to delete ACEs from an ACL Before an Access Control Element ACE is added to an ACL all packets are permitted After an ACE is added an implied deny any any condition exists at the end...

Page 62: ...vice policy input Parameters input Use input policy map name to apply the specified policy map to the input interface policy map name Up to 32 characters Default Configuration This command has no default configuration Command Mode Interface configuration Ethernet VLAN Port Channel User Guidelines Only one policy map per interface per direction is supported service acl To control access to an inter...

Page 63: ...o ACL is assigned Command Mode Interface configuration Ethernet Port Channel Usage Guidelines Two ACLs of the same type can t be added to a port An ACL can t be added to a port that is already bounded to an ACL without first removing the current ACL and binding the two ACLs together show access lists The show access lists Privileged EXEC mode command displays access control lists ACLs defined on t...

Page 64: ...he following example displays access lists defined on a device Console show access lists IP access list ACL1 permit ip host 172 30 40 1 any permit rsvp host 172 30 8 8 any show interfaces access lists The show interfaces access lists Privileged EXEC mode command displays access lists applied on interfaces Syntax show interfaces access lists ethernet interface port channel port channel number Param...

Page 65: ... Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays ACLs applied to the interfaces of a device Console show interfaces access lists Interface Input e1 ACL1 e2 ACL3 ...

Page 66: ...s ARP inspection To disable ARP inspection use the no form of this command Syntax ip arp inspection no ip arp inspection Default Configuration The default configuration is set to disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example globally enables ARP inspection Console config ip arp inspection ...

Page 67: ...ntax ip arp inspection vlan id no ip arp inspection vlan id Parameters vlan id Specifies a VLAN ID Default Configuration The default configuration is set to disabled Command Mode Global Configuration mode User Guidelines This command enables ARP inspection on a VLAN based on the DHCP snooping database The ip arp inspection list assign Global Configuration mode command enables static ARP inspection...

Page 68: ... Guidelines The switch does not check ARP packets which are received on the trusted interface it simply forwards the packets For untrusted interfaces the switch intercepts all ARP requests and responses It verifies that the intercepted packets have valid IP to MAC address bindings before updating the local cache and before forwarding the packet to the appropriate destination The switch drops inval...

Page 69: ...fault Configuration The default configuration is set to disabled Command Mode Global Configuration mode User Guidelines The following are performed Source MAC Compare the source MAC address in the Ethernet header against the sender MAC address in the ARP body This check is performed on both ARP requests and responses Destination MAC Compare the destination MAC address in the Ethernet header agains...

Page 70: ... The ip arp inspection list create Global Configuration mode command creates a static ARP binding list and to enter the ARP list configuration mode To delete the list use the no form of this command Syntax ip arp inspection list create name no ip arp inspection list create name Parameters name Specifies the list name Range 1 32 characters Default Configuration No static ARP binding list exists Com...

Page 71: ...ARP list Configuration mode command displays static ARP binding To delete a binding use the no form of this command Syntax ip ip address mac mac address no ip ip address mac mac address Parameters ip address Specifies the IP address to be entered to the list mac address Specifies the MAC address associated with the IP address Default Configuration No binding is defined Command Mode ARP list Config...

Page 72: ...704C 7322 ip arp inspection list assign The ip arp inspection list assign Global Configuration mode command assigns static ARP binding lists to a VLAN To delete the assignment use the no form of this command Syntax ip arp inspection list assign vlan id name no ip arp inspection list assign vlan Parameters vlan id Specifies the VLAN ID name Specifies the list name Default Configuration No static AR...

Page 73: ...val between successive ARP SYSLOG messages To return to the default configuration use the no form of this command Syntax ip arp inspection logging interval seconds infinite no ip arp inspection logging interval Parameters seconds Specifies the minimal interval between successive ARP SYSLOG messages A 0 value means that a system message is immediately generated Range 0 86400 infinite Specifies SYSL...

Page 74: ...logging interval show ip arp inspection The show ip arp inspection EXEC mode command displays the ARP inspection configuration Syntax show ip arp inspection ethernet interface port channel port channel number Parameters interface Specifies an Ethernet port port channel number Specifies a port channel number Default Configuration This command has no default configuration Command Mode EXEC User Guid...

Page 75: ...ion is configured on following VLANs 2 7 18 Verification of packet header is enabled Syslog messages interval 5 seconds InterfaceTrusted e1yes e2no show ip arp inspection list The show ip arp inspection list Privileged EXEC mode command displays the static ARP binding list Syntax show ip arp inspection list Default Configuration This command has no default configuration Command Mode Privileged EXE...

Page 76: ...SPS224G4 SPS2024 Command Line Interface Reference Guide 74 4 Example The following example displays the static ARP binding list Console show ip arp inspection list List name servers Assigned to VLANs 1 2 IP ARP 172 16 1 1 0060 704C 7321 172 16 1 2 0060 704C 7322 ...

Page 77: ...anent delete on reset delete on timeout secure no bridge address mac address Parameters mac address A valid MAC address interface A valid Ethernet port port channel number A valid port channel number permanent The address can only be deleted by the no bridge address command delete on reset The address is deleted after reset delete on timeout The address is deleted after age out time has expired se...

Page 78: ...eletes all static MAC addresses belonging to this VLAN Example The following example adds a permanent static MAC layer station source address 3aa2 64b3 a245 on port 1 to the bridge table Console config interface vlan 2 Console config if bridge address 3aa2 64b3 a245 ethernet e16 permanent bridge multicast filtering The bridge multicast filtering Global Configuration mode command enables filtering ...

Page 79: ...e used to enable forwarding all Multicast packets to the Multicast switches Example In the following example bridge Multicast filtering is enabled Console config bridge multicast filtering bridge multicast address The bridge multicast address Interface Configuration VLAN mode command registers a MAC layer Multicast address in the bridge table and statically adds ports to the group To unregister th...

Page 80: ... hyphen is used to designate a range of ports port channel number list Separate nonconsecutive port channels with a comma and no spaces a hyphen is used to designate a range of port channels Default Configuration No Multicast addresses are defined Command Mode Interface Configuration VLAN mode User Guidelines If the command is executed without add or remove the command only registers the group in ...

Page 81: ...iguration Syntax bridge multicast forbidden address mac multicast address ip multicast address add remove ethernet interface list port channel port channel number list no bridge multicast forbidden address mac multicast address ip multicast address Parameters add Adds ports to the group If no option is specified this is the default option remove Removes ports from the group mac multicast address A...

Page 82: ...dden on port e9 within VLAN 8 Console config interface vlan 8 Console config if bridge multicast address 01 00 5e 02 02 03 Console config if bridge multicast forbidden address 01 00 5e 02 02 03 add ethernet e9 bridge multicast forward all The bridge multicast forward all Interface Configuration VLAN mode command enables forwarding all Multicast packets on a port Use the no form of this command to ...

Page 83: ... hyphen is used to designate a range of ports port channel number list Separate nonconsecutive port channels with a comma and no spaces a hyphen is used to designate a range of port channels Default Configuration This setting is disabled Command Mode Interface Configuration VLAN mode User Guidelines There are no user guidelines for this command Example In this example all Multicast packets on port...

Page 84: ... all Parameters add Forbids forwarding all Multicast packets remove Does not forbid forwarding all Multicast packets interface list Separates nonconsecutive Ethernet ports with a comma and no spaces a hyphen is used to designate a range of ports port channel number list Separates nonconsecutive port channels with a comma and no spaces a hyphen is used to designate a range of port channels Default ...

Page 85: ...n forward all add ethernet e1 bridge aging time The bridge aging time Global Configuration mode command sets the address table aging time To restore the default configuration use the no form of this command Syntax bridge aging time seconds no bridge aging time Parameters seconds Time in seconds Range 10 630 seconds Default Configuration The default setting is 300 seconds Command Mode Global Config...

Page 86: ...ridge aging time 250 clear bridge The clear bridge Privileged EXEC mode command removes any learned entries from the forwarding database Syntax clear bridge Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In the following example the bridge tables are cleared Console clear bridge...

Page 87: ...ets with unlearned source addresses but does not learn the address discard Discards packets with unlearned source addresses This is the default if no option is indicated discard shutdown Discards packets with unlearned source addresses The port is also shut down seconds Sends SNMP traps and defines the minimum amount of time in seconds between consecutive traps Range 1 1000000 max Maximum number o...

Page 88: ...port security mode Interface Configuration mode command configures the port security mode To restore defaults use the no form of this command Syntax port security mode lock mac addresses no port security mode Parameters lock Saves the current dynamic MAC addresses associated with the port and disables learning relearning and aging mac addresses Deletes the current dynamic MAC addresses associated ...

Page 89: ...mac addresses port security max The port security max Interface Configuration mode command configures the maximum addresses that can be learned on the port while the port is in port security max addresses mode Use the no form of this command to return to default Syntax port security max max addr no port security max Parameters max addr Maximum number of addresses that can be learned on the port Th...

Page 90: ... mode Console config interface ethernet e7 Console config if port security max max addr show bridge address table The show bridge address table Privileged EXEC mode command displays all entries in the bridge forwarding database Syntax show bridge address table vlan vlan ethernet interface port channel port channel number address mac address Parameters vlan Specifies a valid VLAN such as VLAN 1 int...

Page 91: ...layed in the MAC address table This includes for example MAC addresses defined in ACLs Example In this example all classes of entries in the bridge forwarding database are displayed Console show bridge address table Aging time is 300 secs interface mac address Port Type 1 00 60 70 4C 73 FF e8 dynamic 1 00 60 70 8C 73 FF e8 dynamic 200 00 10 0D 48 37 FF e9 static show bridge address table static Th...

Page 92: ...er Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example all static entries in the bridge forwarding database are displayed Console show bridge address table static Aging time is 300 sec vlan mac address port type 1 00 60 70 4C 73 FF e8 Permanent 1 00 60 70 8C 73 FF e8 ...

Page 93: ...count vlan vlan Ethernet interface number port channel port channel number Parameters vlan Specifies a valid VLAN such as VLAN 1 interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example the num...

Page 94: ...ss or IP Address Table information Syntax show bridge multicast address table vlan vlan id address mac multicast address ip multicast address format ip format mac Parameters vlan id Indicates the VLAN ID This has to be a valid VLAN ID value mac multicast address A valid MAC Multicast address ip multicast address A valid IP Multicast address format ip mac Multicast address format Can be ip or ac If...

Page 95: ...icast address table Vlan MAC Address Type Ports 1 01 00 5e 02 02 03 static e1 e13 19 01 00 5e 02 02 08 static e1 e8 19 00 00 5e 02 02 08 dynamic e9 e11 Forbidden ports for multicast addresses Vlan MAC Address Ports 1 01 00 5e 02 02 03 e16 19 01 00 5e 02 02 08 e16 Console show bridge multicast address table format ip Vlan IP MAC Address Type Ports 1 224 239 130 2 2 3 static e1 e13 19 224 239 130 2 ...

Page 96: ... addresses Syntax show bridge multicast address table static vlan vlan id address mac multicast address ip multicast address source ip address Parameters vlan id Indicates the VLAN ID This has to be a valid VLAN ID value mac multicast address A valid MAC Multicast address ip multicast address A valid IP Multicast address ip address Source IP address Default Configuration This command has no defaul...

Page 97: ...for Multicast addresses Vlan MAC Address Ports show bridge multicast filtering The show bridge multicast filtering Privileged EXEC mode command displays the Multicast filtering configuration Syntax show bridge multicast filtering vlan id Parameters vlan id Indicates the VLAN ID This has to be a valid VLAN ID value Default Configuration This command has no default configuration Command Mode Privile...

Page 98: ...ing Enabled VLAN 1 Port Static Status e1 Filter e2 Filter e3 Filter show ports security The show ports security Privileged EXEC mode command displays the port lock status Syntax show ports security ethernet interface port channel port channel number Parameters interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configura...

Page 99: ...ency e1 Locked Dynamic Discard 3 Enable100 e2 Unlocked Dynamic 28 e3 Locked Disabled Discard 8 Disable Shutdown The following table describes the fields shown above Field Description Port The port number Status The values are Locked Unlocked Learning The learning mode Action Action on violation Maximum The maximum number of addresses that can be associated on this port in the Static Learning mode ...

Page 100: ...t interface port channel port channel number Parameters interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example This example displays dynamic addresses in all currently locked ports Console show ports securit...

Page 101: ...Port is a member in port channel ch1 e5 Disabled Lock 1 e6 Enabled Max addresses 0 10 ch1 Enabled Max addresses 0 50 ch2 Enabled Max addresses 0 128 This example displays dynamic addresses in the currently locked port e1 Console show ports security addresses ethernet e1 Port Status Learning Current Maximum e1 Disabled Lock 1 ...

Page 102: ...month year or clock set hh mm ss month day year Parameters hh mm ss Current time in hours military format minutes and seconds hh 0 23 mm 0 59 ss 0 59 day Current day by date in the month Range 1 31 month Current month using the first three letters by name Range Jan Dec year Current year Range 2000 2097 Default Configuration This command has no default configuration Command Mode Privileged EXEC mod...

Page 103: ...5 Console clock set 13 32 00 7 Mar 2005 clock source The clock source Global Configuration mode command configures an external time source for the system clock Use the no form of this command to disable external time source Syntax clock source sntp no clock source Parameters sntp SNTP servers Default Configuration No external clock source Command Mode Global Configuration mode User Guidelines Ther...

Page 104: ... the time zone for display purposes Use the no form of this command to set the time to the Coordinated Universal Time UTC Syntax clock timezone hours offset minutes minutes offset zone acronym no clock timezone Parameters hours offset Hours difference from UTC Range 12 hours to 13 hours minutes offset Minutes difference from UTC Range 0 59 acronym The acronym of the time zone Range Up to 4 charact...

Page 105: ...form of this command to configure the software not to automatically switch to summer time Syntax clock summer time recurring usa eu week day month hh mm week day month hh mm offset offset one acronym clock summer time date date month year hh mm date month year hh mm offset offset zone acronym clock summer time date month date year hh mm month date year hh mm offset offset zone acronym no clock sum...

Page 106: ...The acronym of the time zone to be displayed when summer time is in effect Range Up to 4 characters Default Configuration Summer time is disabled offset Default is 60 minutes acronym If unspecified defaults to the time zone acronym If the time zone has not been defined the default is UTC Command Mode Global Configuration mode User Guidelines In both the date and recurring forms of the command the ...

Page 107: ...me starting on the first Sunday in April at 2 am and finishing on the last Sunday in October at 2 am Console config clock summer time recurring first sun apr 2 00 last sun oct 2 00 sntp authentication key The sntp authentication key Global Configuration mode command defines an authentication key for Simple Network Time Protocol SNTP Use the no form of this command to remove the authentication key ...

Page 108: ...e following example defines the authentication key for SNTP Console config sntp authentication key 8 md5 ClkKey sntp authenticate The sntp authenticate Global Configuration mode command grants authentication for received Simple Network Time Protocol SNTP traffic from servers Use the no form of this command to disable the feature Syntax sntp authenticate no sntp authenticate Default Configuration N...

Page 109: ...entication Console config sntp authentication key 8 md5 ClkKey Console config sntp trusted key 8 sntp port To specify the Simple Network Time Protocol SNTP UDP port of the SNTP server use the sntp port global configuration command To use the default port use the no form of this command Syntax sntp port port number no sntp port Parameters port number Port number for use by SNTP Range 1 65535 Defaul...

Page 110: ...he identity of a system to which Simple Network Time Protocol SNTP will synchronize Use the no form of this command to disable authentication of the identity of the system Syntax sntp trusted key key number no sntp trusted key key number Parameters key number Key number of authentication key to be trusted Range 1 4294967295 Default Configuration No keys are trusted Command Mode Global Configuratio...

Page 111: ...rusted key 8 sntp client poll timer The sntp client poll timer Global Configuration mode command sets the polling time for the Simple Network Time Protocol SNTP client Use the no form of this command to restore default configuration Syntax sntp client poll timer seconds no sntp client poll timer Parameters seconds Polling interval in seconds Range 60 86400 Default Configuration Polling interval is...

Page 112: ...enables Simple Network Time Protocol SNTP Broadcast clients Use the no form of this command to disable SNTP Broadcast clients Syntax sntp broadcast client enable no sntp broadcast client enable Default Configuration The SNTP Broadcast client is disabled Command Mode Global Configuration mode User Guidelines Use the sntp client enable Interface Interface Configuration mode command to enable the SNT...

Page 113: ...ent Syntax sntp anycast client enable no sntp anycast client enable Default Configuration The SNTP Anycast client is disabled Command Mode Global Configuration mode User Guidelines Polling time is determined by the sntp client poll timer Global Configuration mode command Use the sntp client enable Interface Interface Configuration mode command to enable the SNTP client on a specific interface Exam...

Page 114: ...ethernet interface port channel port channel number no sntp client enable vlan vlan id ethernet interface port channel port channel number Parameters vlan id VLAN number interface Valid Ethernet port port channel number Valid port channel number Default Configuration The SNTP Anycast client is disabled Command Mode Global Configuration mode User Guidelines Use the sntp broadcast client enable Glob...

Page 115: ...es the Simple Network Time Protocol SNTP client on an interface This applies to both receive Broadcast and Anycast updates Use the no form of this command to disable the SNTP client Syntax sntp client enable no sntp client enable Default Configuration The SNTP client is disabled on an interface Command Mode Interface Configuration Ethernet port channel VLAN mode User Guidelines Use the sntp broadc...

Page 116: ...Time Protocol SNTP to request and accept SNTP traffic from servers Use the no form of this command to disable requesting and accepting SNTP traffic from servers Syntax sntp unicast client enable no sntp unicast client enable Default Configuration The SNTP Unicast client is disabled Command Mode Global Configuration mode User Guidelines Use the sntp server Global Configuration mode command to defin...

Page 117: ...fined Unicast servers Use the no form of this command to disable the polling for SNTP client Syntax sntp unicast client poll no sntp unicast client poll Default Configuration Polling is disabled Command Mode Global Configuration mode User Guidelines Polling time is determined by the sntp client poll timer Global Configuration mode command Example The following example enables polling for SNTP pred...

Page 118: ...servers Syntax sntp server ip address hostname oll key keyid no sntp server host Parameters ip address IP address of the server hostname Hostname of the server Range 1 158 characters Maximum label size 63 poll Enable polling keyid Authentication key to use when sending packets to this peer Range 1 4294967295 Default Configuration No servers are defined Command Mode Global Configuration mode User G...

Page 119: ...timer Global Configuration mode command Example The following example configures the device to accept SNTP traffic from the server on 192 1 1 1 Console config sntp server 192 1 1 1 show clock The show clock Privileged EXEC mode command displays the time and date from the system clock Syntax show clock detail Parameters detail Shows time zone and summertime configuration Default Configuration This ...

Page 120: ...em clock Console show clock 15 29 03 PDT UTC 7 Jun 17 2005 Time source is SNTP Console show clock detail 15 29 03 PDT UTC 7 Jun 17 2005 Time source is SNTP Time zone Acronym is PST Offset is UTC 8 Summertime Acronym is PDT Recurring every year Begins at first Sunday of April at 2 00 Ends at last Sunday of October at 2 00 Offset is 60 minutes Symbol Description Time is not authoritative blank Time ...

Page 121: ...figuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the current SNTP configuration of the device Console show sntp configuration Polling interval 1024 seconds MD5 Authentication keys 8 9 Authentication is required for synchronization Trusted Keys 8 9 Unicast Clien...

Page 122: ...ows the status of the Simple Network Time Protocol SNTP Syntax show sntp status Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows the status of the SNTP Console show sntp status Clock is synchronized stratum 4 reference is 176 1 1 8 unicast Reference tim...

Page 123: ... 1 1 8 Up 19 58 22 289 PDT Feb 19 2005 7 33 117 79 176 1 8 179 Unknown 12 17 17 987 PDT Feb 19 2005 8 98 189 19 Anycast server Server InterfaceStatus Last response Offset Delay mSec mSec 176 1 11 8VLAN 118 Up 9 53 21 789 PDT Feb 19 2005 7 19 119 89 Broadcast Interface IP Address Last response e13 0 0 0 0 00 00 00 0 Feb 19 2005 vlan 1 16 1 1 200 15 15 16 0 LLBG Feb 19 2006 ...

Page 124: ...racters destination url The destination file URL or reserved keyword of the destination file Range 1 160 characters snmp Used only when copying from to startup config Specifies that the destination source file is in SNMP format The following table displays keywords and URL prefixes Keyword Source or Destination running config Represents the current running configuration file startup config Represe...

Page 125: ...Some invalid combinations of source and destination exist Specifically you cannot copy if one of these conditions exists The source file and destination file are the same file xmodem is the destination file The source file can be copied to image boot and null only tftp is the source file and destination file on the same copy boot Boot file tftp Source or destination URL for a TFTP network server T...

Page 126: ...configuration files with the loaded configuration file taking precedence Copying a Configuration File from a Server to the Startup Configuration To copy a configuration file from a network server to the startup configuration file of the device enter copy source url startup config The startup configuration file is replaced by the copied configuration file Storing the Running or Startup Configuratio...

Page 127: ...172 16 101 101 file1 image Accessing file file1 on 172 16 101 101 Loading file1 from 172 16 101 101 OK Copy took 0 01 11 hh mm ss delete startup config The delete startup config Privileged EXEC mode command deletes the startup config file Syntax delete startup config This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EX...

Page 128: ...he currently running configuration file Syntax show running config Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines show running config does not show all the port configurations under the port Although the device is already configured with some default parameters show running config on an empty device is empty Examples The following ...

Page 129: ...dress 00 00 00 00 00 01 ethernet g1 exit interface ethernet g1 gvrp enable exit gvrp enable interface ethernet g24 ip address dhcp exit ip name server 10 6 1 36 console show startup config The show startup config Privileged EXEC mode command displays the contents of the startup configuration file Syntax show startup config Default Configuration This command has no default configuration Command Mod...

Page 130: ...here are no user guidelines for this command Example The following example displays the contents of the running configuration file Console show startup config hostname device interface ethernet e1 ip address 176 242 100 100 255 255 255 0 duplex full speed 1000 interface ethernet e2 ip address 176 243 100 100 255 255 255 0 duplex full speed 1000 ...

Page 131: ... ip dhcp snooping no ip dhcp snooping Default Configuration The default configuration is set to disabled Command Mode Global Configuration mode User Guidelines For any DHCP snooping configuration to take effect DHCP snooping must be globally enable DHCP snooping is not active until you enable snooping on a VLAN by using the ip dhcp snooping vlan Global Configuration mode command Example The follow...

Page 132: ...and to disable DHCP snooping on a VLAN Syntax ip dhcp snooping vlan vlan id no ip dhcp snooping vlan id Parameters vlan id Specifies the VLAN ID Default Configuration The default configuration is set to disabled Command Mode Global Configuration mode User Guidelines DHCP snooping must first be globally enable before enabling DHCP snooping on a VLAN Example The following example enables DHCP snoopi...

Page 133: ...onfiguration Syntax ip dhcp snooping trust no ip dhcp snooping trust Default Configuration The interface is untrusted Command Mode Interface Configuration Ethernet Port channel mode User Guidelines Configure as trusted ports Ports that are connected to a DHCP server or to other switches or routers Configure as untrusted ports Ports that are connected to DHCP clients Example The following example c...

Page 134: ...form of this command to configure the switch to drop these packets from an untrusted port Syntax ip dhcp information option allowed untrusted no ip dhcp information option allowed untrusted Default Configuration Discard DHCP packets with option 82 information from an untrusted port Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The foll...

Page 135: ... the switch to not verify the MAC addresses Syntax ip dhcp snooping verify no ip dhcp snooping verify Default Configuration The switch verifies the source MAC address in a DHCP packet that is received on untrusted ports matches the client hardware address in the packet Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example...

Page 136: ... ip dhcp snooping database no ip dhcp snooping database Default Configuration The URL is not defined Command Mode Global Configuration mode User Guidelines To ensure that the lease time in the database is accurate and the Simple Network Time Protocol SNTP is enabled and configured The switch writes binding changes to the binding file only when the switch system clock is synchronized with SNTP Exam...

Page 137: ...s command to return to the default configuration Syntax ip dhcp snooping database update freq seconds no ip dhcp snooping database update freq Parameters seconds Specifies in seconds the update frequency Range 600 86400 Default Configuration The default value is 1200 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example c...

Page 138: ...no ip dhcp snooping binding mac address vlan id Parameters mac address Specifies a MAC address vlan id Specifies a VLAN number ip address Specifies an IP address interface Specifies an Ethernet port port channel number Specifies the Port channel number expiry seconds Specifies the interval in seconds after which the binding entry is no longer valid Range 10 4294967295 Default Configuration No stat...

Page 139: ...p snooping binding clear ip dhcp snooping database The clear ip dhcp snooping database Privileged EXEC mode command clears the DHCP binding database Syntax clear ip dhcp snooping database Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example clears the DHCP bindin...

Page 140: ...ort port channel number Specifies the Port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the DHCP snooping configuration Console show ip dhcp snooping DHCP snooping is enabled DHCP snooping is configured on following VLANs 2 7 18 DH...

Page 141: ...tion information for all interfaces on a switch Syntax show ip dhcp snooping binding mac address mac address ip address ip address vlan vlan id ethernet interface port channel port channel number Parameters mac address Specifies a MAC address ip address Specifies an IP address vlan id Specifies a VLAN number interface Specifies an Ethernet port port channel number Specifies the Port channel number...

Page 142: ...mmand Example The following example displays the DHCP snooping binding database and configuration information for all interfaces on a switch Console show ip dhcp snooping binding Update frequency 1200 Total number of binding 3 Mac Address IP Address Lease Type VLAN Interface sec 0060 704C 73FF 10 1 8 1 7983 snooping 3 e21 10060 704C 7BC1 10 1 8 2 92332 snooping 3 e22 s ...

Page 143: ... features on your router Use the no form of this command to disable the relay agent features Syntax ip dhcp relay enable no ip dhcp relay enable Default Configuration DHCP is disabled on the router Command Mode Global Interface Configuration mode User Guidelines This command is only functional if the device is in Router mode Example The following example enables DHCP services on the DHCP Server Co...

Page 144: ...DHCP relay features for an interface Use the no form of this command to disable the relay agent features Syntax ip dhcp relay enable no ip dhcp relay enable Default Configuration For a switch Disabled Command Mode For a switch Interface Configuration VLAN mode User Guidelines DHCP relay must be enabled before enabling DHCP snooping on an interface Example The following example enables DHCP service...

Page 145: ...P servers list Syntax ip dhcp relay address ip address no ip dhcp relay address ip address Parameters ip address DHCP server IP address Up to 8 servers can be defined Default Configuration No server is defined Command Mode Global Configuration mode User Guidelines If no IP address is specified when using the no form of the command all configured servers are removed Example The following example de...

Page 146: ...HCP relay server addresses available for DHCP relay Syntax show ip dhcp relay Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command is only functional if the device is in Router mode Example The following example displays DHCP relay server addresses Console show ip dhcp relay DHCP relay is enabled Servers 172 16 1 11 172 16 8...

Page 147: ... of this command to disable DHCP option 82 data insertion Syntax ip dhcp information option no ip dhcp information option Default Configuration DHCP option 82 data insertion is enabled Command Mode Global Configuration mode User Guidelines DHCP option 82 is enabled when DHCP snooping is enabled on VLANs Example The following example configures the update frequency of the DHCP snooping binding file...

Page 148: ...he DHCP option 82 configuration Syntax show ip dhcp information option Default Configuration No default configuration for this command Command Mode Privileged EXEC mode User Guidelines DHCP option 82 is enabled when DHCP snooping is enabled on VLANs Example The following example configures the update frequency of the DHCP snooping binding file Console show ip dhcp information option Relay agent in...

Page 149: ...se the no form of this command Syntax ip dhcp autoconfig no ip dhcp autoconfig Command Mode Global configuration Default Configuration By default the feature is enabled Usage Guidelines The command enables the support of auto configuration via DHCP option 67 field The DHCP server should be provisioned with the configuration file URL in a TFTP server The configuration data is set to the device upon...

Page 150: ...le Parameters filename Auto configuration file name up to 160 characters Command Mode Global configuration Default Configuration By default the filename is null Usage Guidelines The command sets the auto configuration filename Normally the name is received via DHCP option 67 procedure from the DHCP server when auto config is enabled Since auto configuration takes place only when the configuration ...

Page 151: ...erence Guide 149 11 show ip dhcp autoconfig To show the status of the IP DHCP autoconfig mode use the show ip dhcp autoconfig EXEC command Syntax show ip dhcp autoconfig Command Mode EXEC Example Device show ip dhcp autoconfig DHCP autoconfig enabled Ip dhcp autoconfig filename config configfile1 txt ...

Page 152: ...nfiguration mode to configure an Ethernet type interface Syntax interface ethernet interface Parameters interface Valid Ethernet port Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables configuring Ethernet port e18 Console config interface ethernet...

Page 153: ...aces use a hyphen to designate a range of ports and group a list separated by commas in brackets all All Ethernet ports Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each active interface in the range If the command returns an error on one of the active ...

Page 154: ...d interface Syntax shutdown no shutdown Default Configuration The interface is enabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example disables Ethernet port e5 operations Console config interface ethernet e5 Console config if shutdown The following example restarts the disabled Ethernet por...

Page 155: ...escription string no description Parameters string A comment or a description of the port to allow the user to remember the purpose of the interface Range 1 64 characters Default Configuration The interface does not have a description Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example adds a de...

Page 156: ...ot using auto negotiation NOTE To configure the speed of a fiber SFP port use the sfp speed command Syntax speed 10 100 1000 10000 Parameters 10 Forces 10 Mbps operation 100 Forces 100 Mbps operation 1000 Forces 1000 Mbps operation 10000 Forces 10000 Mbps operation Default Configuration Maximum port capability 38400 Command Mode Interface Configuration Ethernet port channel mode User Guidelines Th...

Page 157: ...nd configures the full half duplex operation of a given Ethernet interface when not using auto negotiation Use the no form of this command to restore the default configuration NOTE SPS224G4 combo ports This command applies when the copper port is used The configuration does not apply when an SFP is plugged to the port Syntax duplex half full no duplex Parameters half Forces half duplex operation f...

Page 158: ...eration Console config interface ethernet 1 Console config if duplex full negotiation The negotiation Interface Configuration Ethernet port channel mode command enables auto negotiation operation for the speed and duplex parameters of a given interface Use the no form of this command to disable auto negotiation NOTE SPS224G4 combo ports This command applies when the copper port is used The configu...

Page 159: ...re specified at the time when auto negotiation is entered not specifying capabilities when entering auto negotiation overrides the previous configuration and enables all capabilities Example The following example enables auto negotiation on Ethernet port 1 Console config interface ethernet 1 Console config if negotiation port jumbo frame Use port jumbo frame command to enable jumbo frames for the ...

Page 160: ...effective only after reset Command Mode Global configuration Examples Console config port jumbo frame show system flowcontrol The command is for SPS2024 only Use the show system flowcontrol command to display the cascade ports flowcontrol state Syntax show system flowcontrol Parameters This command has no arguments or keywords Default Configuration The command has no default configuration ...

Page 161: ...rface Use the no form of this command to disable flow control Syntax flowcontrol auto on off rx tx no flowcontrol Parameters auto Indicates auto negotiation on Enables flow control off Disables flow control rx Enables receiving pause frames only tx Enables transmitting pause frames only Default Configuration Flow control is off Command Mode Interface Configuration Ethernet port channel mode User G...

Page 162: ...ration Ethernet mode command enables cable crossover on a given interface Use the no form of this command to disable cable crossover NOTE SPS224G4 combo ports This command applies when the copper port is used The configuration does not apply when an SFP is plugged to the port Syntax mdix on auto no mdix Parameters on Manual mdix is enabled auto Automatic mdi mdix is enabled Default Configuration T...

Page 163: ...able and to connect to another device only with a normal cable Example In the following example automatic crossover is enabled on port 1 Console config interface ethernet 1 Console config if mdix auto back pressure The back pressure Interface Configuration Ethernet port channel mode command enables back pressure on a given interface Use the no form of this command to disable back pressure NOTE SPS...

Page 164: ...mple In the following example back pressure is enabled on port 1 Console config interface ethernet 1 Console config if back pressure port jumbo frame Use port jumbo frame command to enable jumbo frames for the device To disable it use the no form of this command Syntax port jumbo frame no port jumbo frame Parameters This command has no arguments or keywords Default Configuration Off Usage Guidelin...

Page 165: ... sfp speed command is supported in SPS2xx products Syntax sfp speed 100 1000 auto no sfp speed Parameters 100 100 Mbps 1000 1000 Mbps auto Detects the SFP capabilities and determines the speed as follows When multi speed SFP is supported the highest speed is selected If SFP capability cannot be detected 1000 Mbps is selected Default Configuration The default configuration is auto Command Mode Inte...

Page 166: ...sfp speed 100 1 clear counters The clear counters Privileged EXEC mode command clears statistics on an interface Syntax clear counters ethernet interface port channel port channel number Parameters interface Valid Ethernet port port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no...

Page 167: ...vileged EXEC mode command reactivates a shutdown interface Syntax set interface active ethernet interface port channel port channel number Parameters interface Valid Ethernet port port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command is used to activate interfaces that were config...

Page 168: ...n The show interfaces configuration Privileged EXEC mode command displays the configuration for all configured interfaces Syntax show interfaces configuration ethernet interface port channel port channel number Parameters interface Valid Ethernet port port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User...

Page 169: ...100 Enabled Off Up Disabled Auto 5 100M Copper Full 100 Enabled Off Up Disabled Auto 6 100M Copper Full 100 Enabled Off Up Disabled Auto 7 100M Copper Full 100 Enabled Off Up Disabled Auto 8 100M Copper Full 100 Enabled Off Up Disabled Auto 9 100M Copper Full 100 Enabled Off Up Disabled Auto 10 100M Copper Full 100 Enabled Off Up Disabled Auto 11 100M Copper Full 100 Enabled Off Up Disabled Auto s...

Page 170: ...lines for this command Example The following example displays the status of all configured interfaces Console show interfaces status Port Type Duplex Speed Neg Flow Link Back Mdix Ctrl State Pressure Mode 1 100M Copper Down 2 100M Copper Down 3 100M Copper Down 4 100M Copper Down 5 100M Copper Full 100 Enabled Up Disabled Auto 6 100M Copper Down 7 100M Copper Down 8 100M Copper Down 9 100M Copper ...

Page 171: ...nnel port channel number Parameters interface Valid Ethernet port port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays auto negotiation information Console show interfaces advertise Port Type Neg Operational ...

Page 172: ...d 12 100M Copper Enabled show interfaces description The show interfaces description Privileged EXEC mode command displays the description for all configured interfaces Syntax show interfaces description ethernet interface port channel port channel number Parameters interface Valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default confi...

Page 173: ... description Port Description e1 lab e2 e3 e4 e5 e6 ch1 ch2 show interfaces counters The show interfaces counters Privileged EXEC mode command displays traffic seen by the physical interface Syntax show interfaces counters ethernet interface port channel port channel number Parameters interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command...

Page 174: ... Example The following example displays traffic seen by the physical interface Console show interfaces counters Port InOctets InUcastPkts InMcastPkts InMcastPkts e1 183892 0 0 0 e2 0 0 0 0 e3 123899 0 0 0 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts e1 9188 0 0 0 e2 0 0 0 0 e3 8789 0 0 0 Ch InOctets InUcastPkts InMcastPkts InMcastPkts 1 27889 0 0 0 Ch OutOctets OutUcastPkts OutMcastPkts O...

Page 175: ...ackets0 Internal MAC Rx Errors0 Received Pause Frames0 Transmitted Pause Frames0 The following table describes the fields shown in the display Field Description InOctets Counted received octets InUcastPkts Counted received Unicast packets InMcastPkts Counted received Multicast packets InBcastPkts Counted received Broadcast packets OutOctets Counted transmitted octets OutUcastPkts Counted transmitt...

Page 176: ... in a single collision and are subsequently transmitted successfully Late Collisions Number of times that a collision is detected later than one slotTime into the transmission of a packet Oversize Packets Counted frames received that exceed the maximum permitted frame size Internal MAC Rx Errors Counted frames for which reception fails due to an internal MAC sublayer received error Received Pause ...

Page 177: ...d after reset port storm control broadcast enable The port storm control broadcast enable Interface Configuration Ethernet mode command enables Broadcast storm control Use the no form of this command to disable Broadcast storm control Syntax port storm control broadcast enable no port storm control broadcast enable Default Configuration Broadcast storm control is disabled Command Mode Interface Co...

Page 178: ...storm control broadcast rate The port storm control broadcast rate Interface Configuration Ethernet mode command configures the maximum Broadcast rate Use the no form of this command to restore the default configuration Syntax port storm control broadcast rate rate no port storm control broadcast rate Parameters rate Maximum kilobits per second of Broadcast and Multicast traffic on a port Range fo...

Page 179: ... port storm control broadcast rate 4000 port storm control include multicast The port storm control include multicast Interface Configuration mode command enables counting Multicast packets in the port storm control broadcast rate command Use the no form of this command to disable counting Multicast packets Syntax port storm control include multicast no port storm control include multicast Default...

Page 180: ...obal Configuration mode Command enables unknown unicast storm control for FE ports Use the no form of this command to disable storm control Syntax port storm control unknown unicast fastethernet enable no port storm control unknown unicast fastethernet enable Default Configuration Unknown unicast storm control for FE ports are disabled Command Mode Global Configuration mode User Guidelines Use the...

Page 181: ...Global Configuration mode command configures the maximum rate of unknown unicast storm control for FE ports Use the no form of this command to return to default Syntax port storm control unknown unicast fastethernet rate rate no port storm control unknown unicast fastethernet rate Parameters rate Maximum of kilobits per second of broadcast traffic on a port Range 3 5M 100M Default Configuration Th...

Page 182: ...n unicast storm control for FE ports to 10M console config port storm control unknown unicast fastethernet rate 3500 show ports storm control The show ports storm control Privileged EXEC mode command displays the storm control configuration Syntax show ports storm control interface Parameters interface A valid Ethernet port Default Configuration This command has no default configuration Command Mo...

Page 183: ...e Guide 181 12 Example The following example displays the storm control configuration Console show ports storm control Port State Rate Kbits Sec Included e1 Disabled 3500 Broadcast e2 Disabled 3500 Broadcast e3 Disabled 3500 Broadcast e4 Disabled 3500 Broadcast e5 Disabled 3500 Broadcast e6 Disabled 3500 Broadcast ...

Page 184: ...e device is manually configured with all desired VLANs for the network and all other devices on the network learn these VLANs dynamically The gvrp enable Global Configuration mode command enables GVRP globally Use the no form of this command to disable GVRP on the device Syntax gvrp enable no gvrp enable Default Configuration GVRP is globally disabled Command Mode Global Configuration mode User Gu...

Page 185: ...nables GVRP on an interface Use the no form of this command to disable GVRP on an interface Syntax gvrp enable no gvrp enable Default Configuration GVRP is disabled on all interfaces Command Mode Interface Configuration Ethernet port channel mode User Guidelines An access port does not dynamically join a VLAN because it is always a member in only one VLAN Membership in an untagged VLAN is propagat...

Page 186: ...join leave and leaveall timers of GARP applications Use the no form of this command to restore the default configuration Syntax garp timer join leave leaveall timer_value no garp timer Parameters join leave leaveall Indicates the type of timer timer_value Timer values in milliseconds in multiples of 10 Range 10 2147483640 Default Configuration Following are the default timer values Join timer 200 ...

Page 187: ...ARP application will not operate successfully Example The following example sets the leave timer for Ethernet port e6 to 900 milliseconds Console config interface ethernet e6 Console config if garp timer leave 900 gvrp vlan creation forbid The gvrp vlan creation forbid Interface Configuration Ethernet port channel mode command disables dynamic VLAN creation or modification Use the no form of this ...

Page 188: ...Ethernet port 1 Console config interface ethernet 1 Console config if gvrp vlan creation forbid gvrp registration forbid The gvrp registration forbid Interface Configuration Ethernet port channel mode command de registers all dynamic VLANs on a port and prevents VLAN creation or registration on the port Use the no form of this command to allow dynamic registration of VLANs on a port Syntax gvrp re...

Page 189: ...ation forbid clear gvrp statistics The clear gvrp statistics Privileged EXEC mode command clears all GVRP statistical information Syntax clear gvrp statistics ethernet interface port channel port channel number Parameters interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode ...

Page 190: ...ed EXEC mode command displays GVRP configuration information including timer values whether GVRP and dynamic VLAN creation is enabled and which ports are running GVRP Syntax show gvrp configuration ethernet interface port channel port channel number Parameters interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configura...

Page 191: ...ration Dynamic VLAN Join Leave Leave All Creation e1 Enabled Normal Enabled 200 600 10000 e4 Enabled Normal Enabled 200 600 10000 show gvrp statistics The show gvrp statistics Privileged EXEC mode command displays GVRP statistics Syntax show gvrp statistics ethernet interface port channel port channel number Parameters interface A valid Ethernet port port channel number A valid port channel number...

Page 192: ...d rLE Leave Empty Received rLA Leave All Received sJE Join Empty Sent sJIn Join In Sent sEmp Empty Sent sLIn Leave In Sent sLE Leave Empty Sent sLA Leave All Sent Port rJE rJIn rEmp rLIn rLE rLA sJE sJIn sEmp sLIn sLE sLA show gvrp error statistics The show gvrp error statistics Privileged EXEC mode command displays GVRP error statistics Syntax show gvrp error statistics ethernet interface port ch...

Page 193: ...re are no user guidelines for this command Example The following example displays GVRP statistical information Console show gvrp error statistics GVRP Error Statistics Legend INVPROT Invalid Protocol Id INVALEN Invalid Attribute Length INVATYP Invalid Attribute Type INVEVENT Invalid Event INVAVAL Invalid Attribute Value Port INVPROT INVATYP INVAVAL INVALEN INVEVENT ...

Page 194: ... IGMP snooping Use the no form of this command to disable IGMP snooping Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled Command Mode Global Configuration mode User Guidelines IGMP snooping can only be enabled on static VLANs It must not be enabled on Private VLANs or their community VLANs Example The following example enables IGMP snooping Console config...

Page 195: ...c VLAN Use the no form of this command to disable IGMP snooping on a VLAN interface Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled Command Mode Interface Configuration VLAN mode User Guidelines IGMP snooping can only be enabled on static VLANs It must not be enabled on Private VLANs or their community VLANs Example The following example enables IGMP sno...

Page 196: ...lticast device ports Syntax ip igmp snooping mrouter learn pim dvmrp no ip igmp snooping mrouter learn pim dvmrp Default Configuration Automatic learning of Multicast device ports is enabled Command Mode Interface Configuration VLAN mode User Guidelines Multicast device ports can be configured statically using the bridge multicast forward all Interface Configuration VLAN mode command Example The f...

Page 197: ...ation Disabled Command Mode Interface configuration mode VLAN User Guidelines IGMP snooping querier can be enabled on a VLAN only if IGMP snooping is enabled for that VLAN No more then one switch can be configured as an IGMP Querier for a VLAN When IGMP Snooping Querier is enabled it starts after host time out 2 with no IGMP traffic detected from a multicast router The IGMP Snooping Querier would ...

Page 198: ...icast group Use the no form of this command to restore the default configuration Syntax ip igmp snooping host time out time out no ip igmp snooping host time out Parameters time out Specifies the host timeout in seconds Range 60 2147483647 Default Configuration The default host time out is 260 seconds Command Mode Interface Configuration VLAN mode User Guidelines The timeout should be at least gre...

Page 199: ... Use the no form of this command to restore the default configuration Syntax ip igmp snooping mrouter time out time out no ip igmp snooping mrouter time out Parameters time out Specifies the host timeout in seconds Range 60 2147483647 Default Configuration The default host time out is 300 seconds Command Mode Interface Configuration VLAN mode User Guidelines Mrouter port is aged out between time o...

Page 200: ...orm of this command to restore the default configuration Syntax ip igmp snooping leave time out time out immediate leave no ip igmp snooping leave time out Parameters time out Specifies the leave timeout in seconds for IGMP queries Range 0 2147483647 immediate leave Indicates that the port should be immediately removed from the members list after receiving IGMP Leave Default Configuration The defa...

Page 201: ...re associated with a Multicast TV VLAN Use the no form of this command to remove all associations Syntax ip igmp snooping multicast tv vlan vlan id add remove ip multicast address count number no ip igmp snooping multicast tv vlan vlan id Parameters vlan id Specifies the VLAN ID of the Multicast TV VLAN ip multicast address Specifies an IP address to associate with the Multicast TV VLAN number Con...

Page 202: ...ering should be enabled prior to configuring this command Example The following example defines the Multicast ip addresses that are associated with a Multicast tv VLAN Use the no form of this command to remove all associations Console config ip igmp snooping multicast tv vlan 100 add 239 255 0 0 256 ip igmp snooping map cpe vlan The ip igmp snooping map cpe vlan Global Configuration mode command m...

Page 203: ... TV VLAN the IGMP message is associated with the Multicast TV VLAN Example The following example maps an internal CPE VLAN number 4 to the Multicast TV VLAN number 300 Console config ip igmp snooping map cpe vlan 4 multicast tv vlan 300 show ip igmp snooping mrouter The show ip igmp snooping mrouter Privileged EXEC mode command displays information on dynamically learned Multicast device interface...

Page 204: ...lowing example displays Multicast device interfaces in VLAN 1000 Console show ip igmp snooping mrouter interface 1000 VLAN Ports 1000 e1 Detected Multicast devices that are forbidden statically VLAN Ports 1000 19 show ip igmp snooping interface The show ip igmp snooping interface Privileged EXEC mode command displays IGMP snooping configuration Syntax show ip igmp snooping interface vlan id Parame...

Page 205: ...on on VLAN 1000 Console show ip igmp snooping interface 1000 IGMP Snooping is globally enabled IIGMP snooping is enabled on VLAN 1000 IGMP snooping querier admin Enabled IGMP snooping querier oper Enabled IGMP host timeout is 300 sec IGMP Immediate leave is disabled IGMP leave timeout is 10 sec IGMP mrouter timeout is 300 sec show ip igmp snooping groups The show ip igmp snooping groups Privileged...

Page 206: ...e the full Multicast Address Table including static addresses use the show bridge multicast address table Privileged EXEC command Example The following example shows IGMP snooping information on Multicast groups Console show ip igmp snooping groups Vlan Group Source Include Address Address Ports 1 231 2 2 3 172 16 1 1 e1 1 231 2 2 3 172 16 1 2 e2 19 231 2 2 8 172 16 1 1 e9 19 231 2 2 8 172 16 1 2 ...

Page 207: ...show ip igmp snooping multicast tv vlan vlan id Parameters vlan id Specifies the VLAN ID value ip multicast address Specifies the IP Multicast address Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines No user guidelines for this command Example The following example displays the IP addresses associated with Multicast TV VLANs Console ...

Page 208: ...239 255 0 0 show ip igmp snooping cpe vlans The show ip igmp snooping cpe vlans Privileged EXEC mode command displays the CPE VLANs to Multicast TV VLANs mappings Syntax show ip igmp snooping cpe vlans vlan vlan id Parameters vlan id CPE VLAN ID value Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines No user guidelines for this comman...

Page 209: ... cpe vlans SPS208G SPS224G4 SPS2024 Command Line Interface Reference Guide 207 14 Example The following example displays the CPE VLANs to Multicast TV VLAN mappings Console show ip igmp snooping cpe vlans CPE VLAN Multicast TV VLAN 2 1118 3 1119 ...

Page 210: ...fault gateway ip address no ip address ip address Parameters ip address Specifies the valid IP address mask Specifies the valid network mask of the IP address prefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Range 8 30 default gateway ip address Specifies the IP address of the default gateway Default Configuration ...

Page 211: ... 108 1 27 255 255 255 0 ip address dhcp The ip address dhcp Interface Configuration VLAN mode command acquires an IP address for an Ethernet interface from the Dynamic Host Configuration Protocol DHCP server Use the no form of this command to de configure an acquired IP address Syntax ip address dhcp hostname host name no ip address dhcp Parameters host name Specifies the name of the host to be pl...

Page 212: ...nfigured to obtain its IP address from a DHCP server it sends a DHCPDISCOVER message to provide information about itself to the DHCP server on the network If the ip address dhcp command is used with or without the optional keyword the DHCP option 12 field host name option is included in the DISCOVER message By default the specified DHCP host name is the globally configured host name of the device ...

Page 213: ...ile would overwrite the existing device configuration Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Please note that this command does not enable DHCP If DHCP is not enabled the command returns an error message If an IP address is already acquired the command tries to renew that IP address If an IP address isn t acquired yet the c...

Page 214: ... restore the default configuration Syntax ip default gateway ip address no ip default gateway Parameters ip address Specifies the valid IP address of the currently defined default gateway Default Configuration No default gateway is defined Command Mode Global Configuration mode User Guidelines This command is only operational in Switch mode Example The following example defines default gateway 192...

Page 215: ...face vlan vlan id Parameters vlan id Specifies a valid VLAN number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example the displays the configured IP interfaces and their types Console show ip interface Proxy ARP is disabled IP addressI F Type Direct Broadcast 1...

Page 216: ..._addr vlan vlan id Parameters ip_addr Valid IP address or IP alias to map to the specified MAC address hw_addr Valid MAC address to map to the specified IP address or IP alias vlan id Valid VLAN number Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines The software uses ARP cache entries to translate 32 bit IP addresses into 48 bi...

Page 217: ...he arp timeout Global Configuration mode command configures how long an entry remains in the ARP cache Use the no form of this command to restore the default configuration Syntax arp timeout seconds no arp timeout Parameters seconds Time in seconds that an entry remains in the ARP cache Range 1 40000000 Default Configuration The default timeout is 60000 seconds Command Mode Global Configuration mo...

Page 218: ...out 12000 clear arp cache The clear arp cache Privileged EXEC mode command deletes all dynamic entries from the ARP cache Syntax clear arp cache Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example deletes all dynamic entries from the ARP cache Console clear arp ...

Page 219: ...ress mac address Displays the ARP entry of a specific MAC address Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Since the associated interface of a MAC address can be aged out from the FDB table the Interface field can be empty When an ARP entry is associated with an IP interface defined on a port or port channel the VLAN field is...

Page 220: ...aming System DNS based host name to address translation Use the no form of this command to disable DNS based host name to address translation Syntax ip domain lookup no ip domain lookup Default Configuration IP Domain Naming System DNS based host name to address translation is enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The f...

Page 221: ...e default domain name Syntax ip domain name name no ip domain name Parameters name Specifies the default domain name used to complete unqualified host names Do not include the initial period that separates an unqualified name from the domain name Range 1 158 characters Default Configuration A default domain name is not defined Command Mode Global Configuration mode User Guidelines There are no use...

Page 222: ...ss2 server address8 no ip name server server address1 server address8 Parameters server address Specifies IP addresses of the name server Default Configuration No name server addresses are specified Command Mode Global Configuration mode User Guidelines The preference of the servers is determined by the order in which they were entered Up to 8 servers can be defined using one command or using mult...

Page 223: ...o address mapping Syntax ip host name address no ip host name Parameters name Specifies the name of the host Range 1 158 characters address Specifies the associated IP address Default Configuration No host is defined Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example defines a static host name to address mapping in the...

Page 224: ...ddress cache Syntax clear host name Parameters name Specifies the host entry to be removed Range 1 158 characters Removes all entries Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example deletes all entries from the host name to address cache Console clear host ...

Page 225: ... host dhcp name Parameters name Specifies the host entry to be removed Range 1 158 characters Removes all entries Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command is only operational in Switch mode This command deletes the host name to address mapping temporarily until the next renewal of the IP address Example The follo...

Page 226: ...tax show hosts name Parameters name Specifies the host name Range 1 158 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays host information Console show hosts System name Device Default domain is gm com sales gm com usa sales gm com DHCP Nam...

Page 227: ...4G4 SPS2024 Command Line Interface Reference Guide 225 15 Configured host name to address mapping Host Addresses accounting gm com 176 16 8 8 176 16 8 9 DHCP Cache TTL Hours Host Total Elapsed Type Addresses www stanford edu 72 3 IP 171 64 14 203 ...

Page 228: ...lobally enables the IP source guard Use the no form of this command to disable IP source guard Syntax ip source guard no ip source guard Default Configuration IP source guard is disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables the IP source guard Console config ip source guard ...

Page 229: ...rce guard no ip source guard Default Configuration IP source guard is disabled Command Mode Interface Configuration Ethernet Port channel mode User Guidelines IP source guard must first be globally enabled before enabling IP source guard on an interface IP source guard is effective only on DHCP snooping untrusted interface although it can be enabled as a shadow configuration on a trusted interface...

Page 230: ...ngs Syntax ip source guard binding mac address vlan id ip address ethernet interface port channel port channel number no ip source guard binding mac address vlan id Parameters mac address Specifies a MAC address vlan id Specifies a VLAN number ip address Specifies an IP address interface Specifies an Ethernet port port channel number Specifies the Port channel number Default Configuration No stati...

Page 231: ...e guard tcam retries freq Global Configuration mode command configures the frequency of retries for TCAM resources for inactive IP source guard addresses Use the no form of this command to return to the default configuration Syntax ip source guard tcam retries freq seconds never no ip source guard tcam retries freq Parameters seconds Specifies in seconds the retries frequency Range 10 600 never Sp...

Page 232: ...y or to disable automatic retries for TCAM space The show ip source guard inactive EXEC mode command displays the inactive IP source guard addresses Example The following example configures the frequency of retries for TCAM resources for inactive IP source guard addresses Console config ip source guard tcam retries freq show ip source guard configuration The show ip source guard configuration Priv...

Page 233: ...ce guard configuration Console show ip source guard configuration IP source guard is globally enabled Interface State e21 Enabled e22 Enabled e23 Enabled e24 Enabled e32 Enabled e33 Enabled e34 Enabled show ip source guard status The show ip source guard status Privileged EXEC mode command displays the IP source guard status Syntax show ip source guard status mac address mac address ip address ip ...

Page 234: ...ult configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example Console show ip source guard status IP source guard is globally disabled Console show ip source guard status Interface Filter Status IP Address Mac Address VLAN Type e21 IP Active 10 1 8 1 0060 704C 73FF 3 DHCP e22 IP Active 10 1 8 2 0060 704C 7BC1 3 DHCP e23 IP Active 10 1 12 ...

Page 235: ...es the Ternary Content Addressable Memory TCAM resources there may be situations where IP source guard addresses are inactive because of lack of TCAM resources By default every minute the software conducts a search for available space in the TCAM for the inactive IP source guard addresses The ip source guard tcam retries freq Global Configuration mode command changes the frequency or disables auto...

Page 236: ...mands show ip source guard inactive SPS208G SPS224G4 SPS2024 Command Line Interface Reference Guide 234 16 Interface Filter IP Address MAC Address VLAN Type Reason e32 IP 10 1 8 32 0060 704C 83FF 3 3DHCP Resource Problem ...

Page 237: ...gures the system priority Use the no form of this command to restore the default configuration Syntax lacp system priority value no lacp system priority Parameters value Specifies system priority value Range 1 65535 Default Configuration The default system priority is 1 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command ...

Page 238: ... port priority Interface Configuration Ethernet mode command configures physical port priority Use the no form of this command to return to the default configuration Syntax lacp port priority value no lacp port priority Parameters value Specifies port priority Range 1 65535 Default Configuration The default port priority is 1 Command Mode Interface Configuration Ethernet mode User Guidelines There...

Page 239: ...p timeout Interface Configuration Ethernet mode command assigns an administrative LACP timeout Use the no form of this command to return to the default configuration Syntax lacp timeout long short no lacp timeout Parameters long Specifies the long timeout value short Specifies the short timeout value Default Configuration The default port timeout value is long Command Mode Interface Configuration ...

Page 240: ...et Privileged EXEC mode command displays LACP information for Ethernet ports Syntax show lacp ethernet interface parameters statistics protocol state Parameters interface Valid Ethernet port parameters Link aggregation parameter information statistics Link aggregation statistics information protocol state Link aggregation protocol state information Default Configuration This command has no default...

Page 241: ...port Oper number 21 port Admin priority 1 port Oper priority 1 port Admin timeout LONG port Oper timeout LONG LACP Activity ACTIVE Aggregation AGGREGATABLE synchronization FALSE collecting FALSE distributing FALSE expired FALSE Partner system priority 0 system mac addr 00 00 00 00 00 00 port Admin key 0 port Oper key 0 port Oper number 0 port Admin priority 0 port Oper priority 0 port Oper timeout...

Page 242: ...riodic Tx FSM No Periodic State Control Variables BEGIN FALSE LACP_Enabled TRUE Ready_N FALSE Selected UNSELECTED Port_moved FALSE NNT FALSE Port_enabled FALSE Timer Counters periodic tx timer 0 current while timer 0 wait while timer 0 show lacp port channel The show lacp port channel Privileged EXEC mode command displays LACP information for a port channel Syntax show lacp port channel port_chann...

Page 243: ...ed EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays LACP information about port channel 1 Console show lacp port channel 1 Port Channel ch1 Port Type Gigabit Ethernet Attached Lag id Actor System Priority 1 MAC Address 00 02 85 0E 1C 00 Admin Key 1000 Oper Key 1000 Partner System Priority 0 MAC Address 00 00 00 00 00 00 Oper Key 14 ...

Page 244: ... the Line Configuration command mode Syntax line console telnet ssh Parameters console Console terminal line telnet Virtual terminal for remote console access Telnet ssh Virtual terminal for secured remote console access SSH Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command ...

Page 245: ...ation mode command sets the line baud rate Use the no form of this command to restore the default configuration Syntax speed bps no speed Parameters bps Baud rate in bits per second bps Possible values are 2400 4800 9600 19200 38400 57600 and 115200 Default Configuration The default speed is 9600 bps Command Mode Line Configuration console mode User Guidelines This command is available only on the...

Page 246: ...erval that the system waits until user input is detected Use the no form of this command to restore the default configuration Syntax exec timeout minutes seconds no exec timeout Parameters minutes Specifies the number of minutes for the timeout Range 0 65535 seconds Specifies additional time intervals in seconds Range 0 59 Default Configuration The default configuration is 10 minutes Command Mode ...

Page 247: ... exec timeout 20 show line The show line Privileged EXEC mode command displays line parameters Syntax show line console telnet ssh Parameters console Console terminal line telnet Virtual terminal for remote console access Telnet ssh Virtual terminal for secured remote console access SSH Default Configuration If the line is not specified the default value is console Command Mode Privileged EXEC mod...

Page 248: ...ng example displays the line configuration Console show line Console configuration Interactive timeout Disabled History 10 Baudrate 9600 Databits 8 Parity none Stopbits 1 Telnet configuration Interactive timeout 10 minutes 10 seconds History 10 SSH configuration Interactive timeout 10 minutes 10 seconds History 10 ...

Page 249: ...command to delete an Access List Syntax management access list name no management access list name Parameters name Specifies the Access List name Range 1 32 characters Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Use this command to configure a management Access List This command converts the device to Access List Configurat...

Page 250: ...e external IPv4 header rules with service field are ignored and then again on the inner IPv6 header Example The following example creates a management access list called mlist configures management Ethernet interfaces e1 and e9 and makes the new access list the active list console configure console config management access list mlist console config macl permit ip source 192 168 200 1 console confi...

Page 251: ...ult Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures an access list called mlist as the management access list Console config management access class mlist permit management The permit Management Access List Configuration mode command defines a permit...

Page 252: ...eded by a forward slash Range 0 32 vlan The VLAN number port channel The port channel number service The service type condition Default Configuration If no permit rule is defined the default is set to deny Command Mode Management Access list Configuration mode User Guidelines The system supports up to 128 management access rules Example The following example permits all ports in the access list ca...

Page 253: ...rce IP address mask A valid network mask of the source IP address prefix length Specifies the number of bits that comprise the source IP address prefix The prefix length must be preceded by a forward slash Range 0 32 vlan The VLAN number port channel The port channel number service The service type condition Default Configuration This command has no default configuration Command Mode Management Ac...

Page 254: ...nagement access list The show management access list Privileged EXEC mode command displays management access lists Syntax show management access list Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the mlist management access list Console show manag...

Page 255: ...lays the active management access list Syntax show management access class Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information about the active management access list Console show management access class Management access class is enabled us...

Page 256: ...e quality and characteristics of a copper cable attached to a port Syntax test copper port tdr interface Parameters interface A valid Ethernet port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines The port to be tested should be shut down during the test unless it is a combination port with fiber port active The maximum length of cab...

Page 257: ...r port tdr g4 Can t perform this test on fiber ports show copper ports tdr The show copper ports tdr Privileged EXEC mode command displays information on the last Time Domain Reflectometry TDR test performed on copper ports Syntax show copper ports tdr interface Parameters interface A valid Ethernet port Default Configuration This command has no default configuration Command Mode Privileged EXEC m...

Page 258: ...ngth meters Date e1 OK e2 Short 50 13 32 00 23 July 2005 e3 Test has not been performed e4 Open 64 13 32 00 23 July 2005 e5 Fiber show copper ports cable length The show copper ports cable length Privileged EXEC mode command displays the estimated copper cable length attached to a port Syntax show copper ports cable length interface Parameters interface A valid Ethernet port Default Configuration ...

Page 259: ...ed to all ports Console show copper ports cable length Port Length meters e1 50 e2 Copper not active e3 110 140 g4 Fiber show fiber ports optical transceiver The show fiber ports optical transceiver Privileged EXEC mode command displays the optical transceiver diagnostics Syntax show fiber ports optical transceiver interface detailed Parameters interface A valid Ethernet port detailed Display deta...

Page 260: ...S e1 W OK E OK OK OK OK e2 OK OK OK OK OK E OK e3 Copper Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power Input Power Measured RX received power Tx Fault Transmitter fault LOS Loss of signal Console show fiber ports optical transceiver detailed Power Port Temp Voltage Current Output In...

Page 261: ...ts optical transceiver SPS208G SPS224G4 SPS2024 Command Line Interface Reference Guide 259 20 Output Power Measured TX output power in milliWatts Input Power Measured RX received power milliWatts Tx Fault Transmitter fault LOS Loss of signal ...

Page 262: ...on mode to configure a specific port channel Syntax interface port channel port channel number Parameters port channel number A valid port channel number Range 1 64 Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Eight aggregated links can be defined with up to eight member ports per port channel The aggregated links valid IDs ...

Page 263: ...l Configuration mode to configure multiple port channels Syntax interface range port channel port channel range all Parameters port channel range List of valid port channels to add Separate nonconsecutive port channels with a comma and no spaces A hyphen designates a range of port channels Range 1 64 all All valid port channels Default Configuration This command has no default configuration Comman...

Page 264: ... the no form of this command to remove a port from a port channel Syntax channel group port channel number mode n auto no channel group Parameters port channel number Specifies the number of the valid port channel for the current port to join Range 1 64 on Forces the port to join a channel without an LACP operation auto Allows the port to join a channel as a result of an LACP operation Default Con...

Page 265: ...rnet e1 Console config if channel group 1 mode on show interfaces port channel The show interfaces port channel Privileged EXEC mode command displays port channel information Syntax show interfaces port channel port channel number Parameters port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guideline...

Page 266: ...PS208G SPS224G4 SPS2024 Command Line Interface Reference Guide 264 21 Example The following example displays information on all port channels Console show interfaces port channel Channel Ports 1 Active e1 e2 2 Active e10 e15 Inactive e17 3 Active e19 e24 ...

Page 267: ...ing session Use the no form of this command to stop a port monitoring session Syntax port monitor src interface rx tx no port monitor src interface Parameters src interface Valid Ethernet port rx Monitors received packets only tx Monitors transmitted packets only Default Configuration Monitors both received and transmitted packets Command Mode Interface Configuration Ethernet mode ...

Page 268: ... configured on the port GVRP is not enabled on the port The port is not a member of a VLAN except for the default VLAN will automatically be removed from the default VLAN The following restrictions apply to ports configured to be source ports The port cannot be already configured as a destination port Maximum number of source ports can be up to eight Example The following example copies traffic fo...

Page 269: ...t Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows how the port monitoring status is displayed Console show ports monitor Source Port Destination Port Type Status e1 e8 RX TX Active ...

Page 270: ... the no form of this command to disable QoS on the device Syntax qos basic advanced no qos Parameters basic QoS basic mode advanced QoS advanced mode which enables the full range of QoS configuration Default Configuration The QoS basic mode is enabled Command Mode Global Configuration mode User Guidelines In advanced mode the VPT of the frame might be changed to egress_queue 2 ...

Page 271: ...d EXEC mode command displays the quality of service QoS mode for the device Syntax show qos Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Trust mode is displayed if QoS is enabled in basic mode Example The following example displays QoS attributes when QoS is enabled in basic mode on the device Console show qos Qos basic Basic tru...

Page 272: ... Specifies the name of the class map Range 0 32 characters match all Checks that the packet matches all classification criteria in the class map match statement match any Checks that the packet matches one or more classification criteria in the class map match statement Default Configuration By default the match all parameter is selected Command Mode Global Configuration mode User Guidelines The c...

Page 273: ...ds are entered is important If there is more than one match statement in a match all class map and the same classification field appears in the participating ACLs an error message is generated NOTE A class map in match all mode cannot be configured if it contains both an IP ACL and a MAC ACL with an ether type that is not 0x0800 Example The following example creates a class map called class1 and c...

Page 274: ...xample The following example shows the class map for class1 Console show class map class1 Class Map match any class1 id4 match The match Class map Configuration mode command defines the match criteria for classifying traffic Use the no form of this command to delete the match criteria Syntax match access group acl name no match access group acl name Parameters acl name Specifies the name of an IP ...

Page 275: ...rion for classifying traffic as an access group called enterprise in a class map called class1 Console config class map class1 Console config cmap match access group enterprise policy map The policy map Global Configuration mode command creates a policy map and enters the Policy map Configuration mode Use the no form of this command to delete a policy map Syntax policy map policy map name no polic...

Page 276: ...lobal Configuration and match Class map Configuration commands to define the match criteria of a class Only one policy map per interface per direction is supported A policy map can be applied to multiple interfaces and directions Example The following example creates a policy map called policy1 and enters the Policy map Configuration mode Console config policy map policy1 Console config pmap class...

Page 277: ...to specify the name of the policy map to which the policy belongs and to enter the Policy map Configuration mode Use the service policy Ethernet Port channel Interface Configuration mode command to attach a policy map to an interface Use an existing class map to attach classification criteria to the specified policy map and use the access group parameter to modify the classification criteria of th...

Page 278: ...rameters policy map name Specifies the name of the policy map to be displayed class name Specifies the name of the class whose QoS policies are to be displayed Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays all policy maps Console show policy map P...

Page 279: ...ich selects the value QoS uses as the source of internal DSCP value Use no trust in order to return to the default trust state Syntax trust cos dscp cos dscp no trust Parameters cos QoS set the queue according to CoS to Queue Map dscp QoS derives the internal DSCP value by using the DSCP value from the ingress packet This is the default when no keyword is specified cos dscp If the packet is IP the...

Page 280: ...ap Policy maps that contain set or trust policy map class configuration commands or with access control list ACL classification to an egress interface cannot be attached by using the service policy interface configuration command If trust cos is specified QoS maps a packet to a queue to the received or default port CoS value and the CoS to queue map If trust dscp is specified QoS maps the packet b...

Page 281: ...e id Specifies an explicit queue ID for setting the egress queue new cos Specifies a new user priority for marking the packet Range 0 7 NOTE NOTE In SPS2xx set cos command will not affect regular IP traffic it will affect only non IP traffic unless the outgoing port is Gigabit port Default Configuration This command has no default configuration Command Mode Policy map Class Configuration mode User...

Page 282: ...licy1 Console config policy map policy1 Console config pmap set dscp 56 police The police Policy map Class Configuration mode command defines the policer for classified traffic Use the no form of this command to remove a policer Syntax police committed rate bps committed burst byte exceed action drop policed dscp transmit no police Parameters committed rate bps Specifies the average traffic rate C...

Page 283: ...4 000 bps or the normal burst size exceeds 96000 bps the packet is dropped The class is called class1 and is in a policy map called policy1 Console config policy map policy1 Console config pmap class class1 Console config pmap c police 124000 9600 exceed action drop qos aggregate policer The qos aggregate policer Global Configuration mode command defines the policer parameters that can be applied ...

Page 284: ... DSCP is remarked If unspecified the DSCP is remarked according to the policed DSCP map as configured by the qos map policed dscp Global Configuration mode command Parameters Range committed rate kbps 3 57982058 committed burst byte 3000 19173960 Default Configuration No aggregate policer is defined Command Mode Global Configuration mode User Guidelines Policers that contain set or trust Policy ma...

Page 285: ...tion command must first be used to delete the aggregate policer from all policy maps Policing uses a token bucket algorithm CIR represents the speed with which the token is removed from the bucket CBS represents the depth of the bucket show qos aggregate policer The show qos aggregate policer Privileged EXEC mode command displays the aggregate policer parameter Syntax show qos aggregate policer ag...

Page 286: ... an aggregate policer to multiple classes within the same policy map Use the no form of this command to remove an existing aggregate policer from a policy map Syntax police aggregate aggregate policer name no police aggregate aggregate policer name Parameters aggregate policer name Specifies the name of the aggregate policer Default Configuration This command has no default configuration Command M...

Page 287: ...ueue bandwidth The wrr queue bandwidth Global Configuration mode command assigns Weighted Round Robin WRR weights to egress queues The weights ratio determines the frequency used by the packet scheduler to dequeue packets from each queue Use the no form of this command to restore the default values Syntax wrr queue bandwidth weight1 weight2 weight_n no wrr queue bandwidth Parameters weight1 weight...

Page 288: ... is allocated for the same queue and the share bandwidth is divided among the remaining queues All queues participate in the WRR queue scheme Example The following example assigns a weight of 6 to each of the 8 WRR queues Console config if wrr queue bandwidth 6 6 6 6 wrr queue cos map The wrr queue cos map Global Configuration mode command maps Class of Service CoS values to a specific egress queu...

Page 289: ... queue 8 Command Mode Global Configuration mode User Guidelines This command can be used to distribute traffic into different queues where each queue is configured with different Weighted Round Robin WRR and Weighted Random Early Detection WRED parameters It is recommended to specifically map a single VPT to a queue rather than mapping multiple VPTs to a single queue Use the priority queue out Int...

Page 290: ...out num of queues number of queues no priority queue out num of queues Parameters number of queues Specifies the number of expedite queues Expedite queues have higher indexes Range 0 8 Default Configuration All queues are expedite queues Command Mode Global Configuration mode User Guidelines Configuring the number of expedite queues affects the Weighted Round Robin WRR weight ratio because fewer q...

Page 291: ...ge 64 62500 Kbps CBS 8192 16769020 bytes excess burst Specifies the excess burst size CBS in bytes queue id Specifies the queue number to which the shaper is assigned Default Configuration No shape is defined Command Mode Interface Configuration Ethernet port channel mode User Guidelines This command activates the shaper on a specified egress port or egress queue To activate the shaper on an egres...

Page 292: ...interface configuration command limits the rate of the incoming traffic The no form of this command is used to disable the rate limit Syntax rate limit kbps no rate limit Parameters kbps Maximum of kilobits per second of ingress traffic on a port Range 3 5M 1G for SPS2024 and 62 100000 for SPS2xx Default Configuration The default configuration is disabled Command Mode Interface Configuration Ether...

Page 293: ... number Valid Ethernet port number lan vlan id VLAN number port channel number Valid port channel number buffers Displays buffer setting for the interface s queues For gigabit Ethernet displays the queue depth for each of the 8 queues and the thresholds for the WRED Tail Drop For 10 100 displays the minimum reserved setting queuing Displays the queue s strategy WRR or EF and the weight for WRR que...

Page 294: ... for example DSCP trusted CoS trusted untrusted default CoS value DSCP to DSCP mutation map attached to the port and policy map attached to the interface are displayed If no interface is specified QoS information about all interfaces is displayed Example The following example displays the buffer settings for queues on Ethernet port e1 Console show qos interface ethernet e1 buffers Ethernet e1 Noti...

Page 295: ... N A N A N A N A 5 50 60 13 65 80 6 85 95 4 2 6 50 60 13 65 80 6 85 95 4 2 7 50 60 13 65 80 6 85 95 4 2 8 50 60 13 65 80 6 85 95 4 2 qos wrr queue threshold The wrr queue threshold Global Configuration mode command assigns queue thresholds globally Use the no form of this command to restore the default configuration Syntax qos wrr queue threshold gigabitethernet queue id threshold percentage0 thre...

Page 296: ... 2 Specifies the queue threshold percentage value Each value is separated by a space Range 0 100 Default Configuration 80 percent for all thresholds Command Mode Global Configuration mode User Guidelines The packet refers to a certain threshold by the conformance level If threshold 0 is exceeded packets with the corresponding DP are dropped until the threshold is no longer exceeded However packets...

Page 297: ...cp Parameters dscp list Specifies up to 8 DSCP values separated by a space Range 0 63 dscp mark down Specifies the DSCP value to mark down Range 0 63 Default Configuration The default map is the Null map which means that each incoming DSCP value is mapped to the same DSCP value Command Mode Global Configuration mode User Guidelines DSCP values 3 11 19 cannot be remapped to other values Example The...

Page 298: ...tax qos map dscp queue dscp list to queue id no qos map dscp queue Parameters dscp list Specifies up to 8 DSCP values separated by a space Range 0 63 queue id Specifies the queue number to which the DSCP values are mapped Default Configuration The following table describes the default map Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command DSCP Valu...

Page 299: ...e default configuration Advanced mode only Syntax qos map dscp dp dscp list to dp no qos map dscp dp dscp list Parameters dscp list Specifies up to 8 DSCP values with each value separated by space Range 0 63 dp Enters the Drop Precedence value to which the DSCP values corresponds Range 0 2 where 2 is the highest Drop Precedence In Cheetah based products dp Enters the Drop Precedence value to which...

Page 300: ... dscp dp 30 to 0 qos trust Global The qos trust Global Configuration mode command configures the system to the basic mode and trust state Use the no form of this command to return to the untrusted state Syntax qos trust cos dscp no qos trust Parameters cos Indicates that ingress packets are classified with packet CoS values Untagged packets are classified with the default port CoS value dscp Indic...

Page 301: ... to the DSCP trust state and if the DSCP values are different between the QoS domains the DSCP to DSCP mutation map can be applied Use this command to specify whether the port is trusted and which fields of the packet to use to classify traffic When the system is configured as trust DSCP traffic is mapped to a queue according to the DSCP queue map Example The following example configures the syste...

Page 302: ...uidelines for this command Example The following example configures Ethernet port e15 to the default trust state Console config interface ethernet e15 Console config if qos trust qos cos The qos cos Interface Configuration Ethernet port channel mode command defines the default CoS value of a port Use the no form of this command to restore the default configuration Syntax qos cos default cos no qos...

Page 303: ...CoS value to all untagged packets entering the port Example The following example configures port e15 default CoS value to 3 Console config interface ethernet e15 Console config if qos cos 3 qos dscp mutation The qos dscp mutation Global Configuration mode command applies the DSCP Mutation map to a system DSCP trusted port Use the no form of this command to restore the trust state with no DSCP mut...

Page 304: ... ports Applying this map to a port causes IP packets to be rewritten with newly mapped DSCP values at the ingress ports If the DSCP to DSCP mutation map is applied to an untrusted port class of service CoS or IP precedence trusted port this command has no immediate effect until the port becomes DSCP trusted Example The following example applies the DSCP Mutation Map to system DSCP trusted ports Co...

Page 305: ...P value is mapped to the same DSCP value Command Mode Global Configuration mode User Guidelines This is the only map that is not globally configured it is possible to have several maps and assign each one to different ports Example The following example changes DSCP values 1 2 4 5 and 6 to DSCP Mutation Map value 63 Console config qos map dscp mutation 1 2 4 5 6 to 63 show qos map The show qos map...

Page 306: ... Default Configuration The default configuration is set to disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example displays the QoS mapping information Console show qos map Dscp queue map dl d2 0 1 2 3 4 5 6 7 8 9 0 01 01 01 01 01 01 01 01 01 01 1 01 01 01 01 01 01 02 02 02 02 2 02 02 02 02 02 02 02 02 02 02 3 02 0...

Page 307: ... 00 00 00 00 00 00 00 00 3 00 00 00 00 00 00 00 00 00 00 4 00 00 00 00 00 00 00 00 00 00 5 00 00 00 00 00 00 00 00 00 00 6 00 00 00 00 Dscp dscp mutation map dl d2 0 1 2 3 4 5 6 7 8 9 0 00 01 02 03 04 05 06 07 08 09 1 10 11 12 13 14 15 16 17 18 19 2 20 21 22 23 24 25 26 27 28 29 3 30 31 32 33 34 35 36 37 38 39 4 40 41 42 43 44 45 46 47 48 49 5 50 51 52 53 54 55 56 57 58 59 6 60 61 62 63 64 65 66 6...

Page 308: ...ters ip address IP address of the RADIUS server host hostname Hostname of the RADIUS server host Range 1 158 characters auth port number Port number for authentication requests The host is not used for authentication if the port number is set to 0 Range 0 65535 acct port number Port number for accounting requests The host is not used for accountings if set to 0 timeout Specifies the timeout value ...

Page 309: ...ult Configuration No RADIUS server host is specified The port number for authentication requests is 1812 The port number for accounting requests if not specified is 1813 The usage type is all Command Mode Global Configuration mode User Guidelines To specify multiple hosts multiple radius server host commands can be used If no host specific timeout retries deadtime or key string values are specifie...

Page 310: ...no radius server key Parameters key string Specifies the authentication and encryption key for all RADIUS communications between the device and the RADIUS server This key must match the encryption used on the RADIUS daemon Range 0 128 characters Default Configuration The key string is an empty string Command Mode Global Configuration mode User Guidelines There are no user guidelines for this comma...

Page 311: ...mand to reset the default configuration Syntax radius server retransmit retries no radius server retransmit Parameters retries Specifies the retransmit value Range 1 10 Default Configuration The software searches the list of RADIUS server hosts 3 times Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the n...

Page 312: ...tore the default configuration Syntax radius server source ip source no radius source ip source Parameters source Specifies a valid source IP address Default Configuration The source IP address is the IP address of the outgoing IP interface Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the source IP add...

Page 313: ...form of this command to restore the default configuration Syntax radius server timeout timeout no radius server timeout Parameters timeout Specifies the timeout value in seconds Range 1 30 Default Configuration The timeout value is 3 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the timeout inte...

Page 314: ... the no form of this command to restore the default configuration Syntax radius server deadtime deadtime no radius server deadtime Parameters deadtime Length of time in minutes during which a RADIUS server is skipped over by transaction requests Range 0 2000 Default Configuration The deadtime setting is 0 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this ...

Page 315: ...uration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays RADIUS server settings Console show radius servers IP address Port TimeOut RetransmitDeadTimeSource IPPriorityUsage Auth 172 16 1 1 1645 Global Global Global 1 All 172 16 1 2 1645 11 8 Global Global 2 All Global val...

Page 316: ...ys RMON Ethernet statistics Syntax show rmon statistics ethernet interface number port channel port channel number Parameters interface number Valid Ethernet port port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command ...

Page 317: ...y the number of packets dropped it is just the number of times this condition has been detected Octets The total number of octets of data including those in bad packets received on the network excluding framing bits but including FCS octets Packets The total number of packets including bad packets Broadcast packets and Multicast packets received Broadcast The total number of good packets received ...

Page 318: ...tets FCS Error or a bad FCS with a non integral number of octets Alignment Error 64 Octets The total number of packets including bad packets received that are 64 octets in length excluding framing bits but including FCS octets 65 to 127 Octets The total number of packets including bad packets received that are between 65 and 127 octets in length inclusive excluding framing bits but including FCS o...

Page 319: ...y index Parameters index Specifies the statistics group index Range 1 65535 ownername Specifies the RMON statistics group owner name Range 0 160 characters bucket number Number of buckets specified for the RMON collection history group of statistics If unspecified defaults to 50 Range 1 65535 seconds Number of seconds in each polling cycle Range 1 3600 Default Configuration RMON statistics group o...

Page 320: ...sole config if rmon collection history 1 interval 2400 show rmon collection history The show rmon collection history Privileged EXEC mode command displays the requested RMON history group statistics Syntax show rmon collection history ethernet interface port channel port channel number Parameters interface Valid Ethernet port port channel number Valid port channel number Default Configuration This...

Page 321: ...the display show rmon history The show rmon history Privileged EXEC mode command displays RMON Ethernet history statistics Syntax show rmon history index throughput errors other period seconds Parameters index Specifies the requested set of samples Range 1 65535 Field Description Index An index that uniquely identifies the entry Interface The sampled Ethernet interface Interval The interval in sec...

Page 322: ...fault configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays RMON Ethernet history statistics for index 1 Console show rmon history 1 throughput Sample Set 1 Owner CLI Interface e1 Interval 1800 Requested Samples 50Granted Samples 50 Maximum Table Size 500 Time Octets Packets Broadcast Multicast Util Jan ...

Page 323: ... 500 Time Dropped Collisions Jan 18 2005 21 57 00 3 0 Jan 18 2005 21 57 30 3 0 Field Description Time Date and Time the entry is recorded Octets The total number of octets of data including those in bad packets received on the network excluding framing bits but including FCS octets Packets The number of packets including bad packets received during this sampling interval Broadcast The number of go...

Page 324: ... but including FCS octets but were otherwise well formed Fragments The total number of packets received during this sampling interval that were less than 64 octets in length excluding framing bits but including FCS octets had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets AlignmentError It is normal for etherHisto...

Page 325: ... Specifies the object identifier of the variable to be sampled interval Specifies the interval in seconds during which the data is sampled and compared with rising and falling thresholds Range 0 2147483647 rthreshold Specifies the rising threshold Range 0 2147483647 fthreshold Specifies the falling threshold Range 0 2147483647 revent Specifies the event index used when a rising threshold is crosse...

Page 326: ...irst set to valid Possible values are rising rising falling and falling If the first sample after this entry becomes valid is greater than or equal to rthreshold and direction is equal to rising or rising falling a single rising alarm is generated If the first sample after this entry becomes valid is less than or equal to fthreshold and direction is equal to falling or rising falling a single fall...

Page 327: ...x 20 Console config rmon alarm 1000 LinkSys 360000 1000000 1000000 10 20 show rmon alarm table The show rmon alarm table Privileged EXEC mode command displays the alarms table Syntax show rmon alarm table Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displ...

Page 328: ...nt fields shown in the example show rmon alarm The show rmon alarm Privileged EXEC mode command displays alarm configuration Syntax show rmon alarm number Parameters number Specifies the alarm index Range 1 65535 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Field Description Index An index that uniquely identifies the entry OID Monitored variabl...

Page 329: ...mrising Rising Threshold8700000 Falling Threshold78 Rising Event1 Falling Event1 Owner CLI Field Description Alarm Alarm index OID Monitored variable OID Last Sample Value The statistic value during the last sampling period For example if the sample type is delta this value is the difference between the samples at the beginning and end of the period If the sample type is absolute this value is the...

Page 330: ...rising and falling then a single rising alarm is generated If the first sample is less than or equal to the falling threshold and startup alarm is equal falling or rising and falling then a single falling alarm is generated Rising Threshold A sampled statistic threshold When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval is less tha...

Page 331: ...e values none log trap log trap community text If the specified notification type is trap an SNMP trap is sent to the SNMP community specified by this octet string Range 0 127 characters description text Specifies a comment describing this event Range 0 127 characters name Specifies the name of the person who configured this event If unspecified the name is an empty string Default Configuration Th...

Page 332: ... show rmon events Privileged EXEC mode command displays the RMON event table Syntax show rmon events Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the RMON event table Console show rmon events Index Description Type Community Owner Last time sent ...

Page 333: ...ex An index that uniquely identifies the event Description A comment describing this event Type The type of notification that the device generates about this event Can have the following values none log trap log trap In the case of log an entry is made in the log table for each event In the case of trap an SNMP trap is sent to one or more management stations Community If an SNMP trap is to be sent...

Page 334: ...tion Time 1 Errors Jan 18 2006 23 48 19 1 Errors Jan 18 2006 23 48 19 2 High Broadcast Jan 18 2006 23 48 19 Console show rmon log Maximum table size 500 800 after reset Event Description Time 1 Errors Jan 18 2006 23 48 19 1 Errors Jan 18 2006 23 48 19 2 High Broadcast Jan 18 2006 23 48 19 The following table describes the significant fields shown in the display Field Description Event An index tha...

Page 335: ...ries log entries no rmon table size history log Parameters history entries Maximum number of history table entries Range 20 32767 log entries Maximum number of log table entries Range 20 32767 Default Configuration History table size is 270 Log table size is 200 Command Mode Global Configuration mode User Guidelines The configured table size takes effect after the device is rebooted Example The fo...

Page 336: ...address type router oob no snmp server community community ip address Parameters community Community string that acts like a password and permits access to the SNMP protocol Range 1 20 characters ro Indicates read only access default rw Indicates read write access su Indicates SNMP administrator access ip address Specifies the IP address of the management station Range Valid ip address group name ...

Page 337: ...ccess to the whole MIB The view name parameter can be used to restrict the access rights of a community string When it is specified An internal security name is generated The internal security name for SNMPv1 and SNMPv2 security models is mapped to an internal group name The internal group name for SNMPv1 and SNMPv2 security models is mapped to a view name read view and notify view always and for ...

Page 338: ...erver view entry Syntax snmp server view view name oid tree included excluded no snmp server view view name oid tree Parameters view name Specifies the label for the view record that is being created or updated The name is used to reference the record Range 1 30 characters oid tree Specifies the object identifier of the ASN 1 subtree to be included or excluded from the view To identify the subtree...

Page 339: ...p except for sysServices System 7 and all objects for interface 1 in the MIB II interface group Console config snmp server view user view system included Console config snmp server view user view system 7 excluded Console config snmp server view user view ifEntry 1 included snmp server group The snmp server group Global Configuration mode command configures a new Simple Management Protocol SNMP gr...

Page 340: ...ity model name Specifies the context of a packet The following context is supported Router If the context name is unspecified all contexts are defined notifyview Specifies a string that is the name of the view that enables specifying an inform or a trap If unspecified nothing is defined for the notify view Applicable only to the SNMP Version 3 security model readview Specifies a string that is the...

Page 341: ... no form of this command to remove a user Syntax snmp server user username groupname remote engineid string auth md5 password auth sha password auth md5 key md5 des keys auth sha key sha des keys no snmp server user username remote engineid string Parameters username Specifies the name of the user on the host that connects to the agent Range 1 30 characters groupname Specifies the name of the grou...

Page 342: ...in the hexadecimal character string is two hexadecimal digits Each byte can be separated by a period or colon 16 or 32 bytes auth sha key sha des keys Indicates the HMAC SHA 96 authentication level The user should enter a concatenated hexadecimal string of the SHA key MSB and the privacy key LSB If authentication is only required 20 bytes should be entered if authentication and privacy are require...

Page 343: ...imple Network Management Protocol SNMP server filter entry Use the no form of this command to remove the specified SNMP server filter entry Syntax snmp server filter filter name oid tree included excluded no snmp server filter filter name oid tree Parameters filter name Specifies the label for the filter record that is being updated or created The name is used to reference the record Range 1 30 ch...

Page 344: ...tem 7 and all objects for interface 1 in the MIB II interfaces group Console config snmp server filter filter name system included Console config snmp server filter filter name system 7 excluded Console config nmp server filter filter name ifEntry 1 included snmp server host The snmp server host Global Configuration mode command specifies the recipient of Simple Network Management Protocol Version...

Page 345: ...1 1 Indicates that SNMPv1 traps will be used 2 Indicates that SNMPv2 traps will be used If port Specifies the UDP port of the host to use If unspecified the default UDP port number is 162 Range 1 65535 filtername Specifies a string that defines the filter for this host If unspecified nothing is filtered Range 1 30 characters seconds Specifies the number of seconds to wait for an acknowledgment bef...

Page 346: ...config snmp server host 10 1 1 1 management 2 snmp server v3 host The snmp server v3 host Global Configuration mode command specifies the recipient of Simple Network Management Protocol Version 3 notifications Use the no form of this command to remove the specified host Syntax snmp server v3 host ip address hostname username traps informs noauth auth priv udp port port filter filtername timeout se...

Page 347: ...racters seconds Specifies the number of seconds to wait for an acknowledgment before resending informs If unspecified the default timeout period is 15 seconds Range 1 300 retries Specifies the maximum number of times to resend an inform request If unspecified the default maximum number of retries is 3 Range 0 255 Default Configuration This command has no default configuration Command Mode Global C...

Page 348: ... default no snmp server engineID local Parameters engineid string Specifies a character string that identifies the engine ID Range 5 32 characters default The engine ID is created automatically based on the device MAC address Default Configuration The engine ID is not configured If SNMPv3 is enabled using this command and the default is specified the default engine ID is defined per standard as Fi...

Page 349: ...uld be unique within an administrative domain the following is recommended Use the default keyword to configure the engine ID Changing the value of the engine ID has the following important side effect A user s password entered on the command line is converted to an MD5 or SHA security digest This digest is based on both the password and the local engine ID The user s command line password is then...

Page 350: ...ommand enables the device to send SNMP traps Use the no form of this command to disable SNMP traps Syntax snmp server enable traps no snmp server enable traps Default Configuration SNMP traps are enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables SNMP traps Console config snmp server enable traps ...

Page 351: ...hen authentication fails Use the no form of this command to disable SNMP failed authentication traps Syntax snmp server trap authentication no snmp server trap authentication Default Configuration SNMP failed authentication traps are enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables SNMP failed authent...

Page 352: ...er contact text no snmp server contact Parameters text Specifies the string that describes system contact information Range 1 160 characters Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Do not include spaces in the text string or place text that includes spaces inside quotation marks Example The following example configures ...

Page 353: ...yntax snmp server location text no snmp server location Parameters text Specifies a string that describes system location information Range 1 160 characters Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Do not include spaces in the text string or place text that includes spaces inside quotation marks Example The following exa...

Page 354: ... a table at least one pair of name and value followed by one or more fields Range 1 160 characters Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Although the CLI can set any required configuration there might be a situation where a SNMP user sets a MIB variable that does not have an equivalent command In order to generate con...

Page 355: ...o default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the SNMP communications status Console show snmp Community Community View name IP String Access address public read only user view All private read write Default 172 16 1 1 private se DefaultSuper 172 16 1 1 Community string Group name IP ad...

Page 356: ...rname Security UDP Filter TO Retries Level Port Name Sec 192 122 173 42 Inform Bob Priv 162 15 3 System Contact Robert System Location Marketing The following table describes the significant fields shown in the display Field Description Community string Community access string to permit access to the SNMP protocol Community access Type of access read only read write super access IP Address Managem...

Page 357: ...e Syntax show snmp engineID Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the SNMP engine ID Console show snmp engineID Local SNMP engineID 08009009020C0B099C075878 show snmp views The show snmp views Privileged EXEC mode command displays the conf...

Page 358: ...de Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the configuration of views Console show snmp views Name OID Tree Type user view 1 3 6 1 2 1 1 Included user view 1 3 6 1 2 1 1 7 Excluded user view 1 3 6 1 2 1 2 2 1 1 Included show snmp groups The show snmp groups Privileged EXEC mode command displays the configuration of g...

Page 359: ... guidelines for this command Example The following example displays the configuration of views Console show snmp groups Name Security Views Model Level Read Write Notify user group V3 priv Default managers group V3 priv Default managers group V3 priv Default The following table describes significant fields shown above Field Description Name Name of the group Security Mode SNMP model in use v1 v2 o...

Page 360: ...efault Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Views Read Name of the view that enables only viewing the contents of the agent If unspecified all objects except the community table and SNMPv3 user and access tables are available Write Name of the view that enables entering data and manag...

Page 361: ...Included user filter 1 3 6 1 2 1 1 7 Excluded user filter 1 3 6 1 2 1 2 2 1 1 Included show snmp users The show snmp users Privileged EXEC mode command displays the configuration of users Syntax show snmp users username Parameters username Specifies the name of the user Range 1 30 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Ther...

Page 362: ...G4 SPS2024 Command Line Interface Reference Guide 360 26 Example The following example displays the configuration of users Console show snmp users Name Group name Auth Method Remote John user group md5 John user group md5 08009009020C0B099C075879 ...

Page 363: ...Parameters number Specifies the certificate number Range 1 2 key generate Regenerate the SSL RSA key length Specifies the SSL RSA key length Range 512 2048 common name Specifies the fully qualified URL or IP address of the device Range 1 64 organization unit Specifies the organization unit or department name Range 1 64 organization Specifies the organization name Range 1 64 location Specifies the ...

Page 364: ...of days is not specified the default period of time that the certification is valid is 365 days Command Mode Global Configuration mode User Guidelines The command is not saved in the device configuration however the certificate and keys generated by this command are saved in the private configuration which is never displayed to the user or backed up to another device Use this command to generate a...

Page 365: ... Guidelines DSA keys are generated in pairs one public DSA key and one private DSA key If the device already has DSA keys a warning and prompt to replace the existing keys with new keys are displayed This command is not saved in the device configuration however the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up on another dev...

Page 366: ... Guidelines RSA keys are generated in pairs one public RSA key and one private RSA key If the device already has RSA keys a warning and prompt to replace the existing keys with new keys are displayed This command is not saved in the device configuration however the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up on another dev...

Page 367: ...g tree functionality Use the no form of this command to disable the spanning tree functionality Syntax spanning tree no spanning tree Default Configuration Spanning tree is enabled Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables spanning tree functionality Console config spanning tree ...

Page 368: ...stp rstp mstp no spanning tree mode Parameters stp Indicates that the Spanning Tree Protocol STP is enabled rstp Indicates that the Rapid Spanning Tree Protocol RSTP is enabled mstp Indicates that the Multiple Spanning Tree Protocol RSTP is enabled Default Configuration STP is enabled Command Modes Global Configuration mode User Guidelines In RSTP mode the device uses STP when the neighbor device ...

Page 369: ... time which is the amount of time a port remains in the listening and learning states before entering the forwarding state Use the no form of this command to restore the default configuration Syntax spanning tree forward time seconds no spanning tree forward time Parameters seconds Time in seconds Range 4 30 Default Configuration The default forwarding time for the IEEE Spanning Tree Protocol STP ...

Page 370: ... configures the spanning tree bridge hello time which is how often the device Broadcasts hello messages to other devices Use the no form of this command to restore the default configuration Syntax spanning tree hello time seconds no spanning tree hello time Parameters seconds Time in seconds Range 1 10 Default Configuration The default hello time for IEEE Spanning Tree Protocol STP is 2 seconds Co...

Page 371: ... mode command configures the spanning tree bridge maximum age Use the no form of this command to restore the default configuration Syntax spanning tree max age seconds no spanning tree max age Parameters seconds Time in seconds Range 6 40 Default Configuration The default maximum age for IEEE Spanning Tree Protocol STP is 20 seconds Command Modes Global Configuration mode User Guidelines When conf...

Page 372: ...he spanning tree priority of the device The priority value is used to determine which bridge is elected as the root bridge Use the no form of this command to restore the default configuration Syntax spanning tree priority priority no spanning tree priority Parameters priority Priority of the bridge Range 0 61440 in steps of 4096 Default Configuration The default bridge priority for IEEE Spanning T...

Page 373: ...de command disables spanning tree on a specific port Use the no form of this command to enable spanning tree on a port Syntax spanning tree disable no spanning tree disable Default Configuration Spanning tree is enabled on all ports Command Modes Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example disables s...

Page 374: ... cost no spanning tree cost Parameters cost Path cost of the port Range 1 200 000 000 Default Configuration Default path cost is determined by port speed and path cost method long or short as shown below Command Modes Interface Configuration Ethernet port channel mode User Guidelines The path cost method is configured using the spanning tree pathcost method Global Configuration mode command Interf...

Page 375: ...e spanning tree port priority Interface Configuration mode command configures port priority Use the no form of this command to restore the default configuration Syntax spanning tree port priority priority no spanning tree port priority Parameters priority The priority of the port Range 0 240 in multiples of 16 Default Configuration The default port priority for IEEE Spanning TreeProtocol STP is 12...

Page 376: ...tion mode command enables PortFast mode In PortFast mode the interface is immediately put into the forwarding state upon linkup without waiting for the standard forward time delay Use the no form of this command to disable PortFast mode Syntax spanning tree portfast auto no spanning tree portfast Parameters auto Specifies that the software waits for 3 seconds With no BPDUs received on the interfac...

Page 377: ...The spanning tree link type Interface Configuration mode command overrides the default link type setting determined by the duplex mode of the port and enables Rapid Spanning Tree Protocol RSTP transitions to the forwarding state Use the no form of this command to restore the default configuration Syntax spanning tree link type point to point shared no spanning tree link type Parameters point to po...

Page 378: ...e config interface ethernet e15 Console config if spanning tree link type shared spanning tree pathcost method The spanning tree pathcost method Global Configuration mode command sets the default path cost method Use the no form of this command to return to the default configuration Syntax spanning tree pathcost method long short no spanning tree pathcost method Parameters long Specifies port path...

Page 379: ...ample sets the default path cost method to long Console config spanning tree pathcost method long spanning tree bpdu The spanning tree bpdu Global Configuration mode command defines BPDU handling when the spanning tree is disabled globally or on a single interface Use the no form of this command to restore the default configuration Syntax spanning tree bpdu filtering flooding bridging no spanning ...

Page 380: ... are relevant when spanning tree is disabled globally or on a single interface Example The following example defines BPDU packet flooding when the spanning tree is disabled on an interface Console config spanning tree bpdu flooding spanning tree guard root The spanning tree guard root Interface Configuration Ethernet port channel mode command enables root guard on all spanning tree instances on th...

Page 381: ...te state if spanning tree calculations selects the port as the root port Example The following example prevents Ethernet port e1 from being the root port of the device Console config interface ethernet e1 Console config mst spanning tree guard root clear spanning tree detected protocols The clear spanning tree detected protocols Privileged EXEC mode command restarts the protocol migration process ...

Page 382: ...ure should be used only when working in RSTP or MSTP mode Example The following example restarts the protocol migration process on Ethernet port e11 Console clear spanning tree detected protocols ethernet e11 spanning tree mst priority The spanning tree mst priority Global Configuration mode command configures the device priority for the specified spanning tree instance Use the no form of this com...

Page 383: ... Configuration mode User Guidelines The device with the lowest priority is selected as the root of the spanning tree Example The following example configures the spanning tree priority of instance 1 to 4096 Console config spanning tree mst 1 priority 4096 spanning tree mst max hops The spanning tree mst priority Global Configuration mode command configures the number of hops in an MST region befor...

Page 384: ...r guidelines for this command Example The following example configures the maximum number of hops that a packet travels in an MST region before it is discarded to 10 Console config spanning tree mst max hops 10 spanning tree mst port priority The spanning tree mst port priority Interface Configuration mode command configures port priority for the specified MST instance Use the no form of this comm...

Page 385: ...re no user guidelines for this command Example The following example configures the port priority of port g1 to 144 Console config interface ethernet g1 Console config if spanning tree mst 1 port priority 144 spanning tree mst cost The spanning tree mst cost Interface Configuration mode command configures the path cost for multiple spanning tree MST calculations If a loop occurs the spanning tree ...

Page 386: ...nd path cost method long or short as shown below Command Modes Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures the MSTP instance 1 path cost for Ethernet port e9 to 4 Console config interface ethernet e9 Console config if spanning tree mst 1 cost 4 Interface Long Short Port channel 20 000 4 Gi...

Page 387: ...ring an MST region by entering the Multiple Spanning Tree MST mode Syntax spanning tree mst configuration Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines All devices in an MST region must have the same VLAN mapping configuration revision number and name Example The following example configures an MST region Console config spann...

Page 388: ...nce To specify a range of VLANs use a hyphen To specify a series of VLANs use a comma Range 1 4094 Default Configuration VLANs are mapped to the common and internal spanning tree CIST instance instance 0 Command Modes MST Configuration mode User Guidelines All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree CIST instance instance 0 and ca...

Page 389: ...t instance 1 add vlan 10 20 name mst The name MST Configuration mode command defines the configuration name Use the no form of this command to restore the default setting Syntax name string Parameters string MST configuration name The name is case sensitive Range 1 32 characters Default Configuration The default name is a radlan_guest Command Mode MST Configuration mode User Guidelines There are n...

Page 390: ...t name region1 revision mst The revision MST Configuration mode command defines the configuration revision number Use the no form of this command to restore the default configuration Syntax revision value no revision Parameters value Configuration revision number Range 0 65535 Default Configuration The default configuration revision number is 0 Command Mode MST Configuration mode User Guidelines T...

Page 391: ...mst The show MST Configuration mode command displays the current or pending MST region configuration Syntax show current pending Parameters current Indicates the current region configuration pending Indicates the pending region configuration Default Configuration This command has no default configuration Command Mode MST Configuration mode User Guidelines The pending MST region configuration takes...

Page 392: ... Pending MST configuration Name Region1 Revision 1 Instance VLANs Mapped State 0 1 9 21 4094 Enabled 1 10 20 Enabled exit mst The exit MST Configuration mode command exits the MST Configuration mode and applies all configuration changes Syntax exit Default Configuration This command has no default configuration Command Mode MST Configuration mode User Guidelines There are no user guidelines for th...

Page 393: ...config abort mst The abort MST Configuration mode command exits the MST Configuration mode without applying the configuration changes Syntax abort Default Configuration This command has no default configuration Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command Example The following example exits the MST Configuration mode without saving changes Conso...

Page 394: ...kedports instance instance id how spanning tree mst configuration Parameters interface number A valid Ethernet port port channel number A valid port channel number detail Indicates detailed information active Indicates active ports only blockedports Indicates blocked ports only mst configuration Indicates the MST configuration identifier instance id Specifies ID of the spanning tree instance Range...

Page 395: ...c Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max Hops 20 Interfaces Name State Pro Nbr Cost Sts Role PortFast Type e1 Enabled 128 1 20000 FWD Root No P2p bound RSTP e2 Enabled 128 2 20000 FWD Desg No Shared STP e3 Disabled128 3 20000 e4 Enabled 128 4 20000 BLK ALTN No Shared STP e5 Enabled 128 5 20000 DIS Console sho...

Page 396: ...ning tree Spanning tree disabled BPDU filtering mode RSTP Default port cost method long Root ID Priority N A Address N A Path Cost N A Root Port N A Hello Time N A Max Age N A Forward Delay N A Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortFast Type e1 Enabled 128 1 20000 e2 Enabled 128 2 200...

Page 397: ...No P2p RSTP e2 Enabled 128 2 20000 FWD Desg No Shared STP e4 Enabled 128 4 20000 BLK ALTN No Shared STP Console show spanning tree blockedports Spanning tree enabled mode RSTP Default port cost method long Root ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 e1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time...

Page 398: ...ast No configured no Designated bridge Priority 32768Address 00 01 42 97 e0 00 Designated port id 128 25 Designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Port 2 e2 enabled State Forwarding Role Designated Port id 128 2 Port cost 20000 Type Shared configured auto STPPort Fast No configured no Designated bridge Priority 32768Address 00 02 4b 29 7a 00 Des...

Page 399: ...onfigured auto Port Fast N A configured no Designated bridge Priority N AAddress N A Designated port id N A Designated path cost N A Number of transitions to forwarding state N A BPDU sent N A received N A Console show spanning tree ethernet e1 Port 1 e1 enabled State Forwarding Role Root Port id 128 1 Port cost 20000 Type P2p configured auto RSTPPort Fast No configured no Designated bridge Priori...

Page 400: ...lay 15 sec Max hops 20 Interfaces Name State Prio Nbr Cost Sts Role PortFast Type e1 Enabled 128 1 20000 FWD Root No P2p Bound RSTP e2 Enabled 128 2 20000 FWD Desg No Shared Bound STP e3 Enabled 128 3 20000 FWD Desg No P2p e4 Enabled 128 4 20000 FWD Desg No P2p MST 1 Vlans Mapped 10 20 CST Root IDPriority 24576 Address 00 02 4b 29 89 76 Path Cost 20000 Root Port 4 e4 Rem hops 19 Bridge ID Priority...

Page 401: ...change occurred 2d18h ago Times hold 1 topology change 35 notification 2 hello 2 max age 20 forward delay 15 Port 1 e1 enabled State Forwarding Role Root Port id 128 1 Port cost 20000 Type P2p configured auto Boundary RSTPPort Fast No configured no Designated bridge Priority 32768Address 00 01 42 97 e0 00 Designated port id 128 25 Designated path cost 0 Number of transitions to forwarding state 1 ...

Page 402: ... 4 Port cost 20000 Type Shared configured auto InternalPort Fast No configured no Designated bridge Priority 32768Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 MST 1 Vlans Mapped 10 20 Root ID Priority 24576 Address 00 02 4b 29 89 76 Path Cost 20000 Port Cost 4 e4 Rem hops 19 Bridge ID Priority ...

Page 403: ...gnated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Port 3 e3 disabled State Blocking Role Alternate Port id 128 3 Port cost 20000 Type Shared configured auto InternalPort Fast No configured no Designated bridge Priority 32768Address 00 02 4b 29 1a 19 Designated port id 128 78 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sen...

Page 404: ... sec Max Age 20 secForward Delay 15 sec IST Master ID Priority 32768 Address 00 02 4b 19 7a 00 Path Cost 10000 Rem hops 19 Bridge ID Priority 32768 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 secForward Delay 15 sec Max hops 20 Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 21 4094 CST Root IDPriority 32768 Address 00 01 42...

Page 405: ... be used by the SSH server Use the no form of this command to restore the default configuration Syntax ip ssh port port number no ip ssh port Parameters port number Port number for use by the SSH server Range 1 65535 Default Configuration The default port number is 22 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command ...

Page 406: ...he no form of this command to disable this function Syntax ip ssh server no ip ssh server Default Configuration Device configuration from a SSH server is enabled Command Mode Global Configuration mode User Guidelines If encryption keys are not generated the SSH server is in standby until the keys are generated To generate SSH server keys use the crypto key generate dsa and crypto key generate rsa ...

Page 407: ...oming SSH sessions Use the no form of this command to disable this function Syntax ip ssh pubkey auth no ip ssh pubkey auth Default Configuration Public Key authentication to incoming SSH sessions is disabled Command Mode Global Configuration mode User Guidelines AAA authentication is independent Example The following example enables public key authentication for incoming SSH sessions Console conf...

Page 408: ...Guidelines Use this command to enter public key chain configuration mode Use this command when you need to manually specify SSH client s public keys Example The following example enters the SSH Public Key chain Configuration mode and manually configures the RSA key pair for SSH public key chain bob Console config crypto key pubkey chain ssh Console config pubkey chain user key bob Console config p...

Page 409: ... key The user key SSH Public Key string Configuration mode command specifies which SSH public key is manually configured Use the no form of this command to remove an SSH public key Syntax user key username rsa dsa no user key username Parameters username Specifies the username of the remote SSH client Range 1 48 characters rsa Indicates the RSA key pair dsa Indicates the DSA key pair Default Confi...

Page 410: ...o key pubkey chain ssh Console config pubkey chain user key bob rsa Console config pubkey key key string row AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl key string The key string SSH Public Key string Configuration mode command manually specifies an SSH public key Syntax key string key string row key string Parameters row Indicates the SSH public key row by row key string Specifies the key in UU encod...

Page 411: ...d by OpenSSH Example The following example enters public key strings for SSH public key client bob Console config crypto key pubkey chain ssh Console config pubkey chain user key bob rsa Console config pubkey key key string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ ZNXfZSkvHG QusIZ 76ILmFT34v7u7ChFAE Vu4GRfpSwoQUvV35LqJJk67IOU zfwOl1g kTwml75QR9gHujS6KwGN2QWXgh3ub8gDjT...

Page 412: ...nd Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the SSH server configuration Console show ip ssh SSH server enabled Port 22 RSA key was generated DSA DSS key was generated SSH Public Key Authentication is enabled Active incoming sessions IP AddressSSH Username Version CipherAuth Code 172 16 0 1John Brown 2 0 3 DESHMA...

Page 413: ...ey pubkey chain ssh username username fingerprint bubble babble hex Parameters username Specifies the remote SSH client username bubble babble Fingerprint in Bubble Babble format hex Fingerprint in Hex format Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Field Description IP address Client address SSH Username User name Version SSH version number...

Page 414: ... F1 86 john 98 F7 6E 28 F2 79 87 C8 18 F8 88 CC F8 89 87 C8 Console show crypto key pubkey chain ssh username bob Username bob Key 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 Fingerprint 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 show crypto key mypubkey To view the SSH public keys of your device use the show crypto key mypubkey ...

Page 415: ...D7A4 71020301 87685768 Fingerprint Hex 77 C7 19 85 98 19 27 96 C9 CC 83 C5 78 89 F8 86 Fingerprint Bubble Babble yteriuwt jgkljhglk yewiury hdskjfryt gfhkjglk crypto certificate request To generate and display certificate request for HTTPS use the crypto certificate request command in privileged EXEC mode Syntax crypto certificate number request common name ou organization unit or organization loc...

Page 416: ...d to export a certificate request to a Certification Authority The certificate request is generated in Base64 encoded X 509 format Before generating a certificate request you must first generate a self signed certificate using the crypto certificate generate global configuration command in order to generate the keys Be aware that you should reenter the certificates fields After receiving the certi...

Page 417: ...RDjEyMwgICCAgICAICAgIMA0GCSqGSIb3DQEBBAUAA4GBAGb8UgIx7rB05m 2 m5ZZPhIwl8ARSPXwhVdJexFjbnmvcacqjPG8pIiRV6LkxryGF2bVU3jKEipcZa g uNpyTkDt3ZVU72pjz fa8TF0n3 END CERTIFICATE REQUEST CN router gm com 0 General Motors C US crypto certificate import To import a certificate signed by Certification Authority for HTTPS use the crypto certificate import command in global configuration mode Syntax crypto cert...

Page 418: ...in the router configuration however the certificate imported by this command is saved in the private configuration which is never displayed to the user or backed up to another device Examples Console config crypto certificate 1 import BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4...

Page 419: ...tificate export command in Privileged EXEC mode Syntax crypto certificate number export Parameters number Specifies the certificate number Range 1 2 digits Default Configuration There is no default configuration for this command Command Mode Privileged EXEC User Guidelines The crypto certificate export command creates a file that contains the certificate and an RSA key pair The passphrase for the ...

Page 420: ...number Range 1 product specific Default value This command has no default setting Command Mode Privileged EXEC Example Console show crypto certificate mycertificate 1 BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw CwR0PBAQDAgFGMA8GA1UdEwEB wQF...

Page 421: ...mycertificate SPS208G SPS224G4 SPS2024 Command Line Interface Reference Guide 419 29 Issued by www verisign com Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US Finger print DC789788 DC88A988 127897BC BB789788 ...

Page 422: ...sable the logging process Syntax logging on no logging on Default Configuration Logging is enabled Command Mode Global Configuration mode User Guidelines The logging process controls the distribution of logging messages at various destinations such as the logging buffer logging file or syslog server Logging on and off at these destinations can be individually configured using the logging buffered ...

Page 423: ...ostname Parameters ip address IP address of the host to be used as a syslog server hostname Specifies the host name of the syslog server Range 1 158 characters port Specifies the port number for syslog messages Range 1 65535 level Specifies the severity level of logged messages sent to the syslog servers Possible values emergencies alerts critical errors warnings notifications informational and de...

Page 424: ...ent to the syslog server with IP address 10 1 1 1 to severity level critical Console config logging 10 1 1 1 severity critical logging console The logging console Global Configuration mode command limits messages logged to the console based on severity Use the no form of this command to disable logging to the console Syntax logging console level no logging console Parameters level Specifies the se...

Page 425: ...isplayed on the console to severity level errors Console config logging console errors logging buffered The logging buffered Global Configuration mode command limits syslog messages displayed from an internal buffer based on severity Use the no form of this command to cancel using the buffer Syntax logging buffered level no logging buffered Parameters level Specifies the severity level of messages...

Page 426: ...r Example The following example limits syslog messages displayed from an internal buffer based on severity level debugging Console config logging buffered debugging logging buffered size The logging buffered size Global Configuration mode command changes the number of syslog messages stored in the internal buffer Use the no form of this command to restore the default configuration Syntax logging b...

Page 427: ...This command takes effect only after Reset Example The following example changes the number of syslog messages stored in the internal buffer to 300 Console config logging buffered size 300 clear logging The clear logging Privileged EXEC mode command clears messages from the internal logging buffer Syntax clear logging Default Configuration This command has no default configuration Command Mode Pri...

Page 428: ...ogging file Global Configuration mode command limits syslog messages sent to the logging file based on severity Use the no form of this command to cancel using the buffer Syntax logging file level no logging file Parameters level Specifies the severity level of syslog messages sent to the logging file Possible values are emergencies alerts critical errors warnings notifications informational and d...

Page 429: ...ts syslog messages sent to the logging file based on severity level alerts Console config logging file alerts clear logging file The clear logging file Privileged EXEC mode command clears messages from the logging file Syntax clear logging file Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this com...

Page 430: ... mode command enables logging AAA login events Use the no form of this command to disable logging AAA login events Syntax aaa logging login no aaa logging login Parameters login Indicates logging messages related to successful login events unsuccessful login events and other login related events Default Configuration Logging AAA login events is enabled Command Mode Global Configuration mode User G...

Page 431: ...use the file system logging command in global configuration mode Use the no form to disable logging Syntax file system logging copy no file system logging copy file system logging delete rename no file system logging delete rename Parameters copy Log messages related to file copy operations delete rename Log messages related to file deletion and renaming Default Configuration Enabled Command Mode ...

Page 432: ...of this command to disable logging management access list events Syntax management logging deny no management logging deny Parameters deny Indicates logging messages related to deny actions of management ACLs Default Configuration Logging management ACL events is enabled Command Mode Global Configuration mode User Guidelines Other types of management ACL events are not subject to this command Exam...

Page 433: ...lines There are no user guidelines for this command Example The following example displays the state of logging and the syslog messages stored in the internal buffer Console show logging Logging is enabled Console logging level debugging Console Messages 0 Dropped severity Buffer logging level debugging Buffer Messages 11 Logged 200 Max File logging level notifications File Messages 0 Dropped seve...

Page 434: ... Interface Ethernet1 3 changed state to up 11 Aug 2004 15 41 43 SYS 5 CONFIG_I Configured from memory by console 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet0 0 changed state to up 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet1 0 changed state to down 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet1 1 chan...

Page 435: ...fer logging level debugging Buffer Messages 11 Logged 200 Max File logging level notifications File Messages 0 Dropped severity Syslog server 192 180 2 27 logging errors Messages 6 Dropped severity Syslog server 192 180 2 28 logging errors Messages 6 Dropped severity 2 messages were not logged resources Application Filtering Control Application Event Status AAA Login Enabled File System Copy Enabl...

Page 436: ...o up 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet1 0 changed state to down 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet1 1 changed state to down 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet1 2 changed state to down 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet1 3 changed state...

Page 437: ... 30 User Guidelines There are no user guidelines for this command Example The following example displays the settings of the syslog servers Console show syslog servers Device Configuration IP address Port Severity Facility Description 192 180 2 27 514 Informational local7 192 180 2 27 514 Warning local7 ...

Page 438: ...t name to ping Range 1 158 characters packet_size Number of bytes in a packet The actual packet size is eight bytes larger than the specified size specified because the device adds header information Range 56 1472 bytes packet_count Number of packets to send If 0 is entered it pings until stopped Range 0 65535 packets time_out Timeout in milliseconds to wait for each reply Range 50 65535 milliseco...

Page 439: ...ding entry in the route table Example The following example displays pinging results Console ping 10 1 1 1 Pinging 10 1 1 1 with 64 bytes of data 64 bytes from 10 1 1 1 icmp_seq 0 time 11 ms 64 bytes from 10 1 1 1 icmp_seq 1 time 8 ms 64 bytes from 10 1 1 1 icmp_seq 2 time 8 ms 64 bytes from 10 1 1 1 icmp_seq 3 time 7 ms 10 1 1 1 PING Statistics 4 packets transmitted 4 packets received 0 packet lo...

Page 440: ...p address IP address of the destination host hostname Host name of the destination host Range 1 158 characters packet size Number of bytes in a packet Range 40 1472 max ttl The largest TTL value that can be used The traceroute command terminates when the destination is reached or when this value is reached Range 1 255 packet count The number of probes to be sent at each TTL level Range 1 10 time o...

Page 441: ...raceroute command sends several probes at each TTL level and displays the round trip time for each The traceroute command sends out one probe at a time Each outgoing packet may result in one or two error messages A time exceeded error message indicates that an intermediate device has seen and discarded the probe A destination unreachable error message indicates that the destination node has receiv...

Page 442: ...32 8 103 33 msec 35 msec 35 msec 6 iplsng kscyng abilene ucaid edu 198 32 8 80 47 msec 45 msec 45 msec 7 so 0 2 0x1 aa1 mich net 192 122 183 9 56 msec 53 msec 54 msec 8 atm1 0x24 michnet8 mich net 198 108 23 82 56 msec 56 msec 57 msec 9 10 A ARB3 LSA NG c SEB umnet umich edu 141 211 5 22 58 msec 58 msec 58 msec 11 umaxp1 physics lsa umich edu 141 211 101 64 62 msec 63 msec 63 msec The following ta...

Page 443: ...ress hostname port keyword1 Parameters ip address IP address of the destination host hostname Host name of the destination host Range 1 158 characters Field Description The probe timed out Unknown packet type A Administratively unreachable Usually this output indicates that an access list is blocking traffic F Fragmentation is required and DF is set H Host unreachable N Network unreachable P Proto...

Page 444: ...elnet sequences that map generic terminal control functions to operating system specific functions To enter a Telnet sequence press the escape sequence keys Ctrl Shift 6 followed by a Telnet command character Special Telnet Sequences At any time during an active Telnet session Telnet commands can be listed by pressing the Telnet sequence Ctrl Shift 6 at the system prompt A sample of this list foll...

Page 445: ...suspended by pressing the escape sequence keys Ctrl Shift 6 and x to return to the system command prompt Then open a new connection with the telnet User EXEC mode command Keywords Table Options Description echo Enables local echo quiet Prevents onscreen display of all messages from the software source interface Specifies the source interface stream Turns on stream processing which enables a raw TC...

Page 446: ...o Echo 7 exec Exec 512 finger Finger 79 ftp File Transfer Protocol 21 ftp data FTP data connections 20 gopher Gopher 70 hostname NIC hostname server 101 ident Ident Protocol 113 irc Internet Relay Chat 194 klogin Kerberos login 543 kshell Kerberos shell 544 login Login 513 lpd Printer service 515 nntp Network News Transport Protocol 119 pim auto rp PIM Auto RP 496 pop2 Post Office Protocol v2 109 ...

Page 447: ...sessions Example The following example displays connecting to 176 213 10 50 via Telnet Console telnet 176 213 10 50 Esc U sends telnet EL resume The resume User EXEC mode command enables switching to another open Telnet session Syntax resume connection Parameters connection The connection number Range 1 4 connections syslog Syslog 514 tacacs TAC Access Control System 49 talk Talk 517 telnet Telnet...

Page 448: ...cent connection Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following command switches to open Telnet session number 1 Console resume 1 reload The reload Privileged EXEC mode command reloads the operating system Syntax reload Default Configuration This command has no default configuration Command Mode Privileged EXEC mode ...

Page 449: ...mple reloads the operating system Console reload This command will reset the whole system and disconnect your current session Do you want to continue y n n hostname The hostname Global Configuration mode command specifies or modifies the device host name Use the no form of the command to remove the existing host name i e restore the default hostname Console Syntax hostname name no hostname Paramet...

Page 450: ...ost name Console config hostname enterprise enterprise config service cpu utilization The service cpu utilization Global Configuration mode command enables measuring CPU utilization Use the no form of the command to restore the default configuration Syntax service cpu utilization no service cpu utilization Default Configuration Enabled Command Mode Global Configuration mode User Guidelines There a...

Page 451: ...e command displays information about CPU utilization Syntax show cpu utilization Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Use the service cpu utilization Global Configuration command to enable measuring CPU utilization Example This example shows how to display CPU utilization information Console show cpu utilization CPU utili...

Page 452: ...the active users Syntax show users Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information about the active users Console show users Username Protocol Location Bob Serial John SSH 172 16 0 1 Robert HTTP 172 16 0 8 Betty Telnet 172 16 1 7 ...

Page 453: ...uration for this command Command Mode Privileged EXEC mode User Guidelines The command shows the telnet sessions to remote hosts opened by the present telnet session to the local device This command will not show telnet sessions to remote hosts opened by other telnet sessions to the local device Example The following example lists open Telnet sessions Console show sessions Connection Host Address ...

Page 454: ...ormation Syntax show system unit unit Parameters unit Specifies the number of the unit Range 1 8 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Field Description Connection Connection number Host Remote host to which the device is connected through a Telnet session Address IP address of the remote host Port Telnet TCP port number Byte Number of un...

Page 455: ...isplays the system information Console show system System Description Corporate System Up Time days hour min sec 1 22 38 21 System Contact System Name RS1 System location System MAC Address 0010 B5F4 0001 Temperature Sensors Unit Sensor Temperature Status Celsius 1 1 41 OK 1 2 41 OK 2 1 42 OK 2 42 OK Unit Power supply Source Status 1 Main AC OK 2 Secondary AC OK Unit FAN Status 1 Backplane OK 2 CP...

Page 456: ...meters unit Specifies the number of the unit Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays system version information only for demonstration purposes console show version SW version 1 0 2 date 14 Jul 2008 time 10 19 35 Boot version 1 0 2 date 13 N...

Page 457: ...mand displays the Ternary Content Addressable Memory TCAM utilization Syntax show system tcam utilization unit unit Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information on features control Console show system tcam utilization TCAM utilization...

Page 458: ...he TACACS server Range 1 158 characters single connection Indicates a single connection Rather than have the device open and close a TCP connection to the daemon each time it must communicate the single connection option maintains a single open connection between the device and the daemon port number Specifies a server port number The host is not used for authentication if the port number is set t...

Page 459: ...e highest priority Range 0 65535 Default Configuration No TACACS host is specified If no port number is specified default port number 49 is used If no host specific timeout key string or source value is specified the global value is used If no TACACS server priority is specified default priority 0 is used Command Mode Global Configuration mode User Guidelines Multiple tacacs server host commands c...

Page 460: ... server key key string no tacacs server key Parameters key string Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the encryption used on the TACACS daemon Range 0 128 characters Default Configuration Empty string Command Mode Global Configuration mode User Guidelines There are no user guidelines for this com...

Page 461: ...o reply Use the no form of the command to restore the default configuration Syntax tacacs server timeout timeout no tacacs server timeout Parameters timeout Specifies the timeout value in seconds Range 1 30 Default Configuration 5 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the timeout value to 30 f...

Page 462: ...of the command to restore the default configuration Syntax tacacs server source ip source no tacacs server source ip source Parameters source Specifies the source IP address Default Configuration The source IP address is the address of the outgoing IP interface Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifi...

Page 463: ...ers ip address Name or IP address of the TACACS server Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays configuration and statistical information about a TACACS server Console show tacacs Device Configuration IP address Status Port Single Connection ...

Page 464: ...TACACS Commands show tacacs SPS208G SPS224G4 SPS2024 Command Line Interface Reference Guide 462 32 Global values TimeOut 3 ...

Page 465: ...and changes a login username Syntax login Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example enters Privileged EXEC mode and logs in with username admin Console login User Name admin Password Console ...

Page 466: ...ax configure Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example enters Global Configuration mode Console configure Console config exit configuration The exit command exits from any configuration mode to the next highest mode in the CLI mode hierarchy Syntax exi...

Page 467: ... user guidelines for this command Example The following example changes the configuration mode from Interface Configuration mode to Privileged EXEC mode Console config if exit Console config exit Console exit EXEC The exit Privileged User EXEC mode command closes an active terminal session by logging off the device Syntax exit Default Configuration This command has no default configuration Command...

Page 468: ...active terminal session Console exit end The end command ends the current configuration session and returns to the Privileged EXEC mode Syntax end Default Configuration This command has no default configuration Command Mode All configuration modes User Guidelines There are no user guidelines for this command Example The following example changes from Global Configuration mode to Privileged EXEC mo...

Page 469: ...There are no user guidelines for this command Example The following example describes the help system Console help Help may be requested at any point in a command by entering a question mark If nothing matches the currently entered incomplete command the help list is empty This indicates that for a query at this point there is no command matching the current input If the request is within a comman...

Page 470: ... pr history The history Line Configuration mode command enables the command history function Use the no form of the command to disable the command history function Syntax history no history Default Configuration The command history function is enabled Command Mode Line Configuration mode User Guidelines This command enables the command history function for a specified line Use the terminal history...

Page 471: ...mmand history buffer size to the default configuration Syntax history size number of commands no history size Parameters number of commands Number of commands that the system records in its history buffer Range 10 206 Default Configuration The default history buffer size is 10 Command Mode Line Configuration mode User Guidelines This command configures the command history buffer size for a particu...

Page 472: ...story function for the current terminal session Use the no form of this command to disable the command history function Syntax terminal history no terminal history Default Configuration The default configuration for all terminal sessions is defined by the history line configuration command Command Mode User EXEC mode User Guidelines The command enables the command history for the current session T...

Page 473: ...yntax terminal history size number of commands terminal no history size Parameters number of commands Specifies the number of commands the system may record in its command history buffer Range 10 206 Default Configuration The default command history buffer size is 10 Command Mode User EXEC mode User Guidelines The terminal history size user EXEC command configures the size of the command history b...

Page 474: ...w command without prompting Use the no form of this command to disable dumping Syntax terminal datadump terminal no datadump Default Configuration Data dump is disabled Command Mode User EXEC mode User Guidelines By default a More prompt is displayed when the output contains more lines than can be displayed on the screen Pressing the Enter key displays the next line pressing the Spacebar displays ...

Page 475: ...minal datadump debug mode The debug mode Privileged EXEC mode command switches to debug mode Syntax debug mode Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example enables the debug command interface console config console debug debug Enter DEBUG Password DEBUG ...

Page 476: ...iguration Command Mode Privileged EXEC mode User Guidelines The buffer includes executed and unexecuted commands Commands are listed from the first to the most recent command The buffer remains unchanged when entering into and returning from configuration modes Example The following example displays all the commands entered while in the current Privileged EXEC mode Console show version SW version ...

Page 477: ...ffer size is 10 do The do command in any configuration mode executes an EXEC level command from Global Configuration mode or any Configuration submode Syntax do command Parameters command The EXEC command to be executed Default Configuration This command has no default configuration Command Mode All Configuration modes User Guidelines There are no user guidelines for this command ...

Page 478: ... level Console Config do show vlan VLAN Name Ports Type Authorization 1 default e1 e2 Other Required e9 e12 10 VLAN0010 e3 e4 dynamic Required 11 VLAN0011 e1 e2 static Required 20 VLAN0020 e3 e4 static Required 21 VLAN021 static Required 30 VLAN0030 static Required 31 VLAN0031 static Required 91 VLAN0011 e1 e2 static Not Required 3978 Guest VLAN e17 static Guest ...

Page 479: ...form of this command to disable overriding the FDB decision Syntax switchport protected ethernet port port channel port channel number no switchport protected Parameters port Specifies the uplink Ethernet port port channel number Specifies the uplink port channel Default Configuration Switchport protected is disabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines P...

Page 480: ...d the default VLAN function simultaneously in the same device Example This example configures ethernet port 2 as a protected port so that all traffic is sent to its uplink Ethernet port 3 Console config interface ethernet 2 Console config if switchport protected ethernet 3 switchport protected port Use the switchport protected port interface configuration command to isolate unicast multicast and b...

Page 481: ...otected ports on the same switch NOTE The packet is still subject to the FDB decision and to all filtering rules switchport protected port fastethernet Use the switchport protected port fastethernet global configuration command set the FE ports as protected ports Use the no form of this command to set the FE ports as unprotected ports NOTE This command is supported in SPS2xx devices Syntax switchp...

Page 482: ...on Usage Guidelines This command configures all the FE ports as protected ports vlan database The vlan database Global Configuration mode command enters the VLAN Configuration mode Syntax vlan database Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command ...

Page 483: ...and creates a VLAN Use the no form of this command to delete a VLAN Syntax vlan vlan range no vlan vlan range Parameters vlan range Specifies a list of VLAN IDs to be added Separate nonconsecutive VLAN IDs with a comma and no spaces a hyphen designates a range of IDs Range 2 4094 Default Configuration This command has no default configuration Command Mode VLAN Database mode User Guidelines There a...

Page 484: ...lan vlan 1972 default vlan vlan The default vlan vlan VLAN Configuration mode command defines the default VLAN Use the no form of this command to return to default Syntax default vlan vlan vlan id no default vlan vlan Parameters vlan id VLAN ID of the default VLAN Default Configuration The default configuration is disabled Command Mode VLAN Configuration User Guidelines No user guidelines for this...

Page 485: ...Interface Configuration VLAN mode Syntax interface vlan vlan id Parameters vlan id Specifies an existing VLAN ID Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines In case the VLAN doesn t exist ghost VLAN only partial list of the commands are available under the interface VLAN context The commands that are supported for VLAN that...

Page 486: ...face range vlan vlan range all Parameters vlan range Specifies a list of VLAN IDs to be added Separate nonconsecutive VLAN IDs with a comma and no spaces a hyphen designates a range of IDs Range 2 4094 all All existing static VLANs Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Commands under the interface range context are ex...

Page 487: ...e the same command Console config interface range vlan 221 228 889 Console config if name The name Interface Configuration mode command adds a name to a VLAN Use the no form of this command to remove the VLAN name Syntax name string no name Parameters string Unique name to be associated with this VLAN Range 1 32 characters Default Configuration No name is defined Command Mode Interface Configurati...

Page 488: ...erface Configuration mode command configures the VLAN membership mode of a port Use the no form of this command to restore the default configuration Syntax switchport mode access trunk general customer no switchport mode Parameters access Indicates an untagged layer 2 VLAN port trunk Indicates a trunking layer 2 VLAN port general Indicates a full 802 1q supported VLAN port customer The port is con...

Page 489: ...hernet 1 Console config if switchport mode access switchport protected The switchport protected Interface Configuration mode command overrides the FDB decision and sends all Unicast Multicast and Broadcast traffic to an uplink port Use the no form of this command to disable overriding the FDB decision Syntax switchport protected ethernet port port channel port channel number no switchport protecte...

Page 490: ...arded to uplink ports PVE requires only one VLAN on each device but not on every port this reduces the number of VLANs required by the device Private VLANs and the default VLAN function simultaneously in the same device Example This example configures ethernet port 2 as a protected port so that all traffic is sent to its uplink Ethernet port 3 Console config interface ethernet 2 Console config if ...

Page 491: ...ple The following example configures a VLAN ID of 23 to the untagged layer 2 VLAN Ethernet port 1 Console config interface ethernet 1 Console config if switchport access vlan 23 switchport access multicast tv vlan The switchport access multicast tv vlan Interface Configuration mode command enables receiving Multicast transmissions from a VLAN that is not the Access port VLAN while maintaining the ...

Page 492: ...ticast transmissions on the Multicast TV VLAN Example The following example adds VLANs 2 5 6 to the allowed list console config if switchport trunk allowed vlan add 2 5 6 switchport trunk allowed vlan The switchport trunk allowed vlan Interface Configuration Ethernet port channel mode command adds or removes VLANs to or from a trunk port Syntax switchport trunk allowed vlan add vlan list remove vl...

Page 493: ...ort channel mode User Guidelines There are no user guidelines for this command Example The following example adds VLANs 1 2 5 to 6 to the allowed list console config if switchport trunk allowed vlan add 1 2 5 6 switchport trunk native vlan The switchport trunk native vlan Interface Configuration mode command defines the native VLAN when the interface is in trunk mode Use the no form of this comman...

Page 494: ...s already configured as a native VLAN 3 it will automatically change the last entry VLAN 2 Only one native VLAN can be configured to the port Example The following example configures VLAN number 123 as the native VLAN when Ethernet port 1 is in trunk mode Console config interface ethernet 1 Console config if switchport mode trunk Console config if switchport trunk native vlan 123 switchport genera...

Page 495: ...nsmits tagged packets for the VLANs untagged Indicates that the port transmits untagged packets for the VLANs Default Configuration If the port is added to a VLAN without specifying tagged or untagged the default setting is tagged Command Mode Interface Configuration Ethernet port channel mode User Guidelines This command enables changing the egress rule for example from tagged to untagged without...

Page 496: ...ort general pvid vlan id no switchport general pvid Parameters vlan id Specifies the PVID Port VLAN ID Default Configuration If the default VLAN is enabled PVID 1 Otherwise PVID 4095 Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures the PVID for Ethernet port 1 when the interface is...

Page 497: ...estore the default configuration Syntax switchport general ingress filtering disable no switchport general ingress filtering disable Default Configuration Ingress filtering is enabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example disables port ingress filtering on Ethernet port 1 Console c...

Page 498: ...default configuration Syntax switchport general acceptable frame type tagged only no switchport general acceptable frame type tagged only Default Configuration All frame types are accepted at ingress Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures Ethernet port 1 to discard untagg...

Page 499: ...this command to restore the default configuration Syntax switchport customer vlan vlan id no switchport customer vlan Parameters vlan id VLAN ID of the customer Default Configuration No VLAN is configured Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures Ethernet port 1 to discard u...

Page 500: ...ers on different Customer port VLANs Syntax switchport customer multicast tv vlan add vlan list remove vlan list Parameters vlan list List of Multicast TV VLANs Default Configuration The port is not member in any Multicast TV VLAN Command Mode Interface configuration Ethernet port channel Command Usage The user cannot transmit Multicast transmissions on Multicast TV VLANs Example The following exa...

Page 501: ...move vlan list Parameters add vlan list Specifies the list of VLAN IDs to be added Separate nonconsecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan list Specifies the list of VLAN IDs to be removed Separate nonconsecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs Default Configuration All VLANs are allowed Command Mode Interfac...

Page 502: ...t 1 Console config if switchport mode trunk Console config if switchport forbidden vlan add 234 256 show interfaces protected ports Use the show interfaces protected ports EXEC command to show protected ports configuration NOTE This command is supported in SPS20xx devices Syntax show interfaces protected ports Default Configuration Defaults Command Mode EXEC Example Console show interfaces protect...

Page 503: ...ed ports fastethernet Use the show protected ports fastethernet EXEC command to show protected ports configuration NOTE This command is supported in SPS2xx devices Syntax show protected ports fastethernet Default Configuration Defaults Command Mode EXEC Example Console show protected ports fastethernet GE protected ports state Unprotected FE protected ports state Protected ...

Page 504: ...pecifies a VLAN name string Range 1 32 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays all VLAN information Console show vlan VLAN Name Ports Type Authorization 1 default 1 2 other Required 10 VLAN0010 1 dynamic Required 11 VLAN0011 1 sta...

Page 505: ...leged EXEC mode command displays information on the source ports and receiver ports of Multicast TV VLAN Syntax show vlan multicast tv vlan vlan id Parameters vlan id VLAN ID value Default Configuration The default configuration is disabled Command Mode Privileged EXEC mode User Guidelines No user guidelines for this command Example The following example displays information on the source ports an...

Page 506: ...itchport Privileged EXEC mode command displays the switchport configuration Syntax show interfaces switchport ethernet interface port channel port channel number Parameters interface A valid Ethernet port number port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelin...

Page 507: ... group Console show interface switchport ethernet 10 Port 10 Port mode General GVRP Status General Ingress Filtering True Acceptable Frame Type AdmitAll Ingress UnTagged VLAN NATIVE 6 Protected Enabled Uplink is 2 Port is member in Vlan Name Egress rule Port Membership Type 2 2 Untagged Static 3 3 Tagged Static 6 6 Tagged Static Forbidden VLANS VLAN Name 5 5 Classification rules Protocol based VLA...

Page 508: ...e device from a browser Use the no form of this command to disable this function Syntax ip http server no ip http server Default Configuration HTTP server is enabled Command Mode Global Configuration mode User Guidelines Only a user with access level 15 can use the Web server Example The following example enables configuring the device from a browser Console config ip http server ...

Page 509: ...global configuration command To use the default port use the no form of this command Syntax ip http port port number no ip http port Parameters port number Port number for use by the HTTP server Range 0 65534 Default Configuration 80 Command Mode Global configuration Usage Guidelines Specifying 0 as the port number effectively disables HTTP access to the device Examples Console config ip http port...

Page 510: ...ds no ip http exec timeout Parameters minutes Integer that specifies the number of minutes Range 1 65535 seconds Additional time intervals in seconds Range 0 59 Default Configuration The default is 10min Command Mode Global Configuration mode User Guidelines This command also configures the exec timeout for HTTPS in case the HTTPS timeout was not set To specify no timeout enter the ip https exec t...

Page 511: ... browser Use the no form of this command to restore the default configuration Syntax ip https server no ip https server Default Configuration Disabled Command Mode Global Configuration mode User Guidelines Use the crypto certificate generate Global Configuration mode command to generate an HTTPS certificate Example The following example enables configuring the device from a secured browser Console...

Page 512: ...orm of this command to restore the default configuration Syntax ip https port port number no ip https port Parameters port number Port number to be used by the HTTP server Range 0 65535 Default Configuration The default port number is 443 Command Mode Global Configuration mode User Guidelines Specifying 0 as the port number effectively disables HTTP access to the device Example The following examp...

Page 513: ...p https exec timeout minutes seconds no ip https exec timeout Parameters minutes Integer that specifies the number of minutes Range 1 65535 seconds Additional time intervals in seconds Range 0 59 Default Configuration The exec timeout set by the ip http exec timeout command Command Mode Global Configuration mode User Guidelines To specify no timeout enter the ip https exec timeout 0 0 command Exam...

Page 514: ...and Use the no form of this command to return to default Syntax ip https certificate number no ip https certificate Parameters number Specifies the certificate number Range 1 digit product specific Default Configuration Certificate number 1 Command Mode Global configuration Usage Guidelines You should use the crypto certificate generate command in order to generate an HTTPS certificate Examples Co...

Page 515: ...isplays the HTTP server configuration Syntax show ip http Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the HTTP server configuration Console show ip http HTTP server enabled Port 80 Interactive timeout 10 minutes ...

Page 516: ...EC mode User Guidelines There are no user guidelines for this command Example The following example displays the HTTP server configuration Console show ip https HTTPS server enabled Port 443 Certificate 1 is not active Issued by C ST L CN 10 6 41 138 O OU Valid From Apr 30 20 51 54 2003 GMT Valid to Apr 29 20 51 54 2004 GMT Subject C ST L CN 10 6 41 138 O OU SHA1 Fingerprint B3536E86 9487B229 C0A4...

Page 517: ...ds show ip https SPS208G SPS224G4 SPS2024 Command Line Interface Reference Guide 515 35 Valid to Apr 29 22 16 01 2004 GMT Subject C ST L CN 10 6 41 138 O OU SHA1 Fingerprint 3DBDF89B 6B3E46A2 4255D023 42A361F2 90ED7042 ...

Page 518: ...aces running IEEE 802 1x Use the no form of this command to restore the default configuration Syntax aaa authentication dot1x default method1 method2 no aaa authentication dot1x default Parameters method1 method2 Specify at least one method from the following list Default Configuration No authentication method is defined Command Mode Global Configuration mode Keyword Description RADIUS Uses the li...

Page 519: ... command line The RADIUS server must support MD 5 challenge and EAP type frames Example The following example uses the aaa authentication dot1x default command with no authentication Console configure Console config aaa authentication dot1x default none dot1x system auth control The dot1x system auth control Global Configuration mode command enables 802 1x globally Use the no form of this command ...

Page 520: ...x port control Parameters auto Enables 802 1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802 1x authentication exchange between the port and the client force authorized Disables 802 1x authentication on the interface and causes the port to transition to the authorized state without any authentication exchange required The ...

Page 521: ...o end stations in order to get immediately to the forwarding state after successful authentication Example The following example enables 802 1x authentication on Ethernet port e16 Console config interface ethernet e16 Console config if dot1x port control auto dot1x re authentication The dot1x re authentication Interface Configuration mode command enables periodic re authentication of the client Us...

Page 522: ... interface ethernet e16 Console config if dot1x re authentication dot1x timeout re authperiod The dot1x timeout re authperiod Interface Configuration mode command sets the number of seconds between re authentication attempts Use the no form of this command to restore the default configuration Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod Parameters seconds Number of sec...

Page 523: ...re authentication attempts to 300 Console config interface ethernet e16 Console config if dot1x timeout re authperiod 300 dot1x re authenticate The dot1x re authenticate Privileged EXEC mode command manually initiates a re authentication of all 802 1x enabled ports or the specified 802 1x enabled port Syntax dot1x re authenticate ethernet interface Parameters interface Valid Ethernet port Default ...

Page 524: ...uration mode command sets the number of seconds that the device remains in the quiet state following a failed authentication exchange for example the client provided an invalid password Use the no form of this command to restore the default configuration Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period Parameters seconds Specifies the time in seconds that the device remains ...

Page 525: ...ds that the device remains in the quiet state following a failed authentication exchange to 3600 Console config interface ethernet e16 Console config if dot1x timeout quiet period 3600 dot1x timeout tx period The dot1x timeout tx period Interface Configuration mode command sets the number of seconds that the device waits for a response to an Extensible Authentication Protocol EAP request identity ...

Page 526: ...ple The following command sets the number of seconds that the device waits for a response to an EAP request identity frame to 3600 seconds Console config interface ethernet e16 Console config if dot1x timeout tx period 3600 dot1x max req The dot1x max req Interface Configuration mode command sets the maximum number of times that the device sends an Extensible Authentication Protocol EAP request id...

Page 527: ...ld be changed only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers Example The following example sets the number of times that the device sends an EAP request identity frame to 6 Console config interface ethernet e16 Console config if dot1x max req 6 dot1x timeout supp timeout The dot1x timeout supp timeou...

Page 528: ...conds Default Configuration Default timeout period is 30 seconds Command Mode Interface Configuration Ethernet mode User Guidelines The default value of this command should be changed only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers Example The following example sets the timeout period before retransmi...

Page 529: ...in seconds that the device waits for a response from the authentication server Range 1 65535 seconds Default Configuration The timeout period is 30 seconds Command Mode Interface Configuration Ethernet mode User Guidelines The actual timeout can be determined by comparing the dot1x timeout server timeout value and the result of multiplying the radius server retransmit value with the radius server ...

Page 530: ...ce Parameters interface Valid Ethernet port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the status of 802 1x enabled Ethernet ports Console show dot1x 802 1x is enabled Port Admin Mode Oper Mode Reauth Reauth Username Control Period e1 Auto Auth...

Page 531: ... Mode Reauth Reauth Username Control Period e3 Auto Unauthorized Ena 3600 Clark Quiet period 60 Seconds Tx period 30 Seconds Max req 2 Supplicant timeout 30 Seconds Server timeout 30 Seconds Session Time HH MM SS 08 19 17 MAC Address 00 08 78 32 98 78 Authentication Method Remote Termination Cause Supplicant logoff Authenticator State Machine State HELD Backend State Machine State IDLE Authenticat...

Page 532: ...te following a failed authentication exchange for example the client provided an invalid password Tx period The number of seconds that the device waits for a response to an Extensible Authentication Protocol EAP request identity frame from the client before resending the request Max req The maximum number of times that the device sends an Extensible Authentication Protocol EAP request frame assumi...

Page 533: ...ration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Termination Cause The reason for the session termination State The current value of the Authenticator PAE state machine and of the Backend state machine Authentication success The number of times the state machine received a Success message from the Authe...

Page 534: ... show dot1x statistics Privileged EXEC mode command displays 802 1x statistics for the specified interface Syntax show dot1x statistics ethernet interface Field Description Port The port number Username The username representing the identity of the Supplicant This field shows the username in case the port control is auto If the port is Authorized it shows the username of the current user If the po...

Page 535: ...es for this command Example The following example displays 802 1x statistics for the specified interface Console show dot1x statistics ethernet e1 EapolFramesRx 11 EapolFramesTx 12 EapolStartFramesRx 12 EapolLogoffFramesRx 1 EapolRespIdFramesRx 3 EapolRespFramesRx 6 EapolReqIdFramesTx 3 EapolReqFramesTx 6 InvalidEapolFramesRx 0 EapLengthErrorFramesRx 0 LastEapolFrameVersion 1 LastEapolFrameSource ...

Page 536: ...or EapolRespFramesRx The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator EapolReqIdFramesTx The number of EAP Req Id frames that have been transmitted by this Authenticator EapolReqFramesTx The number of EAP Request frames other than Rq Id frames that have been transmitted by this Authenticator InvalidEapolFramesRx The number of EAPOL fra...

Page 537: ...not req no dot1x auth not req Default Configuration Access is enabled Command Mode Interface Configuration VLAN mode User Guidelines An access port cannot be a member in an unauthenticated VLAN The native VLAN of a trunk port cannot be an unauthenticated VLAN For a general port the PVID can be an unauthenticated VLAN although only tagged packets are accepted in the unauthorized state Example The f...

Page 538: ...ns Default Configuration Multiple hosts are disabled Command Mode Interface Ethernet Configuration mode User Guidelines This command enables attaching multiple clients to a single 802 1X enabled port If this command is used without the authentication keyword only one of the attached hosts must be successfully authorized for all hosts to be granted network access If the port becomes unauthorized al...

Page 539: ...users who have not yet sent logoff Example The following command enables multiple hosts clients on an 802 1x authorized port Console config interface ethernet e16 Console config if dot1x multiple hosts dot1x radius attributes vlan Use the dot1x radius attributes vlan interface configuration command to enable user based VLAN assignment Use the no form of this command to disable user based VLAN assi...

Page 540: ...ce Use the no form of this command to restore the default configuration Syntax dot1x single host violation forward discard discard shutdown trap seconds o dot1x single host violation Parameters forward Specifies that each station should be 802 1x authenticated This mode is also called multiple sessions discard Discards frames with source addresses that are not the supplicant address discard shutdo...

Page 541: ...essage with a MAC address that is not the supplicant MAC address causes a shutdown in discard shutdown mode for GE ports and is not discarded for FE ports Example The following command shuts down port e5 upon an unsuccessful authentication attempt on the port Console config interface ethernet 5 Console config if dot1x single host violation discard shutdown dot1x bpdu Use the dot1x bpdu global conf...

Page 542: ... Usage Guidelines According to IEEE802 1 standards the 802 1X BPDUs should never be forwarded The 802 1X BPDUs should be handled by the software in case 802 1X is enabled on the ingress port or discarded in all other cases This feature enables to bridge 802 1X BPDUs packets as data packets The feature can be enabled only when 802 1X is globally disabled by the no dot1x system auth control global c...

Page 543: ...en 802 1x is globally disabled Syntax show dot1x bpdu Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Modes EXEC User Guidelines There are no user guidelines for this command Examples Switch show dot1x bpdu 802 1X BPDU packets are trapped for the 802 1X protocol Switch show dot1x bpdu 802 1X BPDU packets are filtered ...

Page 544: ...ault Configuration No VLAN is defined as a guest VLAN Command Mode Interface Configuration VLAN mode User Guidelines Use the dot1x guest vlan enable Interface Configuration mode command to enable unauthorized users on an interface to access the guest VLAN If the guest VLAN is defined and enabled the port automatically joins the guest VLAN when the port is unauthorized and leaves it when the port b...

Page 545: ...ace Configuration mode command enables unauthorized users on the interface access to the Guest VLAN Use the no form of this command to disable access Syntax dot1x guest vlan enable no dot1x guest vlan enable Default Configuration Disabled Command Mode Interface Configuration Ethernet mode User Guidelines A device can have only one global guest VLAN The guest VLAN is defined using the dot1x guest v...

Page 546: ...sable MAC authentication Syntax dot1x mac authentication mac only mac and 802 1x no dot1x mac authentication Parameters mac only Enable authentication based on the station s MAC address only 802 1X frames are ignored mac and 802 1x Enable 802 1X authentication and MAC address authentication on the interface Default Configuration The default configuration is disabled Command Mode Interface configur...

Page 547: ...address with and in the RADIUS server Example The following example enable authentication based on the station s MAC address Use the no form of this command to disable MAC authentication Console configure Console config interface ethernet e1 Console config if dot1x mac authentication show dot1x advanced The show dot1x advanced Privileged EXEC mode command displays 802 1x advanced features for the ...

Page 548: ...2 1x advanced features for the device Console show dot1x advanced Guest VLAN 3978 Unauthenticated VLANs 91 92 Interface Multiple Guest MAC VLAN Hosts VLAN Authentication Assignment e1 Disabled Enabled MAC and 802 1X Enabled e2 Enabled Enabled MAC and 802 1X Enabled Console show dot1x advanced ethernet e1 Guest VLAN 2 Unauthenticated VLANs 91 92 Interface Guest VLANS e1 Enabled Trap Enabled Trap fr...

Page 549: ...h alias names are defined in the native command s description in this guide NOTE Alias names are supported by the SPS208G SPS224G4 and SPS2024 switches Native Command Alias Command copy running config startup config write wr configure configure terminal show bridge address table show mac address table show interfaces configuration interface show interfaces show ip dhcp information option show ip d...

Page 550: ...ot require it If you use an older web browser you may have to add http in front of the web address Related Documentation For additional information about the Ethernet switches see the SPS208G SPS224G4 SPS2024 Ethernet Switches Administration Guide Resource Link Cisco Partner Central requires partner registration and login www cisco com web partners sell smb Cisco Small Medium Business Product Info...

Page 551: ...this product is available on Cisco com at the following location www cisco com go smallbiz Warranty Warranty information that applies to this product is available on Cisco com at the following location www cisco com go smallbiz End User License Agreement EULA Licensing information that applies to this product is available on Cisco com at the following location www cisco com go smallbiz ...

Page 552: ...S208G SPS224G4 SPS2024 Command Line Interface Reference Guide 550 Support Contacts Support contact information for this product is available on Cisco com at the following location www cisco com go smallbiz ...

Reviews:

No comments