w w w . d e l l . c o m | s u p p o r t . d e l l . c o m
Dell™ PowerConnect™ 3400 Series
CLI Reference Guide
Page 1: ...w w w d e l l c o m s u p p o r t d e l l c o m Dell PowerConnect 3400 Series CLI Reference Guide ...
Page 2: ...rmation in this document is subject to change without notice 2006 Dell Inc All rights reserved Reproduction in any manner whatsoever without the written permission of Dell Inc is strictly forbidden Trademarks used in this text Dell the DELL logo and PowerConnect are trademarks of Dell Inc Other trademarks and trade names may be used in this document to refer to either the entities claiming the mar...
Page 3: ...ds 29 DHCP Filtering Commands 29 Ethernet Configuration Commands 29 GVRP Commands 31 IGMP Snooping Commands 31 IP Addressing 32 LACP Commands 33 LLDP Commands 34 Line Commands 35 Management ACL Commands 35 PHY Diagnostics Commands 36 Port Channel Commands 36 Port Monitor Commands 36 Power over Ethernet Commands 37 QoS Commands 37 Radius Commands 38 RMON Commands 38 SNMP Commands 39 ...
Page 4: ... 49 IC Interface Configuration Mode 53 LC Line Configuration Mode 56 MA Management Access level Mode 56 MC MST Configuration Mode 57 ML MAC Access List Mode 57 PE Privileged EXEC Mode 57 SP SSH Public Key Mode 60 UE User EXEC Mode 60 VC VLAN Configuration Mode 62 3 Using the CLI CLI Command Modes 63 Introduction 63 User EXEC Mode 64 Privileged EXEC Mode 65 Global Configuration Mode 66 Interface Co...
Page 5: ...ntication login 73 aaa authentication enable 74 login authentication 75 enable authentication 76 ip http authentication 77 ip https authentication 78 show authentication methods 79 password 80 enable password 81 username 81 passwords min length 82 passwords aging 83 password aging 84 passwords history 85 passwords history hold time 85 passwords lockout 86 aaa login history file 87 set username act...
Page 6: ...sts 97 6 Address Table Commands bridge address 99 bridge multicast filtering 100 bridge multicast address 101 bridge multicast forbidden address 102 bridge multicast forward all 103 bridge multicast forbidden forward all 104 bridge aging time 105 clear bridge 105 port security 106 port security mode 107 port security max 108 port security routed secure address 108 show bridge address table 109 sho...
Page 7: ...19 clock timezone 120 clock summer time 121 sntp authentication key 123 sntp authenticate 123 sntp trusted key 124 sntp client poll timer 125 sntp broadcast client enable 125 sntp anycast client enable 126 sntp client enable Interface 126 sntp unicast client enable 127 sntp unicast client poll 128 sntp server 129 show clock 130 show sntp configuration 131 show sntp status 132 8 Configuration and I...
Page 8: ...g 145 show bootvar 146 9 DHCP Filtering ip dhcp filtering vlan 147 ip dhcp filtering trust 147 show ip dhcp filtering 148 10 Ethernet Configuration Commands interface ethernet 151 interface range ethernet 151 shutdown 152 description 153 speed 154 duplex 155 negotiation 156 flowcontrol 156 mdix 157 back pressure 158 clear counters 158 ...
Page 9: ...storm control broadcast rate 170 show ports storm control 170 11 GVRP Commands gvrp enable Global 173 gvrp enable Interface 173 garp timer 174 gvrp vlan creation forbid 175 gvrp registration forbid 176 clear gvrp statistics 176 show gvrp configuration 177 show gvrp statistics 178 show gvrp error statistics 179 12 IGMP Snooping Commands ip igmp snooping Global 181 ip igmp snooping Interface 181 ip ...
Page 10: ...g groups 187 13 IP Addressing Commands ip address 189 ip address dhcp 190 ip default gateway 191 show ip interface 191 arp 192 arp timeout 193 clear arp cache 194 show arp 194 ip domain lookup 195 ip domain name 196 ip name server 196 ip host 197 clear host 198 clear host dhcp 198 show hosts 199 14 LACP Commands lacp system priority 201 lacp port priority 201 lacp timeout 202 ...
Page 11: ...e 210 terminal history 211 terminal history size 212 show line 212 16 LLDP Commands lldp enable global 215 lldp enable interface 215 lldp timer 216 lldp hold multiplier 217 lldp reinit delay 217 lldp tx delay 218 lldp optional tlv 219 lldp management address 219 clear lldp rx 220 show lldp configuration 221 show lldp local 221 show lldp neighbors 222 ...
Page 12: ...ommands test copper port tdr 231 show copper ports tdr 231 show copper ports cable length 232 show fiber ports optical transceiver 233 19 Port Channel Commands interface port channel 235 interface range port channel 235 channel group 236 show interfaces port channel 237 20 Port Monitor Commands port monitor 239 port monitor vlan tagging 240 show ports monitor 240 21 Power over Ethernet Commands po...
Page 13: ... qos 251 priority queue out num of queues 252 show qos interface 253 wrr queue cos map 254 qos map dscp queue 255 qos trust Global 255 qos trust Interface 256 qos cos 257 show qos map 258 23 Radius Commands radius server host 259 radius server key 260 radius server retransmit 261 radius server source ip 261 radius server timeout 262 radius server deadtime 263 show radius servers 263 ...
Page 14: ...ent 276 show rmon events 277 show rmon log 278 rmon table size 279 25 SNMP Commands snmp server community 281 snmp server view 282 snmp server group 284 snmp server user 285 snmp server engineID local 287 snmp server enable traps 288 snmp server filter 289 snmp server host 290 snmp server v3 host 291 snmp server trap authentication 292 snmp server contact 293 snmp server location 293 snmp server s...
Page 15: ...e 305 spanning tree max age 305 spanning tree priority 306 spanning tree disable 307 spanning tree cost 307 spanning tree port priority 308 spanning tree portfast 309 spanning tree link type 310 spanning tree pathcost method 310 spanning tree bpdu 311 clear spanning tree detected protocols 312 spanning tree mst priority 312 spanning tree mst max hops 313 spanning tree mst port priority 314 spannin...
Page 16: ...ssh server 337 crypto key generate dsa 338 crypto key generate rsa 339 ip ssh pubkey auth 339 crypto key pubkey chain ssh 340 user key 341 key string 342 show ip ssh 344 show crypto key mypubkey 345 show crypto key pubkey chain ssh 346 crypto slogin key generate dsa 347 crypto slogin key generate rsa 347 show crypto slogin key mypubkey 348 28 Syslog Commands logging on 351 logging 351 ...
Page 17: ...aaa logging 356 file system logging 357 management logging 358 show logging 358 show logging file 360 show syslog servers 362 29 System Management ping 365 traceroute 367 telnet 369 resume 372 reload 373 hostname 374 stack master 374 stack reload 375 stack display order 376 show stack 376 show users 378 show sessions 379 show system 380 ...
Page 18: ...n 384 30 TACACS Commands tacacs server host 385 tacacs server key 386 tacacs server timeout 387 tacacs server source ip 387 show tacacs 388 31 User Interface enable 391 disable 391 login 392 configure 393 exit Configuration 393 exit 394 end 395 help 395 terminal datadump 396 show history 397 show privilege 398 ...
Page 19: ...how vlan private vlan 408 switchport trunk allowed vlan 410 switchport trunk native vlan 410 switchport general allowed vlan 411 switchport general pvid 412 switchport general ingress filtering disable 413 switchport general acceptable frame type tagged only 413 switchport forbidden vlan 414 switchport customer vlan 415 ip internal usage vlan 415 mac to vlan 416 show vlan mac to vlan 417 show vlan...
Page 20: ...o certificate mycertificate 432 show ip http 433 show ip https 434 34 802 1x Commands aaa authentication dot1x 437 dot1x system auth control 438 dot1x port control 438 dot1x re authentication 439 dot1x timeout re authperiod 440 dot1x re authenticate 441 dot1x timeout quiet period 441 dot1x timeout tx period 442 dot1x max req 443 dot1x timeout supp timeout 444 dot1x timeout server timeout 444 show ...
Page 21: ...nts 21 show dot1x statistics 449 ADVANCED FEATURES 451 dot1x auth not req 451 dot1x multiple hosts 452 dot1x single host violation 452 dot1x guest vlan 453 dot1x guest vlan enable 454 show dot1x advanced 455 ...
Page 22: ...22 Contents ...
Page 23: ...voked The Setup Wizard guides you in setting up a minimum configuration so that the device can be managed from the Web Based Interface Refer to the Getting Started Guide and User Guide for more information on the Setup Wizard This guide describes how the Command Line Interface CLI is structured describes the command syntax and describes the command functionality This guide also provides informatio...
Page 24: ...ormation PHY Diagnostics Diagnoses and displays the interface status Port Channel Configures and displays Port Channel information Port Monitor Monitors activity on specific target ports QoS Configures and displays QoS information RADIUS Configures and displays RADIUS information RMON Displays RMON statistics SNMP Configures SNMP communities traps and displays SNMP information Spanning Tree Config...
Page 25: ...password Specifies a password on a line Line Configuration enable password Sets a local password to control access to normal and privilege levels Global Configuration username Establishes a username based authentication system Global Configuration passwords min length Sets the minimum required length for passwords in the local database Global Configuration passwords aging Sets the expiration time ...
Page 26: ...terface Interface VLAN Configuration show access lists Displays ACLs defined on the device Privileged EXEC show interfaces access lists Displays access lists applied on interfaces Privileged EXEC Command Group Description Access Mode bridge address Adds a static MAC layer station source address to the bridge table Interface VLAN Configuration bridge multicast filtering Enables filtering of multica...
Page 27: ...addresses to a routed port Interface Configuration show bridge address table Displays all entries in the bridge forwarding database Privileged EXEC show bridge address table static Displays statically created entries in the bridge forwarding database Privileged EXEC show bridge address table count Displays the number of addresses present in the bridge forwarding database Privileged EXEC show bridg...
Page 28: ...the Simple Network Time Protocol SNTP client Global Configuration sntp broadcast client enable Enables the Simple Network Time Protocol SNTP broadcast clients Global Configuration sntp anycast client enable Enables anycast clients Global Configuration sntp client enable Interface Enables the Simple Network Time Protocol SNTP client on an interface Interface Configuration sntp unicast client enable...
Page 29: ...he currently running configuration file Privileged EXEC show startup config Displays the startup configuration file contents Privileged EXEC show bootvar Displays the active system image file that the device loads at startup Privileged EXEC Command Group Description Access Mode ip dhcp filtering vlan Enable filtering of DHCP requests on a VLAN Global Configuration ip dhcp filtering trust Configure...
Page 30: ...iguration clear counters Clears statistics on an interface User EXEC set interface active Reactivates an interface that was suspended by the system Privileged EXEC show interfaces advertise Displays auto negotiation advertisement data Privileged EXEC show interfaces configuration Displays the configuration for all interfaces Privileged EXEC show interfaces status Displays the status for all interf...
Page 31: ...formation User EXEC show gvrp statistics Displays GVRP statistics User EXEC show gvrp error statistics Displays GVRP error statistics User EXEC Command Group Description Access Mode ip igmp snooping Global Enables Internet Group Management Protocol IGMP snooping Global Configuration ip igmp snooping Interface Enables Internet Group Management Protocol IGMP snooping on a specific VLAN Interface VLA...
Page 32: ...obal Configuration clear arp cache Deletes all dynamic entries from the ARP cache Privileged EXEC show arp Displays entries in the ARP table Privileged EXEC ip domain lookup Enables the IP Domain Naming System DNS based host name to address translation Global Configuration ip domain name Defines a default domain name that the software uses to complete unqualified host names Global Configuration ip...
Page 33: ... LACP priority Global Configuration lacp port priority Configures the priority value for physical ports Interface Configuration lacp timeout Assigns an administrative LACP timeout Interface Configuration show lacp ethernet Displays LACP information for Ethernet ports Privileged EXEC show lacp port channel Displays LACP information for a port channel Privileged EXEC ...
Page 34: ...izing LLDP transmission Global configuration lldp tx delay Specifies the delay between successive LLDP frame transmissions initiated by value status changes in the LLDP local systems MIB Global configuration lldp optional tlv Specifies which optional TLVs from the basic set should be transmitted Interface configuration Ethernet lldp management address Specifies the management address that would be...
Page 35: ...fer size for a particular line Line Configuration terminal history Enables the command history function for the current terminal session User EXEC terminal history size Configures the command history buffer size for the current terminal session User EXEC show line Displays line parameters User EXEC Command Group Description Access Mode management access list Defines a management access list and en...
Page 36: ...EXEC show fiber ports optical transceiver Displays the optical transceiver diagnostics Privileged EXEC Command Group Description Access Mode interface port channel Enters the interface configuration mode of a specific port channel Global Configuration interface range port channel Enters the interface configuration mode to configure multiple port channels Global Configuration channel group Associat...
Page 37: ...erface Global Configuration show power inline Displays port monitoring status User EXEC Command Group Description Access Mode qos Enables quality of service QoS on the device and enters QoS basic mode Global Configuration show qos Displays the QoS status User EXEC wrr queue cos map Maps assigned CoS values to select one of the egress queues Global Configuration priority queue out num of queues Con...
Page 38: ...adius server deadtime Improves RADIUS response times when servers are unavailable Global Configuration show radius servers Displays the RADIUS server settings Privileged EXEC Command Group Description Mode show rmon statistics Displays RMON Ethernet Statistics User EXEC rmon collection history Enables a Remote Monitoring RMON MIB history statistics group on an interface Interface Configuration sho...
Page 39: ...ion snmp server host Specifies an SNMP notification recipient Global Configuration snmp server v3 host Specifies an SNMP v3 notification recipient Global Configuration snmp server trap authentication Enables the device to send Simple Network Management Protocol traps when authentication failed Global Configuration snmp server contact Sets up a system contact Global Configuration snmp server locati...
Page 40: ...res the spanning tree path cost for a port Interface Configuration spanning tree port priority Configures port priority Interface Configuration spanning tree portfast Enables PortFast mode Interface Configuration spanning tree link type Overrides the default link type setting Interface Configuration spanning tree pathcost method Sets the default path cost method Global Configuration spanning tree ...
Page 41: ...Configuration show spanning tree Displays spanning tree configuration Privileged EXEC spanning tree guard root Enables root guard on all the spanning tree instances in the interface Interface Configuration Command Group Description Access Mode ip ssh port Specifies the port to be used by the SSH server Global Configuration ip ssh server Enables the device to be configured from a SSH server Global ...
Page 42: ...logging console Limits messages logged to the console based on severity Global Configuration logging buffered Limits syslog messages displayed from an internal buffer based on severity Global Configuration logging buffered size Changes the number of syslog messages stored in the internal buffer Global Configuration clear logging Clears messages from the internal logging buffer Privileged EXEC logg...
Page 43: ...nfiguration stack master Forces selection of a stack master Global Configuration stack reload Reloads stack members Privileged EXEC stack display order Configures the display order of the units in a stack Global Configuration show stack Displays information about stack status User EXEC show users Displays information about the active users User EXEC show sessions Lists the open Telnet sessions Use...
Page 44: ... for a TACACS servers Privileged EXEC Command Group Description Access Mode enable Enters the privileged EXEC mode User EXEC disable Returns to User EXEC mode Privileged EXEC login Changes a login username Priv User EXEC configure Enables the global configuration mode Privileged EXEC exit Configuration Exits any configuration mode to the next highest mode in the CLI mode hierarchy All exit Closes ...
Page 45: ...VLAN Configuration switchport mode Configures the VLAN membership mode of a port Interface Configuration switchport access vlan Configures the VLAN ID when the interface is in access mode Interface Configuration switchport private vlan Defines the private vlan port VLANs Interface Configuration show vlan private vlan Displays information about private VLANs Privileged EXEC switchport trunk allowed...
Page 46: ...ernal usage Displays a list of VLANs used internally by the device Privileged EXEC show interfaces switchport Displays switchport configuration Privileged EXEC Command Group Description Access Mode ip http server Enables the device to be configured from a browser Global Configuration ip http port Specifies the TCP port for use by a web browser to configure the device Global Configuration ip https ...
Page 47: ...nually initiates a re authentication of all 802 1x enabled ports or the specified 802 1x enabled port Privileged EXEC dot1x timeout quiet period Sets the number of seconds that the device remains in the quiet state following a failed authentication exchange Interface Configuration dot1x timeout tx period Sets the number of seconds that the device waits for a response to an Extensible Authenticatio...
Page 48: ...ts clients on an 802 1x authorized port that has the dot1x port control Interface Configuration mode command set to auto Interface Configuration dot1x single host violation Configures the action to be taken when a station whose MAC address is not the supplicant MAC address attempts to access the interface Interface Configuration dot1x guest vlan Defines a guest VLAN Interface Configuration dot1x g...
Page 49: ...ging time Sets the address table aging time bridge multicast filtering Enables filtering of multicast addresses clock source Configures an external time source for the system clock clock timezone Sets the time zone for display purposes clock summer time Configures the system to automatically switch to summer time daylight saving time crypto certificate generate Generates a HTTPS certificate crypto...
Page 50: ...e interface configuration VLAN mode ip default gateway Defines a default gateway ip domain lookup Enables the IP Domain Naming System DNS based host name to address translation ip domain name Defines a default domain name that the software uses to complete unqualified host names ip host Defines static host name to address mapping in the host cache ip http authentication Specifies authentication me...
Page 51: ...onfiguration management logging Enables logging management access list events passwords aging Sets the expiration time for passwords in the local database passwords history Sets the number of required password changes before a password in the local database can be reused passwords history hold time Sets the number of days a password is relevant for tracking its password history passwords lockout S...
Page 52: ...act Sets up a system contact snmp server enable traps Enables the device to send SNMP traps or SNMP notifications snmp server engineID local Specifies an SNMP EngineID on the local device snmp server filter Creates and modifies filter entries snmp server group Configures a new SNMP group or a table that maps SNMP users to SNMP views snmp server host Specifies the recipient of Simple Network Manage...
Page 53: ... pathcost method spanning tree priority Configures the spanning tree priority stack display order Configures the display order of the units in a stack stack master Forces selection of a stack master tacacs server key Sets the authentication encryption key used for all TACACS communications between the device and the TACACS daemon tacacs server source ip Specifies the source IP address that will be...
Page 54: ...d Sets the number of seconds between re authentication attempts dot1x timeout server timeout Sets the time for the retransmission of packets to the authentication server dot1x timeout supp timeout Sets the time for the retransmission of an EAP request frame to the client dot1x timeout tx period Sets the number of seconds that the device waits for a response to an Extensible Authentication Protocol...
Page 55: ...rt security learning mode port security routed secure address Adds MAC layer secure addresses to a routed port port storm control broadcast enable Enables broadcast storm control port storm control broadcast rate Configures the maximum broadcast rate port storm control include multicast Enables the device to count multicast packets private vlan community Associates the primary VLAN and community V...
Page 56: ...gotiation switchport private vlan Defines the private vlan port VLANs Command Description autobaud Configures the line for automatic baud rate detection autobaud enable authentication Specifies the authentication method list when accessing a higher privilege level from a remote telnet or console history Enables the command history function history size Configures the command history buffer size fo...
Page 57: ...stem image that the device loads at startup clear arp cache Deletes all dynamic entries from the ARP cache clear bridge Removes any learned entries from the forwarding database clear gvrp statistics Clears all the GVRP statistics information clear host Deletes entries from the host name to address cache clear host dhcp Deletes entries from the host name to address mapping received from Dynamic Hos...
Page 58: ...e show arp Displays entries in the ARP table show authentication methods Displays information about the authentication methods show bootvar Displays the active system image file that the device loads at startup show bridge address table Displays all entries in the bridge forwarding database show bridge address table count Displays the number of addresses present in all VLANs or at specific VLAN sh...
Page 59: ...s configured for IP show ip ssh Displays the SSH server configuration show logging Displays the state of logging and the syslog messages stored in the internal buffer show logging file Displays the state of logging and the syslog messages stored in the logging file show management access class Displays the active management access list show management access list Displays management access lists s...
Page 60: ...s information about private VLANs stack reload Reloads stack members test copper port tdr Diagnoses with TDR Time Domain Reflectometry technology the quality and characteristics of a copper cable attached to a port Command Description key string Manually specifies a SSH public key user key Specifies which SSH public key is manually configured and enters the SSH public key string configuration comm...
Page 61: ...ays port monitoring status show power inline Displays information about inline power show privilege Displays the current privilege level show qos Displays the QoS status show qos interface Assigns CoS values to select one of the egress queues show qos map Displays all the maps for QoS show rmon alarm Displays alarm configurations show rmon alarm table Displays the alarms table show rmon collection...
Page 62: ...ding a specific multicast address to specific ports bridge multicast forbidden forward all Enables forbidding forwarding of all multicast frames to a port bridge multicast forward all Enables forwarding of all multicast frames on a port ip igmp snooping Interface Enables Internet Group Management Protocol IGMP snooping on a specific VLAN ip igmp snooping host time out Configures the host time out ...
Page 63: ... into different command modes Each command mode has its own set of specific commands Entering a question mark at the system prompt console prompt displays a list of commands available for that particular command mode From each mode a specific command is used to navigate from one command mode to another The standard order to access the modes is as follows User EXEC mode Privileged EXEC mode Global ...
Page 64: ...a password is required The Privileged EXEC mode gives access to commands that are restricted on User EXEC mode and provides access to the device Configuration mode The Global Configuration mode manages the device configuration on a global level The Interface Configuration mode configures specific interfaces in the device User EXEC Mode After logging into the device the user is automatically in the...
Page 65: ...m the following steps 1 At the prompt enter the enable command and press Enter A password prompt appears 2 Enter the password and press Enter The password is displayed as The Privileged EXEC mode prompt is displayed The Privileged EXEC mode prompt consists of the device host name followed by To return from the Privileged EXEC mode to the User EXEC mode use the disable command The following example...
Page 66: ...wing example illustrates how to access the Global Configuration mode and return to the Privileged EXEC mode Interface Configuration Mode and Specific Configuration Modes Interface Configuration mode commands modify specific interface operations The following are the Interface Configuration modes Line Interface Contains commands to configure the management connections These include commands such as...
Page 67: ... mac access list Global Configuration mode command is used to enter the MAC access list configuration mode Starting the CLI The device can be managed over a direct connection to the device console port or via a Telnet connection The device is managed by entering command keywords and parameters at the prompt Using the device command line interface CLI is very similar to entering commands on a UNIX ...
Page 68: ...s specify configuration parameters For example in the command show interfaces status ethernet 1 e11 show interfaces and status are keywords ethernet is an argument that specifies the interface type and 1 e11 specifies the port To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config us...
Page 69: ...ly guides the user in setting up basic device information so that the device can be easily managed from a Web Based Interface Refer to the Getting Started Guide and User Guide for more information on the Setup Wizard Terminal Command Buffer Every time a command is entered in the CLI it is recorded on an internally managed Command History buffer Commands stored in the buffer are maintained on a Fir...
Page 70: ...ion An appropriate error message displays if the entered command is incomplete or invalid or has missing or invalid parameters This assists in entering the correct command Keyboard Shortcuts The CLI has a range of keyboard shortcuts to assist in editing the CLI commands The following table describes the CLI shortcuts Keyboard Key Description Up arrow key Recalls commands from the history buffer be...
Page 71: ...for the flowcontrol command either auto on or off must be selected Italic font Indicates a parameter Enter Indicates an individual key on the keyboard For example Enter indicates the Enter key Ctrl F4 Any combination of keys pressed simultaneously on the keyboard Screen Display Indicates system messages and prompts appearing on the console all When a parameter is required to define a range of port...
Page 72: ...72 Using the CLI w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 73: ... of authentication methods activated when a user logs in Range 1 12 characters method1 method2 Specify at least one from the following table Default Configuration The local user database is checked This has the same effect as the command aaa authentication login default local NOTE On the console login succeeds without any authentication check if the authentication method is not defined Command Mod...
Page 74: ...ws Authentication is attempted at the RADIUS server If the RADIUS server is not available authentication is attempted at the local user database If there is no database then no authentication is performed aaa authentication enable The aaa authentication enable Global Configuration mode command defines authentication method lists for accessing higher privilege levels To return to the default config...
Page 75: ... the authentication succeeds even if all methods return an error specify none as the final method in the command line All aaa authentication enable default requests sent by the device to a RADIUS or TACACS server include the username enabx where x is the requested privilege level Example The following example sets the enable password for authentication when accessing higher privilege levels login ...
Page 76: ...he following example specifies the default authentication method for a console enable authentication The enable authentication Line Configuration mode command specifies the authentication method list when accessing a higher privilege level from a remote telnet or console To return to the default configuration specified by the aaa authentication enable command use the no form of this command Syntax...
Page 77: ...ault configuration use the no form of this command Syntax ip http authentication method1 method2 no ip http authentication method1 method2 Specify at least one from the following table Default Configuration The local user database is checked This has the same effect as the command ip http authentication local Command Mode Global Configuration mode Console config line console Console config line en...
Page 78: ...d Syntax ip https authentication method1 method2 no ip https authentication method1 method2 Specify at least one from the following table Default Configuration The local user database is checked This has the same effect as the command ip https authentication local Command Mode Global Configuration mode User Guidelines The additional methods of authentication are used only if the previous method re...
Page 79: ...cation methods Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the authentication configuration Console config ip https authentication radius local Console sh authentication methods Login Authentication Method Lists Console_Default None Network_Defa...
Page 80: ...aracters encrypted Encrypted password to be entered copied from another device configuration Default Configuration No password is defined Command Mode Line Configuration mode User Guidelines If a password is defined as encrypted the required password length is 32 characters Example The following example specifies password secret on a console Line Login Method List Enable Method List Console Defaul...
Page 81: ...uration Default Configuration No enable password is defined Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets local level 15 password secret to control access to privilege levels username The username Global Configuration mode command creates a user account in the local database To remove a user name use the no f...
Page 82: ...ment use the no form of this command Syntax passwords min length length no passwords min length length The minimum length required for passwords Range 8 64 characters Default Configuration No minimum password length Command Mode Global Configuration mode User Guidelines Relevant to local user passwords line passwords and enable passwords The software checks the password length when an unencrypted ...
Page 83: ...nge 1 20 characters level The level to which the password applies Range 1 15 Default Configuration No password expiration time Command Mode Global Configuration mode User Guidelines Relevant to local user passwords line passwords and enable passwords The password expiration date is calculated from the day the password is defined and not from the day aging time is defined Ten days before the passwo...
Page 84: ...nfiguration No password expiration time Command Mode Line Configuration mode User Guidelines The password expiration date is calculated from the day the password is defined and not from the day aging time is defined Ten days before the password expiration date the user receives a warning to change the password within n days These warnings continue until the password expiration date After the passw...
Page 85: ...nable passwords Password history is not checked during the configuration download Password history is saved even if the feature is disabled A user s password history is saved as long as the user is defined If the user enters a password that is identical to the previously used one the password is not included in the password history count This is required to enable the user to modify privilege leve...
Page 86: ...er of days a password is relevant for tracking purposes may make a password that is no longer relevant for tracking purposes relevant again Example The following example configures the number of days that a password is relevant for tracking its password history to 120 passwords lockout The passwords lockout Global Configuration mode command sets the number of failed login attempts before a user ac...
Page 87: ... a user account is locked to 3 aaa login history file The aaa login history file Global Configuration mode command enables writing to the login history file To disable writing to the file use the no form of this command Syntax aaa login history file no aaa login history file Default Configuration Writing to the login history file is enabled Command Mode Global Configuration mode User Guidelines Th...
Page 88: ...n be reactivated from the local console A different user with privilege level 15 can reactivate a locked user account from any remote or local connection Example The following example reactivates a suspended user with username bob set line active The set line active Privileged EXEC mode command reactivates a locked line Syntax set line console telnet ssh active console Console terminal line telnet...
Page 89: ...vel active level The user level Range 1 15 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example reactivates a locked level 15 enable password show passwords configuration The show passwords configuration Privileged EXEC mode command displays information about pas...
Page 90: ...mmand Example The following example displays information about password management in the local database Console show passwords configuration Minimal length 8 History 10 History hold time 365 days Lock out Disabled Enable Passwords Level Aging Expiry date Lockout 1 90 Jan 18 2005 1 15 90 Jan 18 2005 0 Line Passwords Level Aging Expiry date Lockout Console Telnet 90 Jan 18 2005 LOCKOUT SSH 90 Jan 2...
Page 91: ...equired for passwords in the local database History Number of required passwords changes before a password in the local database can be reused History hold time Period of time that a password is relevant for tracking password history Lockout control Control locking a user account after a series of authentication failures Enable passwords Describes the configuration and status of a local password w...
Page 92: ... Syntax show users accounts Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show users login history Login Time Username Protocol Location Jan 18 2004 23 58 17 Robert HTTP 172 16 1 8 Jan 19 2004 07 59 23 Robert HTTP 172 16 0 8 Jan 19 2004 08 23 48 Bob Serial Jan 19 2004 08 29 29 ...
Page 93: ...e Password Aging Password Expiry date Lockout Bob 1 120 Jan 21 2005 Admin 15 120 Jan 21 2005 Field Description Username Name of the user Privilege User s privilege level Password Aging User s password expiration time in days Password Expiry Date Expiration date of the user s password Lockout If lockout control is enabled specifies the number of failed authentication attempts since the user last lo...
Page 94: ...94 AAA Commands w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 95: ...ult Configuration The default for all ACLs is permit all Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example shows how to create a MAC ACL deny MAC The deny MAC Access List Configuration mode command denies traffic if the conditions defined in the deny statement match Syntax deny destination destination Specifies the MA...
Page 96: ...e Example The following example shows how to create a MAC ACL with rules service acl The service acl Interface VLAN Configuration mode command applies an ACL to the input interface To detach an ACL from an input interface use the no form of this command Syntax service acl input acl name no service acl input acl name Specifies the ACL to be applied to the input interface Default Configuration This ...
Page 97: ...and has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays the access lists show interfaces access lists The show interfaces access lists Privileged EXEC mode command displays access lists applied on interfaces Syntax show interfaces access lists vlan vlan id vlan id VLAN number Console co...
Page 98: ...fault Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays an ACLs applied on the device interfaces Console show interfaces access lists Interface Input ACL VLAN 2 ACL1 VLAN 10 ACL3 ...
Page 99: ...t port port channel number A valid port channel number permanent The address can only be deleted by the no bridge address command delete on reset The address is deleted after reset delete on timeout The address is deleted after age out time has expired secure The address is deleted after the port changes mode to unlock learning no port security command This parameter is only available when the por...
Page 100: ...ge multicast filtering Default Configuration Filtering multicast addresses is disabled All multicast addresses are flooded to all ports Command Mode Global Configuration mode User Guidelines If multicast routers exist on the VLAN do not change the unregistered multicast addresses state to drop on the switch ports If multicast routers exist on the VLAN and IGMP snooping is not enabled use the bridg...
Page 101: ...ed this is the default option remove Removes ports from the group mac multicast address A valid MAC multicast address ip multicast address A valid IP multicast address interface list Separate non consecutive Ethernet ports with a comma and no spaces a hyphen is used to designate a range of ports port channel number list Separate non consecutive port channels with a comma and no spaces a hyphen is ...
Page 102: ...icast forbidden address mac multicast address ip multicast address add Adds ports to the group remove Removes ports from the group mac multicast address A valid MAC multicast address ip multicast address A valid IP multicast address interface list Separate non consecutive Ethernet ports with a comma and no spaces hyphen is used to designate a range of ports port channel number list Separate non co...
Page 103: ...icast forward all add Force forwarding all multicast packets remove Do not force forwarding all multicast packets interface list Separate non consecutive Ethernet ports with a comma and no spaces a hyphen is used to designate a range of ports port channel number list Separate non consecutive port channels with a comma and no spaces a hyphen is used to designate a range of port channels Default Con...
Page 104: ...Forbids forwarding all multicast packets remove Does not forbid forwarding all multicast packets interface list Separates non consecutive Ethernet ports with a comma and no spaces a hyphen is used to designate a range of ports port channel number list Separates non consecutive port channels with a comma and no spaces a hyphen is used to designate a range of port channels Default Configuration This...
Page 105: ...conds Time in seconds Range 10 3825 seconds Default Configuration The default setting is 300 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example In this example the bridge aging time is set to 250 clear bridge The clear bridge Privileged EXEC mode command removes any learned entries from the forwarding database Syntax clear bridge De...
Page 106: ...Syntax port security forward discard discard shutdown trap seconds no port security forward Forwards packets with unlearned source addresses but does not learn the address discard Discards packets with unlearned source addresses This is the default if no option is indicated discard shutdown Discards packets with unlearned source addresses The port is also shut down seconds Sends SNMP traps and def...
Page 107: ...rity mode lock Saves the current dynamic MAC addresses associated with the port and disables learning relearning and aging max addresses Deletes the current dynamic MAC addresses associated with the port Learns up to the maximum addresses allowed on the port Relearning and aging are enabled Default Configuration This setting is disabled Command Mode Interface Configuration Ethernet port channel mo...
Page 108: ...ult setting is 1 address Command Mode Interface Configuration Ethernet port channel mode User Guidelines This command is only relevant in dynamic learning modes Example In this example the maximum number of addresses that are learned on port 1 e7 before it is locked is set to 20 port security routed secure address The port security routed secure address Interface Configuration Ethernet port channe...
Page 109: ...urity mode or is not a routed port Example In this example the MAC layer address 66 66 66 66 66 66 is added to port 1 e1 show bridge address table The show bridge address table Privileged EXEC mode command displays all entries in the bridge forwarding database Syntax show bridge address table vlan vlan ethernet interface port channel port channel number vlan Specifies a valid VLAN such as VLAN 1 i...
Page 110: ...tries in the bridge forwarding database are displayed show bridge address table static The show bridge address table static Privileged EXEC mode command displays statically created entries in the bridge forwarding database Syntax show bridge address table static vlan vlan ethernet interface port channel port channel number vlan Specifies a valid VLAN such as VLAN 1 interface A valid Ethernet port ...
Page 111: ...yntax show bridge address table count vlan vlan ethernet interface number port channel port channel number vlan Specifies a valid VLAN such as VLAN 1 interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console sh...
Page 112: ... address ip multicast address format ip format mac vlan id A valid VLAN ID value mac multicast address A valid MAC multicast address ip multicast address A valid IP multicast address format ip mac Multicast address format Can be ip or mac If the format is unspecified the default is mac Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines...
Page 113: ...5e 02 02 03 static 1 e1 2 e2 19 01 00 5e 02 02 08 static 1 e1 e8 19 00 00 5e 02 02 08 dynamic 1 e9 e11 Forbidden ports for multicast addresses Vlan MAC Address Ports 1 01 00 5e 02 02 03 2 e8 19 01 00 5e 02 02 08 2 e8 Console show bridge multicast address table format ip Vlan IP MAC Address Type Ports 1 224 239 130 2 2 3 static 1 e1 2 e2 19 224 239 130 2 2 8 static 1 e1 8 19 224 239 130 2 2 8 dynam...
Page 114: ...ring vlan id vlan id VLAN ID value Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example the multicast configuration for VLAN 1 is displayed Console show bridge multicast filtering 1 Filtering Enabled VLAN 1 Port Forward Unregistered Forward All Static Status Static Sta...
Page 115: ...port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example all classes of entries in the port lock status are displayed Console show ports security Port Status Learning Action Maximum Trap Frequency 1 e1 Locked Dynamic Dis...
Page 116: ...hannel port channel number interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Field Description Port Port number Status Locked Unlocked Learning Learning mode Action Action on violation Maximum Maximum addresses...
Page 117: ...re displayed Console show ports security addresses Port Status Learning Current Maximum 1 e1 Disabled Lock 1 1 e2 Disabled Lock 1 1 e3 Enabled Max addresses 0 1 1 e4 Port is a member in port channel ch1 1 e5 Disabled Lock 1 1 e6 Enabled Max addresses 0 10 ch1 Enabled Max addresses 0 50 ch2 Enabled Max addresses 0 128 Console show ports security addresses ethernet 1 e1 Port Status Learning Current ...
Page 118: ...118 Address Table Commands w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 119: ...1 31 month Current month using the first three letters by name Jan Dec year Current year 2000 2097 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example sets the system time to 13 32 00 on the 7th March 2002 clock source The clock source Global Configuration mode ...
Page 120: ...e for the system clock clock timezone The clock timezone Global Configuration mode command sets the time zone for display purposes To set the time to the Coordinated Universal Time UTC use the no form of this command Syntax clock timezone hours offset minutes minutes offset zone acronym no clock timezone hours offset Hours difference from UTC Range 12 13 minutes offset Minutes difference from UTC ...
Page 121: ...lock summer time date date month year hh mm date month year hh mm offset offset zone acronym clock summer time date month date year hh mm month date year hh mm offset offset zone acronym no clock summer time recurring recurring Indicates that summer time should start and end on the corresponding specified days every year date Indicates that summer time should start on the first specific date liste...
Page 122: ...ing forms of the command the first part of the command specifies when summer time begins and the second part specifies when it ends All times are relative to the local time zone The start time is relative to standard time The end time is relative to summer time If the starting month is chronologically after the ending month the system assumes that you are in the southern hemisphere USA rule for da...
Page 123: ...Range 1 8 characters Default Configuration No authentication key is defined Command Mode Global Configuration mode User Guidelines Multiple keys can be generated Examples The following example defines the authentication key for SNTP sntp authenticate The sntp authenticate Global Configuration mode command grants authentication for received Simple Network Time Protocol SNTP traffic from servers To ...
Page 124: ... use the no form of this command Syntax sntp trusted key key number no sntp trusted key key number key number Key number of authentication key to be trusted Range 1 4294967295 Default Configuration No keys are trusted Command Mode Global Configuration mode User Guidelines The command is relevant for both received unicast and broadcast If there is at least 1 trusted key then unauthenticated message...
Page 125: ...nds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example sets the polling time for the Simple Network Time Protocol SNTP client to 120 seconds sntp broadcast client enable The sntp broadcast client enable Global Configuration mode command enables Simple Network Time Protocol SNTP broadcast clients To disable SNTP broadc...
Page 126: ...ault Configuration The SNTP anycast client is disabled Command Mode Global Configuration mode User Guidelines Polling time is determined by the sntp client poll timer Global Configuration mode command Use the sntp client enable Interface Interface Configuration mode command to enable the SNTP client on a specific interface Examples The following example enables SNTP anycast clients sntp client ena...
Page 127: ...enable anycast clients globally Examples The following example enables the SNTP client on Ethernet port 1 e3 sntp unicast client enable The sntp unicast client enable Global Configuration mode command enables the device to use the Simple Network Time Protocol SNTP to request and accept SNTP traffic from servers To disable requesting and accepting SNTP traffic from servers use the no form of this c...
Page 128: ...ration mode command enables polling for the Simple Network Time Protocol SNTP predefined unicast servers To disable the polling for SNTP client use the no form of this command Syntax sntp unicast client poll no sntp unicast client poll Default Configuration Polling is disabled Command Mode Global Configuration mode User Guidelines Polling time is determined by the sntp client poll timer Global Con...
Page 129: ...s poll Enable polling keyid Authentication key to use when sending packets to this peer Range 1 4294967295 Default Configuration No servers are defined Command Mode Global Configuration mode User Guidelines Up to 8 SNTP servers can be defined Use the sntp unicast client enable Global Configuration mode command to enable predefined unicast clients globally To enable polling you should also use the ...
Page 130: ...he system clock Syntax show clock detail detail Shows timezone and summertime configuration Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines The symbol that precedes the show clock display indicates the following Symbol Description Time is not authoritative blank Time is authoritative Time is authoritative but SNTP is not synchronized ...
Page 131: ...rotocol SNTP Syntax show sntp configuration Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Console show clock 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Console show clock detail 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Time zone Acronym is PST Offset is UTC 8 Summertime Acronym is PDT Recurring every year Begins at first Sunday ...
Page 132: ...hows the status of the Simple Network Time Protocol SNTP Syntax show sntp status Default Configuration This command has no default configuration Console show sntp configuration Polling interval 7200 seconds MD5 Authentication keys 8 9 Authentication is required for synchronization Trusted Keys 8 9 Unicast Clients Enabled Unicast Clients Polling Enabled Server Polling Encryption Key 176 1 1 8 Enabl...
Page 133: ...6 1 1 8 unicast Reference time is AFE2525E 70597B34 00 10 22 438 PDT Jul 5 1993 Unicast servers Server Status Last response Offset mSec Delay mSec 176 1 1 8 Up 19 58 22 289 PDT Feb 19 2002 7 33 117 79 176 1 8 179 Unknown 12 17 17 987 PDT Feb 19 2002 8 98 189 19 Anycast server Server Interface Status Last response Offset Delay mSec mSec 176 1 11 8 VLAN 118 Up 9 53 21 789 PDT Feb 19 2002 7 19 119 89...
Page 134: ...134 Clock w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 135: ...tination flash Source or destination URL for flash memory It is the default in case a URL is specified without a prefix running config Represents the current running configuration file startup config Represents the startup configuration file image If the source file represents the active image file If the destination file represents the non active image file boot Boot file tftp Source or destinati...
Page 136: ... image boot and null only tftp is the source file and destination file on the same copy The following table describes copy characters Copying an Image File from a Server to Flash Memory To copy an image file from a server to flash memory use the copy source url image command Copying a Boot File from a Server to Flash Memory To copy a boot file from a server to flash memory enter the copy source ur...
Page 137: ...er copy source url startup config The startup configuration file is replaced by the copied configuration file Storing the Running or Startup Configuration on a Server Use the copy running config destination url command to copy the current configuration file to a network server using TFTP Use the copy startup config destination url command to copy the startup configuration file to a network server ...
Page 138: ... file to be deleted Range 1 160 characters The following table displays keywords and URL prefixes Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines sys prv image 1 and image 2 files cannot be deleted console copy tftp 172 16 101 101 file1 image Accessing file file1 on 172 16 101 101 Loading file1 from 172 16 101 101 OK Copy took 0 01 ...
Page 139: ...has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example deletes the startup config file dir The dir Privileged EXEC mode command displays a list of files on a flash file system Syntax dir Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guideline...
Page 140: ...le to be displayed Range 1 160 characters Console dir Directory of flash File Name Permission Size Modification Date Modification Time Image 1 rw 4325376 01 Jun 2003 01 04 21 Image 2 rw 4325376 01 Jun 2003 21 28 10 aaafile prv 131072 01 Jun 2003 01 01 19 sshkeys prv 262144 01 Jun 2003 01 01 05 syslog1 sys r 262144 01 Jun 2003 02 22 48 syslog2 sys r 262144 01 Jun 2003 02 22 48 directry prv 262144 0...
Page 141: ...d EXEC mode User Guidelines Files are displayed in ASCII format except for image files which are displayed in hexadecimal format prv and sys files cannot be displayed Keyword Source or Destination flash Source or destination URL for flash memory It is the default in case a URL is specified without a prefix running config Represents the current running configuration file startup config Represents t...
Page 142: ...acters new url New URL Range 1 160 characters The following table displays keywords and URL prefixes Console more configuration bak interface range ethernet 1 e 1 4 duplex half exit interface range ethernet 2 g 1 4 switchport mode general exit vlan database vlan 2 exit interface range ethernet 2 g 1 4 switchport general allowed vlan add 2 exit interface range ethernet 1 e 1 4 no negotiation exit K...
Page 143: ...ge that the device loads at startup Syntax boot system unit unit image 1 image 2 unit Specifies the unit number image 1 Specifies image 1 as the system startup image image 2 Specifies image 2 as the system startup image Default Configuration If the unit number is unspecified the default setting is the master unit number Command Mode Privileged EXEC mode User Guidelines Use the show bootvar command...
Page 144: ... This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command displays the factory default settings at the end of the running configuration file contents Examples The following example displays the contents of the running configuration file Device show running config software version 1 1 hostname device interface ethernet 1 e1 ip address 176 242 100 100 ...
Page 145: ... This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays the contents of the running configuration file Console show startup config software version 1 1 hostname device interface ethernet 1 e1 ip address 176 242 100 100 255 255 255 0 duplex full speed 1000 interface ethernet 1 ...
Page 146: ...unit unit Specifies the unit number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays the active system image file that is loaded by the device at startup Console show bootvar Images currently available on the FLASH image 1 active image 2 not active ...
Page 147: ...lobal Configuration mode User Guidelines Use this command to limit flooding of DHCP requests to trusted ports only Use the ip dhcp filtering trust interface configuration command to define trusted ports Examples The following example enables filtering of DHCP requests on a VLAN ip dhcp filtering trust Use the ip dhcp filtering trust interface configuration command to configure a port as trusted fo...
Page 148: ...uests to trusted ports only Example The following example configures a port as trusted for DHCP filtering purposes show ip dhcp filtering Use the show ip dhcp filtering EXEC command to display the DHCP filtering configuration Syntax show ip dhcp filtering ethernet interface port channel port channel number interface Specify Ethernet port port channel number Specify Port channel number Default Conf...
Page 149: ...ENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY Example The following example displays the DHCP filtering configuration Console show ip dhcp filtering DHCP filtering is configured on following VLANs 2 3 Interface Trusted 1 e1 yes 1 e2 yes ...
Page 150: ...150 DHCP Filtering w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 151: ...lt configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables configuring Ethernet port 5 e18 interface range ethernet The interface range ethernet Global Configuration mode command configures multiple Ethernet type interfaces at the same time Syntax interface range ethernet port range all port range List...
Page 152: ...le The following example shows how ports 5 e18 to 5 e20 and 3 e1 to 3 24 are grouped to receive the same command shutdown The shutdown Interface Configuration Ethernet port channel mode command disables an interface To restart a disabled interface use the no form of this command Syntax shutdown no shutdown Default Configuration The interface is enabled Command Mode Interface Configuration Ethernet...
Page 153: ...ing no description string Comment or a description of the port to enable the user to remember what is attached to the port Range 1 64 characters Default Configuration The interface does not have a description Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example adds a description to Ethernet port...
Page 154: ... of this command Syntax speed 10 100 1000 no speed 10 Forces 10 Mbps operation 100 Forces 100 Mbps operation 1000 Forces 1000 Mbps operation Default Configuration Maximum port capability Command Mode Interface Configuration Ethernet port channel mode User Guidelines The no speed command in a port channel context returns each port in the port channel to its maximum capability Example The following ...
Page 155: ...f Forces half duplex operation full Forces full duplex operation Default Configuration The interface is set to full duplex Command Mode Interface Configuration Ethernet mode User Guidelines When configuring a particular duplex mode on the port operating at 10 100 Mbps disable the auto negotiation on that port Half duplex mode can be set only for ports operating at 10 Mbps or 100 Mbps Example The f...
Page 156: ...ble values 10h 10f 100h 100f 1000f Default Configuration Auto negotiation is enabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines If unspecified the default setting is to enable all capabilities of the port Example The following example enables auto negotiation on Ethernet port 1 e5 flowcontrol The flowcontrol Interface Configuration Ethernet port channel mode co...
Page 157: ...cable crossover use the no form of this command Syntax mdix on auto no mdix on Manual mdix auto Automatic mdi mdix Default Configuration The default setting is on Command Mode Interface Configuration Ethernet mode User Guidelines Auto All possibilities to connect a PC with cross or normal cables are supported and are automatically detected On It is possible to connect to a PC only with a normal ca...
Page 158: ... Default Configuration Back pressure is enabled Command Mode Interface Configuration Ethernet mode User Guidelines Back pressure cannot be configured on trunks Example In the following example back pressure is enabled on port 1 e5 clear counters The clear counters User EXEC mode command clears statistics on an interface Syntax clear counters ethernet interface port channel port channel number inte...
Page 159: ...ive ethernet interface port channel port channel number interface Valid Ethernet port Full syntax unit port port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command is used to activate interfaces that were configured to be active but were shutdown by the system for some reason e g po...
Page 160: ...ntax show interfaces advertise ethernet interface port channel port channel number interface Valid Ethernet port Full syntax unit port port channel number Valid port channel number Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command ...
Page 161: ...bled 1 e3 100M Copper Enabled 1 e4 100M Copper Enabled 1 e5 100M Copper Enabled 100f 100h 10f 10h 1 e6 100M Copper Enabled 1 e7 100M Copper Enabled 1 e8 100M Copper Enabled 1 e9 100M Copper Enabled 1 e10 100M Copper Enabled 1 e11 100M Copper Enabled 1 e12 100M Copper Enabled 1 e13 100M Copper Enabled 1 e14 100M Copper Enabled 1 e15 100M Copper Enabled 1 e16 100M Copper Enabled 1 e17 100M Copper En...
Page 162: ...ion capabilities use the show interfaces advertise Privileged EXEC mode command Example The following example displays the configuration of all configured interfaces Console show interfaces configuration Port Type Duplex Speed Neg Flow Ctrl Link State Back Pressure Mdix Mode 1 e1 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e2 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e3 100M Copp...
Page 163: ...mand has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command 1 e11 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e12 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e13 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e14 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e15 100M Copper Full 100 Enabled Off Up Disa...
Page 164: ... State Back Pressure Mdix Mode 1 e1 100M Copper Down 1 e2 100M Copper Down 1 e3 100M Copper Down 1 e4 100M Copper Down 1 e5 100M Copper Full 100 Enabled Off Up Disabled On 1 e6 100M Copper Down 1 e7 100M Copper Down 1 e8 100M Copper Down 1 e9 100M Copper Down 1 e10 100M Copper Down 1 e11 100M Copper Down 1 e12 100M Copper Down 1 e13 100M Copper Down 1 e14 100M Copper Down 1 e15 100M Copper Down 1 ...
Page 165: ...t interface port channel port channel number interface Valid Ethernet port Full syntax unit port port channel number A valid port channel number Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays descriptions of configured interfaces Console show inte...
Page 166: ...valid Ethernet port Full syntax unit port port channel number A valid port channel number Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays traffic seen by the physical interface Console show interfaces counters Port InOctets InUcastPkts InMcastPkts...
Page 167: ...h OutOctets OutUcastPkts OutMcastPkts OutBcastPkts 1 23739 0 0 0 Console show interfaces counters ethernet 1 e1 Port InOctets InUcastPkts InMcastPkts InBcastPkts 1 e1 183892 0 0 0 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts 1 e1 9188 0 0 0 FCS Errors 8 Single Collision Frames 0 Late Collisions 0 Oversize Packets 0 Internal MAC Rx Errors 0 Symbol Errors 0 Received Pause Frames 0 Transmitt...
Page 168: ...stPkts Counted received broadcast packets OutOctets Counted transmitted octets OutUcastPkts Counted transmitted unicast packets OutMcastPkts Counted transmitted multicast packets OutBcastPkts Counted transmitted broadcast packets FCS Errors Counted received frames that are an integral number of octets in length but do not pass the FCS check Single Collision Frames Counted frames that are involved ...
Page 169: ...mand Syntax port storm control broadcast enable no port storm control broadcast enable Default Configuration Broadcast storm control is disabled Command Modes Interface Configuration Ethernet mode User Guidelines Use the port storm control broadcast rate Interface Configuration Ethernet mode command to set the maximum allowable broadcast rate Use the port storm control include multicast Interface ...
Page 170: ...applied 70K 1M in steps of at least 10K 1M 10M in steps of at least 1M 10M 250M in steps based on the requested rate Default Configuration The default storm control broadcast rate is 100 Kbits Sec Command Mode Interface Configuration Ethernet mode User Guidelines Use the port storm control broadcast enable Interface Configuration mode command to enable broadcast storm control Since granularity dep...
Page 171: ...nfiguration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the storm control configuration Console show ports storm control Port State Rate Kbits Sec Included 1 e1 Enabled 70 Broadcast Multicast Unknown Unicast 2 e1 Enabled 100 Broadcast 3 e1 Disabled 100 Broadcast ...
Page 172: ...172 Ethernet Configuration Commands w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 173: ...gvrp enable Global Configuration mode command enables GVRP globally To disable GVRP on the device use the no form of this command Syntax gvrp enable no gvrp enable Default Configuration GVRP is globally disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables GVRP globally on the device gvrp enable Interface...
Page 174: ... VLAN VID Example The following example enables GVRP on Ethernet port 1 e6 garp timer The garp timer Interface Configuration Ethernet Port channel mode command adjusts the values of the join leave and leaveall timers of GARP applications To return to the default configuration use the no form of this command Syntax garp timer join leave leaveall timer_value no garp timer join leave leaveall Indicat...
Page 175: ... milliseconds gvrp vlan creation forbid The gvrp vlan creation forbid Interface Configuration Ethernet port channel mode command disables dynamic VLAN creation or modification To enable dynamic VLAN creation or modification use the no form of this command Syntax gvrp vlan creation forbid no gvrp vlan creation forbid Default Configuration Dynamic VLAN creation or modification is enabled Command Mod...
Page 176: ...efault Configuration Dynamic registration of VLANs on the port is allowed Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example forbids dynamic registration of VLANs on Ethernet port 1 e6 clear gvrp statistics The clear gvrp statistics Privileged EXEC mode command clears all GVRP statistical infor...
Page 177: ...onfiguration User EXEC mode command displays GVRP configuration information including timer values whether GVRP and dynamic VLAN creation is enabled and which ports are running GVRP Syntax show gvrp configuration ethernet interface port channel port channel number interface A valid Ethernet port Full syntax unit port port channel number A valid port channel number Default Configuration This comman...
Page 178: ...channel port channel number interface A valid Ethernet port Full syntax unit port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Console show gvrp configuration GVRP Feature is currently enabled on the device Timers milliseconds Port s Status Re...
Page 179: ...tax unit port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Console show gvrp statistics GVRP Statistics Legend rJE Join Empty Received rJIn Join In Received rEmp Empty Received rLIn Leave In Received rLE Leave Empty Received rLA Leave All Rece...
Page 180: ...ample The following example displays GVRP statistical information Console show gvrp error statistics GVRP Error Statistics Legend INVPROT Invalid Protocol Id INVALEN Invalid Attribute Length INVATYP Invalid Attribute Type INVEVENT Invalid Event INVAVAL Invalid Attribute Value Port INVPROT INVATYP INVAVAL INVALEN INVEVENT ...
Page 181: ...GMP snooping is disabled Command Mode Global Configuration mode User Guidelines IGMP snooping can only be enabled on static VLANs It must not be enabled on Private VLANs or their community VLANs Example The following example enables IGMP snooping ip igmp snooping Interface The ip igmp snooping Interface Configuration VLAN mode command enables Internet Group Management Protocol IGMP snooping on a s...
Page 182: ...ing mrouter learn pim dvmrp Interface Configuration VLAN mode command enables automatic learning of multicast router ports in the context of a specific VLAN To remove automatic learning of multicast router ports use the no form of this command Syntax ip igmp snooping mrouter learn pim dvmrp no ip igmp snooping mrouter learn pim dvmrp Default Configuration Automatic learning of multicast router por...
Page 183: ... 2147483647 Default Configuration The default host time out is 260 seconds Command Mode Interface Configuration VLAN mode User Guidelines The timeout should be at least greater than 2 query_interval max_response_time of the IGMP router Example The following example configures the host timeout to 300 seconds ip igmp snooping mrouter time out The ip igmp snooping mrouter time out Interface Configura...
Page 184: ... Configuration VLAN mode command configures the leave time out If an IGMP report for a multicast group was not received for a leave time out period after an IGMP Leave was received from a specific port this port is deleted from the member list of that multicast group To return to the default configuration use the no form of this command Syntax ip igmp snooping leave time out time out immediate lea...
Page 185: ...e following example configures the host leave time out to 60 seconds show ip igmp snooping mrouter The show ip igmp snooping mrouter User EXEC mode command displays information on dynamically learned multicast router interfaces Syntax show ip igmp snooping mrouter interface vlan id vlan id VLAN number Default Configuration This command has no default configuration Command Mode User EXEC mode User ...
Page 186: ...mp snooping interface User EXEC mode command displays IGMP snooping configuration Syntax show ip igmp snooping interface vlan id vlan id VLAN number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Console show ip igmp snooping mrouter interface 1000 VLAN Ports 1000 1 e1 Detected multicast rout...
Page 187: ...number ip multicast address IP multicast address Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines To see the full multicast address table including static addresses use the show bridge multicast address table Privileged EXEC command Console show ip igmp snooping interface 1000 IGMP Snooping is globaly enabled IGMP Snooping is enabled on VL...
Page 188: ...ROOF ONLY Example The following example shows IGMP snooping information on multicast groups Console show ip igmp snooping groups Vlan IP Address Querier Ports 1 224 239 130 2 2 3 Yes 1 e1 2 e2 19 224 239 130 2 2 8 Yes 1 e9 e11 IGMP Reporters that are forbidden statically Vlan IP Address Ports 1 224 239 130 2 2 3 1 e19 ...
Page 189: ...rk mask of the IP address prefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Range 8 30 Default Configuration No IP address is defined for interfaces Command Mode Interface Configuration Ethernet VLAN port channel mode User Guidelines An IP address cannot be configured for a range of interfaces range context Example ...
Page 190: ...hannel mode User Guidelines The ip address dhcp command allows any interface to dynamically learn its IP address by using the DHCP protocol Some DHCP servers require that the DHCPDISCOVER message have a specific host name The ip address dhcp hostname host name command is most typically used when the host name is provided by the system administrator If the device is configured to obtain its IP addr...
Page 191: ...ault Configuration No default gateway is defined Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example defines default gateway 192 168 1 1 show ip interface The show ip interface User EXEC mode command displays the usability status of configured IP interfaces Syntax show ip interface ethernet interface number vlan vlan id...
Page 192: ...he To remove an entry from the ARP cache use the no form of this command Syntax arp ip_addr hw_addr ethernet interface number vlan vlan id port channel port channel number no arp ip_addr ethernet interface number vlan vlan id port channel port channel number ip_addr Valid IP address or IP alias to map to the specified MAC address hw_addr Valid MAC address to map to the specified IP address or IP a...
Page 193: ... adds IP address 198 133 219 232 and MAC address 00 00 0c 40 0f bc to the ARP table arp timeout The arp timeout Global Configuration mode command configures how long an entry remains in the ARP cache To return to the default configuration use the no form of this command Syntax arp timeout seconds no arp timeout seconds Time in seconds that an entry remains in the ARP cache Range 1 40000000 Default...
Page 194: ...Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example deletes all dynamic entries from the ARP cache show arp The show arp Privileged EXEC mode command displays entries in the ARP table Syntax show arp Default Configuration This command has no default configuration Comman...
Page 195: ...m of this command Syntax ip domain lookup no ip domain lookup Default Configuration IP Domain Naming System DNS based host name to address translation is enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example enables IP Domain Naming System DNS based host name to address translation Console show arp ARP timeout 80...
Page 196: ...figuration A default domain name is not defined Command Mode Global Configuration mode User Guidelines This command enables host name to address translation The preference in name to address resolution is determined by the type of host name to address entry Static entries are read first followed by DHCP entries and DNS protocol entries Examples The following example defines default domain name del...
Page 197: ...nes static host name to address mapping in the host cache To remove the host name to address mapping use the no form of this command Syntax ip host name address no ip host name name Name of the host Range 1 158 characters address Associated IP address Default Configuration No host is defined Command Mode Global Configuration mode User Guidelines Up to 64 host name to address mapping entries are pe...
Page 198: ...figuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example deletes all entries from the host name to address cache clear host dhcp The clear host dhcp Privileged EXEC mode command deletes entries from the host name to address mapping received from Dynamic Host Configuration Protocol DHCP Syntax clear host dhcp name name...
Page 199: ... list of name server hosts the static and the cached list of host names and addresses Syntax show hosts name name Specifies the host name Range 1 158 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays host information Console clear host dhc...
Page 200: ...r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY Configured host name to address mapping Host Addresses accounting gm com 176 16 8 8 176 16 8 9 DHCP Cache TTL Hours Host Total Elapsed Type Addresses www stanford edu 72 3 IP 171 64 14 203 ...
Page 201: ...nge 1 65535 Default Configuration The default system priority is 1 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the system priority to 120 lacp port priority The lacp port priority Interface Configuration Ethernet mode command configures physical port priority To return to the default configuration use...
Page 202: ...an administrative LACP timeout To return to the default configuration use the no form of this command Syntax lacp timeout long short no lacp timeout long Specifies the long timeout value short Specifies the short timeout value Default Configuration The default port timeout value is long Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command...
Page 203: ... statistics Link aggregation statistics information protocol state Link aggregation protocol state information Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example display LACP information for Ethernet port 1 e1 Console show lacp ethernet 1 e1 Port 1 e1 LACP para...
Page 204: ...zation FALSE collecting FALSE distributing FALSE expired FALSE Partner system priority 0 system mac addr 00 00 00 00 00 00 port Admin key 0 port Oper key 0 port Oper number 0 port Admin priority 0 port Oper priority 0 port Oper timeout LONG LACP Activity PASSIVE Aggregation AGGREGATABLE synchronization FALSE collecting FALSE distributing FALSE expired FALSE Port 1 e1 LACP Statistics LACP PDUs sent...
Page 205: ...t_channel_number Valid port channel number Default Configuration This command has no default configuration Port 1 e1 LACP Protocol State LACP State Machines Receive FSM Port Disabled State Mux FSM Detached State Periodic Tx FSM No Periodic State Control Variables BEGIN FALSE LACP_Enabled TRUE Ready_N FALSE Selected UNSELECTED Port_moved FALSE NNT FALSE Port_enabled FALSE Timer counters periodic tx...
Page 206: ...ser Guidelines There are no user guidelines for this command Example The following example displays LACP information about port channel 1 Console show lacp port channel 1 Port Channel 1 Port Type 1000 Ethernet Actor System Priority 1 MAC Address 00 02 85 0E 1C 00 Admin Key 29 Oper Key 29 Partner System Priority 0 MAC Address 00 00 00 00 00 00 Oper Key 14 ...
Page 207: ...e access Telnet ssh Virtual terminal for secured remote console access SSH Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example configures the device as a virtual terminal for remote console access speed The speed Line Configuration mode command sets the li...
Page 208: ...ilable only on the line console The configured speed is applied when Autobaud is disabled This configuration applies only to the current session Examples The following example configures the line baud rate to 115200 autobaud The autobaud Line Configuration mode command sets the line for automatic baud rate detection autobaud To disable automatic baud rate detection use the no form of the command S...
Page 209: ... the default configuration use the no form of this command Syntax exec timeout minutes seconds no exec timeout minutes Specifies the number of minutes Range 0 65535 seconds Specifies additional time intervals in seconds Range 0 59 Default Configuration The default configuration is 10 minutes Command Mode Line Configuration mode User Guidelines To specify no timeout enter the exec timeout 0 command...
Page 210: ...able or disable the command history function for the current terminal session use the terminal history user EXEC mode command Example The following example enables the command history function for telnet history size The history size Line Configuration mode command configures the command history buffer size for a particular line To reset the command history buffer size to the default configuration...
Page 211: ...ar line terminal history The terminal history User EXEC command enables the command history function for the current terminal session To disable the command history function use the no form of this command Syntax terminal history no terminal history Default Configuration The default configuration for all terminal sessions is defined by the history line configuration command Command Mode User EXEC ...
Page 212: ...default command history buffer size is 10 Command Mode User EXEC mode User Guidelines The terminal history size User EXEC command configures the size of the command history buffer for the current terminal session To change the default size of the command history buffer use the history line configuration command The maximum number of commands in all buffers is 256 Examples The following example con...
Page 213: ...delines There are no user guidelines for this command Examples The following example displays the line configuration Console show line Console configuration Interactive timeout Disabled History 10 Baudrate 9600 Databits 8 Parity none Stopbits 1 Telnet configuration Interactive timeout 10 minutes 10 seconds History 10 SSH configuration Interactive timeout 10 minutes 10 seconds History 10 ...
Page 214: ...214 Line Commands w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 215: ...are no guidelines for this command Example The following example enables Link Layer Discovery Protocol LLDP lldp enable interface To enable Link Layer Discovery Protocol LLDP on an interface use the lldp enable command in interface configuration mode To disable LLDP on an interface use the no form of this command Syntax lldp enable rx tx both no lldp enable rx Receive only LLDP packets tx Transmit...
Page 216: ...t is authorized Examples The following example enables Link Layer Discovery Protocol LLDP on an interface g5 lldp timer To specify how often the software sends Link Layer Discovery Protocol LLDP updates use the lldp timer command in global configuration mode To revert to the default setting use the no form of this command Syntax lldp timer seconds no lldp timer seconds Specifies in seconds how oft...
Page 217: ...uraiton The default configuration is 4 Command Modes Global configuration User Guidelines The actual time to live value used in LLDP frames can be expressed by the following formula TTL min 65535 LLDP Timer LLDP HoldMultiplier For example if the value of LLDP timer is 30 and the value of the LLDP hold multiplier is 4 then the value 120 is encoded in the TTL field in the LLDP header Examples The fo...
Page 218: ...rt will wait before reinitializing LLDP transmission lldp tx delay To specify the delay between successive LLDP frame transmissions initiated by value status changes in the LLDP local systems MIB use the lldp tx delay command in global configuration mode To revert to the default setting use the no form of this command Syntax lldp tx delay seconds no lldp tx delay Parameters seconds Specifies the d...
Page 219: ...lv Specifies TLV that should be included Available optional TLVs are port desc sys name sys desc and sys cap Range 1 8192 seconds Default Configuration No optional TLV is transmitted Command Modes Interface configuration Ethernet User Guidelines There are no user guidelines for this command Example The following example specifies which optional TLV 2 s from the basic set should be transmitted lldp...
Page 220: ...ollowing example specifies management address that would be advertised from an interface clear lldp rx To restart the LLDP RX state machine and clearing the neighbors table use the clear lldp rx command in privileged EXEC mode Syntax clear lldp rx ethernet interface Interface Ethernet port Command Modes Privileged EXEC User Guidelines There are no user guidelines for this command Example The folow...
Page 221: ...mple The following example displays the Link Layer Discovery Protocol LLDP configuration show lldp local To display the Link Layer Discovery Protocol LLDP information that is advertised from a specific port use the show lldp local command in privileged EXEC mode Syntax show lldp local ethernet interface Interface Ethernet port Switch show lldp configuration Timer 30 Seconds Hold multiplier 4 Reini...
Page 222: ...using Link Layer Discovery Protocol LLDP use the show lldp neighbors command in privileged EXEC mode Syntax show lldp neighbors ethernet interface Interface Ethernet port Command Modes Privileged EXEC User Guidelines There are no user guidelines for this command Example The following example displays information about neighboring devices discovered using Link Layer Discovery Protocol LLDP Switch s...
Page 223: ...1 Hold Time 117 Capabilities B System Name ts 7800 2 System description Port description Management address 172 16 1 1 Port Device ID Port ID Hold Time Capabilities System Name g1 0060 704C 73FE 1 117 B ts 7800 2 g1 0060 704C 73FD 1 93 B ts 7800 2 g2 0060 704C 73F C 9 1 B R ts 7900 1 g3 0060 704C 73FB 1 92 W ts 7900 2 ...
Page 224: ...224 LLDP Commands w w w d e l l c o m s u p p o r t d e l l c o m ...
Page 225: ...ion mode User Guidelines Use this command to configure a management access list The command enters the Access list Configuration mode where permit and deny access rules are defined using the permit Management and deny Management commands If no match criteria are defined the default is deny If you re enter an access list context the new rules are entered at the end of the access list Use the manage...
Page 226: ...rface number vlan vlan id port channel port channel number service service permit ip source ip address mask mask prefix length ethernet interface number vlan vlan id port channel port channel number service service interface number A valid Ethernet port number vlan id A valid VLAN number port channel number A valid port channel index ip address A valid source IP address mask A valid network mask o...
Page 227: ...he mlist access list deny Management The deny Management Access List Configuration mode command defines a deny rule Syntax deny ethernet interface number vlan vlan id port channel port channel number service service deny ip source ip address mask mask prefix length ethernet interface number vlan vlan id port channel port channel number service service interface number A valid Ethernet port number ...
Page 228: ...list management access class The management access class Global Configuration mode command restricts management connections by defining the active management access list To disable this restriction use the no form of this command Syntax management access class console only name no management access class name Specifies the name of the access list to be used Range 1 32 characters console only Indic...
Page 229: ...anagement access list name name Specifies the name of a management access list Range 1 32 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the mlist management access list Console config management access class mlist Console show managemen...
Page 230: ...ys the active management access list Syntax show management access class Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information about the active management access list Console show management access class Management access class is enabled usin...
Page 231: ...has no default configuration Command Mode Privileged EXEC mode User Guidelines The port to be tested should be shut down during the test unless it is a combination port with fiber port active The maximum length of the cable for the TDR test is 120 meter Examples The following example results in a report on the cable attached to port 1 e3 show copper ports tdr The show copper ports tdr User EXEC mo...
Page 232: ... example displays information on the last TDR test performed on all copper ports show copper ports cable length The show copper ports cable length User EXEC mode command displays the estimated copper cable length attached to a port Syntax show copper ports cable length interface interface A valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration Co...
Page 233: ...iver Privileged EXEC command displays the optical transceiver diagnostics Syntax show fiber ports optical transceiver interface detailed Syntax Description interface A valid Ethernet port Full syntax unit port detailed Detailed diagnostics Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines To test optical transceivers ensure a fiber li...
Page 234: ...ent Measured TX bias current Output Power Measured TX output power Input Power Measured RX received power Tx Fault Transmitter fault LOS Loss of signal N A Not Available N S Not Supported W Warning E Error Console show fiber ports optical transceiver detailed Power Port Temp Voltage Current Output Input TX Fault LOS C Volt mA mWatt mWatt 1 g1 48 5 15 50 1 789 1 789 No No 1 g2 43 5 15 10 1 789 1 78...
Page 235: ...uidelines Eight aggregated links can be defined with up to eight member ports per port channel The aggregated links valid IDs are 1 8 Example The following example enters the context of port channel number 1 interface range port channel The interface range port channel Global Configuration mode command enters the interface configuration mode to configure multiple port channels Syntax interface ran...
Page 236: ...ace Configuration Ethernet mode command associates a port with a port channel To remove a port from a port channel use the no form of this command Syntax channel group port channel number mode on auto no channel group port channel_number Specifies the number of the valid port channel for the current port to join on Forces the port to join a channel without an LACP operation auto Allows the port to...
Page 237: ...terfaces port channel port channel number port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information on all port channels Console config interface ethernet 1 e1 Console config if channel group 1 mode on Conso...
Page 238: ...238 Port Channel Commands w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 239: ...ode Interface Configuration Ethernet mode User Guidelines This command enables traffic on one port to be copied to another port or between the source port src interface and a destination port port being configured The following restrictions apply to ports configured as destination ports The port cannot be already configured as a source port The port cannot be a member in a port channel An IP inter...
Page 240: ...no port monitor vlan tagging Default Configuration Ingress mirrored packets are transmitted untagged Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example configures all ingress mirrored packets from port 1 e9 to be transmitted as tagged packets show ports monitor The show ports monitor User EXEC mode command ...
Page 241: ...mode User Guidelines There are no user guidelines for this command Example The following example shows how the port monitoring status is displayed Console show ports monitor Source Port Destination Port Type Status VLAN Tagging 1 e1 1 e8 RX TX Active No 1 e2 1 e8 RX TX Active No 1 e18 1 e8 RX Active No ...
Page 242: ...242 Port Monitor Commands w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 243: ...rotocol and if found supplies power to the device never Disables the device discovery protocol and stops supplying power to the device Default Configuration The device discovery protocol is enabled Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example enables powered device discovery protocol on port 1 e1 so t...
Page 244: ...iguration Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example configures a description to an IP phone to a powered device connected to Ethernet interface 1 e1 power inline priority The power inline priority Interface Configuration Ethernet mode command configures the inline power management priority of the i...
Page 245: ...1 as a high priority powered device power inline usage threshold The power inline usage threshold Global Configuration mode command configures the threshold for initiating inline power usage alarms To return to the default configuration use the no form of this command Syntax power inline usage threshold percentage no power inline usage threshold percentage Specifies the threshold as a percentage t...
Page 246: ...le no power inline traps Default Configuration Inline power traps are disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables inline power traps to be sent when a power usage threshold is exceeded show power inline The show power inline User EXEC mode command displays the information about inline power Synt...
Page 247: ... command Example The following example displays information about inline power Console show power inline Power On Nominal Power 150 Watt Consumed Power 120 Watts 80 Usage Threshold 95 Traps Enabled Port Powered Device State Priority Status Classification w 1 e1 IP Phone Model A Auto High On 0 44 12 95 2 e1 Wireless AP Model Auto Low On 0 44 3 84 3 e1 Auto Low Off N A ...
Page 248: ...iption Power The operational status of the inline power sourcing equipment Nominal Power The nominal power of the inline power sourcing equipment in Watts Consumed Power Measured usage power in Watts Usage Threshold The usage threshold expressed in percents for comparing the measured power and initiating an alarm if threshold is exceeded Traps Indicates if inline power traps are enabled Port The E...
Page 249: ...44 12 95 0 44 3 84 3 84 6 49 or 6 49 12 95 Overload Counter Counts the number of overload conditions that has been detected Short Counter Counts the number of short conditions that has been detected Denied Counter Counts the number of times power has been denied Absent Counter Counts the number of times power has been removed because powered device dropout was detected Invalid Signature Counter Co...
Page 250: ...250 Power over Ethernet Commands w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 251: ...ax qos no qos Default Configuration QoS is disabled on the device Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables QoS on the device show qos The show qos User EXEC mode command displays quality of service QoS for the device Syntax show qos Default Configuration This command has no default configuration Comma...
Page 252: ...of queues number of queues no priority queue out num of queues number of queues Specifies the number of expedite queues The expedite queues would be the queues with higher indexes Range 0 or 4 Default Configuration All queues are expedite queues Command Mode Global Configuration mode User Guidelines When the specified number of expedite queues is 0 the Strict Priority scheduling method is used Whe...
Page 253: ...ht for WRR queues the CoS to queue map and the EF priority Default Configuration There is no default configuration for this command Command Mode User EXEC mode User Guidelines If no keyword is specified port QoS information e g DSCP trusted CoS trusted untrusted etc is displayed If no interface is specified QoS information about all interfaces is displayed Examples The following example displays Q...
Page 254: ...m of this command Syntax wrr queue cos map queue id cos1 cos8 no wrr queue cos map queue id queue id Specifies the queue number to which the CoS values are mapped cos1 cos8 Specifies CoS values to be mapped to a specific queue Range 0 7 Default Configuration Cos 0 1 2 and 3 are mapped to queue 1 Cos 4 and 5 are mapped to queue 2 Cos 6 and 7 are mapped to queue 3 Command Mode Global Configuration m...
Page 255: ...es the queue number to which the DSCP values are mapped Default Configuration The following table describes the default map Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example maps DSCP values 33 40 and 41 to queue 1 qos trust Global The qos trust Global Configuration mode command configures the system to the basic mode...
Page 256: ...ured to one of the trusted states because there is no need to classify the packets at every device in the domain Use this command to specify whether the port is trusted and which fields of the packet to use to classify traffic When the system is configured as trust DSCP traffic is mapped to a queue according to the DSCP queue map Example The following example configures the system to the DSCP trus...
Page 257: ... of this command Syntax qos cos default cos no qos cos default cos Specifies the default CoS value of the port Range 0 7 Default Configuration Default CoS value of a port is 0 Command Mode Interface Configuration Ethernet Port channel mode User Guidelines If the port is trusted the default CoS value of the port is used to assign a CoS value to all untagged packets entering the port Example The fol...
Page 258: ...C mode User Guidelines There are no user guidelines for this command Example The following example displays the DSCP port queue map The following table describes the significant fields shown above Console show qos map Dscp queue map d1 d2 0 1 2 3 4 5 6 7 8 9 0 01 01 01 01 01 01 01 01 01 01 1 01 01 01 01 01 01 02 02 02 02 2 02 02 02 02 02 02 02 02 02 02 3 02 02 03 03 03 03 03 03 03 03 4 03 03 03 03...
Page 259: ...t used for authentication if the port number is set to 0 Range 0 65535 timeout Specifies the timeout value in seconds Range 1 30 retries Specifies the retransmit value Range 1 10 deadtime Length of time in minutes during which a RADIUS server is skipped over by transaction requests Range 0 2000 key string Specifies the authentication and encryption key for all RADIUS communications between the dev...
Page 260: ...pecifies a RADIUS server host with IP address 192 168 10 1 authentication request port number 20 and a 20 second timeout period radius server key The radius server key Global Configuration mode command sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon To return to the default configuration use the no form of this command Syntax radius...
Page 261: ...s server retransmit retries no radius server retransmit retries Specifies the retransmit value Range 1 10 Default Configuration The software searches the list of RADIUS server hosts 3 times Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the number of times the software searches the list of RADIUS server ...
Page 262: ...example configures the source IP address used for communication with RADIUS servers to 10 1 1 1 radius server timeout The radius server timeout Global Configuration mode command sets the interval during which the device waits for a server host to reply To return to the default configuration use the no form of this command Syntax radius server timeout timeout no radius server timeout timeout Specif...
Page 263: ...deadtime deadtime no radius server deadtime deadtime Length of time in minutes during which a RADIUS server is skipped over by transaction requests Range 0 2000 Default Configuration The deadtime setting is 0 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the deadtime to 10 minutes show radius servers The show...
Page 264: ...ines There are no user guidelines for this command Examples The following example displays RADIUS server settings Console show radius servers IP address Port Auth TimeOut Retransmit DeadTime Source IP Priority Usage 172 16 1 1 1645 Global Global Global 1 All 172 16 1 2 1645 11 8 Global Global 2 All Global values TimeOut 3 Retransmit 3 Deadtime 0 Source IP 172 16 8 1 ...
Page 265: ...mber Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays RMON Ethernet statistics for Ethernet port 1 e1 Console show rmon statistics ethernet 1 e1 Port 1 e1 Octets 878128 Packets 978 Broadcast 7 Multicast 1 CRC Align Errors 0 Collisions 0 Undersize Pkts 0 Ov...
Page 266: ...bits but including FCS octets and otherwise well formed Oversize Pkts The total number of packets received longer than 1518 octets excluding framing bits but including FCS octets and otherwise well formed Fragments The total number of packets received less than 64 octets in length excluding framing bits but including FCS octets and either a bad Frame Check Sequence FCS with an integral number of o...
Page 267: ...ault Configuration RMON statistics group owner name is an empty string Number of buckets specified for the RMON collection history statistics group is 50 Number of seconds in each polling cycle is 1800 Command Mode Interface Configuration Ethernet port channel mode User Guidelines Cannot be configured for a range of interfaces range context Example The following example enables a Remote Monitoring...
Page 268: ...uration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays all RMON history group statistics The following table describes significant fields shown above Console show rmon collection history Index Interface Interval Requested Samples Granted Samples Owner 1 1 e1 30 50 50 CLI 2 1 e1 1800 50 50 Manager Field Description In...
Page 269: ...ounters seconds Specifies the period of time in seconds Range 1 4294967295 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Examples The following examples displays RMON Ethernet history statistics for index 1 Console show rmon history 1 throughput Sample Set 1 Owner CLI Interface 1 e1 Interval...
Page 270: ...0 1 1 0 27 0 Console show rmon history 1 other Sample Set 1 Owner Me Interface 1 e1 Interval 1800 Requested samples 50 Granted samples 50 Maximum table size 500 Time Dropped Collisions Jan 18 2002 21 57 00 3 0 Jan 18 2002 21 57 30 3 0 Field Description Time Date and Time the entry is recorded Octets The total number of octets of data including those in bad packets received on the network excluding...
Page 271: ...received during this sampling interval that were longer than 1518 octets excluding framing bits but including FCS octets but were otherwise well formed Fragments The total number of packets received during this sampling interval that were less than 64 octets in length excluding framing bits but including FCS octets had either a bad Frame Check Sequence FCS with an integral number of octets FCS Err...
Page 272: ...ainst the thresholds Possible values are absolute and delta If the method is absolute the value of the selected variable is compared directly with the thresholds at the end of the sampling interval If the method is delta the selected variable value of the last sample is subtracted from the current value and the difference is compared with the thresholds direction Specifies the alarm that may be se...
Page 273: ...ow rmon alarm table The show rmon alarm table User EXEC mode command displays the alarms table Syntax show rmon alarm table Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the alarms table Console config rmon alarm 1000 dell 360000 1000000 1000000 10 20 C...
Page 274: ...er EXEC mode command displays alarm configuration Syntax show rmon alarm number number Specifies the alarm index Range 1 65535 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Field Description Index An index that uniquely identifies the entry OID Monitored variable OID Owner The entity that co...
Page 275: ...ast sampling period For example if the sample type is delta this value is the difference between the samples at the beginning and end of the period If the sample type is absolute this value is the sampled value at the end of the period Interval The interval in seconds over which the data is sampled and compared with the rising and falling thresholds Sample Type The method of sampling the variable ...
Page 276: ...no default configuration Command Mode Global Configuration mode Startup Alarm The alarm that may be sent when this entry is first set If the first sample is greater than or equal to the rising threshold and startup alarm is equal to rising or rising and falling then a single rising alarm is generated If the first sample is less than or equal to the falling threshold and startup alarm is equal fall...
Page 277: ...notification in the log table show rmon events The show rmon events User EXEC mode command displays the RMON event table Syntax show rmon events Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the RMON event table Console config rmon event 10 log Console ...
Page 278: ...nes for this command Field Description Index An index that uniquely identifies the event Description A comment describing this event Type The type of notification that the device generates about this event Can have the following values none log trap log trap In the case of log an entry is made in the log table for each event In the case of trap an SNMP trap is sent to one or more management statio...
Page 279: ...able size history log history entries Maximum number of history table entries Range 20 270 log entries Maximum number of log table entries Range 20 100 Console show rmon log Maximum table size 500 Event Description Time 1 Errors Jan 18 2002 23 48 19 1 Errors Jan 18 2002 23 58 17 2 High Broadcast Jan 18 2002 23 59 48 Console show rmon log Maximum table size 500 800 after reset Event Description Tim...
Page 280: ...ult Configuration History table size is 270 Log table size is 200 Command Mode Global Configuration mode User Guidelines The configured table size takes effect after the device is rebooted Example The following example configures the maximum RMON history table sizes to 100 entries Console config rmon table size history 100 ...
Page 281: ... SNMP protocol Range 1 20 characters ro Indicates read only access default rw Indicates read write access su Indicates SNMP administrator access ip address Specifies the IP address of the management station group name Specifies the name of a previously defined group A group defines the objects available to the community Range 1 30 characters view name Specifies the name of a previously defined vie...
Page 282: ...ative station with IP address 192 168 1 20 snmp server view The snmp server view Global Configuration mode command creates or updates a Simple Network Management Protocol SNMP server view entry To remove a specified SNMP server view entry use the no form of this command Syntax snmp server view view name oid tree included excluded no snmp server view view name oid tree view name Specifies the label...
Page 283: ...iews No check is made to determine that a MIB node corresponds to the starting portion of the OID until the first wildcard Following is a list of unsupported counters in the Iftable MIB ifInDiscards ifOutErrors ifOutQLen ifHCInOctets ifHCInUcastPkts ifHCInMulticastPkts ifHCInBroadcastPkts ifHCOutOctets ifHCOutUcastPkts ifHCOutMulticastPkts ifHCOutBroadcastPkts The following counters are also not s...
Page 284: ...th Indicates no authentication of a packet Applicable only to the SNMP Version 3 security model auth Indicates authentication of a packet without encrypting it Applicable only to the SNMP Version 3 security model priv Indicates authentication of a packet with encryption Applicable only to the SNMP Version 3 security model readview Specifies a string that is the name of the view that enables only v...
Page 285: ...group called user group to SNMPv3 and assigns to the group the privacy security level and read access rights to a view called user view snmp server user The snmp server user Global Configuration mode command configures a new SNMP Version 3 user To remove a user use the no form of this command Syntax snmp server user username groupname remote engineid string auth md5 password auth sha password auth...
Page 286: ...The user should enter a concatenated hexadecimal string of the SHA key MSB and the privacy key LSB If authentication is only required 20 bytes should be entered if authentication and privacy are required 36 bytes should be entered Each byte in the hexadecimal character string is two hexadecimal digits Each byte can be separated by a period or colon 20 or 36 bytes Default Configuration No group ent...
Page 287: ...s of the device Command Mode Global Configuration mode User Guidelines To use SNMPv3 you have to specify an engine ID for the device You can specify your own ID or use a default string that is generated using the MAC address of the device If the SNMPv3 engine ID is deleted or the configuration file is erased SNMPv3 cannot be used By default SNMPv1 v2 are enabled on the device SNMPv3 is enabled onl...
Page 288: ...he show running config Privileged EXEC mode command does not display the SNMP engine ID configuration To see the SNMP engine ID configuration enter the snmp server engineID local Global Configuration mode command Examples The following example enables SNMPv3 on the device and sets the local engine ID of the device to the default value snmp server enable traps The snmp server enable traps Global Co...
Page 289: ...a word such as system Replace a single subidentifier with the asterisk wildcard to specify a subtree family for example 1 3 4 You may also identify the subtree by specifying its logical name for example IfEntry 1 included Indicates that the filter type is included excluded Indicates that the filter type is excluded Default Configuration No filter entry exists Command Mode Global Configuration mode...
Page 290: ...notification operation Range 1 20 traps Indicates that SNMP traps are sent to this host If unspecified SNMPv2 traps are sent to the host informs Indicates that SNMP informs are sent to this host Not applicable to SNMPv1 1 Indicates that SNMPv1 traps will be used 2 Indicates that SNMPv2 traps will be used If port Specifies the UDP port of the host to use If unspecified the default UDP port number i...
Page 291: ...t ip address hostname username traps informs noauth auth priv udp port port filter filtername timeout seconds retries retries no snmp server host ip address hostname username traps informs ip address Specifies the IP address of the host targeted recipient hostname Specifies the name of the host Range 1 158 characters username Specifies the name of the user to use to generate the notification Range...
Page 292: ...r and notification view are not automatically created Use the snmp server user snmp server group and snmp server view Global Configuration mode commands to generate a user group and notify group respectively Example The following example configures an SNMPv3 host snmp server trap authentication The snmp server trap authentication Global Configuration mode command enables the device to send SNMP tr...
Page 293: ...mand has no default configuration Command Mode Global Configuration mode User Guidelines Do not include spaces in the text string or place text that includes spaces inside quotation marks Example The following example configures the system contact point called Dell_Technical_Support snmp server location The snmp server location Global Configuration mode command configures the system location strin...
Page 294: ...iable name name1 value1 name2 value2 variable name MIB variable name name value List of name and value pairs In the case of scalar MIBs only a single pair of name values In the case of an entry in a table at least one pair of name and value followed by one or more fields Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Although ...
Page 295: ...ault Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the SNMP communications status Console config snmp server set sysName sysname dell Console show snmp Community String Community Access View name IP address public read only user view All private read writ...
Page 296: ...Trap public 2 162 15 3 192 122 173 42 Inform public 2 162 15 3 Version 3 notifications Target Address Type Username Security Level UDP Port Filter Name TO Sec Retries 192 122 173 42 Inform Bob Priv 162 15 3 System Contact Robert System Location Marketing Field Description Community string Community access string to permit access to the SNMP protocol Community access Type of access read only read w...
Page 297: ...ode User Guidelines There are no user guidelines for this command Example The following example displays the SNMP engine ID show snmp views The show snmp views Privileged EXEC mode command displays the configuration of views Syntax show snmp views viewname viewname Specifies the name of the view Range 1 30 Default Configuration This command has no default configuration Command Mode Privileged EXEC...
Page 298: ...e command displays the configuration of groups Syntax show snmp groups groupname groupname Specifies the name of the group Range 1 30 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show snmp views Name OID Tree Type user view 1 3 6 1 2 1 1 Included user view 1 3 6 1 2 1 1 7 Excl...
Page 299: ...group V3 priv Default Field Description Name Name of the group Security Model SNMP model in use v1 v2 or v3 Security Level Authentication of a packet with encryption Applicable only to the SNMP v3 security model Views Read Name of the view that enables only viewing the contents of the agent If unspecified all objects except the community table and SNMPv3 user and access tables are available Write ...
Page 300: ... filtername filtername Specifies the name of the filter Range 1 30 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the configuration of filters Console show snmp filters Name OID Tree Type user filter 1 3 6 1 2 1 1 Included user filter 1 3 6 1 2 1 1...
Page 301: ...me username Specifies the name of the user Range 1 30 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the configuration of users Console show snmp users Name Group name Auth Method Remote John user group md5 John user group md5 08009009020C0B099C075...
Page 302: ...302 SNMP Commands w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 303: ...ser Guidelines There are no user guidelines for this command Example The following example enables spanning tree functionality spanning tree mode The spanning tree mode Global Configuration mode command configures the spanning tree protocol To return to the default configuration use the no form of this command Syntax spanning tree mode stp rstp mstp no spanning tree mode stp Indicates that the Spa...
Page 304: ...he spanning tree forward time Global Configuration mode command configures the spanning tree bridge forward time which is the amount of time a port remains in the listening and learning states before entering the forwarding state To return to the default configuration use the no form of this command Syntax spanning tree forward time seconds no spanning tree forward time seconds Time in seconds Ran...
Page 305: ...e in seconds Range 1 10 Default Configuration The default hello time for IEEE Spanning Tree Protocol STP is 2 seconds Command Modes Global Configuration mode User Guidelines When configuring the hello time the following relationship should be kept Max Age 2 Hello Time 1 Example The following example configures spanning tree bridge hello time to 5 seconds spanning tree max age The spanning tree max...
Page 306: ...ty Global Configuration mode command configures the spanning tree priority of the device The priority value is used to determine which bridge is elected as the root bridge To return to the default configuration use the no form of this command Syntax spanning tree priority priority no spanning tree priority priority Priority of the bridge Range 0 61440 in steps of 4096 Default Configuration The def...
Page 307: ...rts Command Modes Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example disables spanning tree on Ethernet port 1 e5 spanning tree cost The spanning tree cost Interface Configuration mode command configures the spanning tree path cost for a port To return to the default configuration use the no form of this co...
Page 308: ... to 35000 spanning tree port priority The spanning tree port priority Interface Configuration mode command configures port priority To return to the default configuration use the no form of this command Syntax spanning tree port priority priority no spanning tree port priority priority The priority of the port Range 0 240 in multiples of 16 Default Configuration The default port priority for IEEE ...
Page 309: ...me delay To disable PortFast mode use the no form of this command Syntax spanning tree portfast no spanning tree portfast Default Configuration PortFast mode is disabled Command Modes Interface Configuration Ethernet port channel mode User Guidelines This feature should be used only with interfaces connected to end stations Otherwise an accidental topology loop could cause a data packet loop and d...
Page 310: ...tion The device derives the port link type from the duplex mode A full duplex port is considered a point to point link and a half duplex port is considered a shared link Command Modes Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example enables shared spanning tree on Ethernet port 1 e5 spanning tree pathcost...
Page 311: ...g tree is disabled globally or on a single interface To return to the default configuration use the no form of this command Syntax spanning tree bpdu filtering flooding filtering Filter BPDU packets when the spanning tree is disabled on an interface flooding Flood BPDU packets when the spanning tree is disabled on an interface Default Configuration The default setting is flooding Command Modes Glo...
Page 312: ...lines This feature should be used only when working in RSTP or MSTP mode Example The following example restarts the protocol migration process on Ethernet port 1 e11 spanning tree mst priority The spanning tree mst priority Global Configuration mode command configures the device priority for the specified spanning tree instance To return to the default configuration use the no form of this command...
Page 313: ...is discarded and the port information is aged out To return to the default configuration use the no form of this command Syntax spanning tree mst max hops hop count no spanning tree mst max hops hop count Number of hops in an MST region before the BDPU is discarded Range 1 40 Default Configuration The default number of hops is 20 Command Mode Global Configuration mode User Guidelines There are no ...
Page 314: ...Protocol MSTP is 128 Command Modes Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures the port priority of port 1 e1 for instance 1 to 142 spanning tree mst cost The spanning tree mst cost Interface Configuration mode command configures the path cost for multiple spanning tree MST calculations If...
Page 315: ...iguration The spanning tree mst configuration Global Configuration mode command enables configuring an MST region by entering the Multiple Spanning Tree MST mode Syntax spanning tree mst configuration Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines All devices in an MST region must have the same VLAN mapping configuration revis...
Page 316: ...LANs are mapped to the common and internal spanning tree CIST instance instance 0 Command Modes MST Configuration mode User Guidelines All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree CIST instance instance 0 and cannot be unmapped from the CIST For two or more devices to be in the same MST region they must have the same VLAN mapping t...
Page 317: ...ST Configuration mode User Guidelines There are no user guidelines for this command Example The following example defines the configuration name as region1 revision mst The revision MST configuration command defines the MST region revision number To return to the default configuration use the no form of this command Syntax revision value no revision value Configuration revision number Range 0 6553...
Page 318: ...on mode command displays the current or pending MST region configuration Syntax show current pending current Indicates the current region configuration pending Indicates the pending region configuration Default Configuration This command has no default configuration Command Mode MST Configuration mode User Guidelines The pending MST region configuration takes effect only after exiting the MST conf...
Page 319: ... Syntax exit Default Configuration This command has no default configuration Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command Example The following example exits the MST configuration mode and saves changes Console config mst show pending Pending MST configuration Name Region1 Revision 1 Instance Vlans Mapped State 0 1 9 21 4094 Enabled 1 10 20 Enab...
Page 320: ...nges show spanning tree The show spanning tree Privileged EXEC mode command displays spanning tree configuration Syntax show spanning tree ethernet interface number port channel port channel number instance instance id show spanning tree detail active blockedports instance instance id show spanning tree mst configuration interface number A valid Ethernet port port channel number A valid port chann...
Page 321: ... Console show spanning tree Spanning tree enabled mode RSTP Default port cost method long Root ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 e1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 e1 Enabled...
Page 322: ...ing tree enabled mode RSTP Default port cost method long Root ID Priority 36864 Address 00 02 4b 29 7a 00 This switch is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 e1 Enabled 128 1 20000 FWD Desg No P2p RSTP 1 e2 Enabled 128 2 20000 FWD Desg No Shared STP 1 e3 Disabled 128 3 20000 1 e4 Enabled 128 4 20000 FWD Desg No S...
Page 323: ... ID Priority N A Address N A Path Cost N A Root Port N A Hello Time N A Max Age N A Forward Delay N A Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 e1 Enabled 128 1 20000 1 e2 Enabled 128 2 20000 1 e3 Disabled 128 3 20000 1 e4 Enabled 128 4 20000 1 e5 Enabled 128 5 20000 ...
Page 324: ... Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 e1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 e1 Enabled 128 1 20000 FWD Root No P2p RSTP 1 e2 Enabled 128 2 20000 FWD Desg No Shared STP 1 e4 Enabled 12...
Page 325: ... Port 1 1 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 e4 Enabled 128 4 20000 BLK ALTN No Shared STP Console show spanning tree detail Spanning tree enabled mode RSTP Default port cost method long Root ID Priority 32768 Addre...
Page 326: ... 1 1 e1 enabled State Forwarding Role Root Port id 128 1 Port cost 20000 Type P2p configured auto RSTP Port Fast No configured no Designated bridge Priority 32768 Address 00 01 42 97 e0 00 Designated port id 128 25 Designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Port 2 1 e2 enabled State Forwarding Role Designated Port id 128 2 Port cost 20000 Type Sh...
Page 327: ...ate Blocking Role Alternate Port id 128 4 Port cost 20000 Type Shared configured auto STP Port Fast No configured no Designated bridge Priority 28672 Address 00 30 94 41 62 c8 Designated port id 128 25 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Port 5 1 e5 enabled State Disabled Role N A Port id 128 5 Port cost 20000 Type N A configured auto ...
Page 328: ...ed bridge Priority 32768 Address 00 01 42 97 e0 00 Designated port id 128 25 Designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Console show spanning tree mst configuration Name Region1 Revision 1 Instance Vlans mapped State 0 1 9 21 4094 Enabled 1 10 20 Enabled Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST ...
Page 329: ...orward Delay 15 sec Max hops 20 Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 e1 Enabled 128 1 20000 FWD Root No P2p Bound RSTP 1 e2 Enabled 128 2 20000 FWD Desg No Shared Bound STP 1 e3 Enabled 128 3 20000 FWD Desg No P2p 1 e4 Enabled 128 4 20000 FWD Desg No P2p MST 1 Vlans Mapped 10 20 CST Root ID Priority 24576 Address 00 02 4b 29 89 76 Path Cost 20000 Root Port 4 1 e4 Rem hops 1...
Page 330: ...tn No P2p 1 e4 Enabled 128 4 20000 FWD Desg No P2p Console show spanning tree detail Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 21 4094 CST Root ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 e1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID Priority 32768 Address 00 02 4b 29 7a 00 This switch is the IST maste...
Page 331: ...ived 120638 Port 2 1 e2 enabled State Forwarding Role Designated Port id 128 2 Port cost 20000 Type Shared configured auto Boundary STP Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Port 3 1 e3 enabled State Forwarding Role Designated P...
Page 332: ...orwarding state 1 BPDU sent 2 received 170638 MST 1 Vlans Mapped 10 20 Root ID Priority 24576 Address 00 02 4b 29 89 76 Path Cost 20000 Port Cost 4 1 e4 Rem hops 19 Bridge ID Priority 32768 Address 00 02 4b 29 7a 00 Number of topology changes 2 last change occurred 1d9h ago Times hold 1 topology change 2 notification 2 hello 2 max age 20 forward delay 15 Port 1 1 e1 enabled State Forwarding Role B...
Page 333: ...eceived 170638 Port 3 1 e3 disabled State Blocking Role Alternate Port id 128 3 Port cost 20000 Type Shared configured auto Internal Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 1a 19 Designated port id 128 78 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Port 4 1 e4 enabled State Forwarding Role Designated Por...
Page 334: ...1 9 21 4094 CST Root ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 e1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID Priority 32768 Address 00 02 4b 19 7a 00 Path Cost 10000 Rem hops 19 Bridge ID Priority 32768 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Console show spanning tree Spanning tree enabled m...
Page 335: ...on Root guard is disabled Command Modes Interface configuration Ethernet port channel User Guidelines Root guard can be enabled when the switch works in STP RSTP and MSTP When root guard is enabled if spanning tree calculations cause a port to be selected as the root port the port transitions to the alternate state Example The following example enable root guard on port e8 MST 0 Vlans Mapped 1 9 2...
Page 336: ...336 Spanning Tree Commands w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 337: ...mber for use by the SSH server Range 1 65535 Default Configuration The default port number is 22 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the port to be used by the SSH server as 8080 ip ssh server The ip ssh server Global Configuration mode command enables the device to be configured from a SSH ser...
Page 338: ...enerate dsa The crypto key generate dsa Global Configuration mode command generates DSA key pairs Syntax crypto key generate dsa Default Configuration DSA key pairs do not exist Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs one public DSA key and one private DSA key If the device already has DSA keys a warning and prompt to replace the existing keys with ne...
Page 339: ...prompt to replace the existing keys with new keys are displayed This command is not saved in the device configuration however the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up on another device RSA keys are saved to the backup master This command may take a considerable period of time to execute Example The following example...
Page 340: ... Example The following example enables public key authentication for incoming SSH sessions crypto key pubkey chain ssh The crypto key pubkey chain ssh Global Configuration mode command enters the SSH Public Key chain Configuration mode The mode is used to manually specify other device public keys such as SSH client public keys Syntax crypto key pubkey chain ssh Default Configuration No keys are sp...
Page 341: ...e username of the remote SSH client Range 1 48 characters rsa Indicates the RSA key pair dsa Indicates the DSA key pair Console config crypto key pubkey chain ssh Console config pubkey chain user key bob Console config pubkey key key string rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ ZNXfZSkvHG QusIZ 76ILmFT34v7u7ChFAE Vu4GRfpSwoQUvV35LqJJk67IOU zfwOl1g kTwml75QR9gHu...
Page 342: ...r SSH public key chain bob key string The key string SSH Public Key string Configuration mode command manually specifies an SSH public key Syntax key string key string row key string row Indicates the SSH public key row by row key string Specifies the key in UU encoded DER format UU encoded DER format is the same format in the authorized_keys file used by OpenSSH Default Configuration No keys exis...
Page 343: ...lic key client bob Console config crypto key pubkey chain ssh Console config pubkey chain user key bob rsa Console config pubkey key key string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ ZNXfZSkvHG QusIZ 76ILmFT34v7u7ChFAE Vu4GRfpSwoQUvV35LqJJk67IOU zfwOl1g kTwml75QR9gHujS6KwGN2QWXgh3ub8gDjTSq muSn Wd05iDX2IExQWu08licglk02LYciz Z4TrEU 9FJxwPiVQOjc KBXuR0juNg5nFYsY 0ZCk0...
Page 344: ...r this command Example The following example displays the SSH server configuration The following table describes significant fields shown above Console show ip ssh SSH server enabled Port 22 RSA key was generated DSA DSS key was generated SSH Public Key Authentication is enabled Active incoming sessions IP address SSH username Version Cipher Auth Code 172 16 0 1 John Brown 2 0 3 DES HMAC SHA1 Fiel...
Page 345: ...de Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the SSH public RSA keys on the device Console show crypto key mypubkey rsa RSA key data 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 64CAB820 847EDAD9 DF0B4E4C 73A05DD2 BD62A8A9 FA603DD2 E2A8A6F8 98F76E28 D58AD22...
Page 346: ...print in Hex format Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays SSH public keys stored on the device Console show crypto key pubkey chain ssh Username Fingerprint bob 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 john 98 F7 6E 28 F2 79 87 C8 ...
Page 347: ...ys a warning and prompt to replace the existing keys with new keys are displayed This command is not saved in the device configuration however the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up on another device This command may take a considerable period of time to execute Example This example generates DSA key pairs for sec...
Page 348: ...e saved in the private configuration which is never displayed to the user or backed up on another device This command may take a considerable period of time to execute Example This example generates RSA key pairs for secure login to remote access servers show crypto slogin key mypubkey The show crypto slogin key mypubkey Privileged EXEC mode command displays the secure login public keys of the dev...
Page 349: ...n key mypubkey rsa RSA key data 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 64CAB820 847EDAD9 DF0B4E4C 73A05DD2 BD62A8A9 FA603DD2 E2A8A6F8 98F76E28 D58AD221 B583D7A4 71020301 87685768 Fingerprint Hex 77 C7 19 85 98 19 27 96 C9 CC 83 C5 78 89 F8 86 Fingerprint Bubble Babble yteriuwt jgkljhglk yewiury hdskjfryt gfhkjglk ...
Page 350: ...350 SSH Commands w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 351: ... Guidelines The logging process controls the distribution of logging messages at various destinations such as the logging buffer logging file or syslog server Logging on and off at these destinations can be individually configured using the logging buffered logging file and logging Global Configuration mode commands However if the logging on command is disabled no messages are sent to these destin...
Page 352: ...ifies the facility that is indicated in the message Possible values local0 local1 local2 local3 local4 local5 local 6 local7 text Syslog server description Range 1 64 characters Default Configuration The default port number is 514 The default logging message level is informational The default facility is local7 Command Mode Global Configuration mode User Guidelines Up to 8 syslog servers can be us...
Page 353: ...xample The following example limits logging messages displayed on the console to severity level errors logging buffered The logging buffered Global Configuration mode command limits syslog messages displayed from an internal buffer based on severity To cancel using the buffer use the no form of this command Syntax logging buffered level no logging buffered level Specifies the severity level of mes...
Page 354: ...e command changes the number of syslog messages stored in the internal buffer To return to the default configuration use the no form of this command Syntax logging buffered size number no logging buffered size number Specifies the maximum number of messages stored in the history table Range 20 400 Default Configuration The default number of messages is 200 Command Mode Global Configuration mode Us...
Page 355: ... messages from the internal logging buffer logging file The logging file Global Configuration mode command limits syslog messages sent to the logging file based on severity To cancel using the buffer use the no form of this command Syntax logging file level no logging file level Specifies the severity level of syslog messages sent to the logging file Possible values emergencies alerts critical err...
Page 356: ...tion This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example clears messages from the logging file aaa logging The aaa logging Global Configuration mode command enables logging AAA login events in the syslog To disable logging AAA login events use the no form of this command Syntax aaa l...
Page 357: ... logging file system events use the no form of this command Syntax file system logging copy no file system logging copy file system logging delete rename no file system logging delete rename copy Indicates logging messages related to file copy operations delete rename Indicates logging messages related to file deletion and renaming operations Default Configuration Logging file system events is ena...
Page 358: ...agement ACLs Default Configuration Logging management ACL events is enabled Command Mode Global Configuration mode User Guidelines Other types of management ACL events are not subject to this command Example The following example enables logging messages related to deny actions of management ACLs show logging The show logging Privileged EXEC mode command displays the state of logging and the syslo...
Page 359: ...opped severity Buffer logging level debugging Buffer Messages 11 Logged 200 Max File logging level notifications File Messages 0 Dropped severity Syslog server 192 180 2 27 logging errors Messages 6 Dropped severity Syslog server 192 180 2 28 logging errors Messages 6 Dropped severity 2 messages were not logged resources Application filtering control Application Event Status AAA Login Enabled File...
Page 360: ...LINK 3 UPDOWN Interface Ethernet1 1 changed state to up 11 Aug 2004 15 41 43 LINK 3 UPDOWN Interface Ethernet1 2 changed state to up 11 Aug 2004 15 41 43 LINK 3 UPDOWN Interface Ethernet1 3 changed state to up 11 Aug 2004 15 41 43 SYS 5 CONFIG_I Configured from memory by console 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet0 0 changed state to up 11 Aug 2004 15 41...
Page 361: ...ebugging Console Messages 0 Dropped severity Buffer logging level debugging Buffer Messages 11 Logged 200 Max File logging level notifications File Messages 0 Dropped severity Syslog server 192 180 2 27 logging errors Messages 6 Dropped severity Syslog server 192 180 2 28 logging errors Messages 6 Dropped severity 2 messages were not logged resources Application filtering control Application Event...
Page 362: ...terface Ethernet1 1 changed state to up 11 Aug 2004 15 41 43 LINK 3 UPDOWN Interface Ethernet1 2 changed state to up 11 Aug 2004 15 41 43 LINK 3 UPDOWN Interface Ethernet1 3 changed state to up 11 Aug 2004 15 41 43 SYS 5 CONFIG_I Configured from memory by console 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet0 0 changed state to up 11 Aug 2004 15 41 39 LINEPROTO 5 ...
Page 363: ...es There are no user guidelines for this command Example The following example displays the settings of the syslog servers Console show syslog servers Device Configuration IP address Port Severity Facility Description 192 180 2 27 514 Informational local7 192 180 2 28 514 Warning local7 ...
Page 364: ...364 Syslog Commands w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 365: ...bytes packet_count Number of packets to send If 0 is entered it pings until stopped Range 0 65535 packets time_out Timeout in milliseconds to wait for each reply Range 50 65535 milliseconds Default Configuration Default packet size is 56 bytes Default number of packets to send is 4 Default timeout value is 2000 milliseconds Command Mode User EXEC mode User Guidelines Press Esc to stop pinging Foll...
Page 366: ... 1 1 icmp_seq 2 time 8 ms 64 bytes from 10 1 1 1 icmp_seq 3 time 7 ms 10 1 1 1 PING Statistics 4 packets transmitted 4 packets received 0 packet loss round trip ms min avg max 7 8 11 Console ping yahoo com Pinging yahoo com 66 218 71 198 with 64 bytes of data 64 bytes from 10 1 1 1 icmp_seq 0 time 11 ms 64 bytes from 10 1 1 1 icmp_seq 1 time 8 ms 64 bytes from 10 1 1 1 icmp_seq 2 time 8 ms 64 byte...
Page 367: ...to wait for a response to a probe packet Range 1 60 ip address One of the device s interface addresses to use as a source address for the probes The device normally selects what it feels is the best source address to use tos The Type Of Service byte in the IP Header of the packet Range 0 255 Default Configuration The default number of bytes in a packet is 40 The default maximum TTL value is 30 The...
Page 368: ...sing Esc Examples The following example discovers the routes that packets will actually take when traveling to their destination Console traceroute umaxp1 physics lsa umich edu Type Esc to abort Tracing the route to umaxp1 physics lsa umich edu 141 211 101 64 1 i2 gateway stanford edu 192 68 191 83 0 msec 0 msec 0 msec 2 STAN POS calren2 NET 171 64 1 213 0 msec 0 msec 0 msec 3 SUNV STAN POS calren...
Page 369: ...words listed in the Ports table in the User Guidelines keyword One or more keywords listed in the Keywords table in the User Guidelines Field Description 1 Indicates the sequence number of the device in the path to the host i2 gateway stanford edu Host name of this device 192 68 191 83 IP address of this device 1 msec 1 msec 1 msec Round trip time for each probe sent Field Description The probe ti...
Page 370: ...listed by pressing the Ctrl shift 6 keys at the system prompt A sample of this list follows Note that the Ctrl shift 6 sequence appears as on the screen Several concurrent Telnet sessions can be opened and switched To open a subsequent session the current connection has to be suspended by pressing the escape sequence keys Ctrl shift 6 and x to return to the system command prompt Then open a new co...
Page 371: ...riate for connections to ports running UNIX to UNIX Copy Program UUCP and other non Telnet protocols Keyword Description Port Number BGP Border Gateway Protocol 179 chargen Character generator 19 cmd Remote commands 514 daytime Daytime 13 discard Discard 9 domain Domain Name Service 53 echo Echo 7 exec Exec 512 finger Finger 79 ftp File Transfer Protocol 21 ftp data FTP data connections 20 gopher ...
Page 372: ...C mode command enables switching to another open Telnet session Syntax resume connection connection The connection number Range 1 4 connections Default Configuration The default connection number is that of the most recent connection Command Mode User EXEC mode pim auto rp PIM Auto RP 496 pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 110 smtp Simple Mail Transport Protocol 25 sunrp...
Page 373: ...iguration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Caution should be exercised when resetting the device to ensure that no other activity is being performed In particular the user should verify that no configuration files are being downloaded at the time of reset Example The following example reloads the operating system Console resume 1 Console r...
Page 374: ...s no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the device host name stack master The stack master Global Configuration mode command enables forcing the selection of a stack master To return to the default configuration use the no form of this command Syntax stack master unit uni...
Page 375: ...e longer up time is elected master Units are considered to have the same up time if they were powered up within ten minutes of each other If both forced master units have the same up time Unit 1 is elected Example The following example selects Unit 2 as the stack master stack reload The stack reload Privileged EXEC mode command reloads stack members Syntax stack reload unit unit unit Number of the...
Page 376: ...the unit displayed at the bottom Range 1 6 Default Configuration The master unit is displayed at the top Command Modes Global Configuration mode User Guidelines If the units are not adjacent in ring or chain topology the units are not at the edge and the default display order is used Example This example displays unit 6 at the top of the display and unit 1 at the bottom show stack The show stack U...
Page 377: ... 00 00 b0 87 12 14 1 0 0 0 5 6 Slave 5 00 00 b0 87 12 15 1 0 0 0 2 4 Slave 6 00 00 b0 87 12 16 1 0 0 0 4 1 Slave Configured order Unit 1 at Top Unit 2 at bottom Console show stack Unit Address Software Master Uplink Downlink Status 3 00 00 b0 87 12 13 1 0 0 0 1 4 Slave 4 00 00 b0 87 12 14 1 0 0 0 3 5 Slave 5 00 00 b0 87 12 15 1 0 0 0 4 6 Slave 6 00 00 b0 87 12 16 1 0 0 0 5 2 Slave 1 00 00 b0 87 12...
Page 378: ...t configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information about the active users Console show stack 1 Unit 1 MAC address 00 00 b0 87 12 11 Master Forced Product PowerCOnnect34xx Software 1 0 0 0 Status Master Active image image 1 Selected for next boot image 2 Console show users Username Protocol Loc...
Page 379: ...idelines for this command Examples The following example lists open Telnet sessions The following table describes significant fields shown above Console show sessions Connection Host Address Port Byte 1 Remote device 172 16 1 1 23 89 2 172 16 1 2 172 16 1 2 23 8 Field Description Connection Connection number Host Remote host to which the device is connected through a Telnet session Address IP addr...
Page 380: ... the number of the unit Range 1 6 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the system information Console show system Unit Type 1 PowerConnect 3424 Unit Main Power Supply Redundant Power Supply 1 OK Unit Fan1 Fan2 Fan3 Fan4 Fan5 1 OK OK Unit Temper...
Page 381: ...idelines There are no user guidelines for this command Example The following example displays system version information only for demonstration purposes asset tag The asset tag Global Configuration mode command specifies the asset tag of the device To return to the default configuration use the no form of the command Console show version SW version 1 0 0 0 date 23 Jul 2004 time 17 34 19 Boot versi...
Page 382: ...that of the master unit Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the asset tag of the master unit as 1qwepot show system id The show system id User EXEC mode command displays system ID information Syntax show system id unit unit unit Specifies the number of the unit Range 1 6 Default Configuration T...
Page 383: ...and Syntax service cpu utilization no service cpu utilization Default Configuration Disabled Command Mode Global Configuration mode User Guidelines Use the show cpu utilization privileged EXEC command to view information on CPU utilization Example This example enables measuring CPU utilization Console show system id Service Tag 89788978 Serial number 8936589782 Asset tag 7843678957 Unit Service ta...
Page 384: ... CPU utilization Syntax show cpu utilization Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines Use the service cpu utilization Global Configuration mode command to enable measuring CPU utilization Example The following example displays CPU utilization Console show cpu utilization CPU utilization service is on CPU utilization five sec...
Page 385: ...le open connection between the device and the daemon port number Specifies a server port number Range 0 65535 timeout Specifies the timeout value in seconds Range 1 30 key string Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the encryption key used on the TACACS daemon To specify an empty string enter Rang...
Page 386: ...etween the device and the TACACS daemon To disable the key use the no form of this command Syntax tacacs server key key string no tacacs server key key string Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the encryption key used on the TACACS daemon Range 0 128 characters Default Configuration Empty string...
Page 387: ...de Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example sets the timeout value to 30 tacacs server source ip The tacacs server source ip Global Configuration mode command configures the source IP address to be used for communication with TACACS servers To return to the default configuration use the no form of this command Syntax tac...
Page 388: ...a TACACS server Syntax show tacacs ip address ip address Name or IP address of the TACACS server Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays configuration and statistical information about a TACACS server Console config tacacs server source ip ...
Page 389: ...TACACS Commands 389 DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY Global values TimeOut 3 Device Configuration Source IP 172 16 8 1 ...
Page 390: ...390 TACACS Commands w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 391: ... Configuration The default privilege level is 15 Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example enters Privileged EXEC mode disable The disable Privileged EXEC mode command returns to the User EXEC mode Syntax disable privilege level privilege level Privilege level to enter the system Range 1 15 Default Configuration The defa...
Page 392: ...lowing example returns to Users EXEC mode login The login User EXEC mode command changes a login username Syntax login Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example enters Privileged EXEC mode and logs in with username admin Console disable Console Console login...
Page 393: ...eged EXEC mode User Guidelines There are no user guidelines for this command Example The following example enters Global Configuration mode exit Configuration The exit command exits any configuration mode to the next highest mode in the CLI mode hierarchy Syntax exit Default Configuration This command has no default configuration Command Mode All configuration modes User Guidelines There are no us...
Page 394: ...d EXEC mode exit The exit Privileged User EXEC mode command closes an active terminal session by logging off the device Syntax exit Default Configuration This command has no default configuration Command Mode Privileged and User EXEC modes User Guidelines There are no user guidelines for this command Example The following example closes an active terminal session Console config if exit Console con...
Page 395: ...nd Mode All configuration modes User Guidelines There are no user guidelines for this command Example The following example changes from Global Configuration mode to Privileged EXEC mode help The help command displays a brief description of the help system Syntax help Default Configuration This command has no default configuration Command Mode All command modes User Guidelines There are no user gu...
Page 396: ...the next screen of output The data dump command enables dumping all output immediately after entering the show command This command is relevant only for the current session Console help Help may be requested at any point in a command by entering a question mark If nothing matches the currently entered incomplete command the help list is empty This indicates that for a query at this point there is ...
Page 397: ...r Guidelines The buffer includes executed and unexecuted commands Commands are listed from the first to the most recent command The buffer remains unchanged when entering into and returning from configuration modes Example The following example displays all the commands entered while in the current Privileged EXEC mode Console terminal datadump Console show version SW version 3 131 date 23 Jul 200...
Page 398: ...mmand displays the current privilege level Syntax show privilege Default Configuration This command has no default configuration Command Mode Privileged and User EXEC modes User Guidelines There are no user guidelines for this command Example The following example displays the current privilege level for the Privileged EXEC mode Console show privilege Current privilege level is 15 ...
Page 399: ...onfiguration mode User Guidelines There are no user guidelines for this command Example The following example enters the VLAN database mode vlan Use the vlan VLAN Configuration mode command to create a VLAN To delete a VLAN use the no form of this command Syntax vlan vlan range no vlan vlan range vlan range Specifies a list of VLAN IDs to be added Separate non consecutive VLAN IDs with a comma and...
Page 400: ...ated interface vlan The interface vlan Global Configuration mode command enters the Interface Configuration VLAN mode Syntax interface vlan vlan id vlan id Specifies an existing VLAN ID Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enters Interface Co...
Page 401: ...nge context are executed independently on each interface in the range If the command returns an error on one of the interfaces an error message is displayed and execution of the command continues on the other interfaces The following commands are not supported with the interface range vlan command private vlan primary private vlan community private vlan isolated and ip internal usage vlan Example ...
Page 402: ...vate vlan primary The private vlan primary Interface Configuration mode command configures the primary PVLAN To return to the default configuration use the no form of this command Syntax private vlan primary no private vlan primary Default Configuration No PVLANs are configured Command Mode Interface Configuration VLAN mode User Guidelines An IP interface cannot be defined on a primary VLAN A prim...
Page 403: ...Default Configuration No VLAN is configured Command Mode Interface Configuration VLAN mode User Guidelines This command creates an isolated VLAN and associates it with the primary VLAN The command is executed in the context of the primary VLAN An isolated VLAN can only be associated with one primary VLAN A VLAN that has been configured as an isolated VLAN cannot be configured as a primary or commu...
Page 404: ...ies a list of community VLAN IDs to be removed Separate non consecutive VLAN IDs with a comma and no spaces a hyphen designates a range of IDs Default Configuration No association is configured Command Mode Interface Configuration VLAN mode User Guidelines This command creates a community VLAN and associates it with the primary VLAN The command is executed in the context of the primary VLAN A comm...
Page 405: ...ayer 2 VLAN port general Indicates a full 802 1q supported VLAN port promiscuous Indicates a promiscuous private vlan port community Indicates a community private vlan port isolated Indicates an isolated private vlan port Default Configuration All ports are in access mode and belong to the default VLAN whose VID 1 Command Mode Interface Configuration Ethernet port channel mode User Guidelines A po...
Page 406: ...ccess vlan vlan id Specifies the ID of the VLAN to which the port is configured dynamic Indicates that the port is assigned to a VLAN based on the source MAC address of the host connected to the port Default Configuration All ports belong to VLAN 1 Command Mode Interface configuration Ethernet port channel mode User Guidelines The command automatically removes the port from the previous VLAN and a...
Page 407: ...t private vlan community cvlan no switchport private vlan community pvlan Specifies the ID of the primary VLAN cvlan Specifies the ID of the community VLAN Default Configuration The port is not a member of a PVLAN Command Mode Interface Configuration Ethernet port channel mode User Guidelines The community VLAN should be associated with the primary VLAN by using the private vlan community Interfac...
Page 408: ...ion about private VLANs Syntax show vlan private vlan primary vlan id vlan id Specifies the ID of the primary VLAN Default Configuration This command has no default configuration Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command Console config Console config vlan database Console config vlan vlan 200 Console config vlan exit Console config interface vlan 20...
Page 409: ...ut specific private VLANs Console show vlan private vlan Primary Isolated Community 100 101 102 103 200 201 202 203 Console show vlan private vlan primary 100 Primary VLAN 100 Isolated VLAN 101 Community VLANs 102 103 Promiscuous ports 1 e19 2 e19 Isolated ports 1 e1 e8 2 e1 e8 Community Ports 102 1 e21 1 e22 103 2 e21 2 e22 ...
Page 410: ...n designates a range of IDs Default Configuration This command has no default configuration Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example adds VLANs 1 2 5 to 6 to the allowed list of Ethernet port 1 e16 switchport trunk native vlan The switchport trunk native vlan Interface Configuration m...
Page 411: ...dd vlan list tagged untagged switchport general allowed vlan remove vlan list add vlan list Specifies the list of VLAN IDs to be added Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan list Specifies the list of VLAN IDs to be removed Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs tagged Indi...
Page 412: ...mode To return to the default configuration use the no form of this command Syntax switchport general pvid vlan id no switchport general pvid vlan id Specifies the PVID Port VLAN ID Default Configuration If the default VLAN is enabled PVID 1 Otherwise PVID 4095 Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The ...
Page 413: ...nes There are no user guidelines for this command Example The following example disables port ingress filtering on Ethernet port 1 e16 switchport general acceptable frame type tagged only The switchport general acceptable frame type tagged only Interface Configuration mode command discards untagged frames at ingress To return to the default configuration use the no form of this command Syntax swit...
Page 414: ...s to be added Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan list Specifies the list of VLAN IDs to be removed Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs Default Configuration All VLANs are allowed Command Mode Interface Configuration Ethernet port channel mode User Guidelines This com...
Page 415: ... User Guidelines There are no user Guidelines for this command Example The following example sets the port s VLAN when the interface is in customer mode ip internal usage vlan The ip internal usage vlan Interface Configuration mode command reserves a VLAN as the internal usage VLAN of an interface To return to the default configuration use the no form of this command Syntax ip internal usage vlan ...
Page 416: ...following Remove the IP interface Create the VLAN and recreate the IP interface Use this command to explicitly configure a different VLAN as the internal usage VLAN This command is not supported under the command interface range vlan Example The following example reserves VLAN 15 as the internal usage VLAN of ethernet port 1 e8 mac to vlan The mac to vlan VLAN Configuration mode command adds MAC a...
Page 417: ...3ff to VLAN 123 show vlan mac to vlan The show vlan mac to vlan Privileged EXEC mode command displays the MAC to VLAN database Syntax show mac to vlan mac address mac address Specifies the MAC address to be viewed Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following exam...
Page 418: ... default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays all VLAN information 0060 704c 73ff 123 0060 708c 73ff deny Console show vlan VLAN Name Ports Type Authorization 1 default 1 e1 e2 2 e1 e4 other Required 10 VLAN0010 1 e3 e4 dynamic Required 11 VLAN0011 1 e1 e2 static Required 20 VLAN0020 1 e...
Page 419: ...his command Example The following example displays VLANs used internally by the device show interfaces switchport The show interfaces switchport Privileged EXEC mode command displays the switchport configuration Syntax show interfaces switchport ethernet interface port channel port channel number interface A valid Ethernet port number port channel number A valid port channel number Default Configu...
Page 420: ...t 1 e1 Console show interface switchport ethernet 1 e1 Port 1 e1 VLAN Membership mode General Operating parameters PVID 1 default Ingress Filtering Enabled Acceptable Frame Type All GVRP status Enabled Protected Enabled Uplink is 1 e9 Port is member in Vlan Name Egress rule Type 1 default untagged System 8 VLAN008 tagged Dynamic 11 VLAN011 tagged Static 19 IPv6 VLAN untagged Static 72 VLAN0072 unt...
Page 421: ...VLAN0072 untagged Forbidden VLANS VLAN Name 73 out Console show interface switchport ethernet 1 e2 Port 1 e2 VLAN Membership mode General Operating parameters PVID 4095 discard vlan Ingress Filtering Enabled Acceptable Frame Type All Port is member in Vlan Name Egress rule Type 91 IP Telephony tagged Static Static configuration PVID 8 Ingress Filtering Disabled Acceptable Frame Type All ...
Page 422: ...LAN0072 untagged 91 IP Telephony tagged Forbidden VLANS VLAN Name 73 out Port 2 e19 VLAN Membership mode Private VLAN Community Primary VLAN 2921 Community VLAN 2922 Console show interfaces switchport ethernet 2 e19 Port 2 e19 VLAN Membership mode Private VLAN Community Operating parameters PVID 2922 Ingress Filtering Enabled Acceptable Frame Type Untagged GVRP status Disabled ...
Page 423: ...ARY 9 13 06 FOR PROOF ONLY Port is member in Vlan Name Egress rule Type 2921 Primary A untagged Static 2922 Community A1 untagged Static Static configuration PVID 2922 Ingress Filtering Enabled Acceptable Frame Type Untagged GVRP status Disabled ...
Page 424: ...424 VLAN Commands w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 425: ...bled Command Mode Global Configuration mode User Guidelines Only a user with access level 15 can use the Web server Example The following example enables configuring the device from a browser ip http port The ip http port Global Configuration mode command specifies the TCP port to be used by the Web browser interface To return to the default configuration use the no form of this command Syntax ip ...
Page 426: ... server The ip https server Global Configuration mode command enables configuring the device from a secured browser To return to the default configuration use the no form of this command Syntax ip https server no ip https server Default Configuration HTTPS server is disabled Command Mode Global Configuration mode User Guidelines Use the crypto certificate generate Global Configuration mode command...
Page 427: ...cess to the device Example The following example configures the https port number to 100 crypto certificate generate The crypto certificate generate Global Configuration mode command generates a self signed HTTPS certificate Syntax crypto certificate number generate key generate length cn common name ou organization unit or organization loc location st state cu country duration days number Specifi...
Page 428: ...pecified the default period of time that the certification is valid is 365 days Command Mode Global Configuration mode User Guidelines The command is not saved in the device configuration however the certificate and keys generated by this command are saved in the private configuration which is never displayed to the user or backed up to another device Use this command to generate a self signed cer...
Page 429: ...efault configuration for this command Command Mode Privileged EXEC mode User Guidelines Use this command to export a certificate request to a Certification Authority The certificate request is generated in Base64 encoded X 509 format Before generating a certificate request you must first generate a self signed certificate using the crypto certificate generate Global Configuration mode command Be a...
Page 430: ...figuration Command Mode Global Configuration mode Console crypto certificate 1 request BEGIN CERTIFICATE REQUEST MIwTCCASoCAQAwYjELMAkGA1UEBhMCUFAxCzAJBgNVBAgTAkNDMQswCQYDVQQH EwRDEMMAoGA1UEChMDZGxkMQwwCgYDVQQLEwNkbGQxCzAJBgNVBAMTAmxkMRAw DgKoZIhvcNAQkBFgFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ecwQ HdML0831i0fh F0MV Kib6Sz5p 3nUUenbfHp igVPmFM 1nbqTDekb2ymCu6K aKvEbVLF9F2LmM7VPjDBb9bb4jnxkvwW wz...
Page 431: ...user or backed up to another device Examples The following example imports a certificate signed by Certification Authority for HTTPS Console config crypto certificate 1 import BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw CwR0PBAQDAgFGMA8GA1U...
Page 432: ...ommand Mode Global Configuration mode User Guidelines The crypto certificate generate command should be used to generate HTTPS certificates Example The following example configures the active certificate for HTTPS show crypto certificate mycertificate The show crypto certificate mycertificate Privileged EXEC mode command displays the SSH certificates of the device Syntax show crypto certificate my...
Page 433: ...ertificate mycertificate 1 BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw CwR0PBAQDAgFGMA8GA1UdEwEB wQFMAMBAf8wHQYDVR0OBBYEFAf4MT9BRD47 ZvKBAEL9Ggp 6MIIBNgYDVR0fBIIBLTCCASkwgdKggc ggcyGgclsZGFwOi8v L0VByb3h5JTIwU29mdHdhcmUlMjBSb290JTIwQ2VydGlm...
Page 434: ...ion This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the HTTP server configuration Console show ip http HTTP server enabled Port 80 Console show ip https HTTPS server enabled Port 443 Certificate 1 is active Issued by www verisign com Valid from Jan 1 02 44 50 2004 GMT Va...
Page 435: ...TIAL PRELIMINARY 9 13 06 FOR PROOF ONLY Certificate 2 is inactive Valid From Jan 1 02 44 50 2004 GMT Valid to Dec 31 02 44 50 2005 GMT Subject CN router gm com 0 General Motors C US Finger print 1873B936 88DC3411 BC8932EF 782134BA ...
Page 436: ...436 Web Server w w w d e l l c o m s u p p o r t d e l l c o m DELL CONFIDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY ...
Page 437: ...t one from the following table Default Configuration No authentication method is defined Command Mode Global Configuration mode User Guidelines Additional methods of authentication are used only if the previous method returns an error and not if the request for authentication is denied To ensure that authentication succeeds even if all methods return an error specify none as the final method in th...
Page 438: ... of this command Syntax dot1x system auth control no dot1x system auth control Default Configuration 802 1x is disabled globally Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example enables 802 1x globally dot1x port control The dot1x port control Interface Configuration mode command enables manually controlling the au...
Page 439: ...sition to the unauthorized state and ignoring all attempts by the client to authenticate The device cannot provide authentication services to the client through the interface Default Configuration Port is in the force authorized state Command Mode Interface Configuration Ethernet User Guidelines It is recommended to disable spanning tree or to enable spanning tree PortFast mode on 802 1x edge port...
Page 440: ...imeout re authperiod The dot1x timeout re authperiod Interface Configuration mode command sets the number of seconds between re authentication attempts To return to the default configuration use the no form of this command Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds Number of seconds between re authentication attempts Range 300 4294967295 Default Configuration...
Page 441: ...no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following command manually initiates a re authentication of 802 1X enabled Ethernet port 1 e16 dot1x timeout quiet period The dot1x timeout quiet period Interface Configuration mode command sets the number of seconds that the device remains in the quiet state follow...
Page 442: ...tication servers To provide a faster response time to the user a smaller number than the default value should be entered Examples The following example sets the number of seconds that the device remains in the quiet state following a failed authentication exchange to 3600 dot1x timeout tx period The dot1x timeout tx period Interface Configuration mode command sets the number of seconds that the de...
Page 443: ... that the device sends an Extensible Authentication Protocol EAP request identity frame assuming that no response is received to the client before restarting the authentication process To return to the default configuration use the no form of this command Syntax dot1x max req count no dot1x max req count Number of times that the device sends an EAP request identity frame before restarting the auth...
Page 444: ...nt before resending the request Range 1 65535 seconds Default Configuration Default timeout period is 30 seconds Command Mode Interface configuration Ethernet mode User Guidelines The default value of this command should be changed only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers Examples The following...
Page 445: ...e result of multiplying the radius server retransmit value with the radius server timeout value and selecting the lower of the two values Examples The following example sets the time for the retransmission of packets to the authentication server to 3600 seconds show dot1x The show dot1x Privileged EXEC mode command displays the 802 1X status of the device or specified interface Syntax show dot1x e...
Page 446: ...zed Ena 3600 Bob 1 e2 Auto Authorized Ena 3600 John 1 e3 Auto Unauthorized Ena 3600 Clark 1 e4 Force auth Authorized Dis 3600 n a 1 e5 Force auth Unauthorized Dis 3600 n a Port is down or not present Console show dot1x ethernet 1 e3 802 1x is enabled Port Admin Mode Oper Mode Reauth Control Reauth Period Username 1 e3 Auto Unauthorized Ena 3600 Clark Quiet period 60 Seconds Tx period 30 Seconds Ma...
Page 447: ...ort is unauthorized it shows the last user that was authenticated successfully Quiet period The number of seconds that the device remains in the quiet state following a failed authentication exchange for example the client provided an invalid password Tx period The number of seconds that the device waits for a response to an Extensible Authentication Protocol EAP request identity frame from the cl...
Page 448: ...this command Example The following example displays 802 1X users Authentication Method The authentication method used to establish the session Termination Cause The reason for the session termination State The current value of the Authenticator PAE state machine and of the Backend state machine Authentication success The number of times the state machine received a Success message from the Authent...
Page 449: ...This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show dot1x users username Bob Username Bob Port Username Session Time Auth Method MAC Address 1 e1 Bob 1d 03 08 58 Remote 0008 3b79 8787 Field Description Port The port number Username The username representing the identity of the Supplicant Session Time...
Page 450: ...urce 00 08 78 32 98 78 Field Description EapolFramesRx The number of valid EAPOL frames of any type that have been received by this Authenticator EapolFramesTx The number of EAPOL frames of any type that have been transmitted by this Authenticator EapolStartFramesRx The number of EAPOL Start frames that have been received by this Authenticator EapolLogoffFramesRx The number of EAPOL Logoff frames ...
Page 451: ...enticated VLAN although only tagged packets would be accepted in the unauthorized state Examples The following example enables access to the VLAN to unauthorized devices EapolReqFramesTx The number of EAP Request frames other than Rq Id frames that have been transmitted by this Authenticator InvalidEapolFramesRx The number of EAPOL frames that have been received by this Authenticator in which the ...
Page 452: ...ork access If the port becomes unauthorized all attached clients are denied access to the network For unauthenticated VLANs multiple hosts are always enabled Multiple hosts must be enabled to enable port security on the port Examples The following command enables multiple hosts clients on an 802 1X authorized port dot1x single host violation The dot1x single host violation Interface Configuration ...
Page 453: ...ration Ethernet mode User Guidelines The command is relevant when multiple hosts is disabled and the user has been successfully authenticated Examples The following example forwards frames with source addresses that are not the supplicant address and sends consecutive traps at intervals of 100 seconds dot1x guest vlan The dot1x guest vlan Interface Configuration mode command defines a guest VLAN T...
Page 454: ...guest VLAN dot1x guest vlan enable The dot1x vlans guest vlan enable Interface Configuration mode command enables unauthorized users on the interface access to the Guest VLAN To disable access use the no form of this command Syntax dot1x guest vlan enable no dot1x guest vlan enable Default Configuration Disabled Command Mode Interface Configuration Ethernet mode User Guidelines A device can have o...
Page 455: ...rnet interface interface Valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays 802 1X advanced features for the device Console configure Console config interface ethernet 1 e1 Console config if dot1x guest vlan e...
Page 456: ...IDENTIAL PRELIMINARY 9 13 06 FOR PROOF ONLY Console show dot1x advanced ethernet 1 e1 Interface Multiple Hosts Guest VLAN 1 e1 Disabled Enabled Single host parameters Violation action Discard Trap Enabled Trap frequency 100 Status Single host locked Violations since last trap 9 ...
