Dell PowerConnect 3500 Series Cli Reference Manual Download Page 97

Page: 97 / 538

ACL Commands

Example

The following example shows how to create a MAC ACL with permit rules.

deny (MAC)

The

deny

MAC-Access List Configuration mode command denies

traffic if the conditions defined in the

deny statement match.

Syntax

•

deny [disable-port] {any|{

source source- wildcard

} {any|{

destination destination- wildcard

}} [vlan

vlan-id

] [cos

cos cos-wildcard

] [ethtype

eth-type

]

•

disable-port —

Indicates that the port is disabled if the condition is matched.

•

source

— Specifies the MAC address of the host from which the packet was sent.

•

source-wildcard

— Specifies wildcard bits to the source MAC address by placing 1s in bit positions

to be ignored.

•

any

— Specify a MAC address and mask. For example, to set 00:00:00:00:10:XX use the Mac

address 00:00:00:00:10:00 and mask 00:00:00:00:00:FF.

•

destination

— Specifies the MAC address of the host to which the packet is being sent.

•

destination-wildcard

— Specifies wildcard bits to the destination MAC address by placing 1s in bit

positions to be ignored.

•

vlan-id

— Specifies the vlan id of the packet. (Range: 1 - 4094)

•

cos

— Specifies the packets’s Class of Service (CoS). (Range: 0 - 7)

•

cos-wildcard

— Specifies wildcard bits to be applied to the CoS.

•

eth-type

— Specifies the packet’s Ethernet type in hexadecimal format. (0 - 05dd-ffff {hex})

Default Configuration

No MAC access list is defined.

Command Mode

MAC-Access List Configuration mode.

User Guidelines

•

MAC BPDU packets cannot be denied.

•

Each MAC address in the ACL is a ACE (Access Control Element) and can only be removed by deleting
the ACL using the

no ip access-list

Global Configuration mode command or the Web-based interface.

Console(config)#

mac access-list

macl-acl1

Console(config-mac-al)#

permit

06:a6 00:00:00:00:00:00 any vlan 6

book.book Page 97 Thursday, December 18, 2008 7:40 PM

Summary of Contents for PowerConnect 3500 Series

Page 1: ...w w w d e l l c o m s u p p o r t d e l l c o m Dell PowerConnect 3500 Series CLI Reference Guide book book Page 1 Thursday December 18 2008 7 40 PM ...

Page 2: ...out the written permission of Dell Inc is strictly forbidden Trademarks used in this text Dell the DELL logo and PowerConnect are trademarks of Dell Inc Microsoft Windows and Windows Server are either trademarks or registered trademarks of Microsoft Corporation in the United States and or other countries Other trademarks and trade names may be used in this document to refer to either the entities ...

Page 3: ...ting Features 30 Setup Wizard 31 Terminal Command Buffer 31 Negating the Effect of Commands 31 Command Completion 32 Keyboard Shortcuts 32 CLI Command Conventions 32 2 Command Groups 33 Introduction 33 Command Groups 33 AAA Commands 35 ACL Commands 35 Address Table Commands 36 Clock Commands Commands 37 Configuration and Image Files Commands 38 DHCP Snooping Commands 39 Ethernet Configuration Comm...

Page 4: ...agnostics Commands 47 Power over Ethernet Commands 47 Port Channel Commands 48 Port Monitor Commands 48 QoS Commands 48 RADIUS Commands 49 RMON Commands 50 SNMP Commands 50 Spanning Tree Commands 51 SSH Commands 53 Syslog Commands 53 System Management Commands 54 TACACS Commands 55 TIC Commands 55 Tunnel Commands 56 User Interface Commands 57 VLAN Commands 57 Voice VLAN Commands 59 book book Page ...

Page 5: ...leged EXEC Mode 73 SP SSH Public Key Mode 76 UE User EXEC Mode 76 VC VLAN Configuration Mode 78 IPAL IP Access List Configuration Mode 79 MAL MAC Access List Configuration Mode 79 4 AAA Commands 81 aaa authentication login 81 aaa authentication enable 82 login authentication 83 enable authentication 84 ip http authentication 85 ip https authentication 86 show authentication methods 87 password 88 ...

Page 6: ...01 bridge address 101 bridge multicast filtering 102 bridge multicast address 102 bridge multicast forbidden address 104 bridge multicast unregistered 105 bridge multicast forward all 105 bridge multicast forbidden forward all 106 bridge aging time 107 clear bridge 108 port security 109 port security mode 110 port security max 110 port security routed secure address 111 book book Page 6 Thursday D...

Page 7: ...curity 120 show ports security addresses 122 7 Clock 125 clock set 125 clock source 126 clock timezone 126 clock summer time 127 sntp authentication key 128 sntp authenticate 129 sntp trusted key 130 sntp client poll timer 131 sntp broadcast client enable 131 sntp anycast client enable 132 sntp client enable 132 sntp client enable Interface 133 sntp unicast client enable 134 sntp unicast client po...

Page 8: ... bootvar 152 9 DHCP Snooping 153 ip dhcp snooping 153 ip dhcp snooping vlan 153 ip dhcp snooping trust 154 ip dhcp snooping information option allowed untrusted 155 ip dhcp snooping verify 155 ip dhcp snooping database 156 ip dhcp snooping database update freq 157 ip dhcp snooping binding 157 clear ip dhcp snooping database 158 show ip dhcp snooping 159 show ip dhcp snooping binding 160 book book ...

Page 9: ...active 170 show interfaces advertise 171 show interfaces configuration 172 show interfaces status 174 show interfaces description 176 show interfaces counters 177 port storm control include multicast 179 port storm control broadcast enable 180 port storm control broadcast rate 181 show ports storm control 182 11 GVRP Commands 183 gvrp enable Global 183 gvrp enable Interface 183 garp timer 184 book...

Page 10: ...ng mrouter 192 ip igmp snooping host time out 193 ip igmp snooping mrouter time out 193 ip igmp snooping leave time out 194 ip igmp snooping querier enable 195 ip igmp snooping querier address 196 show ip igmp snooping mrouter 197 show ip igmp snooping interface 198 show ip igmp snooping groups 199 13 IP Addressing Commands 201 ip address 201 ip address dhcp 202 ip default gateway 203 show ip inte...

Page 11: ... 213 ipv6 address autoconfig 214 ipv6 icmp error interval 214 show ipv6 icmp error interval 215 ipv6 address 216 ipv6 address link local 217 ipv6 unreachables 218 ipv6 default gateway 219 ipv6 mld join group 220 ipv6 mld version 220 show ipv6 interface 221 show IPv6 route 224 ipv6 nd dad attempts 225 ipv6 host 226 ipv6 neighbor 227 ipv6 set mtu 228 book book Page 11 Thursday December 18 2008 7 40 ...

Page 12: ... port channel 236 16 Line Commands 237 line 237 speed 238 autobaud 238 exec timeout 239 history 240 history size 240 terminal history 241 terminal history size 242 show line 242 17 Management ACL 245 management access list 245 permit Management 247 deny Management 248 management access class 249 show management access list 249 book book Page 12 Thursday December 18 2008 7 40 PM ...

Page 13: ...lldp management address 256 lldp med enable 257 lldp med network policy global 258 lldp med network policy interface 259 lldp med location 259 clear lldp rx 260 show lldp configuration 261 show lldp med configuration 262 show lldp local 263 show lldp neighbors 265 19 Login Banner 267 banner exec 267 banner login 269 banner motd 271 exec banner 273 login banner 273 book book Page 13 Thursday Decemb...

Page 14: ...ne 281 power inline powered device 281 power inline priority 282 power inline usage threshold 283 power inline traps enable 284 show power inline 284 22 Port Channel Commands 291 interface port channel 291 interface range port channel 291 channel group 292 show interfaces port channel 293 23 Port Monitor Commands 295 port monitor 295 show ports monitor 296 book book Page 14 Thursday December 18 20...

Page 15: ...l 306 qos trust Interface 307 qos cos 307 show qos map 308 25 RADIUS Commands 311 radius server host 311 radius server key 312 radius server retransmit 313 radius server source ip 314 radius server source ipv6 314 radius server timeout 315 radius server deadtime 316 show radius servers 316 26 RMON Commands 319 show rmon statistics 319 rmon collection history 321 book book Page 15 Thursday December...

Page 16: ...p server community 335 snmp server view 336 snmp server group 338 snmp server user 340 snmp server engineID local 341 snmp server enable traps 343 snmp server filter 343 snmp server host 344 snmp server v3 host 346 snmp server trap authentication 348 snmp server contact 348 snmp server location 349 snmp server set 349 show snmp 350 show snmp engineid 352 show snmp views 353 book book Page 16 Thurs...

Page 17: ...able 361 spanning tree cost 361 spanning tree port priority 362 spanning tree portfast 363 spanning tree link type 364 spanning tree pathcost method 364 spanning tree bpdu 365 clear spanning tree detected protocols 366 spanning tree mst priority 366 spanning tree mst max hops 367 spanning tree mst port priority 368 spanning tree mst cost 369 spanning tree mst configuration 369 instance mst 370 nam...

Page 18: ...to key generate rsa 393 ip ssh pubkey auth 393 crypto key pubkey chain ssh 394 user key 395 key string 396 show ip ssh 398 show crypto key mypubkey 399 show crypto key pubkey chain ssh 400 30 Syslog Commands 401 logging on 401 logging 401 logging console 403 logging buffered 404 logging buffered size 404 clear logging 405 logging file 406 book book Page 18 Thursday December 18 2008 7 40 PM ...

Page 19: ...ers 412 31 System Management 415 ping 415 traceroute 417 telnet 420 resume 423 reload 423 hostname 424 service cpu utilization 425 stack master 425 stack reload 426 show stack 427 show users 428 show sessions 429 show system 430 show version 431 asset tag 432 show system id 433 show cpu utilization 434 book book Page 19 Thursday December 18 2008 7 40 PM ...

Page 20: ...aging 442 passwords history 443 passwords history hold time 444 passwords lockout 445 aaa login history file 446 set username active 446 set line active 447 set enable password active 447 show passwords configuration 448 show users login history 450 show users accounts 451 34 Tunnel 453 interface tunnel 453 tunnel mode ipv6ip 453 tunnel isatap router 454 tunnel source 455 book book Page 20 Thursda...

Page 21: ...1 login 462 configure 463 exit Configuration 463 exit 464 end 464 help 465 terminal datadump 466 show history 467 show privilege 468 36 VLAN Commands 469 vlan database 469 vlan 469 interface vlan 470 interface range vlan 471 name 471 switchport access vlan 472 switchport trunk allowed vlan 473 switchport trunk native vlan 473 book book Page 21 Thursday December 18 2008 7 40 PM ...

Page 22: ...479 map protocol protocols group 480 switchport general map protocols group vlan 481 ip internal usage vlan 482 mac to vlan 483 show vlan mac to vlan 484 show vlan 484 show vlan protocols groups 485 show vlan internal usage 486 show interfaces switchport 487 37 Voice VLAN 493 voice vlan id 493 voice vlan oui table 493 voice vlan cos 495 voice vlan aging timeout 496 voice vlan enable 496 voice vlan...

Page 23: ...te 509 show crypto certificate mycertificate 510 show ip http 511 show ip https 512 39 802 1x Commands 515 aaa authentication dot1x 515 dot1x system auth control 516 dot1x port control 516 dot1x re authentication 517 dot1x timeout re authperiod 518 dot1x re authenticate 519 dot1x timeout quiet period 519 dot1x timeout tx period 520 dot1x max req 521 dot1x timeout supp timeout 522 dot1x timeout ser...

Page 24: ...TURES 530 dot1x auth not req 530 dot1x multiple hosts 531 dot1x single host violation 532 dot1x guest vlan 533 dot1x guest vlan enable 534 dot1x mac authentication 534 dot1x traps mac authentication failure 535 dot1x radius attributes vlan 536 show dot1x advanced 537 book book Page 24 Thursday December 18 2008 7 40 PM ...

Page 25: ...its own set of specific commands Entering a question mark at the system prompt console prompt displays a list of commands available for that particular command mode From each mode a specific command is used to navigate from one command mode to another The standard order to access the modes is as follows User EXEC mode Privileged EXEC mode Global Configuration mode and Interface Configuration mode ...

Page 26: ... access to the device Configuration mode The Global Configuration mode manages the device configuration on a global level The Interface Configuration mode configures specific interfaces in the device User EXEC Mode After logging into the device the user is automatically in the User EXEC command mode unless the user is defined as a privileged user In general the User EXEC commands allow the user to...

Page 27: ...ed The Privileged EXEC mode prompt consists of the device host name followed by To return from the Privileged EXEC mode to the User EXEC mode use the disable command The following example illustrates how to access the Privileged EXEC mode and return to the User EXEC mode The exit mst command is used to return from any mode to the previous mode except when returning to the User EXEC mode from the P...

Page 28: ...ter the Line Configuration command mode VLAN Database Contains commands to create a VLAN as a whole The vlan database Global Configuration mode command is used to enter the VLAN Database Interface Configuration mode Management Access List Contains commands to define management access lists The management access list Global Configuration mode command is used to enter the Management Access List Conf...

Page 29: ...cess the device is connected to the device prior to using CLI commands NOTE The following steps are for use on the console line only To start using the CLI perform the following steps 1 Connect the DB9 null modem or cross over cable to the RS 232 serial port of the device to the RS 232 serial port of the terminal or computer running the terminal emulation application NOTE The default data rate for...

Page 30: ...nu but is manually entered To see what commands are available in each mode or within an interface configuration the CLI provides a method of displaying the available commands the command syntax requirements and in some instances parameters required to complete the command The standard command to request help is the character There are two instances where help information can be displayed Keyword l...

Page 31: ... enabled but it can be disabled at any time For information about the command syntax to enable or disable the history buffer see history There is a standard default number of commands that are stored in the buffer The standard number of 10 commands can be increased to 216 By configuring 0 the effect is the same as disabling the history buffer system For information about the command syntax for con...

Page 32: ... of the command line Ctrl Z End Returns back to the Privileged EXEC mode from any configuration mode Backspace key Deletes one character left to the cursor position Convention Description In a command line square brackets indicate an optional entry In a command line curly brackets indicate a selection of compulsory parameters separated by the character One option must be selected For example flowc...

Page 33: ...hat the device can be managed from the Web Based Interface Refer to the Getting Started Guide and User Guide for more information on the Setup Wizard This guide describes how the Command Line Interface CLI is structured describes the command syntax and describes the command functionality This guide also provides information for configuring the PowerConnect device details the procedures and provide...

Page 34: ...ort Channel Commands Configures and displays Port Channel information Port Monitor Commands Monitors activity on specific target ports QoS Commands Configures and displays QoS information RADIUS Commands Configures and displays RADIUS information RMON Commands Displays RMON statistics SNMP Commands Configures SNMP communities traps and displays SNMP information Spanning Tree Commands Configures an...

Page 35: ...thods for HTTPS server users Global Configuration show authentication methods Displays information about the authentication methods Privileged EXEC password Specifies a password on a line Line Configuration enable password Sets a local password to control access to normal and privilege levels Global Configuration username Establishes a username based authentication system Global Configuration Comm...

Page 36: ...dress Forbids adding a specific Multicast address to specific ports Interface VLAN Configuration bridge multicast unregistered Configures the forwarding state of unregistered multicast addresses Interface Configuration bridge multicast forward all Enables forwarding all Multicast frames on a port Interface VLAN Configuration bridge multicast forbidden forward all Forbids a port from becoming a for...

Page 37: ... status Privileged EXEC show ports security addresses Displays current dynamic addresses in locked ports Privileged EXEC Command Group Description Access Mode clock set Manually sets the system clock Privileged EXEC clock source Configures an external time source for the system clock Global Configuration clock timezone Sets the time zone for display purposes Global Configuration clock summer time ...

Page 38: ...ients Global Configuration sntp server Configures the device to use the Simple Network Time Protocol SNTP to request and accept Simple Network Time Protocol SNTP traffic from a server Global Configuration show clock Displays the time and date from the system clock User EXEC show sntp configuration Shows the configuration of the Simple Network Time Protocol SNTP Privileged EXEC show sntp status Sho...

Page 39: ... DHCP packets with option 82 information from an untrusted port Global Configuration ip dhcp snooping verify Configures a switch to accept DHCP packets with option 82 information from an untrusted port Global Configuration ip dhcp snooping database Configures the DHCP snooping binding file Global Configuration ip dhcp snooping database update freq Configures the update frequency of the DHCP snoopi...

Page 40: ...en interface Interface Configuration back pressure Enables Back Pressure on a given interface Interface Configuration clear counters Clears statistics on an interface Privileged EXEC set interface active Reactivates an interface that was suspended by the system Privileged EXEC show interfaces advertise Displays auto negotiation advertisement data Privileged EXEC show interfaces configuration Displ...

Page 41: ...ables Internet Group Management Protocol IGMP snooping Global Configuration ip igmp snooping Interface Enables Internet Group Management Protocol IGMP snooping on a specific VLAN Interface VLAN ip igmp snooping mrouter Enables automatic learning of Multicast router ports Interface VLAN ip igmp snooping host time out Configures the host time out Interface VLAN ip igmp snooping mrouter time out Conf...

Page 42: ...ntries in the ARP table Privileged EXEC ip domain lookup Enables the IP Domain Naming System DNS based host name to address translation Global Configuration ip domain name Defines a default domain name that the software uses to complete unqualified host names Global Configuration ip name server Sets the available name servers Global Configuration ip host Defines static host name to address mapping...

Page 43: ... ipv6 mld join group Configures Multicast Listener Discovery MLD reporting for a specified group Interface Configuration ipv6 mld version Changes the Multicast Listener Discovery Protocol MLD version Interface Configuration show ipv6 interface Displays the usability status of interfaces configured for IPv6 Privileged EXEC show IPv6 route Displays the current state of the IPv6 routing table Privile...

Page 44: ... enters the line configuration command mode Global Configuration speed Configures the baud rate of the line Line Configuration autobaud Configures the line for automatic baud rate detection autobaud Line Configuration exec timeout Configures the interval that the system waits until user input is detected Line Configuration history Enables the command history function Line Configuration history siz...

Page 45: ...erface configuration Ethernet lldp timer Specifies how often the software sends LLDP updates Global configuration lldp hold multiplier Specifies the amount of time the receiving device should hold a LLDP packet before discarding it Global configuration lldp reinit delay Specifies the minimum time an LLDP port will wait before reinitializing LLDP transmission Global configuration lldp tx delay Spec...

Page 46: ... Privileged EXEC Command Group Description Access Mode banner exec Specifies and enables a message to be displayed when an EXEC process is created Global Configuration banner login Enables a message to be displayed before the username and password login prompts Global Configuration banner motd Specifies and enables a message of the day banner Global Configuration exec banner Enables the display of...

Page 47: ...ports User EXEC show copper ports cable length Displays the estimated copper cable length attached to a port User EXEC Command Group Description Access Mode power inline Configures the administrative mode of the inline power on an interface Interface Configuration power inline powered device Adds a description of the powered device type attached to the interface Interface Configuration power inlin...

Page 48: ...tarts a port monitoring session Interface Configuration show ports monitor Displays port monitoring status User EXEC Command Group Description Access Mode qos Enables quality of service QoS on the device and enters QoS basic mode Global Configuration show qos Displays the QoS status User EXEC priority queue out num of queues Configures the number of expedite queues Global Configuration traffic sha...

Page 49: ...ions between the device and the RADIUS daemon Global Configuration radius server retransmit Specifies the number of times the software searches the list of RADIUS server hosts Global Configuration radius server source ip Specifies the source IP address used for communication with RADIUS servers Global Configuration radius server source ipv6 Specifies the source IPv6 address used for the IPv6 commu...

Page 50: ...ation show rmon events Displays the RMON event table User EXEC show rmon log Displays the RMON logging table User EXEC rmon table size Configures the maximum RMON tables sizes Global Configuration Command Group Description Access Mode snmp server community Sets up the community access string to permit access to SNMP protocol Global Configuration snmp server view Creates and modifies view entries G...

Page 51: ... views Privileged EXEC show snmp groups Displays the configuration of SNMP groups Privileged EXEC show snmp filters Displays the configuration of SNMP filters Privileged EXEC show snmp users Displays the configuration of SNMP users Privileged EXEC Command Group Description Access Mode spanning tree Enables Spanning Tree functionality Global Configuration spanning tree mode Configures the Spanning ...

Page 52: ...iscarded and the port information is aged out Global Configuration spanning tree mst port priority Configures the priority of a port Interface Configuration spanning tree mst cost Configures the path cost for multiple Spanning Tree MST calculations Interface Configuration spanning tree mst configuration Enables configuring an MST region by entering the Multiple Spanning Tree MST mode Global Config...

Page 53: ...s manually configured and enters the SSH public key string configuration command SSH Public Key key string Manually specifies a SSH public key SSH Public Key show ip ssh Displays the SSH server configuration Privileged EXEC show crypto key mypubkey Displays the SSH public keys stored on the device Privileged EXEC show crypto key pubkey chain ssh Displays SSH public keys stored on the device Privil...

Page 54: ... show logging file Displays the state of logging and the syslog messages stored in the logging file Privileged EXEC show syslog servers Displays the syslog servers settings Privileged EXEC Command Group Description Access Mode ping Sends ICMP echo request packets to another node on the network User EXEC traceroute Discovers the routes that packets will actually take when traveling to their destina...

Page 55: ...ACS daemon Global Configuration tacacs server source ip Specifies the source IP address that will be used for the communication with TACACS servers Global Configuration tacacs server timeout Sets the timeout value Global Configuration show tacacs Displays configuration and statistics for a TACACS servers Privileged EXEC Command Group Description Access Mode passwords min length Sets the minimum le...

Page 56: ...ription Access Mode interface tunnel enters tunnel interface configuration mode Global Configuration tunnel mode ipv6ip configures an IPv6 transition mechanism global support mode Interface Tunnel Configuration tunnel isatap router configures a global string that represents a specific automatic tunnel router domain name Interface Tunnel Configuration tunnel source sets the local source tunnel inte...

Page 57: ...s dumping all output of a show command without prompting User EXEC show history Lists the commands entered in the current session Privileged EXEC show privilege Displays the current privilege level User EXEC Command Group Description Access Mode vlan database Enters the VLAN database configuration mode Global Configuration vlan Creates a VLAN VLAN Database interface vlan Enters the interface confi...

Page 58: ...rface Configuration switchport protected Overrides the FDB Forwarding Database decision and sends all the Unicast Multicast and Broadcast traffic to an uplink port Interface Configuration map protocol protocols group Maps a protocol to a protocol group Protocol groups are used for protocol based VLAN assignment VLAN Configuration switchport general map protocols group vlan Sets a protocol based cl...

Page 59: ...cifies the TCP port for use by a web browser to configure the device Global Configuration ip http exec timeout Sets the interval the system waits for user input before automatically logging off Global Configuration ip https server Enables configuring the device from a secured browser Global Configuration ip https port Specifies the TCP port used by the server to configure the device through the We...

Page 60: ...led ports or the specified 802 1x enabled port Interface Configuration dot1x timeout quiet period Sets the number of seconds that the device remains in the quiet state following a failed authentication exchange Interface Configuration dot1x timeout tx period Sets the number of seconds that the device waits for a response to an Extensible Authentication Protocol EAP request identity frame from the ...

Page 61: ...AC address attempts to access the interface Interface Configuration dot1x guest vlan Defines a guest VLAN Interface Configuration dot1x guest vlan enable Enables unauthorized users on the interface to access the guest VLAN Interface Configuration dot1x mac authentication Enables authentication based on the station s MAC address Interface Configuration dot1x traps mac authentication failure Enables...

Page 62: ...62 Command Groups book book Page 62 Thursday December 18 2008 7 40 PM ...

Page 63: ...es filtering of Multicast addresses clock source Configures an external time source for the system clock clock summer time Configures the system to automatically switch to summer time daylight saving time clock timezone Sets the time zone for display purposes crypto certificate generate Generates a self signed HTTPS certificate crypto certificate import Imports a certificate signed by Certificatio...

Page 64: ...ode ip access list Creates Layer 2 ACLs ip access list Creates Layer 2 ACLs ip address Sets an IP address ip default gateway Defines a default gateway ip dhcp snooping Globally enables DHCP snooping ip dhcp snooping database Configures the DHCP snooping binding file ip dhcp snooping database update freq Configures the update frequency of the DHCP snooping binding file ip dhcp snooping information ...

Page 65: ...p ssh pubkey auth Enables public key authentication for incoming SSH sessions ip ssh server Enables the device to be configured from a SSH server lacp system priority Configures the system LACP priority line Identifies a specific line for configuration and enters the line configuration command mode logging Logs messages to a syslog server logging buffered Limits syslog messages displayed from an i...

Page 66: ...e Improves RADIUS response times when servers are unavailable radius server host Specifies a RADIUS server host radius server key Sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon radius server retransmit Specifies the number of times the software searches the list of RADIUS server hosts radius server source ip Specifies the source IP...

Page 67: ...thenticate Grants authentication for received Simple Network Time Protocol SNTP traffic from servers sntp authentication key Defines an authentication key for Simple Network Time Protocol SNTP sntp broadcast client enable Enables the Simple Network Time Protocol SNTP Broadcast clients sntp client enable Enables the Simple Network Time Protocol SNTP Broadcast and Anycast client on an interface sntp...

Page 68: ...res the Spanning Tree priority stack master Forces selection of a stack master tacacs server host Specifies a TACACS host tacacs server key Sets the authentication encryption key used for all TACACS communications between the device and the TACACS daemon tacacs server source ip Specifies the source IP address that will be used for the communication with TACACS servers tacacs server timeout Sets th...

Page 69: ...seconds that the device remains in the quiet state following a failed authentication exchange dot1x timeout re authperiod Sets the number of seconds between re authentication attempts dot1x timeout server timeout Sets the time for the retransmission of packets to the authentication server dot1x timeout supp timeout Sets the time for the retransmission of an EAP request frame to the client dot1x ti...

Page 70: ...n port security mode port security mode Configures the port security learning mode port security routed secure address Adds MAC layer secure addresses to a routed port port storm control broadcast enable Enables Broadcast storm control port storm control broadcast rate Configures the maximum Broadcast rate port storm control include multicast Enables the device to count Multicast packets power inl...

Page 71: ...anning tree portfast Enables PortFast mode spanning tree port priority Configures port priority speed Configures the speed of a given Ethernet interface when not using auto negotiation switchport access vlan Configures the VLAN ID when the interface is in access mode switchport access vlan Defines the primary PVLAN switchport customer vlan Set the port s VLAN when the interface is in customer mode...

Page 72: ...igures the interval that the system waits until user input is detected history Enables the command history function history size Configures the command history buffer size for a particular line login authentication Specifies the login authentication method list for a remote telnet or console password Specifies a password on a line password aging Sets the expiration time of line passwords in the lo...

Page 73: ...r host Deletes entries from the host name to address cache clear host dhcp Deletes entries from the host name to address mapping received from Dynamic Host Configuration Protocol DHCP clear ip dhcp snooping database Clears the DHCP snooping binding database clear logging Clears messages from the internal logging buffer clear logging file Clears messages from the logging file clear spanning tree de...

Page 74: ...e file that the device loads at startup show bridge address table Displays all entries in the bridge forwarding database show bridge address table count Displays the number of addresses present in all VLANs or at specific VLAN show bridge address table static Displays statically created entries in the bridge forwarding database show bridge multicast address table Displays Multicast MAC or IP Addre...

Page 75: ... Displays switchport configuration show ip http Displays the HTTP server configuration show ip https Displays the HTTPS server configuration show ip interface Displays the usability status of interfaces configured for IP show ip ssh Displays the SSH server configuration show logging Displays the state of logging and the syslog messages stored in the internal buffer show logging file Displays the s...

Page 76: ...ormation about the local user database show users login history Displays information about the login history of users show vlan Displays VLAN information show vlan internal usage Displays a list of VLANs used internally by the device show vlan mac to vlan Displays the MAC to VLAN database show vlan protocols groups Displays protocols groups information stack reload Reloads stack members test coppe...

Page 77: ...oping show ip igmp snooping interface Displays IGMP snooping configuration show ip igmp snooping mrouter Enables automatic learning of Multicast switch ports in the context of a specific VLAN show ip igmp snooping mrouter Displays information on dynamically learned Multicast router interfaces show lacp ethernet Displays LACP information for Ethernet ports show lacp port channel Displays LACP infor...

Page 78: ...y take when traveling to their destination traffic shape Assigns CoS values to select one of the egress queues Command Group Description bridge address Adds a static MAC layer station source address to the bridge table bridge multicast address Registers MAC layer Multicast addresses to the bridge table and adds static ports to the group bridge multicast forbidden address Forbids adding a specific ...

Page 79: ...l usage vlan Reserves a VLAN as the internal usage VLAN of an interface mac to vlan Adds MAC addresses to the MAC to VLAN database name Configures a name to a VLAN vlan Creates a VLAN Command Group Description deny IP Denies traffic if the conditions defined in the deny statement match permit IP Permits traffic if the conditions defined in the permit statement match Command Group Description deny ...

Page 80: ...80 Command Modes book book Page 80 Thursday December 18 2008 7 40 PM ...

Page 81: ...s in Range 1 12 characters method1 method2 Specify at least one from the following table Default Configuration The local user database is checked This has the same effect as the command aaa authentication login default local NOTE On the console login succeeds without any authentication check if the authentication method is not defined Command Mode Global Configuration mode Keyword Description enab...

Page 82: ...not available authentication is attempted at the local user database If there is no database then no authentication is performed aaa authentication enable The aaa authentication enable Global Configuration mode command defines authentication method lists for accessing higher privilege levels Use the no form of this command to return to the default configuration Syntax aaa authentication enable def...

Page 83: ...urn an error specify none as the final method in the command line All aaa authentication enable default requests sent by the device to a RADIUS or TACACS server include the username enabx where x is the requested privilege level Example The following example sets the enable password for authentication when accessing higher privilege levels login authentication The login authentication Line Configu...

Page 84: ...ation The enable authentication Line Configuration mode command specifies the authentication method list when accessing a higher privilege level from a remote telnet or console Use the no form of this command to return to the default configuration specified by the aaa authentication enable command Syntax enable authentication default list name no enable authentication default Uses the default list...

Page 85: ...ration The local user database is checked This has the same effect as the command ip http authentication local Command Mode Global Configuration mode User Guidelines The additional methods of authentication are used only if the previous method returns an error not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the comm...

Page 86: ...l Command Mode Global Configuration mode User Guidelines The additional methods of authentication are used only if the previous method returns an error not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line Example The following example configures HTTPS authentication Console config ip http authentication ...

Page 87: ...default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the authentication configuration Console sh authentication methods Login Authentication Method Lists Console_Default None Network_Default Local Enable Authentication Method Lists Console_Default Enable None Network_Default Enable book book Pag...

Page 88: ...e configuration Default Configuration No password is defined Command Mode Line Configuration mode User Guidelines If a password is defined as encrypted the required password length is 32 characters Example The following example specifies password secret on a console Line Login Method List Enable Method List Console Default Default Telnet Default Default SSH Default Default http Local https Local d...

Page 89: ...defined Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets local level 15 password secret to control access to privilege levels username The username Global Configuration mode command creates a user account in the local database Use the no form of this command to remove a user name Syntax username name password pa...

Page 90: ...nfiguration mode User Guidelines User account can be created without a password Example The following example configures user bob with password lee and user level 15 to the system Console config username bob password lee level 15 book book Page 90 Thursday December 18 2008 7 40 PM ...

Page 91: ...iguration No IPv4 access list is defined Command Mode Global Configuration mode User Guidelines IPv4 ACLs are defined by a unique name An IPv4 ACL and MAC ACL cannot share the same name Example The following example shows how to define an IPv4 access list called dell access 1 and to place the device in IPv4 access list configuration mode permit IP The permit IP Access List Configuration mode comma...

Page 92: ...ns to be ignored protocol Specifies the name or the number of an IP protocol Available protocol names icmp igmp ip tcp egp igp udp hmp rdp idpr idrp rsvp gre esp ah eigrp ospf ipip pim l2tp isis Range 0 255 dscp number Specifies the DSCP value ip precedence number Specifies the IP precedence value icmp type Specifies an ICMP message type for filtering ICMP packets Enter a number or one of the foll...

Page 93: ...fter an ACE is added an implied deny any any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied Example The following example shows how to define a permit statement for an IP ACL deny IP The deny IP Access List Configuration mode command denies traffic if the conditions defined in the deny statement match Syntax den...

Page 94: ...ltering ICMP packets Enter a number or one of the following values echo reply destination unreachable source quench redirect alternate host address echo request router advertisement router solicitation time exceeded parameter problem timestamp timestamp reply information request information reply address mask request address mask reply traceroute datagram conversion error mobile host redirect mobi...

Page 95: ...e denied Example The following example shows how to define a permit statement for an IP ACL mac access list The mac access list Global Configuration mode command creates Layer 2 ACLs Use the no form of this command to delete an ACL Syntax mac access list name no mac access list name name Specifies the name of the ACL Default Configuration No MAC access list is defined Command Mode Global Configura...

Page 96: ...s being sent destination wildcard Specifies wildcard bits to be applied to the destination MAC address by placing 1s in bit positions to be ignored vlan id Specifies the ID of the packet vlan Range 1 4094 cos Specifies the Class of Service CoS for the packet Range 0 7 cos wildcard Specifies wildcard bits to be applied to the CoS eth type Specifies the etherType of the packet in hexadecimal format ...

Page 97: ...destination Specifies the MAC address of the host to which the packet is being sent destination wildcard Specifies wildcard bits to the destination MAC address by placing 1s in bit positions to be ignored vlan id Specifies the vlan id of the packet Range 1 4094 cos Specifies the packets s Class of Service CoS Range 0 7 cos wildcard Specifies wildcard bits to be applied to the CoS eth type Specifie...

Page 98: ...efault configuration Command Mode Interface Ethernet Port Channel Configuration mode User Guidelines There are no user guidelines for this command Example The following example binds services an ACL to VLAN 2 Console config mac access list macl 1 Console config mac acl deny 66 66 66 66 66 66 Console config mac acl exit Console config console config console config mac access list macA console confi...

Page 99: ...wing example displays the access lists show interfaces access lists The show interfaces access lists Privileged EXEC mode command displays access lists applied on interfaces Syntax show interfaces access lists ethernet interface port channel port channel number Interface Specifies the Valid Ethernet port Full syntax unit port port channel number Specifies the port channel index Default Configurati...

Page 100: ... guidelines for this command Examples The following example displays an ACLs applied on the device interfaces console show access lists MAC access list macA permit any console show interfaces access lists Interface Input ACL e10 macA book book Page 100 Thursday December 18 2008 7 40 PM ...

Page 101: ...r permanent The address can only be deleted by the no bridge address command delete on reset The address is deleted after reset delete on timeout The address is deleted after age out time has expired secure The address is deleted after the port changes mode to unlock learning no port security command This parameter is only available when the port is in the learning locked mode Default Configuratio...

Page 102: ...ters exist on the VLAN do not change the unregistered Multicast addresses state to drop on the switch ports If Multicast routers exist on the VLAN and IGMP snooping is not enabled use the bridge multicast forward all command to enable forwarding all Multicast packets to the Multicast switches Example The following example enables bridge Multicast filtering bridge multicast address The bridge multi...

Page 103: ...e a range of ports port channel number list Separate non consecutive port channels with a comma and no spaces a hyphen is used to designate a range of ports Default Configuration No Multicast addresses are defined Command Mode Interface configuration VLAN mode User Guidelines If the command is executed without add or remove the command only registers the group in the bridge database Static Multica...

Page 104: ...ticast address A valid IP Multicast address interface list Separate non consecutive Ethernet ports with a comma and no spaces hyphen is used to designate a range of ports port channel number list Separate non consecutive valid port channels with a comma and no spaces a hyphen is used to designate a range of port channels Default Configuration No forbidden addresses are defined Command Modes Interf...

Page 105: ...Modes Interface configuration Ethernet Port Channel mode Default Configuration Unregistered multicast filtering should not be enabled on ports that are connected to routers because the 224 0 0 x address range should not be filtered Routers would not necessarily send IGMP reports for the 224 0 0 x range Examples This example configures the forwarding state of unregistered multicast addresses to all...

Page 106: ...ces a hyphen is used to designate a range of port channels Default Configuration This setting is disabled Command Mode Interface Configuration VLAN mode User Guidelines There are no user guidelines for this command Example The following example forwards all Multicast packets on port 1 e8 bridge multicast forbidden forward all The bridge multicast forbidden forward all Interface Configuration VLAN ...

Page 107: ...mand Mode Interface Configuration VLAN mode User Guidelines IGMP snooping dynamically discovers Multicast router ports When a Multicast router port is discovered all the Multicast packets are forwarded to it unconditionally This command prevents a port from becoming a Multicast router port Example The following example forbids forwarding all Multicast packets to 1 e1 with VLAN 2 bridge aging time ...

Page 108: ... bridge The clear bridge Privileged EXEC mode command removes any learned entries from the forwarding database Syntax clear bridge Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example clears the bridge tables Console config bridge aging time 250 Console clear bri...

Page 109: ...cards packets with unlearned source addresses The port is also shut down seconds Sends SNMP traps and defines the minimum amount of time in seconds between consecutive traps Range 1 1000000 Default Configuration This setting is disabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command 802 1x multiple host mode must be ena...

Page 110: ...ing is disabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example sets port security mode to dynamic for Ethernet interface 1 e7 port security max The port security max Interface Configuration Ethernet port channel mode command configures the maximum number of addresses that can be learned on ...

Page 111: ...guration Ethernet port channel mode command adds a MAC layer secure address to a routed port Use the no form of this command to delete a MAC address Syntax port security routed secure address mac address no port security routed secure address mac address mac address A valid MAC address Default Configuration No addresses are defined Command Mode Interface configuration Ethernet port channel mode ca...

Page 112: ...ace port channel port channel number vlan Specifies a valid VLAN such as VLAN 1 interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Internal usage VLANs VLANs that are automatically allocated on ports with a defined Layer 3 interface are presented in the VLA...

Page 113: ...t channel port channel number Parameters vlan Specifies a valid VLAN such as VLAN 1 interface A valid Ethernet port number port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show bridge address table Aging time is 300 sec Vlan mac addr...

Page 114: ...nel port channel number vlan Specifies a valid VLAN such as VLAN 1 interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show bridge address table static Aging time is 300 sec vlan mac address port type 1 0...

Page 115: ...alue mac multicast address A valid MAC Multicast address ip multicast address A valid IP Multicast address format ip mac Multicast address format Can be ip or mac If the format is unspecified the default is mac Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines A MAC address can be displayed in IP format only if it is in the range of 0...

Page 116: ...atic 1 e1 e8 19 00 00 5e 02 02 08 dynamic 1 e9 e11 Forbidden ports for Multicast addresses Vlan MAC Address Ports 1 01 00 5e 02 02 03 2 e8 19 01 00 5e 02 02 08 2 e8 Console show bridge multicast address table format ip Vlan IP MAC Address Type Ports 1 224 239 130 2 2 3 static 1 e1 2 e2 19 224 239 130 2 2 8 static 1 e1 8 19 224 239 130 2 2 8 dynamic 1 e9 11 Forbidden ports for Multicast addresses V...

Page 117: ...alue Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the Multicast configuration for VLAN 1 Console show bridge multicast filtering 1 Filtering Enabled VLAN 1 Port Static Status 1 e14 Forbidden Filter 1 e15 Forward Forward s 1 e16 Forward d book boo...

Page 118: ...c multicast address A valid MAC multicast address ip multicast address A valid IP multicast address ip address Source IP address Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines A MAC address can be displayed in IP format only if it s in the range 0100 5e00 0000 through 0100 5e7f ffff Example Console show bridge multicast address tab...

Page 119: ...s command has no default configuration IPv4 GROUP Table Vlan IP MAC Address Type Ports 1 231 2 2 3 dynamic 1 e1 2 e2 19 231 2 2 8 static 1 e1 e8 19 231 2 2 8 dynamic 1 9 11 Forbidden ports for multicast addresses Vlan MAC Address Ports 1 231 2 2 3 2 8 19 231 2 2 8 2 8 IPv4 SRC GROUP Table Vlan Group Address Source Address Type Ports Forbidden ports for multicast addresses Vlan Group Address Source...

Page 120: ...urity ethernet interface port channel port channel number interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Console show bridge multicast filtering 1 Filtering Enabled VLAN 1 Port Forward Unregistered Forward All Static Status Static Status 1 e1 Forbidden Filter Forbidden...

Page 121: ...mum Trap Frequenc y 1 e1 Disabled Lock 1 1 e2 Disabled Lock 1 1 e3 Disabled Lock 1 1 e4 Disabled Lock 1 1 e5 Disabled Lock 1 1 e6 Disabled Lock 1 1 e7 Disabled Lock 1 1 e8 Disabled Lock 1 1 e9 Disabled Lock 1 1 e10 Disabled Lock 1 1 e11 Disabled Lock 1 1 e12 Disabled Lock 1 1 e13 Disabled Lock 1 1 e14 Disabled Lock 1 1 e15 Disabled Lock 1 1 e16 Disabled Lock 1 1 e17 Disabled Lock 1 book book Page ...

Page 122: ...thernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command 1 e18 Disabled Lock 1 1 e19 Disabled Lock 1 1 e20 Disabled Lock 1 1 e21 Disabled Lock 1 1 e22 Disabled Lock 1 Frequency Minimum time in seconds between consecutive traps Counter N...

Page 123: ...ort Status Learning Current Maximum 1 e1 Disabled Lock 1 1 e2 Disabled Lock 1 1 e3 Enabled Max addresses 0 1 1 e4 Port is a member in port channel ch1 1 e5 Disabled Lock 1 1 e6 Enabled Max addresses 0 10 ch1 Enabled Max addresses 0 50 ch2 Enabled Max addresses 0 128 Console show ports security addresses ethernet 1 e1 Port Status Learning Current Maximum 1 e1 Disabled Lock 1 book book Page 123 Thur...

Page 124: ...124 Address Table Commands book book Page 124 Thursday December 18 2008 7 40 PM ...

Page 125: ...day Current day by date in the month 1 31 month Current month using the first three letters by name Jan Dec year Current year 2000 2097 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example sets the system time to 13 32 00 on the 7th March 2002 Console clock set 1...

Page 126: ...al time source for the system clock clock timezone The clock timezone Global Configuration mode command sets the time zone for display purposes Use the no form of this command to set the time to the Coordinated Universal Time UTC Syntax clock timezone hours offset minutes minutes offset zone acronym no clock timezone hours offset Hours difference from UTC Range 12 13 minutes offset Minutes differe...

Page 127: ...ne acronym no clock summer time recurring recurring Indicates that summer time should start and end on the corresponding specified days every year date Indicates that summer time should start on the first specific date listed in the command and end on the second specific date in the command usa The summer time rules are the United States rules eu The summer time rules are the European Union rules ...

Page 128: ...ng month the system assumes that you are in the southern hemisphere USA rule for daylight saving time Start Second Sunday in March End First Sunday in November Time 2 am local time EU rule for daylight saving time Start Last Sunday in March End Last Sunday in October Time 1 00 am 01 00 Examples The following example sets summer time starting on the first Sunday in March at 2 am and finishing on th...

Page 129: ...the authentication key for SNTP sntp authenticate The sntp authenticate Global Configuration mode command allows authentication for received Simple Network Time Protocol SNTP traffic from servers Use the no form of this command to disable the feature Syntax sntp authenticate no sntp authenticate Default Configuration No authentication Command Mode Global Configuration mode User Guidelines The comm...

Page 130: ...f authentication key to be trusted Range 1 4294967295 Default Configuration No keys are trusted Command Mode Global Configuration mode User Guidelines The command is relevant for both received Unicast and Broadcast If there is at least 1 trusted key then unauthenticated messages will be ignored Examples The following example authenticates the identity of system 8 Console config sntp authentication...

Page 131: ...lines There are no user guidelines for this command Examples The following example sets the polling time for the Simple Network Time Protocol SNTP client to 120 seconds sntp broadcast client enable The sntp broadcast client enable Global Configuration mode command enables Simple Network Time Protocol SNTP Broadcast clients Use the no form of this command to disable SNTP Broadcast clients Syntax sn...

Page 132: ...ent is disabled Command Mode Global Configuration mode User Guidelines Polling time is determined by the sntp client poll timer Global Configuration mode command Use the sntp client enable Interface Configuration mode command to enable the SNTP client on a specific interface Examples The following example enables SNTP Anycast clients sntp client enable The sntp client enable Global Configuration m...

Page 133: ...le Global configuration command to enable Anycast clients globally Examples The following example enables the SNTP client on the interface sntp client enable Interface The sntp client enable Interface Configuration Ethernet port channel VLAN mode command enables the Simple Network Time Protocol SNTP client on an interface This applies to both receive Broadcast and Anycast updates Use the no form o...

Page 134: ...ept SNTP traffic from servers Use the no form of this command to disable requesting and accepting SNTP traffic from servers Syntax sntp unicast client enable no sntp unicast client enable Default Configuration The SNTP Unicast client is disabled Command Mode Global Configuration mode User Guidelines Use the sntp server Global Configuration mode command to define SNTP servers Examples The following...

Page 135: ...on mode User Guidelines Polling time is determined by the sntp client poll timer Global Configuration mode command Examples The following example enables polling for Simple Network Time Protocol SNTP predefined Unicast clients sntp server The sntp server Global Configuration mode command configures the device to use the Simple Network Time Protocol SNTP to request and accept SNTP traffic from a sp...

Page 136: ...ent enable Global Configuration mode command to enable predefined Unicast clients globally To enable polling you should also use the sntp unicast client poll Global Configuration mode command for global enabling Polling time is determined by the sntp client poll timer Global Configuration mode command Polling time is determined by the sntp client poll timer Global Configuration mode command The IP...

Page 137: ...tail Shows timezone and summertime configuration Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines The symbol that precedes the show clock display indicates the following Console config sntp server 192 1 1 1 Symbol Description Time is not authoritative blank Time is authoritative Time is authoritative but SNTP is not synchronized book book ...

Page 138: ...uration Default Configuration This command has no default configuration Console show clock 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Console show clock detail 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Time zone Acronym is PST Offset is UTC 8 Summertime Acronym is PDT Recurring every year Begins at first Sunday of April at 2 00 Ends at last Sunday of October at 2 00 Offset is 60 m...

Page 139: ...e Network Time Protocol SNTP Syntax show sntp status Console show sntp configuration Polling interval 7200 seconds MD5 Authentication keys 8 9 Authentication is required for synchronization Trusted Keys 8 9 Unicast Clients Enabled Unicast Clients Polling Enabled Server Polling Encryption Key 176 1 1 8 Enabled 9 176 1 8 179 Disabled Disabled Broadcast Clients Enabled Anycast Clients Enabled Broadca...

Page 140: ...ence time is AFE2525E 70597B34 00 10 22 438 PDT Jul 5 1993 Unicast servers Server Status Last response Offset mSec Delay mSec 176 1 1 8 Up 19 58 22 289 PDT Feb 19 2002 7 33 117 79 176 1 8 179 Unknown 12 17 17 987 PDT Feb 19 2002 8 98 189 19 Anycast server Server Interface Status Last response Offset Delay mSec mSec 176 1 11 8 VLAN 118 Up 9 53 21 789 PDT Feb 19 2002 7 19 119 89 Broadcast Interface ...

Page 141: ...rent running configuration file startup config Represents the startup configuration file image If source file represent the active image file If destination file represent the non active image file boot Boot file tftp Source or destination URL for a TFTP network server The syntax for this alias is tftp host directory filename The host can be either IP address or hostname An out of band IP address ...

Page 142: ...ve units is for image and boot files only The following table describes copy characters Copying image file from a Server to Flash Memory Use the copy source url image command to copy an image file from a server to Flash memory Copying boot file from a Server to Flash Memory Use the copy source url boot command to copy a boot file from a server to Flash memory Copying a Configuration File from a Se...

Page 143: ... the current configuration file to a network server using TFTP Use the copy startup config destination url command to copy the startup configuration file to a network server The configuration file copy can serve as a backup copy Saving the Running Configuration to the Startup Configuration Use the copy running config startup config command to copy the running configuration to the startup configura...

Page 144: ...ge 1 and image 2 files cannot be deleted Examples The following example deletes file test from flash memory delete startup config The delete startup config Privileged EXEC mode command deletes the startup config file Syntax delete startup config Default Configuration This command has no default configuration Keyword Source or Destination flash Source or destination URL for flash memory It is the d...

Page 145: ...ration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays files in the flash directory Console delete startup config Console dir Directory of flash File Name Permission Size Modification Date Modification Time Image 1 rw 4325376 01 Jun 2003 01 04 21 Image 2 rw 4325376 01 J...

Page 146: ...n hexadecimal format prv and sys files cannot be displayed sshkeys prv 262144 01 Jun 2003 01 01 05 syslog1 sys r 262144 01 Jun 2003 02 22 48 syslog2 sys r 262144 01 Jun 2003 02 22 48 directry prv 262144 01 Jun 2003 01 01 02 startup config rw 1523 08 Feb 2005 09 02 31 Total size of flash 15597568 bytes Free size of flash 5759287 bytes Keyword Source or Destination flash Source or destination URL fo...

Page 147: ...ywords and URL prefixes Console more configuration bak interface range ethernet 1 e 1 4 duplex half exit interface range ethernet 2 g 1 4 switchport mode general exit vlan database vlan 2 exit interface range ethernet 2 g 1 4 switchport general allowed vlan add 2 exit interface range ethernet 1 e 1 4 no negotiation exit Keyword Source or Destination flash Source or destination URL for flash memory...

Page 148: ...m unit unit image 1 image 2 unit Specifies the unit number image 1 Specifies image 1 as the system startup image image 2 Specifies image 2 as the system startup image Default Configuration If the unit number is unspecified the default setting is the master unit number Command Mode Privileged EXEC mode User Guidelines Use the show bootvar command to find out which image is the active image Examples...

Page 149: ...ing example displays the contents of the running configuration file console show running config voice vlan oui table add 0001e3 Siemens_AG_phone________ voice vlan oui table add 00036b Cisco_phone_____________ voice vlan oui table add 000fe2 H3C_Aolynk______________ voice vlan oui table add 0060b9 Philips_and_NEC_AG_phone voice vlan oui table add 00d01e Pingtel_phone___________ voice vlan oui tabl...

Page 150: ...t settings Service tag service tag 0 SW version 1 0 0 1 date Aug 9 2007 time 10 06 42 Fast Ethernet Ports no shutdown speed 100 duplex full negotiation flow control off mdix auto no back pressure Gigabit Ethernet Ports no shutdown speed 1000 duplex full negotiation flow control off mdix auto no back pressure console book book Page 150 Thursday December 18 2008 7 40 PM ...

Page 151: ...ines for this command Examples The following example displays the contents of the running configuration file Console show startup config software version 1 1 hostname device interface ethernet 1 e1 ip address 176 242 100 100 255 255 255 0 duplex full speed 100 interface ethernet 1 e2 ip address 176 243 100 100 255 255 255 0 duplex full speed 100 book book Page 151 Thursday December 18 2008 7 40 PM...

Page 152: ...command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays the active system image file that is loaded by the device at startup Console show bootvar Image Filename Version Date Status 1 image 1 1 0 0 1 Active 2 image 2 1 0 0 2 Not active designates that the image was selected for the n...

Page 153: ...idelines For any DHCP snooping configuration to take effect you must globally enable DHCP snooping DHCP snooping is not active until you enable snooping on a VLAN by using the ip dhcp snooping vlan global configuration command Example The following example globally enables DHCP snooping ip dhcp snooping vlan The ip dhcp snooping vlan Global Configuration mode command enables DHCP snooping on a VLA...

Page 154: ...uration Ethernet Port channel mode command configures a port as trusted for DHCP snooping purposes Use the no form of this command to return to the default settings Syntax ip dhcp snooping trust no ip dhcp snooping trust Default Configuration The default configuration is that the interface is not trusted Command Mode Interface Configuration Ethernet Port channel mode User Guidelines Configure as t...

Page 155: ...fault configuration is to discard DHCP packets with option 82 information from an untrusted port Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures a switch to accept DHCP packets with option 82 information from an untrusted port ip dhcp snooping verify The ip dhcp snooping verify Global Configuration mode c...

Page 156: ...ches the client hardware address ip dhcp snooping database The ip dhcp snooping database Global Configuration mode command configures the DHCP snooping binding file Use the no form of this command to delete the binding file Syntax ip dhcp snooping database no ip dhcp snooping database Default Configuration The URL is not defined Command Mode Global Configuration mode User Guidelines To ensure that...

Page 157: ... 86400 Default Configuration The default configuration is 1200 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the update frequency of the DHCP snooping binding file to be 24000 seconds ip dhcp snooping binding The ip dhcp snooping binding Privileged EXEC mode command configures the DHCP snooping binding ...

Page 158: ...configuration is that no static binding exists Command Mode Privileged EXEC mode User Guidelines After entering this command an entry is added to the DHCP snooping database If a DHCP snooping binding file exists the entry is also added to that file The entry is displayed in the show commands as a DHCP Snooping entry Example The following example configures the DHCP snooping binding database and ad...

Page 159: ...ping User EXEC mode command displays the DHCP snooping configuration Syntax show ip dhcp snooping ethernet interface port channel port channel number interface Specifies an Ethernet port port channel number Specifies a Port channel number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Console...

Page 160: ...nnel number mac address Specifies a MAC address ip address Specifies an IP address vlan id Specifies a VLAN number interface Specifies an Ethernet port port channel number Specifies a Port channel number Default Configuration This command has no default configuration Command Mode User EXEC mode console show ip dhcp snooping DHCP snooping is Enabled DHCP snooping is configured on following VLANs 2 ...

Page 161: ...for this command Example The following example displays the DHCP snooping configuration Console show ip dhcp snooping binding Total number of binding 2 MAC Adreess IP Address Lease sec Type VLAN Interface console book book Page 161 Thursday December 18 2008 7 40 PM ...

Page 162: ...162 DHCP Snooping book book Page 162 Thursday December 18 2008 7 40 PM ...

Page 163: ...de User Guidelines There are no user guidelines for this command Example The following example enables configuring Ethernet port 5 e18 interface range ethernet The interface range ethernet Global Configuration mode command configures multiple Ethernet type interfaces at the same time Syntax interface range ethernet port range all port range List of valid ports Where more than one port is listed se...

Page 164: ...llowing example shows how ports 5 e18 to 5 e20 and 3 e1 to 3 24 are grouped to receive the same command shutdown The shutdown Interface Configuration Ethernet port channel mode command disables an interface Use the no form of this command to restart a disabled interface Syntax shutdown no shutdown Default Configuration The interface is enabled Command Mode Interface Configuration Ethernet port cha...

Page 165: ...of the port to enable the user to remember what is attached to the port Range 1 64 characters Default Configuration The interface does not have a description Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example adds a description to Ethernet port 1 e5 Console config interface ethernet 1 e5 Consol...

Page 166: ...tion Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures the speed operation of Ethernet port 1 e5 to 100 Mbps operation duplex The duplex Interface Configuration Ethernet mode command configures the full half duplex operation of a given Ethernet interface when not using auto negotiation Use the no form of this command t...

Page 167: ...gotiation command enables auto negotiation operation for the speed and duplex parameters of a given interface Use the no form of this command to disable it Syntax negotiation capability1 capability2 capability5 no negotiation capability Specifies the capabilities to advertise Possible values 10h 10f 100h 100f 1000f Default Configuration Auto negotiation is enabled User Guidelines There are no user...

Page 168: ...n Flow control is off Command Mode Interface Configuration Ethernet port channel mode User Guidelines Negotiation should be enabled for flow control auto Example The following example enables flow control on port 1 e5 mdix The mdix Interface Configuration Ethernet mode command enables cable crossover on a given interface Use the no form of this command to disable cable crossover Syntax mdix on aut...

Page 169: ...ross cable and to connect to another device only with a normal cable Example The following example enables automatic crossover on port 1 e5 back pressure The back pressure Interface Configuration Ethernet mode command enables back pressure on a given interface Use the no form of this command to disable back pressure Syntax back pressure no back pressure Default Configuration Back pressure is enabl...

Page 170: ...ration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example clears the counters for interface 1 e1 set interface active The set interface active Privileged EXEC mode command reactivates an interface that was shutdown Syntax set interface active ethernet interface port channel port channel number interface Valid Ethernet port Full s...

Page 171: ...e5 show interfaces advertise The show interfaces advertise Privileged EXEC mode command displays autonegotiation data Syntax show interfaces advertise ethernet interface port channel port channel number interface Valid Ethernet port Full syntax unit port port channel number Valid port channel number Default Configuration This command has no default configuration Command Modes Privileged EXEC mode ...

Page 172: ...d 1 e2 100M Copper Enabled 1 e3 100M Copper Enabled 1 e4 100M Copper Enabled 1 e5 100M Copper Enabled 100f 100h 10f 10h 1 e6 100M Copper Enabled 1 e7 100M Copper Enabled 1 e8 100M Copper Enabled 1 e9 100M Copper Enabled 1 e10 100M Copper Enabled 1 e11 100M Copper Enabled 1 e12 100M Copper Enabled 1 e13 100M Copper Enabled 1 e14 100M Copper Enabled 1 e15 100M Copper Enabled 1 e16 100M Copper Enable...

Page 173: ...de command Example The following example displays the configuration of all configured interfaces Console show interfaces configuration Port Type Duplex Speed Neg Flow Ctrl Link State Back Pressure Mdix Mode 1 e1 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e2 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e3 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e4 100M Copper Full 100 En...

Page 174: ... 1 e9 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e10 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e11 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e12 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e13 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e14 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e15 100M Copper Full 100 Enabled Off Up Disabled Auto 1 e16 10...

Page 175: ...e 1 e1 100M Copper Down 1 e2 100M Copper Down 1 e3 100M Copper Down 1 e4 100M Copper Down 1 e5 100M Copper Full 100 Enabled Off Up Disabled On 1 e6 100M Copper Down 1 e7 100M Copper Down 1 e8 100M Copper Down 1 e9 100M Copper Down 1 e10 100M Copper Down 1 e11 100M Copper Down 1 e12 100M Copper Down 1 e13 100M Copper Down 1 e14 100M Copper Down 1 e15 100M Copper Down 1 e16 100M Copper Down 1 e17 10...

Page 176: ...e Valid Ethernet port Full syntax unit port port channel number A valid port channel number Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays descriptions of configured interfaces Console show interfaces description Port Description 1 e1 lab 1 e2 1 e...

Page 177: ...annel number Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays traffic seen by the physical interface Console show interfaces counters Port InOctets InUcastPkts InMcastPkts InBcastPkts 1 e1 183892 0 0 0 2 e1 0 0 0 0 3 e1 123899 0 0 0 Port OutOctets ...

Page 178: ...23739 0 0 0 Console show interfaces counters ethernet 1 e1 Port InOctets InUcastPkts InMcastPkts InBcastPkts 1 e1 183892 0 0 0 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts 1 e1 9188 0 0 0 FCS Errors 8 Single Collision Frames 0 Late Collisions 0 Oversize Packets 0 Internal MAC Rx Errors 0 Symbol Errors 0 Received Pause Frames 0 Transmitted Pause Frames 0 book book Page 178 Thursday Decembe...

Page 179: ...ansmitted Unicast packets OutMcastPkts Counted transmitted Multicast packets OutBcastPkts Counted transmitted Broadcast packets FCS Errors Counted received frames that are an integral number of octets in length but do not pass the FCS check Single Collision Frames Counted frames that are involved in a single collision and are subsequently transmitted successfully Late Collisions Number of times th...

Page 180: ... port storm control broadcast enable no port storm control broadcast enable Default Configuration Broadcast storm control is disabled Command Modes Interface Configuration Ethernet mode User Guidelines Use the port storm control broadcast rate Interface Configuration Ethernet mode command to set the maximum allowable Broadcast rate Use the port storm control include multicast Interface Configurati...

Page 181: ...oadcast and Multicast traffic on a port Range 70 1000000 Default Configuration The default configuration is disabled Command Mode Interface Configuration Ethernet mode User Guidelines Use the port storm control broadcast enable Interface Configuration mode command to enable Broadcast storm control Example The following example configures the maximum storm control Broadcast rate at 900 Kbits Sec on...

Page 182: ...leged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the storm control configuration Console show ports storm control Port State Rate Kbits Sec Included 1 e1 Disabled 3500 Broadcast 1 e2 Disabled 3500 Broadcast 1 e3 Disabled 3500 Broadcast 1 e4 Disabled 3500 Broadcast Multicast 1 e5 Disabled 3500 Broadcast 1 e6 Disabled 3500 Broadcast...

Page 183: ... GVRP globally Use the no form of this command to disable GVRP on the device Syntax gvrp enable no gvrp enable Default Configuration GVRP is globally disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables GVRP globally on the device gvrp enable Interface The gvrp enable Interface Configuration Ethernet por...

Page 184: ...rp timer The garp timer Interface Configuration Ethernet Port channel mode command adjusts the values of the join leave and leaveall timers of GARP applications Use the no form of this command to return to the default configuration Syntax garp timer join leave leaveall timer_value no garp timer join leave leaveall Indicates the type of timer timer_value Timer values in milliseconds in multiples of...

Page 185: ... creation forbid Interface Configuration Ethernet port channel mode command disables dynamic VLAN creation or modification Use the no form of this command to enable dynamic VLAN creation or modification Syntax gvrp vlan creation forbid no gvrp vlan creation forbid Default Configuration Dynamic VLAN creation or modification is enabled Command Mode Interface Configuration Ethernet port channel mode ...

Page 186: ...mand Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example forbids dynamic registration of VLANs on Ethernet port 1 e6 clear gvrp statistics The clear gvrp statistics Privileged EXEC mode command clears all GVRP statistical information Syntax clear gvrp statistics ethernet interface port channel port chan...

Page 187: ...figuration information including timer values whether GVRP and dynamic VLAN creation is enabled and which ports are running GVRP Syntax show gvrp configuration ethernet interface port channel port channel number interface A valid Ethernet port Full syntax unit port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode User EXEC...

Page 188: ...port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Console show gvrp configuration GVRP Feature is currently enabled on the device Timers milliseconds Port s Status Registration Dynamic VLAN Creation Join Leave Leave All 2 e1 Enabled Normal Ena...

Page 189: ...l number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Console show gvrp statistics GVRP Statistics Legend rJE Join Empty Received rJIn Join In Received rEmp Empty Received rLIn Leave In Received rLE Leave Empty Received rLA Leave All Received sJE Join Empty Sent sJIn Join In Sent sEmp Empty...

Page 190: ...w gvrp error statistics GVRP Error Statistics Legend INVPROT Invalid Protocol Id INVALEN Invalid Attribute Length INVATYP Invalid Attribute Type INVEVENT Invalid Event INVAVAL Invalid Attribute Value Port INVPROT INVATYP INVAVAL INVALEN INVEVENT book book Page 190 Thursday December 18 2008 7 40 PM ...

Page 191: ...ation mode User Guidelines IGMP snooping can only be enabled on static VLANs It must not be enabled on Private VLANs or their community VLANs Example The following example enables IGMP snooping ip igmp snooping Interface The ip igmp snooping Interface Configuration VLAN mode command enables Internet Group Management Protocol IGMP snooping on a specific VLAN Use the no form of this command to disab...

Page 192: ...ing of Multicast router ports in the context of a specific VLAN Use the no form of this command to remove automatic learning of Multicast router ports Syntax ip igmp snooping mrouter learn pim dvmrp no ip igmp snooping mrouter learn pim dvmrp Default Configuration Automatic learning of Multicast router ports is enabled Command Mode Interface Configuration VLAN mode User Guidelines Multicast router...

Page 193: ...me out is 260 seconds Command Mode Interface Configuration VLAN mode User Guidelines The timeout should be at least greater than 2 query_interval max_response_time of the IGMP router Example The following example configures the host timeout to 300 seconds ip igmp snooping mrouter time out The ip igmp snooping mrouter time out Interface Configuration VLAN mode command configures the mrouter time ou...

Page 194: ...ort for a Multicast group was not received for a leave time out period after an IGMP Leave was received from a specific port this port is deleted from the member list of that Multicast group Use the no form of this command to return to the default configuration Syntax ip igmp snooping leave time out time out immediate leave no ip igmp snooping leave time out time out Specifies the leave time out i...

Page 195: ...ble IGMP querier on a VLAN interface Syntax ip igmp snooping querier enable no ip igmp snooping querier enable Default Configuration Disabled Command Mode Interface Configuration VLAN mode User Guidelines IGMP snooping querier can be enabled on a VLAN only if IGMP snooping is enabled for that VLAN No more than one switch can be configured as an IGMP Querier for a VLAN When IGMP Snooping Querier is...

Page 196: ... ip igmp snooping querier address ip address no ip igmp snooping querier address Default Configuration If an IP address is configured for the VLAN it is used as the source address of the IGMP snooping querier Command Mode Interface Configuration VLAN mode User Guidelines If an IP address is not configured by this command and no IP address is configured for the IGMP querier VLAN interface the qurie...

Page 197: ...ion This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command console config interface vlan 2 VLAN 2 does not exist All settings will be applied to VLAN 2 when it is created console config if ghost vlan ip igmp snooping querier enable console config if ghost vlan ip igmp snooping querier address missing mandatory parameter c...

Page 198: ...tion Syntax show ip igmp snooping interface vlan id vlan id VLAN number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Console show ip igmp snooping mrouter interface 1000 VLAN Ports 1000 1 e1 Detected multicast routers that are forbidden statically VLAN Ports 1000 1 e19 book book Page 198 Th...

Page 199: ...mand has no default configuration Console show ip igmp snooping interface 1000 IGMP Snooping is globally enabled IGMP Snooping admin Enabled Hosts and routers IGMP version 2 IGMP snooping oper mode Enabled IGMP snooping querier admin Enabled IGMP snooping querier oper Enabled IGMP snooping querier address admin IGMP snooping querier address oper 172 16 1 1 IGMP host timeout is 300 sec IGMP Immedia...

Page 200: ...rivileged EXEC command Example The following example shows IGMP snooping information on Multicast groups Console show ip igmp snooping groups Vlan IP Address Querier Ports 1 224 239 130 2 2 3 Yes 1 e1 2 e2 19 224 239 130 2 2 8 Yes 1 e9 e11 IGMP Reporters that are forbidden statically Vlan IP Address Ports 1 224 239 130 2 2 3 1 e19 book book Page 200 Thursday December 18 2008 7 40 PM ...

Page 201: ... number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Range 8 30 Default Configuration No IP address is defined for interfaces Command Mode Interface Configuration Ethernet VLAN port channel mode User Guidelines An IP address cannot be configured for a range of interfaces range context Example The following example configures VLAN 1 with IP addre...

Page 202: ... require that the DHCPDISCOVER message have a specific host name The ip address dhcp hostname host name command is most typically used when the host name is provided by the system administrator If the device is configured to obtain its IP address from a DHCP server it sends a DHCPDISCOVER message to provide information about itself to the DHCP server on the network If the ip address dhcp command i...

Page 203: ... Guidelines There are no user guidelines for this command Example The following example defines default gateway 192 168 1 1 show ip interface The show ip interface User EXEC mode command displays the usability status of configured IP interfaces Syntax show ip interface ethernet interface number vlan vlan id port channel port channel number interface number Valid Ethernet port vlan id Valid VLAN nu...

Page 204: ...rt channel port channel number no arp ip_addr ethernet interface number vlan vlan id port channel port channel number ip_addr Valid IP address or IP alias to map to the specified MAC address hw_addr Valid MAC address to map to the specified IP address or IP alias interface number Valid Ethernet port vlan id Valid VLAN number port channel number Valid Port channel number Default Configuration This ...

Page 205: ...command configures how long an entry remains in the ARP cache Use the no form of this command to return to the default configuration Syntax arp timeout seconds no arp timeout seconds Time in seconds that an entry remains in the ARP cache Range 1 40000000 Default Configuration The default timeout is 60000 seconds Command Mode Global Configuration mode User Guidelines It is recommended not to set th...

Page 206: ...vileged EXEC mode command displays entries in the ARP table Syntax show arp ip address ip address mac address mac address ethernet interface port channel port channel number ip address Displays the ARP entry of a specific IP address mac address Displays the ARP entry of a specific MAC address interface Displays the ARP entry of a specific Ethernet port interface port channel number Displays the AR...

Page 207: ...ax ip domain lookup no ip domain lookup Default Configuration IP Domain Naming System DNS based host name to address translation is enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example enables IP Domain Naming System DNS based host name to address translation Console show arp ARP timeout 80000 Seconds Interface ...

Page 208: ...d Command Mode Global Configuration mode User Guidelines This command enables host name to address translation The preference in name to address resolution is determined by the type of host name to address entry Static entries are read first followed by DHCP entries and DNS protocol entries Examples The following example defines default domain name dell com ip name server The ip name server Global...

Page 209: ... address mapping in the host cache Use the no form of this command to remove the host name to address mapping Syntax ip host name address no ip host name name Name of the host Range 1 158 characters address Associated IP address Default Configuration No host is defined Command Mode Global Configuration mode User Guidelines Up to 64 host name to address mapping entries are permitted in the host cac...

Page 210: ...r guidelines for this command Examples The following example deletes all entries from the host name to address cache clear host dhcp The clear host dhcp Privileged EXEC mode command deletes entries from the host name to address mapping received from Dynamic Host Configuration Protocol DHCP Syntax clear host dhcp name name Specifies the host entry to be removed Range 1 158 characters Removes all en...

Page 211: ...ts Privileged EXEC mode command displays the default domain name a list of name server hosts the static and the cached list of host names and addresses Syntax show hosts name name Specifies the host name Range 1 158 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console clear...

Page 212: ...m com usa sales gm com DHCP Name address lookup is enabled Name servers Preference order 176 16 1 18 176 16 1 19 Configured host name to address mapping Host Addresses accounting gm com 176 16 8 8 176 16 8 9 DHCP Cache TTL Hours Host Total Elapsed Type Addresses www stanford edu 72 3 IP 171 64 14 203 book book Page 212 Thursday December 18 2008 7 40 PM ...

Page 213: ...iguration procedure is enabled Command Mode Interface Configuration Ethernet VLAN Port channel mode This command cannot be configured for a range of interfaces range context User Guidelines The ipv6 enable command automatically configures an IPv6 link local unicast address on the interface while also enabling the interface for IPv6 processing The no ipv6 enable command removes the entire IPv6 inte...

Page 214: ...s initiated to discover a router and assign IP addresses to the interface based on the advertised on link prefixes When disabling address autoconfig automatically generated addresses assigned to the interface are removed The default state of the address autoconfig is enabled To enable an IPv6 interface without address autoconfig use the enable ipv6 no autoconfig command Example The following examp...

Page 215: ...limit calculate the interval by the following formula Average Packets Per Second 1 interval bucket size Example The following example configures the rate limit interval to 200ms and bucket size to 20 tokens for IPv6 Internet Control Message Protocol ICMP error messages show ipv6 icmp error interval The show ipv6 error interval command Privileged EXEC mode command displays the IPv6 ICMP error inter...

Page 216: ...sh mark must precede the decimal Range 3 128 only 64 when the eui 64 parameter is used eui 64 Specifies to build an interface ID in the low order 64 bits of the IPv6 address based on the interface MAC address anycast Indicates that this address is an anycast address Default Configuration No IP address is defined for the interface Command Mode Interface Configuration Ethernet VLAN Port channel mode...

Page 217: ...hannel Cannot be configured for a range of interfaces range context User Guidelines Using the no ipv6 link local address command removes the manually configured link local IPv6 address from an interface Multiple IPv6 addresses can be configured per interface but only one link local address When the no ipv6 link local address command is used the interface is reconfigured with the standard link loca...

Page 218: ...face configuration mode Ethernet VLAN Port channel User Guidelines If a packet addressed to one of the interface s IP address with TCP UDP port not assigned is received and ICMP unreachable messages is enabled the device sends an ICMP unreachable message To disable sending ICMP unreachable messages on the interface use the no ipv6 unreachables command Example The following example enables the gene...

Page 219: ...IPv6Z address format ipv6 link local address interface name interface name vlan integer ch integer isatap integer physical port name 0 integer decimal number integer decimal number decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example 1 e16 Configuring a new default GW without deleting the previous configured information overwrites the previous configuration A co...

Page 220: ...ines The ipv6 mld join group command configures MLD reporting for a specified group The packets that are addressed to a specified group address will be passed up to the client process in the device Example The following example configures MLD reporting for specific groups ipv6 mld version The ipv6 mld version interface configuration command changes the Multicast Listener Discovery Protocol MLD ver...

Page 221: ... configured for IPv6 Syntax show ipv6 interface ethernet interface number vlan vlan id port channel number ethernet interface number Ethernet port number vlan vlan id VLAN number port channel number Port channel number Default Configuration Displays all IPv6 interfaces Command Mode Privileged EXEC mode User Guidelines To display IPv6 neighbor discovery cache information use the show ipv6 neighbors...

Page 222: ...anual 1 e4 ff02 1 linklayer 1 e5 ff02 78 manual 1 e6 ff02 1 ff00 22 manual 1 e7 ff02 1 ff00 1234 manual 1 e8 ff02 1 ff00 5668 manual VLAN 1 2002 1 1 1 200 b0ff fe00 other VLAN 1 3001 1 64 manual VLAN 1 4004 55 64 ANY manual VLAN 1 fe80 200 b0ff fe00 0 linklayer VLAN 1 ff02 1 linklayer VLAN 1 ff02 77 manual VLAN 1 ff02 1 ff00 0 manual VLAN 1 ff02 1 ff00 1 manual VLAN 1 ff02 1 ff00 55 manual book bo...

Page 223: ...D DAD attempts 1 MTU size 1500 Stateless Address Autoconfiguration state enabled ICMP unreachable message state enabled MLD version 2 IP addresses Type DAD State 2002 1 1 1 200 b0ff fe00 other Active 3001 1 64 manual Active 4004 55 64 ANY manual Active fe80 200 b0ff fe00 0 linklayer Active ff02 1 linklayer Active ff02 77 manual ff02 1 ff00 0 manual ff02 1 ff00 1 manual ff02 1 ff00 55 manual book b...

Page 224: ...e IPv6 routing table Console show ipv6 route Codes L Local S Static I ICMP ND Router Advertisment The number in the brackets is the metric S 0 via fe80 77 0 VLAN 1 Lifetime Infinite ND 0 via fe80 200 cff fe4a dfa8 0 VLAN 1 Lifetime 1784 sec L 2001 64 is directly connected g2 Lifetime Infinite L 2002 1 1 1 64 is directly connected VLAN 1 Lifetime 2147467 sec L 3001 64 is directly connected VLAN 1 L...

Page 225: ...e uniqueness of new unicast IPv6 addresses before the addresses are assigned to interfaces the new addresses remain in a tentative state while duplicate address detection is performed Duplicate address detection uses neighbor solicitation messages to verify the uniqueness of unicast IPv6 addresses An interface returning to administratively up restarts duplicate address detection for all of the uni...

Page 226: ...ipv6 host Global Configuration mode command defines a static host name to address mapping in the host name cache Use the no form of this command to remove the host name to address mapping Syntax ipv6 host name ipv6 address1 ipv6 address2 ipv6 address4 no ipv6 host name name Name of the host Range 1 158 characters ipv6 address1 Associated IPv6 address The address is specified in hexadecimal using 1...

Page 227: ... vlan vlan id port channel number no ipv6 neighbor ipv6_addr ethernet interface number vlan vlan id port channel number ipv6_addr IPv6 address to map to the specified MAC address hw_addr MAC address to map to the specified IPv6 address ethernet interface number Valid port number vlan vlan id VLAN number port channel number Port channel number Default Configuration This command has no default setti...

Page 228: ...N number port channel port channel number Valid Port Channel index bytes MTU in bytes with a minimum is 1280 bytes default Sets the default MTU size to 1500 bytes Default Configuration 1500 bytes Command Mode Privileged EXEC mode User Guidelines This command is intended for debugging and testing purposes and should be used only by technical support personnel Example The following example sets the ...

Page 229: ...the solicited node multicast address of the target but the corresponding Neighbor Advertisement has not yet been received REACH Reachable Positive confirmation was received within the last ReachableTime milliseconds that the forward path to the neighbor was functioning properly While REACHABLE no special action takes place as packets are sent STALE More than ReachableTime milliseconds have elapsed...

Page 230: ...s command has no default setting Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example deletes all entries in the IPv6 neighbor discovery cache except static entries Console show ipv6 neighbors dynamic Interface IPv6 address HW address State VLAN 1 2031 0 130F 010 B504 DBB4 00 10 B5 04 DB 4B REACH VLAN 1 2031 0 130F 050 2200 2...

Page 231: ...priority is 1 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the system priority to 120 lacp port priority The lacp port priority Interface Configuration Ethernet mode command configures physical port priority Use the no form of this command to return to the default configuration Syntax lacp port priorit...

Page 232: ...assigns an administrative LACP timeout Use the no form of this command to return to the default configuration Syntax lacp timeout long short no lacp timeout long Specifies the long timeout value short Specifies the short timeout value Default Configuration The default port timeout value is long Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this...

Page 233: ...atistics Link aggregation statistics information protocol state Link aggregation protocol state information Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example display LACP information for Ethernet port 1 e1 Console config interface ethernet 1 e6 Console config ...

Page 234: ...n FALSE collecting FALSE distributing FALSE expired FALSE Partner system priority 0 system mac addr 00 00 00 00 00 00 port Admin key 0 port Oper key 0 port Oper number 0 port Admin priority 0 port Oper priority 0 port Oper timeout LONG LACP Activity PASSIVE Aggregation AGGREGATABLE synchronization FALSE collecting FALSE distributing FALSE expired FALSE book book Page 234 Thursday December 18 2008 ...

Page 235: ...e FSM Port Disabled State Mux FSM Detached State Periodic Tx FSM No Periodic State Control Variables BEGIN FALSE LACP_Enabled TRUE Ready_N FALSE Selected UNSELECTED Port_moved FALSE NNT FALSE Port_enabled FALSE Timer counters periodic tx timer 0 current while timer 0 wait while timer 0 book book Page 235 Thursday December 18 2008 7 40 PM ...

Page 236: ... has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays LACP information about port channel 1 Console show lacp port channel 1 Port Channel 1 Port Type 1000 Ethernet Actor System Priority 1 MAC Address 00 02 85 0E 1C 00 Admin Key 29 Oper Key 29 Partner System Priority 0 MAC Address 00 00 00...

Page 237: ... for remote console access Telnet ssh Virtual terminal for secured remote console access SSH Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example configures the device as a virtual terminal for remote console access Console config line telnet Console config...

Page 238: ...red speed is applied when Autobaud is disabled This configuration applies only to the current session Examples The following example configures the line baud rate to 115200 autobaud The autobaud Line Configuration mode command sets the line for automatic baud rate detection autobaud To disable automatic baud rate detection use the no form of the command Syntax autobaud no autobaud Default Configur...

Page 239: ...ation Syntax exec timeout minutes seconds no exec timeout minutes Specifies the number of minutes Range 0 65535 seconds Specifies additional time intervals in seconds Range 0 59 Default Configuration The default configuration is 10 minutes Command Mode Line Configuration mode User Guidelines To specify no timeout enter the exec timeout 0 command Examples The following example configures the interv...

Page 240: ... use the terminal history user EXEC mode command Example The following example enables the command history function for telnet history size The history size Line Configuration mode command configures the command history buffer size for a particular line Use the no form of this command to reset the command history buffer size to the default configuration Syntax history size number of commands no hi...

Page 241: ...EC command enables the command history function for the current terminal session Use the no form of this command to disable the command history function Syntax terminal history no terminal history Default Configuration The default configuration for all terminal sessions is defined by the history line configuration command Command Mode User EXEC mode User Guidelines There are no user guidelines for...

Page 242: ...idelines The terminal history size User EXEC command configures the size of the command history buffer for the current terminal session To change the default size of the command history buffer use the history line configuration command The maximum number of commands in all buffers is 256 Examples The following example configures the command history buffer size to 20 commands for the current termin...

Page 243: ... Examples The following example displays the line configuration Console show line Console configuration Interactive timeout Disabled History 10 Baudrate 9600 Databits 8 Parity none Stopbits 1 Telnet configuration Interactive timeout 10 minutes 10 seconds History 10 SSH configuration Interactive timeout 10 minutes 10 seconds History 10 book book Page 243 Thursday December 18 2008 7 40 PM ...

Page 244: ...244 Line Commands book book Page 244 Thursday December 18 2008 7 40 PM ...

Page 245: ...e a management access list The command enters the Access list Configuration mode where permit and deny access rules are defined using the permit Management and deny Management commands If no match criteria are defined the default is deny If you re enter an access list context the new rules are entered at the end of the access list Use the management access class command to select the active access...

Page 246: ...interfaces 1 e1 and 2 e9 and makes the new access list the active list Console config management access list mlist Console config macl permit ethernet 1 e1 Console config macl permit ethernet 2 e9 Console config macl exit Console config management access class mlist Console config management access list mlist Console config macl deny ethernet 1 e1 Console config macl deny ethernet 2 e9 Console con...

Page 247: ...he prefix length is optional mask mask A valid network mask of the source IP address mask prefix length Number of bits that comprise the source IP address prefix The prefix length must be preceded by a forward slash Range 0 32 service service Service type Possible values telnet ssh http https and snmp Default Configuration If no permit rule is defined the default is set to deny Command Mode Manage...

Page 248: ...gth is optional mask mask A valid network mask of the source IP address mask prefix length Specifies the number of bits that comprise the source IP address prefix The prefix length must be preceded by a forward slash Range 0 32 service service Service type Possible values telnet ssh http https and snmp Default Configuration This command has no default configuration Command Mode Management Access l...

Page 249: ...n If no access list is specified an empty access list is used Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures an access list called mlist as the management access list show management access list The show management access list Privileged EXEC mode command displays management access lists Syntax show mana...

Page 250: ...fault Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information about the active management access list Console show management access list mlist mlist permit ethernet 1 e1 permit ethernet 2 e2 Note all other access implicitly denied Console show manageme...

Page 251: ...and is enabled Command Mode Global Configuration mode User Guidelines There are no guidelines for this command Example The following example enables Link Layer Discovery Protocol LLDP lldp enable interface The lldp enable Interface Configuration mode command enables Link Layer Discovery Protocol LLDP on an interface Use the no form of this command to disable LLDP on an interface console config lld...

Page 252: ...f a port I e LLDP frames are sent and received on blocked ports If a port is controlled by 802 1X LLDP operates only if the port is authorized Examples The following example enables Link Layer Discovery Protocol LLDP on an interface lldp timer The lldp timer command Global Configuration mode command specifies how often the software sends Link Layer Discovery Protocol LLDP updates Use the no form o...

Page 253: ... to the default setting Syntax lldp hold multiplier number no lldp hold multiplier number Specifies the hold time to be sent in the LLDP update packets as a multiple of the timer value Range 2 10 Default Configuration The default configuration is 4 Command Modes Global Configuration mode User Guidelines The actual time to live value used in LLDP frames can be expressed by the following formula TTL...

Page 254: ...Syntax lldp reinit delay seconds no lldp reinit delay seconds Specifies the minimum time in seconds an LLDP port waits before reinitializing LLDP transmission Range 1 10 seconds Default Configuration 2 seconds Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example specifies the minimum time an LLDP port will wait before ...

Page 255: ... Global Configuration mode Usage Guidelines It is recommended that the TxDelay be less than 0 25 of the LLDP timer interval Examples The following example specifies the delay between successive LLDP frame transmissions initiated by value status changes in the LLDP local systems MIB lldp optional tlv To specify which optional TLVs from the basic set should be transmitted use the lldp optional tlv c...

Page 256: ...nagement address advertised from an interface Use the no form of this command to cease advertising management address information Syntax lldp management address ip ip address no management address ip ip address Specifies the management address to advertise Default Configuration No IP address is advertised Command Modes Interface configuration Ethernet mode User Guidelines Each port can advertise o...

Page 257: ...luded Available TLVs are network policy location poe pse The capabilities TLV is always included if LLDP MED is enabled Default Configuration LLDP is disabled Command Modes Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example enables Link Layer Discovery Protocol LLDP Media Endpoint Discovery MED on an interface as networ...

Page 258: ...e signaling softphone voice video conferencing streaming video video signaling vlan id VLAN identifier for the application vlan type Specifies if the application is using a tagged or an untagged VLAN up priority User Priority Layer 2 priority to be used for the specified application dscp value DSCP value to be used for the specified application Default Configuration No Network policy is defined Co...

Page 259: ...rface Configuration Ethernet mode User Guidelines There are no guidelines for this command Example The following example attaches a LLDP MED network policy to a port lldp med location The lldp med location Interface Configuration mode command configures location information for the Link Layer Discovery Protocol LLDP Media Endpoint Discovery MED for an interface Use the no form of this command to d...

Page 260: ...or colon Default Configuration The location is not configured Command Mode Interface Configuration Ethernet mode User Guidelines There are no guidelines for this command Example The following example configures location information for the LLDP MED for an interface clear lldp rx The clear lldp rx Privileged EXEC mode command restarts the LLDP RX state machine and clears the neighbors table Syntax ...

Page 261: ...lldp configuration To display the Link Layer Discovery Protocol LLDP configuration use the show lldp configuration command in privileged EXEC mode Syntax show lldp configuration ethernet interface Interface Ethernet port Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command console config exit console clear lldp rx console book book Page 261 Thursday Dece...

Page 262: ...ax show lldp med configuration ethernet interface interface Ethernet port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no guidelines for this command console show lldp configuration Timer 30 Seconds Hold multiplier 4 Reinit delay 2 Seconds Tx delay 2 Seconds Port State Optional TLVs Address 1 e1 RX TX PD SN SD SC 172 16...

Page 263: ...C mode Syntax show lldp local ethernet interface Interface Ethernet port Command Modes Privileged EXEC mode console show lldp med configuration Network policy 1 Application type Voice VLAN ID 2 tagged Layer 2 priority 0 DSCP 0 Port Capabilities Network Policy Location PoE 1 e1 Yes Yes 1 Yes Yes 1 e2 Yes Yes 1 Yes Yes 1 e3 Yes No No Yes console show lldp med configuration ethernet 1 1 Port Capabili...

Page 264: ...gement address 172 16 1 8 802 3 MAC PHY Configuration Status Auto negotiation support Supported Auto negotiation status Enabled Auto negotiation Advertised Capabilities 100BASE TX full duplex 1000BASE T full duplex Operational MAU type 1000BaseTFD LLDP MED capabilities Network Policy Location Identification LLDP MED Device type Network Connectivity LLDP MED Network policy Application type Voice Fl...

Page 265: ...Layer Discovery Protocol LLDP console show lldp neighbors v Port Device ID Port ID Hold Time Capabilities System Name e1 0060 704C 73FE 1 117 B ts 7800 2 e1 0060 704C 73FD 1 93 B ts 7800 2 e2 0060 704C 73F C 9 1 B R ts 7900 1 e3 0060 704C 73FB 1 92 W ts 7900 2 console show lldp neighbors ethernet g1 Device ID 0060 704C 73FE Port ID 1 Hold Time 117 Capabilities B System Name ts 7800 2 System descri...

Page 266: ...266 LLDP Commands book book Page 266 Thursday December 18 2008 7 40 PM ...

Page 267: ...Tokens in the form token in the message text can be included Tokens are replaced with the corresponding configuration variable Tokens are described in the usage guidelines Default Configuration Disabled no EXEC banner is displayed Command Mode Global Configuration mode User Guidelines Follow this command with one or more blank spaces and a delimiting character Then enter one or more lines of text ...

Page 268: ...the device domain Displays the domain name for the device bold Indicates that the next text is a bold text Using this token again indicates the end of the bold text inverse Indicates that the next text is an inverse text Using this token again indicates the end of the inverse text contact Displays the system contact string location Displays the system location string mac address Displays the base ...

Page 269: ...orm token in the message text can be included Tokens are replaced with the corresponding configuration variable Tokens are described in the usage guidelines Default Configuration Disabled no Login banner is displayed Command Mode Global Configuration mode User Guidelines Follow this command with one or more blank spaces and a delimiting character Then enter one or more lines of text terminating th...

Page 270: ...ost name for the device domain Displays the domain name for the device bold Indicates that the next text is a bold text Using this token again indicates the end of the bold text inverse Indicates that the next text is an inverse text Using this token again indicates the end of the inverse text contact Displays the system contact string location Displays the system location string mac address Displ...

Page 271: ... text can be included Tokens are replaced with the corresponding configuration variable Tokens are described in the usage guidelines Default Configuration Disabled no MOTD banner is displayed Command Mode Global Configuration mode User Guidelines Follow this command with one or more blank spaces and a delimiting character Then enter one or more lines of text terminating the message with the second...

Page 272: ...r the device domain Displays the domain name for the device bold Indicates that the next text is a bold text Using this token again indicates the end of the bold text inverse Indicates that the next text is an inverse text Using this token again indicates the end of the inverse text contact Displays the system contact string location Displays the system location string mac address Displays the bas...

Page 273: ...s There are no user guidelines for this command Example The following example enables the display of exec banners login banner The login banner Line Configuration mode command enables the display of login banners Use the no form of this command to disable the display of login banners Syntax login banner no login banner Default Configuration Enabled Command Mode Line Configuration mode Console conf...

Page 274: ... command to disable the display of motd banners Syntax motd banner no motd banner Default Configuration Enabled Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables the display of message of the day banners Console Console config line console Console config line login banner Console Console config line console Cons...

Page 275: ...ation This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the banners configuration Device show motd Console Enabled Telnet Enabled SSH Enabled MOTD Message bold Upgrade bold to all devices begins at March 12 book book Page 275 Thursday December 18 2008 7 40 PM ...

Page 276: ...276 Login Banner book book Page 276 Thursday December 18 2008 7 40 PM ...

Page 277: ...t Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines The port to be tested should be shut down during the test unless it is a combination port with fiber port active The maximum length of the cable for the TDR test is 120 meter Examples The following example results in a report on the cable attached to port 1 e3 Console test copper port tdr 1 ...

Page 278: ...e for the TDR test is 120 meter Example The following example displays information on the last TDR test performed on all copper ports show copper ports cable length The show copper ports cable length User EXEC mode command displays the estimated copper cable length attached to a port Syntax show copper ports cable length interface interface A valid Ethernet port Full syntax unit port Console show ...

Page 279: ...uidelines The port must be active and working in 100M or 1000M mode Example The following example displays the estimated copper cable length attached to all ports Console show copper ports cable length Port Length meters 1 e1 50 1 e2 Copper not active 1 e3 110 140 1 g1 Fiber book book Page 279 Thursday December 18 2008 7 40 PM ...

Page 280: ...280 PHY Diagnostics Commands book book Page 280 Thursday December 18 2008 7 40 PM ...

Page 281: ...d Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example enables powered device discovery protocol on port 1 e1 so that power will be supplied to a discovered device power inline powered device The power inline powered device Interface Configuration Ethernet mode command adds a comment or description of the pow...

Page 282: ... power inline priority The power inline priority Interface Configuration Ethernet mode command configures the inline power management priority of the interface Use the no form of this command to return to the default configuration Syntax power inline priority critical high low no power inline priority critical Indicates that operating the powered device is critical high Indicates that operating th...

Page 283: ...d for initiating inline power usage alarms Use the no form of this command to return to the default configuration Syntax power inline usage threshold percentage no power inline usage threshold percentage Specifies the threshold as a percentage to compare measured power Range 1 99 Default Configuration The default threshold is 95 percent Command Mode Global Configuration mode User Guidelines There ...

Page 284: ...ser guidelines for this command Example The following example enables inline power traps to be sent when a power usage threshold is exceeded show power inline The show power inline User EXEC mode command displays the information about inline power Syntax show power inline interface interface interface Valid Ethernet port Full syntax unit port Default Configuration This command has no default confi...

Page 285: ...tts 0 95 Disable 6 on 370 Watts 0 Watts 0 95 Disable 7 off 1 Watts 0 Watts 0 95 Disable 8 on 370 Watts 0 Watts 0 95 Disable off 1 Watts 0 Watts 0 95 Disable on 370 Watts 0 Watts 0 95 Disable off 1 Watts 0 Watts 0 95 Disable on 370 Watts 0 Watts 0 95 Disable Console show power inline ethernet 1 e1 Port Powered Device State Status Priority Class 2 e1 Auto Searching low class0 2 e2 Auto Searching low...

Page 286: ...w class0 2 e17 Auto Searching low class0 2 e18 Auto Searching low class0 2 e19 Auto Searching low class0 2 e20 Auto Searching low class0 2 e21 Auto Searching low class0 2 e22 Auto Searching low class0 2 e23 Auto Searching low class0 2 e24 Auto Searching low class0 2 e25 Auto Searching low class0 2 e26 Auto Searching low class0 2 e27 Auto Searching low class0 2 e28 Auto Searching low class0 2 e29 A...

Page 287: ...ching low class0 2 e43 Auto Searching low class0 2 e44 Auto Searching low class0 2 e45 Auto Searching low class0 2 e46 Auto Searching low class0 2 e47 Auto Searching low class0 2 e48 Auto Searching low class0 4 e1 Auto Off low class0 4 e2 Auto Off low class0 4 e3 Auto Off low class0 4 e4 Auto Off low class0 4 e5 Auto Off low class0 4 e6 Auto Off low class0 4 e7 Auto Off low class0 4 e8 Auto Off lo...

Page 288: ...ass0 4 e22 Auto Off low class0 4 e23 Auto Off low class0 4 e24 Auto Off low class0 6 e1 Auto Off low class0 6 e2 Auto Off low class0 6 e3 Auto Off low class0 6 e4 Auto Off low class0 6 e5 Auto Off low class0 6 e6 Auto Off low class0 6 e7 Auto Off low class0 6 e8 Auto Off low class0 6 e9 Auto Off low class0 6 e10 Auto Off low class0 6 e11 Auto Off low class0 6 e12 Auto Off low class0 6 e13 Auto Off...

Page 289: ... the port is enabled to provide power Can be Auto or Never Priority The priority of the port from the point of view of inline power management Can be Critical High or Low Status Describes the inline power operational status of the port Can be On Off Test Fail Testing Searching or Fault Class The power consumption range of the powered device Can be Class 0 0 44 12 95 Class 1 0 44 3 84 Class 2 3 84 ...

Page 290: ...290 Power over Ethernet Commands book book Page 290 Thursday December 18 2008 7 40 PM ...

Page 291: ...ult configuration Command Mode Global Configuration mode User Guidelines Eight aggregated links can be defined with up to eight member ports per port channel The aggregated links valid IDs are 1 15 Example The following example enters the context of port channel number 15 interface range port channel The interface range port channel Global Configuration mode command enters the interface configurat...

Page 292: ...els 1 2 and 6 to receive the same command channel group The channel group Interface Configuration Ethernet mode command associates a port with a port channel Use the no form of this command to remove a port from a port channel Syntax channel group port channel number mode on auto no channel group port channel_number Specifies the number of the valid port channel for the current port to join on For...

Page 293: ...port channel number port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information on all port channels Console config interface ethernet 1 e1 Console config if channel group 1 mode on Console show interfaces por...

Page 294: ...294 Port Channel Commands book book Page 294 Thursday December 18 2008 7 40 PM ...

Page 295: ...ort rx Monitors received packets only tx Monitors transmitted packets only Default Configuration Monitors both received and transmitted packets Command Mode Interface Configuration Ethernet mode User Guidelines This command enables traffic on one port to be copied to another port or between the source port src interface and a destination port the port being configured Only a single target port can...

Page 296: ...ng the interface range ethernet command NOTE The Port Mirroring target must be a member of the Ingress VLAN of all Mirroring source ports Therefore Multicast and Broadcast frames in these VLANs are seen more than once Actually N where N equals four When both transmit Tx and receive Rx directions of more than one port are monitored the capacity may exceed the bandwidth of the target port In this ca...

Page 297: ... port monitoring status is displayed console config console config int ether 1 e2 console config if port monitor 1 e3 console config if port monitor 1 e4 console config if port monitor 1 e5 console config if port monitor 1 e6 console config if port monitor 1 e7 Too many monitoring sessions console config if book book Page 297 Thursday December 18 2008 7 40 PM ...

Page 298: ...298 Port Monitor Commands book book Page 298 Thursday December 18 2008 7 40 PM ...

Page 299: ...iguration QoS is disabled on the device Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables QoS on the device show qos The show qos User EXEC mode command displays quality of service QoS for the device Syntax show qos Default Configuration This command has no default configuration Console config qos book book Pa...

Page 300: ...es no priority queue out num of queues number of queues Assign the number of queues to be expedite queues The expedite queues are the queues with higher indexes Values 0 or 4 Default Configuration All queues are expedite queues Command Mode Global Configuration mode User Guidelines When the specified number of expedite queues is 0 WRR scheduling mechanism is used to allocate weights to queues in t...

Page 301: ... Configuration Ethernet Port Channel mode User Guidelines There are no user guidelines for this command Example The following example sets the shaper on Ethernet port 1 e15 to 64kpbs committed rate rate limit Ethernet The rate limit Interface Configuration Ethernet mode command limits the rate of the incoming traffic Use the no form of this command to disable the rate limit Syntax rate limit rate ...

Page 302: ... to a specific egress queue return to the default configuration use the no form of this command Syntax wrr queue cos map queue id cos0 cos7 no wrr queue cos map queue id queue id Specifies the queue number to which the CoS values are mapped cos1 cos7 Specifies CoS values to be mapped to a specific queue Range 0 4 Default Configuration The map default values for 4 queues Cos0 is mapped to queue 2 C...

Page 303: ...ap and the EF priority shapers Displays the shaper of the specified interface and the shaper for the queue on the specified interface rate limit Displays the rate limit configuration ethernet interface number Valid Ethernet port number port channel number Valid port channel number Default Configuration There is no default configuration for this command Command Mode User EXEC mode User Guidelines I...

Page 304: ...Default CoS 0 Trust mode enable Ethernet e2 Default CoS 0 Trust mode enable console show qos interface queuing Ethernet e1 wrr bandwidth weights and EF priority qid weights Ef Priority 1 N A ena 1 2 N A ena 2 3 N A ena 3 4 N A ena 4 Cos queue map cos qid 0 2 1 1 2 1 3 2 4 3 5 3 6 4 7 4 book book Page 304 Thursday December 18 2008 7 40 PM ...

Page 305: ...pecify up to 8 DSCP values separate each DSCP with a space Range 0 63 queue id Enter the queue number to which the DSCP value corresponds Default Configuration The following table describes the default map Ethernet e2 wrr bandwidth weights and EF priority qid weights Ef Priority 1 N A ena 1 2 N A ena 2 3 N A ena 3 4 N A ena 4 Cos queue map 0 2 1 1 2 1 3 2 4 3 5 3 6 4 7 4 DSCP value 0 15 16 31 32 4...

Page 306: ...ress packets are classified with packet DSCP values Default Configuration CoS is the default trust mode Command Mode Global Configuration mode User Guidelines Packets entering a quality of service QoS domain are classified at the edge of the QoS domain When packets are classified at the edge the switch port within the QoS domain can be configured to one of the trusted states because there is no ne...

Page 307: ...rface Configuration Ethernet Port channel mode User Guidelines There are no user guidelines for this command Example The following example configures Ethernet port 1 e15 to the default trust state qos cos The qos cos Interface Configuration Ethernet Port channel mode command defines the default CoS value of a port Use the no form of this command to return to the default configuration Syntax qos co...

Page 308: ...The following example configures port 1 e15 default CoS value to 3 show qos map The show qos map User EXEC mode command displays all QoS maps Syntax show qos map dscp queue dscp queue Indicates the DSCP to queue map Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Console config interface ether...

Page 309: ... map d1 d2 0 1 2 3 4 5 6 7 8 9 0 01 01 01 01 01 01 01 01 01 01 1 01 01 01 01 01 01 02 02 02 02 2 02 02 02 02 02 02 02 02 02 02 3 02 02 03 03 03 03 03 03 03 03 4 03 03 03 03 03 03 03 03 04 04 5 04 04 04 04 04 04 04 04 04 04 6 04 04 04 04 Column Description d1 Decimal Bit 1 of DSCP d2 Decimal Bit 2 of DSCP 01 04 Queue numbers book book Page 309 Thursday December 18 2008 7 40 PM ...

Page 310: ...310 QoS Commands book book Page 310 Thursday December 18 2008 7 40 PM ...

Page 311: ...o 0 Range 0 65535 timeout Specifies the timeout value in seconds Range 1 30 retries Specifies the retransmit value Range 1 10 deadtime Length of time in minutes during which a RADIUS server is skipped over by transaction requests Range 0 2000 key string Specifies the authentication and encryption key for all RADIUS communications between the device and the RADIUS server This key must match the enc...

Page 312: ...uest port number 20 and a 20 second timeout period radius server key The radius server key Global Configuration mode command sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon Use the no form of this command to return to the default configuration Syntax radius server key key string no radius server key key string Specifies the authenti...

Page 313: ...of this command to reset the default configuration Syntax radius server retransmit retries no radius server retransmit retries Specifies the retransmit value Range 1 10 Default Configuration The software searches the list of RADIUS server hosts 3 times Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the n...

Page 314: ...Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the source IP address used for communication with RADIUS servers to 10 1 1 1 radius server source ipv6 The radius server source ipv6 Global Configuration mode command specifies the source IPv6 address used for the IPv6 communication with RADIUS servers Use the no fo...

Page 315: ... which the device waits for a server host to reply Use the no form of this command to return to the default configuration Syntax radius server timeout timeout no radius server timeout timeout Specifies the timeout value in seconds Range 1 30 Default Configuration The timeout value is 3 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Exam...

Page 316: ...ich a RADIUS server is skipped over by transaction requests Range 0 2000 Default Configuration The deadtime setting is 0 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the deadtime to 10 minutes show radius servers The show radius servers Privileged EXEC mode command displays the RADIUS server settings Syntax ...

Page 317: ...IUS server settings Console show radius servers IP address Port Auth TimeOut Retransmit DeadTime Source IP Priority Usage 172 16 1 1 1645 Global Global Global 1 All 172 16 1 2 1645 11 8 Global Global 2 All Global values TimeOut 3 Retransmit 3 Deadtime 0 Source IP 172 16 8 1 book book Page 317 Thursday December 18 2008 7 40 PM ...

Page 318: ...318 RADIUS Commands book book Page 318 Thursday December 18 2008 7 40 PM ...

Page 319: ...Valid port channel number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays RMON Ethernet statistics for Ethernet port 1 e1 Console show rmon statistics ethernet 1 e1 Port 1 e1 Octets 0 Packets 0 Broadcast 0 Multicast 0 CRC Align Errors 0 Collisions 0 Under...

Page 320: ...he best estimate of the total number of collisions on this Ethernet segment Undersize Pkts The total number of packets received less than 64 octets long excluding framing bits but including FCS octets and otherwise well formed Oversize Pkts The total number of packets received longer than 1632 octets excluding framing bits but including FCS octets and otherwise well formed Fragments The total numb...

Page 321: ...d for the RMON collection history statistics group is 50 Number of seconds in each polling cycle is 1800 Command Mode Interface Configuration Ethernet port channel mode User Guidelines Cannot be configured for a range of interfaces range context 128 to 255 Octets The total number of packets including bad packets received that are between 128 and 255 octets in length inclusive excluding framing bit...

Page 322: ...r interface Valid Ethernet port Full syntax unit port port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays all RMON history group statistics Console config interface ethernet 1 e1 Console config if rmon collection ...

Page 323: ...ollision counters seconds Specifies the period of time in seconds Range 1 4294967295 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Field Description Index An index that uniquely identifies the entry Interface The sampled Ethernet interface Interval The interval in seconds between samples Req...

Page 324: ...s Packets Broadcast Multicast Util Jan 18 2002 21 57 00 303595962 357568 3289 7287 19 Jan 18 2002 21 57 30 287696304 275686 2789 5878 20 Console show rmon history 1 errors Sample Set 1 Owner Me Interface 1 e1 Interval 1800 Requested samples 50 Granted samples 50 Maximum table size 500 800 after reset Time CRC Align Undersize Oversize Fragments Jabbers Jan 18 2002 21 57 00 1 1 0 49 0 Jan 18 2002 21...

Page 325: ...l that were directed to a Multicast address This number does not include packets addressed to the Broadcast address Util The best estimate of the mean physical layer network utilization on this interface during this sampling interval in hundredths of a percent CRC Align The number of packets received during this sampling interval that had a length excluding framing bits but including FCS octets be...

Page 326: ...ng interval that were less than 64 octets in length excluding framing bits but including FCS octets had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets AlignmentError It is normal for etherHistoryFragments to increment because it counts both runts which are normal occurrences due to collisions and noise hits Jabber...

Page 327: ...ction is equal to rising or rising falling a single rising alarm is generated If the first sample after this entry becomes valid is less than or equal to fthreshold and direction is equal to falling or rising falling a single falling alarm is generated name Specifies the name of the person who configured this alarm If unspecified the name is an empty string Default Configuration The type is absolu...

Page 328: ...uidelines for this command Example The following example displays the alarms table The following table describes significant fields shown above Console show rmon alarm table Index OID Owner 1 1 3 6 1 2 1 2 2 1 10 1 CLI 2 1 3 6 1 2 1 2 2 1 10 1 Manager 3 1 3 6 1 2 1 2 2 1 10 9 CLI Field Description Index An index that uniquely identifies the entry OID Monitored variable OID Owner The entity that co...

Page 329: ... configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays RMON 1 alarms Console show rmon alarm 1 Alarm 1 OID 1 3 6 1 2 1 2 2 1 10 1 Last sample Value 878128 Interval 30 Sample Type delta Startup Alarm rising Rising Threshold 8700000 Falling Threshold 78 Rising Event 1 Falling Event 1 Owner CLI book book Page 329...

Page 330: ...last sample is subtracted from the current value and the difference compared with the thresholds Startup Alarm The alarm that may be sent when this entry is first set If the first sample is greater than or equal to the rising threshold and startup alarm is equal to rising or rising and falling then a single rising alarm is generated If the first sample is less than or equal to the falling threshol...

Page 331: ...onfigured this event If unspecified the name is an empty string Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines If log is specified as the notification type an entry is made in the log table for each event If trap is specified an SNMP trap is sent to one or more management stations Example The following example configures an ev...

Page 332: ...identifies the event Description A comment describing this event Type The type of notification that the device generates about this event Can have the following values none log trap log trap In the case of log an entry is made in the log table for each event In the case of trap an SNMP trap is sent to one or more management stations Community If an SNMP trap is to be sent it is sent to the SNMP co...

Page 333: ...no user guidelines for this command Example The following example displays the RMON log table Console show rmon log Maximum table size 500 Event Description Time 1 Errors Jan 18 2002 23 48 19 1 Errors Jan 18 2002 23 58 17 2 High Broadcast Jan 18 2002 23 59 48 Console show rmon log Maximum table size 500 800 after reset Event Description Time 1 Errors Jan 18 2002 23 48 19 1 Errors Jan 18 2002 23 58...

Page 334: ...tries Range 20 270 log entries Maximum number of log table entries Range 20 100 Default Configuration History table size is 270 Log table size is 200 Command Mode Global Configuration mode User Guidelines The configured table size takes effect after the device is rebooted Example The following example configures the maximum RMON history table sizes to 100 entries Field Description Event An index t...

Page 335: ... read only access default rw Indicates read write access su Indicates SNMP administrator access view view name Name of a previously defined view The view defines the objects available to the community It s not relevant for su which has an access to the whole MIB If unspecified all the objects except of the community table and SNMPv3 user and access tables are available Range 1 30 characters ipv4 a...

Page 336: ...ights of a community string When it is specified An internal security name is generated The internal security name for SNMPv1 and SNMPv2 security models is mapped to the group name The no snmp server community command is used to remove a community or a community group Examples The following example defines community access string public to permit administrative access to SNMP protocol at an admini...

Page 337: ...a single subidentifier with the asterisk wildcard to specify a subtree family for example 1 3 4 You may also identify the subtree by specifying its logical name for example IfEntry 1 included Indicates that the view type is included excluded Indicates that the view type is excluded Default Configuration No view entry exists Command Mode Global Configuration mode User Guidelines This command can be...

Page 338: ...ates a view that includes all objects in the MIB II system group except for sysServices System 7 and all objects for interface 1 in the MIB II interface group snmp server group The snmp server group Global Configuration mode command configures a new Simple Management Protocol SNMP group or a table that maps SNMP users to SNMP views Use the no form of this command to remove a specified SNMP group C...

Page 339: ...at is the name of the view that enables you to enter data and configure the contents of the agent If unspecified nothing is defined for the write view Range Up to 30 characters notify notifyview A string that is the name of the view that enables you to specify an inform or a trap If unspecified nothing is defined for the notify view Range Up to 30 characters Default Configuration No group entry ex...

Page 340: ...level The user should enter a password for authentication and generation of a DES key for privacy Range 1 32 characters auth sha password Indicates the HMAC SHA 96 authentication level The user should enter a password for authentication and generation of a DES key for privacy Range 1 32 characters auth md5 key md5 des keys Indicates the HMAC MD5 96 authentication level The user should enter a conc...

Page 341: ...ngineid designates the remote management station and should be defined to enable the device to receive informs Examples The following example configures an SNMPv3 user John in group user group snmp server engineID local The snmp server engineID local Global Configuration mode command specifies the Simple Network Management Protocol SNMP engineID on the local device Use the no form of this command ...

Page 342: ...gine ID of 123400000000000000000000 you can specify snmp server engineID local 1234 Since the engine ID should be unique within an administrative domain the following is recommended For a standalone device use the default keyword to configure the engine ID For a stackable system configure the engine ID to be used for the entire stack and verify that the stack engine ID is unique throughout the ent...

Page 343: ...ps Default Configuration SNMP traps are enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example enables SNMP traps snmp server filter The snmp server filter Global Configuration mode command creates or updates a Simple Network Management Protocol SNMP server filter entry Use the no form of this command to remove th...

Page 344: ...t the filter type is excluded Default Configuration No filter entry exists Command Mode Global Configuration mode User Guidelines This command can be entered multiple times for the same filter record Later lines take precedence when an object identifier is included in two or more lines Examples The following example creates a filter that includes all objects in the MIB II system group except for s...

Page 345: ...ot applicable to SNMPv1 1 Indicates that SNMPv1 traps will be used 2 Indicates that SNMPv2 traps will be used If port Specifies the UDP port of the host to use If unspecified the default UDP port number is 162 Range 1 65535 filtername Specifies a string that defines the filter for this host If unspecified nothing is filtered Range 1 30 characters seconds Specifies the number of seconds to wait for...

Page 346: ...ed host Syntax snmp server v3 host ip4 address ip6 address hostname hostname username traps informs noauth auth priv udp port port filter filtername timeout seconds retries retries no snmp server v3 host ip4 address ip6 address hostname username traps informs ip4 address The host IPv4 address the targeted recipient ip6 address The host IPv6 address the targeted recipient When the IPv6 address is a...

Page 347: ...uration Command Mode Global Configuration mode User Guidelines A user and notification view are not automatically created Use the snmp server user snmp server group and snmp server view Global Configuration mode commands to generate a user group and notify group respectively The IPv6Z address format ipv6 link local address interface name interface name vlan integer ch integer isatap integer physic...

Page 348: ...here are no user guidelines for this command Examples The following example enables SNMP failed authentication traps snmp server contact The snmp server contact Global Configuration mode command configures the system contact sysContact string To remove system contact information use the no form of the command Syntax snmp server contact text no snmp server contact text Specifies the string that des...

Page 349: ...on text Specifies a string that describes system location information Range 0 160 characters Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Do not include spaces in the text string or place text that includes spaces inside quotation marks Example The following example defines the device location as New_York snmp server set The...

Page 350: ...there might be a situation where a SNMP user sets a MIB variable that does not have an equivalent command In order to generate configuration files that support those situations the snmp server set command is used This command is case sensitive Examples The following example configures the scalar MIB sysName with the value dell show snmp The show snmp Privileged EXEC mode command displays the SNMP ...

Page 351: ...dress public user group all Traps are enabled Authentication trap is enabled Version 1 2 notifications Target Address Type Community Version UDP Port Filter Name TO Sec Retries 192 122 173 42 Trap public 2 162 15 3 192 122 173 42 Inform public 2 162 15 3 Version 3 notifications Target Address Type Username Security Level UDP Port Filter Name TO Sec Retries 192 122 173 42 Inform Bob Priv 162 15 3 S...

Page 352: ...re no user guidelines for this command Example The following example displays the SNMP engine ID Field Description Community string Community access string to permit access to the SNMP protocol Community access Type of access read only read write super access IP Address Management station IP Address Trap Rec Address Targeted Recipient Trap Rec Community Statistics sent with the notification operat...

Page 353: ...lines There are no user guidelines for this command Example The following example displays the configuration of views show snmp groups The show snmp groups Privileged EXEC mode command displays the configuration of groups Syntax show snmp groups groupname groupname Specifies the name of the group Range 1 30 Console show snmp views Name OID Tree Type user view 1 3 6 1 2 1 1 Included user view 1 3 6...

Page 354: ...v Default Default managers group V3 priv Default Field Description Name Name of the group Security Model SNMP model in use v1 v2 or v3 Security Level Authentication of a packet with encryption Applicable only to the SNMP v3 security model Views Read Name of the view that enables only viewing the contents of the agent If unspecified all objects except the community table and SNMPv3 user and access ...

Page 355: ...nfiguration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the configuration of filters Console show snmp filters Name OID Tree Type user filter 1 3 6 1 2 1 1 Included user filter 1 3 6 1 2 1 1 7 Excluded user filter 1 3 6 1 2 1 2 2 1 1 Included book book Page 355 Thurs...

Page 356: ... Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the configuration of users Console show snmp users Name Group name Auth Method Remote John user group md5 John user group md5 08009009020C0B099C075879 book book Page 356 Thursday December 18 2008 7 40...

Page 357: ...onfiguration Spanning tree is enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables spanning tree functionality spanning tree mode The spanning tree mode Global Configuration mode command configures the spanning tree protocol Use the no form of this command to return to the default configuration Console co...

Page 358: ...lowing example configures the spanning tree protocol to RSTP spanning tree forward time The spanning tree forward time Global Configuration mode command configures the spanning tree bridge forward time which is the amount of time a port remains in the listening and learning states before entering the forwarding state Use the no form of this command to return to the default configuration Syntax spa...

Page 359: ...ee BPDUs to other devices Use the no form of this command to return to the default configuration Syntax spanning tree hello time seconds no spanning tree hello time seconds Time in seconds Range 1 10 Default Configuration The default hello time for IEEE Spanning Tree Protocol STP is 2 seconds Command Mode Global Configuration mode User Guidelines When configuring the hello time the following relat...

Page 360: ...ept 2 Forward Time 1 Max Age Max Age 2 Hello Time 1 Example The following example configures the Spanning Tree bridge maximum age to 10 seconds spanning tree priority The spanning tree priority Global Configuration mode command configures the Spanning Tree priority of the device The priority value is used to determine which bridge is elected as the root bridge Use the no form of this command to re...

Page 361: ...ing tree disable Default Configuration Spanning tree is enabled on all ports Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example disables spanning tree on Ethernet port 1 e5 spanning tree cost The spanning tree cost Interface Configuration mode command configures the Spanning Tree path cost for ...

Page 362: ...1 e15 to 35000 spanning tree port priority The spanning tree port priority Interface Configuration mode command configures port priority Use the no form of this command to return to the default configuration Syntax spanning tree port priority priority no spanning tree port priority priority The priority of the port Range 0 240 in multiples of 16 Default Configuration The default port priority for ...

Page 363: ...auto no spanning tree portfast auto Specifies that the software waits for 3 seconds With no BPDUs received on the interface before putting the interface into the PortFast mode Default Configuration PortFast mode is disabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines This feature should be used only with interfaces connected to end stations Otherwise an accident...

Page 364: ...x port is considered a point to point link and a half duplex port is considered a shared link Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example enables shared spanning tree on Ethernet port 1 e5 spanning tree pathcost method The spanning tree pathcost method Global Configuration mode command s...

Page 365: ...n the Spanning Tree is disabled globally or on a single interface Use the no form of this command to return to the default configuration Syntax spanning tree bpdu filtering flooding no spanning tree bpdu filtering Filter BPDU packets when the Spanning Tree is disabled on an interface flooding Flood BPDU packets when the Spanning Tree is disabled on an interface Default Configuration The default se...

Page 366: ...id port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This feature should be used only when working in RSTP or MSTP mode Example The following example restarts the protocol migration process on Ethernet port 1 e11 spanning tree mst priority The spanning tree mst priority Global Configuration mode command configures ...

Page 367: ...ample The following example configures the Spanning Tree priority of instance 1 to 4096 spanning tree mst max hops The spanning tree mst max hops Global Configuration mode command configures the number of hops in an MST region before the BDPU is discarded and the port information is aged out Use the no form of this command to return to the default configuration Syntax spanning tree mst max hops ho...

Page 368: ...ort priority priority no spanning tree mst instance id port priority instance ID ID of the Spanning Tree instance Range 1 15 priority The port priority Range 0 240 in multiples of 16 Default Configuration The default port priority for IEEE Multiple Spanning Tree Protocol MSTP is 128 Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for thi...

Page 369: ...ult path cost is determined by port speed and path cost method long or short as shown below Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures the MSTP instance 1 path cost for Ethernet port 1 e9 to 4 spanning tree mst configuration The spanning tree mst configuration Global Configur...

Page 370: ...ance Syntax instance instance id add remove vlan vlan range instance ID ID of the MST instance Range 1 15 vlan range VLANs to be added to or removed from the specified MST instance To specify a range of VLANs use a hyphen To specify a series of VLANs use a comma Range 1 4094 Default Configuration VLANs are mapped to the common and internal Spanning Tree CIST instance instance 0 Command Mode MST Co...

Page 371: ...guration mode command defines the MST region name Use the no form of this command to return to the default setting Syntax name string no name string MST configuration name Case sensitive Range 1 32 characters Default Configuration The default name is a bridge ID Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command Example The following example defines t...

Page 372: ...ation mode User Guidelines There are no user guidelines for this command Example The following example sets the configuration revision to 1 show mst The show MST Configuration mode command displays the current or pending MST region configuration Syntax show current pending current Indicates the current region configuration pending Indicates the pending region configuration Default Configuration Th...

Page 373: ...Configuration mode command exits the MST configuration mode and applies all configuration changes Syntax exit Default Configuration This command has no default configuration Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command Console config mst show pending Pending MST configuration Name Region1 Revision 1 Instance Vlans Mapped State 0 1 9 21 4094 Enab...

Page 374: ...rt Default Configuration This command has no default configuration Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command Example The following example exits the MST configuration mode without saving changes Console config spanning tree mst configuration Console config mst exit Console config spanning tree mst configuration Console config mst abort book b...

Page 375: ...Indicates detailed information active Indicates active ports only blockedports Indicates blocked ports only mst configuration Indicates the MST configuration identifier instance id Specifies ID of the Spanning Tree instance Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The fol...

Page 376: ...t Type 1 e1 Enabled 128 1 20000 FWD Root No P2p RSTP 1 e2 Enabled 128 2 20000 FWD Desg No Shared STP 1 e3 Disabled 128 3 20000 1 e4 Enabled 128 4 20000 BLK ALTN No Shared STP 1 e5 Enabled 128 5 20000 DIS Console show spanning tree Spanning tree enabled mode RSTP Default port cost method long Root ID Priority 36864 Address 00 02 4b 29 7a 00 This switch is the root Hello Time 2 sec Max Age 20 sec Fo...

Page 377: ... 128 5 20000 DIS Console show spanning tree Spanning tree disabled BPDU filtering mode RSTP Default port cost method long Root ID Priority N A Address N A Path Cost N A Root Port N A Hello Time N A Max Age N A Forward Delay N A Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 e1 Enab...

Page 378: ... 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 e1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 e1 Enabled 128 1 20000 FWD Root No P2p RSTP 1 e2 Enabled 128 2 20000 FWD Desg No Shared STP 1 e4 Enabled 128 4 20000 BLK ALTN No Shar...

Page 379: ...Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 e4 Enabled 128 4 20000 BLK ALTN No Shared STP Console show spanning tree detail Spanning tree enabled mode RSTP Default port cost method long book book Page 379 Thursday December 18 ...

Page 380: ...e 20 forward delay 15 Port 1 1 e1 enabled State Forwarding Role Root Port id 128 1 Port cost 20000 Type P2p configured auto RSTP Port Fast No configured no Designated bridge Priority 32768 Address 00 01 42 97 e0 00 Designated port id 128 25 Designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Port 2 1 e2 enabled State Forwarding Role Designated Port id 128...

Page 381: ... sent N A received N A Port 4 1 e4 enabled State Blocking Role Alternate Port id 128 4 Port cost 20000 Type Shared configured auto STP Port Fast No configured no Designated bridge Priority 28672 Address 00 30 94 41 62 c8 Designated port id 128 25 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Port 5 1 e5 enabled State Disabled Role N A Port id 12...

Page 382: ...nated bridge Priority 32768 Address 00 01 42 97 e0 00 Designated port id 128 25 Designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Console show spanning tree mst configuration Name Region1 Revision 1 Instance Vlans mapped State 0 1 9 21 4094 Enabled 1 10 20 Enabled Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long M...

Page 383: ...Max Age 20 sec Forward Delay 15 sec Max hops 20 Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 e1 Enabled 128 1 20000 FWD Root No P2p Bound RSTP 1 e2 Enabled 128 2 20000 FWD Desg No Shared Bound STP 1 e3 Enabled 128 3 20000 FWD Desg No P2p 1 e4 Enabled 128 4 20000 FWD Desg No P2p MST 1 Vlans Mapped 10 20 CST Root ID Priority 24576 Address 00 02 4b 29 89 76 Path Cost 20000 Root Port 4...

Page 384: ...nabled 128 4 20000 FWD Desg No P2p Console show spanning tree detail Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 21 4094 CST Root ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 e1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID Priority 32768 Address 00 02 4b 29 7a 0 0 This switch is the IST master Hello Time 2 ...

Page 385: ... 1 BPDU sent 2 received 120638 Port 2 1 e2 enabled State Forwarding Role Designated Port id 128 2 Port cost 20000 Type Shared configured auto Boundary STP Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Port 3 1 e3 enabled State Forwardin...

Page 386: ...ansitions to forwarding state 1 BPDU sent 2 received 170638 MST 1 Vlans Mapped 10 20 Root ID Priority 24576 Address 00 02 4b 29 89 76 Path Cost 20000 Port Cost 4 1 e4 Rem hops 19 Bridge ID Priority 32768 Address 00 02 4b 29 7a 00 Number of topology changes 2 last change occurred 1d9h ago Times hold 1 topology change 2 notification 2 hello 2 max age 20 forward delay 15 Port 1 1 e1 enabled State For...

Page 387: ...ns to forwarding state 1 BPDU sent 2 received 170638 Port 3 1 e3 disabled State Blocking Role Alternate Port id 128 3 Port cost 20000 Type Shared configured auto Internal Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 1a 19 Designated port id 128 78 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Port 4 1 e4 enable...

Page 388: ... CST Root ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 e1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID Priority 32768 Address 00 02 4b 19 7a 0 0 Path Cost 10000 Rem hops 19 Bridge ID Priority 32768 Address 00 02 4b 29 7a 0 0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Console show spanning tree book book Page 388 Thursday Dece...

Page 389: ...guard on the interface Syntax spanning tree guard root no spanning tree guard root Default Configuration Root guard is disabled Command Mode Interface configuration Ethernet port channel Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 21 4094 CST Root ID Priority 32768 Address 00 01 42 97 e0 00 This switch is root for CST and IST master Root Port 1 1 e1 Hello T...

Page 390: ...rd is enabled if spanning tree calculations cause a port to be selected as the root port the port transitions to the alternate state Example The following example enable root guard on port e8 Console config interface ethernet 1 e8 Console config if spanning tree guard root book book Page 390 Thursday December 18 2008 7 40 PM ...

Page 391: ...Configuration The default port number is 22 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the port to be used by the SSH server as 8080 ip ssh server The ip ssh server Global Configuration mode command enables the device to be configured from a SSH server Use the no form of this command to disable this f...

Page 392: ...erates DSA key pairs Syntax crypto key generate dsa Default Configuration DSA key pairs do not exist Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs one public DSA key and one private DSA key If the device already has DSA keys a warning and prompt to replace the existing keys with new keys are displayed This command is not saved in the device configuration ho...

Page 393: ...is not saved in the device configuration however the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up on another device RSA keys are saved to the backup master This command may take a considerable period of time to execute Example The following example generates RSA key pairs ip ssh pubkey auth The ip ssh pubkey auth Global Con...

Page 394: ... pubkey chain ssh The crypto key pubkey chain ssh Global Configuration mode command enters the SSH Public Key chain Configuration mode The mode is used to manually specify other device public keys such as SSH client public keys Syntax crypto key pubkey chain ssh Default Configuration No keys are specified Command Mode Global Configuration mode User Guidelines There are no user guidelines for this ...

Page 395: ...ters rsa Indicates the RSA key pair dsa Indicates the DSA key pair Console config crypto key pubkey chain ssh Console config pubkey chain user key bob Console config pubkey key key string rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ ZNXfZSkvHG QusIZ 76ILmFT34v7u7ChFAE Vu4GRfpSwoQUvV35LqJJk67IOU zfwOl1g kTwml75QR9gHujS6KwGN2QWXgh3ub8gDjTSq muSn Wd05iDX2IExQWu08licglk02...

Page 396: ...nfiguration mode command manually specifies an SSH public key Syntax key string key string row key string row Indicates the SSH public key row by row key string Specifies the key in UU encoded DER format UU encoded DER format is the same format in the authorized_keys file used by OpenSSH Default Configuration No keys exist Command Mode SSH Public Key string Configuration mode Console config crypto...

Page 397: ...hain ssh Console config pubkey chain user key bob rsa Console config pubkey key key string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ ZNXfZSkvHG QusIZ 76ILmFT34v7u7ChFAE Vu4GRfpSwoQUvV35LqJJk67IOU zfwOl1g kTwml75QR9gHujS6KwGN2QWXgh3ub8gDjTSq muSn Wd05iDX2IExQWu08licglk02LYciz Z4TrEU 9FJxwPiVQOjc KBXuR0juNg5nFYsY 0ZCk0N W9a tnkm1shRE7Di71 w3fNiOA 6w9o44t6 AINEICBCCA4YcF6...

Page 398: ...ation The following table describes significant fields shown above Console show ip ssh SSH server enabled Port 22 RSA key was generated DSA DSS key was generated SSH Public Key Authentication is enabled Active incoming sessions IP address SSH username Version Cipher Auth Code 172 16 0 1 John Brown 2 0 3 DES HMAC SHA1 Field Description IP address Client address SSH username User name Version SSH ve...

Page 399: ...user guidelines for this command Example The following example displays the SSH public RSA keys on the device Console show crypto key mypubkey rsa RSA key data 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 64CAB820 847EDAD9 DF0B4E4C 73A05DD2 BD62A8A9 FA603DD2 E2A8A6F8 98F76E28 D58AD221 B583D7A4 71020301 87685768 Fingerprint Hex 77 C7 19...

Page 400: ...ration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays SSH public keys stored on the device Console show crypto key pubkey chain ssh Username Fingerprint bob 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 john 98 F7 6E 28 F2 79 87 C8 18 F8 88 CC F8 89 87 C8 Console show crypto key pubkey chain ssh username bob...

Page 401: ...tion of logging messages at various destinations such as the logging buffer logging file or syslog server Logging on and off at these destinations can be individually configured using the logging buffered logging file and logging Global Configuration mode commands However if the logging on command is disabled no messages are sent to these destinations Only the console receives messages Example The...

Page 402: ...g facility Specifies the facility that is indicated in the message Possible values local0 local1 local2 local3 local4 local5 local 6 local7 text Syslog server description Range 1 64 characters Default Configuration The default port number is 514 The default logging message level is informational The default facility is local7 Command Mode Global Configuration mode User Guidelines Up to 8 syslog se...

Page 403: ...e level Specifies the severity level of logged messages displayed on the console Possible values emergencies alerts critical errors warnings notifications informational debugging Default Configuration The default severity level is informational Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example limits logging messages ...

Page 404: ...es All the syslog messages are logged to the internal buffer This command limits the messages displayed to the user Example The following example limits syslog messages displayed from an internal buffer based on severity level debugging logging buffered size The logging buffered size Global Configuration mode command changes the number of syslog messages stored in the internal buffer Use the no fo...

Page 405: ...XEC mode command clears messages from the internal logging buffer Syntax clear logging Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example clears messages from the internal logging buffer Console config logging buffered size 300 Console clear logging Clear loggi...

Page 406: ...onfiguration The default severity level is errors Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example limits syslog messages sent to the logging file based on severity level alerts clear logging file The clear logging file Privileged EXEC mode command clears messages from the logging file Syntax clear logging file Defau...

Page 407: ...t Configuration Logging AAA login events is enabled Command Mode Global Configuration mode User Guidelines Other types of AAA events are not subject to this command Example The following example enables logging messages related to AAA login events file system logging The file system logging Global Configuration mode command enables logging file system events in the syslog Use the no form of this c...

Page 408: ... related to file copy operations management logging The management logging global configuration command enables logging management access list ACL events in the syslog Use the no form of this command to disable logging management access list events Syntax management logging deny no management logging deny deny Indicates logging messages related to deny actions of management ACLs Default Configurat...

Page 409: ...is command Example The following example displays the state of logging and the syslog messages stored in the internal buffer Console config management logging deny Console show logging Logging is enabled Console logging level debugging Console Messages 0 Dropped severity Buffer logging level debugging Buffer Messages 11 Logged 200 Max File logging level notifications File Messages 0 Dropped severi...

Page 410: ...Aug 2002 15 41 43 LINK 3 UPDOWN Interface Ethernet1 3 changed state to up 11 Aug 2002 15 41 43 SYS 5 CONFIG_I Configured from memory by console 11 Aug 2002 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet0 e0 changed state to up 11 Aug 2002 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet1 e0 changed state to down 11 Aug 2002 15 41 39 LINEPROTO 5 UPDOWN Line proto...

Page 411: ...g state and the syslog messages stored in the logging file Console show logging file Logging is enabled Console logging level debugging Console Messages 0 Dropped severity Buffer logging level debugging Buffer Messages 11 Logged 200 Max File logging level notifications File Messages 0 Dropped severity Syslog server 192 180 2 27 logging errors Messages 6 Dropped severity Syslog server 192 180 2 28 ...

Page 412: ...thernet1 2 changed state to up 11 Aug 2002 15 41 43 LINK 3 UPDOWN Interface Ethernet1 3 changed state to up 11 Aug 2002 15 41 43 SYS 5 CONFIG_I Configured from memory by console 11 Aug 2002 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet0 e0 changed state to up 11 Aug 2002 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet1 e0 changed state to down 11 Aug 2002 15 4...

Page 413: ...re are no user guidelines for this command Example The following example displays the settings of the syslog servers Console show syslog servers Device Configuration IP address Port Severity Facility Description 192 180 2 275 14 Informational local7 7 192 180 2 285 14 Warning local7 7 book book Page 413 Thursday December 18 2008 7 40 PM ...

Page 414: ...414 Syslog Commands book book Page 414 Thursday December 18 2008 7 40 PM ...

Page 415: ... the outgoing interface name must be specified Refer to the usage guidelines for the interface name syntax hostname Host name to ping Range 1 158 characters packet_size Number of bytes in a packet The actual packet size is eight bytes larger than the specified size specified because the device adds header information Range 56 1472 bytes packet_count Number of packets to send If 0 is entered it pin...

Page 416: ...ctivity of a directly attached host using its link local address the egress interface may be specified in the IPv6Z format If the egress interface is not specified the default interface is selected Specifying interface zone 0 is the same as not defining an egress interface When using the ping ipv6 command with a multicast address the information displayed is taken from all received echo responses ...

Page 417: ...e guidelines for the interface name syntax hostname Host name of the destination host Range 1 158 characters packet_size Number of bytes in a packet Range 40 1500 max ttl The largest TTL value that can be used The traceroute command terminates when the destination is reached or when this value is reached Range 1 255 packet_count The number of probes to be sent at each TTL level Range 1 10 time_out...

Page 418: ...probe datagrams with a TTL value of one This causes the first router to discard the probe datagram and send back an error message The traceroute command sends several probes at each TTL level and displays the round trip time for each The traceroute command sends out one probe at a time Each outgoing packet may result in one or two error messages A time exceeded error message indicates that an inte...

Page 419: ... 198 32 249 162 1 msec 1 msec 1 msec 5 kscyng snvang abilene ucaid edu 198 32 8 103 33 msec 35 msec 35 msec 6 iplsng kscyng abilene ucaid edu 198 32 8 80 47 msec 45 msec 45 msec 7 so 0 2 0x1 aa1 mich net 192 122 183 9 56 msec 53 msec 54 msec 8 atm1 0x24 michnet8 mich net 198 108 23 82 56 msec 56 msec 57 msec 9 10 A ARB3 LSA NG c SEB umnet umich edu 141 211 5 22 58 msec 58 msec 58 msec 11 umaxp1 ph...

Page 420: ...ult port is the Telnet port decimal23 on the host Command Mode User EXEC mode User Guidelines Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating system specific functions To enter a Telnet sequence press the escape sequence keys Ctrl shift 6 followed by a Telnet command character Field Description The probe time...

Page 421: ... 6 b Break Ctrl shift 6 c Interrupt Process IP Ctrl shift 6 h Erase Character EC Ctrl shift 6 o Abort Output AO Ctrl shift 6 t Are You There AYT Ctrl shift 6 u Erase Line EL Console Ctrl shift 6 Special telnet escape help B sends telnet BREAK C sends telnet IP H sends telnet EC O sends telnet AO T sends telnet AYT U sends telnet EL Options Description echo Enables local echo quiet Prevents onscree...

Page 422: ...70 hostname NIC hostname server 101 ident Ident Protocol 113 irc Internet Relay Chat 194 klogin Kerberos login 543 kshell Kerberos shell 544 login Login 513 lpd Printer service 515 nntp Network News Transport Protocol 119 pim auto rp PIM Auto RP 496 pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 110 smtp Simple Mail Transport Protocol 25 sunrpc Sun Remote Procedure Call 111 syslog S...

Page 423: ...ession Syntax resume connection connection The connection number Range 1 4 connections Default Configuration The default connection number is that of the most recent connection Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Examples The following command switches to open Telnet session number 1 reload The reload Privileged EXEC mode command reloads the op...

Page 424: ...host name To remove the existing host name use the no form of the command Syntax hostname name no hostname name The host name of the device Range 1 158 characters Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Console reload This command will reset the whole system and disconnect y...

Page 425: ...nabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example allows the software to measure CPU utilization stack master The stack master Global Configuration mode command enables forcing the selection of a stack master Use the no form of this command to return to the default configuration Syntax stack master unit unit no...

Page 426: ...ection criteria continue as follows The unit with the longer up time is elected master Units are considered to have the same up time if they were powered up within ten minutes of each other If both forced master units have the same up time Unit 1 is elected Example The following example selects Unit 2 as the stack master stack reload The stack reload Privileged EXEC mode command reloads stack memb...

Page 427: ...s command Example The following example displays stack status Console config stack reload unit 2 Console show stack Unit MAC Address Software Master Uplink Downlink Status 1 00 33 97 02 16 00 1 0 0 7 Forced 8 2 Master 2 00 33 97 02 21 00 1 0 0 7 Enabled 1 3 backup 3 00 33 97 02 12 00 1 0 0 7 Disabled 2 4 Slave 4 00 33 97 02 18 00 1 0 0 6 Disabled 3 5 Slave 5 00 33 97 02 14 00 1 0 0 7 Disabled 4 6 ...

Page 428: ...sers Syntax show users Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Topology is Ring Unit Unit Id After Reset 1 1 2 2 3 3 4 4 5 5 6 6 7 7 8 8 console book book Page 428 Thursday December 18 2008 7 40 PM ...

Page 429: ...or this command Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Examples The following example lists open Telnet sessions Console show users Username Protocol Location Bob Serial John SSH 172 16 0 1 Robert HTTP 172 16 0 8 Betty Telnet 172 16 1 7 Console show sessions Connection Host Address Port Byte 1 Remote device 172 16 1 1 23 89 2 172 16 1 2 172 16 1 2...

Page 430: ...s There are no user guidelines for this command Example The following example displays the system information Field Description Connection Connection number Host Remote host to which the device is connected through a Telnet session Address IP address of the remote host Port Telnet TCP port number Byte Number of unread bytes for the user to see on the connection Console show system Unit Type 1 Powe...

Page 431: ...the unit Range 1 6 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command 6 PowerConnect 3524 7 PowerConnect 3524 8 PowerConnect 3524 Unit Main Power Supply Redundant Power Supply 1 ok 2 ok 3 ok 4 ok 5 ok 6 ok 7 ok 8 ok book book Page 431 Thursday December 18 2008 7 40 PM ...

Page 432: ...ber of the unit Range 1 8 tag Specifies the asset tag of the device Range 1 16 characters Default Configuration No asset tag is defined The default unit number is that of the master unit Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Console show version SW version 1 0 0 0 date 23 Jul 2004 time 17 34 19 Boot version 1 0 0 0 date 11 Jan 2004 tim...

Page 433: ...n This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays system service and asset tag information Console config asset tag 1qwepot Console show system id Service Tag 89788978 Serial number 8936589782 Asset tag 7843678957 Unit Service tag Serial number Asset tag 1 89788978 893659782 7...

Page 434: ...nd has no default configuration Command Mode Privileged EXEC mode User Guidelines Use the service cpu utilization Global Configuration mode command to enable measuring CPU utilization Example The following example displays CPU utilization Console show cpu utilization CPU utilization service is on CPU utilization five seconds 5 one minute 3 five minutes 3 book book Page 434 Thursday December 18 200...

Page 435: ...port number Specifies a server port number Range 0 65535 timeout Specifies the timeout value in seconds Range 1 30 key string Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the encryption key used on the TACACS daemon To specify an empty string enter Range 0 128 characters source Specifies the source IP add...

Page 436: ...sable the key Syntax tacacs server key key string no tacacs server key key string Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the encryption key used on the TACACS daemon Range 0 128 characters Default Configuration Empty string Command Mode Global Configuration mode User Guidelines There are no user gui...

Page 437: ...Guidelines There are no user guidelines for this command Examples The following example sets the timeout value to 30 tacacs server source ip The tacacs server source ip Global Configuration mode command configures the source IP address to be used for communication with TACACS servers Use the no form of this command to return to the default configuration Syntax tacacs server source ip source no tac...

Page 438: ...C mode command displays configuration and statistical information about a TACACS server Syntax show tacacs ip address ip address Host name or IP address of the host Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console config tacacs server source ip 172 16 8 1 book book Page 438 Thursd...

Page 439: ...ation about a TACACS server Console show tacacs Device Configuration IP address Status Port Single Connection TimeOut Source IP Priority 172 16 1 1 Connected 49 No Global Global 1 Global values TimeOut 3 Device Configuration Source IP 172 16 8 1 book book Page 439 Thursday December 18 2008 7 40 PM ...

Page 440: ...440 TACACS Commands book book Page 440 Thursday December 18 2008 7 40 PM ...

Page 441: ...tion mode User Guidelines Relevant to local user passwords line passwords and enable passwords The software checks the password length when an unencrypted password is defined or a user enters an unencrypted password when logging in NOTE The length of encrypted passwords is only checked when the user logs in Similarly the length of passwords that were defined before the minimum password length requ...

Page 442: ...lines The aging time is calculated from the day the password is defined not from the day the aging is defined After a password expires a user can login for another 3 times 10 days before expiration a syslog message is generated Example The following example configures 5 days as the aging time of line passwords passwords aging The passwords aging Global Configuration mode command configures the agi...

Page 443: ...t from the day the aging was defined After a password expires a user can login for another 3 times 10 days before expiration a syslog message is generated Example The following example configures configures 40 days as the aging time of global passwords passwords history The passwords history Global Configuration mode command sets the number of required password changes before a password in the loc...

Page 444: ... to enable the user to modify privilege level or aging without having to change passwords Example The following example configures the required number of password changes before a password can be reused to 3 passwords history hold time The passwords history hold time Global Configuration mode command configures the number of days a password is relevant for tracking its password history Use the no ...

Page 445: ...failed login attempts before a user account is locked Use the no form of this command to remove this condition Syntax passwords lockout number no passwords lockout number Number of failed login attempts before the user account is locked Range 1 5 Default Configuration No locked user account due to failed login attempts Command Mode Global Configuration mode User Guidelines Relevant to local user p...

Page 446: ...e device Example The following example enables writing to the login history file set username active The set username active Privileged EXEC mode command reactivates a locked user account Syntax set username name active name Name of the user Range 1 20 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines A locked user account ...

Page 447: ...mand has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example reactivates the line for a virtual terminal for remote console access set enable password active The set enable password active Privileged EXEC mode command reactivates a locked enable password Syntax set enable password level active level ...

Page 448: ...sword management Syntax show passwords configuration Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information about password management in the local database Console set enable password 15 active Console show passwords configuration Minimal lengt...

Page 449: ...y hold time Period of time that a password is relevant for tracking password history Lockout control Control locking a user account after a series of authentication failures Enable passwords Describes the configuration and status of a local password with a specific level Aging Password expiration time in days Expiry date Expiration date of a password Lockout If lockout control is enabled specifies...

Page 450: ...Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the login history of users Console show users login history Login Time Username Protocol Location Jan 18 2004 23 58 17 Robert HTTP 172 16 1 8 Jan 19 2004 07 59 23 Robert HTTP 172 16 0 8 Jan 19 2004 08 23 48 Bob Serial Jan 19 2004 08 29 29 Robert HTTP 172 16 0 8 Jan 19 2004 08 4...

Page 451: ... following table describes significant fields shown above Console show users accounts Username Privilege Password Aging Password Expiry date Lockout Bob 1 120 Jan 21 2005 Admin 15 120 Jan 21 2005 Field Description Username Name of the user Privilege User s privilege level Password Aging User s password expiration time in days Password Expiry Date Expiration date of the user s password Lockout If l...

Page 452: ...452 TIC Commands book book Page 452 Thursday December 18 2008 7 40 PM ...

Page 453: ...n mode User Guidelines There are no user guidelines for this command Example The following example enters tunnel interface configuration mode to configure tunnel 1 tunnel mode ipv6ip The tunnel mode ipv6ip Interface Tunnel Configuration mode command configures an IPv6 transition mechanism global support mode Use the no form of this command to remove the IPv6 transition mechanism Console config int...

Page 454: ...or example ISATAP Native IPv6 Example The following example configures an IPv6 transition mechanism global support mode tunnel isatap router The tunnel isatap router Interface Tunnel Configuration mode command configures a global string that represents a specific automatic tunnel router domain name Use the no form of this command to remove the string associated with the router domain name and retu...

Page 455: ...o tunnel source auto The system minimum IPv4 address is used as the source address for packets sent on the tunnel interface If the IPv4 address is changed then the local address of the tunnel interface is also changed ip4 address Pv4 address to use as the source address for packets sent on the tunnel interface The tunnel interface local address is not changed when the IPv4 address is moved to anot...

Page 456: ...this command to return to default Syntax tunnel isatap query interval seconds no tunnel isatap query interval seconds Specify the number of seconds between DNS Queries Range 10 3600 Default Configuration 10 seconds Command Mode Global Configuration mode User Guidelines This command determines the interval of DNS queries before the IP address of the ISATAP router is known When the IP address is kno...

Page 457: ...TAP router solicitations messages Range 10 3600 Default Configuration 10 seconds Command Mode Global Configuration mode User Guidelines This command determines the interval of Router Solicitation messages when there is no active ISATAP router When there is an active ISATAP router the robustness level that is set by the tunnel isatap robustness global configuration command determines the refresh ra...

Page 458: ...P address of the ISATAP router is known is the TTL that is received from the DNS divided by Robustness 1 The router solicitation interval when there is an active ISATAP router is the minimum router lifetime that is received from the ISATAP router divided by Robustness 1 Example The following example configures the number of DNS Query Router Solicitation refresh messages that the device sends to 6 ...

Page 459: ...le displays information on the ISATAP tunnel Console show ipv6 tunnel Router DNS name ISATAP Router IPv4 address 172 16 1 1 DNS Query interval 10 seconds Min DNS Query interval 0 seconds Router Solicitation interval 10 seconds Min Router Solicitation interval 0 seconds Robustness 3 book book Page 459 Thursday December 18 2008 7 40 PM ...

Page 460: ...460 Tunnel book book Page 460 Thursday December 18 2008 7 40 PM ...

Page 461: ... privilege level is 15 Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example enters Privileged EXEC mode disable The disable Privileged EXEC mode command returns to the User EXEC mode Syntax disable privilege level privilege level Privilege level to enter the system Range 1 15 Console enable enter password Console book book Page 461...

Page 462: ...e login User EXEC mode command changes a login username Syntax login Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example enters Privileged EXEC mode and logs in with username admin Console disable Console Console login User Name admin Password Console book book Page 4...

Page 463: ...elines for this command Example The following example enters Global Configuration mode exit Configuration The exit command exits any configuration mode to the next highest mode in the CLI mode hierarchy Syntax exit Default Configuration This command has no default configuration Command Mode All configuration modes User Guidelines There are no user guidelines for this command Console configure Cons...

Page 464: ...nd has no default configuration Command Mode Privileged and User EXEC modes User Guidelines There are no user guidelines for this command Example The following example closes an active terminal session end The end command ends the current configuration session and returns to the Privileged EXEC mode Syntax end Default Configuration This command has no default configuration Console config if exit C...

Page 465: ...bal Configuration mode to Privileged EXEC mode help The help command displays a brief description of the help system Syntax help Default Configuration This command has no default configuration Command Mode All command modes User Guidelines There are no user guidelines for this command Console config end Console book book Page 465 Thursday December 18 2008 7 40 PM ...

Page 466: ...mediately after entering the show command This command is relevant only for the current session Console help Help may be requested at any point in a command by entering a question mark If nothing matches the currently entered incomplete command the help list is empty This indicates that for a query at this point there is no command matching the current input If the request is within a command ente...

Page 467: ...ted commands Commands are listed from the first to the most recent command The buffer remains unchanged when entering into and returning from configuration modes Example The following example displays all the commands entered while in the current Privileged EXEC mode Console terminal datadump Console show version SW version 3 131 date 23 Jul 2004 time 17 34 19 HW version 1 0 0 Console show clock 1...

Page 468: ...iguration This command has no default configuration Command Mode Privileged and User EXEC modes User Guidelines There are no user guidelines for this command Example The following example displays the current privilege level for the Privileged EXEC mode Console show privilege Current privilege level is 15 book book Page 468 Thursday December 18 2008 7 40 PM ...

Page 469: ...r guidelines for this command Example The following example enters the VLAN database mode vlan The vlan VLAN Configuration mode command creates a VLAN Use the no form of this command to delete a VLAN Syntax vlan vlan range no vlan vlan range vlan range Specifies a list of VLAN IDs to be added Separate non consecutive VLAN IDs with a comma and no spaces a hyphen designates a range of IDs Console co...

Page 470: ...rs the Interface Configuration VLAN mode Syntax interface vlan vlan id vlan id Specifies an existing VLAN ID Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enters Interface Configuration mode for VLAN 1 Console config vlan database Console config vlan ...

Page 471: ...ace in the range If the command returns an error on one of the interfaces an error message is displayed and execution of the command continues on the other interfaces The following commands are not supported with the interface range vlan command switchport access vlan private vlan community private vlan isolated and switchport protected Example The following example groups VLANs 221 228 and 889 to...

Page 472: ...rm of this command to return to the default configuration Syntax switchport access vlan vlan id dynamic no switchport access vlan vlan id Specifies the ID of the VLAN to which the port is configured dynamic Indicates that the port is assigned to a VLAN based on the source MAC address of the host connected to the port Default Configuration All ports belong to VLAN 1 Command Mode Interface configura...

Page 473: ... A hyphen designates a range of IDs Default Configuration This command has no default configuration Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example adds VLANs 1 2 5 to 6 to the allowed list of Ethernet port 1 e16 switchport trunk native vlan The switchport trunk native vlan Interface Configu...

Page 474: ...face Configuration mode command adds or removes VLANs from a general port Syntax switchport general allowed vlan add vlan list tagged untagged switchport general allowed vlan remove vlan list add vlan list Specifies the list of VLAN IDs to be added Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan list Specifies the list of VLAN IDs to be r...

Page 475: ... switchport general pvid Interface Configuration mode command configures the PVID when the interface is in general mode Use the no form of this command to return to the default configuration Syntax switchport general pvid vlan id no switchport general pvid vlan id Specifies the PVID Port VLAN ID Default Configuration If the default VLAN is enabled PVID 1 Otherwise PVID 4095 Command Mode Interface ...

Page 476: ...annel mode User Guidelines There are no user guidelines for this command Example The following example disables port ingress filtering on Ethernet port 1 e16 switchport general acceptable frame type tagged only The switchport general acceptable frame type tagged only Interface Configuration mode command discards untagged frames at ingress Use the no form of this command to return to the default co...

Page 477: ...lan add vlan list remove vlan list add vlan list Specifies the list of VLAN IDs to be added Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan list Specifies the list of VLAN IDs to be removed Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs Default Configuration All VLANs are allowed Command Mo...

Page 478: ...rt VLAN interface customer The port is connected to customer equipment Used when the switch is in a provider network Default Configuration Access mode Command Mode Interface configuration Ethernet port channel mode User Guidelines There are no user Guidelines for this command Example The following example configures the VLAN membership mode of a port Use the no form of this command to reset the mo...

Page 479: ...ort s VLAN when the interface is in customer mode switchport protected The switchport protected Interface Configuration mode command overrides the FDB Forwarding Database decision and sends all the Unicast Multicast and Broadcast traffic to an uplink port Use the no form of this command to disable overriding the FDB decision Syntax switchport protected ethernet port port channel port channel numbe...

Page 480: ... form of this command to delete a protocol from a group Syntax map protocol protocol encapsulation protocols group group no map protocol protocol encapsulation protocol The protocol is a 16 or 40 bits protocol number or one of the following names ip ipx or arp The protocol number is in Hex format Range 0600 FFFF encapsulation One of the following values ethernet or protocols group If no option is ...

Page 481: ...defined in the map protocol protocols group command Range 1 2147483647 vlan id Define the VLAN ID in the classifying rule Default Configuration This command has no default configuration Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example sets a protocol based classification rule of protocol grou...

Page 482: ... channel This command enables the user to configure the internal usage VLAN of a port If an internal usage VLAN is not configured and the user configures an IP interface an unused VLAN is selected by the software If the software selected a VLAN for internal use and the user uses that VLAN as a static or dynamic VLAN the user should do one of the following Remove the IP interface Create the VLAN an...

Page 483: ...e list vlan id Specifies the VLAN ID Default Configuration No MAC address entry in the database Command Mode VLAN Configuration mode User Guidelines The associated VLAN cannot be the default VLAN Up to 256 MAC addresses can be mapped to a VLAN A MAC can be mapped to only one VLAN If the same MAC is mapped to more than one VLAN it is effectively mapped only according to the last mapping Example Thi...

Page 484: ...as no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the MAC to VLAN database show vlan The show vlan Privileged EXEC mode command displays VLAN information Syntax show vlan id vlan id name vlan name vlan id specifies a VLAN ID vlan name Specifies a VLAN name string Range 1 32 characters C...

Page 485: ... protocols groups information Syntax show vlan protocols groups Default Configuration This command has no default configuration Console show vlan VLAN Name Ports Type Authorization 1 default 1 e1 e2 2 e1 e4 other Required 10 VLAN0010 1 e3 e4 dynamic Required 11 VLAN0011 1 e1 e2 static Required 20 VLAN0020 1 e3 e4 static Required 21 VLAN0021 static Required 30 VLAN0030 static Required 31 VLAN0031 s...

Page 486: ...ys a list of VLANs used internally by the device Syntax show vlan internal usage Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show vlan protocols groups Encapsulation Protocol Group Id ethernet 08 00 213 ethernet 08 06 213 ethernet 81 37 312 ethernet 81 38 312 rfc1042 08 00 21...

Page 487: ...ort channel port channel number interface A valid Ethernet port number port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show vlan internal usage VLAN Usage IP address Reserved 1007 Eth 1 e21 Active No 1008 Eth 1 e22 Inactive Yes 1009...

Page 488: ...ault Ingress Filtering Enabled Acceptable Frame Type All GVRP status Enabled Protected Enabled Uplink is 1 e9 Port is member in Vlan Name Egress rule Type 1 default untagged System 8 VLAN008 tagged Dynamic 11 VLAN011 tagged Static 19 IPv6 VLAN untagged Static 72 VLAN0072 untagged Static Static configuration PVID 1 default Ingress Filtering Enabled Acceptable Frame Type All book book Page 488 Thurs...

Page 489: ...nsole show interface switchport ethernet 1 e2 Port 1 e2 VLAN Membership mode General Operating parameters PVID 4095 discard vlan Ingress Filtering Enabled Acceptable Frame Type All Port is member in Vlan Name Egress rule Type 91 IP Telephony tagged Static Static configuration PVID 8 Ingress Filtering Disabled Acceptable Frame Type All book book Page 489 Thursday December 18 2008 7 40 PM ...

Page 490: ... 2 e19 VLAN Membership mode Private VLAN Community Primary VLAN 2921 Community VLAN 2922 Console show interfaces switchport ethernet 2 e19 Port 2 e19 VLAN Membership mode Private VLAN Community Operating parameters PVID 2922 Ingress Filtering Enabled Acceptable Frame Type Untagged GVRP status Disabled book book Page 490 Thursday December 18 2008 7 40 PM ...

Page 491: ...e Egress rule Type 2921 Primary A untagged Static 2922 Community A1 untagged Static Static configuration PVID 2922 Ingress Filtering Enabled Acceptable Frame Type Untagged GVRP status Disabled book book Page 491 Thursday December 18 2008 7 40 PM ...

Page 492: ...492 VLAN Commands book book Page 492 Thursday December 18 2008 7 40 PM ...

Page 493: ...Voice VLAN feature is only active if the specified VLAN is already created If the Voice VLAN feature is not active all the voice VLAN parameters are kept as shadow parameters Example The following example configures the voice VLAN voice vlan oui table The voice vlan oui table Global Configuration mode command configures the voice OUI table Use the no form of this command to return to default Synta...

Page 494: ...There are no user guidelines for this command Example The following example configures the voice OUI table OUI Description 00 E0 BB 3COM 00 03 6B Cisco 00 E0 75 Veritel 00 D0 1E Pingtel 00 01 E3 Simens 00 60 B9 NEC Philips 00 0F E2 Huawei 3COM console config voice vlan oui table remo 00 e0 bb console config exit console show voice vlan Aging timeout 1440 minutes OUI table book book Page 494 Thursd...

Page 495: ...lobal Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures voice vlan cos MAC Address Prefix Description 00 01 e3 Siemens_AG_phone________ 00 03 6b Cisco_phone_____________ 00 09 6e Avaya___________________ 00 0f e2 H3C_Aolynk______________ 00 60 b9 Philips_and_NEC_AG_phone 00 d0 1e Pingtel_phone___________ 00 e0 75 Polycom Verit...

Page 496: ...ration mode User Guidelines Aging starts after bridging aging is expired Example The following example configures vlan aging timeout voice vlan enable The voice vlan enable Interface Configuration mode command enables automatic voice VLAN configuration for a port Use the no form of this command to disable automatic voice VLAN configuration Syntax voice vlan enable no voice vlan enable Default Conf...

Page 497: ...ce vlan secure The voice vlan secure Interface Configuration mode command configures the secure mode for the voice VLAN Use the no form of this command to disable the secure mode Syntax voice vlan secure no voice vlan secure Default Configuration Not secured Command Mode Interface Configuration Ethernet port channel mode User Guidelines Use this command to specify that packets classified to the vo...

Page 498: ...net interface port channel number Port Channel interface Default Configuration Command Mode EXEC mode User Guidelines There are no user guidelines for this command OUI Description 0001e3 Siemens_AG_phone 00036b Cisco_phone 000fe2 H3C_Aolynk 0060b9 Philips_and_NEC_AG _phone 00d01e Pingtel_phone 00e075 Polycom Veritel_phone 00e0bb 3Com_phone book book Page 498 Thursday December 18 2008 7 40 PM ...

Page 499: ... Description 00 E0 BB 3COM 00 03 6B Cisco 00 E0 75 Veritel 00 D0 1E Pingtel 00 01 E3 Simens 00 60 B9 NEC Philips 00 0F E2 Huawei 3COM Voice VLAN VLAN ID 8 CoS 6 Interface Enabled Secure Activated 1 e1 Yes Yes Yes 1 e2 Yes Yes No 1 e3 Yes Yes Yes 1 e4 Yes Yes Yes 1 e5 No No 1 e6 No No 1 e7 No No 1 e8 No No 1 e9 No No book book Page 499 Thursday December 18 2008 7 40 PM ...

Page 500: ...500 Voice VLAN book book Page 500 Thursday December 18 2008 7 40 PM ...

Page 501: ...elines Only a user with access level 15 can use the Web server Example The following example enables configuring the device from a browser ip http port The ip http port Global Configuration mode command specifies the TCP port to be used by the Web browser interface Use the no form of this command to return to the default configuration Syntax ip http port port number no ip http port port number Por...

Page 502: ...ng off Use the no form of this command to return to default Syntax ip http exec timeout minutes seconds no ip http exec timeout Parameters minutes Integer that specifies the number of minutes Range 0 65535 seconds Additional time intervals in seconds Range 0 59 Default Configuration The default configuration is 10 minutes Command Mode Global Configuration mode User Guidelines This command also con...

Page 503: ...e User Guidelines Use the ip https exec timeout Global Configuration mode command to generate an HTTPS certificate Example The following example enables configuring the device from a secured browser ip https port The ip https port Global Configuration mode command specifies the TCP port used by the server to configure the device through the Web browser Use the no form of this command to return to ...

Page 504: ...his command to return to default Syntax ip https exec timeout minutes seconds no ip https exec timeout Parameters minutes Integer that specifies the number of minutes Range 0 65535 seconds Additional time intervals in seconds Range 0 59 Default Configuration The default configuration is the exec timeout that was set by the ip http exec timeout command Command Mode Global Configuration mode User Gu...

Page 505: ...lly qualified URL or IP address of the device Range 1 64 or organization Specifies the organization name Range 1 64 ou organization unit Specifies the organization unit or department name Range 1 64 loc location Specifies the location or city name Range 1 64 st state Specifies the state or province name Range 1 64 cu country Specifies the country name Range 2 duration days Specifies number of days...

Page 506: ...o certificate request Privileged EXEC mode command generates and displays certificate requests for HTTPS Syntax crypto certificate number request cn common name ou organization unit or organization loc location st state cu country number Specifies the certificate number Range 1 2 cn common name Specifies the fully qualified URL or IP address of the device Range 1 64 ou organization unit Specifies ...

Page 507: ...s the self signed certificate Examples The following example generates and displays a certificate request for HTTPS Console crypto certificate 1 request BEGIN CERTIFICATE REQUEST MIwTCCASoCAQAwYjELMAkGA1UEBhMCUFAxCzAJBgNVBAgTAkNDMQswCQYDVQQH EwRDEMMAoGA1UEChMDZGxkMQwwCgYDVQQLEwNkbGQxCzAJBgNVBAMTAmxkMRAw DgKoZIhvcNAQkBFgFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ecwQ HdML0831i0fh F0MV Kib6Sz5p 3nUUe...

Page 508: ...r an external certificate signed by Certification Authority to the device To end the session enter an empty line The imported certificate must be based on a certificate request created by the crypto certificate request Privileged EXEC mode command If the public key found in the certificate does not match the device s SSL RSA key the command fails This command is not saved in the device configurati...

Page 509: ...m9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw CwR0PBAQDAgFGMA8GA1UdEwEB wQFMAMBAf8wHQYDVR0OBBYEFAf4MT9BRD47 ZvKBAEL9Ggp 6MIIBNgYDVR0fBIIBLTCCASkwgdKggc ggcyGgclsZGFwOi8v L0VByb3h5JTIwU29mdHdhcmUlMjBSb290JTIwQ2VydGlmaWVyLENOPXNlcnZl END CERTIFICATE Certificate import...

Page 510: ...icate mycertificate The show crypto certificate mycertificate Privileged EXEC mode command displays the SSH certificates of the device Syntax show crypto certificate mycertificate number number Specifies the certificate number Range 1 2 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Con...

Page 511: ...Ap4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw CwR0PBAQDAgFGMA8GA1UdEwEB wQFMAMBAf8wHQYDVR0OBBYEFAf4MT9BRD47 ZvKBAEL9Ggp 6MIIBNgYDVR0fBIIBLTCCASkwgdKggc ggcyGgclsZGFwOi8v L0VByb3h5JTIwU29mdHdhcmUlMjBSb290JTIwQ2VydGlmaWVyLENOPXNlcnZl END CERTIFICATE Issued by www verisign com Valid from Jan 1 02 44 50 2003 GMT Valid ...

Page 512: ...how ip https The show ip https Privileged EXEC mode command displays the HTTPS server configuration Syntax show ip https Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show ip http HTTP server enabled Port 80 book book Page 512 Thursday December 18 2008 7 40 PM ...

Page 513: ... Jan 1 02 44 50 2004 GMT Valid to Dec 31 02 44 50 2005 GMT Subject CN router gm com 0 General Motors C US Finger print DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Valid From Jan 1 02 44 50 2004 GMT Valid to Dec 31 02 44 50 2005 GMT Subject CN router gm com 0 General Motors C US Finger print 1873B936 88DC3411 BC8932EF 782134BA book book Page 513 Thursday December 18 2008 7 40 PM ...

Page 514: ...514 Web Server book book Page 514 Thursday December 18 2008 7 40 PM ...

Page 515: ...No authentication method is defined Command Mode Global Configuration mode User Guidelines Additional methods of authentication are used only if the previous method returns an error and not if the request for authentication is denied To ensure that authentication succeeds even if all methods return an error specify none as the final method in the command line The RADIUS server must support MD 5 ch...

Page 516: ...ol Default Configuration 802 1x is disabled globally Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example enables 802 1x globally dot1x port control The dot1x port control Interface Configuration mode command enables manually controlling the authorization state of the port Use the no form of this command to return to th...

Page 517: ...cate The device cannot provide authentication services to the client through the interface Default Configuration Port is in the force authorized state Command Mode Interface Configuration Ethernet mode User Guidelines It is recommended to disable Spanning Tree or to enable spanning tree PortFast mode on 802 1x edge ports ports in auto state that are connected to end stations in order to get immedi...

Page 518: ...er of seconds between re authentication attempts Use the no form of this command to return to the default configuration Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds Number of seconds between re authentication attempts Range 300 4294967295 Default Configuration Re authentication period is 3600 seconds Command Mode Interface Configuration Ethernet mode User Guide...

Page 519: ...ser guidelines for this command Examples The following command manually initiates a re authentication of 802 1X enabled Ethernet port 1 e16 dot1x timeout quiet period The dot1x timeout quiet period Interface Configuration mode command sets the number of seconds that the device remains in the quiet state following a failed authentication exchange for example the client provided an invalid password ...

Page 520: ...wing example sets the number of seconds that the device remains in the quiet state following a failed authentication exchange to 3600 dot1x timeout tx period The dot1x timeout tx period Interface Configuration mode command sets the number of seconds that the device waits for a response to an Extensible Authentication Protocol EAP request identity frame from the client before resending the request ...

Page 521: ...ty frame assuming that no response is received to the client before restarting the authentication process Use the no form of this command to return to the default configuration Syntax dot1x max req count no dot1x max req count Number of times that the device sends an EAP request identity frame before restarting the authentication process Range 1 10 Default Configuration The default number of times...

Page 522: ...efault timeout period is 30 seconds Command Mode Interface configuration Ethernet mode User Guidelines The default value of this command should be changed only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers Examples The following example sets the timeout period before retransmitting an EAP request frame t...

Page 523: ...sets the time for the retransmission of packets to the authentication server to 3600 seconds dot1x send async request id Use the dot1x send async request id interface configuration command to enable 802 1x switch to request asynchronously the responses from supplicants on port This request causes the stations which don t start 802 1x authentication automatically to start it in response to Switch m...

Page 524: ...ack 2 In addition it is recommended to increase dot1x timeout tx period to reduce the overhead during the processing of supplicant responses on switch Examples show dot1x The show dot1x Privileged EXEC mode command displays the 802 1X status of the device or specified interface Syntax show dot1x ethernet interface interface Valid Ethernet port Full syntax unit port Default Configuration This comma...

Page 525: ...a 3600 Clark 1 e4 Force auth Authorized Dis 3600 n a 1 e5 Force auth Unauthorized Dis 3600 n a Port is down or not present Console show dot1x ethernet 1 e3 802 1x is enabled Port Admin Mode Oper Mode Reauth Control Reauth Period Username 1 e3 Auto Unauthorized Ena 3600 Clark Quiet period 60 Seconds Tx period 30 Seconds Max req 2 Supplicant timeout 30 Seconds Server timeout 30 Seconds Session Time ...

Page 526: ...ast user that was authenticated successfully Quiet period The number of seconds that the device remains in the quiet state following a failed authentication exchange for example the client provided an invalid password Tx period The number of seconds that the device waits for a response to an Extensible Authentication Protocol EAP request identity frame from the client before resending the request ...

Page 527: ...nes for this command MAC address The supplicant MAC address Authentication Method The authentication method used to establish the session Termination Cause The reason for the session termination State The current value of the Authenticator PAE state machine and of the Backend state machine Authentication success The number of times the state machine received a Success message from the Authenticati...

Page 528: ...1x users Port Username Session Time Auth Method MAC Address 1 e1 Bob 1d 03 08 58 Remote 0008 3b79 8787 1 e2 John 08 19 17 None 0008 3b89 3127 Console show dot1x users username Bob Username Bob Port Username Session Time Auth Method MAC Address 1 e1 Bob 1d 03 08 58 Remote 0008 3b79 8787 Field Description Port The port number Username The username representing the identity of the Supplicant Session ...

Page 529: ...ecified interface Console show dot1x statistics ethernet 1 e1 EapolFramesRx 11 EapolFramesTx 12 EapolStartFramesRx 12 EapolLogoffFramesRx 1 EapolRespIdFramesRx 3 EapolRespFramesRx 6 EapolReqIdFramesTx 3 EapolReqFramesTx 6 InvalidEapolFramesRx 0 EapLengthErrorFramesRx 0 LastEapolFrameVersion 1 LastEapolFrameSource 00 08 78 32 98 78 book book Page 529 Thursday December 18 2008 7 40 PM ...

Page 530: ...RespIdFramesRx The number of EAP Resp Id frames that have been received by this Authenticator EapolRespFramesRx The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator EapolReqIdFramesTx The number of EAP Req Id frames that have been transmitted by this Authenticator EapolReqFramesTx The number of EAP Request frames other than Rq Id frames th...

Page 531: ...ere the authorization state of the port is set to auto Use the no form of this command to return to the default configuration Syntax dot1x multiple hosts no dot1x multiple hosts Default Configuration Multiple hosts are disabled Command Mode Interface Configuration Ethernet mode User Guidelines This command enables the attachment of multiple clients to a single 802 1X enabled port In this mode only...

Page 532: ... not the supplicant address discard shutdown Discards frames with source addresses that are not the supplicant address The port is also shut down trap Indicates that SNMP traps are sent seconds Specifies the minimum amount of time in seconds between consecutive traps Range 1 1000000 Default Configuration Frames with source addresses that are not the supplicant address are discarded No traps are se...

Page 533: ...t vlan enable Interface Configuration mode command to enable unauthorized users on an interface to access the guest VLAN If the guest VLAN is defined and enabled the port automatically joins the guest VLAN when the port is unauthorized and leaves it when the port becomes authorized Example The following example defines VLAN 2 as a guest VLAN Console Console configure Console config vlan database C...

Page 534: ...e The following example enables unauthorized users on Ethernet port 1 e1 to access the guest VLAN dot1x mac authentication The dot1x mac authentication Interface Configuration mode command enables authentication based on the station s MAC address Use the no form of this command to disable MAC authentication Syntax dot1x mac authentication mac only mac and 802 1x no dot1x mac authentication mac onl...

Page 535: ...tion s MAC address dot1x traps mac authentication failure The dot1x traps mac authentication failure Global Configuration mode command enables sending traps when a MAC address was failed in authentication of the 802 1X MAC authentication access control Use the no form of this command to disable the traps Syntax dot1x traps mac authentication failure no dot1x traps mac authentication failure Defaul...

Page 536: ...en the port is Forced Authorized RADIUS attributes are supported only in the multiple sessions mode multiple hosts with authentication When RADIUS attributes are enabled and the RADIUS Accept message does not contain as an attribute the supplicant s VLAN then the supplicant is rejected Packets to the supplicant are sent untagged After successful authentication the port remains member in the unauth...

Page 537: ... for this command Examples The following example displays 802 1X advanced features for the switch Console show dot1x advanced Guest VLAN 100 Guest VLAN timeout Unauthenticated VLANs Interfac e Multiple Hosts Guest VLAN MAC Authenticati on Assignmen t Async reqId g1 Authenticate Enabled Disabled Enabled True g2 Authenticate Disabled Disabled Disabled False g3 Authenticate Disabled Disabled Disabled...

Page 538: ...bled Disabled Disabled False g13 Authenticate Enabled Disabled Enabled False g14 Authenticate Disabled Disabled Disabled False g15 Authenticate Disabled Disabled Disabled False g16 Authenticate Disabled Disabled Disabled False g17 Authenticate Disabled Disabled g18 Authenticate Disabled Disabled g19 Authenticate Disabled Disabled g20 Authenticate Disabled Disabled g21 Authenticate Disabled Disable...

Search results

Summary of Contents for PowerConnect 3500 Series

Reviews:

Brands by name

Popular brands

Dell PowerConnect 3500 Series, Cli Reference Manual

Search results

Summary of Contents for PowerConnect 3500 Series

Reviews:

Brands by name

Popular brands