manualshive.com logo in svg

Dell PowerConnect 5424, Command Line Interface Manual

The Dell PowerConnect 5424 is a high-performance network switch designed for efficient data transfer. To help you get started, we offer a comprehensive "Getting Started Manual" that you can download for free from our website. This manual provides detailed instructions and insights to enhance your experience with this exceptional product.

Share
Download
background image

82

ACL Commands

cos 

— Specifies the packets’s Class of Service (CoS). (Range: 0 - 7)

cos-wildcard

 — Specifies wildcard bits to be applied to the CoS.

eth-type

 — Specifies the packet’s Ethernet type in hexadecimal format. (Range: 0 - 05dd-ffff)

inner-vlan

 

vlan id

 — Specifies the inner vlan id of a double tagged packet.

Default Configuration

No MAC Access List is defined. 

Command Mode

MAC-Access List Configuration mode.

User Guidelines

The MAC ACL Global Configuration command allows access to the IP-Access List Configuration 
mode.

Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE 
is added, an implied 

deny-any-any

 condition exists at the end of the list and those packets that do not 

match the conditions defined in the permit statement are denied.

Example

The following example shows how to create a MAC ACL with deny rules on a device.

service-acl

The 

service-acl 

Interface Configuration (Ethernet, port-channel) mode command applies an ACL to the 

input interface. Use the 

no

 form of this command to detach an ACL from an input interface. 

Syntax 

service-acl 

{

input

 

acl-name | acl-name

}

no

 

service-acl 

{

input

}

input

 — Applies the specified ACL to the input interface.

Default Configuration

This command has no default configuration.

Command Mode

Interface Configuration (Ethernet, port-channel) mode.

Console(config)# 

mac access-list

 macl1

Console (config-mac-acl)# 

deny

 6:6:6:6:6:6:0:0:0:0:0:0 

any

5400_CLI.book  Page 82  Wednesday, December 17, 2008  4:33 PM

Summary of Contents for PowerConnect 5424

Page 1: ...w w w d e l l c o m s u p p o r t d e l l c o m Dell PowerConnect 5400 Systems CLI Reference Guide 5400_CLI book Page 1 Wednesday December 17 2008 4 33 PM ...

Page 2: ...change without notice 2008 Dell Inc All rights reserved Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc is strictly forbidden Trademarks used in this text Dell the DELL logo PowerConnect are trademarks of Dell Inc Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their pr...

Page 3: ...Setup Wizard 30 Terminal Command Buffer 30 Negating the Effect of Commands 30 Command Completion 31 Keyboard Shortcuts 31 CLI Command Conventions 32 2 Command Groups 33 Introduction 33 Command Groups 33 ACL Commands 35 AAA Commands 35 Address Table Commands 36 Clock Commands 37 Configuration and Image Files Commands 38 DHCP Snooping Commands 39 Ethernet Configuration Commands 39 GVRP Commands 41 5...

Page 4: ...PHY Diagnostics Commands 47 Port Channel Commands 47 Port Monitor Commands 48 QoS Commands 48 RADIUS Commands 49 RMON Commands 49 SNMP Commands 50 Spanning Tree Commands 51 SSH Commands 53 Syslog Commands 53 System Management Commands 54 TACACS Commands 55 TIC Commands 55 Tunnel Commands 56 User Interface Commands 57 VLAN Commands 57 Voice VLAN Commands 59 5400_CLI book Page 4 Wednesday December 1...

Page 5: ...tion Mode 70 MA Management Access level Mode 70 PE Privileged User EXEC Mode 70 SP SSH Public Key Mode 72 UE User EXEC Mode 73 VC VLAN Configuration Mode 74 4 ACL Commands 75 ip access list 75 mac access list 75 permit ip 76 deny IP 78 permit MAC 80 deny MAC 81 service acl 82 show access lists 83 show interfaces access lists 84 5400_CLI book Page 5 Wednesday December 17 2008 4 33 PM ...

Page 6: ... users accounts 94 6 Address Table Commands 95 bridge address 95 bridge multicast filtering 96 bridge multicast address 97 bridge multicast forbidden address 98 bridge multicast unregistered 99 bridge multicast forward all 100 bridge multicast forbidden forward all 100 bridge aging time 101 clear bridge 102 port security 103 port security mode 103 port security max 104 port security routed secure ...

Page 7: ...security addresses 113 7 Login Banner 115 banner exec 115 banner login 116 banner motd 118 exec banner 119 login banner 120 motd banner 121 show banner 121 8 Clock 123 clock set 123 clock source 123 clock timezone 124 clock summer time 125 sntp authentication key 126 sntp authenticate 127 sntp trusted key 128 sntp client poll timer 129 sntp broadcast client enable 129 5400_CLI book Page 7 Wednesda...

Page 8: ...nfiguration 136 show sntp status 138 9 Configuration and Image Files 139 dir 139 more 140 rename 141 delete startup config 142 copy 143 delete 146 boot system 146 show running config 147 show startup config 148 show bootvar 150 10 Ethernet Configuration Commands 151 interface ethernet 151 interface range ethernet 151 shutdown 152 description 153 5400_CLI book Page 8 Wednesday December 17 2008 4 33...

Page 9: ...show interfaces description 167 show interfaces counters 168 show ports jumbo frame 172 port storm control include multicast 173 port storm control broadcast enable 173 port storm control broadcast rate 174 show ports storm control 175 show system flowcontrol 176 11 DHCP Snooping 179 ip dhcp snooping 179 ip dhcp snooping vlan 179 ip dhcp snooping trust 180 ip dhcp snooping information option allow...

Page 10: ...garp timer 188 gvrp vlan creation forbid 189 gvrp registration forbid 190 clear gvrp statistics 191 show gvrp configuration 191 show gvrp statistics 192 13 IGMP Snooping Commands 195 ip igmp snooping Global 195 ip igmp snooping Interface 195 ip igmp snooping mrouter 196 ip igmp snooping host time out 197 ip igmp snooping mrouter time out 197 ip igmp snooping leave time out 198 ip igmp snooping que...

Page 11: ... default gateway 207 show ip interface 208 arp 209 arp timeout 210 clear arp cache 210 show arp 211 ip domain lookup 212 ip domain name 213 ip name server 213 ip host 214 clear host 215 show hosts 215 15 IPv6 Addressing 217 ipv6 enable 217 ipv6 address autoconfig 218 ipv6 icmp error interval 218 show ipv6 icmp error interval 219 ipv6 address 220 5400_CLI book Page 11 Wednesday December 17 2008 4 3...

Page 12: ... ipv6 host 229 ipv6 neighbor 230 ipv6 set mtu 231 show ipv6 neighbors 232 clear ipv6 neighbors 234 16 iSCSI Commands 235 iscsi enable 235 iscsi target port 235 iscsi cos 237 iscsi aging time 237 iscsi max connections 238 show iscsi 239 show iscsi sessions 240 17 LACP Commands 243 lacp system priority 243 lacp port priority 243 lacp timeout 244 5400_CLI book Page 12 Wednesday December 17 2008 4 33 ...

Page 13: ...lldp enable global 253 lldp enable interface 253 lldp timer 254 lldp hold multiplier 255 lldp reinit delay 256 lldp tx delay 256 lldp optional tlv 257 lldp management address 258 lldp med enable 259 lldp med network policy global 259 lldp med network policy interface 260 lldp med location 261 clear lldp rx 262 show lldp configuration 262 show lldp local 263 5400_CLI book Page 13 Wednesday December...

Page 14: ...21 PHY Diagnostics Commands 275 test copper port tdr 275 show copper ports tdr 275 show copper ports cable length 276 show fiber ports optical transceiver 277 22 Port Channel Commands 281 interface port channel 281 interface range port channel 281 channel group 282 port channel load balance 283 show interfaces port channel 284 23 Port Monitor Commands 285 port monitor 285 show ports monitor 286 54...

Page 15: ...face 294 qos map dscp queue 296 qos trust Global 296 qos trust Interface 297 qos cos 298 show qos map 298 25 Radius Commands 301 radius server host 301 radius server key 302 radius server retransmit 303 radius server source ip 304 radius server source ipv6 304 radius server timeout 305 radius server deadtime 306 show radius servers 306 5400_CLI book Page 15 Wednesday December 17 2008 4 33 PM ...

Page 16: ... show rmon log 323 rmon table size 325 27 SNMP Commands 327 snmp server community 327 snmp server view 328 snmp server filter 329 snmp server contact 330 snmp server location 331 snmp server enable traps 331 snmp server trap authentication 332 snmp server host 332 snmp server set 334 snmp server group 335 snmp server user 336 snmp server v3 host 337 snmp server engineID local 339 5400_CLI book Pag...

Page 17: ...e 349 spanning tree max age 350 spanning tree priority 350 spanning tree disable 351 spanning tree cost 352 spanning tree port priority 352 spanning tree portfast 353 spanning tree link type 354 spanning tree mst priority 354 spanning tree mst max hops 355 spanning tree mst port priority 356 spanning tree mst cost 356 spanning tree mst configuration 357 instance mst 358 name mst 359 revision mst 3...

Page 18: ...ommands 377 ip ssh port 377 ip ssh server 377 crypto key generate dsa 378 crypto key generate rsa 379 ip ssh pubkey auth 379 crypto key pubkey chain ssh 380 user key 380 key string 381 show ip ssh 382 show crypto key mypubkey 384 show crypto key pubkey chain ssh 385 30 Syslog Commands 387 logging on 387 logging 387 logging console 389 logging buffered 389 5400_CLI book Page 18 Wednesday December 1...

Page 19: ...394 show logging 394 show logging file 396 show syslog servers 398 31 System Management 401 ping 401 traceroute 403 telnet 405 resume 408 reload 409 hostname 409 service cpu utilization 410 show cpu utilization 411 show users 411 show sessions 412 show system 413 set system 414 show system mode 415 5400_CLI book Page 19 Wednesday December 17 2008 4 33 PM ...

Page 20: ...tacacs 422 33 TIC Commands 423 passwords min length 423 password aging 424 passwords aging 424 passwords history 425 passwords history hold time 426 passwords lockout 426 aaa login history file 427 set username active 428 set line active 428 set enable password active 429 show passwords configuration 429 show users login history 431 5400_CLI book Page 20 Wednesday December 17 2008 4 33 PM ...

Page 21: ...olicitation interval 436 tunnel isatap robustness 437 show ipv6 tunnel 438 35 User Interface 441 enable 441 disable 441 login 442 configure 443 exit configuration 443 exit EXEC 444 end 444 help 445 history 445 terminal datadump 446 history size 447 debug mode 447 show history 448 show privilege 449 do 449 5400_CLI book Page 21 Wednesday December 17 2008 4 33 PM ...

Page 22: ...tchport general ingress filtering disable 458 switchport general acceptable frame type tagged only 458 switchport forbidden vlan 459 switchport mode 460 switchport customer vlan 460 map protocol protocols group 461 switchport general map protocols group vlan 462 switchport protected 463 ip internal usage vlan 463 show vlan 464 show vlan internal usage 465 show vlan protocols groups 466 show interf...

Page 23: ...ttp server 477 ip http port 477 ip http exec timeout 478 ip https server 479 ip https port 479 ip https exec timeout 480 crypto certificate generate 481 crypto certificate request 482 crypto certificate import 483 ip https certificate 485 crypto certificate import pkcs12 485 show crypto certificate mycertificate 487 show ip http 488 show ip https 488 5400_CLI book Page 23 Wednesday December 17 200...

Page 24: ...timeout supp timeout 498 dot1x timeout server timeout 498 dot1x send async request id 499 show dot1x 500 show dot1x users 502 show dot1x statistics 503 ADVANCED FEATURES 505 dot1x auth not req 505 dot1x multiple hosts 506 dot1x single host violation 506 dot1x guest vlan 507 dot1x guest vlan enable 508 dot1x mac authentication 509 dot1x traps mac authentication failure 509 dot1x radius attributes v...

Page 25: ...its own set of specific commands Entering a question mark at the system prompt console prompt displays a list of commands available for that particular command mode From each mode a specific command is used to navigate from one command mode to another The standard order to access the modes is as follows User EXEC mode Privileged EXEC mode Global Configuration mode and Interface Configuration mode ...

Page 26: ...e user level prompt consists of the device host name followed by the angle bracket The default host name is Console unless it has been changed using the hostname command in the Global Configuration mode Privileged EXEC Mode Privileged access is password protected to prevent unauthorized use because many of the privileged commands set operating system parameters The password is not displayed on the...

Page 27: ...e is used to enter the Global Configuration mode To enter the Global Configuration mode perform the following steps 1 At the Privileged EXEC mode prompt enter the command configure and press Enter The Global Configuration mode prompt is displayed The Global Configuration mode prompt consists of the device host name followed by the word config and 2 Use one of the following commands to return from ...

Page 28: ... Ethernet interface mode and are used to manage the member ports as a single entity The Global Configuration mode command interface port channel is used to enter the Port Channel Interface Configuration mode SSH Public Key chain Contains commands to manually specify other device SSH public keys The Global Configuration mode command crypto key pubkey chain ssh is used to enter the SSH Public Key ch...

Page 29: ...equired parameters after the command keyword For example to set a password for the administrator enter Console config username admin password smith When working with the CLI the command options are not displayed The command is not selected from a menu but is manually entered To see what commands are available in each mode or within an Interface Configuration the CLI does provide a method of displa...

Page 30: ...tandard default number of commands that are stored in the buffer The standard number of 10 commands can be increased to 256 By configuring 0 the effect is the same as disabling the history buffer system For information about the command syntax for configuring the command history buffer see history size To display the history buffer see show history Negating the Effect of Commands For many configur...

Page 31: ...et requires a missing parameter Keyboard Shortcuts The CLI has a range of keyboard shortcuts to assist in editing the CLI commands The following table describes the CLI shortcuts config interface ethernet missing mandatory parameter config interface ethernet Keyboard Key Description Up arrow key Recalls commands from the history buffer beginning with the most recent command Repeat the key sequence...

Page 32: ...on or off must be selected Italic font Indicates a parameter Enter Any individual key on the keyboard For example click Enter Ctrl F4 Any combination keys pressed simultaneously on the keyboard Screen Display Indicates system messages and prompts appearing on the console all When a parameter is required to define a range of ports or parameters and all is an option the default for the command is al...

Page 33: ...he Web Based Interface Refer to the Getting Started Guide and User Guide for more information on the Setup Wizard This guide describes how the Command Line Interface CLI is structured describes the command syntax and describes the command functionality This guide also provides information for configuring the Dell PowerConnect switch details the procedures and provides configuration examples Basic ...

Page 34: ...es and displays Port channel information Port Monitor Commands Monitors activity on specific target ports QoS Commands Configures and displays QoS information RADIUS Commands Configures and displays RADIUS information RMON Commands Displays RMON statistics SNMP Commands Configures SNMP communities traps and displays SNMP information Spanning Tree Commands Configures and reports on Spanning Tree pr...

Page 35: ...ut interface Interface Configuration Ethernet port channel show access lists Displays access control lists ACLs defined on the device Privileged EXEC show interfaces access lists Displays access lists applied on interfaces Privileged EXEC Command Group Description Access Mode aaa authentication login Defines login authentication Global Configuration aaa authentication enable Defines authentication...

Page 36: ...pecific ports VLAN Configuration bridge multicast unregistered Configures the forwarding state of unregistered multicast addresses Interface Configuration bridge multicast forward all Enables forwarding of all Multicast frames on a port VLAN Configuration bridge multicast forbidden forward all Enables forbidding forwarding of all Multicast frames to a port VLAN Configuration bridge aging time Sets...

Page 37: ...User EXEC clock timezone Sets the time zone for display purposes Global Configuration clock summer time Configures the system to automatically switch to summer time daylight saving time Global Configuration sntp authentication key Defines an authentication key for Simple Network Time Protocol SNTP Global Configuration sntp authenticate Grants authentication for received Network Time Protocol NTP t...

Page 38: ...Mode dir Displays list of files on a flash file system Privileged User EXEC more Displays a file Privileged EXEC rename Renames a file Privileged User EXEC delete startup config Deletes the startup config file Privileged User EXEC copy Copies files from a source to a destination Privileged User EXEC delete Deletes a file from a Flash memory device Privileged User EXEC boot system Specifies the sys...

Page 39: ...res the DHCP snooping binding file Global Configuration ip dhcp snooping database update freq Configures the update frequency ofthe DHCP snooping binding file Global Configuration ip dhcp snooping binding Configures the DHCP snooping binding database and to add binding entries to the database Privileged EXEC clear ip dhcp snooping database Clears the DHCP binding database Privileged EXEC show ip d...

Page 40: ...istics on an interface User EXEC set interface active Reactivates an interface that was suspended by the system Privileged User EXEC show interfaces configuration Displays the configuration for all configured interfaces User EXEC show interfaces status Displays the status for all configured interfaces User EXEC show interfaces description Displays the description for all configured interfaces User...

Page 41: ... Group Description Access Mode ip igmp snooping Global Enables Internet Group Management Protocol IGMP snooping Global Configuration ip igmp snooping Interface Enables Internet Group Management Protocol IGMP snooping on a specific VLAN VLAN Configuration ip igmp snooping mrouter Enables automatic learning of Multicast router ports in the context of a specific VLAN VLAN Configuration ip igmp snoopi...

Page 42: ...lear arp cache Deletes all dynamic entries from the ARP cache Privileged User EXEC show arp Displays entries in the ARP table Privileged User EXEC ip domain lookup Enables the IP Domain Naming System DNS based host name to address translation Global Configuration ip domain name Defines a default domain name that the software uses to complete unqualified host names Global Configuration ip name serv...

Page 43: ...pv6 mld join group Configures Multicast Listener Discovery MLD reporting for a specified group Interface Configuration ipv6 mld version Changes the Multicast Listener Discovery Protocol MLD version Interface Configuration show ipv6 interface Displays the usability status of interfaces configured for IPv6 Privileged EXEC show ipv6 route Displays the current state of the IPv6 routing table Privilege...

Page 44: ...lay the iSCSI sessions Privileged EXEC Command Group Description Access Mode lacp system priority Configures the system LACP priority Global Configuration lacp port priority Configures the priority value for physical ports Interface Configuration lacp timeout Assigns an administrative LACP timeout Interface Configuration show lacp ethernet Displays LACP information for Ethernet ports User EXEC sho...

Page 45: ...fies the amount of time the receiving device should hold a Link Layer Discovery Protocol packet before discarding it Global Configuration lldp reinit delay Specifies the minimum time an LLDP port will wait before reinitializing LLDP transmission Global Configuration lldp tx delay Specifies the delay between successive LLDP frame transmissions initiated by value status changes in the LLDP local sys...

Page 46: ...tion Privileged EXEC Command Group Description Access Mode banner exec Specifies and enables a message to be displayed when an EXEC process is created Global Configuration banner login Enables a message to be displayed before the username and password login prompts Global Configuration banner motd Specifies and enables a message of the day banner Global Configuration exec banner Enables the displa...

Page 47: ...Reflectometry tests on specified ports Privileged User EXEC show copper ports cable length Displays the estimated copper cable length attached to a port Privileged User EXEC show fiber ports optical transceiver Displays the optical transceiver diagnostics Privileged User EXEC Command Group Description Access Mode interface port channel Enters the Interface Configuration mode of a specific port cha...

Page 48: ... queues Interface Configuration priority queue out num of queues Enables the egress queues to be expedite queues Global Configuration traffic shape Sets the shaper on an egress port Interface Configuration rate limit Ethernet Limits the rate of the incoming traffic Interface Configuration Ethernet Port Channel show qos interface Displays interface QoS data User EXEC qos map dscp queue Modifies the...

Page 49: ...a router waits for a server host to reply Global Configuration radius server deadtime Improves RADIUS response times when servers are unavailable Global Configuration show radius servers Displays the RADIUS server settings Privileged User EXEC Command Group Description Mode show rmon statistics Displays RMON Ethernet Statistics User EXEC rmon collection history Enables a Remote Monitoring RMON MIB...

Page 50: ...rk Management Protocol traps when authentication failed Global Configuration snmp server host Specifies the recipient of Simple Network Management Protocol notification operation Global Configuration snmp server set Sets SNMP MIB value by the CLI Global Configuration snmp server group Configures a new Simple Network Management Protocol SNMP group or a table that maps SNMP users to SNMP views Globa...

Page 51: ...nfigures the spanning tree bridge maximum age Global Configuration spanning tree priority Configures the spanning tree priority Global Configuration spanning tree disable Disables spanning tree on a specific port Interface Configuration spanning tree cost Configures the spanning tree path cost for a port Interface Configuration spanning tree port priority Configures port priority Interface Configu...

Page 52: ...plies all configuration changes MST Configuration mode abort mst Exits the MST Configuration mode without applying the configuration changes MST Configuration mode spanning tree pathcost method Sets the default path cost method Global Configuration spanning tree bpdu Defines BPDU handling when spanning tree is disabled on an interface Global Configuration clear spanning tree detected protocols Res...

Page 53: ... configured and enters the SSH public key string configuration command SSH Public Key key string Manually specifies a SSH public key SSH Public Key show ip ssh Displays the SSH server configuration Privileged User EXEC show crypto key mypubkey Displays the SSH public keys stored on the device Privileged User EXEC show crypto key pubkey chain ssh Displays SSH public keys stored on the device Privil...

Page 54: ...he internal buffer Privileged User EXEC show logging file Displays the state of logging and the syslog messages stored in the logging file Privileged User EXEC show syslog servers Displays the syslog servers settings Privileged User EXEC Command Group Description Access Mode ping Sends ICMP echo request packets to another node on the network User EXEC traceroute Discovers the routes that packets w...

Page 55: ...en the device and the TACACS daemon Global Configuration tacacs server source ip Specifies the source IP address that will be used for the communication with TACACS servers Global Configuration show tacacs Displays configuration and statistics for a TACACS servers Privileged User EXEC Command Group Description Access Mode The following example displays the local users configured with access to the...

Page 56: ... interface tunnel Enters tunnel interface configuration mode Global Configuration tunnel mode ipv6ip Configures an IPv6 transition mechanism global support mode Interface Tunnel Configuration tunnel isatap router Configures a global string that represents a specific automatic tunnel router domain name Interface Tunnel Configuration tunnel source Sets the local source tunnel interface IPv4 address ...

Page 57: ... dumping of all the output from the show command without prompting Privileged EXEC history size Changes the command history buffer size for a particular line All debug mode Switches the mode to debug All show history Lists the commands entered in the current session All show privilege Displays the current privilege level All do Executes a Global Configuration mode or any configuration submode All ...

Page 58: ...iguration switchport general acceptable frame type tagged only Discards untagged frames at ingress Interface Configuration switchport forbidden vlan Forbids adding specific VLANs to a port Interface Configuration map protocol protocols group Adds a special protocol to a named group of protocols which may be used for protocol based VLAN assignment VLAN Configuration switchport general map protocols...

Page 59: ... Voice VLAN status EXEC Command Group Description Access Mode ip http server Enables the device to be configured from a browser Global Configuration ip http port Specifies the TCP port for use by a web browser to configure the device Global Configuration ip https exec timeout Sets the interval the system waits for user input before automatically loging off Global Configuration ip https server Enab...

Page 60: ...HTTPS Global Configuration crypto certificate import pkcs12 Exports the certificate and the RSA keys within a PKCS12 file Privileged User EXEC crypto certificate import pkcs12 Imports the certificate and the RSA keys within a PKCS12 file Privileged User EXEC show crypto certificate mycertificate Displays the SSL certificates of the device Privileged User EXEC show ip http Displays the HTTP server ...

Page 61: ...ax req Sets the maximum number of times that the switch sends an EAP request identity frame to the client before restart ing the authentication process Interface Configuration dot1x timeout supp timeout Sets the time for the retransmission of an Extensible Authentication Protocol EAP request frame to the client Interface Configuration dot1x timeout server timeout Sets the time for the retransmissi...

Page 62: ...AN Use the no form of this command to return to default Interface Config uration VLAN dot1x guest vlan enable Enables unauthorized users on the interface access to the Guest VLAN Interface Config uration Ethernet dot1x mac authentication Enables authentication based on the station s MAC address Interface Configuration dot1x traps mac authentication failure Enables sending traps when a MAC address ...

Page 63: ...ord login prompts banner motd Specifies and enables a message of the day banner bridge aging time Sets the address table aging time bridge multicast filtering Enables filtering of Multicast addresses clock source Configures an external time source for the system clock bridge multicast unregistered Configures the forwarding state of unregistered multicast addresses clock timezone Sets the time zone...

Page 64: ...default gateway ip domain lookup Enables the IP Domain Naming System DNS based host name to address translation ip domain name Defines a default domain name that the software uses to complete unqualified host names ip host Defines static host name to address mapping in the host cache ip http authentication Specifies authentication methods for http ip http port Specifies the TCP port for use by a w...

Page 65: ...essage logging buffer Limits syslog messages sent to the logging file based on severity logging on Controls error messages logging login authentication Specifies the login authentication method list for a remote telnet or console management access class Defines which management Access List is used management access list Defines a management Access List and enters the Access List for configuration ...

Page 66: ...ion on where the device is located snmp server set Sets SNMP MIB value by the CLI snmp server trap authentication Enables the switch to send Simple Network Management Protocol traps when authentication failed sntp authenticate Grants authentication for received Network Time Protocol NTP traffic from servers sntp authentication key Defines an authentication key for Simple Network Time Protocol SNTP...

Page 67: ...Description back pressure Enables Back Pressure on a given interface channel group Associates a port with a Port channel clear host dhcp Sets an IP address on the device description Adds a description to an interface dot1x auth not req Enables unauthorized users access to that VLAN dot1x guest vlan Defines a Guest VLAN dot1x guest vlan enable Enables unauthorized users on the interface an access t...

Page 68: ...s all VLANs and prevents dynamic VLAN registration on the port gvrp vlan creation forbid Enables or disables dynamic VLAN creation ip address Sets an IP address ip address dhcp Acquires an IP address on an interface from the DHCP server ip internal usage vlan Reserves a VLAN as the internal usage VLAN of an interface ipv6 address Configures an IPv6 address for an interface ipv6 address autoconfig ...

Page 69: ... sntp client enable interface Enables the Simple Network Time Protocol SNTP client on an interface spanning tree cost Configures the spanning tree path cost for a port spanning tree disable Disables spanning tree on a specific port spanning tree link type Overrides the default link type setting spanning tree portfast Enables PortFast mode spanning tree port priority Configures port priority speed ...

Page 70: ...aud Sets the line for automatic baud rate detection speed Sets the line baud rate Command Description deny management Defines a deny rule permit management Defines a permit rule Command Description boot system Specifies the system image that the device loads at startup clear arp cache Deletes all dynamic entries from the ARP cache clear bridge Removes any learned entries from the forwarding databa...

Page 71: ... system image file that the device loads at startup show bridge address table Displays dynamically created entries in the bridge forwarding database show bridge address table count Displays the number of addresses present in all VLANs or at specific VLAN show bridge multicast address table Displays Multicast MAC address table information show bridge multicast filtering Displays the Multicast filte...

Page 72: ...management access lists show ports security Displays the port lock status show ports storm control Displays the storm control configuration show radius servers Displays the RADIUS server settings show running config Displays the contents of the currently running configuration file show snmp Displays the SNMP status show spanning tree Displays spanning tree configuration show startup config Display...

Page 73: ...s description Displays the description for all configured interfaces port channel load balance Displays Port channel information show interfaces status Displays the status for all configured interfaces show ip igmp snooping groups Displays Multicast groups learned by IGMP snooping show ip igmp snooping interface Displays IGMP snooping configuration show ip igmp snooping mrouter Displays informatio...

Page 74: ... Adds a static MAC layer station source address to the bridge table bridge multicast address Registers MAC layer Multicast addresses to the bridge table and adds static ports to the group bridge multicast forbidden address Forbids adding a specific Multicast address to specific ports bridge multicast forbidden forward all Enables forbidding forwarding of all Multicast frames to a port bridge multi...

Page 75: ...is defined Command Mode Global Configuration mode User Guidelines IPv4 ACLs are defined by a unique name An IPv4 ACL and MAC ACL cannot share the same name Example The following example shows how to define an IPv4 Access List called dell access 1 and to place the device in IPv4 Access List Configuration mode mac access list The mac access list Global Configuration mode command enables the MAC Acce...

Page 76: ...s List Configuration mode command permits traffic if the conditions defined in the permit statement match Syntax permit any protocol any source source wildcard any destination destination wildcard dscp number ip precedence number permit icmp any source source wildcard any destination destination wildcard any icmp type any icmp code dscp number ip precedence number permit igmp any source source wil...

Page 77: ...stination unreachable source quench redirect alternate host address echo request router advertisement router solicitation time exceeded parameter problem timestamp timestamp reply information request information reply address mask request address mask reply traceroute datagram conversion error mobile host redirect mobile registration request mobile registration reply domain name request domain nam...

Page 78: ...n destination wildcard dscp number ip precedence number deny icmp disable port any source source wildcard any destination destination wildcard any icmp type any icmp code dscp number ip precedence number deny igmp disable port any source source wildcard any destination destination wildcard any igmp type dscp number ip precedence number deny tcp disable port any source source wildcard any source po...

Page 79: ...y address mask request address mask reply traceroute datagram conversion error mobile host redirect mobile registration request mobile registration reply domain name request domain name reply skip photuris icmp code Specifies an ICMP message code for filtering ICMP packets Range 0 255 igmp type Specifies IGMP packets filtered by IGMP message type Enter a number or one of the following values host ...

Page 80: ...rce wildcard Specifies wildcard bits to be applied to the source MAC address by placing 1s in bit positions to be ignored any Specify a MAC address and mask For example to set 00 00 00 00 10 XX use the Mac address 00 00 00 00 10 00 and mask 00 00 00 00 00 FF destination Specifies the MAC address of the host to which the packet is being sent destination wildcard Specifies wildcard bits to be applie...

Page 81: ... any destination destination wildcard vlan vlan id cos cos cos wildcard ethtype eth type inner vlan vlan id disable port Indicates that the port is disabled if the condition is matched source Specifies the MAC address of the host from which the packet was sent source wildcard Specifies wildcard bits to the source MAC address by placing 1s in bit positions to be ignored any Specify a MAC address an...

Page 82: ...ny any any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied Example The following example shows how to create a MAC ACL with deny rules on a device service acl The service acl Interface Configuration Ethernet port channel mode command applies an ACL to the input interface Use the no form of this command to detach ...

Page 83: ...me The name of the ACL Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays access lists defined on a device Console config interface eth g1 Console config if service acl input macl1 Console show access lists IP access list ACL1 permit 234 172 30 40 1 0 ...

Page 84: ...the Valid Ethernet port port channel number Specifies the port channel index Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displaynews ACLs applied to the interfaces of a device Console show interfaces access lists Interface Input ACL g1 ACL1 ACL2 g2 ACL3 ...

Page 85: ...logs in method1 method2 Specify at least one from the following table Default Configuration The local user database is checked This has the same effect as the command aaa authentication login list name local NOTE On the console login succeeds without any authentication check if the authentication method is not defined Command Mode Global Configuration mode Keyword Source or destination enable Uses...

Page 86: ... method lists for accessing higher privilege levels Use the no form of this command to return to the default configuration Syntax aaa authentication enable default list name method1 method2 no aaa authentication enable default default Uses the listed authentication methods that follow this argument as the default list of methods when using higher privilege levels list name Character string used to...

Page 87: ...y if the previous method returns an error not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line All aaa authentication enable default requests sent by the device to a RADIUS or TACACS server include the username enab15 Example The following example sets authentication when accessing higher privilege level...

Page 88: ... Syntax enable authentication default list name no enable authentication default Uses the default list created with the authentication enable command list name Uses the indicated list created with the authentication enable command Default Configuration Uses the default set with the command authentication enable Command Mode Line Configuration mode User Guidelines There are no user guidelines for t...

Page 89: ...or not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line Example The following example configures the http authentication ip https authentication The ip https authentication Global Configuration mode command specifies authentication methods for https servers Use the no form of this command to return to th...

Page 90: ...as the final method in the command line Example The following example configures https authentication show authentication methods The authentication methods Privilege EXEC mode command displays information about the authentication methods Syntax show authentication methods Default Configuration This command has no default configuration Keyword Source or destination local Uses the local username da...

Page 91: ...w authentication methods Login Authentication Method Lists Console_Default None Network_Default Local Enable Authentication Method Lists Console_Default Enable None Network_Default Enable Line Login Method List Enable Method List Console Default Default Telnet Default Default SSH Default Default http Tacacs Local https Tacacs Local dot1x 5400_CLI book Page 91 Wednesday December 17 2008 4 33 PM ...

Page 92: ...le specifies a password secret on a line enable password The enable password Global Configuration mode command sets a local password to control access to normal and privilege levels Use the no form of this command to remove the password requirement Syntax enable password level level password encrypted no enable password level level password Password for this level from 1 to 159 characters in lengt...

Page 93: ...level encrypted no username name name The name of the user Range 1 20 characters password The authentication password for the user Range 8 64 characters level The user level Range 1 15 encrypted Encrypted password entered copied from another device configuration Default Configuration No user is defined Command Mode Global Configuration mode User Guidelines No password is required Example The follo...

Page 94: ...is command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the local users configured with access to the system Console show users accounts Username Privilege Password Aging Password Expiry Date Lockout Bob 15 Robert 15 5400_CLI book Page 94 Wednesday December 17 2008 4 33 PM ...

Page 95: ...d MAC address in the format of xx xx xx xx xx xx interface A valid Ethernet port port channel number A valid port channel number permanent The address can only be deleted by the no bridge address command delete on reset The address is deleted after reset delete on timeout The address is deleted after age out time has expired secure The address is deleted after the port changes mode to unlock learn...

Page 96: ...led All Multicast addresses are flooded to all ports Command Mode Global Configuration mode User Guidelines If devices exist on the VLAN do not change the unregistered Multicast addresses state to drop on the devices ports If Multicast routers exist on the VLAN and IGMP snooping is not enabled the bridge multicast forward all command should be used to enable forwarding all Multicast packets to the...

Page 97: ...the group mac multicast address MAC Multicast address in the format of xx xx xx xx xx xx ip multicast address IP Multicast address interface list Separate nonconsecutive Ethernet ports with a comma and no spaces a hyphen is used to designate a range of ports port channel number list Separate nonconsecutive port channels with a comma and no spaces a hyphen is used to designate a range of ports Defa...

Page 98: ...from the group mac multicast address MAC Multicast address in the format of xx xx xx xx xx xx ip multicast address IP Multicast address is in the format xxx xxx xxx xxx interface list Separate non consecutive valid Ethernet ports with a comma and no spaces hyphen is used to designate a range of ports port channel number list Separate non consecutive valid port channels with a comma and no spaces a...

Page 99: ... the port is a router port Default Configuration Forwarding Command Modes Interface configuration Ethernet Port Channel mode Default Configuration Unregistered multicast filtering should not be enabled on ports that are connected to routers because the 224 0 0 x address range should not be filtered Routers would not necessarily send IGMP reports for the 224 0 0 x range Examples This example config...

Page 100: ...port channel number list Separate non consecutive valid port channels with a comma and no spaces a hyphen is used to designate a range of port channels Default Configuration Disable forward all on the specified interface Command Mode Interface Configuration VLAN mode User Guidelines There are no user guidelines for this command Example In this example all Multicast packets on port g8 are forwarded...

Page 101: ...ing to the port is not forbidden Command Mode Interface Configuration VLAN mode User Guidelines IGMP snooping dynamically discovers Multicast router ports When a Multicast router port is discovered all the Multicast packets are forwarded to it unconditionally This command prevents a port to be a Multicast router port Example In this example forwarding all Multicast packets to g6 are forbidden brid...

Page 102: ...XEC mode command removes any learned entries from the forwarding database Syntax clear bridge This command has no keywords or arguments Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example the bridge tables are cleared Console config bridge aging time 250 Console clear...

Page 103: ...defines the minimal amount of time in seconds between two consecutive traps Range 1 1 000 000 Default Configuration Disabled No port security Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example In this example frame forwarding is enabled without learning and with traps sent every 100 seconds on port g1 port security ...

Page 104: ...In this example port security mode is set to dynamic for Ethernet interface 1 7 port security max The port security mode Interface Configuration Ethernet port channel mode command configures the maximum addresses that can be learned on the port while the port is in port security max addresses mode Use the no form of this command to restore the default configuration Syntax port security max max add...

Page 105: ... xx xx xx Default Configuration No addresses are defined Command Mode Interface Configuration Ethernet port channel Cannot be configured for a range of interfaces range context User Guidelines The command enables adding secure MAC addresses to a routed ports in port security mode The command is available when the port is a routed port and in port security mode The address is deleted if the port ex...

Page 106: ... This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Internal usage VLANs VLANs that are automatically allocated on routed ports would be presented in the VLAN column by a port number and not by a VLAN ID Example In this example all classes of entries in the bridge forwarding database are displayed Console show bridge address table Aging time is 300 sec vlan...

Page 107: ...net port number port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example all static entries in the bridge forwarding database are displayed Console show bridge address table static Aging time is 300 sec vlan mac address port ...

Page 108: ...terface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command displays the count for 1 VLAN for all VLANs or for a specific port No commas are allowed Example In this example the number of addresses present in the VLANs are displayed Console show bridge add...

Page 109: ...lticast address format Multicast address format Can be ip or mac If format is unspecified the default is mac Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example Multicast MAC address table information is displayed Console show bridge multicast address table Multicast ...

Page 110: ...rbidden ports for Multicast addresses Vlan MAC Address Ports 1 01 00 5e 02 02 03 g8 19 01 00 5e 02 02 08 g8 Console show bridge multicast address table format ip Multicast address table for VLANs in MAC GROUP bridging mode Vlan IP Mac Address Type Ports 1 224 239 130 2 2 3 static g1 g2 19 224 239 130 2 2 8 static g1 8 19 224 239 130 2 2 8 dynamic g9 11 Forbidden ports for Multicast addresses Vlan ...

Page 111: ...ivileged EXEC mode command displays the port lock status Syntax show ports security ethernet interface port channel port channel number interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Console show bridge multicast filtering 1 Filtering Enabled VLAN 1 Port Static Status ...

Page 112: ...1 g2 Disabled Lock 1 g3 Disabled Lock 1 g4 Disabled Lock 1 g5 Disabled Lock 1 g6 Disabled Lock 1 g7 Disabled Lock 1 g8 Disabled Lock 1 g9 Disabled Lock 1 g10 Disabled Lock 1 g11 Disabled Lock 1 g12 Disabled Lock 1 g13 Disabled Lock 1 g14 Disabled Lock 1 g15 Disabled Lock 1 g16 Disabled Lock 1 g17 Disabled Lock 1 g18 Disabled Lock 1 g19 Disabled Lock 1 g20 Disabled Lock 1 g21 Disabled Lock 1 g22 Di...

Page 113: ...ult Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example This example displays dynamic addresses in all currently locked ports Frequency Minimum time in seconds between consecutive traps Counter Number of actions since last trap Console show ports security addresses Port Status Learning Curre...

Page 114: ...114 Address Table Commands 5400_CLI book Page 114 Wednesday December 17 2008 4 33 PM ...

Page 115: ...kens in the form token in the message text can be included Tokens are replaced with the corresponding configuration variable Tokens are described in the usage guidelines Default Configuration Disabled no EXEC banner is displayed Command Mode Global Configuration mode User Guidelines Follow this command with one or more blank spaces and a delimiting character Then enter one or more lines of text te...

Page 116: ...delete the existing Login banner Token Information displayed in the banner hostname Displays the host name for the device domain Displays the domain name for the device bold Indicates that the next text is a bold text Using this token again indicates the end of the bold text inverse Indicates that the next text is an inverse text Using this token again indicates the end of the inverse text contact...

Page 117: ...onnects to a device the message of the day MOTD banner appears first followed by the login banner and prompts After the user logs in to the device the EXEC banner is displayed To customize the banner use tokens in the form token in the message text The following table displays the tokens To disable the EXEC banner on a particular line or lines use the no exec banner line configuration command Toke...

Page 118: ... be included Tokens are replaced with the corresponding configuration variable Tokens are described in the usage guidelines Default Configuration Disabled no MOTD banner is displayed Command Mode Global Configuration mode User Guidelines Follow this command with one or more blank spaces and a delimiting character Then enter one or more lines of text terminating the message with the second occurren...

Page 119: ...banner no exec banner Token Information displayed in the banner hostname Displays the host name for the device domain Displays the domain name for the device bold Indicates that the next text is a bold text Using this token again indicates the end of the bold text inverse Indicates that the next text is an inverse text Using this token again indicates the end of the inverse text contact Displays t...

Page 120: ...in banners Use the no form of this command to disable the display of login banners Syntax login banner no login banner Default Configuration Enabled Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables the display of login banners Console config line console Console config line exec banner Console Console config li...

Page 121: ...delines There are no user guidelines for this command Example The following example enables the display of message of the day banners show banner The show banner Privileged EXEC mode command displays the banners configuration Syntax show banner motd show banner login show banner exec Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Console Console c...

Page 122: ...for this command Example The following example displays the banners configuration Device show motd Console Enabled Telnet Enabled SSH Enabled MOTD Message bold Upgrade bold to all devices begins at March 12 5400_CLI book Page 122 Wednesday December 17 2008 4 33 PM ...

Page 123: ...rst three letters by name Jan Dec year Current year 2000 2097 Default Configuration The default time set is 0 0 0 0 Jan 1 2000 or xxxxx Month Day Year Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example sets the system time to 13 32 00 on the 7th March 2002 clock source The clock source Privileged EXEC mode command configure...

Page 124: ...rm of this command to set the time to Coordinated Universal Time UTC Syntax clock timezone hours offset minutes minutes offset zone acronym no clock timezone hours offset Hours difference from UTC Range 12 13 minutes minutes offset Minutes difference from UTC Range 0 59 zone acronym The acronym of the time zone Range Up to 4 characters Default Configuration UTC Command Mode Global Configuration mo...

Page 125: ... the corresponding specified days every year date Indicates that summer time should start on the first specific date listed in the command and end on the second specific date in the command usa The summer time rules are the United States rules eu The summer time rules are the European Union rules week Week of the month Range 1 4 first last day Day of the week Range first three letters by name like...

Page 126: ... the system assumes that you are in the southern hemisphere USA rule for daylight saving time Start Second Sunday in March End First Sunday in November Time 2 am local time EU rule for daylight saving time Start Last Sunday in March End Last Sunday in October Time 1 00 am 01 00 Greenwich Mean Time GMT Examples The following example sets summer time starting on the first Sunday in April at 2am and ...

Page 127: ...n key for SNTP sntp authenticate The sntp authenticate Global Configuration mode command grants authentication for received Network Time Protocol NTP traffic from servers Use the no form of this command to disable the feature Syntax sntp authenticate no sntp authenticate This command has no arguments or keywords Default Configuration No authentication Command Mode Global Configuration mode Console...

Page 128: ... trusted key key number key number Key number of authentication key to be trusted Range 1 4294967295 Default Configuration Not trusted Command Mode Global Configuration mode User Guidelines The command is relevant for both received Unicast and Broadcast If there is at least 1 trusted key then unauthenticated messages will be ignored Examples The following example authenticates key 8 Console config...

Page 129: ...elines for this command Examples The following example sets the polling time for the Simple Network Time Protocol SNTP client to 120 seconds sntp broadcast client enable The sntp Broadcast client enable Global Configuration mode command enables the Simple Network Time Protocol SNTP Broadcast clients Use the no form of this command to disable the SNTP Broadcast clients Syntax sntp broadcast client ...

Page 130: ...form of this command to disable the polling for SNTP Broadcast client Syntax sntp anycast client enable no sntp anycast client enable This command has no arguments or keywords Default Configuration SNTP Anycast clients disabled Command Mode Global Configuration mode User Guidelines Polling time is determined by the sntp client poll timer Global Configuration mode command Use the sntp client enable...

Page 131: ...obal Configuration mode User Guidelines Use the sntp Broadcast client enable Global Configuration mode command to enable Broadcast clients globally Use the sntp anycast client enable Global Configuration mode command to enable Anycast clients globally Examples The following example enables the SNTP client on the interface sntp client enable interface The sntp client enable Interface Configuration ...

Page 132: ...unicast client enable Global Configuration mode command enables the device to use the Simple Network Time Protocol SNTP to request and accept Network Time Protocol NTP traffic from servers Use the no form of this command to disable requesting and accepting Network Time Protocol NTP traffic from servers Syntax sntp unicast client enable no sntp unicast client enable This command has no arguments or...

Page 133: ...Default Configuration Disabled Command Mode Global Configuration mode User Guidelines Polling time is determined by the sntp client poll timer Global Configuration mode command Examples The following example enables polling for the Simple Network Time Protocol SNTP predefined Unicast clients sntp server The sntp server Global Configuration mode command configures the device to use the Simple Netwo...

Page 134: ...SNTP servers can be defined Use the sntp unicast client enable Global Configuration mode command to enable predefined Unicast clients globally To enable polling you should also use the sntp unicast client poll Global Configuration mode command for global enabling Polling time is determined by the sntp client poll timer Global Configuration mode command The IPv6Z address format ipv6 link local addr...

Page 135: ...l Shows timezone and summertime configuration Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines The symbol that precedes the show clock display indicates the following Console config sntp server 192 1 1 1 Symbol Description Time is not authoritative blank Time is authoritative Time is authoritative but SNTP is not synchronized 5400_CLI book...

Page 136: ...tp configuration This command has no keywords or arguments Console show clock 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Device show clock detail 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Time zone Acronym is PST Offset is UTC 8 Summertime Acronym is PDT Recurring every year Begins at first Sunday of April at 2 00 Ends at last Sunday of October at 2 00 Offset is 60 minutes 5400_CL...

Page 137: ...sntp configuration Polling interval 7200 seconds MD5 Authentication keys 8 9 Authentication is required for synchronization Trusted Keys 8 9 Unicast Clients Polling Enabled Server Polling Encryption Key 176 1 1 8 Enabled 9 176 1 8 179 Disabled Disabled Broadcast Clients Enabled Broadcast Clients Poll Enabled Broadcast Interfaces g1 g3 5400_CLI book Page 137 Wednesday December 17 2008 4 33 PM ...

Page 138: ...ples The following example shows the status of the SNTP Console show sntp status Clock is synchronized stratum 4 reference is 176 1 1 8 Reference time is AFE2525E 70597B34 00 10 22 438 PDT Jul 5 1993 Unicast servers Server Preference Status Last response Offset mSec Delay mSec 176 1 1 8 Primary Up AFE252C1 6DBDDFF2 7 33 117 79 176 1 8 179 Secondary Unknown AFE21789 643287C9 8 98 189 19 Broadcast I...

Page 139: ... EXEC mode User Guidelines There are no user guidelines for this command Examples Console dir Directory of flash File Name Permission FlashSize DataSize Modified bb rw 500000 97 13 Feb 2005 10 30 21 cc rw 500000 97 13 Feb 2005 10 30 35 dd rw 500000 97 13 Feb 2005 10 30 50 ee rw 500000 97 13 Feb 2005 10 31 04 image 1 rw 5767168 07 Feb 2005 10 15 56 image 2 rw 5767168 07 Feb 2005 10 15 56 aaafile pr...

Page 140: ...in hexadecimal format CAUTION prv files can t be displayed syslog1 sys r 262144 07 Feb 2005 10 16 02 syslog2 sys r 262144 07 Feb 2005 10 16 02 directry prv 262144 07 Feb 2005 10 15 56 startup config rw 400000 95 13 Feb 2005 18 46 34 Total size of flash 33292288 bytes Free size of flash 20708893 bytes Keyword Source or Destination flash Source or destination URL for Flash memory It s the default in...

Page 141: ...me Privileged EXEC command Syntax rename url new url url The location URL new url New URL Console more version 12 1 interface FastEthernetg1 ip address 176 242 100 100 255 ip pim dense mode duplex auto speed auto end 5400_CLI book Page 141 Wednesday December 17 2008 4 33 PM ...

Page 142: ...x delete startup config This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example deletes the startup config file Keyword Source Destination flash Source or destination URL for Flash memory It s the default in case a URL is s...

Page 143: ...nation flash Source or destination URL for Flash memory It s the default in case a URL is specified without a prefix running config Represents the current running configuration file startup config Represents the startup configuration file image If source file represent the active image file If destination file represent the non active image file boot Boot file tftp Source or destination URL for a ...

Page 144: ...ation Some invalid combinations of source and destination exist Specifically the following cannot be copied If the source file and destination file are the same file xmodem cannot be a destination Can only be copied to image boot and null tftp cannot be the source and destination on the same copy prv files can t be copied Copy Character Descriptions Copying image file from a Server to Flash Memory...

Page 145: ...urrent configuration file to a network server using TFTP Use the copy startup config destination url command to copy the startup configuration file to a network server The configuration file copy can serve as a backup copy Saving the Running Configuration to the Startup Configuration Use the copy running config startup config command to copy the running configuration to the startup configuration B...

Page 146: ...ed Examples The following example deletes a file from Flash memory boot system The boot system Privileged EXEC mode command specifies the system image that the device loads at startup Syntax boot system image 1 image 2 image 1 Specifies image 1 as the system startup image image 2 Specifies image 2 as the system startup image Keyword Source or Destination flash Source or destination URL for Flash m...

Page 147: ...he contents of the currently running configuration file Syntax show running config sort type Specifies the sorting type of the file Can be one of the following values interface feature Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines show running config does not show all the port configurations under the port Although the device is a...

Page 148: ...ifies the sorting type of the file Can be one of the following values interface feature Console show running config no spanning tree vlan database vlan 2 exit interface range ethernet g 1 2 switchport access vlan 2 exit interface vlan 2 bridge address 00 00 00 00 00 01 ethernet g1 exit interface ethernet g1 gvrp enable exit gvrp enable interface ethernet g24 ip address dhcp exit ip name server 10 ...

Page 149: ...ys the contents of the startup config file Console show startup config no spanning tree vlan database vlan 2 exit interface range ethernet g 1 2 switchport access vlan 2 exit interface vlan 2 bridge address 00 00 00 00 00 01 ethernet g1 exit interface ethernet g1 gvrp enable exit gvrp enable interface ethernet g24 ip address dhcp exit ip name server 10 6 1 36 console 5400_CLI book Page 149 Wednesd...

Page 150: ...mmand has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays the active system image file that the device loads at startup Console show bootvar Images currently available on the FLASH image 1 active selected for next boot image 2 not active 5400_CLI book Page 150 Wednesday December 17 2008...

Page 151: ...iguration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables port g8 for configuration interface range ethernet The interface range ethernet Global Configuration mode command enters the Interface Configuration mode to configure multiple Ethernet type interfaces Console ...

Page 152: ... in the range If the command returns an error on one of the active interfaces it does not stop executing commands on other active interfaces Example The following example shows how ports g18 to g20 and ports g22 to g24 are grouped to receive the same command shutdown The shutdown Interface Configuration mode command disables interfaces Use the no form of this command to restart a disabled interfac...

Page 153: ...ng Comment or a description of the port up to 64 characters Default Configuration By default the interface does not have a description Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example adds a description to the Ethernet g5 Console config interface ethernet g5 Console config if shutdown Console...

Page 154: ...r Guidelines The command no speed in port channel context returns each port in the port channel to its maximum capability Example The following example configures the speed operation of Ethernet g5 to force 100 Mbps operation duplex The duplex Interface Configuration mode command configures the full half duplex operation of a given Ethernet interface when not using auto negotiation Use the no form...

Page 155: ...ation command to enable auto negotiation operation for the speed and duplex parameters of a given interface Use the no form of this command to disable it Syntax negotiation capability1 capability2 capability5 no negotiation capability Specify the capabilities to advertise Can be one or more of the following 10h 10f 100h 100f 1000f If unspecified defaults to list of all the capabilities of the port...

Page 156: ...ration Ethernet port channel mode User Guidelines Flow Control will operate only if duplex mode is set to FULL Back Pressure will operate only if duplex mode is set to HALF When Flow Control is ON the head of line blocking mechanism of this port is disabled If a link is set to NOT use auto negotiation the other side of the link must also be configured to not use auto negotiation To select auto ens...

Page 157: ...command is only operational on the 48 port device Example The following example enables flow control on port 1 4 mdix The mdix Interface Configuration mode command enables automatic crossover on a given interface Use the no form of this command to disable automatic crossover Syntax mdix on auto no mdix on Manual mdix auto Auto mdi mdix Default Configuration Automatic crossover is enabled Command M...

Page 158: ...tch Example In the following example automatic crossover is enabled on g5 back pressure The back pressure Interface Configuration mode command enables Back Pressure on a given interface Use the no form of this command to disable Back Pressure Syntax back pressure no back pressure Default Configuration Back Pressure is disabled Command Mode Interface Configuration Ethernet port channel mode User Gu...

Page 159: ...nd would be effective only after reset Example In the following example Jumbo Frames are enabled on the device clear counters The clear counters User EXEC mode command clears statistics on an interface Syntax clear counters ethernet interface port channel port channel number interface Valid Ethernet port port channel number Valid port channel trunk index Default Configuration This command has no d...

Page 160: ...d Mode Privilege EXEC mode User Guidelines This command is used to activate interfaces that were configured to be active but were shutdown for some reason Example The following example activates interface g5 which is disabled show interfaces configuration The show interfaces configuration Privilege EXEC mode command displays the configuration for all configured interfaces Syntax show interfaces co...

Page 161: ...lowing example displays the configuration for all configured interfaces Console show interfaces configuration Port Type Duplex Speed Neg Flow Control Admin State MdixMode g1 1G Full 1000 Auto On Up Auto g2 1G Full 100 Off Off Up Off g3 1G Full 1000 Off Off Up On Ch Type Speed Neg Flow Control Admin State ch1 Enabled Off up ch2 Enabled up ch3 Enabled up 5400_CLI book Page 161 Wednesday December 17 ...

Page 162: ...e Auto crossover status Admin State Displays whether the port is enabled or disabled show interfaces status The show interfaces status User EXEC mode command displays the status for all configured interfaces Syntax show interfaces status ethernet interface port channel port channel number interface A valid Ethernet port port channel number A valid port channel trunk index Default Configuration Thi...

Page 163: ...Copper half 10 Enabled off up Disable on g11 1G Copper half 10 Enabled off up Disable on g12 1G Copper half 10 Enabled off up Disable on g13 1G Copper half 10 Enabled off up Disable on g14 1G Copper half 10 Enabled off up Disable on g15 1G Copper half 10 Enabled off up Disable on g16 1G Copper half 10 Enabled off up Disable on g17 1G Copper half 10 Enabled off up Disable on g18 1G Copper half 10 E...

Page 164: ...aling Duplex Displays the port Duplex status Speed Refers to the port speed Neg Describes the Auto negotiation status Flow Control Displays the Flow Control status Back Pressure Displays the Back Pressure status Link State Displays the Link Aggregation status Ch Type Duplex Speed Neg Flow Control Link State ch1 Not Present ch2 Not Present ch3 Not Present ch4 Not Present ch5 Not Present ch6 Not Pre...

Page 165: ...le The following example displays auto negotiation information Console show interfaces advertise Port Type Neg Operational Link Advertisement g1 1G Copper Enabled 1000f 100f 100h 10f 10h g2 1G Copper Enabled 1000f 100f 100h 10f 10h g3 1G Copper Enabled 1000f 100f 100h 10f 10h g4 1G Copper Enabled 1000f 100f 100h 10f 10h g5 1G Copper Enabled 1000f 100f 100h 10f 10h g6 1G Copper Enabled 1000f 100f 1...

Page 166: ...19 1G Copper Enabled 1000f 100f 100h 10f 10h g20 1G Copper Enabled 1000f 100f 100h 10f 10h g21 1G Combo C Enabled 1000f 100f 100h 10f 10h g22 1G Combo C Enabled 1000f 100f 100h 10f 10h g23 1G Combo C Enabled 1000f 100f 100h 10f 10h g24 1G Combo C Enabled 1000f 100f 100h 10f 10h Ch Type Neg Operational Link Advertisement ch1 Enabled ch2 Enabled ch3 Enabled ch4 Enabled ch5 Enabled ch6 Enabled ch7 En...

Page 167: ...trunk index Default Configuration This command has no default configuration Command Modes Privilege EXEC mode User Guidelines There are no user guidelines for this command Type 1G Copper Link state Up Auto Negotiation enabled 1000f 1000h 100f 100h 10f 10h Admin Local Link Advertisement yes no yes yes yes yes Oper Local Link Advertisement yes no yes yes yes yes Remote Link Advertisement N A N A N A...

Page 168: ... interface port channel port channel number interface A valid Ethernet port port channel number A valid port channel index Default Configuration This command has no default configuration Command Modes Privilege EXEC mode User Guidelines There are no user guidelines for this command Console show interfaces description ethernet g1 Port Description g1 Management_port g2 R D_port g3 Finance_port Ch De...

Page 169: ...stPkts InBcastPkts InOctets g1 1289 987 8 183892 g2 0 0 0 0 g3 1788 373 19 123899 Port OutUcastPkt s OutMcastPkts OutBcastPkts OutOctets g4 9 8 0 9188 g5 0 0 0 0 g6 27 8 0 8789 Ch InUcastPkts InMcastPkts InBcastPkts 4InOctets 1 928 0 78 27889 Ch OutUcastPkt s OutMcastPkts OutBcastPkts OutOctets 1 882 0 122 23739 5400_CLI book Page 169 Wednesday December 17 2008 4 33 PM ...

Page 170: ...tOctets OutUcastPkts OutMcastPkts OutBcastPkts g1 9188 9 8 0 FCS Errors 8 Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 Deferred Transmissions 0 Late Collisions 0 Excessive Collisions 0 Internal MAC Tx Errors 0 Carrier Sense Errors 0 Oversize Packets 0 Internal MAC Rx Errors 0 Received Pause Frames 0 Transmitted Pause Frames 0 5400_CLI book Page 170 Wednesday December 17 ...

Page 171: ...subsequently transmitted successfully SQE Test Errors A count of times that the SQE TEST ERROR is received The SQE TEST ERROR is set in accordance with the rules for verification of the SQE detection mechanism in the PLS Carrier Sense Function as described in IEEE Std 802 3 2000 Edition section 7 2 4 6 Deferred Transmissions A count of frames for which the first transmission attempt is delayed bec...

Page 172: ...on error or carrier extend error on the GMII For an interface operating in full duplex mode at 1000 Mb s the number of times the receiving media is non idle a carrier event for a period of time equal to or greater than minFrameSize and during which there was at least one occurrence of an event that causes the PHY to indicate Data reception error on the GMII For an interface operating at 10 Gb s th...

Page 173: ...Guidelines To control Multicasts storms use the commands port storm control broadcast enable and port storm control broadcast rate Example The following example enables the counting of Multicast packets port storm control broadcast enable The port storm control broadcast enable Interface Configuration mode command enables Broadcast storm control Use the no form of this command to disable Broadcast...

Page 174: ... rate Interface Configuration mode command configures the maximum Broadcast rate Use the no form of this command to return to the default value Syntax port storm control broadcast rate rate no port storm control broadcast rate rate Maximum kilobytes per second of Broadcast Unicast and Multicast traffic on a port Rate 3 5M 1G Default Configuration The default storm control Broadcast rate is 3 5M Co...

Page 175: ...nd Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the storm control configuration console config interface ethernet g2 console config if port storm control broadcast rate 10 Console show ports storm control Port State Rate Kbits Sec Included g1 Disabled 3500 Broadcast g2 Disabled 3500 Broadcast g3 Disabled 3500 Broadc...

Page 176: ...ed 3500 Broadcast g10 Disabled 3500 Broadcast g11 Disabled 3500 Broadcast g12 Disabled 3500 Broadcast g13 Disabled 3500 Broadcast g14 Disabled 3500 Broadcast g15 Disabled 3500 Broadcast g16 Disabled 3500 Broadcast g17 Disabled 3500 Broadcast g18 Disabled 3500 Broadcast g19 Disabled 3500 Broadcast g20 Disabled 3500 Broadcast g21 Disabled 3500 Broadcast g22 Disabled 3500 Broadcast g23 Disabled 3500 ...

Page 177: ...e no user guidelines for this command Example The following example displays the flow control state on cascade ports console config show system flowcontrol Flow control for internal cascade ports Enabled 5400_CLI book Page 177 Wednesday December 17 2008 4 33 PM ...

Page 178: ...178 Ethernet Configuration Commands 5400_CLI book Page 178 Wednesday December 17 2008 4 33 PM ...

Page 179: ...t you must globally enable DHCP snooping DHCP snooping is not active until you enable snooping on a VLAN by using the ip dhcp snooping vlan Global Configuration command Example The following example globally enables DHCP snooping ip dhcp snooping vlan The ip dhcp snooping vlan Global Configuration mode command enables DHCP snooping on a VLAN Use the no form of this command to disable DHCP snooping...

Page 180: ...ration The interface is untrusted Command Mode Interface Configuration Ethernet Port channel mode User Guidelines Configure as trusted ports those that are connected to a DHCP server or to other switches or routers Configure as untrusted ports those that are connected to DHCP clients ip dhcp snooping information option allowed untrusted The ip dhcp snooping information option allowed untrusted Glo...

Page 181: ... Global Configuration mode command configures the switch to verify on an untrusted port that the DHCP packet source MAC address matches the client hardware address Use the no form of this command to configure the switch to not verify the MAC addresses Syntax ip dhcp snooping verify no ip dhcp snooping verify Default Configuration The switch verifies the source MAC address in a DHCP packet that is ...

Page 182: ...tabase is accurate Simple Network Time Protocol SNTP is enabled and configured The switch writes binding changes to the binding file only when the switch system clock is synchronized with SNTP Example The following example configures the DHCP snooping binding file ip dhcp snooping database update freq The ip dhcp snooping database update freq Global Configuration mode command configures the update...

Page 183: ...e binding database Syntax ip dhcp snooping binding mac address vlan id ip address ethernet interface port channel port channel number expiry seconds no ip dhcp snooping binding mac address vlan id mac address Specify a MAC address vlan id Specify a VLAN number ip address Specify an IP address interface Specify Ethernet port port channel number Specify Port channel number expiry seconds Specify the...

Page 184: ...ooping database Default Configuration HTTP server is disabled by default Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example clears the DHCP binding database show ip dhcp snooping Use the show ip dhcp snooping EXEC command to display the DHCP snooping configuration Syntax show ip dhcp snooping ethernet interface port channel...

Page 185: ...ip dhcp snooping binding mac address mac address ip address ip address vlan vlan ethernet interface port channel port channel number mac address Specify a MAC address ip address Specify an IP address vlan id Specify a VLAN number interface Specify Ethernet port port channel number Specify Port channel number Default Configuration This command has no default configuration Console show ip dhcp snoop...

Page 186: ...nding database and configuration information for all interfaces on a switch Console show ip dhcp snooping binding Update frequency 1200 Total number of binding 2 Mac Address IP Address Lease sec Type VLAN Interface 0060 704C 73FF 10 1 8 1 7983 snooping 3 g21 0060 704C 7BC1 10 1 8 2 92332 snooping s 3 g22 5400_CLI book Page 186 Wednesday December 17 2008 4 33 PM ...

Page 187: ...nables GVRP globally Use the no form of this command to disable GVRP globally on the switch Syntax gvrp enable no gvrp enable Default Configuration GVRP is globally disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example globally enables GVRP on the device gvrp enable interface The gvrp enable Interface Configurati...

Page 188: ...d adjusts the GARP application join leave and leaveall GARP timer values Use the no form of this command to reset the timer to default values Syntax garp timer join leave leaveall timer_value no garp timer join Indicates the time in milliseconds that PDUs are transmitted Range 10 2147483640 leave Indicates the amount of time in milliseconds that the device waits before leaving its GARP state The L...

Page 189: ...nected devices If the GARP timers are set differently on the Layer 2 connected devices GARP application will not operate successfully Example The following example sets the leave timer for port g8 to 900 milliseconds gvrp vlan creation forbid The gvrp vlan creation forbid Interface Configuration mode command enables or disables dynamic VLAN creation Use the no form of this command to disable dynam...

Page 190: ...on on the port Use the no form of this command to allow dynamic registering for VLANs on a port Syntax gvrp registration forbid no gvrp registration forbid Default Configuration Dynamic registering and deregistering for each VLAN on the port is allowed Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following...

Page 191: ... Example The following example clears all the GVRP statistics information on port g8 show gvrp configuration The show gvrp configuration User EXEC mode command displays GVRP configuration information including timer values whether GVRP and dynamic VLAN creation is enabled and which ports are running GVRP Syntax show gvrp configuration ethernet interface port channel port channel number interface A...

Page 192: ...valid Ethernet interface port channel number A valid trunk index Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Console show gvrp configuration GVRP Feature is currently enabled on the switch Maximum VLANs 255 Port s GVRP Status Registration Dynamic VLAN Creation Timers milliseconds Join Leav...

Page 193: ...Received sJE Join Empty Sent sJIn Join In Sent sEmp Empty Sent sLIn Leave In Sent sLE Leave Empty Sent sLA Leave All Sent Por t rJE rJIn rEmp rLIn rLE rLA sJE sJI n sEm p sLI n sLE sLA g1 0 0 0 0 0 0 0 0 0 0 0 0 g2 0 0 0 0 0 0 0 0 0 0 0 0 g3 0 0 0 0 0 0 0 0 0 0 0 0 g4 0 0 0 0 0 0 0 0 0 0 0 0 g5 0 0 0 0 0 0 0 0 0 0 0 0 g6 0 0 0 0 0 0 0 0 0 0 0 0 g7 0 0 0 0 0 0 0 0 0 0 0 0 g8 0 0 0 0 0 0 0 0 0 0 0 0...

Page 194: ...194 GVRP Commands 5400_CLI book Page 194 Wednesday December 17 2008 4 33 PM ...

Page 195: ...abled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables IGMP snooping ip igmp snooping Interface The ip igmp snooping Interface Configuration mode command enables Internet Group Management Protocol IGMP snooping on a specific VLAN Use the no form of this command to disable IGMP snooping on a VLAN interface Syn...

Page 196: ...c learning of Multicast router ports Syntax ip igmp snooping mrouter learn pim dvmrp no ip igmp snooping mrouter learn pim dvmrp Default Configuration Automatic learning of mrouter ports is enabled Command Mode Interface Configuration VLAN mode User Guidelines Multicast router ports can be configured statically by the bridge multicast forward all command Example The following example enables autom...

Page 197: ...ation VLAN mode User Guidelines The timeout should be at least greater than 2 query_interval max_response_time of the IGMP router Example The following example configures the host timeout to 300 seconds ip igmp snooping mrouter time out The ip igmp snooping mrouter time out Interface Configuration mode command configures the mrouter time out The mrouter time out command is used for setting the agi...

Page 198: ...oup Use the no form of this command to configure the default leave time out Syntax ip igmp snooping leave time out time out immediate leave no ip igmp snooping leave time out time out leave time out in seconds Range 0 2147483647 immediate leave Specifies that the port should be immediately removed from the members list after receiving IGMP Leave Default Configuration The default leave time out con...

Page 199: ...ly if IGMP snooping is enabled for that VLAN No more then one switch can be configured as an IGMP Querier for a VLAN When IGMP Snooping Querier is enabled it starts after host time out 2 with no IGMP traffic detected from a Multicast router The IGMP Snooping Querier disables itself if it detects IGMP traffic from a Multicast router It restarts itself after host time out 2 Following are the IGMP Sn...

Page 200: ...nfiguration mode VLAN User Guidelines If an IP address is not configured by this command and no IP address is configured for the IGMP querier VLAN interface the qurier is disabled Example The following example defines the source IP address to be used by the IGMP Snooping querier show ip igmp snooping mrouter The show ip igmp snooping mrouter User EXEC mode command displays information on dynamical...

Page 201: ...snooping interface User EXEC mode command shows IGMP snooping configuration Syntax show ip igmp snooping interface vlan id vlan_id VLAN ID value Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Console show ip igmp snooping mrouter VLAN Ports 2 g1 5400_CLI book Page 201 Wednesday December 17 20...

Page 202: ...s no default configuration Command Mode User EXEC mode Console show ip igmp snooping interface 1000 IGMP Snooping is globally enabled IGMP Snooping admin Enabled Hosts and routers IGMP version 2 IGMP snooping oper mode Enabled IGMP snooping querier admin Enabled IGMP snooping querier oper Enabled IGMP snooping querier address admin IGMP snooping querier address oper 172 16 1 1 IGMP host timeout is...

Page 203: ...tatic addresses use the show bridge address table command Example The example shows IGMP snooping information Console show ip igmp snooping groups Vlan IP Address Querier Ports 1 224 239 130 2 2 3 Yes g1 g2 19 224 239 130 2 2 8 Yes g9 11 5400_CLI book Page 203 Wednesday December 17 2008 4 33 PM ...

Page 204: ...204 IGMP Snooping Commands 5400_CLI book Page 204 Wednesday December 17 2008 4 33 PM ...

Page 205: ... Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command would delete the host name to address mapping temporarily until the next renew of the IP address Examples The following example deletes all entries from the host name to address mapping ip address The ip address Interface Configuration mode command sets an IP address Use ...

Page 206: ...VLAN 1 with the IP address 131 108 1 27 and subnet mask 255 255 255 0 ip address dhcp The ip address dhcp Interface Configuration mode command acquires an IP address on an interface from the Dynamic Host Configuration Protocol DHCP server Use the no form of this command to deconfigure any acquired address The no ip address dhcp command deconfigures any IP address that was acquired thus sending a D...

Page 207: ... option is included in the DISCOVER message By default the specified DHCP host name is the device globally configured host name However you can use the ip address dhcp hostname host name command to place a different name in the DHCP option 12 field than the globally configured host name of the device The no ip address dhcp command deconfigures any IP address that was acquired thus sending a DHCPRE...

Page 208: ...nterface ethernet interface number vlan vlan id port channel number ethernet interface number Valid port number vlan vlan id VLAN number port channel number Port channel number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example the displays the usability status of in...

Page 209: ...d IP address or IP alias ethernet interface number Ethernet port number vlan vlan id VLAN number port channel number Port channel number Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines The software uses ARP cache entries to translate 32 bit IP addresses into 48 bit hardware addresses Because most hosts support dynamic resolutio...

Page 210: ...che Range 1 40000000 Default Configuration The default timeout is 60000 seconds Command Mode Global Configuration mode User Guidelines It is recommended not to set the timeout value to less than 3600 Example The following example configures ARP timeout to 12000 seconds clear arp cache The clear arp cache Privileged EXEC mode command deletes all dynamic entries from the ARP cache Syntax clear arp c...

Page 211: ...e port channel port channel number Parameters ip address Displays the ARP entry of a specific IP address mac address Displays the ARP entry of a specific MAC address interface Displays the ARP entry of a specific Ethernet port interface port channel number Displays the ARP entry of a specific Port channel number interface Default Configuration This command has no default configuration Command Mode...

Page 212: ...guments or keywords Default Configuration The DNS based host name to address translation is enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example enables the IP Domain Naming System DNS based host name to address translation Console show arp ARP timeout 60000 Seconds Interface IP address HW address status g1 10 7...

Page 213: ...s no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example defines a default domain name of www dell com ip name server The ip name server Global Configuration mode command sets the available name servers Use the no form of this command to remove a name server Syntax ip name server server address se...

Page 214: ...he no form of this command to remove the name to address mapping Syntax ip host name address no ip host name name Name of the host Range 1 158 characters address Associated IP address Default Configuration No host is defined Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example defines a static host name to address mappi...

Page 215: ...nes for this command Examples The following example deletes entries from the host name to address cache show hosts The show hosts User EXEC mode command displays the default domain name a list of name server hosts the static and the cached list of host names and addresses Syntax show hosts name name Name of the host Range 1 158 characters Default Configuration This command has no default configura...

Page 216: ...domain is GM COM Name address lookup is enabled Name servers 176 16 1 18 176 16 1 19 Static host name to address mapping Host Addresses www dell com 176 16 8 8 176 16 8 9 Cache TTL Hours Host Total Elapsed Type Addresses www dell com 72 3 IP 171 64 14 203 5400_CLI book Page 216 Wednesday December 17 2008 4 33 PM ...

Page 217: ...figuration procedure is enabled Command Mode Interface Configuration Ethernet VLAN Port channel mode This command cannot be configured for a range of interfaces range context User Guidelines The ipv6 enable command automatically configures an IPv6 link local unicast address on the interface while also enabling the interface for IPv6 processing The no ipv6 enable command removes the entire IPv6 int...

Page 218: ...gn IP addresses to the interface based on the advertised on link prefixes When disabling address autoconfig automatically generated addresses assigned to the interface are removed The default state of the address autoconfig is enabled To enable an IPv6 interface without address autoconfig use the enable ipv6 no autoconfig command Example The following example enables automatic configuration of IPv...

Page 219: ...wing formula Average Packets Per Second 1 interval bucket size Example The following example configures the rate limit interval to 200ms and bucket size to 20 tokens for IPv6 Internet Control Message Protocol ICMP error messages show ipv6 icmp error interval The show ipv6 error interval command Privileged EXEC mode command displays the IPv6 ICMP error interval setting Syntax show ipv6 icmp error i...

Page 220: ...ash mark must precede the decimal Range 3 128 only 64 when the eui 64 parameter is used eui 64 Specifies to build an interface ID in the low order 64 bits of the IPv6 address based on the interface MAC address anycast Indicates that this address is an anycast address Default Configuration No IP address is defined for the interface Command Mode Interface Configuration Ethernet VLAN Port channel mod...

Page 221: ...channel Cannot be configured for a range of interfaces range context User Guidelines Using the no ipv6 link local address command removes the manually configured link local IPv6 address from an interface Multiple IPv6 addresses can be configured per interface but only one link local address When the no ipv6 link local address command is used the interface is reconfigured with the standard link loc...

Page 222: ...ed to one of the interface s IP address with TCP UDP port not assigned is received and ICMP unreachable messages is enabled the device sends an ICMP unreachable message To disable sending ICMP unreachable messages on the interface use the no ipv6 unreachables command Example The following example enables the generation of Internet Control Message Protocol for IPv6 ICMPv6 unreachable messages for a...

Page 223: ...0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example g1 Configuring a new default GW without deleting the previous configured information overwrites the previous configuration A configured default GW has a higher precedence over automatically advertised via router advertisement message If the egress interface is not specified the default interface will be selected Specifying i...

Page 224: ...t process in the device Example The following example configures MLD reporting for specific groups ipv6 mld version The ipv6 mld version interface configuration command changes the Multicast Listener Discovery Protocol MLD version To change to the default version use the no form of this command Syntax ipv6 mld version 1 2 no ipv6 mld version 1 Specifies MLD version 1 2 Specifies MLD version 2 Defa...

Page 225: ...umber Port channel number Default Configuration Displays all IPv6 interfaces Command Mode Privileged EXEC mode User Guidelines To display IPv6 neighbor discovery cache information use the show ipv6 neighbors command in the privileged EXEC mode Examples The following examples displays the usability status of interfaces configured for IPv6 Console config if ipv6 mld version 1 Console show ipv6 inter...

Page 226: ...02 1 ff00 0 manual VLAN 1 ff02 1 ff00 1 manual VLAN 1 ff02 1 ff00 55 manual Default Gateway IP address Type Interface State fe80 77 Static VLAN 1 unreachable fe80 200 cff fe4a dfa8 Dynamic VLAN 1 stale Console show ipv6 interface vlan 15 IPv6 is disabled Console show ipv6 interface vlan 1 Number of ND DAD attempts 1 MTU size 1500 Stateless Address Autoconfiguration state enabled ICMP unreachable m...

Page 227: ...etting Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command IP addresses Type DAD State 2002 1 1 1 200 b0ff fe00 other Active 3001 1 64 manual Active 4004 55 64 ANY manual Active fe80 200 b0ff fe00 0 linklayer Active ff02 1 linklayer Active ff02 77 manual ff02 1 ff00 0 manual ff02 1 ff00 1 manual ff02 1 ff00 55 manual 5400_CLI book Page 227 Wednesday Dece...

Page 228: ... 1 configures a single transmission without follow up transmissions Range 0 600 Default Configuration Duplicate address detection on unicast IPv6 addresses with the sending of one 1 neighbor solicitation message is enabled Command Mode Interface configuration Ethernet VLAN Port channel Cannot be configured for a range of interfaces range context Console show ipv6 route Codes L Local S Static I ICM...

Page 229: ...e processing of IPv6 packets is disabled on the interface and an error message is displayed All configuration commands associated with the duplicate address remain as configured while the state of the address is set to DUPLICATE If the link local address for an interface changes duplicate address detection is performed on the new link local address and all of the other IPv6 address associated with...

Page 230: ...ed Command Mode Global Configuration mode User Guidelines The IPv6Z address format ipv6 link local address interface name interface name vlan integer ch integer isatap integer physical port name 0 integer decimal number integer decimal number decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example g1 Example The following example defines a static host name to addre...

Page 231: ...ommand is similar to the arp global command If an entry for the specified IPv6 address already exists in the neighbor discovery cache learned through the IPv6 neighbor discovery process the entry is automatically converted to a static entry Use the show ipv6 neighbors command to view static entries in the IPv6 neighbor discovery cache Example The following example configures a static entry in the ...

Page 232: ...The following example sets the Maximum Transmission Unit MTU size of IPv6 packets sent on an interface to 1700 show ipv6 neighbors The show ipv6 neighbors Privileged EXEC mode command displays IPv6 neighbor discovery cache information Syntax show ipv6 neighbors static dynamic ipv6 address ipv6 address mac address mac address static Display static neighbor discovery cash entries dynamic Display dyn...

Page 233: ...e last positive confirmation was received that the forward path was functioning properly While stale no action takes place until a packet is sent DELAY More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly and a packet was sent within the last DELAY_FIRST_PROBE_TIME seconds If no reachability confirmation ...

Page 234: ...es Syntax clear ipv6 neighbors Default Configuration This command has no default setting Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example deletes all entries in the IPv6 neighbor discovery cache except static entries Console clear ipv6 neighbors 5400_CLI book Page 234 Wednesday December 17 2008 4 33 PM ...

Page 235: ...elines Until iSCSI VLAN is configured by using iscsi vlan command the switch will not assign any specific VLAN to iSCSI flows When User uses the no iscsi enable command iSCSI resources TCAM should be released Example The following example enable iSCSI awareness iscsi target port The iscsi target port Global Configuration mode command configures iTCP port s iSCSI targets addresses and names Use the...

Page 236: ...de User Guidelines When working with private iSCSI ports not IANA assigned iSCSI ports 3260 860 it is recommended to specify the target IP address as well so the switch will only snoop frames with which the TCP destination port is one of the configured TCP ports AND their destination IP is the target s IP address This way the CPU is not be falsely loaded by non iSCSI flows if by chance other appli...

Page 237: ...evant VPT to queue DSCP to queue table in order to complete the setting Setting the VPT DSCP sets the QoS profile which determines the egress queue to which the frame is mapped The switch default setting for egress queues scheduling is strict priority The downside of strict priority is that in certain circumstances under heavy high priority traffic other lower priority traffic may get starved In W...

Page 238: ...reased Time for aging out current sessions is recalculated and increased only by the difference When aging time is decreased Time for aging out current sessions will be decreased by the difference If after re calculation it is deemed that the session silence time is already greater than the new aging time the session will be immediately declared as aged out Example The following example sets aging...

Page 239: ...re than the Max Connections default 256 connections exist in Network the connectons still receive their QoS profile but only the Max Connections number will be displayed Example The following example sets the maximum number of iSCSI connections to 100 show iscsi The show iscsi Privileged EXEC mode command displays the iSCSI settings Syntax show iscsi Default Configuration This command has no defau...

Page 240: ...lt Configuration If not specified sessions are displayed in short mode not detailed Command Mode Privileged EXEC mode Console show iscsi iSCSI enabled iSCSI vpt is 5 remark Session aging time 60 min Maximum number of connections is 256 iSCSI targets and TCP ports TCP Port Target IP Address Name 860 3260 5000 30001 172 16 1 1 iqn 1993 11 com disk vendor diskarrays sn 45678 tape sys1 xyz 30033 172 1...

Page 241: ...inaccuracy is Example The following example displays the iSCSI sessions Console show iscsi sessions Target iqn 1993 11 com disk vendor diskarrays sn 45678 Initiator iqn 1992 04 com os vendor plan9 cdrom 12 ISID 11 Initiator iqn 1995 05 com os vendor plan9 cdrom 10 ISID 222 Target iqn 103 1 com storage vendor sn 43338 storage tape sys1 xyz Session 3 Initiator iqn 1992 04 com os vendor plan9 cdrom 1...

Page 242: ... 16 1 3 49154 172 16 1 20 30001 172 16 1 4 49155 172 16 1 21 30001 172 16 1 5 49156 172 16 1 22 30001 Session 2 Initiator iqn 1995 05 com os vendor plan9 cdrom 10 Time started 23 Jul 2002 21 04 50 Time for aging out 2 min ISID 22 Initiator IP address Initiator TCP port Target IP address Target IP port 172 16 1 30 49200 172 16 1 20 30001 172 16 1 30 49201 172 16 1 21 30001 5400_CLI book Page 242 We...

Page 243: ... Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the system priority to 120 lacp port priority The lacp port priority Interface Configuration mode command configures the priority value for physical ports Use the no form of this command to reset to default priority value Syntax lacp port priority value no ...

Page 244: ...inistrative LACP timeout Syntax lacp timeout long short no lacp timeout long Specifies a long timeout value short Specifies a short timeout value Default Configuration The default port timeout value is long Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example assigns an administrative LACP timeout for port g8...

Page 245: ... no user guidelines for this command Example The following example shows how to display LACP statistics information show lacp port channel The show lacp port channel Privileged EXEC mode command displays LACP information for a port channel Syntax show lacp port channel port_channel_number port_channel_number The port channel number Default Configuration This command has no default configuration Co...

Page 246: ... example shows how to display LACP port channel information Console show lacp port channel 1 Port Channel 1 Port Type 1000 Ethernet Actor System Priority 1 MAC Address 00 02 85 0E 1C 00 Admin Key 29 Oper Key 29 Partner System Priority 0 MAC Address 00 00 00 00 00 00 Oper Key 14 5400_CLI book Page 246 Wednesday December 17 2008 4 33 PM ...

Page 247: ...al for secured remote console access SSH Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example configures the device as a virtual terminal for remote console access speed The speed Line Configuration mode command sets the line baud rate Console config line t...

Page 248: ...ples The following example sets the baud rate to 9600 autobaud The autobaud Line Configuration mode command sets the line for automatic baud rate detection autobaud Use the no form of this command to disable automatic baud rate detection Syntax autobaud no autobaud Default Configuration Autobaud disabled Command Mode Line Configuration console mode User Guidelines To start communications using aut...

Page 249: ...cifies the number of minutes Range 0 65535 seconds Additional time intervals in seconds Range 0 59 Default Configuration The default configuration is 10 minutes Command Mode Line Configuration mode User Guidelines To specify no timeout enter the exec timeout 0 0 command Examples The following example configures the interval that the system waits until user input is detected to 20 minutes Console c...

Page 250: ...er Guidelines There are no user guidelines for this command Examples The following example displays the Line Configuration terminal history The terminal history EXEC mode command enables the command history function for the current terminal session Use the no form of this command to disable the command history function Syntax terminal history no terminal history Default Configuration This command ...

Page 251: ...session Use the no form of this command to reset the command history buffer size to the default Syntax terminal history size number of commands no terminal history size Default Configuration The default is determined by the history size Line Configuration command Command Mode User EXEC mode User Guidelines The maximum for the sum of all buffers is 256 Examples The following example configures the ...

Page 252: ...252 Line Commands 5400_CLI book Page 252 Wednesday December 17 2008 4 33 PM ...

Page 253: ...nabled Command Mode Global Configuration mode User Guidlines There are no guidelines for this command Example The following example enables Link Layer Discovery Protocol LLDP lldp enable interface The lldp enable Interface Configuration mode command enables Link Layer Discovery Protocol LLDP on an interface Use the no form of this command to disable LLDP on an interface console config lldp enable ...

Page 254: ...a port I e LLDP frames are sent and received on blocked ports If a port is controlled by 802 1X LLDP operates only if the port is authorized Examples The following example enables Link Layer Discovery Protocol LLDP on an interface g5 lldp timer The lldp timer command Global Configuration mode command specifies how often the system sends Link Layer Discovery Protocol LLDP updates Use the no form of...

Page 255: ...ommand to revert to the default setting Syntax lldp hold multiplier number no lldp hold multiplier number Specifies the hold time to be sent in the LLDP update packets as a multiple of the timer value Range 2 10 Default Configuraiton The default configuration is 4 Command Modes Global ConfigurationConfiguration mode User Guidelines The actual time to live value used in LLDP frames can be expressed...

Page 256: ...l wait before reinitializing LLDP transmissions Range 1 10 seconds Default Configuraiton 2 seconds Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example pecifies the minimum time an LLDP port will wait before reinitializing LLDP transmissions to 5 seconds lldp tx delay The lldp tx delay Global Configuration mode command...

Page 257: ...uccessive LLDP frame transmissions initiated by value status changes in the LLDP local systems MIB to 10 seconds lldp optional tlv The lldp optional tlv Interface Configuration mode command specifies which optional TLVs from the basic set should be transmitted Use the no form of this command to revert to the default setting Syntax lldp optional tlv tlv1 tlv2 tlv5 no lldp optional tlv tlv Specifies...

Page 258: ...ement address ip address no management address ip address Specifies the management address to advertise Default Configuration No IP address is advertised Command Modes Interface Configuration Ethernet mode User Guidelines Each port can advertise one IP address Only static IP addresses can be advertised Example The following example specifies management address that would be advertised from an inte...

Page 259: ...MED is enabled Default Configuration LLDP is disabled Command Modes Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example enables Link Layer Discovery Protocol LLDP Media Endpoint Discovery MED on an interface as network policy lldp med network policy global The lldp med network policy Global Configuration mode command def...

Page 260: ...er Priority Layer 2 priority to be used for the specified application dscp value DSCP value to be used for the specified application Default Configuration No Network policy is defined Command Modes Global Configuration mode User Guidelines Use the lldp med network policy Interface Configuration command to attach a network policy to a port Up to 32 network policies can be defined lldp med network p...

Page 261: ...n data no lldp med location ecs elin coordinate The location is specified as coordinates civic address The location is specified as civic address ecs elin The location is specified as ECS ELIN data The data format is as defined in ANSI TIA 1057 Specifies the location as dotted hexadecimal data Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a peri...

Page 262: ...mmand Example The folowing example restarts the LLDP RX state machine and clears the neighbors table show lldp configuration The show lldp configuration privileged EXEC mode command displays the Link Layer Discovery Protocol LLDP configuration Syntax show lldp configuration ethernet interface Interface Ethernet port Command Modes Privileged EXEC mode User Guidelines There are no user guidelines fo...

Page 263: ... from a specific port Syntax show lldp local ethernet interface interface Ethernet interface Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show lldp configuration LLDP state Enabled Timer 30 Seconds Hold multiplier 4 Reinit delay 2 Seconds Tx delay 2 Seconds Port State Optional TLVs Addres g1 Rx and Tx g2 Rx and Tx g3 Rx and Tx 5400_CLI bo...

Page 264: ...tus Enabled Auto negotiation Advertised Capabilities 100BASE TX full duplex 1000BASE T full duplex Operational MAU type 1000BaseTFD LLDP MED capabilities Network Policy Location Identification LLDP MED Device type Network Connectivity LLDP MED Network policy Application type Voice Flags Tagged VLAN VLAN ID 2 Layer 2 priority 0 DSCP 0 LLDP MED Power over Ethernet Device Type Power Sourcing Entity P...

Page 265: ...es Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information about neighboring devices discovered using Link Layer Discovery Protocol LLDP Console show lldp neighbors Port Device ID Port ID System Name Capabilities g1 0060 704C 73FE 1 ts 7800 2 B g1 0060 704C 73FD 1 ts 7800 2 B g2 0060 704C 73FC 9 ts 7900 1 B R g3 0060 704...

Page 266: ...guration ethernet interface interface Ethernet port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no guidelines for this command LLDP MED Inventory Hardware revision 2 1 Firmware revision 2 3 Software revision 2 7 1 Serial number LM759846587 Manufacturer name VP Model name TR12 Asset ID 9 5400_CLI book Page 266 Wednesday...

Page 267: ...uration Network policy 1 Application type Voice VLAN ID 2 tagged Layer 2 priority 0 DSCP 0 Port Capabilities Network Policy Location PoE g1 Yes Yes 1 Yes Yes g2 Yes Yes 1 Yes Yes g3 Yes No No Yes Switch show lldp med configuration ethernet g1 Port Capabilities Network Policy Location PoE g1 Yes Yes 1 Yes Yes 5400_CLI book Page 267 Wednesday December 17 2008 4 33 PM ...

Page 268: ...268 LLDP Commands 5400_CLI book Page 268 Wednesday December 17 2008 4 33 PM ...

Page 269: ...mode User Guidelines This command enters the Access List Configuration mode where the denied or permitted access conditions with the deny and permit commands must be defined If no match criteria are defined the default is deny If reentering to an Access List context the new rules are entered at the end of the Access List Use the management access class command to select the active Access List The ...

Page 270: ...faces ethernet g1 and ethernet g9 and make the Access List the active list Console config management access list mlist Console config macl permit ethernet g1 Console config macl permit ethernet g9 Console config macl exit Console config management access class mlist Console config management access list mlist Console config macl deny ethernet g1 Console config macl deny ethernet g9 Console config ...

Page 271: ...evant only to IPv4 addresses Range Valid subnet mask mask prefix length Specifies the number of bits that comprise the source IPv4 address prefix The prefix length must be preceded by a forward slash The parameter is relevant only to IPv4 addresses Range 0 32 service service Indicates service type Can be one of the following telnet ssh http https or snmp Default Configuration If no permit statemen...

Page 272: ... is relevant only to IPv4 addresses Range Valid subnet mask mask prefix length Specifies the number of bits that comprise the source IPv4 address prefix The prefix length must be preceded by a forward slash The parameter is relevant only to IPv4 addresses Range 0 32 service service Indicates service type Can be one of the following telnet ssh http https or snmp Default Configuration This command h...

Page 273: ... default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures an Access List called mlist as the management Access List show management access list The show management access list Privileged EXEC mode command displays management access lists Syntax show management access list name name Name of th...

Page 274: ... class Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the management Access List information Console show management access list mlist permit ethernet g1 permit ethernet g9 Note all other access implicitly denied Console show management access clas...

Page 275: ...mand Mode Privileged EXEC mode User Guidelines The port under test should be conducted when the fiber link is down NOTE The maximum distance VCT can function is 120 meters Examples The following example results in a report on the cable attached to port g3 show copper ports tdr The show copper ports tdr Privileged EXEC mode command display the last TDR Time Domain Reflectometry tests on specified p...

Page 276: ...copper ports cable length Privileged EXEC mode command displays the estimated copper cable length attached to a port Syntax show copper ports cable length interface interface A valid Ethernet port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Console show copper ports tdr Port Result Length meters Date g1 OK g2 Short 50 13 32 00 23 July 2003 g3 T...

Page 277: ...ver diagnostics Syntax show fiber ports optical transceiver interface detailed interface A valid Ethernet port detailed Detailed diagnostics Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines To test optical transceivers ensure a fiber link is up The test is only supported on Dell supported SFP modules Console show copper ports cable l...

Page 278: ...rrent Power Output Power Input Power LOS g3 Copper g21 W OK E OK OK OK g22 OK OK OK OK OK OK Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power Input Power Measured RX received power LOS Loss of signal 5400_CLI book Page 278 Wednesday December 17 2008 4 33 PM ...

Page 279: ...ent mA Output Power mWatt Input Power mWatt LOS g23 70 7 27 0 79 3 30 2 50 No g21 70 7 24 0 78 2 20 2 49 No Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power Input Power Measured RX received power LOS Loss of signal 5400_CLI book Page 279 Wednesday December 17 2008 4 33 PM ...

Page 280: ...280 PHY Diagnostics Commands 5400_CLI book Page 280 Wednesday December 17 2008 4 33 PM ...

Page 281: ... to 8 member ports per port channel Turning off auto negotiation of an aggregate link may under some circumstances make it non operational If the other side has auto negotiation turned on it may re synchronize all members of the aggregated link to half duplex operation and may as per the standards set them all to inactive Example The following example enters the context of port channel number 1 in...

Page 282: ...n of the command on other interfaces Example The following example shows how port channels 1 2 and 8 are grouped to receive the same command channel group The channel group Interface Configuration mode command associates a port with a port channel Use the no form of this command to remove a port from a port channel Syntax channel group port channel number mode on auto no channel group port channel...

Page 283: ...yer 2 3 no port channel load balance layer 2 Port channel load balancing is based on layer 2 parameters layer 3 Port channel load balancing is based on layer 3 parameters layer 2 3 Port channel load balancing is based on layer 2 and layer 3 parameters Default Configuration Layer 2 Command Modes Global Configuration mode User Guidelines In L2 L3 load balancing policy fragmented packets might be reo...

Page 284: ...isplay Range Valid port channel Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows how all port channel information is displayed Console show interfaces port channel Load balancing Layer2 and Layer 3 Channel Ports 1 Active 1 2 2 Active 2 7 3 Active 3 8 5...

Page 285: ... no option specified monitors both rx and tx tx Monitors transmitted packets only If no option specified monitors both rx and tx Default Configuration The default is both rx and tx Command Mode Interface Configuration mode User Guidelines This command enables traffic on one port to be copied to another port or between the source port src interface and a destination port the port being configured O...

Page 286: ...nge ethernet command NOTE The Port Mirroring target must be a member of the Ingress VLAN of all Mirroring source ports Therefore Multicast and Broadcast frames in these VLANs are seen more than once Actually N where N equals four When both transmit Tx and receive Rx directions of more than one port are monitored the capacity may exceed the bandwidth of the target port In this case the division of ...

Page 287: ... for this command Example The following example shows how the port copy status is displayed Console show ports monitor Source Port Destination Port Type Status g1 g8 RX TX Active g2 g8 RX TX Active g18 g8 Rx Active 5400_CLI book Page 287 Wednesday December 17 2008 4 33 PM ...

Page 288: ...288 Port Monitor Commands 5400_CLI book Page 288 Wednesday December 17 2008 4 33 PM ...

Page 289: ...his command Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example shows how QoS is enabled on the device in basic mode show qos The show qos User EXEC mode command displays the quality of service QoS mode for the entire device Syntax show qos This command has no arguments or keywords Default Configuration This command has...

Page 290: ... id cos1 cos8 no wrr queue cos map queue id queue id The queue number to which the following CoS values are mapped cos1 cos8 Map to specific queues up to eight CoS values from 0 to 7 Default Configuration The map default values for 8 queues Cos0 is mapped to queue 3 Cos1 is mapped to queue 1 Cos2 is mapped to queue 2 Cos3 is mapped to queue 4 Cos4 is mapped to queue 5 Cos5 is mapped to queue 6 Cos...

Page 291: ...t queues Separate each value by spaces Range 0 254 Default Configuration The default WRR weight ratio is 1 2 8 16 32 64 128 255 Command Mode Interface Configuration Ethernet port channel mode User Guidelines The ratio for each queue is defined by the queue weight divided by the sum of all queue weights i e the normalized weight This actually sets the bandwidth allocation of each queue A weight of ...

Page 292: ...l queues are expedite queues Command Mode Global Configuration mode User Guidelines When configuring the priority queue out num of queues command the weighted round robin WRR weight ratios are affected because there are fewer queues participating in WRR Queue 8 is taken as the highest index queue Queue 7 is taken as the next highest queue If four queues are selected then queues 8 7 6 and 5 are use...

Page 293: ...BS in bytes Range for GE ports is 4KB 16MB Default Configuration The default configuration is disabled Command Mode Interface Configuration Ethernet Port Channel mode User Guidelines There are no user guidelines for this command Example The following example sets the shaper on Ethernet port 1 g15 to 64kpbs committed rate rate limit Ethernet The rate limit Interface Configuration Ethernet mode comm...

Page 294: ...imits the rate of the incoming traffic on Ethernet port 1 g15 to 1000kpbs show qos interface The show qos interface User EXEC mode command displays interface QoS data Syntax show qos interface queuing shapers rate limit ethernet interface number port channel number queuing Displays the queue s strategy WRR or EF and the weight for WRR queues and the CoS to queue map and the EF priority shapers Dis...

Page 295: ...o the interface are displayed If a specific interface is not specified the information for all interfaces is displayed Examples The following example displays output from the show qos interface g1 queuing command Console show qos interface ethernet g1 queuing Ethernet g1 wrr bandwidth weights and EF priority qid weights Ef Priority 1 125 dis N A 2 125 dis N A 3 125 dis N A 4 125 dis N A Cos queue ...

Page 296: ...ion mode User Guidelines Queue settings for 3 11 19 cannot be modified Example The following example maps DSCP values 33 40 and 41 to queue 1 qos trust Global The qos trust Global Configuration mode command can be used to configure the system to trust state Use the no form of this command to return to the default state Syntax qos trust cos dscp no qos trust cos Classifies ingress packets with the ...

Page 297: ...e packet to use to classify traffic To return to the untrusted state use the no qos command to apply best effort service Example The following example configures the system to DSCP trust state qos trust Interface The qos trust Interface Configuration mode command enables each port trust state Use the no form of this command to disable the trust state on each port Syntax qos trust no qos trust Defa...

Page 298: ...S value Range 0 7 Default Configuration Port CoS is 0 Command Mode Interface Configuration Ethernet port channel mode User Guidelines You can use the default value to assign a CoS value to all untagged packets entering the port Example The following example configures port g5 default CoS value to 3 show qos map The show qos map User EXEC mode command displays all the QoS maps CHECK WITH MARY Synta...

Page 299: ...s the fields used above D1 x 10 D2 Value of DSCP console show qos map Dscp queue map d1 d2 0 1 2 3 4 5 6 7 8 9 0 01 01 01 01 01 01 01 01 01 01 1 01 01 01 01 01 01 02 02 02 02 2 02 02 02 02 02 02 02 02 02 02 3 02 02 03 03 03 03 03 03 03 03 4 03 03 03 03 03 03 03 03 04 04 5 04 04 04 04 04 04 04 04 04 04 6 04 04 04 04 Column Description D1 Decimal Bit 1 of DSCP D2 Decimal Bit 2 of DSCP 01 04 Queue nu...

Page 300: ...300 QoS Commands 5400_CLI book Page 300 Wednesday December 17 2008 4 33 PM ...

Page 301: ...sed Range 1 30 retransmit Specifies the re transmit value If no re transmit value is specified the global value is used Range 1 10 deadtime Length of time in minutes for which a RADIUS server is skipped over by transaction requests Range 0 2000 key Specifies the authentication and encryption key for all RADIUS communications between the device and the RADIUS server This key must match the encrypti...

Page 302: ...eout period 20 seconds radius server key The radius server key Global Configuration mode command sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon Use the no form of this command to reset to the default Syntax radius server key key string no radius server key key string Specifies the authentication and encryption key for all RADIUS co...

Page 303: ...sts Use the no form of this command to reset the default configuration Syntax radius server retransmit retries no radius server retransmit retries Specifies the retransmit value Range 1 10 Default Configuration The default is 3 attempts Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the number of times t...

Page 304: ...es for this command Example The following example configures the source IP address used for communication with RADIUS servers to 10 1 1 1 radius server source ipv6 The radius server source ipv6 Global Configuration mode command specifies the source IPv6 address used for the IPv6 communication with RADIUS servers Use the no form of this command to return to the default Syntax radius server source i...

Page 305: ...s command to restore the default Syntax radius server timeout timeout no radius server timeout timeout Specifies the timeout value in seconds Range 1 30 Default Configuration The default value is 3 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the interval for which a device waits for a server host to...

Page 306: ...n requests Range 0 2000 Default Configuration The default dead time is 0 minutes Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets a dead time where a RADIUS server is skipped over by transaction requests for this period to 10 minutes show radius servers The show radius servers User EXEC mode command displays the...

Page 307: ...erver settings Console show radius servers IP address Port Auth Time Out Retransmit Dead time Source IP Priority Usage 172 16 1 1 1645 Global Global Global Global 1 All 172 16 1 2 1645 11 8 Global Global 2 All Global values TimeOut 3 Retransmit 3 Deadtime 0 Source IP 172 16 8 1 5400_CLI book Page 307 Wednesday December 17 2008 4 33 PM ...

Page 308: ...308 Radius Commands 5400_CLI book Page 308 Wednesday December 17 2008 4 33 PM ...

Page 309: ...t channel port channel number interface Valid Ethernet port port channel number Valid port channel trunk index Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines The following RMON Groups are supported Ethernet Statistics Group1 History Group 2 Alarms Group 3 and Events Group 4 5400_CLI book Page 309 Wednesday December 17 2008 4 33 PM ...

Page 310: ...s received on the network excluding framing bits but including FCS octets Packets The total number of packets including bad packets Broadcast packets and Multicast packets received Broadcast The total number of good packets received and directed to the Broadcast address This does not include Multicast packets Multicast The total number of good packets received and directed to a Multicast address T...

Page 311: ...ate of the total number of collisions on this Ethernet segment 64 Octets The total number of packets including bad packets received and transmitted that are 64 octets in length excluding framing bits but including FCS octets 65 to 127 Octets The total number of packets including bad packets received that are between 65 and 127 octets in length inclusive excluding framing bits but including FCS oct...

Page 312: ...de Interface Configuration Ethernet port channel mode User Guidelines This command cannot be executed on multiple ports using the interface range ethernet command Example The following example enables a Remote Monitoring RMON MIB history statistics group on port g8 with the index number 1 and a polling interval period of 2400 seconds show rmon collection history The show rmon collection history Us...

Page 313: ...on history Index Interface Interval Requested Samples Granted Samples Owner 1 1 1000 50 50 CLI Field Description Index An index that uniquely identifies the entry Interface The sampled Ethernet interface Interval The interval in seconds between samples Requested Samples The requested number of samples to be saved Granted Samples The granted number of samples to be saved Owner The entity that confi...

Page 314: ...4294967295 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays RMON Ethernet Statistics history for throughput on index number 5 Console show rmon history 5 throughput Sample Set 1 Owner CLI Interface g1 Interval 1800 Requested samples 50 Granted samples 50 ...

Page 315: ...1 Interval 1800 Requested samples 50 Granted samples 50 Maximum table size 500 Time CRC Align Undersize Oversize Fragments Jabbers Jan 18 2002 21 57 00 1 1 49 0 0 Jan 18 2002 21 57 30 1 1 27 0 0 Console show rmon history 5 other Sample Set 1 Owner CLI Interface g1 Interval 1800 Requested samples 50 Granted samples 50 Maximum table size 500 Time Dropped Collisions Jan 18 2002 21 57 00 3 0 Jan 18 20...

Page 316: ... octets long excluding framing bits but including FCS octets and were otherwise well formed Oversize The number of packets received during this sampling interval that were longer than 1518 octets excluding framing bits but including FCS octets but were otherwise well formed Fragments The total number of packets received during this sampling interval that were less than 64 octets in length excludin...

Page 317: ...olute the value of the selected variable is compared directly with the thresholds at the end of the sampling interval If the method is delta the selected variable value at the last sample is subtracted from the current value and the difference compared with the thresholds startup direction The alarm that may be sent when this entry is first set to valid If the first sample after this entry becomes...

Page 318: ... Rising threshold event index 10 Falling threshold event index 20 show rmon alarm table The show rmon alarm table User EXEC mode command displays the alarms summary table Syntax show rmon alarm table Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Console config rmon alarm 1000 dell 360000 100...

Page 319: ...ge 1 65535 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Console show rmon alarm table Index OID Owner 1 1 3 6 1 2 1 2 2 1 10 1 CLI 2 1 3 6 1 2 1 2 2 1 10 1 Manager 3 1 3 6 1 2 1 2 2 1 10 9 CLI Field Description Index An index that uniquely identifies the entry OID Monitored variable OID Own...

Page 320: ... the samples at the beginning and end of the period If the sample type is absolute this value is the sampled value at the end of the period Alarm Alarm index Owner The entity that configured this entry Interval The interval in seconds over which the data is sampled and compared with the rising and falling thresholds Sample Type The method of sampling the variable and calculating the value compared...

Page 321: ...and has no default configuration Command Mode Global Configuration mode Startup Alarm The alarm that may be sent when this entry is first set If the first sample is greater than or equal to the rising threshold and startup alarm is equal to rising or rising and falling then a single rising alarm is generated If the first sample is less than or equal to the falling threshold and startup alarm is eq...

Page 322: ...lt Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the RMON event table Console config rmon event 10 log Console show rmon events Index Description Type Community Owner Last time sent 1 Errors Log CLI Jan 18 2002 23 58 17 2 High Broadcast Log Trap device Manager ...

Page 323: ... the event Description A comment describing this event Type The type of notification that the device generates about this event Can have the following values none log trap log trap In the case of log an entry is made in the log table for each event In the case of trap an SNMP trap is sent to one or more management stations Community If an SNMP trap is to be sent it is sent to the SNMP community sp...

Page 324: ... 1 Errors Jan 18 2002 23 58 17 2 High Broadcast Jan 18 2002 23 59 48 Console show rmon log Maximum table size 500 800 after reset Event Description Time 1 Errors Jan 18 2002 23 48 19 1 Errors Jan 18 2002 23 58 17 2 High Broadcast Jan 18 2002 23 59 48 Field Description Event An index that uniquely identifies the event Description A comment describing this event Time The time this entry created 5400...

Page 325: ...imum number of history table entries Range 20 32767 log entries Maximum number of log table entries Range 20 32767 Default Configuration History table size is 270 Log table size is 200 Command Mode Global Configuration mode User Guidelines The configured table size is effective after the device is rebooted Example The following example configures the maximum RMON history table sizes to 1000 entrie...

Page 326: ...326 RMON Commands 5400_CLI book Page 326 Wednesday December 17 2008 4 33 PM ...

Page 327: ...ecifies SNMP administrator access view view name Name of a previously defined view The view defines the objects available to the community It s not relevant for su which has an access to the whole MIB If unspecified all the objects except of the community table and SNMPv3 user and access tables are available Range 1 30 characters ipv4 address Management station IPv4 address Default is all IP addre...

Page 328: ...up the community access string public to permit administrative access to SNMP protocol at an administrative station with the IP address 192 168 1 20 snmp server view The snmp server view Global Configuration mode command creates or updates a view entry Use the no form of this command to remove the specified Simple Network Management Protocol SNMP server view entry Syntax snmp server view view name...

Page 329: ...P server filter entry Syntax snmp server filter filter name oid tree included excluded no snmp server filter filter name oid tree filter name Label for the filter record that you are updating or creating The name is used to reference the record Range Up to 30 characters oid tree Object identifier of the ASN 1 subtree to be included or excluded from the view To identify the subtree specify a text s...

Page 330: ...m contact information use the no form of the command Syntax snmp server contact text no snmp server contact text Character string up to 160 characters describing the system contact information Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Do not include spaces in the text string Example The following example displays setting ...

Page 331: ...figuration mode User Guidelines Do not include spaces in the text string Example The following example sets the device location as New_York snmp server enable traps The snmp server enable traps Global Configuration mode command enables the switch to send SNMP traps To disable SNMP traps use the no form of the command Syntax snmp server enable traps no snmp server enable traps Default Configuration...

Page 332: ...ication Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example displays the command to enable authentication failed SNMP traps snmp server host The snmp server host Global Configuration mode command specifies the recipient of Simple Network Management Protoco...

Page 333: ...SNMPv2 traps will be used Default udp port port UDP port of the host to use The default is 162 Range 1 65535 filter filtername A string that is the name of the filter that define the filter for this host If unspecified does not filter anything Range Up to 30 characters timeout seconds Number of seconds to wait for an acknowledgment before resending informs The default is 15 seconds Range 1 300 ret...

Page 334: ...set Global Configuration mode command sets SNMP MIB value by the CLI Syntax snmp server set variable name name1 value1 name2 value2 variable name MIB variable name name value List of name and value pairs In case of scalar MIBs there is only a single pair of name values In case of entry in a table the first pairs are the indexes followed by one or more fields Default Configuration This command has ...

Page 335: ...o SNMP Version 3 security model auth Specifies authentication of a packet without encrypting it Applicable only to SNMP Version 3 security model priv Specifies authentication of a packet with encryption Applicable only to SNMP Version 3 security model read readview A string that is the name of the view that enables you only to view the contents of the agent If unspecified all the objects except of...

Page 336: ...nects to the agent Range Up to 30 characters groupname The name of the group to which the user belongs Range Up to 30 characters remote engineid string Specifies the engine ID of remote SNMP entity to which the user belongs The engine ID is concatenated hexadecimal string Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or colon Range 5 32...

Page 337: ...Each byte can be separated by a period or colon Range 20 36 characters Default Configuration No group entry exists Command Mode Global Configuration mode User Guidelines If auth md5 or auth sha is specified both authentication and privacy are enabled for the user When you enter a show running config command you will not see a line for this user To see if this user has been added to the configurati...

Page 338: ...nt to this host informs Indicates that SNMP informs are sent to this host noauth Indicates no authentication of a packet auth Indicates authentication of a packet without encrypting it priv Indicates authentication of a packet with encryption port Specifies the UDP port of the host to use If unspecified the default UDP port number is 162 Range 1 65535 filtername Specifies a string that defines the...

Page 339: ...erface is not specified the default interface is selected Specifying interface zone 0 is the same as not defining an egress interface Example The following example configures an SNMPv3 host snmp server engineID local The snmp server engineID local Global Configuration mode command specifies the Simple Network Management Protocol SNMP engineID on the local device Use the no form of this command to ...

Page 340: ...he value For example to configure an engine ID of 123400000000000000000000 you can specify snmp server engineID local 1234 Since the engine ID should be unique within an administrative domain the following is recommended For a standalone device use the default keyword to configure the engine ID For a stackable system configure the engine ID and verify its uniqueness Changing the value of the engin...

Page 341: ...ault configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the SNMP engine ID show snmp The show snmp Privileged EXEC mode command displays the SNMP status Syntax show snmp Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Console config snmp server engineI...

Page 342: ...ame The name of the view Range Up to 30 characters Default Configuration There is no default configuration for this command console sh snmp Traps are enabled Authentication trap is enabled Version 1 2 notifications Target Address Type Community Version UDP Port Filter name TO sec Retries Version 3 notifications Target Address Type Username Security Level UDP Port Filter name TO sec Retries System ...

Page 343: ... command displays the configuration of groups Syntax show snmp groups groupname groupnam The name of the group Default Configuration There is no default configuration for this command Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show snmp views Name OID Tree Type user view 1 3 6 1 2 1 1 Included user view 1 3 6 1 2 1 1 7 Excluded user vie...

Page 344: ...ilters filtername filternam The name of the view Range Up to 30 character Console show snmp groups Name Security Views Model Level Context Read Write Notify user group V3 priv Default managers group V3 priv Default Default managers group V3 priv Default Console show snmp groups user group Name user group Security Model V3 Security Level priv Security Context Read View Default Write View Notify Vie...

Page 345: ...nfiguration of groups use the show snmp users Privileged EXEC command Syntax show snmp users username usernam The name of the user Range Up to 30 character Default Configuration There is no default configuration for this command Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show snmp filters Name OID Tree Type user filter 1 3 6 1 2 1 1 Inc...

Page 346: ...ow snmp users Name group name Auto Method Remote John 1 3 6 1 2 1 1 md5 John 1 3 6 1 2 1 1 7 md5 08009009020C0B099 C075879 Console show snmp users John Name John Group name user group Auth Method md5 Remote Name John Group name user group Auth Method md5 Remote 08009009020C0B099C075879 5400_CLI book Page 346 Wednesday December 17 2008 4 33 PM ...

Page 347: ...iguration Spanning tree is enabled Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables spanning tree functionality spanning tree mode The spanning tree mode Global Configuration mode command configures the spanning tree protocol Use the no form of this command to return to the default configuration Console conf...

Page 348: ...ng example configures the spanning tree protocol to RSTP spanning tree forward time The spanning tree forward time Global Configuration mode command configures the spanning tree bridge forward time which is the amount of time a port remains in the listening and learning states before entering the forwarding state Use the no form of this command to reset the default forward time Syntax spanning tre...

Page 349: ...Use the no form of this command to reset the default hello time Syntax spanning tree hello time seconds no spanning tree hello time seconds Time in seconds Range 1 10 Default Configuration The default hello time for IEEE Spanning Tree Protocol STP is 2 seconds Command Modes Global Configuration mode User Guidelines When configuring the Hello Time the following relationship should be kept Max Age 2...

Page 350: ...2 Forward Time 1 Max Age Max Age 2 Hello Time 1 Example The following example configures the spanning tree bridge maximum age to 10 seconds spanning tree priority The spanning tree priority Global Configuration mode command configures the spanning tree priority The priority value is used to determine which bridge is elected as the root bridge Use the no form of this command to reset the default sp...

Page 351: ...nable spanning tree on a port use the no form of this command Syntax spanning tree disable no spanning tree disable Default Configuration By default all ports are enabled for spanning tree Command Modes Interface Configuration Ethernet port channel mode User Guidelines When STP is disabled the device will not forward STP BPDU s based on the Forward BPDU s setting Example The following example disa...

Page 352: ...sed long or short is set by using the spanning tree pathcost method command Example The following example configures the spanning tree cost on g5 to 35000 spanning tree port priority The spanning tree port priority Interface Configuration mode command configures port priority Use the no form of this command to reset the default port priority Syntax spanning tree port priority priority no spanning ...

Page 353: ...t mode Syntax spanning tree portfast no spanning tree portfast Default Configuration PortFast mode is disabled Command Modes Interface Configuration Ethernet port channel mode User Guidelines This feature should be used only with interfaces connected to end stations Otherwise an accidental topology loop could cause a data packet loop and disrupt switch and network operations Example The following ...

Page 354: ...ll duplex port is considered a point to point link and a half duplex port is considered a shared link Example The following example enables shared spanning tree on g5 spanning tree mst priority The spanning tree mst priority Global Configuration mode command configures the device priority for the specified spanning tree instance Use the no form of this command to return to the default configuratio...

Page 355: ...rded and the port information is aged out Use the no form of this command to return to the default configuration Syntax spanning tree mst max hops hop count no spanning tree mst max hops hop count Number of hops in an MST region before the BDPU is discarded Range 1 40 Default Setting The default number of hops is 20 Command Mode Global Configuration mode User Guidelines There are no user guideline...

Page 356: ... channel mode User Guidlines There are no user guidelines for this command Example The following example configures the port priority of port g1 to 142 spanning tree mst cost The spanning tree mst cost Interface Configuration mode command configures the path cost for multiple spanning tree MST calculations If a loop occurs the spanning tree considers path cost when selecting an interface to put in...

Page 357: ...l Configuration mode command enables configuring an MST region by entering the Multiple Spanning Tree MST mode Syntax spanning tree mst configuration Default Setting This command has no default configuration Command Mode Global Configuration mode User Guidelines All devices in an MST region must have the same VLAN mapping configuration revision number and name Interface Long Short Port channel 20 ...

Page 358: ...ommand Modes MST Configuration mode User Guidelines All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree CIST instance instance 0 and cannot be unmapped from the CIST For two or more devices to be in the same MST region they must have the same VLAN mapping the same configuration revision number and the same name Example The following examp...

Page 359: ...user guidelines for this command Example The following example defines the configuration name as region1 revision mst The revision MST Configuration command defines the configuration revision number Use the no form of this command return to the default configuration Syntax revision value no revision value Configuration revision number Range 0 65535 Default Setting The default configuration revisio...

Page 360: ...n configuration Default Setting This command has no default configuration Command Mode MST Configuration mode User Guidelines The pending MST region configuration takes effect only after exiting the MST Configuration mode Example The following example displays a pending MST region configuration Console config spanning tree mst configuration Console config mst revision 1 Console config mst show pen...

Page 361: ...mmand Example The following example exits the MST Configuration mode and saves changes abort mst The abort MST Configuration mode command exits the MST Configuration mode without applying the configuration changes Syntax abort Default Setting This command has no default configuration Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command Console config sp...

Page 362: ...ts short Specifies 0 through 65 535 range for port path costs Default Configuration Short Command Mode Global Configuration mode User Guidelines The cost is set using the spanning tree cost command Example The following example sets the default path cost method to long spanning tree bpdu The spanning tree bpdu Global Configuration mode command defines BPDU handling when spanning tree is disabled o...

Page 363: ... an interface clear spanning tree detected protocols The clear spanning tree detected protocols Privileged EXEC mode command restarts the protocol migration process force the renegotiation with neighboring switches on all interfaces or on the specified interface Syntax clear spanning tree detected protocols ethernet interface number port channel port channel number interface A valid Ethernet port ...

Page 364: ...ree mst configuration detail Display detailed information active Display active ports only blockedports Display blocked ports only mst configuration Display the MST configuration identifier interface number Ethernet port number Range Valid Ethernet port port channel number Port channel index Range Valid Ethernet port instance id ID associated with a spanning tree instance Default Configuration Thi...

Page 365: ...elay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 Enabled 128 1 20000 FWD Root No P2p RSTP 2 Enabled 128 2 20000 FWD Desg No Shared STP 3 Disabled 128 3 20000 4 Enabled 128 4 20000 BLK Altn No Shared STP 5 Enabled 128 5 20000 DIS console show spanning tree Spanning tree en...

Page 366: ...000 FWD Desg No P2p RSTP 2 Enabled 128 2 20000 FWD Desg No Shared STP 3 Disabled 128 3 20000 4 Enabled 128 4 20000 FWD Desg No Shared STP 5 Enabled 128 5 20000 DIS Console show spanning tree Spanning tree disabled BPDU filtering mode RSTP Default port cost method long Root ID Priority N A Address N A Path Cost N A Root Port N A Hello Time N A Max Age N A Forward Delay N A 5400_CLI book Page 366 We...

Page 367: ...abled 128 1 20000 g2 Enabled 128 2 20000 g3 Disabled 128 3 20000 g4 Enabled 128 4 20000 g5 Enabled 128 5 20000 Console show spanning tree active Spanning tree enabled mode RSTP Default port cost method long Root ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 oot Port 1 g1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 5400_CLI book Page 367 Wednesday December 17 2008 4 33 PM ...

Page 368: ... Desg No Shared STP g4 Enabled 128 4 20000 BLK Altn No Shared STP onsole show spanning tree blockedports Spanning tree enabled mode RSTP Default port cost method long Root ID Priority 32768 Address 00 01 42 9 7 e0 00 Path Cost 20000 Root Port 1 g1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15...

Page 369: ...ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 g1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 2 last change occurred 2d18h ago Times hold 1 topology change 35 notification 2 hello 2 max age 20 forward delay 15 5400_CLI book Page 369 We...

Page 370: ...Type Shared configured auto STP Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path cost 20000 Guard root Disabled Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Port 3 1 3 disabled State N A Role N A Port id 128 3 Port cost 20000 Type N A configured auto Port Fast N A configured no Designated bridg...

Page 371: ...g state 1 BPDU sent 2 received 120638 Port 5 1 5 enabled State Disabled Role N A Port id 128 5 Port cost 20000 Type N A configured auto Port Fast N A configured no Designated bridge Priority N A Address N A Designated port id N A Designated path cost N A Guard root Disabled Number of transitions to forwarding state N A BPDU sent N A received N A Console show spanning tree mst configuration Name Re...

Page 372: ...68 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 Enabled 128 1 20000 FWD Root No P2p Bound RSTP 2 Enabled 128 2 20000 FWD Desg No Shared Bound STP 3 Enabled 128 3 20000 FWD Desg No P2p 4 Enabled 128 4 20000 FWD Desg No P2p MST 1 Vlans Mapped 10 20 Root ID Priority 24576 Address 00 02 4b 29 89 ...

Page 373: ...ty 32768 Address 00 02 4b 29 7a 00 Designated port id 128 1 Designated path cost 20000 Guard root Disabled Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Port 2 1 2 enabled State Forwarding Role Designated Port id 128 2 Port cost 20000 Type Shared configured auto Boundary STP Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated p...

Page 374: ...38 Port 4 1 4 enabled State Forwarding Role Designated Port id 128 4 Port cost 20000 Type Shared configured auto Internal Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path cost 20000 Guard root Disabled Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Console show spanning tree Spanning tree enabled...

Page 375: ... 32768 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST Root ID Priority 32768 Address 00 01 42 97 e0 00 This switch is root for CST Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 5400_CLI book Page 375 Wednesday December 17...

Page 376: ...nning tree guard root Default Configuration Root guard is disabled Command Modes Interface Configuration Ethernet port channel mode User Guidelines Root guard can be enabled when the switch work in STP RSTP and MSTP When root guard is enabled if spanning tree calculations cause a port to be selected as the root port the port transitions to the alternate state Example The following example enable r...

Page 377: ...ration The default value is 22 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the port to be used by the SSH server as 8080 ip ssh server The ip ssh server Global Configuration mode command enables the device to be configured from a SSH server Use the no form of this command to disable this function Synta...

Page 378: ...on DSA key pairs do not exist Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs one public DSA key and one private DSA key If the device already has DSA keys a warning and prompt to replace the existing keys with new keys is displayed This command is not saved in the startup configuration however the keys generated by this command are saved in the FLASH The SSH...

Page 379: ... not saved in the startup configuration however the keys generated by this command are saved in the FLASH The SSH keys can be displayed with the show crypto key mypubkey rsa command This command may take a considerable period of time to execute Example The following example generates RSA key pairs ip ssh pubkey auth The ip ssh pubkey auth Global Configuration mode command enables public key authen...

Page 380: ...mmand Mode Global Configuration mode User Guidelines Use this command to enter Public Key chain Configuration mode This command can also be used when you need to manually specify SSH client s public keys Example The following example enters the SSH Public Key chain Configuration mode user key The user key SSH Public Key Chain Configuration mode command specifies which SSH public key is manually co...

Page 381: ...s a SSH public key to be manually configured for the SSH public key chain called bob key string The key string SSH Public Key String Configuration mode command manually specifies a SSH public key Syntax key string row key string row Specify SSH public key row by row key string UU encoded DER format is the same format in authorized_keys file used by OpenSSH Default Configuration By default the keys...

Page 382: ...ommand displays the SSH server configuration Syntax show ip ssh Console config crypto key pubkey chain ssh Console config pubkey chain user key bob rsa Console config pubkey key key string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ ZNXfZSkvHG QusIZ 76ILmFT34v7u7ChFAE Vu4GRfpSwoQUvV35LqJJk67IOU zfwOl1g kTwml75QR9gHujS6KwGN2QWXgh3ub8gDjTSq muSn Wd05iDX2IExQWu08licglk02LYc...

Page 383: ...n the display Console show ip ssh SSH server enabled Port 22 RSA key was generated DSA DSS key was generated SSH Public Key Authentication is enabled Active incoming sessions IP address SSH username Version Cipher Auth Code 172 16 0 1 John Brown 2 0 3 DES HMAC SH1 Field Description IP address Client address SSH username User name Version SSH version number Cipher Encryption type 3DES Blowfish RC4 ...

Page 384: ... for this command Example The following example displays the SSH public keys on the device Console show crypto key mypubkey rsa RSA key data 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 64CAB820 847EDAD9 DF0B4E4C 73A05DD2 BD62A8A9 FA603DD2 E2A8A6F8 98F76E28 D58AD221 B583D7A4 71020301 87685768 Fingerprint Hex 77 C7 19 85 98 19 27 96 C9 ...

Page 385: ...to Hex format Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays all SSH public keys stored on the device The following example displays the SSH public called bob Console show crypto key pubkey chain ssh Username Fingerprint bob 9A CC 01 C5 78 39 27 8...

Page 386: ...386 SSH Commands 5400_CLI book Page 386 Wednesday December 17 2008 4 33 PM ...

Page 387: ... of logging messages to the various destinations such as the logging buffer logging file or syslog server Logging on and off for these destinations can be individually configured using the logging buffered logging file and logging Global Configuration mode commands However if the logging on command is disabled no messages are sent to these destinations Only the console receives messages Example Th...

Page 388: ...g If unspecified the default level is errors facility The facility that is indicated in the message Can be one of the following values local0 local1 local2 local3 local4 local5 local 6 local7 If unspecified the port number defaults to local7 text Syslog server description Range 1 64 characters Default Configuration As described in the field descriptions Command Mode Global Configuration mode User ...

Page 389: ...guration The default is informational Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example limits messages logged to the console based on severity level errors logging buffered The logging buffered Global Configuration mode command limits syslog messages displayed from an internal buffer based on severity Use the no form...

Page 390: ... internal buffer Use the no form of this command to return the number of messages stored in the internal buffer to the default value Syntax logging buffered size number no logging buffered size number Numeric value indicating the maximum number of messages stored in the history table Range 20 400 Default Configuration The default number of messages is 200 Command Mode Global Configuration mode Use...

Page 391: ...ing file Global Configuration mode command limits syslog messages sent to the logging file based on severity Use the no form of this command to cancel the buffer Syntax logging file level no logging file level Limits the logging of messages to the buffer to a specified level emergencies alerts critical errors warnings notifications informational and debugging Default Configuration The default seve...

Page 392: ... guidelines for this command Example The following example clears messages from the logging file aaa logging The aaa logging Global Configuration mode command controls logging of AAA events To disable logging use the no form of the command Syntax aaa logging login no aaa logging login login Log messages related to successful login events unsuccessful login events and other login related events Def...

Page 393: ...ogging copy no file system logging copy file system logging delete rename no file system logging delete rename copy Log messages related to file copy operations delete rename Log messages related to file deletion and renaming Default Configuration Logging file system events enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The foll...

Page 394: ...ation mode User Guidelines Other types of management ACLs events are not subject to this command Example The following example enables logging messages related to deny actions of management ACLs show logging The show logging Privileged EXEC mode command displays the state of logging and the syslog messages stored in the internal buffer Syntax show logging Default Configuration This command has no ...

Page 395: ...File logging level notifications File Messages 0 Dropped severity Syslog server 192 180 2 27 logging errors Messages 6 Dropped severity Syslog server 192 180 2 28 logging errors Messages 6 Dropped severity 2 messages were not logged resources Application filtering control Application Event Status AAA Login Enabled File system Copy Enabled File system Delete Rename Enabled Management ACL Deny Enabl...

Page 396: ... UPDOWN Interface Ethernet1 2 changed state to up 11 Aug 2002 15 41 43 LINK 3 UPDOWN Interface Ethernetg 3 changed state to up 11 Aug 2002 15 41 43 SYS 5 CONFIG_I Configured from memory by console 11 Aug 2002 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet0 0 changed state to up 11 Aug 2002 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet1 0 changed state to down...

Page 397: ...g Buffer Messages 11 Logged 200 Max File logging level notifications File Messages 0 Dropped severity Syslog server 192 180 2 27 logging errors Messages 6 Dropped severity Syslog server 192 180 2 28 logging errors Messages 6 Dropped severity 2 messages were not logged resources Application filtering control Application Event Status AAA Login Enabled File system Copy Enabled File system Delete Rena...

Page 398: ...Ethernetg 2 changed state to up 11 Aug 2002 15 41 43 LINK 3 UPDOWN Interface Ethernetg 3 changed state to up 11 Aug 2002 15 41 43 SYS 5 CONFIG_I Configured from memory by console 11 Aug 2002 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet0 0 changed state to up 11 Aug 2002 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet1 0 changed state to down 11 Aug 2002 15 41...

Page 399: ...ommand Example The following example displays the syslog server settings Console show syslog servers IP address Port Severity Facility Description 192 180 2 275 14 Informational local 7 192 180 2 285 14 Warning local 7 5400_CLI book Page 399 Wednesday December 17 2008 4 33 PM ...

Page 400: ...400 Syslog Commands 5400_CLI book Page 400 Wednesday December 17 2008 4 33 PM ...

Page 401: ...ddress IPv6Z address the outgoing interface name must be specified Refer to the usage guidelines for the interface name syntax hostname hostname to ping Range 1 158 characters packet_size Number of bytes in a packet The actual packet size is eight bytes larger than the size specified because the switch adds header information Range 56 1472 bytes packet_count Number of packets to send If 0 is enter...

Page 402: ...a directly attached host using its link local address the egress interface may be specified in the IPv6Z format If the egress interface is not specified the default interface is selected Specifying interface zone 0 is the same as not defining an egress interface When using the ping ipv6 command with a multicast address the information displayed is taken from all received echo responses Examples Th...

Page 403: ...e syntax hostname Hostname of the destination host Range 1 158 characters size packet_size Number of bytes in a packet Range 40 1472 ttl max ttl The largest TTL value that can be used The traceroute command terminates when the destination is reached or when this value is reached Range 1 255 count packet_count The number of probes to be sent at each TTL level Range 1 10 timeout time_out The number ...

Page 404: ... deliver the packet If the timer goes off before a response comes in the traceroute command prints an asterisk The traceroute command terminates when the destination responds when the maximum TTL is exceeded or when the user interrupts the trace with Esc Examples console traceroute umaxp1 physics lsa umich edu Type Esc to abort Tracing the route to umaxp1 physics lsa umich edu 141 211 101 64 1 i2 ...

Page 405: ...he Telnet port decimal23 on the host keyword Can be one or more keywords from the keywords table in the User Guidelines Default Configuration This command has no default configuration Command Mode User EXEC mode Field Description 1 Indicates the sequence number of the router in the path to the host i2 gateway stanford edu Host name of this device 192 68 191 83 IP address of this device 1 msec 1 ms...

Page 406: ...hed between them To open a subsequent session the current connection needs to be suspended by pressing the escape sequence Ctrl Shift 6 and x to return to the system command prompt Then open a new connection with the telnet command Escape Sequence Purpose Ctrl shift 6 b Break Ctrl shift 6 c Interrupt Process IP Ctrl shift 6 h Erase Character EC Ctrl shift 6 o Abort Output AO Ctrl shift 6 t Are You...

Page 407: ... UNIX Copy Program UUCP and other non Telnet protocols Ctrl shift 6 x Return to System Command Prompt Keyword Description Port number bgp Border Gateway Protocol 179 chargen Character generator 19 cmd Remote commands 514 daytime Daytime 13 discard Discard 9 domain Domain Name Service 53 echo Echo 7 exec Exec 512 finger Finger 79 ftp File Transfer Protocol 21 ftp data FTP data connections 20 gopher...

Page 408: ...de lpd Printer service 515 nntp Network News Transport Protocol 119 pim auto rp PIM Auto RP 496 pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 110 smtp Simple Mail Transport Protocol 25 sunrpc Sun Remote Procedure Call 111 syslog Syslog 514 tacacs TAC Access Control System 49 talk Talk 517 telnet Telnet 23 time Time 37 uucp Unix to Unix Copy Program 540 whois Nickname 43 www World W...

Page 409: ...hen resetting the device to ensure that no other activity is being performed In particular the user should verify that no configuration files are being downloaded at the time of reset Example The following example reloads the operating system hostname The hostname Global Configuration mode command specifies or modifies the device host name Use the no form of the command to remove the existing host...

Page 410: ...d allows the software to measure CPU utilization Use the no form of this command to disable measuring Syntax service cpu utilization no service cpu utilization Default Configuration The service cpu utilization function is enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example allows the software to measure CPU util...

Page 411: ...obal Configuration mode command to enable measuring CPU utilization Example The following example displays the cpu utilization show users The show users Privileged EXEC mode command displays information about the active users Syntax show users Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Console show cpu utilization CPU utilization service is on...

Page 412: ...ommand Command Mode User EXEC mode User Guidelines 1 Open telnet session from PC 5400 to other device 2 In the other device syntax press Cntrl shift t X 3 Enter the command show session The number of sessions opened from PC 5400 is displayed 4 Enter the command resume number of session to return to the relevant telnet session Console show users Username Protocol Location Bob Serial John SSH 172 16...

Page 413: ...e User Guidelines There are no user guidelines for this command Console show sessions Connecti on Host Address Port Byte 1 Remote device 172 16 1 1 23 89 2 172 16 1 2 172 16 1 2 23 8 Field Description Connection Connection number Host Remote host to which the device is connected through a Telnet session Address IP address of the remote host Port Telnet TCP port number Byte Number of unread bytes f...

Page 414: ...t Configuration By default the device supports iscsi Command Mode Priviledged EXEC mode console show system System Description System Up Time days hour min sec System Contact System Name System location System MAC Address Sys Object ID Type Kenan 24 00 05 19 48 RS1 00 00 b0 00 00 00 1 3 6 1 4 1 674 10895 3020 PowerConnect 5400 Main Power Supply Status ok Redundant Power Supply Status ok Fan 1 Stat...

Page 415: ...system mode mode defaults id defaults Displays the sytem default configuration id Displays the sytem identity information Default Configuration This command has no default setting Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information on features control show version The show version User EXEC mode command displa...

Page 416: ...tag Global Configuration mode command specifies the device asset tag Use the no form of the command to remove the existing asset tag Syntax asset tag tag no asset tag tag The device asset tag Range 1 16 characters Default Configuration This command has no default configuration No asset tag is defined by default Command Mode Global Configuration mode Console show version SW version 1 0 0 1 date Jun...

Page 417: ...D information Syntax show system id Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines The tag information is on a device by device basis Example The following example displays the system service tag information Console config asset tag 1qwepot Console show system id Serial number 123456789 Service tag Asset tag 5400_CLI book Page 417 Wednes...

Page 418: ...418 System Management 5400_CLI book Page 418 Wednesday December 17 2008 4 33 PM ...

Page 419: ...device and the daemon port number Specify a server port number If unspecified the port number defaults to 49 Range 0 65535 timeout Specifies the timeout value in seconds If no timeout value is specified the global value is used Range 1 30 key string Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the encrypt...

Page 420: ...no tacacs server key key string Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the encryption used on the TACACS daemon Range 0 128 characters Default Configuration Empty string Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following exampl...

Page 421: ...Global Configuration mode command specifies the source IP address that will be used for the communication with TACACS servers Use the no form of this command to return to default Syntax tacacs server source ip source no tacacs server source ip source source Specifies the source IP address Range Valid IP Address Default Configuration The IP address would be of the outgoing IP interface Command Mode...

Page 422: ...command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays configuration and statistic for a TACACS server Console config tacacs server source ip 172 16 8 1 Console show tacacs IP address Status Port Single Connection TimeOut Source IP Priority 172 16 1 1 Connected 49 No Global Global ...

Page 423: ...e setting is relevant to local users passwords line passwords and enable passwords The software checks the minimum length requirement when a a password is defined in an unencrypted format or when a user tries to login Note that if a password is inserted in encrypted format the minimum length requirement only gets checked when the user logs in In a similar way passwords defined before the minimum l...

Page 424: ... 10 days before expiration a syslog message is generated Example The following example configures 5 days as the aging time of line passwords passwords aging The passwords aging Global Configuration mode command configures the aging time of username passwords and enables passwords To disable password expiration time use the no form of this command Syntax passwords aging username name days no passwo...

Page 425: ...re required before a password in the local database can be reused To remove the requirement use the no form of this command Syntax passwords history number no passwords history number The number of password changes before a password can be reused Range 1 10 Default Configuration Passwords history is disabled Command Mode Global Configuration mode User Guidelines The setting is relevant to local us...

Page 426: ...to be active Default Configuration Disabled Command Mode Global Configuration mode User Guidelines The setting is relevant to local users passwords line passwords and enable passwords The passwords are not deleted from the history database when they are not relevant for the passwords history tracking Increasing the hold time might return back passwords Example The following example configures the ...

Page 427: ...word active and set line active privileged EXEC commands Disabling lockout unlocks all users Re enabling lockout resets the authentication failures counters Changing the authentication failures threshold does not reset the counters Example The following example enables lockout of a user account after a series of five failures aaa login history file The aaa login history file Global Configuration m...

Page 428: ...configuration Command Mode Privileged EXEC mode Example The following example reactivates a locked out user account for Bob set line active The set line active Privileged EXEC mode command reactivates a locked out line Syntax set line console telnet ssh active console Console terminal line telnet Virtual terminal for remote console access Telnet ssh Virtual terminal for secured remote console acce...

Page 429: ...and has no default configuration Command Mode Privileged EXEC mode Example The following example reactivates a previously locked out local password at level 3 show passwords configuration The show passwords configuration Privileged EXEC mode command displays information about the passwords management configuration Syntax show passwords configuration Default Configuration This command has no defaul...

Page 430: ...e Telnet 90 Jan 18 2005 LOCKOUT SSH 90 Jan 21 2005 0 Field Description Minimal length The minimal length required for passwords in the local database History The number of passwords changes required before a password in the local database can be reused History hold time The duration that a password is relevant for tracking passwords history Lockout control Control lockout of a user account after s...

Page 431: ...f lockout control is enabled it specifies how many times a user has failed to enter the correct password since the last successful login If the password is locked out it specifies LOCKOUT Line Configuration and status for specific line password Console show users login history Login Time Username Protocol Location Jan 18 2004 23 58 17 Robert HTTP 172 16 1 8 Jan 19 2004 07 59 23 Robert HTTP 172 16 ...

Page 432: ...432 TIC Commands 5400_CLI book Page 432 Wednesday December 17 2008 4 33 PM ...

Page 433: ...ode User Guidelines There are no user guidelines for this command Example The following example enters tunnel interface configuration mode to configure tunnel 1 tunnel mode ipv6ip The tunnel mode ipv6ip Interface Tunnel Configuration mode command configures an IPv6 transition mechanism global support mode Use the no form of this command to remove the IPv6 transition mechanism Console config interf...

Page 434: ...v6 Example The following example configures an IPv6 transition mechanism global support mode tunnel isatap router The tunnel isatap router Interface Tunnel Configuration mode command configures a global string that represents a specific automatic tunnel router domain name Use the no form of this command to remove the string associated with the router domain name and return to the default Syntax tu...

Page 435: ...dress ipv4 address no tunnel source auto The system minimum IPv4 address is used as the source address for packets sent on the tunnel interface If the IPv4 address is changed then the local address of the tunnel interface is also changed ip4 address Pv4 address to use as the source address for packets sent on the tunnel interface The tunnel interface local address is not changed when the IPv4 addr...

Page 436: ...ommand determines the interval of DNS queries before the IP address of the ISATAP router is known When the IP address is known the robustness level that is set by the tunnel isatap robustness global configuration command determines the refresh rate Example The following example configures the interval between DNS Queries for the automatic tunnel router domain to 60 seconds tunnel isatap solicitati...

Page 437: ... configuration command determines the refresh rate Example The following example configures the interval between ISATAP router solicitations messages to 60 seconds tunnel isatap robustness The tunnel isatap robustness Global Configuration mode command configures the number of DNS Query Router Solicitation refresh messages that the device sends Use the no form of this command to return to default S...

Page 438: ...ess 1 Example The following example configures the number of DNS Query Router Solicitation refresh messages that the device sends to 6 times show ipv6 tunnel The show ipv6 tunnel Privileged EXEC mode command displays information on the ISATAP tunnel Syntax show ipv6 tunnel Default Configuration This command has no default setting Command Mode Privileged EXEC mode User Guidelines There are no user ...

Page 439: ...le show ipv6 tunnel Router DNS name ISATAP Router IPv4 address 172 16 1 1 DNS Query interval 10 seconds Min DNS Query interval 0 seconds Router Solicitation interval 10 seconds Min Router Solicitation interval 0 seconds Robustness 3 5400_CLI book Page 439 Wednesday December 17 2008 4 33 PM ...

Page 440: ...440 Tunnel 5400_CLI book Page 440 Wednesday December 17 2008 4 33 PM ...

Page 441: ...vilege level is 15 Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows how to enter privileged mode disable The disable Privileged EXEC mode command returns to User EXEC mode Syntax disable privilege level privilege level Privilege level to enter the system Range 1 15 Console enable enter password Console 5400_CLI book Page ...

Page 442: ...ogin The login User EXEC mode command changes a login username Syntax login Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows how to enter privileged EXEC mode and login Console disable Console Console login User Name admin Password Console 5400_CLI book Page ...

Page 443: ... the following example because no keyword is entered a prompt is displayed After the keyword is selected a message confirming the command entry method is displayed exit configuration The exit command exits any configuration mode to the next highest mode in the CLI mode hierarchy Syntax exit Default Configuration This command has no default configuration Command Mode All command modes User Guidelin...

Page 444: ...lt configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example closes an active terminal session end The end Global Configuration mode command ends the current configuration session and returns to the privileged command mode Syntax end Default Configuration This command has no default configuration Console config if exit Con...

Page 445: ...Syntax help Default Configuration This command has no default configuration Command Mode All Command modes User Guidelines There are no user guidelines for this command history The history Line Configuration mode command enables the command history function Use the no form of this command to disable the command history feature Syntax history no history Default Configuration The history function is...

Page 446: ...Data dump is disabled Command Mode Privilege EXEC command mode User Guidelines By default when output continues beyond what is displayed on the screen the CLI displays a More prompt Pressing Return displays the next line pressing the Spacebar displays the next output screen The datadump feature enables the dumping of all the output immediately after entering the show command for the current termin...

Page 447: ... The default history buffer size is 10 Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command Example The following example changes the command history buffer size to 100 entries for a particular line debug mode The debug mode Privilege EXEC mode command switches the mode to debug Syntax debug mode Default Configuration This command has no default config...

Page 448: ...r Guidelines The commands are listed from the first to the latest command The buffer is kept unchanged when entering to configuration mode and returning back The command in the buffer includes the commands that were not executed Example The following example displays all the commands entered while in the current privileged EXEC mode console config console debug debug Enter DEBUG Password DEBUG Con...

Page 449: ...lines for this command Example The following example displays the current privilege level do The do EXEC level command executes a Global Configuration mode or any configuration submode Syntax do command Default Configuration This command has no default configuration Command Mode All configuration modes User Guidelines There are no user guidelines for this command Console show privilege Current pri...

Page 450: ...efault g1 2 Other Required g1 4 10 VLAN0010 g3 4 dynamic Required 11 VLAN0011 g1 2 static Required 20 VLAN0020 g3 4 static Required 21 VLAN0021 static Required 30 VLAN0030 static Required 31 VLAN0031 static Required 91 VLAN0011 g1 2 static Not Required 3978 Guest VLAN g17 static Guest 5400_CLI book Page 450 Wednesday December 17 2008 4 33 PM ...

Page 451: ...r this command Example The following example enters the VLAN database mode vlan Use the vlan VLAN Configuration mode command to create a VLAN Use the no form of this command to delete a VLAN Syntax vlan vlan range no vlan vlan range vlan range A list of valid VLAN IDs to be added List separate non consecutive VLAN IDs separated by commas without spaces use a hyphen to designate a range of IDs Rang...

Page 452: ...terface vlan vlan id vlan id The ID of an existing VLAN excluding GVRP dynamic VLANs Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the VLAN 1 IP address of 131 108 1 27 and subnet mask 255 255 255 0 Console config vlan database Console conf...

Page 453: ...he interface range context are executed independently on each interface in the range If the command returns an error on one of the interfaces an error message is displayed and execution continues on other interfaces Example The following example groups VLAN 221 until 228 and VLAN 889 to receive the same command name The name Interface Configuration mode command adds a name to a VLAN Use the no for...

Page 454: ...ccess vlan vlan id no switchport access vlan vlan id VID of the VLAN to which the port is configured Default Configuration VID 1 Command Mode Interface Configuration Ethernet port channel mode User Guidelines The command automatically removes the port from the previous VLAN and adds it to the new VLAN Example The following example configures a VLAN ID of 23 to the untagged layer 2 VLAN interface n...

Page 455: ...ation Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example shows how to add VLANs 2 and 5 to 8 to the allowed list of g8 switchport trunk native vlan The switchport trunk native vlan Interface Configuration mode command defines the port as a member of the specified VLAN and the VLAN ID as the port default VLAN ID PVID Use the no for...

Page 456: ...ves VLANs from a general port Syntax switchport general allowed vlan add vlan list tagged untagged switchport general allowed vlan remove vlan list add vlan list List of VLAN IDs to add Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan list List of VLAN IDs to remove Separate non consecutive VLAN IDs with a comma and no spaces A hyphen desi...

Page 457: ...vlan id may belong to a non existent VLAN Default Configuration VLAN ID 1 Command Mode Interface Configuration Ethernet port channel mode User Guidelines This command has the following consequences incoming untagged frames are assigned to this VLAN and outgoing traffic in this VLAN on this port is sent untagged despite the normal situation where traffic sent from a trunk mode port is all tagged Ex...

Page 458: ...xample The following example shows how to enables port ingress filtering on g8 switchport general acceptable frame type tagged only The switchport general acceptable frame type tagged only Interface Configuration mode command discards untagged frames at ingress Use the no form of this command to enable untagged frames at ingress Syntax switchport general acceptable frame type tagged only no switch...

Page 459: ...IDs to add to the forbidden list Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan list List of VLAN IDs to remove from the forbidden list Separate non consecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs Default Configuration All VLANs allowed Command Mode Interface Configuration Ethernet port channel mode Use...

Page 460: ...fic box Command Modes Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures the VLAN membership mode of a port Use the no form of this command to reset the mode to the appropriate default for the device switchport customer vlan The switchport customer vlan Interface Configuration Ethernet port chann...

Page 461: ...ocol from a group Syntax map protocol protocol encapsulation protocols group group no map protocol protocol encapsulation protocol The protocol is a 16 or 40 bits protocol number or one of the following names ip arp ipv6 and ipx The protocol number is in Hex format Range 0600 FFFF encapsulation One of the following values ethernet rfc1042 or llcOther If no option is indicated the default is ethern...

Page 462: ...fined in the map protocol protocols group command Range 1 2147483647 vlan id Define the VLAN ID in the classifying rule Default Configuration This command has no default configuration Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example sets a protocol based classification rule of protocol group ...

Page 463: ... port channel mode User Guidelines Packets to the device MAC address are sent to the device and not forwarded to the uplink Example The following example overrides the FDB decision and sends all the Unicast Multicast and Broadcast traffic to specified ethernet port ip internal usage vlan The ip internal usage vlan Interface Configuration mode command reserves a VLAN as the internal usage VLAN of a...

Page 464: ...he IP interface creates the VLAN and recreate the IP interface or use this command to define explicit internal usage VLAN This command cannot be used with the command interface range ethernet Examples The following example reserves a VLAN as the internal usage VLAN of an interface show vlan The show vlan Privileged EXEC mode command displays VLAN information Syntax show vlan tag vlan id name vlan ...

Page 465: ...on This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show vlan Vlan Name Ports Type Authorization 1 default g1 2 other Required 10 VLAN0010 g1 4 dynamic Required 11 VLAN0011 g3 4 static Required 20 VLAN0020 g1 2 static Required 21 VLAN0021 g3 4 static Required 30 VLAN0030 static Required 31 VLAN0031 sta...

Page 466: ...s information Syntax show vlan protocols groups Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show vlan internal usage Usage VLAN Reserved IP Address g21 1007 No Active g22 1008 Yes Inactive g23 1009 Yes Active 5400_CLI book Page 466 Wednesday December 17 2008 4 33 PM ...

Page 467: ...nterface Specific interface such as ethernet g8 port channel number Valid port channel trunk index Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show vlan protocols groups Encapsulation Protocol Group Id ethernet 08 00 213 ethernet 08 06 213 ethernet 81 37 312 ethernet 81 38 31...

Page 468: ...General GVRP Status disabled Ingress Filtering true Acceptable Frame Type admitAll Ingress Untagged VLAN NATIVE 1 Port is member in Vlan Name Egress rule Type 1 default untagged System 8 VLAN008 tagged Dynamic 11 VLAN011 tagged Static Forbidden VLANS VLAN Name 73 Out Classification rules Group ID VLAN 219 372 5400_CLI book Page 468 Wednesday December 17 2008 4 33 PM ...

Page 469: ...d Mode Global Configuration mode User Guidelines The Voice VLAN feature is only active if the specified VLAN is already created If the Voice VLAN feature is not active all the Voice VLAN parameters are kept as shadow parameters Example The following example configures the Voice VLAN voice vlan oui table The voice vlan oui table Global Configuration mode command configures the Voice OUI table Use t...

Page 470: ...nd Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the Voice OUI table OUI Description 0001e3 Siemens_AG_phone 00036b Cisco_phone 000fe2 H3C_Aolynk 0060b9 Philips_and_NEC_AG_ph one 00d01e Pingtel_phone 00e075 Polycom Veritel_phone 00e0bb 3Com_phone Console config voice vlan oui table add mac address prefix descri...

Page 471: ...ration mode User Guidelines There are no user guidelines for this command Example The following example configures Voice vlan cos voice vlan aging timeout The voice vlan aging timeout Global Configuration mode command sets the Voice VLAN aging timeout Use the no form of this command to return to default Syntax voice vlan aging timeout minutes no voice vlan aging timeout minutes Specify the aging t...

Page 472: ...e User Guidelines The port is added to the Voice VLAN when a packet with a source MAC address that is a telephony MAC address defined by the Voice VLAN OUI table Global Configuration command is trapped on the port NOTE The packet VLAN ID can be the Voice VLAN ID or any other VLAN The port joins the Voice VLAN as a tagged port If the time since the last MAC address with telephony MAC address has ag...

Page 473: ...source MAC address that is not a telephony MAC address defined by the Voice vlan OUI table Global Configuration command is discarded This command is relevant only to ports added to the Voice VLAN automatically Example The following example configures the current port in security mode See User Guidlines show voice vlan Use the show voice vlan EXEC command to display the Voice VLAN status Syntax sho...

Page 474: ...ilips_and_NEC_AG_ph one 00d01e Pingtel_phone 00e075 Polycom Veritel_phone 00e0bb 3Com_phone Console show voice vlan Aging timeout 1440 minutes OUI table MAC Address Prefix Description 00 01 e3 Siemens_AG_phone________ 00 03 6B Cisco_phone_____________ 00 0f e2 H3C_Aolynk______________ 00 60 b9 Philips_and_NEC_AG_phone 00 d0 1e Pingtel_phone___________ 00 e0 75 Polycom Veritel_phone___ 00 e0 bb Com...

Page 475: ...N VLAN ID 8 CoS 6 Remark Yes Interface Enabled Secure Activated g1 Yes Yes Yes g2 Yes Yes No g3 Yes Yes Yes g4 Yes Yes Yes g5 No No g6 No No g7 No No g8 No No g9 No No 5400_CLI book Page 475 Wednesday December 17 2008 4 33 PM ...

Page 476: ...476 Voice VLAN 5400_CLI book Page 476 Wednesday December 17 2008 4 33 PM ...

Page 477: ...Guidelines Only a user with access level 15 can use the web server Example The following example enables the device to be configured from a browser ip http port The ip http port Global Configuration mode command specifies the TCP port for use by a web browser to configure the device Use the no form of this command to use the default TCP port Syntax ip http port port number no ip http port port num...

Page 478: ...r input before automatically loging off Use the no form of this command to return to default Syntax ip http exec timeout minutes seconds no ip http exec timeout Parameters minutes Integer that specifies the number of minutes Range 0 65535 seconds Additional time intervals in seconds Range 0 59 Default Configuration The default configuration is 10 minutes Command Mode Global Configuration mode User...

Page 479: ...r Guidelines You must use the crypto certificate generate command to generate the HTTPS certificate Example The following example enables the device to be configured from a browser ip https port The ip https port Global Configuration mode command configures a TCP port for use by a secure web browser to configure the device Use the no form of this command to use the default port Syntax ip https por...

Page 480: ...at specifies the number of minutes Range 0 65535 seconds Additional time intervals in seconds Range 0 59 Default Configuration The default configuration is the exec timeout that was set by the ip http exec timeout command Command Mode Global Configuration mode User Guidelines This command also configures the exec timeout for HTTPS in case the the HTTPS timeout was not set To specify no timeout ent...

Page 481: ...e where the certificate is generated Range 1 64 or organization Specifies the organization name Range 1 64 loc location Specifies the location or city name Range 1 64 st state Specifies the state or province name Range 1 64 cu country Specifies the country name Range 2 2 duration days Specifies number of days a certification would be valid If unspecified defaults to 365 days Range 30 3650 Default ...

Page 482: ...64 cu country Specifies the country name Range 1 2 Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode User Guidelines Use this command to export a certificate request to a Certification Authority The certificate request is generated in Base64 encoded X 509 format Before generating a certificate request you must first generate a self signed ce...

Page 483: ...1 request BEGIN CERTIFICATE REQUEST MIwTCCASoCAQAwYjELMAkGA1UEBhMCUFAxCzAJBgNVBAgTAkNDMQswCQYDVQQH EwRDEMMAoGA1UEChMDZGxkMQwwCgYDVQQLEwNkbGQxCzAJBgNVBAMTAmxkMRAw DgKoZIhvcNAQkBFgFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ecwQ HdML0831i0fh F0MV Kib6Sz5p 3nUUenbfHp igVPmFM 1nbqTDekb2ymCu6K aKvEbVLF9F2LmM7VPjDBb9bb4jnxkvwW wzDLvW2rsy5NPmH1QVl 8Ubx3GyCm oW93BSOFwxwEsP58kf sPYPy 8wwmoNtDwIDAQABoB8wHQYJK...

Page 484: ... to another device Examples The following example imports a certificate signed by Certification Authority for HTTPS Console config crypto certificate 1 import BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw CwR0PBAQDAgFGMA8GA1UdEwEB wQFMAMBAf8w...

Page 485: ...ificate for HTTPS crypto certificate import pkcs12 The crypto certificate import pkcs12 Privileged EXEC mode command imports the certificate and the RSA keys within a PKCS12 file Syntax crypto certificate number import pkcs12 passphrase number Specifies the certificate number Range 1 2 passphrase Passphrase that is used to encrypt the PKCS12 file for export Range 8 96 Default Configuration There i...

Page 486: ...a 03HSJ741w5MzPI iuWZzrbbuXAxAgMBAAEwDQYJKoZIhvcNAQEEBQADQQBQ GTLeN1p1kARxI4C1fTU efig3ffZ tjW5q1t1r5F6zNv GuXWw7rGzmRyoMXDcYp1TaA4gAIFQCpFGqiSbAx END CERTIFICATE Bag Attributes localKeyID 0C 75 81 77 5A 31 53 D1 FF 4E 26 BE 8D 4A FD 8B 22 9F 45 D4 Key Attributes No Attributes BEGIN RSA PRIVATE KEY Proc Type 4 ENCRYPTED DEK Info DES EDE3 CBC 085DCBF3A41D2669 dac0m9jqEp1DM50sIDb8Jq1jxW 1P0kqSxuMhc2...

Page 487: ...the certificate Console show crypto certificate mycertificate 1 BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw CwR0PBAQDAgFGMA8GA1UdEwEB wQFMAMBAf8wHQYDVR0OBBYEFAf4MT9BRD47 ZvKBAEL9Ggp 6MIIBNgYDVR0fBIIBLTCCASkwgdKggc ggcyGgclsZGFwOi8v L0VByb3h...

Page 488: ...s for this command Example The following example displays the HTTP server configuration show ip https The show ip http Privileged EXEC mode command displays the HTTPS server configuration Syntax show ip https Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show ip http HTTP serve...

Page 489: ... verisign com Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US Finger print DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by self signed Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US Finger print 1873B936 88DC3411 BC8932EF 782134BA 5400_CLI book Page 489 Wednesday December 17 2008 4 33 PM ...

Page 490: ...490 Web Server 5400_CLI book Page 490 Wednesday December 17 2008 4 33 PM ...

Page 491: ...1 x is failed to authenticate If the 8021 x calls the AAA for authentication services it will receive a fail status Command Mode Global Configuration mode User Guidelines The additional methods of authentication are used only if the previous method returns an error for example the authentication server is down and not if the request for authenticate is denied access To ensure that the authenticati...

Page 492: ...rguments or keywords Default Configuration 802 1x globally disabled Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command Examples The following example enables 802 1x globally dot1x port control The dot1x port control Interface Configuration mode command enables manual control of the authorization state of the port Use the no form of this command to...

Page 493: ...witch cannot provide authentication services to the client through the interface Default Configuration force authorized Command Mode Interface Configuration Ethernet mode User Guidelines It is recommended to disable spanning tree or to enable spanning tree PortFast mode on 802 1x edge ports ports in auto state that are connected to end stations in order to get immediately to the forwarding state a...

Page 494: ...tween re authentication attempts Use the no form of this command to return to the default setting Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds Number of seconds between re authentication attempts Range 300 4294967295 Default Configuration 3600 seconds between re authentication attempts Command Mode Interface Configuration Ethernet mode User Guidelines There are...

Page 495: ...iod The dot1x timeout quiet period Interface Configuration mode command sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange for example the client provided an invalid password Use the no form of this command to return to the default setting Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period seconds Time in seconds th...

Page 496: ...o an Extensible Authentication Protocol EAP request identity frame from the client before resending the request Use the no form of this command to return to the default setting Syntax dot1x timeout tx period seconds no dot1x timeout tx period seconds Time in seconds that the switch should wait for a response to an EAP request identity frame from the client before resending the request Range 30 655...

Page 497: ...t identity frame before restarting the authentication process Range 1 10 Default Configuration Maximum number of times switch sends EAP request identity frame to the client before restarting the authentication process is twice Command Mode Interface Configuration Ethernet mode User Guidelines You should change the default value of this command only to adjust for unusual circumstances such as unrel...

Page 498: ...e of this command should be changed only to adjust to unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers Examples The following example sets the time for the retransmission of an EAP request frame to the client to 3600 seconds dot1x timeout server timeout The dot1x timeout server timeout Interface Configuration mode comman...

Page 499: ... to dot1x timeout tx period Use the no form of this command to return to the default setting dot1x send async request id no dot1x send async request id Syntax Description This command has no arguments or keywords Parameters range None Default no by default Command Modes Interface configuration Ethernet Usage Guidelines The command causes 802 1x switch to send Extensible Authentication Protocol EAP...

Page 500: ... Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays 802 1X status for the switch Console config if dot1x send async request id Console config if Console show dot1x Interface Admin Mode Oper Mode Reauth Control Reauth Period Username g1 Auto Authorized Ena 3600 Bob g2 Auto Authorized Ena 3600 John g3 Auto Unauthorized Ena 3600 ...

Page 501: ...th Control Reauthentication control Reauth Period Reauthentication period Username The User Name representing the identity of the Supplicant State The current value of the Authenticator PAE state machine Quiet period The number of seconds that the switch remains in the quiet state following a failed authentication exchange for example the client provided an invalid password Tx period The number of...

Page 502: ...r this command Example The following example displays 802 1X users Login Time How long the user is logged in Last Authentication Time since last authentication Mac address The supplicant MAC address Authentication Method The authentication method used to establish the session Termination Cause The reason for the session termination console show dot1x users Username Session Time Last Auth Auth Meth...

Page 503: ...s command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Field Description Username The User Name representing the identity of the Supplicant Login Time How long the user is logged in Last Authentication Time since last authentication Authentication Method The authentication method used to establish the session Mac addre...

Page 504: ...n transmitted by this Authenticator EapolStartFramesRx The number of EAPOL Start frames that have been received by this Authenticator EapolLogoffFramesRx The number of EAPOL Logoff frames that have been received by this Authenticator EapolRespIdFramesRx The number of EAP Resp Id frames that have been received by this Authenticator EapolRespFramesRx The number of valid EAP Response frames other tha...

Page 505: ... of a trunk port cannot be an unauthenticated VLAN For a general port the PVID can be the Unauthenticated VLAN although only tagged packets would be accepted in Unauthorized state Examples The following example enables unauthorized users access to the VLAN EapLengthErrorFramesRx The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invali...

Page 506: ...uration Ethernet mode User Guidelines This command enables the attachment of multiple clients to a single 802 1X enabled port In this mode only one of the attached hosts must be successfully authorized for all hosts to be granted network access If the port becomes unauthorized all attached clients are denied access to the network For unauthenticated VLANs multiple hosts are always enabled Examples...

Page 507: ...iguration Discard frames with source addresses not the supplicant address No traps Command Mode Interface Configuration Ethernet mode User Guidelines The command is relevant when Multiple hosts is disabled and the user has been successfully authenticated Examples The following example uses the forward action to forward frames with source addresses dot1x guest vlan The dot1x guest vlan Interface Co...

Page 508: ... guest vlan enable The dot1x guest vlan enable Interface Configuration mode command enables unauthorized users on the interface access to the Guest VLAN Use the no form of this command to disable the access Syntax dot1x guest vlan enable no dot1x guest vlan enable Default Configuration Disabled Command Mode Interface Configuration Ethernet mode User Guidelines There is one global Guest VLAN in the...

Page 509: ...hen MAC authentication is enabled Static MAC addresses cannot be aurhorized Do not change authenticated MAC address to static address It is not recommended to delete authenticated MAC addresses Reauthentication must be enabled when working in this mode Example The following command enables authentication based on the station s MAC address dot1x traps mac authentication failure The dot1x traps mac ...

Page 510: ...r based VLAN assignment Syntax dot1x radius attributes vlan no dot1x radius attributes vlan Default Configuration Disabled Command Mode Interface configuration Ethernet mode User Guidelines The dot1x radius attributes vlan command configuration is allowed only when the port is Forced Authorized RADIUS attributes are supported only in the multiple sessions mode multiple hosts with authentication Wh...

Page 511: ... VLAN assignment show dot1x advanced The show dot1x advanced Privileged EXEC mode command displays 802 1X advanced features for the switch or for the specified interface Syntax show dot1x advanced ethernet interface interface Ethernet interface Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this com...

Page 512: ...uthenticate Disabled Disabled Disabled False g8 Authenticate Disabled Disabled Disabled False g9 Authenticate Disabled Disabled Disabled False g10 Authenticate Disabled Disabled Disabled False g11 Authenticate Disabled Disabled Disabled False g12 Authenticate Disabled Disabled Disabled False g13 Authenticate Enabled Disabled Enabled False g14 Authenticate Disabled Disabled Disabled False g15 Authe...

Reviews:

No comments

Related manuals for PowerConnect 5424

D-Link DHP-541 Datasheet preview
DHP-541
Brand: D-Link Pages: 4
D-Link DFE-550TX Datasheet preview
DFE-550TX
Brand: D-Link Pages: 2
IDK MSD-804FD Series Command Manual preview
MSD-804FD Series
Brand: IDK Pages: 133
IDK MSD-72 Series User Manual preview
MSD-72 Series
Brand: IDK Pages: 150
IDK MSD-501 Command Reference Manual preview
MSD-501
Brand: IDK Pages: 101
IDK MSD-402 Command Reference Manual preview
MSD-402
Brand: IDK Pages: 85
IDK IMP-400UHD Command Reference Manual preview
IMP-400UHD
Brand: IDK Pages: 40
IDK FDX-32 User Manual preview
FDX-32
Brand: IDK Pages: 97
IDK FDX-S Series User Manual preview
FDX-S Series
Brand: IDK Pages: 117
IDK FDX-16 User Manual preview
FDX-16
Brand: IDK Pages: 77
Patton electronics 6511RC User Manual preview
6511RC
Brand: Patton electronics Pages: 104
ATZ HDMI-161SM Manual preview
HDMI-161SM
Brand: ATZ Pages: 8
Gefen EXT-DVIKVM-441DL User Manual preview
EXT-DVIKVM-441DL
Brand: Gefen Pages: 32
IDEM SAFETY SWITCHES KLM-P2L Operating Instructions preview
KLM-P2L
Brand: IDEM SAFETY SWITCHES Pages: 2
Moxa Technologies EtherDevice EDS-4009 Series Quick Installation Manual preview
EtherDevice EDS-4009 Series
Brand: Moxa Technologies Pages: 18
TP-Link TL-SG108E Installation Manual preview
TL-SG108E
Brand: TP-Link Pages: 2
Vivotek AW-FGT-100C-120 Quick Installation Manual preview
AW-FGT-100C-120
Brand: Vivotek Pages: 2
Dahua PFS3106-4P-60 User Manual preview
PFS3106-4P-60
Brand: Dahua Pages: 15

Brands by name

Popular brands

Load more brands