background image

show ports security

73

show ports security

The

 show ports security

 Privileged EXEC mode command displays the 

port-lock status.

Syntax

show ports security 

[

ethernet

 

interface

 | 

port-channel 

port-channel-number

]

Parameters

interface

 — A valid Ethernet port.

port-channel-number 

— A valid port-channel number.

Default Configuration 

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

In this example, all classes of entries in the port-lock status are displayed:

Console# 

show ports security

Port Status

Learni

ng

Action

Maximu

m

Trap

Frequency

----

------

-

------

--

------

-

------

-

------

-

---------

g1

Locked

Dynami

c

Discar

d

3

Enable 100

Содержание 3CRUS2475 24

Страница 1: ...www 3Com com Part No 10015248 Rev AA Published October 2006 3Com Unified Gigabit Wireless PoE Switch 24 Command Reference Guide 3CRUS2475 ...

Страница 2: ...ot to remove or deface any portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this User Guide Unless otherwise indicated 3Com registered trademarks are registered in the United States and may or may not be registered in other countries 3Com and the 3Com logo are registered trademarks of 3Com Corporation ntel and Pentium are ...

Страница 3: ...tering Commands 23 Terminal Command Buffer 24 Negating the Effect of Commands 25 Command Completion 25 Nomenclature 25 Keyboard Shortcuts 26 CLI Command Conventions 27 Copying and Pasting Text 27 AAA COMMANDS aaa authentication login 29 aaa authentication enable 30 login authentication 32 enable authentication 33 ip http authentication 33 ip https authentication 34 show authentication methods 35 p...

Страница 4: ...dge multicast forward all 59 bridge multicast forbidden forward all 60 bridge aging time 62 clear bridge 62 port security 63 port security mode 64 port security routed secure address 65 show bridge address table 66 show bridge address table static 67 show bridge address table count 68 show bridge multicast address table 70 show bridge multicast filtering 72 show ports security 73 show ports securi...

Страница 5: ...rol include multicast GC 94 port storm control include multicast IC 95 port storm control broadcast enable 96 port storm control broadcast rate 97 show ports storm control 97 LINE COMMANDS line 99 speed 99 autobaud 100 exec timeout 101 history 102 history size 102 terminal history 103 terminal history size 104 show line 105 PHY DIAGNOSTICS COMMANDS test copper port tdr 107 show copper ports tdr 10...

Страница 6: ...dscp 124 set 125 police 126 service policy 127 qos aggregate policer 128 show qos aggregate policer 129 police aggregate 130 wrr queue cos map 131 wrr queue bandwidth 132 priority queue out num of queues 133 traffic shape 134 rate limit interface configuration 135 show qos interface 136 qos map policed dscp 138 qos map dscp queue 139 qos trust Global 140 qos trust Interface 141 qos cos 142 qos dsc...

Страница 7: ...sntp anycast client enable 157 sntp client enable Interface 157 sntp unicast client enable 158 sntp unicast client poll 159 sntp server 159 show clock 160 show sntp configuration 162 show sntp status 163 RMON COMMANDS show rmon statistics 167 rmon collection history 169 show rmon collection history 170 show rmon history 172 rmon alarm 175 show rmon alarm table 177 show rmon alarm 178 rmon event 18...

Страница 8: ...roups 191 LACP COMMANDS lacp system priority 193 lacp port priority 193 lacp timeout 194 show lacp ethernet 195 show lacp port channel 198 POWER OVER ETHERNET COMMANDS power inline 201 power inline powered device 202 power inline priority 202 power inline usage threshold 203 power inline traps enable 204 show power inline 204 SPANNING TREE COMMANDS spanning tree 209 spanning tree mode 209 spanning...

Страница 9: ...spanning tree mst cost 222 spanning tree mst configuration 223 instance mst 224 name mst 224 revision mst 225 show mst 226 exit mst 227 abort mst 227 spanning tree guard root 228 show spanning tree 229 CONFIGURATION AND IMAGE FILE COMMANDS copy 263 delete 266 boot system 267 show running config 268 show startup config 268 show bootvar 269 RADIUS COMMAND radius server host 271 radius server key 272...

Страница 10: ...aps 291 snmp server filter 291 snmp server host 292 snmp server v3 host 294 snmp server trap authentication 295 snmp server contact 296 snmp server location 297 snmp server set 297 show snmp 298 show snmp engineid 300 show snmp views 301 show snmp groups 302 show snmp filters 303 show snmp users 304 IP ADDRESS COMMANDS ip address 307 ip address dhcp 308 ip default gateway 309 show ip interface 310...

Страница 11: ...ect rogue scan interval 324 wlan rogue detect rogue ap 325 clear wlan rogue ap 326 show wlan rogue aps configuration 326 show wlan rogue aps list 327 show wlan rogue aps neighborhood 328 WIRELESS ESS COMMANDS wlan ess create 331 wlan ess configure 331 ssid 332 open vlan 333 qos 334 load balancing 334 mac filtering action 335 mac filtering list 336 security suite create 337 security suite configure...

Страница 12: ...lan allowed 357 vlan native 358 wlan template ap configure 358 set wlan copy 359 show wlan aps 360 show wlan ap interface radio 364 show wlan ap interface ethernet 365 show wlan aps counters 366 show wlan aps discovered 368 show wlan template aps 369 SSH COMMANDS ip ssh port 371 ip ssh server 372 crypto key generate dsa 372 crypto key generate rsa 373 ip ssh pubkey auth 374 crypto key pubkey chain...

Страница 13: ...ps certificate 390 show crypto certificate mycertificate 391 show ip http 392 show ip https 393 TACACS COMMANDS tacacs server host 395 tacacs server key 396 tacacs server timeout 397 tacacs server source ip 398 show tacacs 399 SYSLOG COMMANDS logging on 401 logging 402 logging console 403 logging buffered 403 logging buffered size 404 clear logging 405 logging file 406 clear logging file 406 aaa l...

Страница 14: ...MENT COMMANDS ping 419 traceroute 421 telnet 424 resume 427 reload 428 hostname 429 show users 429 show sessions 430 show system 431 show version 432 service cpu utilization 433 show cpu utilization 434 USER INTERFACE COMMANDS enable 435 disable 436 login 436 configure 437 exit Configuration 438 exit 438 end 439 help 439 terminal data dump 440 debug mode 441 ...

Страница 15: ...e 455 vlan 455 interface vlan 456 interface range vlan 457 name 458 switchport access vlan 458 switchport trunk allowed vlan 459 switchport trunk native vlan 460 switchport general allowed vlan 461 switchport general pvid 462 switchport general ingress filtering disable 463 switchport general acceptable frame type tagged only 463 switchport forbidden vlan 464 show vlan 465 show vlan internal usage...

Страница 16: ...atistics 483 dot1x auth not req 485 dot1x multiple hosts 486 dot1x single host violation 487 dot1x guest vlan 488 dot1x guest vlan enable 489 show dot1x advanced 490 WIRELESS AP RADIO COMMANDS interface radio 493 enable ap radio 494 channel 494 power 496 allow traffic 497 preamble 497 rts threshold 498 antenna 499 beacon period 500 WIRELESS WLAN COMMANDS wlan tx power off 501 wlan country code 502...

Страница 17: ...ion idle timeout 507 clear wlan station 508 show wlan 509 show wlan auto tx power 510 show wlan logging configuration 511 show wlan stations 512 show wlan stations counters 513 TROUBLESHOOTING Problem Management 515 Troubleshooting Solutions 515 ...

Страница 18: ......

Страница 19: ...e From each mode a specific command is used to navigate from one command mode to another The standard order to access the modes is as follows User EXEC mode Privileged EXEC mode Global Configuration mode and Interface Configuration mode When starting a session the initial mode is the User EXEC mode Only a limited subset of commands are available in User EXEC mode This level is reserved for tasks t...

Страница 20: ...rectly into the Privileged EXEC mode To enter the Privileged EXEC mode from the User EXEC mode perform the following steps 1 At the prompt enter the enable command and press Enter A password prompt is displayed 2 Enter the password and press Enter The password is displayed as The Privileged EXEC mode prompt is displayed The Privileged EXEC mode prompt consists of the device host name followed by 3...

Страница 21: ...cess the Global Configuration mode and return to the Privileged EXEC mode Interface Configuration and Specific Configuration Modes Interface Configuration mode commands modify specific interface operations The following are the Interface Configuration modes Line Interface Contains commands to configure the management connections These include commands such as line timeout settings etc The line Glo...

Страница 22: ...SSH Public Key chain Configuration mode QoS Contains commands related to service definitions The qos Global Configuration mode command is used to enter the QoS services configuration mode MAC Access List Configures conditions required to allow traffic based on MAC addresses The mac access list Global Configuration mode command is used to enter the MAC access list configuration mode Starting the CL...

Страница 23: ...n properly in HyperTerminal s VT100 emulation Go to www microsoft com for information on Windows 2000 service packs 2 Enter the following commands to begin the configuration procedure 3 Configure the device and enter the necessary commands to complete the required tasks 4 When finished exit the session with the exit command When a different user is required to log onto the system use the login Pri...

Страница 24: ...he character is entered in place of a command A list of all valid commands and corresponding help messages are is displayed Partial keyword lookup If a command is incomplete and or the character is entered in place of a parameter The matched keyword or parameters for this command are displayed To assist in using the CLI there is an assortment of editing features The following features are describe...

Страница 25: ...n If the command entered is incomplete invalid or has missing or invalid parameters then the appropriate error message is displayed This assists in entering the correct command By pressing the Tab button an incomplete command is entered If the characters already entered are not enough for the system to identify a single matching command press to display the available commands matching the characte...

Страница 26: ...escribes the CLI shortcuts Table 3 Keyboard Key Table 4 Description Up arrow key Recalls commands from the history buffer beginning with the most recent command Repeat the key sequence to recall successively older commands Down arrow key Returns the most recent commands from the history buffer after recalling commands with the up arrow key Repeating the key sequence will recall successively more r...

Страница 27: ...e curly brackets indicate a selection of compulsory parameters separated by the character One option must be selected For example flowcontrol auto on off means that for the flowcontrol command either auto on or off must be selected Italic font Indicates a parameter Enter Indicates an individual key on the keyboard For example Enter indicates the Enter key Ctrl F4 Any combination keys pressed simul...

Страница 28: ...8 CHAPTER 1 USING THE CLI A device Configuration mode has been accessed The commands contain no encrypted data like encrypted passwords or keys Encrypted data cannot be copied and pasted into the device ...

Страница 29: ...acter string used to name the list of authentication methods activated when a user logs in Range 1 12 characters method1 method2 Specify at least one method from the following list Default Configuration The local user database is checked This has the same effect as the command aaa authentication login list name local Keyword Description enable Uses the enable password for authentication line Uses ...

Страница 30: ...cation are used only if the previous method returns an error not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line Example The following example configures the authentication login aaa authentication enable The aaa authentication enable Global Configuration mode command defines authentication method lists...

Страница 31: ...list names created with the aaa authentication enable command are used with the enable authentication command The additional methods of authentication are used only if the previous method returns an error not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line All aaa authentication enable default requests ...

Страница 32: ...authentication Parameters default Uses the default list created with the aaa authentication login command list name Uses the indicated list created with the aaa authentication login command Default Configuration Uses the default set with the command aaa authentication login Command Mode Line Configuration mode User Guidelines To change or rename an authentication method use the negate command and ...

Страница 33: ...e command list name Uses the indicated list created with the aaa authentication enable command Default Configuration Uses the default set with the aaa authentication enable command Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the default authentication method when accessing a higher privilege level from a...

Страница 34: ...the authentication succeeds even if all methods return an error specify none as the final method in the command line Example The following example configures the HTTP authentication ip https authentication The ip https authentication Global Configuration mode command specifies authentication methods for HTTPS server users To restore the default configuration use the no form of this command Keyword...

Страница 35: ...s To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line Example The following example configures HTTPS authentication show authentication methods The show authentication methods Privileged EXEC mode command displays information about the authentication methods Syntax show authentication methods Keyword Source or Destinat...

Страница 36: ...mand Example The following example displays the authentication configuration Console show authentication methods Login Authentication Method Lists Default Local Enable Authentication Method Lists Default Radius Enable Console_Enable Enable None Line Login Method List Enable Method List Console Default Default Telnet Default Default SSH Default Default http Local https Local dot1x ...

Страница 37: ...d is defined Command Mode Line Configuration mode User Guidelines If a password is defined as encrypted the required password length is 32 characters Example The following example specifies the password called secret on a console enable password The enable password Global Configuration mode command sets a local password to control access to user and privilege levels To remove the password requirem...

Страница 38: ...The following example sets a local level 15 password called secret to control access to user and privilege levels username The username Global Configuration mode command creates a user account in the local database To remove a user name use the no form of this command Syntax username name password password level level encrypted no username name Parameters name The name of the user Range 1 20 chara...

Страница 39: ...ult Configuration No user is defined Command Mode Global Configuration mode User Guidelines User account can be created without a password Example The following example configures user called bob with password lee and user level 15 to the system Console config username bob password lee level 15 ...

Страница 40: ...40 CHAPTER 2 AAA COMMANDS ...

Страница 41: ...Specifies the name of the ACL Range 0 32 characters Default Configuration The default for all ACLs is deny all Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example shows how to create an IP ACL permit ip The permit IP Access List Configuration mode command permits traffic if the conditions defined in the permit statement...

Страница 42: ...ard any source port any destination destination wildcard any destination port dscp number ip precedence number Parameters source Specifies the source IP address of the packet Specify any to indicate IP address 0 0 0 0 and mask 255 255 255 255 source wildcard Specifies wildcard to be applied to the source IP address Use 1s in bit positions to be ignored Specify any to indicate IP address 0 0 0 0 an...

Страница 43: ... Protocol ipinip 4 Transmission Control Protocol tcp 6 Exterior Gateway Protocol egp 8 Interior Gateway Protocol igp 9 User Datagram Protocol udp 17 Host Monitoring Protocol hmp 20 Reliable Data Protocol rdp 27 Inter Domain Policy Routing Protocol idpr 35 Ipv6 protocol ipv6 41 Routing Header for IPv6 ipv6 route 43 Fragment Header for IPv6 ipv6 frag 44 Inter Domain Routing Protocol idrp 45 Reservat...

Страница 44: ... dvmrp host query host report pim or trace Range 0 255 destination port Specifies the UDP TCP destination port Range 0 65535 source port Specifies the UDP TCP source port Range 0 65535 list of flags Specifies a list of TCP flags that can be triggered If a flag is set it is prefixed by If a flag is not set it is prefixed by The possible values are urg ack psh rst syn fin urg ack psh rst syn and fin...

Страница 45: ... 0 0 0 0 and mask 255 255 255 255 source wildcard Optional for the first type Specifies wildcard bits by placing 1s in bit positions to be ignored Specify any to indicate IP address 0 0 0 0 and mask 255 255 255 255 destination Specifies the IP address or host name to which the packet is being sent Specify any to indicate IP address 0 0 0 0 and mask 255 255 255 255 destination wildcard Optional for...

Страница 46: ...rotocol udp 17 Host Monitoring Protocol hmp 20 Reliable Data Protocol rdp 27 Inter Domain Policy Routing Protocol idpr 35 Ipv6 protocol ipv6 41 Routing Header for IPv6 ipv6 route 43 Fragment Header for IPv6 ipv6 frag 44 Inter Domain Routing Protocol idrp 45 Reservation Protocol rsvp 46 General Routing Encapsulation gre 47 Encapsulating Security Payload 50 esp 50 Authentication Header ah 51 ICMP fo...

Страница 47: ... that do not match the defined conditions are denied Example The following example shows how to define a permit statement for an IP ACL mac access list The mac access list Global Configuration mode command enables the MAC Access List Configuration mode and creates Layer 2 ACLs To delete an ACL use the no form of this command Syntax mac access list name no mac access list name Parameters name Speci...

Страница 48: ... to be applied to the source MAC address Use 1s in bit positions to be ignored destination Specifies the MAC address of the host to which the packet is being sent destination wildcard Specifies wildcard bits to be applied to the destination MAC address Use 1s in bit positions to be ignored vlan id Specifies the ID of the packet vlan Range 0 4095 cos Specifies the Class of Service CoS for the packe...

Страница 49: ...sable port any source source wildcard any destination destination wildcard vlan vlan id cos cos cos wildcard ethtype eth type Parameters disable port Indicates that the port is disabled if the statement is deny source Specifies the MAC address of the host from which the packet was sent source wildcard Optional for the first type Specifies wildcard bits by placing 1s in bit positions to be ignored ...

Страница 50: ...ccess Control Element ACE is added to an ACL all packets are permitted After an ACE is added an implied deny any any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied If the VLAN ID is specified the policy map cannot be connected to the VLAN interface Example The following example shows how to create a MAC ACL with...

Страница 51: ...et to trust 12 13 and not to 12 Example The following example binds services an ACL to VLAN 2 show access lists The show access lists Privileged EXEC mode command displays access control lists ACLs defined on the device Syntax show access lists name Parameters name The name of the ACL Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines ...

Страница 52: ...ax show interfaces access lists ethernet interface port channel port channel number Parameters interface Valid Ethernet port port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show access lists IP access list ACL1 permit ip host 172 30 4...

Страница 53: ...show interfaces access lists 53 Example The following example displays ACLs applied to the interfaces of a device Console show interfaces access lists Interface Input ACL g1 ACL1 g1 ACL3 ...

Страница 54: ...54 CHAPTER 3 ACL COMMANDS ...

Страница 55: ...s mac address A valid MAC address interface A valid Ethernet port port channel number A valid port channel number permanent The address can only be deleted by the no bridge address command delete on reset The address is deleted after reset delete on timeout The address is deleted after age out time has expired secure The address is deleted after the port changes mode to unlock learning no port sec...

Страница 56: ...ring Global Configuration mode command enables filtering multicast addresses To disable filtering multicast addresses use the no form of this command Syntax bridge multicast filtering no bridge multicast filtering Default Configuration Filtering multicast addresses is disabled All multicast addresses are flooded to all ports Command Mode Global Configuration mode User Guidelines If multicast devic...

Страница 57: ... multicast address ip multicast address bridge multicast address mac multicast address ip multicast address add remove ethernet interface list port channel port channel number list no bridge multicast address mac multicast address ip multicast address Parameters add Adds ports to the group If no option is specified this is the default option remove Removes ports from the group mac multicast addres...

Страница 58: ...t forbidden address The bridge multicast forbidden address Interface Configuration VLAN mode command forbids adding a specific multicast address to specific ports Use the no form of this command to restore the default configuration Syntax bridge multicast forbidden address mac multicast address ip multicast address add remove ethernet interface list port channel port channel number list no bridge ...

Страница 59: ...ls Default Configuration No forbidden addresses are defined Command Modes Interface Configuration VLAN mode User Guidelines Before defining forbidden ports the multicast group should be registered Example In this example MAC address 0100 5e02 0203 is forbidden on port g9 within VLAN 8 bridge multicast forward all The bridge multicast forward all Interface Configuration VLAN mode command enables fo...

Страница 60: ...e port channels with a comma and no spaces a hyphen is used to designate a range of port channels Default Configuration This setting is disabled Command Mode Interface Configuration VLAN mode User Guidelines There are no user guidelines for this command Example In this example all multicast packets on port 8 are forwarded bridge multicast forbidden forward all The bridge multicast forbidden forwar...

Страница 61: ...er list Separates nonconsecutive port channels with a comma and no spaces a hyphen is used to designate a range of port channels Default Configuration This setting is disabled Command Mode Interface Configuration VLAN mode User Guidelines IGMP snooping dynamically discovers multicast device ports When a multicast device port is discovered all the multicast packets are forwarded to it unconditional...

Страница 62: ...conds Range 10 630 seconds Default Configuration The default setting is 300 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example In the following example the bridge aging time is set to 250 seconds clear bridge The clear bridge Privileged EXEC mode command removes any learned entries from the forwarding database Syntax clear bridge De...

Страница 63: ...yntax port security forward discard discard shutdown trap seconds max no port security Parameters forward Forwards packets with unlearned source addresses but does not learn the address discard Discards packets with unlearned source addresses This is the default if no option is indicated discard shutdown Discards packets with unlearned source addresses The port is also shut down trap seconds Sends...

Страница 64: ...mode Interface Configuration mode command configures the port security mode To restore the default configuration use the no form of this command Syntax port security mode lock mac addresses no port security mode Parameters lock Saves the current dynamic MAC addresses associated with the port and disables learning relearning and aging mac addresses Deletes the current dynamic MAC addresses associat...

Страница 65: ...net port channel mode command adds a MAC layer secure address to a routed port Use the no form of this command to delete a MAC address Syntax port security routed secure address mac address no port security routed secure address mac address Parameters mac address A valid MAC address Default Configuration No addresses are defined Command Mode Interface Configuration Ethernet port channel mode Canno...

Страница 66: ...he show bridge address table Privileged EXEC mode command displays all entries in the bridge forwarding database Syntax show bridge address table vlan vlan ethernet interface port channel port channel number address mac address Parameters vlan Specifies a valid VLAN such as VLAN 1 interface A valid Ethernet port port channel number A valid port channel number mac address A valid MAC address Defaul...

Страница 67: ...addresses defined in ACLS Example In this example all classes of entries in the bridge forwarding database are displayed show bridge address table static The show bridge address table static Privileged EXEC mode command displays statically created entries in the bridge forwarding database Syntax show bridge address table static vlan vlan ethernet interface port channel port channel number Console ...

Страница 68: ...o user guidelines for this command Example In this example all static entries in the bridge forwarding database are displayed show bridge address table count The show bridge address table count Privileged EXEC mode command displays the number of addresses present in the Forwarding Database Console show bridge address table static Aging time is 300 sec vlan mac address port type 1 00 60 70 4C 73 FF...

Страница 69: ...hannel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example the number of addresses present in all VLANs are displayed Console show bridge address table count Capacity 8192 Free 8083 Used 109 Secure addresses 2 Static addresses 1 Dyna...

Страница 70: ...multicast address A valid MAC multicast address ip multicast address A valid IP multicast address format ip mac Multicast address format Can be ip or mac If the format is unspecified the default is mac Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines A MAC address can be displayed in IP format only if it is in the range of 0100 5e00 ...

Страница 71: ...s for multicast addresses Vlan MAC Address Ports 1 01 00 5e 02 02 03 8 19 01 00 5e 02 02 08 8 Console show bridge multicast address table format ip Vlan IP MAC Address Type Ports 1 224 239 130 2 2 3 static g1 g2 19 224 239 130 2 2 8 static g1 8 19 224 239 130 2 2 8 dynamic g9 11 Forbidden ports for multicast addresses Vlan IP MAC Address Ports 1 224 239 130 2 2 3 g8 19 224 239 130 2 2 8 g8 ...

Страница 72: ...Parameters vlan id Indicates the VLAN ID This has to be a valid VLAN ID value Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example the multicast configuration for VLAN 1 is displayed Console show bridge multicast filtering 1 Filtering Enabled VLAN 1 Port Static Status ...

Страница 73: ...lid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example In this example all classes of entries in the port lock status are displayed Console show ports security Port Status Learni ng Action Maximu m Trap Frequency g1 Locke...

Страница 74: ...nel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode g2 Unlock ed Dynami c 28 g3 Locked Disabl ed Discar d Shutdo wn 8 Disabl e Field Description Port The port number Status The values are Locked Unlocked Learning The learning mode Action Action on violation Maximum The maximum number of addresses that can be assoc...

Страница 75: ...rrently locked port 1 Console show ports security addresses Port Status Learning Current Maximum g1 Disabled Lock 1 g2 Disabled Lock 1 g3 Enabled Max addres ses 0 1 g4 Port is a member in port channel ch1 g5 Disabled Lock 1 6 Enabled Max addres ses 0 10 ch1 Enabled Max addres ses 0 50 ch2 Enabled Max addres ses 0 128 Console show ports security addresses ethernet 1 Port Status Learning Current Max...

Страница 76: ...76 CHAPTER 4 ADDRESS TABLE COMMANDS ...

Страница 77: ...ana Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables configuring Ethernet port g18 interface range ethernet The interface range ethernet Global Configuration mode command configures multiple Ethernet type interfaces at the same time Syntax interf...

Страница 78: ...terface range context are executed independently on each active interface in the range If the command returns an error on one of the active interfaces it does not stop executing commands on other active interfaces Example The following example shows how ports g18 to g20 and g1 to g24 are grouped to receive the same command shutdown The shutdown Interface Configuration Ethernet port channel mode co...

Страница 79: ... to an interface To remove the description use the no form of this command Syntax description string no description Parameters string Comment or a description of the port to enable the user to remember what is attached to the port Range 1 64 characters Default Configuration The interface does not have a description Command Mode Interface Configuration Ethernet port channel mode User Guidelines The...

Страница 80: ...0 1000 10000 Parameters 10 Forces10 Mbps operation 100 Forces 100 Mbps operation 1000 Forces 1000 Mbps operation 10000 Forces 10000 Mbps operation Default Configuration Maximum port capability Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures the speed operation of Ethernet port g5 ...

Страница 81: ...guration Ethernet mode User Guidelines When configuring a particular duplex mode on the port operating at 10 100 Mbps disable the auto negotiation on that port Half duplex mode can be set only for ports operating at 10 Mbps or 100 Mbps Example The following example configures the duplex operation of Ethernet port g1 to full duplex operation negotiation The negotiation Interface Configuration Ether...

Страница 82: ...mode User Guidelines If capabilities were specified when auto negotiation was previously entered not specifying capabilities when currently entering auto negotiation overrides the previous configuration and enables all capabilities Example The following example enables auto negotiation on Ethernet port 1 flowcontrol The flowcontrol Interface Configuration Ethernet port channel mode command configu...

Страница 83: ...the following example flow control is enabled on port 1 mdix The mdix Interface Configuration Ethernet mode command enables cable crossover on a given interface To disable cable crossover use the no form of this command Syntax mdix on auto no mdix Parameters on Manual mdix is enabled auto Automatic mdi mdix is enabled Default Configuration The default setting is on Command Mode Interface Configura...

Страница 84: ... only with a normal cable Example In the following example automatic crossover is enabled on port 1 clear counters The clear counters Privileged EXEC mode command clears statistics on an interface Syntax clear counters ethernet interface port channel port channel number Parameters interface Valid Ethernet port Elana port channel number Valid port channel number Default Configuration This command h...

Страница 85: ...rt channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command is used to activate interfaces that were configured to be active but were shutdown by the system for some reason e g port security Example The following example reactivates interface 1 show interfaces advertise The show interface...

Страница 86: ...command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays auto negotiation information Console show interfaces advertise Port Type Neg Operational Link Advertisement 1 100M Copper Enabled 2 100M Copper Enabled 3 100M Copper Enabled 4 100M Copper Enabled 5 100M Copper Enabled 100f 100h...

Страница 87: ...port channel number Valid port channel number Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the configuration of all configured interfaces 8 100M Copper Enabled 9 100M Copper Enabled 10 100M Copper Enabled 11 100M Copper Enabled 12 100M Copper En...

Страница 88: ... Cop per Full 100 Enab led Off Up Disa bled Auto 4 100M Cop per Full 100 Enab led Off Up Disa bled Auto 5 100M Cop per Full 100 Enab led Off Up Disa bled Auto 6 100M Cop per Full 100 Enab led Off Up Disa bled Auto 7 100M Cop per Full 100 Enab led Off Up Disa bled Auto 8 100M Cop per Full 100 Enab led Off Up Disa bled Auto 9 100M Cop per Full 100 Enab led Off Up Disa bled Auto 10 100M Cop per Full ...

Страница 89: ... Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the status of all configured interfaces Console show interfaces status Port Type Dupl ex Spee d Neg Flow Ctrl Link Stat e Back Pres sure Mdix Mode 1 100M Cop per Down 2 100M Cop per Down 3 100M Cop pe...

Страница 90: ...interfaces description ethernet interface port channel port channel number Parameters interface Valid Ethernet port Full syntax unit port port channel number A valid port channel number 4 100M Cop per Down 5 100M Cop per Full 100 Enab led Off Up Disa bled Auto 6 100M Cop per Down 7 100M Cop per Down 8 100M Cop per Down 9 100M Cop per Down 10 100M Cop per Down 11 100M Cop per Down 12 100M Cop per D...

Страница 91: ...escriptions of configured interfaces show interfaces counters The show interfaces counters Privileged EXEC mode command displays traffic seen by the physical interface Syntax show interfaces counters ethernet interface port channel port channel number Parameters interface A valid Ethernet port Elana port channel number A valid port channel number Console show interfaces description Port Descriptio...

Страница 92: ...lines for this command Example The following example displays traffic seen by the physical interface Console show interfaces counters Port InOctets InUcastPkts InMcastPkts InBcastPkts g1 183892 0 0 0 g1 0 0 0 0 g1 123899 0 0 0 Port OutOctets OutUcastPkt s OutMcastPkt s OutBcastPkt s g1 9188 0 0 0 g1 0 0 0 0 g1 8789 0 0 0 Ch InOctets InUcastPkts InMcastPkts InBcastPkts 1 27889 0 0 0 ...

Страница 93: ...net 1 Port InOctets InUcastPkts InMcastPkts InBcastPkts g1 183892 0 0 0 Port OutOctets OutUcastPkt s OutMcastPkt s OutBcastPkt s g1 9188 0 0 0 FCS Errors 0 Single Collision Frames 0 Late Collisions 0 Excessive Collisions 0 Oversize Packets 0 Internal MAC Rx Errors 0 Received Pause Frames 0 Transmitted Pause Frames 0 Field Description InOctets Counted received octets InUcastPkts Counted received un...

Страница 94: ...ansmitted broadcast packets FCS Errors Counted received frames that are an integral number of octets in length but do not pass the FCS check Single Collision Frames Counted frames that are involved in a single collision and are subsequently transmitted successfully Late Collisions Number of times that a collision is detected later than one slotTime into the transmission of a packet Excessive Colli...

Страница 95: ...ckets in broadcast storm control To disable counting multicast packets use the no form of this command Syntax port storm control include multicast unknown unicast no port storm control include multicast Parameters unknown unicast Specifies also counting unknown unicast packets Default Configuration Multicast packets are not counted Command Modes Interface Configuration Ethernet mode User Guideline...

Страница 96: ...n Broadcast storm control is disabled Command Modes Interface Configuration Ethernet mode User Guidelines Use the port storm control broadcast rate Interface Configuration Ethernet mode command to set the maximum allowable broadcast rate Use the port storm control include multicast Global Configuration mode command to enable counting multicast packets in the storm control calculation Example The f...

Страница 97: ... Default Configuration The default storm control broadcast rate is 3500 Kbits Sec Command Mode Interface Configuration Ethernet mode User Guidelines Use the port storm control broadcast enable Interface Configuration mode command to enable broadcast storm control Example The following example configures a port storm control broadcast rate 4000 on port g2 show ports storm control The show ports sto...

Страница 98: ...delines There are no user guidelines for this command Example The following example displays the storm control configuration Console show ports storm control Port State Rate Kbits Sec Included g1 Disabled 3500 Broadcast g2 Disabled 3500 Broadcast g3 Disabled 3500 Broadcast g4 Disabled 3500 Broadcast g5 Disabled 3500 Broadcast g6 Disabled 3500 Broadcast ...

Страница 99: ...console access Telnet ssh Virtual terminal for secured remote console access SSH Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the device as a virtual terminal for remote console access speed The speed Line Configuration mode command sets t...

Страница 100: ...configured speed is applied when Autobaud is disabled This configuration applies only to the current session Example The following example configures the line baud rate autobaud The autobaud Line Configuration mode command sets the line for automatic baud rate detection autobaud To disable automatic baud rate detection use the no form of the command Syntax autobaud no autobaud Default Configuratio...

Страница 101: ...ystem waits until user input is detected To restore the default configuration use the no form of this command Syntax exec timeout minutes seconds no exec timeout Parameters minutes Specifies the number of minutes for the timeout Range 0 65535 seconds Specifies additional time intervals in seconds Range 0 59 Default Configuration The default configuration is 10 minutes Command Mode Line Configurati...

Страница 102: ... Guidelines This command enables the command history function for a specified line To enable or disable the command history function for the current terminal session use the terminal history user EXEC mode command Example The following example enables the command history function for Telnet history size The history size Line Configuration mode command configures the command history buffer size for...

Страница 103: ...the current terminal session use the terminal history size User EXEC mode command Example The following example changes the command history buffer size to 100 entries for a particular line terminal history The terminal history User EXEC mode command enables the command history function for the current terminal session To disable the command history function use the no form of this command Syntax t...

Страница 104: ... form of this command Syntax terminal history size number of commands no terminal history size Parameters number of commands Specifies the number of commands the system may record in its command history buffer Range 10 200 Default Configuration The default command history buffer size is 10 Command Mode User EXEC mode User Guidelines The terminal history size user EXEC command configures the size o...

Страница 105: ...telnet Virtual terminal for remote console access Telnet ssh Virtual terminal for secured remote console access SSH Default Configuration If the line is not specified the default value is console Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the line configuration Console terminal history size 20 Console show ...

Страница 106: ...106 CHAPTER 6 LINE COMMANDS Parity none Stopbits 1 Telnet configuration Interactive timeout 10 minutes 10 seconds History 10 SSH configuration Interactive timeout 10 minutes 10 seconds History 10 ...

Страница 107: ...per cable attached to a port Syntax test copper port tdr interface Parameters interface A valid Ethernet port Elana Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines The port to be tested should be shut down during the test unless it is a combination port with fiber port active The maximum length of cable for the TDR test is 120 meter...

Страница 108: ...pper ports tdr interface Parameters interface A valid Ethernet port Elana Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines The maximum length of cable for the TDR test is 120 meters Example The following example displays information on the last TDR test performed on all copper ports Console test copper port tdr g3 Cable is open at 64...

Страница 109: ...x show copper ports cable length interface Parameters interface A valid Ethernet port Elana Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines The port must be active and working in 1000M mode Port Result Length meters Date g1 OK g2 Short 50 13 32 00 23 July 2005 g3 Test has not been performed g4 Open 64 13 32 00 23 July 2005 g5 Fiber ...

Страница 110: ...e optical transceiver diagnostics Syntax show fiber ports optical transceiver interface detailed Parameters interface A valid Ethernet port Elana detailed Detailed diagnostics Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines To test optical transceivers ensure a fiber link is present Console show copper ports cable length Port Length...

Страница 111: ...re nt Output Port Temp Volta ge Power Power Input LOS 21 OK OK OK OK OK No Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power in milliWatts Input Power Measured RX received power in milliWatts LOS Loss of signal N A Not Available N S Not Supported W Warning E Error ...

Страница 112: ...C Volt mA mWatt mWatt 21 34 3 35 8 43 2 72 7 71 No Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power in milliWatts Input Power Measured RX received power in milliWatts LOS Loss of signal N A Not Available N S Not Supported W Warning E Error ...

Страница 113: ...figuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Eight aggregated links can be defined with up to eight member ports per port channel The aggregated links valid IDs are 1 8 Example The following example enters the context of port channel number 1 interface range port channel The interface range port channel Global Configuration mode comman...

Страница 114: ...rface range context are executed independently on each interface in the range Example The following example groups port channels 1 2 and 6 to receive the same command channel group The channel group Interface Configuration Ethernet mode command associates a port with a port channel To remove a port from a port channel use the no form of this command Syntax channel group port channel number mode on...

Страница 115: ... join port channel 1 without an LACP operation show interfaces port channel The show interfaces port channel Privileged EXEC mode command displays port channel information Syntax show interfaces port channel port channel number Parameters port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines T...

Страница 116: ... CHAPTER 8 PORT CHANNEL COMMANDS The following example displays information on all port channels Console show interfaces port channel Channel Ports 1 Active g1 g2 2 Active g2 g7 Inactive g1 3 Active g3 g8 ...

Страница 117: ...tax qos basic advanced no qos Parameters basic QoS basic mode advanced QoS advanced mode which enables the full range of QoS configuration Default Configuration The QoS basic mode is enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables QoS on the device Console config qos basic ...

Страница 118: ... QoS attributes when QoS is enabled in basic mode on the device class map The class map Global Configuration mode command creates or modifies a class map and enters the Class map Configuration mode To delete a class map use the no form of this command Syntax class map class map name match all match any no class map class map name Parameters class map name Specifies the name of the class map Range ...

Страница 119: ... Configuration mode commands are entered each should point to a different type of ACL e g one to an IP ACL and one to a MAC ACL Since packet classification is based on the order of the classification criteria the order in which the match Class Map Configuration mode commands are entered is important If there is more than one match statement in a match all class map and the same classification fiel...

Страница 120: ...ileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows the class map for class1 match The match Class map Configuration mode command defines the match criteria for classifying traffic To delete the match criteria use the no form of this command Syntax match access group acl name no match access group acl name Parameters acl name Specifies...

Страница 121: ...cy map use the no form of this command Syntax policy map policy map name no policy map policy map name Parameters policy map name Specifies the name of the policy map Range 0 32 characters Command Mode Global Configuration mode User Guidelines Before configuring policies for classes whose match criteria are defined in a class map use the policy map Global Configuration mode command to specify the ...

Страница 122: ...se the no form of this command Syntax class class map name access group acl name no class class map name Parameters class map name Specifies the name of an existing class map If the class map does not exist a new class map will be created under the specified name Range 0 32 characters acl name Specifies the name of an IP or MAC ACL Default Configuration No policy map is defined Command Mode Policy...

Страница 123: ...ic classification called class1 with an access group called enterprise The class is in a policy map called policy1 show policy map The show policy map Privileged EXEC mode command displays the policy maps Syntax show policy map policy map name class name Parameters policy map name Specifies the name of the policy map to be displayed class name Specifies the name of the class whose QoS policies are...

Страница 124: ...ust cos dscp Default Configuration The port is not in the trust mode If the port is in trust mode the internal DSCP value is derived from the ingress packet Command Mode Policy map Class Configuration mode User Guidelines Action serviced to a class so that if an IP packet arrives the queue is assigned per DSCP If a non IP packet arrives the queue is assigned per CoS VPT Console show policy map Pol...

Страница 125: ... a new user priority for marking the packet Range 0 7 Default Configuration This command has no default configuration Command Mode Policy map Class Configuration mode User Guidelines This command is mutually exclusive with the trust Policy map Class Configuration command within the same policy map Policy maps that contain set or trust Policy map Class Configuration commands or that have ACL classi...

Страница 126: ...rst byte exceed action drop policed dscp transmit no police Parameters committed rate bps Specifies the average traffic rate CIR in bits per second bps committed burst byte Specifies normal burst size CBS in bytes drop Indicates that when the rate is exceeded the packet is dropped policed dscp transmit Indicates that when the rate is exceeded the DSCP of the packet is remarked according to the pol...

Страница 127: ...iguration Ethernet port Channel mode command applies a policy map to the input of a particular interface To detach a policy map from an interface use the no form of this command Syntax service policy input policy map name no service policy input Parameters policy map name Specifies the name of the policy map to be applied to the input interface Default Configuration This command has no default con...

Страница 128: ...s aggregate policer Parameters aggregate policer name Specifies the name of the aggregate policer committed rate bps Specifies the average traffic rate CIR in bits per second bps excess burst byte Specifies the normal burst size CBS in bytes drop Indicates that when the rate is exceeded the packet is dropped policed dscp transmit Indicates that when the rate is exceeded the DSCP of the packet is r...

Страница 129: ...olicy maps Policing uses a token bucket algorithm CIR represents the speed with which the token is removed from the bucket CBS represents the depth of the bucket Example The following example defines the parameters of a policer called policer1 that can be applied to multiple classes in the same policy map When the average traffic rate exceeds 124 000 bps or the normal burst size exceeds 96000 bps ...

Страница 130: ...no police aggregate aggregate policer name Parameters aggregate policer name Specifies the name of the aggregate policer Default Configuration This command has no default configuration Command Mode Policy map Class Configuration mode User Guidelines An aggregate policer can be applied to multiple classes in the same policy map An aggregate policer cannot be applied across multiple policy maps or i...

Страница 131: ... queue cos map queue id Parameters queue id Specifies the queue number to which the CoS values are mapped cos1 cos8 Specifies CoS values to be mapped to a specific queue Range 0 7 Default Configuration CoS values are mapped to 8 queues as follows Cos0 is mapped to queue 3 Cos1 is mapped to queue 1 Cos2 is mapped to queue 2 Cos3 is mapped to queue 4 Cos4 is mapped to queue 5 Cos5 is mapped to queue...

Страница 132: ...h Interface Configuration Ethernet port channel mode command assigns weights to each Weighted Round Robin WRR queue The weight ratio determines the frequency by which the packet scheduler dequeues packets from each queue To restore the default configuration use the no form of this command Syntax wrr queue bandwidth weight1 weight2 weight_n no wrr queue bandwidth Parameters weight1 weight2 weight_n...

Страница 133: ...s of the expedite queues are ignored in the ratio calculation An expedite queue is a priority queue and it is serviced before the other queues are serviced Use the priority queue out Interface Configuration Ethernet port channel mode command to enable expedite queues Example The following example assigns a weight of 6 to each of the 8 WRR queues priority queue out num of queues The priority queue ...

Страница 134: ...nfigures the shaper of the egress port queue To disable the shaper use the no form of this command Syntax traffic shape committed rate committed burst no traffic shape Parameters committed rate Specifies the average traffic rate CIR in kilobits per second kbps Range 64 kbps 1000000 excess burst Specifies the excess burst size CBS in bytes Default Configuration No shape is defined Command Mode Inte...

Страница 135: ...limit interface configuration command mode limits the rate of the incoming traffic The no form of this command is used to disable rate limit Syntax r rate limit kbps no rate limit Parameters kbps Maximum of kilobits per second of ingress traffic on a port Range 1 1000000 Default Configuration 1000 Kbits Sec Command Mode Interface Configuration Ethernet mode User Guidelines The command can be enabl...

Страница 136: ...the CoS to queue map and the EF priority policers Displays the shaper of the specified interface and the shaper for the queue on the specified interface shapers Displays all the policers configured for this interface their setting and the number of policers currently unused Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode User Guidelines If...

Страница 137: ... example displays the buffer settings for queues on Ethernet port 1 Console show qos interface ether net g1 buffers Ethernet g1 Notify Q depth qi d Si ze 1 12 5 2 12 5 3 12 5 4 12 5 5 12 5 6 12 5 7 12 5 8 12 5 qi d Threshold 1 10 0 2 10 0 3 10 0 ...

Страница 138: ...to dscp mark down no qos map policed dscp 4 10 0 5 N A 6 N A 7 N A 8 N A qi d Mi n DP 0 Ma x DP 0 Pr ob DP 0 Mi n DP 1 Ma x DP 1 Pr ob DP 1 Mi n DP 2 Ma x DP 2 Prob DP2 Weight 1 N A N A N A N A N A N A N A N A N A N A 2 N A N A N A N A N A N A N A N A N A N A 3 N A N A N A N A N A N A N A N A N A N A 4 N A N A N A N A N A N A N A N A N A N A 5 50 60 13 65 80 6 85 95 4 2 6 50 60 13 65 80 6 85 95 4 ...

Страница 139: ... to other values Example The following example marks down incoming DSCP value 3 as DSCP value 43 on the policed DSCP map qos map dscp queue The qos map dscp queue Global Configuration mode command modifies the DSCP to CoS map To restore the default map use the no form of this command Syntax qos map dscp queue dscp list to queue id no qos map dscp queue Parameters dscp list Specifies up to 8 DSCP v...

Страница 140: ...system to the basic mode and trust state To return to the untrusted state use the no form of this command Syntax qos trust cos dscp no qos trust Parameters cos Indicates that ingress packets are classified with packet CoS values Untagged packets are classified with the default port CoS value dscp Indicates that ingress packets are classified with packet DSCP values Default Configuration CoS is the...

Страница 141: ...an be applied Use this command to specify whether the port is trusted and which fields of the packet to use to classify traffic When the system is configured as trust DSCP traffic is mapped to a queue according to the DSCP queue map Example The following example configures the system to the DSCP trust state qos trust Interface The qos trust Interface Configuration Ethernet port channel mode comman...

Страница 142: ...s cos default cos no qos cos Parameters default cos Specifies the default CoS value of the port Range 0 7 Default Configuration Default CoS value of a port is 0 Command Mode Interface Configuration Ethernet port channel mode User Guidelines If the port is trusted the default CoS value of the port is used to assign a CoS value to all untagged packets entering the port Example The following example ...

Страница 143: ...CP mutation map to match one set of DSCP values with the DSCP values of another domain Apply the DSCP to DSCP mutation map only to ingress and to DSCP trusted ports Applying this map to a port causes IP packets to be rewritten with newly mapped DSCP values at the ingress ports If the DSCP to DSCP mutation map is applied to an untrusted port class of service CoS or IP precedence trusted port this c...

Страница 144: ...mand Mode Global Configuration mode User Guidelines This is the only map that is not globally configured it is possible to have several maps and assign each one to different ports Example The following example changes DSCP values 1 2 4 5 and 6 to DSCP Mutation Map value 63 security suite enable The security suite enable Global Configuration mode command enables the security suite feature Use the n...

Страница 145: ...interface security suite rules cannot be enabled Example The following example enables the security suite feature and specifies that all the security suites commands would be only global commands security suite dos protect The security suite dos protect Global Configuration mode command protects the system from specific well known Denial Of Service attacks Use the no form of this command to disabl...

Страница 146: ...uite deny martian addresses Parameters ip address Specify the packets to discard with that IP address as the source IP address or the destination IP address mask Specifies the network mask of the IP address prefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Attack Keyword Protection Stacheldraht Distribution DoS atta...

Страница 147: ... block is assigned for use as the Internet host loopback address 192 0 2 0 24 This block is assigned as TEST NET for use in documentation and example code 224 0 0 0 4 as source This block formerly known as the Class D address space is allocated for use in IPv4 multicast address assignments 240 0 0 0 4 except 255 255 255 255 32 as destination address This block formerly known as the Class E address...

Страница 148: ... destination address in the block of the reserved IP addresses 192 168 0 0 16 Private Use Networks 198 18 0 0 15 This block has been allocated for use in benchmark tests of network interconnect devices Address block Present use Console config security suite deny martian addresses reserved add 127 0 0 0 8 ...

Страница 149: ...ss Current time in hours military format minutes and seconds hh 0 23 mm 0 59 ss 0 59 day Current day by date in the month Range 1 31 month Current month using the first three letters by name Range Jan Dec year Current year Range 2000 2097 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command ...

Страница 150: ...ce Parameters sntp SNTP servers Default Configuration No external clock source Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures an external time source for the system clock clock timezone The clock timezone Global Configuration mode command sets the time zone for display purposes To set the time to the Coo...

Страница 151: ...nd is used only for display purposes and when the time is manually set Example The following example sets the timezone to 6 hours difference from UTC clock summer time The clock summer time Global Configuration mode command configures the system to automatically switch to summer time daylight saving time To configure the software not to automatically switch to summer time use the no form of this c...

Страница 152: ...on rules week Week of the month Range 1 5 first last day Day of the week Range first three letters by name like sun date Date of the month Range 1 31 month Month Range first three letters by name like Jan year year no abbreviation Range 2000 2097 hh mm Time in military format in hours and minutes Range hh 0 23 mm 0 59 offset Number of minutes to add during summer time Range 1 1440 acronym The acro...

Страница 153: ... Sunday in October Time 2 am local time EU rule for daylight savings time Start Last Sunday in March End Last Sunday in October Time 1 00 am 01 00 Example The following example sets summer time starting on the first Sunday in April at 2 am and finishing on the last Sunday in October at 2 am sntp authentication key The sntp authentication key Global Configuration mode command defines an authenticat...

Страница 154: ...r SNTP sntp authenticate The sntp authenticate Global Configuration mode command grants authentication for received Simple Network Time Protocol SNTP traffic from servers To disable the feature use the no form of this command Syntax sntp authenticate no sntp authenticate Default Configuration No authentication Command Mode Global Configuration mode User Guidelines The command is relevant for both ...

Страница 155: ...y of the system use the no form of this command Syntax sntp trusted key key number no sntp trusted key key number Parameters key number Key number of authentication key to be trusted Range 1 4294967295 Default Configuration No keys are trusted Command Mode Global Configuration mode User Guidelines The command is relevant for both received unicast and broadcast If there is at least 1 trusted key th...

Страница 156: ...this command Syntax sntp client poll timer seconds no sntp client poll timer Parameters seconds Polling interval in seconds Range 60 86400 Default Configuration Polling interval is 1024 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the polling time for the SNTP client to 120 seconds Console config snt...

Страница 157: ...ntp client poll timer Global Configuration mode command Use the sntp client enable Interface Interface Configuration mode command to enable the SNTP client on a specific interface Example The following example enables SNTP anycast clients sntp client enable Interface The sntp client enable Interface Configuration Ethernet port channel VLAN mode command enables the Simple Network Time Protocol SNTP...

Страница 158: ...ntp unicast client enable Global Configuration mode command enables the device to use the Simple Network Time Protocol SNTP to request and accept SNTP traffic from servers To disable requesting and accepting SNTP traffic from servers use the no form of this command Syntax sntp unicast client enable no sntp unicast client enable Default Configuration The SNTP unicast client is disabled Command Mode...

Страница 159: ...no sntp unicast client poll Default Configuration Polling is disabled Command Mode Global Configuration mode User Guidelines Polling time is determined by the sntp client poll timer Global Configuration mode command Example The following example enables polling for SNTP predefined unicast clients sntp server The sntp server Global Configuration mode command configures the device to use the Simple ...

Страница 160: ...es Up to 8 SNTP servers can be defined Use the sntp unicast client enable Global Configuration mode command to enable predefined unicast clients globally To enable polling you should also use the sntp unicast client poll Global Configuration mode command for global enabling Polling time is determined by the sntp client poll timer Global Configuration mode command Example The following example conf...

Страница 161: ...e symbol that precedes the show clock display indicates the following Example The following example displays the time and date from the system clock Symbol Description Time is not authoritative blank Time is authoritative Time is authoritative but SNTP is not synchronized Console show clock 15 29 03 PDT UTC 7 Jun 17 2005 Time source is SNTP Console show clock detail 15 29 03 PDT UTC 7 Jun 17 2005 ...

Страница 162: ...uration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the current SNTP configuration of the device Time zone Acronym is PST Offset is UTC 8 Summertime Acronym is PDT Recurring every year Begins at first Sunday of April at 2 00 Ends at last Sunday of October at 2 00 Offset is 60 minutes Console show sntp config...

Страница 163: ...n This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Authentication is required for synchronization Trusted Keys 8 9 Unicast Clients Polling Enabled Server Polling Encryption Key 176 1 1 8 Enabled 9 176 1 8 179 Disabled Disabled Broadcast Clients Enabled Anycast Clients Enabled Broadcast Interfaces g1 g3 ...

Страница 164: ...70597B34 00 10 22 438 PDT Jul 5 1993 Unicast servers Server Status Last response Offset mSec Delay mSec 176 1 1 8 Up 19 58 22 289 PDT Feb 19 2005 7 33 117 79 176 1 8 179 Unknown 12 17 17 987 PDT Feb 19 2005 8 98 189 19 Anycast server Server Interfac e Status Last response Offset Delay mSec mSec 176 1 11 8 VLAN 118 Up 9 53 21 789 PDT Feb 19 2005 7 19 119 89 Broadcas t Interfac e IP Address Last res...

Страница 165: ...show sntp status 165 g13 0 0 0 0 00 00 00 0 Feb 19 2005 vlan 1 16 1 1 2 00 15 15 16 0 LLBG Feb 19 2006 ...

Страница 166: ...166 CHAPTER 10 CLOCK COMMANDS ...

Страница 167: ...mber port channel port channel number Parameters interface number Valid Ethernet port port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays RMON Ethernet statistics for Ethernet port g1 ...

Страница 168: ...t packets received Broadcast The total number of good packets received and directed to the broadcast address This does not include multicast packets Multicast The total number of good packets received and directed to a multicast address This number does not include packets directed to the broadcast address CRC Align Errors The total number of packets received with a length excluding framing bits b...

Страница 169: ...k Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error 64 Octets The total number of packets including bad packets received that are 64 octets in length excluding framing bits but including FCS octets 65 to 127 Octets The total number of packets including bad packets received that are between 65 and 127 octets in length inclusiv...

Страница 170: ...atistics group is 50 Number of seconds in each polling cycle is 1800 Command Mode Interface Configuration Ethernet port channel mode User Guidelines Cannot be configured for a range of interfaces Range context Example The following example enables a Remote Monitoring RMON MIB history statistics group on Ethernet port g1 with index number 1 and a polling interval period of 2400 seconds show rmon co...

Страница 171: ...tatistics The following table describes the significant fields shown in the display Console show rmon collection history Index Interfac e Interval Requeste d Samples Granted Samples Owner 1 g1 30 50 50 CLI 2 g1 1800 50 50 Manager Field Description Index An index that uniquely identifies the entry Interface The sampled Ethernet interface Interval The interval in seconds between samples Requested Sa...

Страница 172: ...ndicates error counters other Indicates drop and collision counters seconds Specifies the period of time in seconds Range 1 4294967295 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays RMON Ethernet history statistics for index 1 Console show rmon his...

Страница 173: ...8769630 4 275686 2789 5878 20 Console show rmon history 1 errors Sample Set 1 Owner Me Interface g1 Interval 1800 Requested samples 50 Granted samples 50 Maximum table size 500 800 after reset Time CRC Align Undersiz e Oversize Fragment s Jabbers Jan 18 2005 21 57 00 1 1 0 49 0 Jan 18 2005 21 57 30 1 1 0 27 0 Console show rmon history 1 other ...

Страница 174: ...roadcast The number of good packets received during this sampling interval that were directed to the broadcast address Multicast The number of good packets received during this sampling interval that were directed to a multicast address This number does not include packets addressed to the broadcast address Util The best estimate of the mean physical layer network utilization on this interface dur...

Страница 175: ...total number of packets received during this sampling interval that were less than 64 octets in length excluding framing bits but including FCS octets had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets AlignmentError It is normal for etherHistoryFragments to increment because it counts both runts which are normal ...

Страница 176: ...nd the difference is compared with the thresholds direction Specifies the alarm that may be sent when this entry is first set to valid Possible values are rising rising falling and falling If the first sample after this entry becomes valid is greater than or equal to rthreshold and direction is equal to rising or rising falling a single rising alarm is generated If the first sample after this entr...

Страница 177: ...ed EXEC mode command displays the alarms table Syntax show rmon alarm table Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the alarms table Console config rmon alarm 1000 3Com 360000 1000000 1000000 10 20 Console show rmon alarm table Index OID Own...

Страница 178: ...fies the alarm index Range 1 65535 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays RMON 1 alarms 2 1 3 6 1 2 1 2 2 1 10 1 Manager 3 1 3 6 1 2 1 2 2 1 10 9 CLI Field Description Index An index that uniquely identifies the entry OID Monitored variable...

Страница 179: ...val in seconds over which the data is sampled and compared with the rising and falling thresholds Sample Type The method of sampling the variable and calculating the value compared against the thresholds If the value is absolute the value of the variable is compared directly with the thresholds at the end of the sampling interval If the value is delta the value of the variable at the last sample i...

Страница 180: ...acters name Specifies the name of the person who configured this event If unspecified the name is an empty string Default Configuration This command has no default configuration Command Mode Global Configuration mode Rising Threshold A sampled statistic threshold When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval is less than this ...

Страница 181: ...evice generates a notification in the log table show rmon events The show rmon events Privileged EXEC mode command displays the RMON event table Syntax show rmon events Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the RMON event table Console con...

Страница 182: ... Trap device Manager Jan 18 2006 23 59 48 Field Description Index An index that uniquely identifies the event Description A comment describing this event Type The type of notification that the device generates about this event Can have the following values none log trap log trap In the case of log an entry is made in the log table for each event In the case of trap an SNMP trap is sent to one or m...

Страница 183: ...tory entries log entries no rmon table size history log Parameters Console show rmon log Maximum table size 500 Event Description Time 1 Errors Jan 18 2006 23 48 19 1 Errors Jan 18 2006 23 58 17 2 High Broadcast Jan 18 2006 23 59 48 Console show rmon log Maximum table size 500 800 after reset Event Description Time 1 Errors Jan 18 2006 23 48 19 1 Errors Jan 18 2006 23 58 17 2 High Broadcast Jan 18...

Страница 184: ...es Range 20 32767 Default Configuration History table size is 270 Log table size is 200 Command Mode Global Configuration mode User Guidelines The configured table size taskes effect after the device is rebooted Example The following example configures the maximum RMON history table sizes to 100 entries Console config rmon table size history 100 ...

Страница 185: ...oping Default Configuration IGMP snooping is disabled Command Mode Global Configuration mode User Guidelines IGMP snooping can only be enabled on static VLANs It must not be enabled on Private VLANs or their community VLANs Example The following example enables IGMP snooping ip igmp snooping Interface The ip igmp snooping Interface Configuration VLAN mode command enables Internet Group Management ...

Страница 186: ...xample enables IGMP snooping on VLAN 2 ip igmp snooping mrouter learn pim dvmrp The ip igmp snooping mrouter learn pim dvmrp Interface Configuration VLAN mode command enables automatic learning of multicast device ports in the context of a specific VLAN To remove automatic learning of multicast device ports use the no form of this command Syntax ip igmp snooping mrouter learn pim dvmrp no ip igmp ...

Страница 187: ...received for a host time out period from a specific port this port is deleted from the member list of that multicast group To restore the default configuration use the no form of this command Syntax ip igmp snooping host time out time out no ip igmp snooping host time out Parameters time out Specifies the host timeout in seconds Range 1 2147483647 Default Configuration The default host time out is...

Страница 188: ...fault configuration use the no form of this command Syntax ip igmp snooping mrouter time out time out no ip igmp snooping mrouter time out Parameters time out Specifies the Multicast device timeout in seconds Range 1 2147483647 Default Configuration The default value is 300 seconds Command Mode Interface Configuration VLAN mode User Guidelines There are no user guidelines for this command Example ...

Страница 189: ...for IGMP queries Range 0 2147483647 immediate leave Indicates that the port should be immediately removed from the members list after receiving IGMP Leave Default Configuration The default leave time out configuration is 10 seconds Command Mode Interface Configuration VLAN mode User Guidelines The leave timeout should be set greater than the maximum time that a host is allowed to respond to an IGM...

Страница 190: ...here are no user guidelines for this command Example The following example displays multicast device interfaces in VLAN 1000 show ip igmp snooping interface The show ip igmp snooping interface Privileged EXEC mode command displays IGMP snooping configuration Syntax show ip igmp snooping interface vlan id Console show ip igmp snooping mrouter interface 1000 VLAN Ports 1000 g1 Detected multicast dev...

Страница 191: ...mode command displays multicast groups learned by IGMP snooping Syntax show ip igmp snooping groups vlan vlan id address ip multicast address Parameters vlan id Specifies the VLAN number ip multicast address Specifies the IP multicast address Default Configuration This command has no default configuration Console show ip igmp snooping interface 4 IGMP Snooping is globaly disabled IGMP Snooping is ...

Страница 192: ...e show bridge multicast address table Privileged EXEC command Example The following example shows IGMP snooping information on multicast groups Console show ip igmp snooping groups Vlan IP Address Querier Ports 1 224 239 130 2 2 3 Yes g1 g2 19 224 239 130 2 2 8 Yes g9 11 IGMP Reporters that are forbidden statically Vlan IP Address Ports 1 224 239 130 2 2 3 g19 ...

Страница 193: ...em priority value Range 1 65535 Default Configuration The default system priority is 1 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the system priority to 120 lacp port priority The lacp port priority Interface Configuration Ethernet mode command configures physical port priority To return to the defau...

Страница 194: ...owing example defines the priority of Ethernet port g6 as 247 lacp timeout The lacp timeout Interface Configuration Ethernet mode command assigns an administrative LACP timeout To return to the default configuration use the no form of this command Syntax lacp timeout long short no lacp timeout Parameters long Specifies the long timeout value short Specifies the short timeout value Default Configur...

Страница 195: ...ernet interface parameters statistics protocol state Parameters interface Valid Ethernet port Elana parameters Link aggregation parameter information statistics Link aggregation statistics information protocol state Link aggregation protocol state information Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelin...

Страница 196: ... 34 56 78 port Admin key 30 port Oper key 30 port Oper number 21 port Admin priority 1 port Oper priority 1 port Admin timeout LONG port Oper timeout LONG LACP Activity ACTIVE Aggregation AGGREGATABLE collecting FALSE distributing FALSE expired FALSE Partner system priority 0 system mac addr 00 00 00 00 00 00 port Admin key 0 ...

Страница 197: ...n AGGREGATABLE synchronizatio n FALSE collecting FALSE distributing FALSE expired FALSE g1 LACP Statistics LACP PDUs sent 2 LACP PDUs received 2 g1 LACP Protocol State LACP State Machines Receive FSM Port Disabled State Mux FSM Detached State Periodic Tx FSM No Periodic State Control Variables BEGIN FALSE LACP_Enabled TRUE Ready_N FALSE Selected UNSELECTED ...

Страница 198: ... Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays LACP information about port channel 1 Port_moved FALSE NNT FALSE Port_enabled FALSE Timer counters periodic tx timer 0 current while timer 0 wait while timer 0 Console show l...

Страница 199: ... port channel 199 Port Type Gigabit Ethernet Attached Lag id Actor System Priority 1 MAC Address 00 02 85 0E 1C 00 Admin Key 1000 Oper Key 1000 Partner System Priority 0 MAC Address 00 00 00 00 00 00 Oper Key 14 ...

Страница 200: ...200 CHAPTER 13 LACP COMMANDS ...

Страница 201: ...evice discovery protocol and applies power to the device never Turns off the device discovery protocol and stops supplying power to the device Default Configuration Auto Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example turns on the device discovery protocol on port 4 Console config interface ethernet 4 Co...

Страница 202: ...ters Default Configuration There is no default configuration for this command Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example adds a description of the device connected to port 4 as ip phone power inline priority The power inline priority Interface Configuration mode command configures the priority of th...

Страница 203: ...iority of port 4 from the point of view of inline power management to high power inline usage threshold The power inline usage threshold Global Configuration mode command configures the threshold for initiating inline power usage alarms Use the no form of this command to restore defaults Syntax power inline usage threshold percents no power inline usage threshold Parameters percents Specifies the ...

Страница 204: ...ps Use the no form of this command to disable traps Syntax power inline traps enable no power inline traps enable Parameters This command has no arguments or keywords Default Configuration Disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables inline power traps show power inline The show power inline Priv...

Страница 205: ...r this command Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information about the inline power Console show power inline Unit Power Nominal Power Consume r Power Usage Thresho ld Traps 1 On 400 Watts 0 Watts 0 95 Disabl e Admin Oper Port Powere d Device State Status Priorit y Class ...

Страница 206: ... inline ethernet 1 Admin Oper Port Powere d Device State Priori ty State Class g1 IP Phone Model A Auto High On Class 0 Overload Counter 1 Short Counter 0 Denied Counter 0 Absent Counter 0 Invalid Signature Counter 0 Field Description Power The inline power sourcing equipment operational status Nominal Power The inline power sourcing equipment nominal power in Watts Consumed Power Measured usage p...

Страница 207: ...ity can be Critical High or Low Oper State Describes the inline power operational state of the port Oper State can be On Off Test Fail Testing Searching or Fault Classification Power consumption classification of the powered device Overload Counter Counts the number of overload conditions that has been detected Short Counter Counts the number of short conditions that has been detected DeniedCounte...

Страница 208: ...208 CHAPTER 14 POWER OVER ETHERNET COMMANDS ...

Страница 209: ...iguration Spanning tree is enabled Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables spanning tree functionality spanning tree mode The spanning tree mode Global Configuration mode command configures the spanning tree protocol To restore the default configuration use the no form of this command Syntax spannin...

Страница 210: ...ice uses RSTP when the neighbor device uses RSTP and uses STP when the neighbor device uses STP Example The following example configures the spanning tree protocol to RSTP spanning tree forward time The spanning tree forward time Global Configuration mode command configures the spanning tree bridge forward time which is the amount of time a port remains in the listening and learning states before ...

Страница 211: ...ds spanning tree hello time The spanning tree hello time Global Configuration mode command configures the spanning tree bridge hello time which is how often the device broadcasts hello messages to other devices To restore the default configuration use the no form of this command Syntax spanning tree hello time seconds no spanning tree hello time Parameters seconds Time in seconds Range 1 10 Defaul...

Страница 212: ...ning tree bridge maximum age To restore the default configuration use the no form of this command Syntax spanning tree max age seconds no spanning tree max age Parameters seconds Time in seconds Range 6 40 Default Configuration The default maximum age for IEEE Spanning Tree Protocol STP is 20 seconds Command Modes Global Configuration mode User Guidelines When configuring the maximum age the follo...

Страница 213: ...ng tree priority Parameters priority Priority of the bridge Range 0 61440 in steps of 4096 Default Configuration The default bridge priority for IEEE Spanning Tree Protocol STP is 32768 Command Modes Global Configuration mode User Guidelines The bridge with the lowest priority is elected as the root bridge Example The following example configures spanning tree priority to 12288 spanning tree disab...

Страница 214: ... g5 spanning tree cost The spanning tree cost Interface Configuration mode command configures the spanning tree path cost for a port To restore the default configuration use the no form of this command Syntax spanning tree cost cost no spanning tree cost Parameters cost Path cost of the port Range 1 200 000 000 Default Configuration Default path cost is determined by port speed and path cost metho...

Страница 215: ...t priority To restore the default configuration use the no form of this command Syntax spanning tree port priority priority no spanning tree port priority Parameters priority The priority of the port Range 0 240 in multiples of 16 Default Configuration The default port priority for IEEE Spanning TreeProtocol STP is 128 Command Modes Interface Configuration Ethernet port channel mode User Guideline...

Страница 216: ...meters auto Specifies that the software waits for 3 seconds With no BPDUs received on the interface before putting the interface into the PortFast mode Default Configuration PortFast mode is disabled Command Modes Interface Configuration Ethernet port channel mode User Guidelines This feature should be used only with interfaces connected to end stations Otherwise an accidental topology loop could ...

Страница 217: ...d Indicates that the port link type is shared Default Configuration The device derives the port link type from the duplex mode A full duplex port is considered a point to point link and a half duplex port is considered a shared link Command Modes Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example enables sh...

Страница 218: ...and applies to all spanning tree instances on the device The cost is set using the spanning tree cost command Example The following example sets the default path cost method to long spanning tree bpdu The spanning tree bpdu Global Configuration mode command defines BPDU handling when the spanning tree is disabled globally or on a single interface To restore the default configuration use the no for...

Страница 219: ...ocols The clear spanning tree detected protocols Privileged EXEC mode command restarts the protocol migration process forces renegotiation with neighboring devices on all interfaces or on a specified interface Syntax clear spanning tree detected protocols ethernet interface port channel port channel number Parameters interface A valid Ethernet port port channel number A valid port channel number D...

Страница 220: ...instance Range 1 15 priority Device priority for the specified spanning tree instance Range 0 61440 in multiples of 4096 Default Configuration The default bridge priority for IEEE Spanning Tree Protocol STP is 32768 Command Mode Global Configuration mode User Guidelines The device with the lowest priority is selected as the root of the spanning tree Example The following example configures the spa...

Страница 221: ...for this command Example The following example configures the maximum number of hops that a packet travels in an MST region before it is discarded to 10 spanning tree mst port priority The spanning tree mst port priority Interface Configuration mode command configures port priority for the specified MST instance To restore the default configuration use the no form of this command Syntax spanning t...

Страница 222: ...ST calculations If a loop occurs the spanning tree considers path cost when selecting an interface to put in the forwarding state To restore the default configuration use the no form of this command Syntax spanning tree mst instance id cost cost no spanning tree mst instance id cost Parameters instance ID ID of the spanning tree instance Range 1 16 cost The port path cost Range 1 200 000 000 Defau...

Страница 223: ... MST region by entering the Multiple Spanning Tree MST mode Syntax spanning tree mst configuration Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines All devices in an MST region must have the same VLAN mapping configuration revision number and name Example The following example configures an MST region Fast Ethernet 100 Mbps 200 ...

Страница 224: ...instance instance 0 Command Modes MST Configuration mode User Guidelines All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree CIST instance instance 0 and cannot be unmapped from the CIST For two or more devices to be in the same MST region they must have the same VLAN mapping the same configuration revision number and the same name Exampl...

Страница 225: ...wing example defines the configuration name as region1 revision mst The revision MST Configuration mode command defines the configuration revision number To restore the default configuration use the no form of this command Syntax revision value no revision Parameters value Configuration revision number Range 0 65535 Default Configuration The default configuration revision number is 0 Command Mode ...

Страница 226: ...s the current region configuration pending Indicates the pending region configuration Default Configuration This command has no default configuration Command Mode MST Configuration mode User Guidelines The pending MST region configuration takes effect only after exiting the MST Configuration mode Example The following example displays a pending MST region configuration Console config spanning tree...

Страница 227: ...no user guidelines for this command Example The following example exits the MST Configuration mode and saves changes abort mst The abort MST Configuration mode command exits the MST Configuration mode without applying the configuration changes Syntax abort Default Configuration This command has no default configuration Instance Vlans Mapped State 0 1 9 21 4094 Enabled 1 10 20 Enabled Console confi...

Страница 228: ...oot guard prevents the interface from becoming the root port of the device To disable root guard on the interface use the no form of this command Syntax spanning tree guard root no spanning tree guard root Default Configuration Root guard is disabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines Root guard can be enabled when the device operates in STP RSTP and MS...

Страница 229: ...w spanning tree mst configuration Parameters interface number A valid Ethernet port port channel number A valid port channel number detail Indicates detailed information active Indicates active ports only blockedports Indicates blocked ports only mst configuration Indicates the MST configuration identifier instance id Specifies ID of the spanning tree instance Default Configuration This command ha...

Страница 230: ...ode MSTP Default port cost method short CST Root ID Prior ity 32768 Addre ss 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 Bridg e ID Prior ity 36864 Addre ss 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Interfaces Name State Prio Nbr Cost Sts Role PortF ast Type g1 Enabl ed 128 1 20000 FWD Root No P2p bound RSTP ...

Страница 231: ...S Console show spanning tree Spanning tree enabled mode RSTP Default port cost method long Root ID Prior ity 36864 Addre ss 00 02 4b 29 7a 00 This switch is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortF ast Type g1 Enabl ed 128 1 20000 FWD Desg No P2p RSTP g2 Enabl ed 128 2 20000 FWD Desg No Share d STP ...

Страница 232: ...ng tree Spanning tree disabled BPDU filtering mode RSTP Default port cost method long Root ID Prior ity N A Addre ss N A Path Cost N A Root Port N A Hello Time N A Max Age N A Forward Delay N A Bridg e ID Prior ity 36864 Addre ss 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortF ast Type ...

Страница 233: ...onsole show spanning tree active Spanning tree enabled mode RSTP Default port cost method long Root ID Prior ity 32768 Addre ss 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridg e ID Prior ity 36864 Addre ss 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces ...

Страница 234: ...nabl ed 128 4 20000 BLK ALTN No Share d STP Console show spanning tree blockedports Spanning tree enabled mode RSTP Default port cost method long Root ID Prior ity 32768 Addre ss 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridg e ID Prior ity 36864 Addre ss 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ...

Страница 235: ...l Spanning tree enabled mode RSTP Default port cost method long Root ID Prior ity 32768 Addre ss 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridg e ID Prior ity 36864 Addre ss 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 2 last change occurred 2d18h ago ...

Страница 236: ... to forwarding state 1 BPDU sent 2 received 120638 Port 2 2 enabled State Forwarding Role Designated Port id 128 2 Port cost 20000 Type Shared configured auto STP Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Port 3 3 disabled State N A...

Страница 237: ...riority 28672 Address 00 30 94 41 62 c8 Designated port id 128 25 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Port 5 5 enabled State Disabled Role N A Port id 128 5 Port cost 20000 Type N A configured auto Port Fast N A configured no Designated bridge Priority N A Address N A Designated port id N A Designated path cost N A Number of transition...

Страница 238: ...768 Address 00 01 42 97 e0 00 Designated port id 128 25 Designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Console show spanning tree mst configuration Name Region1 Revision 1 Instance Vlans mapped State g0 1 9 21 4094 Enabl ed g1 10 20 Enabl ed Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 ...

Страница 239: ... Name State Prio Nbr Cost Sts Role PortF ast Type g1 Enabl ed 128 1 20000 FWD Root No P2p Bound RSTP g2 Enabl ed 128 2 20000 FWD Desg No Share d Bound STP g3 Enabl ed 128 3 20000 FWD Desg No P2p g4 Enabl ed 128 4 20000 FWD Desg No P2p MST 1 Vlans Mapped 10 20 CST Root ID Prior ity 24576 Addre ss 00 02 4b 29 89 76 Path Cost 20000 Root Port g4 4 ...

Страница 240: ...1 Enabl ed 128 1 20000 FWD Boun No P2p Bound RSTP g2 Enabl ed 128 2 20000 FWD Boun No Share d Bound STP g3 Enabl ed 128 3 20000 BLK Altn No P2p g4 Enabl ed 128 4 20000 FWD Desg No P2p Console show spanning tree detail Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 21 4094 CST Root ID Prior ity 32768 Addre ss 00 01 42 97 e0 00 ...

Страница 241: ...8 Address 00 01 42 97 e0 00 Designated port id 128 25 Designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Port 2 g2 enabled State Forwarding Role Designated Port id 128 2 Port cost 20000 Type Shared configured auto Boundary STP Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path co...

Страница 242: ...ransitions to forwarding state 1 BPDU sent 2 received 170638 Port 4 g4 enabled State Forwarding Role Designated Port id 128 4 Port cost 20000 Type Shared configured auto Internal Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 MST 1 Vlans...

Страница 243: ...rt Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 1 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Port 2 g2 enabled State Forwarding Role Designated Port id 128 2 Port cost 20000 Type Shared configured auto Boundary STP Port Fast No configured no Designated bridge Priority 32768 Address 00...

Страница 244: ...e 1 BPDU sent 2 received 170638 Port 4 g4 enabled State Forwarding Role Designated Port id 128 4 Port cost 20000 Type Shared configured auto Internal Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Console show spanning tree Spanning tree...

Страница 245: ... 15 sec Bridg e ID Prior ity 32768 Addre ss 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 21 4094 CST Root ID Prior ity 32768 Addre ss 00 01 42 97 e0 00 ...

Страница 246: ...ddre ss 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 Bridg e ID Prior ity 36864 Addre ss 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Interfaces Name State Prio Nbr Cost Sts Role PortF ast Type g1 Enabl ed 128 1 20000 FWD Root No P2p bound RSTP g2 Enabl ed 128 2 20000 FWD Desg No Share d STP g3 Disab led 128 3 20000 ...

Страница 247: ... cost method long Root ID Prior ity 36864 Addre ss 00 02 4b 29 7a 00 This switch is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortF ast Type g1 Enabl ed 128 1 20000 FWD Desg No P2p RSTP g2 Enabl ed 128 2 20000 FWD Desg No Share d STP g3 Disab led 128 3 20000 g4 Enabl ed 128 4 20000 FWD Desg No Share d STP ...

Страница 248: ...lt port cost method long Root ID Prior ity N A Addre ss N A Path Cost N A Root Port N A Hello Time N A Max Age N A Forward Delay N A Bridg e ID Prior ity 36864 Addre ss 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortF ast Type g1 Enabl ed 128 1 20000 g2 Enabl ed 128 2 20000 ...

Страница 249: ...abled mode RSTP Default port cost method long Root ID Prior ity 32768 Addre ss 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 g1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridg e ID Prior ity 36864 Addre ss 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortF ast Type ...

Страница 250: ...w spanning tree blockedports Spanning tree enabled mode RSTP Default port cost method long Root ID Prior ity 32768 Addre ss 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridg e ID Prior ity 36864 Addre ss 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortF ast Type ...

Страница 251: ... 32768 Addre ss 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 g1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridg e ID Prior ity 36864 Addre ss 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 2 last change occurred 2d18h ago Times hold 1 topology change 35 notification 2 hello 2 max age 20 forward delay 15 Port 1 g1 enabled ...

Страница 252: ...8 2 Port cost 20000 Type Shared configured auto STP Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Port 3 g3 disabled State N A Role N A Port id 128 3 Port cost 20000 Type N A configured auto Port Fast N A configured no Designated bridge...

Страница 253: ...0 Type N A configured auto Port Fast N A configured no Designated bridge Priority N A Address N A Designated port id N A Designated path cost N A Number of transitions to forwarding state N A BPDU sent N A received N A Console show spanning tree ethernet 1 Port 1 g1 enabled State Forwarding Role Root Port id 128 1 Port cost 20000 Type P2p configured auto RSTP Port Fast No configured no Designated ...

Страница 254: ...94 Enabl ed g1 10 20 Enabl ed Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 21 4094 CST Root ID Prior ity 32768 Addre ss 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 g1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortF ast Type ...

Страница 255: ...nd STP g3 Enabl ed 128 3 20000 FWD Desg No P2p g4 Enabl ed 128 4 20000 FWD Desg No P2p MST 1 Vlans Mapped 10 20 CST Root ID Prior ity 24576 Addre ss 00 02 4b 29 89 76 Path Cost 20000 Root Port 4 g4 Rem hops 19 Bridge ID Prior ity 32768 Addre ss 00 02 4b 29 7a 00 Interfaces Name State Prio Nbr Cost Sts Role PortF ast Type ...

Страница 256: ...g No P2p Console show spanning tree detail Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 21 4094 CST Root ID Prior ity 32768 Addre ss 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 g1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Port 1 g1 enabled State Forwarding Role Root Port id 128 1 Port cost 20000 Type P2p configured auto Boundary RSTP Port Fast N...

Страница 257: ...riority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Port 3 g3 enabled State Forwarding Role Designated Port id 128 3 Port cost 20000 Type Shared configured auto Internal Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 3 Designa...

Страница 258: ...eceived 170638 MST 1 Vlans Mapped 10 20 Root ID Prior ity 24576 Addre ss 00 02 4b 29 89 76 Path Cost 20000 Port Cost 4 4 Rem hops 19 Bridge ID Prior ity 32768 Addre ss 00 02 4b 29 7a 00 Number of topology changes 2 last change occurred 1d9h ago Times hold 1 topology change 2 notification 2 hello 2 max age 20 forward delay 15 Port 1 g1 enabled State Forwarding Role Boundary Port id 128 1 Port cost ...

Страница 259: ... Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Port 3 g3 disabled State Blocking Role Alternate Port id 128 3 Port cost 20000 Type Shared configured auto Internal Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 1a 19 Designated port id 128 78 Design...

Страница 260: ...ions to forwarding state 1 BPDU sent 2 received 170638 Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 21 4094 CST Root ID Prior ity 32768 Addre ss 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 g1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridg e ID Prior ity 32768 Addre ss 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec ...

Страница 261: ...show spanning tree 261 Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 21 4094 CST Root ID Prior ity 32768 Addre ss 00 01 42 97 e0 00 ...

Страница 262: ...262 CHAPTER 15 SPANNING TREE COMMANDS ...

Страница 263: ...ing table displays keywords and URL prefixes Keyword Source or Destination flash Source or destination URL for flash memory It s the default in case a URL is specified without a prefix running config Represents the current running configuration file startup config Represents the startup configuration file image If the source file represents the active image file If the destination file represents ...

Страница 264: ...llowing conditions exist The source file and destination file are the same file xmodem is the destination file The source file can be copied to image boot and null only tftp is the source file and destination file on the same copy The following table describes copy characters xmodem Source for the file from a serial connection that uses the Xmodem protocol null Null destination for copies or files...

Страница 265: ...ion file is a combination of the previous running configuration and the loaded configuration files with the loaded configuration file taking precedence Copying a Configuration File from a Server to the Startup Configuration To copy a configuration file from a network server to the startup configuration file of the device enter copy source url startup config The startup configuration file is replac...

Страница 266: ...file to be deleted Range 1 160 characters The following table displays keywords and URL prefixes Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Console copy tftp 172 16 101 101 file1 image Accessing file file1 on 172 16 101 101 Loading file1 from 172 16 101 101 OK Copy took 0 01 11 hh mm ss Keyword Source or Destination flash Source or destination...

Страница 267: ...tax boot system image 1 image 2 Parameters image 1 Specifies image 1 as the system startup image image 2 Specifies image 2 as the system startup image Default Configuration The default setting is the unit number Command Mode Privileged EXEC mode User Guidelines Use the show bootvar command to find out which image is the active image Example The following example loads the system image 1 at device ...

Страница 268: ...ed EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the contents of the running configuration file show startup config The show startup config Privileged EXEC mode command displays the contents of the startup configuration file Console show running config hostname device interface ethernet g1 ip address 176 242 100 100 255 255 255 0 dup...

Страница 269: ... displays the contents of the running configuration file show bootvar The show bootvar Privileged EXEC mode command displays the active system image file that is loaded by the device at startup Syntax show bootvar Elana Console show startup config hostname device interface ethernet g1 ip address 176 242 100 100 255 255 255 0 duplex full speed 1000 interface ethernet g2 ip address 176 243 100 100 2...

Страница 270: ...mand Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the active system image file that is loaded by the device at startup Elana Console show bootvar Unit Active Image Selected for next boot 1 image 1 image 1 2 image 2 image 2 3 image 1 image 1 ...

Страница 271: ...hostname Hostname of the RADIUS server host Range 1 158 characters auth port number Port number for authentication requests The host is not used for authentication if the port number is set to 0 Range 0 65535 timeout Specifies the timeout value in seconds Range 1 30 retries Specifies the retransmit value Range 1 10 deadtime Length of time in minutes during which a RADIUS server is skipped over by ...

Страница 272: ...fy multiple hosts multiple radius server host commands can be used If no host specific timeout retries deadtime or key string values are specified global values apply to each RADIUS server host The address type of the source parameter must be the same as the ip address parameter Example The following example specifies a RADIUS server host with IP address 192 168 10 1 authentication request port nu...

Страница 273: ...lines There are no user guidelines for this command Example The following example defines the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon radius server retransmit The radius server retransmit Global Configuration mode command specifies the number of times the software searches the list of RADIUS server hosts To reset the default configur...

Страница 274: ...The radius server source ip Global Configuration mode command specifies the source IP address used for communication with RADIUS servers To restore the default configuration use the no form of this command Syntax radius server source ip source no radius source ip source Parameters source Specifies a valid source IP address Default Configuration The source IP address is the IP address of the outgoi...

Страница 275: ...fies the timeout value in seconds Range 1 30 Default Configuration The timeout value is 3 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the timeout interval on all RADIUS servers to 5 seconds radius server deadtime The radius server deadtime Global Configuration mode command improves RADIUS resp...

Страница 276: ...onfiguration mode User Guidelines There are no user guidelines for this command Example The following example sets all RADIUS server deadtimes to 10 minutes show radius servers The show radius servers Privileged EXEC mode command displays the RADIUS server settings Syntax show radius servers Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guid...

Страница 277: ... settings Console show radius servers IP addre ss Port Auth TimeO ut Retra nsmit DeadT ime Sourc e IP Prior ity Usage 172 1 6 1 1 1645 Globa l Globa l Globa l 1 All 172 1 6 1 2 1645 11 8 Globa l Globa l 2 All Global values TimeOut 3 Retransmit 3 Deadtime 0 Source IP 172 16 8 1 ...

Страница 278: ...278 CHAPTER 17 RADIUS COMMAND ...

Страница 279: ...x Monitors transmitted packets only Default Configuration Monitors both received and transmitted packets Command Mode Interface Configuration Ethernet mode User Guidelines This command enables traffic on one port to be copied to another port or between the source port src interface and a destination port port being configured The following restrictions apply to ports configured as destination port...

Страница 280: ...s traffic for both directions Tx and Rx on port g8 source port to port 1 destination port show ports monitor The show ports monitor Privileged EXEC mode command displays the port monitoring status Syntax show ports monitor Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The follo...

Страница 281: ...show ports monitor 281 g1 8 RX TX Active g2 8 RX TX Active g18 8 RX Active ...

Страница 282: ...282 CHAPTER 18 PORT MONITOR COMMANDS ...

Страница 283: ...community community ip address Parameters community Community string that acts like a password and permits access to the SNMP protocol Range 1 20 characters ro Indicates read only access default rw Indicates read write access su Indicates SNMP administrator access ip address Specifies the IP address of the management station group name Specifies the name of a previously defined group A group defin...

Страница 284: ... and notify view always and for rw for write view also The group name parameter can also be used to restrict the access rights of a community string When it is specified An internal security name is generated The internal security name for SNMPv1 and SNMPv2 security models is mapped to the group name Example The following example defines community access string public to permit administrative acce...

Страница 285: ... 4 included Indicates that the view type is included excluded Indicates that the view type is excluded Default Configuration No view entry exists Command Mode Global Configuration mode User Guidelines This command can be entered multiple times for the same view record The number of views is limited to 64 No check is made to determine that a MIB node corresponds to the starting portion of the OID u...

Страница 286: ...ates authentication of a packet without encrypting it Applicable only to the SNMP Version 3 security model priv Indicates authentication of a packet with encryption Applicable only to the SNMP Version 3 security model name Specifies the context of a packet The following context is supported Router If the context name is unspecified all contexts are defined readview Specifies a string that is the n...

Страница 287: ...name groupname remote engineid string auth md5 password auth sha password auth md5 key md5 des keys auth sha key sha des keys no snmp server user username remote engineid string Parameters username Specifies the name of the user on the host that connects to the agent Range 1 30 characters groupname Specifies the name of the group to which the user belongs Range 1 30 characters engineid string Spec...

Страница 288: ...2 bytes auth sha key sha des keys Indicates the HMAC SHA 96 authentication level The user should enter a concatenated hexadecimal string of the SHA key MSB and the privacy key LSB If authentication is only required 20 bytes should be entered if authentication and privacy are required 36 bytes should be entered Each byte in the hexadecimal character string is two hexadecimal digits Each byte can be...

Страница 289: ...snmp server engineID local engineid string default no snmp server engineID local Parameters engineid string Specifies a character string that identifies the engine ID Range 5 32 characters default The engine ID is created automatically based on the device MAC address Default Configuration The engine ID is not configured If SNMPv3 is enabled using this command and the default is specified the defau...

Страница 290: ...owing is recommended For a standalone device use the default keyword to configure the engine ID Changing the value of the engine ID has the following important side effect A user s password entered on the command line is converted to an MD5 or SHA security digest This digest is based on both the password and the local engine ID The user s command line password is then destroyed as required by RFC ...

Страница 291: ...er filter The snmp server filter Global Configuration mode command creates or updates a Simple Network Management Protocol SNMP server filter entry To remove the specified SNMP server filter entry use the no form of this command Syntax snmp server filter filter name oid tree included excluded no snmp server filter filter name oid tree Parameters filter name Specifies the label for the filter recor...

Страница 292: ... example creates a filter that includes all objects in the MIB II system group except for sysServices System 7 and all objects for interface 1 in the MIB II interfaces group snmp server host The snmp server host Global Configuration mode command specifies the recipient of Simple Network Management Protocol Version 1 or Version 2 notifications To remove the specified host use the no form of this co...

Страница 293: ...used 2 Indicates that SNMPv2 traps will be used If port Specifies the UDP port of the host to use If unspecified the default UDP port number is 162 Range 1 65535 filtername Specifies a string that defines the filter for this host If unspecified nothing is filtered Range 1 30 characters seconds Specifies the number of seconds to wait for an acknowledgment before resending informs If unspecified the...

Страница 294: ...t Protocol Version 3 notifications To remove the specified host use the no form of this command Syntax snmp server v3 host ip address hostname username traps informs noauth auth priv udp port port filter filtername timeout seconds retries retries no snmp server host ip address hostname username traps informs Parameters ip address Specifies the IP address of the host targeted recipient hostname Spe...

Страница 295: ...um number of retries is 3 Range 0 255 Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines A user and notification view are not automatically created Use the snmp server user snmp server group and snmp server view Global Configuration mode commands to generate a user group and notify group respectively Example The following example ...

Страница 296: ... configures the system contact sysContact string To remove system contact information use the no form of the command Syntax snmp server contact text no snmp server contact Parameters text Specifies the string that describes system contact information Range 1 160 characters Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Do not ...

Страница 297: ...system location information Range 1 160 characters Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Do not include spaces in the text string or place text that includes spaces inside quotation marks Example The following example defines the device location as New_York snmp server set The snmp server set Global Configuration mode...

Страница 298: ...idelines Although the CLI can set any required configuration there might be a situation where a SNMP user sets a MIB variable that does not have an equivalent command In order to generate configuration files that support those situations the snmp server set command is used This command is case sensitive Example The following example configures the scalar MIB sysName with the value 3Com show snmp T...

Страница 299: ...communications status Console show snmp Commu nity Stri ng Community Ac cess View name IP addre ss publi c read only user view All priva te read write Defau lt 172 16 1 1 priva te su Defau ltSup er 172 17 1 1 Community st ring Group name IP address Type publi c user group all Traps are enabled Authentication trap is enabled ...

Страница 300: ...3 192 122 173 42 Infor m publi c 2 162 15 3 Version 3 notifications Target Address Type Usern ame Secu rity Level UDP Port Filte r Name TO Sec Retr ies 192 122 173 42 Infor m Bob Priv 162 15 3 System Contact Robert System Location Marketing Field Description Community string Community access string to permit access to the SNMP protoco Community access Type of access read only read write super acce...

Страница 301: ... the SNMP engine ID show snmp views The show snmp views Privileged EXEC mode command displays the configuration of views Syntax show snmp views viewname Parameters viewname Specifies the name of the view Range 1 30 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show snmp engineI...

Страница 302: ...ifies the name of the group Range 1 30 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the configuration of views Console show snmp views Name OID Tree Type user view 1 3 6 1 2 1 1 Included user view 1 3 6 1 2 1 1 7 Excluded user view 1 3 6 1 2 1 2 ...

Страница 303: ...priv Default manager s group V3 priv Default Default manager s group V3 priv Default Field Description Name Name of the group Security Model SNMP model in use v1 v2 or v3 Security Level Authentication of a packet with encryption Applicable only to SNMP v3 security Views Read Name of the view that enables only viewing the contents of the agent If unspecified all objects except the community table a...

Страница 304: ...mmand displays the configuration of users Syntax show snmp users username Parameters username Specifies the name of the user Range 1 30 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show snmp filters Name OID Tree Type user filter 1 3 6 1 2 1 1 Included user filter 1 3 6 1 2 1 ...

Страница 305: ... snmp users 305 Example The following example displays the configuration of users Console show snmp users Name Group name Auth Method Remote John user group md5 John user group md5 08009009020C0B 099C075879 ...

Страница 306: ...306 CHAPTER 19 SNMP COMMANDS ...

Страница 307: ...ies the valid network mask of the IP address prefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Range 8 30 Default Configuration No IP address is defined for interfaces Command Mode Interface Configuration default VLAN mode User Guidelines Only the default VLAN get be assigned an IP address An IP address cannot be co...

Страница 308: ...field This name does not have to be the same as the host name specified in the hostname Global Configuration mode command Range 1 20 characters Default Configuration This command has no default configuration Command Mode Interface Configuration default VLAN mode User Guidelines This command is only functional if the device is in Switch mode The ip address dhcp command allows any interface to dynam...

Страница 309: ...name in the DHCP option 12 field The no ip address dhcp command deconfigures any IP address that was acquired and sends a DHCPRELEASE message Example The following example acquires an IP address for Ethernet port g16 from DHCP ip default gateway The ip default gateway Global Configuration mode command defines a default gateway device To restore the default configuration use the no form of this com...

Страница 310: ...id port channel port channel number Parameters interface number Specifies the valid Ethernet port vlan id Specifies the valid VLAN number port channel number Specifies the valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example the displays...

Страница 311: ...o the specified MAC address hw_addr Valid MAC address to map to the specified IP address or IP alias interface number Valid Ethernet port vlan id Valid VLAN number port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Global Configuratin mode User Guidelines The software uses ARP cache entries to translate 32 bit IP addresses int...

Страница 312: ... timeout Parameters seconds Time in seconds that an entry remains in the ARP cache Range 1 40000000 Default Configuration The default timeout is 60000 seconds Command Mode Global Configuration mode User Guidelines It is recommended not to set the timeout value to less than 3600 Example The following example configures the ARP timeout to 12000 seconds clear arp cache The clear arp cache Privileged ...

Страница 313: ...ll dynamic entries from the ARP cache show arp The show arp Privileged EXEC mode command displays entries in the ARP table Syntax show arp Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays entries in the ARP table Console clear arp cache Console show ...

Страница 314: ... the default domain name used to complete unqualified host names Do not include the initial period that separates an unqualified name from the domain name Range 1 158 characters Default Configuration A default domain name is not defined Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example defines default domain name www ...

Страница 315: ... address1 server address8 Parameters server address Specifies IP addresses of the name server Default Configuration No name server addresses are specified Command Mode Global Configuration mode User Guidelines The preference of the servers is determined by the order in which they were entered Up to 8 servers can be defined using one command or using multiple commands Example The following example ...

Страница 316: ...316 CHAPTER 20 IP ADDRESS COMMANDS ...

Страница 317: ...Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Use this command to configure a management access list The command enters the Access list Configuration mode where permit and deny access rules are defined using the permit Management and deny Management commands If no match criteria are defined the default is deny If you reenter an acces...

Страница 318: ...t the active list permit Management The permit Management Access List Configuration mode command defines a permit rule Syntax permit ethernet interface number vlan vlan id port channel port channel number service service permit ip source ip address mask mask prefix length ethernet interface number vlan vlan id port channel port channel number service service Parameters interface number A valid Eth...

Страница 319: ...st Configuration mode User Guidelines Rules with Ethernet VLAN and port channel parameters are valid only if an IP address is defined on the appropriate interface The system supports up to 128 management access rules Example The following example permits all ports in the access list called mlist deny Management The deny Management Access List Configuration mode command defines a deny rule Syntax d...

Страница 320: ... no default configuration Command Mode Management Access list Configuration mode User Guidelines Rules with Ethernet VLAN and port channel parameters are valid only if an IP address is defined on the appropriate interface The system supports up to 128 management access rules Example The following example denies all ports in the access list called mlist management access class The management access...

Страница 321: ...e no user guidelines for this command Example The following example configures an access list called mlist as the management access list show management access list The show management access list Privileged EXEC mode command displays management access lists Syntax show management access list name Parameters name Specifies the name of a management access list Range 1 32 characters Default Configur...

Страница 322: ...how management access class Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information about the active management access list Console show management access list mlist mlist permit ethernet g1 permit ethernet g2 Note all other access implicitly de...

Страница 323: ...ntax rogue detect enable no rogue detect enable Parameters This command has no keywords or arguments Default Configuration Rogue detection is disabled Command Mode AP Interface Radio Configuration mode User Guidelines Use the rogue detect enable Global Configuration command to globally enable disable rogue detection Rouge detection can be enabled on a specific AP only if rogue detection is enabled...

Страница 324: ... detect rogue scan interval Parameters long Scanning interval of 240 seconds medium Scanning interval of 150 seconds short Scanning interval of 20 seconds Default Configuration The default scanning interval is long Command Mode AP Interface Radio Configuration mode User Guidelines A long scanning interval causes the least disruption of user traffic performance while a short scanning interval cause...

Страница 325: ...ap mac address state Parameters mac address The rogue AP MAC address known Specify that the rogue AP is known mitigate Specify that the rogue AP should be mitigated Default Configuration New Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the status of rogue AP with the MAC address 00 9E 92 4C 73 FCas known Con...

Страница 326: ...e list does not mitigate or suppress the rogue If the rogue AP is still physically present and active it will reappear in the Rogue Access Point list after subsequent scans for rogue APs is performed Example The following example deletes a rogue AP with the MAC address 00 9E 92 4C 73 FC from the rogue APs list show wlan rogue aps configuration The show wlan rogueaps configuration Privileged EXEC m...

Страница 327: ... this command Example The following example displays information about rogue APs detection configuration show wlan rogue aps list The show wlan rogue aps list Privileged EXEC mode command displays information about potential rogue APs Syntax show wlan rogue aps list mac mac address Console show wlan rogue aps configuration Rogue APs detection is enabled AP name Radio Scanning Interval AP1 a Enable...

Страница 328: ...than one Radio Example The following example displays information about potential rogue APs show wlan rogue aps neighborhood The show wlan rogue aps neighborhood Privileged EXEC mode command displays a list of APs that have detected a rogue AP Syntax show wlan rogue aps neighborhood mac address Console show wlan rogue aps list MAC Address Status SSID Ch Last seen WlanSys 82 73 FC New test 1 3 Aug ...

Страница 329: ...o default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays a list of APs that has detected a rogue AP with the MAC address 00 9E 93 82 73 FC Console show wlan rogue aps neighborhood 00 9E 93 82 73 FC AP name Signal dBm AP1 62 AP2 68 Lobby 68 ...

Страница 330: ...330 CHAPTER 22 WIRELESS ROGUE AP COMMANDS ...

Страница 331: ...ange 2 65535 ssid The ESS SSID string Range 1 32 characters Default Configuration ESS number 1 always exists Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example creates an ESS with the index of 1200 and the SSID of abc123 wlan ess configure The wlan ess configure Global Configuration mode command enters the ESS Configur...

Страница 332: ...n mode User Guidelines There are no user guidelines for this command Example The following example enters the ESS enterprise configuration mode ssid The ssid ESS Configuration mode command configures the SSID name of an ESS Syntax ssid ssid Parameters ssid The SSID string of the ESS name Range 1 32 characters Default Configuration This command has no default configuration Command Mode ESS Configur...

Страница 333: ...suite for the ESS To restore defaults use the no form of this command Syntax open vlan vlan id no open vlan Parameters vlan id VLAN ID of the ESS default VLAN ssid The ESS SSID string Range 1 32 characters Default Configuration VLAN number 1 Command Mode ESS Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the ESS VLAN when t...

Страница 334: ...S Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables QoS in an ESS in the Wi Fi WMM mode load balancing The load balancing ESS Configuration mode command enables load balancing in an ESS To disable load balancing use the no form of this command Syntax load balancing association periodically Console Config wlan ess configure ssid e...

Страница 335: ...iguration Disabled Command Mode ESS Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables load balancing in an ESS where a station attempts to associate with an AP in the ESS mac filtering action The mac filtering action ESS Configuration mode command enables source MAC address filtering in an ESS To disable source MAC address filter...

Страница 336: ...ddress filtering in an ESS mac filtering list The mac filtering list ESS Configuration mode command adds and removes MAC addresses from the MAC address filtering list in an ESS To delete all the MAC addresses use the no form of this command Syntax mac filtering list add remove mac address no mac filtering list Parameters add Adds the defined MAC addresses to the MAC address filtering list in an ES...

Страница 337: ...te type key hex key ascii encryption key no security suite create type Parameters type The security suite type Available values are as follows open wep No authentication with WEP for data encryption Wired Equivalent Privacy WEP is a scheme to secure wireless networks WiFi Because a wireless network broadcasts messages using radio it is particularly susceptible to eavesdropping WEP provides compara...

Страница 338: ...and dynamically generate keys wpa2 psk WPA2 with pre shared key key A key must be entered for open wep shared wep openshared wep wpa psk and wpa2 psk A key should not be entered for 802 1x wpa and wpa2 See the key command in Security Suite ESS Configuration mode for information on the range of the key size key hex Specifies the entry of a pre shared key psk in hexadecimal format Range 10 26 charac...

Страница 339: ...mand enters the Security Suite Configuration mode Syntax security suite configure type Parameters type The security suite type Available values are as follows open wep No authentication with WEP for data encryption Wired Equivalent Privacy WEP is a scheme to secure wireless networks WiFi Because a wireless network broadcasts messages using radio it is particularly susceptible to eavesdropping WEP ...

Страница 340: ...etwork cards wpa psk WPA with pre shared key wpa2 WPA2 method only wpa2 psk WPA2 with pre shared key Default Configuration WPA security suite exists Command Mode ESS Configuration mode User Guidelines There are no user guidelines for this command Example The following example enters the Security Suite Configuration mode vlan Security Suite ESS The vlan Security Suite ESS Configuration mode command...

Страница 341: ...curity Suite To restore the default configuration use the no form of this command Syntax timer rekey time unicast never minutes no timer rekey time unicast timer rekey time multicast never minutes no timer rekey time multicast timer reauth time never seconds no timer reauth time timer idle time never seconds no timer idle time Parameters rekey time unicast minutes Unicast rekeying timeout period R...

Страница 342: ... for this command Example The following example configures the key exchange timers for a security suite as an unlimited rekeying timeout period update gkey on lea ve Security Suite ESS The update gkey on leave Security Suite ESS Configuration mode command defines that a group key should be updated after a station leaves the AP To disable updates use the no form of this command Syntax update gkey o...

Страница 343: ...A2 pre authentication in an ESS Use the wpa2 pre authentication command in ESS Configuration mode To disable WPA2 pre authentication use the no form of this command Syntax wpa2 pre authentication no wpa2 pre authentication Parameters This command has no keywords or arguments Default Configuration This command has no default configuration Command Mode ESS Configuration mode User Guidelines The comm...

Страница 344: ...535 ssid 1 32 show wlan ess vlans id 1 65535 ssid 1 32 show wlan ess radios id 1 65535 ssid 1 32 Parameters index The ESS index Range 1 65535 ssid The SSID string of the ESS Range 32 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console Config wlan ess configure ssid enterpr...

Страница 345: ...splay of the WLAN ESS configuration The following example configures the display of the defined ESS configurations console show wlan ess configuration Index SSID Securit y Suite Load Bal QoS MAC Filter 1 Enterpr ise WPA WPA2 Assoc WMM Dis 2 Guest Open Dis Dis Permit ...

Страница 346: ...ticast Rekeying Timeout Never Update Group Key On Leave Enabled Security Suite WPA2 VLAN 9 Unicast Rekeying Timeout Never Multicast Rekeying Timeout Never Update Group Key On Leave Enabled Console show wlan ess configuration 2 Index 2 SSID Guest Load Balancing Disabled QoS Disabled Mac Filter Permit WPA2 Preauthentication Enabled Open VLAN 1 Security suite WPA VLAN 1 Unicast Rekeying Timeout 0 Mul...

Страница 347: ...lists id index ssid ssid Parameters index The ESS index Range 1 65535 ssid The SSID string of the ESS Range 1 32 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the ESS MAC filtering lists Console show wlan ess radios Index SSID Radios 1 ...

Страница 348: ...e ESS index Range 1 65535 ssid The SSID string of the ESS Range 1 32 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays station numbers at each ESS Console show wlan ess mac filtering lists guest Action Permit 00 9E 93 82 83 A1 00 9E 93 82 8...

Страница 349: ...g example displays station numbers at ESS enterprise Console show wlan ess counters Index SSID Stations 1 Enterprise 182 2 Guest 3 Console show wlan ess counters ssid enterprise AP Radio Stations AP1 a 32 AP1 g 29 AP2 a 12 AP2 g 42 AP3 a 31 ...

Страница 350: ...350 CHAPTER 23 WIRELESS ESS COMMANDS ...

Страница 351: ...delines When the configurations of all the deactivated AP is deleted the AP may reappear in the AP Discovery Table The clear wlan ap command can also be used to remove an AP that is irrelevant either associated with another device or removed from the system from the APs discovery table If the AP is still relevant not associated with another device and not removed from the system it should not be r...

Страница 352: ...as no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example activates an AP with the MAC address 00 0e 35 63 5c a7 wlan ap key The wlan ap key Global Configuration mode command configures a secure key for communication to an AP To remove an AP use the no form of the command Syntax wlan ap name mac ad...

Страница 353: ...nfiguration mode User Guidelines If the secure key is not set before activation at the AP that key would be transferred to the AP on activation A key cannot be removed in an active AP Example The following example configures a secure key for communication to an AP called enterprise wlan ap config The wlan ap config Global Configuration mode command sets the device in AP Configuration mode Syntax w...

Страница 354: ...a wireless AP name To restore the default configuration use the no form of this command Syntax name string no name Parameters name The AP name Default Configuration The AP s MAC address Command Mode AP Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures a wireless AP name to enterprise Console Config wlan ap CR1 config Console C...

Страница 355: ... Guidelines If one of the stations that are associated with an AP is associated with a VLAN that the AP does not have a direct connection to the AP initiates a tunnel with the AP that has a direct connection to that VLAN The AP with the highest tunneling priority in the network is chosen as the source of the VLAN Example The following example configures a wireless AP priority for VLAN tunneling to...

Страница 356: ... certain timing constrains in the communication to a remotely connected wireless AP separated by a WAN link or the Internet interface ethernet The enter interface AP Configuration mode command configures an interface and enters the Interface Configuration mode Syntax interface ethernet Parameters This command has no keywords or arguments Default Configuration This command has no default configurat...

Страница 357: ... list remove vlan list no vlan allowed Parameters add vlan list List of VLAN IDs to add Separate nonconsecutive VLAN IDs with a comma and no spaces use a hyphen to designate a range of IDs remove vlan list List of VLAN IDs to remove Separate nonconsecutive VLAN IDs with a comma and no spaces use a hyphen to designate a range of IDs Default Configuration VLAN number 1 Command Mode AP interface Ethe...

Страница 358: ... ID of the native VLAN Default Configuration VLAN 1 Command Mode AP interface Ethernet Configuration mode User Guidelines A VLAN can be defined as a native VLAN only if it is one of the allowed VLANs Example The following example sets the native VLAN of the Ethernet port for a wireless AP to 2 wlan template ap configure The wlan template ap configure Global Configuration mode command places the de...

Страница 359: ...he following example places the device in wireless AP template configuration mode to configure template called type1 set wlan copy The set wlan copy wireless AP template configuration command copies the wireless AP configuration parameters from the template AP to an AP Syntax set wlan copy ap default template name to ap ap name set wlan copy ap ap name to template ap template name Parameters defau...

Страница 360: ...se to an AP called Switch show wlan aps The show wlan aps Privileged EXEC mode command displays information on active APs Syntax show wlan aps name mac address show wlan aps radio a g show wlan aps ess ssid show wlan aps vlans ssid show wlan aps version name mac address Parameters name The AP name Range 1 32 characters mac address The AP MAC address a Radio type is 802 1a g Radio type is 802 1g ss...

Страница 361: ...XEC mode User Guidelines There are no user guidelines for this command Example The following example displays information on active APs Console show wlan aps Name MAC Address Type State AP1 00 9E 92 4C 73 FC a g Enabled AP2 00 9E 92 4C 73 FD a g Disabled ...

Страница 362: ... g State Enabled Status Disabled 802 11a Radio Enabled 802 11g Radio Enabled VLANs Allowed 2 3 Native VLAN 2 Tunnel Priority 20 IP address 172 16 1 1 DNS name wlan switch1 ge com WAN Timing Constrains Disabled Console Logging Disabled Console show wlan aps radio Name Radio State Power Channel Traffic Oper Allow Admin AP1 a Enabled Maximum LG Enabled N A AP1 g Enabled Maximum LG Enabled Enabled AP2...

Страница 363: ...that AP 2 Ethernet VLANs The VLANs configured on the AP Ethernet port 3 Priority The priority of the AP as a source for tunneling Console show wlan aps ess Name Radio SSID State Advertise AP1 a Enterprise Enabled Enabled AP1 a Guest Enabled Enabled AP2 g Enterprise Enabled Enabled AP2 a Guest Enabled Enabled Console show wlan aps vlans Name Station VLANs Ethernet VLANs Priority AP1 1 2 3 1 2 30 AP...

Страница 364: ...mac address interface radio a g ess ssid Parameters name The AP name mac address The AP MAC address a Radio type is 802 1a g Radio type is 802 1g ssid The ESS SSID Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show wlan aps versions Name Model Serial number Boot Loader Version ...

Страница 365: ...mac address The AP MAC address Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show wlan ap AP1 interface radio g State Enabled Allow traffic Enabled Channel Least Congested 11 Power Maximum Allow 802 11b Enabled Preamble Long RTS Threshold 2312 bytes Antenna Diversity Beacon Per...

Страница 366: ... a g ap name Parameters radio a b Specified Radio type If unspecified shows the total traffic on the AP ap name Specified AP name Range 1 32 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example Console show wlan ap AP1 interface ethernet VLANs Allowed 2 3 Native VLAN 2 Tunn...

Страница 367: ...ons Name Stations AP1 19 AP1 19 AP2 23 AP2 23 Name InUcastPk ts InPkts InOctets In Errors AP1 756857 8691 8432 2 AP2 846584 9132 8921 2 Name InUcastPk ts InPkts InOctets In Errors AP1 756857 8691 8432 2 AP2 846584 9132 8921 2 Name OutUcastP kts OutPkts OutOctets Out Errors AP1 87398238 922982 8118710 2 AP2 846584 913287 783278 2 ...

Страница 368: ...P Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example Console show wlan aps counters ap AP1 Number of stations 19 In Octets 756857 In Packets 8691 In Unicast Packets 8432 In Data Packets 8533 In Management Packets 158 In Errors 2 Out Octets 87398238 Out Packets 922982 Out Unicast Pac...

Страница 369: ...late aps name Parameters name Specify the AP name Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays displays the template AP configuration Console show wlan aps discovered MAC Address Key Discovery Time Status 00 9E 92 4C 73 FC 3 Aug 2005 15 41 43 Dis...

Страница 370: ...indoor NAME vivi MAC Address 00 f0 00 00 06 25 802 11a Radio Enabled 802 11g Radio Enabled Type a g State Enabled VLANs Allowed 2 3 Native VLAN 2 Tunnel Source Enabled Tunnel Priority 20 WAN Timing Constraints Disabled Console Logging Disabled Radio a State Enabled Allow traffic Enabled Channel Least Congested Power Max Preamble Long RTS Threshold 2312 Antenna Diversity Beacon Period 100 ...

Страница 371: ...nd Syntax ip ssh port port number no ip ssh port Parameters port number Port number for use by the SSH server Range 1 65535 Default Configuration The default port number is 22 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the port to be used by the SSH server as 8080 Console config ip ssh port 8080 ...

Страница 372: ...idelines If encryption keys are not generated the SSH server is in standby until the keys are generated To generate SSH server keys use the crypto key generate dsa and crypto key generate rsa Global Configuration mode commands Example The following example enables configuring the device from a SSH server crypto key generate dsa The crypto key generate dsa Global Configuration mode command generate...

Страница 373: ...y pairs crypto key generate rsa The crypto key generate rsa Global Configuration mode command generates RSA key pairs Syntax crypto key generate rsa Default Configuration RSA key pairs do not exist Command Mode Global Configuration mode User Guidelines RSA keys are generated in pairs one public RSA key and one private RSA key If the device already has RSA keys a warning and prompt to replace the e...

Страница 374: ...ation fo incoming SSH sessions is disabled Command Mode Global Configuration mode User Guidelines AAA authentication is independent Example The following example enables public key authentication for incoming SSH sessions crypto key pubkey chain ssh The crypto key pubkey chain ssh Global Configuration mode command enters the SSH Public Key chain Configuration mode The mode is used to manually spec...

Страница 375: ...ic key use the no form of this command Syntax user key username rsa dsa no user key username Console config crypto key pubkey chain ssh Console config pubkey chain user key bob Console config pubkey key key string rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ ZNXfZSkvHG QusIZ 76ILmFT34v7u7ChFAE Vu4GRfpSwoQUvV35LqJJk67IOU zfwOl1g kTwml75QR9gHujS6KwGN2QWXgh3ub8gDjTSq muS...

Страница 376: ...lowing example enables manually configuring an SSH public key for SSH public key chain bob key string The key string SSH Public Key string Configuration mode command manually specifies an SSH public key Syntax key string key string row key string Parameters row Indicates the SSH public key row by row key string Specifies the key in UU encoded DER format UU encoded DER format is the same format in ...

Страница 377: ...rings for SSH public key client bob Console config crypto key pubkey chain ssh Console config pubkey chain user key bob rsa Console config pubkey key key string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ ZNXfZSkvHG QusIZ 76ILmFT34v7u7ChFAE Vu4GRfpSwoQUvV35LqJJk67IOU zfwOl1g kTwml75QR9gHujS6KwGN2QWXgh3ub8gDjTSq muSn Wd05iDX2IExQWu08licglk02LYciz Z4TrEU 9FJxwPiVQOjc KBXuR...

Страница 378: ...command Example The following example displays the SSH server configuration The following table describes the significant fields shown in the display Console show ip ssh SSH server enabled Port 22 RSA key was generated DSA DSS key was generated SSH Public Key Authentication is enabled Active incoming sessions IP address SSH username Version Cipher Auth Code 172 16 0 1 John Brown 2 0 3 DES HMAC SHA...

Страница 379: ...for this command Example The following example displays the SSH public RSA keys on the device Cipher Encryption type 3DES Blowfish RC4 Auth Code Authentication Code HMAC MD5 HMAC SHA1 Field Description Console show crypto key mypubkey rsa RSA key data 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 64CAB820 847EDAD9 DF0B4E4C 73A05DD2 BD62...

Страница 380: ...Fingerprint in Bubble Babble format hex Fingerprint in Hex format Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays SSH public keys stored on the device Console show crypto key pubkey chain ssh Username Fingerprint bob 9A CC 01 C5 78 39 27 86 79 CC 2 ...

Страница 381: ...w crypto key pubkey chain ssh 381 Key 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 Fingerprint 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 ...

Страница 382: ...382 CHAPTER 25 SSH COMMANDS ...

Страница 383: ...server is enabled Command Mode Global Configuration mode User Guidelines Only a user with access level 15 can use the Web server Example The following example enables configuring the device from a browser ip http port The ip http port Global Configuration mode command specifies the TCP port to be used by the Web browser interface To restore the default configuration use the no form of this command...

Страница 384: ...t number to 100 ip http exec timeout The ip http exec timeout Global Configuration mode command sets the interval which the system waits to user input in http sessions before automatic logoff To restore the default configuration use the no form of this command Syntax ip http exec timeout minutes seconds no ip http exec timeout Parameters minutes Integer that specifies the number of minutes Range 0...

Страница 385: ...e the no form of this command Syntax ip https server no ip https server Default Configuration Disabled Command Mode Global Configuration mode User Guidelines Use the crypto certificate generate Global Configuration mode command to generate an HTTPS certificate Example The following example enables configuring the device from a secured browser ip https port The ip https port Global Configuration mo...

Страница 386: ...ing example configures the https port number to 100 Console config ip https port 100 crypto certificate generate The crypto certificate generate Global Configuration mode command generates a self signed HTTPS certificate Syntax crypto certificate number generate key generate length cn common name ou organization unit or organization loc location st state cu country duration days Parameters number ...

Страница 387: ...ength is 1024 If no URL or IP address is specified the default common name is the lowest IP address of the device at the time that the certificate is generated If the number of days is not specified the default period of time that the certification is valid is 365 days Command Mode Global Configuration mode User Guidelines The command is not saved in the device configuration however the certificat...

Страница 388: ...e Range 1 64 state Specifies the state or province name Range 1 64 country Specifies the country name Range 2 2 Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode User Guidelines Use this command to export a certificate request to a Certification Authority The certificate request is generated in Base64 encoded X 509 format Before generating a...

Страница 389: ...e signed by Certification Authority to the device To end the session enter an empty line Console crypto certificate 1 request BEGIN CERTIFICATE REQUEST MIwTCCASoCAQAwYjELMAkGA1UEBhMCUFAxCzAJBgNVBAgTAkNDMQswCQYDVQQH EwRDEMMAoGA1UEChMDZGxkMQwwCgYDVQQLEwNkbGQxCzAJBgNVBAMTAmxkMRAw DgKoZIhvcNAQkBFgFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ecwQ HdML0831i0fh F0MV Kib6Sz5p 3nUUenbfHp igVPmFM 1nbqTDekb2ymC...

Страница 390: ...de command configures the active certificate for HTTPS To return to the default configuration use the no form of this command Syntax ip https certificate number no ip https certificate Console config crypto certificate 1 import BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCA...

Страница 391: ...ollowing example configures the active certificate for HTTPS show crypto certificate mycertificate The show crypto certificate mycertificate Privileged EXEC mode command displays the SSH certificates of the device Syntax show crypto certificate mycertificate number Parameters number Specifies the certificate number Range 1 2 Default Configuration This command has no default configuration Command M...

Страница 392: ...DQzMDIwNTE1NFoXDTA0MDQyOTIwNTE1NFow UzELMAkGA1UEBhMCICAxCjAIBgNVBAgTASAxCjAIBgNVBAcTASAxFDASBgNVBAMT CzEwLjYuNDEuMTM4MQowCAYDVQQKEwEgMQowCAYDVQQLEwEgMIGfMA0GCSqGSIb3 DQEBAQUAA4GNADCBiQKBgQDrQxdrGjKwJMtq6YDF4aAoCnY2vXTivToJEn9vI55y eIwn4n2dH1fKCxhnvJSmMk jtA9pbQTALSWCm2S3jllZyWsE tnnPUkkuNtApBa6 6OOy80lpYdpJuSJ8V 0wwvLYooh9h3PDDhSuWaWzCAlV94g1UzkNvrBsGEL5TPEp BQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBADjg8wG...

Страница 393: ...mmand displays the HTTPS server configuration Syntax show ip https Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the HTTP server configuration Console show ip http HTTP server enabled Port 80 ...

Страница 394: ... 51 54 2003 GMT Valid to Apr 29 20 51 54 2004 GMT Subject C ST L CN 10 6 41 138 O OU SHA1 Fingerprint B3536E86 9487B229 C0A44199 DAB98046 7861F705 Certificate 2 is active Issued by C ST L CN 10 6 41 138 O OU Valid From Apr 30 22 16 01 2003 GMT Valid to Apr 29 22 16 01 2004 GMT Subject C ST L CN 10 6 41 138 O OU SHA1 Fingerprint 3DBDF89B 6B3E46A2 4255D023 42A361F2 90ED7042 ...

Страница 395: ... single connection Rather than have the device open and close a TCP connection to the daemon each time it must communicate the single connection option maintains a single open connection between the device and the daemon port number Specifies a server port number The host is not used for authentication if the port number is set to 0 The host is not used for authentication if the port number is set...

Страница 396: ...rver priority is specified default priority 0 is used Command Mode Global Configuration mode User Guidelines Multiple tacacs server host commands can be used to specify multiple hosts Example The following example specifies a TACACS host tacacs server key The tacacs server key Global Configuration mode command sets the authentication encryption key used for all TACACS communications between the de...

Страница 397: ...rvers tacacs server timeout The tacacs server timeout Global Configuration mode command sets the interval during which the device waits for a TACACS server to reply To restore the default configuration use the no form of this command Syntax tacacs server timeout timeout no tacacs server timeout Parameters timeout Specifies the timeout value in seconds Range 1 30 Default Configuration 5 seconds Com...

Страница 398: ... use the no form of this command Syntax tacacs server source ip source no tacacs server source ip source Parameters source Specifies the source IP address Default Configuration The source IP address is the address of the outgoing IP interface Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the source IP ad...

Страница 399: ...ACS server Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays configuration and statistical information about a TACACS server Console show tacacs Device Configuration IP addres s Status Port Single Connec tion TimeOu t Source IP Priority 172 16 1 1 Con...

Страница 400: ...400 CHAPTER 27 TACACS COMMANDS Global values TimeOut 3 ...

Страница 401: ...n Logging is enabled Command Mode Global Configuration mode User Guidelines The logging process controls the distribution of logging messages at various destinations such as the logging buffer logging file or syslog server Logging on and off at these destinations can be individually configured using the logging buffered logging file and logging Global Configuration mode commands However if the log...

Страница 402: ...e port number for syslog messages Range 1 65535 level Specifies the severity level of logged messages sent to the syslog servers Possible values emergencies alerts critical errors warnings notifications informational and debugging facility Specifies the facility that is indicated in the message Possible values local0 local1 local2 local3 local4 local5 local6 local7 text Syslog server description R...

Страница 403: ...nsole The possible values are emergencies alerts critical errors warnings notifications informational debugging Default Configuration The default severity level is informational Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example limits logging messages displayed on the console to severity level errors logging buffered ...

Страница 404: ...d to the internal buffer This command limits the messages displayed to the user Example The following example limits syslog messages displayed from an internal buffer based on severity level debugging logging buffered size The logging buffered size Global Configuration mode command changes the number of syslog messages stored in the internal buffer To restore the default configuration use the no f...

Страница 405: ...buffer to 300 clear logging The clear logging Privileged EXEC mode command clears messages from the internal logging buffer Syntax clear logging Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example clears messages from the internal logging buffer Console config l...

Страница 406: ...cies alerts critical errors warnings notifications informational and debugging Default Configuration The default severity level is errors Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example limits syslog messages sent to the logging file based on severity level alerts clear logging file The clear logging file Privileged...

Страница 407: ...this command Syntax aaa logging login no aaa logging login Parameters login Indicates logging messages related to successful login events unsuccessful login events and other login related events Default Configuration Logging AAA login events is enabled Command Mode Global Configuration mode User Guidelines Other types of AAA events are not subject to this command Example The following example enab...

Страница 408: ...tions delete rename Indicates logging messages related to file deletion and renaming operations Default Configuration Logging file system events is enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables logging messages related to file copy operations management logging The management logging Global Configu...

Страница 409: ...t subject to this command Example The following example enables logging messages related to deny actions of management ACLs show logging The show logging Privileged EXEC mode command displays the state of logging and the syslog messages stored in the internal buffer Syntax show logging Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines...

Страница 410: ...Messages 6 Dropped severity 2 messages were not logged resources Application filtering control Application Event Status AAA Login Enabled File system Copy Enabled File system Delete Rename Enabled Management ACL Deny Enabled Buffer log 11 Aug 2004 15 41 43 LINK 3 UPDOWN Interface FastEthernet0 0 changed state to up 11 Aug 2004 15 41 43 LINK 3 UPDOWN Interface Ethernetg0 changed state to up 11 Aug ...

Страница 411: ...r guidelines for this command 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet0 0 changed state to up 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet0 changed state to down 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet1 changed state to down 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Et...

Страница 412: ...y Syslog server 192 180 2 27 logging errors Messages 6 Dropped severity Syslog server 192 180 2 28 logging errors Messages 6 Dropped severity 2 messages were not logged resources Application filtering control Application Event Status AAA Login Enabled File system Copy Enabled File system Delete Rename Enabled Management ACL Deny Enabled Buffer log 11 Aug 2004 15 41 43 LINK 3 UPDOWN Interface FastE...

Страница 413: ...2004 15 41 43 LINK 3 UPDOWN Interface Ethernetg3 changed state to up 11 Aug 2004 15 41 43 SYS 5 CONFIG_I Configured from memory by console 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet0 0 changed state to up 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on Interface Ethernet0 changed state to down 11 Aug 2004 15 41 39 LINEPROTO 5 UPDOWN Line protocol on In...

Страница 414: ...414 CHAPTER 28 SYSLOG COMMANDS IP address Port Severity Facility Description 192 180 2 2 7 514 Information al local7 192 180 2 2 8 514 Warning local7 ...

Страница 415: ...onfiguration The default ESS is automatically added to the radio interface Command Mode AP Interface Radio Configuration mode User Guidelines There are no user guidelines for this command Example The following example adds an ESS to a radio interface called enterprise bss enable The bss enable Interface Radio Configuration mode command places the device in BSS configuration mode Config wlan ap CR1...

Страница 416: ...uidelines for this command Example The following example places SSID device called enterprise in BSS Configuration mode advertise ssid The advertise ssid BSS Configuration mode command advertises the BSS SSID To disable advertising use the no form of this command Syntax advertise ssid no advertise ssid Parameters This command has no keywords or arguments Default Configuration The BSS SSID is adver...

Страница 417: ...rate1 rate1 12 no data rates The command can be implemented as follows data rates mandatory add rate1 rate1 12 data rates add remove rate1 rate1 12 Parameters rate list Specifies the data rates that should be supported Available rates are as follows 802 11g 1 2 5 5 6 9 11 12 18 24 36 48 and 54 802 11a 6 9 12 18 24 36 48 and 54 Default Configuration All rates are optional except for the following r...

Страница 418: ...ere are no user guidelines for this command Example The following example configures the data rates used in a BSS to 2 while complying with 802 11g Console Config ap radio bss configure enterprise Console Config wlan ap radio bss if data rates mandatory add 2 ...

Страница 419: ... packet The actual packet size is eight bytes larger than the specified size specified because the device adds header information Range 56 1472 bytes packet_count Number of packets to send If 0 is entered it pings until stopped Range 0 65535 packets time_out Timeout in milliseconds to wait for each reply Range 50 65535 milliseconds Default Configuration Default packet size is 56 bytes Default numb...

Страница 420: ...with 64 bytes of data 64 bytes from 10 1 1 1 icmp_seq 0 time 11 ms 64 bytes from 10 1 1 1 icmp_seq 1 time 8 ms 64 bytes from 10 1 1 1 icmp_seq 2 time 8 ms 64 bytes from 10 1 1 1 icmp_seq 3 time 7 ms 10 1 1 1 PING Statistics 4 packets transmitted 4 packets received 0 packet loss round trip ms min avg max 7 8 11 Console ping yahoo com Pinging yahoo com 66 218 71 198 with 64 bytes of data 64 bytes fr...

Страница 421: ...terminates when the destination is reached or when this value is reached Range 1 255 packet_count The number of probes to be sent at each TTL level Range 1 10 time_out The number of seconds to wait for a response to a probe packet Range 1 60 ip address One of the device s interface addresses to use as a source address for the probes The device normally selects what it feels is the best source addr...

Страница 422: ...the round trip time for each The traceroute command sends out one probe at a time Each outgoing packet may result in one or two error messages A time exceeded error message indicates that an intermediate device has seen and discarded the probe A destination unreachable error message indicates that the destination node has received the probe and discarded it because it could not deliver the packet ...

Страница 423: ...ne QSV POS calren2 net 198 32 249 162 1 msec 1 msec 1 msec 5 kscyng snvang abilene ucaid edu 198 32 8 103 33 msec 35 msec 35 msec 6 iplsng kscyng abilene ucaid edu 198 32 8 80 47 msec 45 msec 45 msec 7 so 0 2 0x1 aa1 mich net 192 122 183 9 56 msec 53 msec 54 msec 8 atm1 0x24 michnet8 mich net 198 108 23 82 56 msec 56 msec 57 msec 9 10 A ARB3 LSA NG c SEB umnet umich edu 141 211 5 22 58 msec 58 mse...

Страница 424: ...ber or one of the keywords listed in the Ports table in the User Guidelines keyword One or more keywords listed in the Keywords table in the User Guidelines Default Configuration The default port is the Telnet port decimal23 on the host Command Mode User EXEC mode Field Description The probe timed out Unknown packet type A Administratively unreachable Usually this output indicates that an access l...

Страница 425: ...e screen Several concurrent Telnet sessions can be opened and switched To open a subsequent session the current connection has to be suspended by pressing the escape sequence keys Ctrl shift 6 and x to return to the system command prompt Then open a new connection with the telnet User EXEC mode command Telnet Sequence Purpose Ctrl shift 6 b Break Ctrl shift 6 c Interrupt Process IP Ctrl shift 6 h ...

Страница 426: ...NIX to UNIX Copy Program UUCP and other non Telnet protocols Ctrl shift 6 x Return to System Command Prompt Keyword Description Port Number BGP Border Gateway Protocol 179 chargen Character generator 19 cmd Remote commands 514 daytime Daytime 13 discard Discard 9 domain Domain Name Service 53 echo Echo 7 exec Exec 512 finger Finger 79 ftp File Transfer Protocol 21 ftp data FTP data connections 20 ...

Страница 427: ...les switching to another open Telnet session Syntax resume connection Parameters connection The connection number Range 1 4 connections pim auto rp PIM Auto RP 496 pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 110 smtp Simple Mail Transport Protocol 25 sunrpc Sun Remote Procedure Call 111 syslog Syslog 514 tacacs TAC Access Control System 49 talk Talk 517 telnet Telnet 23 time Time...

Страница 428: ...perating system Syntax reload Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Caution should be exercised when resetting the device to ensure that no other activity is being performed In particular the user should verify that no configuration files are being downloaded at the time of reset Example The following example reloads the o...

Страница 429: ...Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the device host name show users The show users Privileged EXEC mode command displays information about the active users Syntax show users Default Configuration This command has no default configuration C...

Страница 430: ...de command lists open Telnet sessions Syntax show sessions Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example lists open Telnet sessions Console show users Username Protocol Location Bob Serial John SSH 172 16 0 1 Robert HTTP 172 16 0 8 Betty Telnet 17...

Страница 431: ...e no user guidelines for this command Example The following example displays the system information Connection Host Address Port Byte 1 Remote device 172 16 1 1 23 89 2 172 16 1 2 172 16 1 2 23 8 Field Description Connection Connection number Host Remote host to which the device is connected through a Telnet session Address IP address of the remote host Port Telnet TCP port number Byte Number of u...

Страница 432: ... Range 1 8 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command System Up Time days hour min sec 01 12 00 02 System Contact contact name System Name device name System Location location System MAC Address 00 11 22 33 44 55 System Object ID 1 3 6 1 4 1 43 1 20 24 Unit Temperature Celsius Statu...

Страница 433: ...guration use the no form of this command Syntax service cpu utilization no service cpu utilization Default Configuration Disabled Command Mode Global Configuration mode User Guidelines Use the show cpu utilization Privileged EXEC command to view information on CPU utilization Example This example enables measuring CPU utilization Console show version Unit SW version Boot version HW version 1 1 0 0...

Страница 434: ...iguration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Use the service cpu utilization Global Configuration mode command to enable measuring CPU utilization Example The following example configures the CPU utilization information display Console show cpu utilization CPU utilization service is on CPU utilization five seconds 5 one minute 3 five minutes...

Страница 435: ...e level Parameters privilege level Privilege level to enter the system Range 1 15 Default Configuration The default privilege level is 15 Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example enters Privileged EXEC mode Console enable enter password Console ...

Страница 436: ...e system Range 1 15 Default Configuration The default privilege level is 1 Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example return to Users EXEC mode login The login User EXEC mode command changes a login username Syntax login Default Configuration This command has no default configuration Command Mode Console disable Con...

Страница 437: ... configure Privileged EXEC mode command enters the Global Configuration mode Syntax configure Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example enters Global Configuration mode Console login User Name admin Password Console Console configure Console config ...

Страница 438: ...odes User Guidelines There are no user guidelines for this command Example The following example changes the configuration mode from Interface Configuration mode to Privileged EXEC mode exit The exit Privileged User EXEC mode command closes an active terminal session by logging off the device Syntax exit Default Configuration This command has no default configuration Command Mode Privileged and Us...

Страница 439: ...to the Privileged EXEC mode Syntax end Default Configuration This command has no default configuration Command Mode All configuration modes User Guidelines There are no user guidelines for this command Example The following example changes from Global Configuration mode to Privileged EXEC mode help The help command displays a brief description of the help system Console ex1 7it Console config end ...

Страница 440: ...lp may be requested at any point in a command by entering a question mark If nothing matches the currently entered incomplete command the help list is empty This indicates that for a query at this point there is no command matching the current input If the request is within a command enter backspace and erase the entered characters to a point where the request results in a display Help is provided...

Страница 441: ...the Spacebar displays the next screen of output The data dump command enables dumping all output immediately after entering the show command This command is relevant only for the current session Example This example dumps all output immediately after entering a show command debug mode The debug mode Privileged EXEC Command mode switches to debug mode Syntax debug mode Default Configuration This co...

Страница 442: ...ation Command Mode Privileged EXEC mode User Guidelines The buffer includes executed and unexecuted commands Commands are listed from the first to the most recent command The buffer remains unchanged when entering into and returning from configuration modes Example The following example displays all the commands entered while in the current Privileged EXEC mode Console show version SW version 3 13...

Страница 443: ...has no default configuration Command Mode Privileged and User EXEC modes User Guidelines There are no user guidelines for this command Example The following example displays the current privilege level for the Privileged EXEC mode Console show history show version show clock show history 3 commands were logged buffer size is 10 Console show privilege Current privilege level is 15 ...

Страница 444: ...444 CHAPTER 31 USER INTERFACE COMMANDS ...

Страница 445: ...her devices on the network learn these VLANs dynamically The gvrp enable Global Configuration mode command enables GVRP globally To disable GVRP on the device use the no form of this command Syntax gvrp enable no gvrp enable Default Configuration GVRP is globally disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following exam...

Страница 446: ...ccess port does not dynamically join a VLAN because it is always a member in only one VLAN Membership in an untagged VLAN is propagated in the same way as in a tagged VLAN That is the PVID is manually defined as the untagged VLAN VID Example The following example enables GVRP on Ethernet port g6 garp timer The garp timer Interface Configuration Ethernet Port channel mode command adjusts the values...

Страница 447: ...Configuration Ethernet port channel mode User Guidelines The following relationship must be maintained between the timers Leave time must be greater than or equal to three times the join time Leave all time must be greater than the leave time Set the same GARP timer values on all Layer 2 connected devices If the GARP timers are set differently on Layer 2 connected devices the GARP application will...

Страница 448: ...ion from the interface The creation or modification of dynamic VLAN registration entries as a result of the GVRP exchanges on an interface are restricted only to those VLANs for which static VLAN registration exists Example The following example disables dynamic VLAN creation on Ethernet port 1 gvrp registration forbid The gvrp registration forbid Interface Configuration Ethernet port channel mode...

Страница 449: ...tics The clear gvrp statistics Privileged EXEC mode command clears all GVRP statistical information Syntax clear gvrp statistics ethernet interface port channel port channel number Parameters interface A valid Ethernet port Full syntax unit port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Gui...

Страница 450: ...ntax show gvrp configuration ethernet interface port channel port channel number Parameters interface A valid Ethernet port Elana port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privieged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays GVRP configuration infor...

Страница 451: ...lid port channel number Default Configuration This command has no default configuration Command Mode Privieged EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows GVRP statistical information Port s Status Registr ation Dynamic VLAN Creatio n Join Leave Leave All g1 Enabled Normal Enabled 200 600 10000 g4 Enabled Normal Enabled 200 600 10000 ...

Страница 452: ...arameters interface A valid Ethernet port Elana port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privieged EXEC mode User Guidelines There are no user guidelines for this command Timers milliseconds Port s Statu s Regis trati on Dynam ic VLAN Creat ion Join Leave Leave All g1 Enabl ed Norma l Enabl ed 200 600 10000 g4 Enab...

Страница 453: ...atistical information Console show gvrp error statistics GVRP Error Statistics Legend INVPROT Invalid Protocol Id INVALEN Invalid Attribute Length INVATYP Invalid Attribute Type INVEVENT Invalid Event INVAVAL Invalid Attribute Value Port INVPROT INVATYP INVAVAL INVALEN INVEVENT ...

Страница 454: ...454 CHAPTER 32 GVRP COMMANDS ...

Страница 455: ...efault configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enters the VLAN database mode vlan Use the vlan VLAN Database mode command to create a VLAN To delete a VLAN use the no form of this command Syntax vlan vlan range no vlan vlan range Console config vlan database Console config vlan ...

Страница 456: ...re are no user guidelines for this command Example The following example VLAN number 1972 is created interface vlan The interface vlan Global Configuration mode command enters the Interface Configuration VLAN mode Syntax interface vlan vlan id Parameters vlan id Specifies an existing VLAN ID Default Configuration This command has no default configuration Command Mode Global Configuration mode User...

Страница 457: ...iguration This command has no default configuration Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each interface in the range If the command returns an error on one of the interfaces an error message is displayed and execution of the command continues on the other interfaces Configuring all ports may consume an exces...

Страница 458: ...ot be configured for a range of interfaces range context User Guidelines The name string may include numbers and other characters etc but no spaces Example The following example gives VLAN number 19 the name Marketing switchport access vlan The switchport access vlan Interface Configuration mode command configures the VLAN ID when the interface is in access mode To restore the default configuratio...

Страница 459: ...tchport trunk allowed vlan The switchport trunk allowed vlan Interface Configuration mode command adds or removes VLANs to or from a trunk port Syntax switchport trunk allowed vlan add vlan list remove vlan list Parameters add vlan list List of VLAN IDs to be added Separate nonconsecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan list List of VLAN IDs to be...

Страница 460: ...nk mode To restore the default configuration use the no form of this command Syntax switchport trunk native vlan vlan id no switchport trunk native vlan Parameters vlan id Specifies the ID of the native VLAN Default Configuration VID 1 Command Mode Interface Configuration Ethernet port channel mode User Guidelines The command adds the port as a member in native VLAN If the port is already in the V...

Страница 461: ...wed vlan remove vlan list Parameters add vlan list Specifies the list of VLAN IDs to be added Separate nonconsecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan list Specifies the list of VLAN IDs to be removed Separate nonconsecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs tagged Indicates that the port transmits tagged packet...

Страница 462: ...when the interface is in general mode To restore the default configuration use the no form of this command Syntax switchport general pvid vlan id no switchport general pvid Parameters vlan id Specifies the PVID Port VLAN ID Default Configuration If the default VLAN is enabled PVID 1 Otherwise PVID 4095 Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no use...

Страница 463: ... enabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example disables port ingress filtering on Ethernet port 1 switchport general acceptable frame ty pe tagged only The switchport general acceptable frame type tagged only Interface Configuration mode command discards untagged frames at ingress ...

Страница 464: ...nfiguration mode command forbids adding specific VLANs to a port To restore the default configuration use the remove parameter for this command Syntax switchport forbidden vlan add vlan list remove vlan list Parameters add vlan list Specifies the list of VLAN IDs to be added Separate nonconsecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan list Specifies th...

Страница 465: ...1 show vlan The show vlan Privileged EXEC mode command displays VLAN information Syntax show vlan id vlan id name vlan name Parameters vlan id specifies a VLAN ID vlan name Specifies a VLAN name string Range 1 32 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console config i...

Страница 466: ... Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show vlan VLAN Name Ports Type Authorizati on 1 default 1 2 other Required 10 VLAN0010 1 dynamic Required 11 VLAN0011 1 static Required 20 VLAN0020 1 static Required 21 VLAN0021 static Required 30 VLAN0030 static Required 31 VLAN0031 stati...

Страница 467: ...on Syntax show interfaces switchport ethernet interface port channel port channel number Parameters interface A valid Ethernet port number port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show vlan internal usage Usage VLAN Reserved ...

Страница 468: ...itchport ethernet g5 Port g5 Port Mode General Gvrp Status enabled Ingress Filtering true Acceptable Frame Type admitAll Ingress UnTagged VLAN NATIVE 1 Port is member in Vlan Name Engree rule Membership Type 1 1 Untagged System Forbidden VLANS Vlan Name Classification rules Mac based VLANs Group ID Vlan ID Subnet based VLANs Group ID Vlan ID ...

Страница 469: ...d2 Specify at least one method from the following list Default Configuration No authentication method is defined Command Mode Global Configuration mode User Guidelines Additional methods of authentication are used only if the previous method returns an error and not if the request for authentication is denied To ensure that authentication succeeds even if all methods return an error specify none a...

Страница 470: ...on 802 1x is disabled globally Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables 802 1x globally dot1x port control The dot1x port control Interface Configuration mode command enables manually controlling the authorization state of the port To restore the default configuration use the no form of this command ...

Страница 471: ...by the client to authenticate The device cannot provide authentication services to the client through the interface Default Configuration Port is in the force authorized state Command Mode Interface Configuration Ethernet mode User Guidelines It is recommended to disable spanning tree or to enable spanning tree PortFast mode on 802 1x edge ports ports in auto state that are connected to end statio...

Страница 472: ...eriod The dot1x timeout re authperiod Interface Configuration mode command sets the number of seconds between re authentication attempts To restore the default configuration use the no form of this command Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod Parameters seconds Number of seconds between re authentication attempts Range 300 4294967295 Default Configuration Re au...

Страница 473: ...ce Parameters interface Valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following command manually initiates a re authentication of 802 1x enabled Ethernet port g16 dot1x timeout quiet period The dot1x timeout quiet period Interface C...

Страница 474: ...nds Command Mode Interface Configuration Ethernet mode User Guidelines During the quiet period the device does not accept or initiate authentication requests The default value of this command should only be changed to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers To provide a faster response time to the use...

Страница 475: ...fault Configuration Timeout period is 30 seconds Command Mode Interface Configuration Ethernet mode User Guidelines The default value of this command should be changed only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers Example The following command sets the number of seconds that the device waits for a r...

Страница 476: ...y to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers Example The following example sets the number of times that the device sends an EAP request identity frame to 6 dot1x timeout supp timeout The dot1x timeout supp timeout Interface Configuration mode command sets the time for the retransmission of an Extensi...

Страница 477: ...tication servers Example The following example sets the timeout period before retransmitting an EAP request frame to the client to 3600 seconds dot1x timeout server timeout The dot1x timeout server timeout Interface Configuration mode command sets the time that the device waits for a response from the authentication server To restore the default configuration use the no form of this command Syntax...

Страница 478: ...wing example sets the time for the retransmission of packets to the authentication server to 3600 seconds show dot1x The show dot1x Privileged EXEC mode command displays the 802 1x status of the device or specified interface Syntax show dot1x ethernet interface Parameters interface Valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration Command Mod...

Страница 479: ...eriod Username g1 Auto Authoriz ed Ena 3600 Bob g2 Auto Authoriz ed Ena 3600 John g3 Auto Unauthor ized Ena 3600 Clark g4 Force au th Authoriz ed Dis 3600 n a g5 Force au th Unauthor ized Dis 3600 n a Port is down or not present Console show dot1x ethernet 3 802 1x is enabled Port Admin Mode Oper Mode Reauth Control Reauth Period Username g3 Auto Unauthor ized Ena 3600 Clark ...

Страница 480: ...te IDLE Authentication success 9 Authentication fails 1 Field Description Port The port number Admin mode The port admin mode Possible values Force auth Force unauth Auto Oper mode The port oper mode Possible values Authorized Unauthorized or Down Reauth Control Reauthentication control Reauth Period Reauthentication period Username The username representing the identity of the Supplicant This fie...

Страница 481: ...ore restarting the authentication process Supplicant timeout Time in seconds the switch waits for a response to an EAP request frame from the client before resending the request Server timeout Time in seconds the switch waits for a response from the authentication server before resending the request Session Time The amount of time the user is logged in MAC address The supplicant MAC address Authen...

Страница 482: ...EC mode User Guidelines There are no user guidelines for this command Example The following example displays 802 1x users Console show dot1x users Port Username Session Time Auth Method MAC Address g1 Bob 1d 03 08 58 Remote 0008 3b79 8 787 g2 John 08 19 17 None 0008 3b89 3 127 Console show dot1x users username Bob Username Bob Port Username Session Time Auth Method MAC Address g1 Bob 1d 03 08 58 R...

Страница 483: ...ration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays 802 1x statistics for the specified interface Field Description Port The port number Username The username representing the identity of the Supplicant Session Time The period of time the Supplicant is connected to th...

Страница 484: ...n EapolFramesRx The number of valid EAPOL frames of any type that have been received by this Authenticator EapolFramesTx The number of EAPOL frames of any type that have been transmitted by this Authenticator EapolStartFramesRx The number of EAPOL Start frames that have been received by this Authenticator EapolLogoffFramesRx The number of EAPOL Logoff frames that have been received by this Authent...

Страница 485: ...gged packets would be accepted in the unauthorized state EapolReqIdFramesTx The number of EAP Req Id frames that have been transmitted by this Authenticator EapolReqFramesTx The number of EAP Request frames other than Rq Id frames that have been transmitted by this Authenticator InvalidEapolFramesRx The number of EAPOL frames that have been received by this Authenticator in which the frame type is...

Страница 486: ...ace Configuration Ethernet mode User Guidelines This command enables the attachment of multiple clients to a single 802 1x enabled port In this mode only one of the attached hosts must be successfully authorized for all hosts to be granted network access If the port becomes unauthorized all attached clients are denied access to the network For unauthenticated VLANs multiple hosts are always enable...

Страница 487: ...re not the supplicant address but does not learn the source addresses discard Discards frames with source addresses that are not the supplicant address discard shutdown Discards frames with source addresses that are not the supplicant address The port is also shut down trap Indicates that SNMP traps are sent seconds Specifies the minimum amount of time in seconds between consecutive traps Range 1 ...

Страница 488: ... Configuration No VLAN is defined as a guest VLAN Command Mode Interface Configuration VLAN mode User Guidelines Use the dot1x guest vlan enable Interface Configuration mode command to enable unauthorized users on an interface to access the guest VLAN If the guest VLAN is defined and enabled the port automatically joins the guest VLAN when the port is unauthorized and leaves it when the port becom...

Страница 489: ... Disabled Command Mode Interface Configuration Ethernet mode User Guidelines A device can have only one global guest VLAN The guest VLAN is defined using the dot1x guest vlan Interface Configuration mode command Example The following example enables unauthorized users on Ethernet port 1 to access the guest VLAN Console Console configure Console config vlan database Console config vlan vlan 2 Conso...

Страница 490: ...x unit port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays 802 1x advanced features for the device Console show dot1x advanced Guest VLAN 2 Unauthenticated VLANs 91 92 Interface Multiple Hosts Guest VLAN g1 Disabled Enabled g2 Enabled Disabled Cons...

Страница 491: ...ot1x advanced 491 Interface Multiple Hosts Guest VLAN g1 Disabled Enabled Single host parameters Violation action Discard Trap Enabled Trap frequency 100 Status Single host locked Violations since last trap 9 ...

Страница 492: ...492 CHAPTER 34 802 1X COMMANDS ...

Страница 493: ...with 802 11a protocol 802 11g In accordance with 802 11g protocol Default Configuration This command has no default configuration Command Mode AP Configuration mode User Guidelines There are no user guidelines for this command Example The following example places the device in the Radio Configuration mode complying with the 802 11a protocol Console Config wlan ap interface radio 802 11g Console Co...

Страница 494: ... AP Interface Radio Configuration mode User Guidelines Use the wlan tx power off Global Configuration command to globally enable disable TX power TX power is enabled on specific AP only if TX power is enabled globally and for the AP Example The following example administratively enables the radio channel The channel AP Interface Radio Configuration mode command configure the RF channel To restore ...

Страница 495: ...4 802 11a 5170 5180 5190 5200 5210 5220 5230 5240 5260 5280 5300 5320 5745 5765 5785 5805 least congested Enables or disables the scanning for a least busy radio channel Default Configuration Least congested channel Command Mode AP Interface Radio Configuration mode User Guidelines The valid frequencies depend on the country code that was set by the wlan country code Global Configuration command E...

Страница 496: ...aximum power eighth Eighth of the maximum power min Minimum power Default Configuration Maximum power Command Mode AP Interface Radio Configuration mode User Guidelines The maximum power depends on the country code that was set by the wlan country code Global Configuration command The power is off if the wlan tx power off Global Configuration command was activated Example The following example con...

Страница 497: ...sers traffic is allowed Command Mode AP Interface Radio Configuration mode User Guidelines There are no user guidelines for this command Example The following example allows user traffic preamble The preamble AP Interface Radio Configuration mode command configures the preamble support for 802 11g transceivers To restore default use the no form of this command Syntax preamble long short no preambl...

Страница 498: ...ansceivers to long rts threshold The rts threshold AP Interface Radio Configuration mode command configures the Request To Send RTS threshold To restore defaults use the no form of this command Syntax rts threshold number no rts threshold Parameters number Specifies the packet size in bytes above which the access point negotiates an RTS CTS before sending out the packet Range 0 2347 Default Config...

Страница 499: ...ntenna for the transceiver To restore defaults use the no form of this command Syntax antenna diversity 1 2 no antenna Parameters diversity Specifies the antenna with the best signal 1 Specifies antenna number 1 2 Specifies antenna number 2 Default Configuration Diversity Command Mode AP Interface Radio Configuration mode User Guidelines There are no user guidelines for this command Console Config...

Страница 500: ...od Parameters milliseconds Specifies the beacon time in milliseconds Range 50 300 Default Configuration The default beacon period is 100 milliseconds Command Mode AP Interface Radio Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the beacon period to 300 milliseconds Console Config wlan ap interface radio 802 11g Console Con...

Страница 501: ... power off Parameters This command has no keywords or arguments Default Configuration Auto Command Mode Global Configuration mode User Guidelines Use the enable AP interface radio configuration command to enable disable TX power of specific AP TX power is enabled on a specific AP only if TX power is enabled globally and for the AP Example The following example turns off all AP transmitters Console...

Страница 502: ...guidelines for a list of country codes Default Configuration Product specific Command Mode Global Configuration mode User Guidelines The following table lists the supported country codes Country Code Country Code Country Code Albania AL Greenland GL Pakistan PK Algeria DZ Gaudelou pe GP Panama PA Andorra AD Guatemala GT Paraguay PY Argentina AR Guyana GY Peru PE Armenia AM Holy See Vatican City VA...

Страница 503: ...garia BG North Korea KP South Africa ZA Canada CA South Korea KR Spain ES Chile CL Kuwait KW Sri Lanka LK China CN Latvia LV Sweden SE Colombia CO Lebanon LB Switzerlan d CH Costa Rica CR Liechtenst ein LI Syria SY Croatia HR Lithuania LT Taiwan Provinceof China TW Cyprus CY Luxembou rg LU Thailand TH Czech Republic CZ Macau MO Turkey TR Denmark DK Macedoni a MK Ukraine UA Dominican Republic DO Ma...

Страница 504: ...lan tx power auto enable no wlan tx power auto enable Parameters This command has no keywords or arguments Default Configuration Disabled Command Mode Global Configuration mode Egypt EG Mexico MX United States US Estonia EE Moldova Republic of MD Uruguay UY Finland FI Monaco MC Uzbekistan UZ France FR Morocco MA Venezuela VE Georgia GE Netherlan ds NL Vietnam VN Germany DE New Zealand NZ Virgin Is...

Страница 505: ...ration mode command configures the recalculation Auto Transmit Power period To restore defaults use the no form of this command Syntax wlan tx power auto interval minutes no wlan tx power auto interval Parameters minutes Specifies the recalculation period in minutes Range 1 15000 minutes Default Configuration The default recalculation period is 10 minutes Command Mode Global Configuration mode Use...

Страница 506: ... default target signal strength is 68 dBm Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the target signal strength heard at the second closest AP to 50 dBm wlan tx power auto signal loss The wlan tx power auto signal loss Global Configuration mode command configures the minimum signal loss difference tr...

Страница 507: ...l strength difference transmitted received below which two radios are considered too close Example The following example configures the minimum signal loss difference to 30 dB wlan station idle timeout The wlan station idle timeout Global Configuration mode command configures the length of time before an idle station is removed from the system and required to login To restore defaults use the no f...

Страница 508: ...n The clear wlan station Privileged EXEC mode command disassociates a station Syntax clear wlan station mac address Parameters mac address The station MAC address Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example disassociates a station with the MAC address 00...

Страница 509: ... information on the WLAN configuration Syntax show wlan Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command ...

Страница 510: ...x power Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode console show wlan aps Device NAME Device MAC Address 00 f0 00 00 06 25 Type a g State Active 802 11a Radio Enabled 802 11g Radio Enabled VLANs Allowed 2 3 4 5 66 77 88 99 221 224 226 666 1000 Native VLAN 1 Tunnel Source State Enabled Tunnel ...

Страница 511: ...tion Privileged EXEC mode command displays information on the WLAN logging configuration Syntax show wlan logging configuration Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show wlan auto tx power Automatic Transmit Power is...

Страница 512: ...ow wlan stations mac mac address ap name Parameters mac mac address The station s MAC address ap name The AP name Range 1 32 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show wlan logging configuration Station authorized Disabled Station unauthorized Disabled Statio...

Страница 513: ...show wlan stations counters mac mac address Parameters mac mac address The station s MAC address Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Console show wlan stations MAC Address State SSID AP Session Time 00 9E 93 82 83 91 Authorized Enterprise AP1 g 1d 03 08 58 00 9E 93 82 83 92 A...

Страница 514: ...LAN stations Console show wlan stations counters Number of stations 2 MAC Address InPkts OutPkts MIC Errors 00 9E 93 82 83 91 183892 1289 0 00 9E 93 82 83 92 128977 5327 0 console show wlan stations counters mac 00 0e 35 63 5c a7 MAC Address InPkts OutPkts MIC Errors 00 0e 35 63 5c a7 13264 8 0 ...

Страница 515: ...ed and what are its possible causes With the problem known the effects of the problem are recorded including all known results of the problem Once the problem is quantified theappropriate solution can be applied Solutions to common troubleshooting issues are found either in this document or can be obtained through Customer Support If no solution is found in this document please contact Customer Su...

Страница 516: ... management using Telnet HTTP SNMP etc Ensure that the switch has a valid IP address subnet mask and a configured default gateway Check that your cable is properly connected with a valid link light and that the port has not been disabled Ensure that your management station is plugged into the appropriate VLAN to manage the device If you cannot connect using Telnet or the web the maximum number of ...

Страница 517: ...rt representative No connection is established and the port LED is on Wrong network address in the workstation Configure the network address in the workstation No network address set Configure the network address in the workstation Wrong or missing protocol Configure the workstation with IP protocol Faulty ethernet cable Replace the cable Faulty port Replace the module Faulty module Replace the mo...

Страница 518: ...f pairs Check pinout and replace if necessary Fiber optical cable connection is reversed Change if necessary Check Rx and Tx on the fiber optic cable Bad cable Replace with a tested cable Wrong cable type Verify that all 10 Mbps connections use a Cat 5 cable Check the port LED or zoom screen in the NMS application and change settings if necessary Problem Possible Cause Solution ...

Страница 519: ...Troubleshooting Solutions 519 Add and Edit pages do not open A pop up blocker is enabled Disable pop up blockers Problem Possible Cause Solution ...

Страница 520: ...Embedded Web Interface The Password Recovery Procedure is invoked from the Startup menu Reboot the system either by disconnecting the power supply or enter the command the following message is displayed Console reload Are you sure you want to reboot the system y n n Enter Y The device reboots After the POST when the text Autoboot in 2 seconds press RETURN or Esc to abort and enter prom is displaye...

Страница 521: ...Troubleshooting Solutions 521 ...

Страница 522: ...522 CHAPTER 37 TROUBLESHOOTING ...

Отзывы: