Command Line Interface Guide
Page 29
... parameters. The character ? There are displayed. is an argument that require parameters, enter the required parameters after the command keyword. The User Exec mode is entered, and the prompt "Console>" is displayed. 2 Configure the device and enter the necessary commands to set a ...password for this command are two instances where the help is manually entered. Editing Features Entering Commands A CLI command is incomplete and the character ? The following steps: 1 Start the device and wait until...
... parameters. The character ? There are displayed. is an argument that require parameters, enter the required parameters after the command keyword. The User Exec mode is entered, and the prompt "Console>" is displayed. 2 Configure the device and enter the necessary commands to set a ...password for this command are two instances where the help is manually entered. Editing Features Entering Commands A CLI command is incomplete and the character ? The following steps: 1 Start the device and wait until...
Command Line Interface Guide
Page 37
...Protocol (NTP) traffic from servers. Configuration sntp trusted-key Authenticates the identity of addresses present in all or at a Privileged User specific VLAN. Global Configuration sntp anycast client enable Enables Anycast clients. Global Configuration clock summer-time Configures the system to automatically switch... sntp client enable (interface) Enables the SNTP client on an interface. Interface Configuration Command Groups 37 Privileged User EXEC Clock Commands Command Group Description Access Mode clock set Manually sets the system clock.
...Protocol (NTP) traffic from servers. Configuration sntp trusted-key Authenticates the identity of addresses present in all or at a Privileged User specific VLAN. Global Configuration sntp anycast client enable Enables Anycast clients. Global Configuration clock summer-time Configures the system to automatically switch... sntp client enable (interface) Enables the SNTP client on an interface. Interface Configuration Command Groups 37 Privileged User EXEC Clock Commands Command Group Description Access Mode clock set Manually sets the system clock.
Command Line Interface Guide
Page 53
... key pairs. Global Configuration Generates DSA key pairs. Global Configuration Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command. SSH Public Key Manually specifies a SSH public key. Privileged User EXEC Displays the SSH public keys stored on severity. Limits messages logged to the console based...
... key pairs. Global Configuration Generates DSA key pairs. Global Configuration Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command. SSH Public Key Manually specifies a SSH public key. Privileged User EXEC Displays the SSH public keys stored on severity. Limits messages logged to the console based...
Command Line Interface Guide
Page 60
... within a pkcs12 PKCS12 file Privileged User EXEC show crypto certificate Displays the SSL certificates of the client. Global Configuration ip https server Enables the device to Global configure the device. dot1x port-control Enables manual control of the authorization state of... the port dot1x re-authentication Enables periodic re-authentication of the device mycertificate Privileged User EXEC show ip https Displays the HTTPS server configuration. ...
... within a pkcs12 PKCS12 file Privileged User EXEC show crypto certificate Displays the SSL certificates of the client. Global Configuration ip https server Enables the device to Global configure the device. dot1x port-control Enables manual control of the authorization state of... the port dot1x re-authentication Enables periodic re-authentication of the device mycertificate Privileged User EXEC show ip https Displays the HTTPS server configuration. ...
Command Line Interface Guide
Page 61
...servertimeout Sets the time for the retransmission of times that the switch remains Interface in the quiet state following a failed authentication Configuration exchange. Privileged User EXEC Command Groups 61 Interface tion attempts. Configuration request/identity frame, from the client, before restart- dot1x timeout supptimeout Sets the time for... server. dot1x timeout tx-period Sets the number of packets to the client, before resending the request. Configuration dot1x re-authenticate Manually initiates a re-authentication of seconds between re-authentica-
...servertimeout Sets the time for the retransmission of times that the switch remains Interface in the quiet state following a failed authentication Configuration exchange. Privileged User EXEC Command Groups 61 Interface tion attempts. Configuration request/identity frame, from the client, before restart- dot1x timeout supptimeout Sets the time for... server. dot1x timeout tx-period Sets the number of packets to the client, before resending the request. Configuration dot1x re-authenticate Manually initiates a re-authentication of seconds between re-authentica-
Command Line Interface Guide
Page 67
.... Enables authentication based on the interface an access to select one of the 802.1X MAC authentication access control. Enables user-based VLAN assignment. tacacs-server source-ip tacacs-server timeout tacacs-server host tunnel isatap query-interval tunnel isatap robustness tunnel... is known) for the communication with a Port-channel. Enters the VLAN Database Configuration mode. Enables unauthorized users on the station's MAC address. Enables manual control of the authorization state of the port Enables periodic re-authentication of DNS Query/Router Solicitation refresh messages...
.... Enables authentication based on the interface an access to select one of the 802.1X MAC authentication access control. Enables user-based VLAN assignment. tacacs-server source-ip tacacs-server timeout tacacs-server host tunnel isatap query-interval tunnel isatap robustness tunnel... is known) for the communication with a Port-channel. Enters the VLAN Database Configuration mode. Enables unauthorized users on the station's MAC address. Enables manual control of the authorization state of the port Enables periodic re-authentication of DNS Query/Router Solicitation refresh messages...
Command Line Interface Guide
Page 71
... device loads at specific VLAN. show dot1x Displays allowed multiple hosts on the device. Command Modes 71 dot1x re-authenticate Manually initiates a re-authentication of the device show crypto key pubkey-chain Displays SSH public keys stored on an 802.1X-authorized...clear logging file Clears messages from a source to a destination. ipv6 set to auto. set Manually sets the system clock. reload Reloads the operating system. show dot1x users Displays 802.1X statistics for HTTPS. show copper-ports cable-length Displays the estimated copper cable ...
... device loads at specific VLAN. show dot1x Displays allowed multiple hosts on the device. Command Modes 71 dot1x re-authenticate Manually initiates a re-authentication of the device show crypto key pubkey-chain Displays SSH public keys stored on an 802.1X-authorized...clear logging file Clears messages from a source to a destination. ipv6 set to auto. set Manually sets the system clock. reload Reloads the operating system. show dot1x users Displays 802.1X statistics for HTTPS. show copper-ports cable-length Displays the estimated copper cable ...
Command Line Interface Guide
Page 72
...Reflectometry) technology the quality and characteristics of interfaces configured for IPv6. SP (SSH Public Key) Mode Command key-string user-key Description Manually specifies a SSH public key. show spanning-tree Displays spanning tree configuration. show ipv6 neighbors Displays IPv6 neighbor discovery ... the SNMP status. show ports storm-control Displays the storm control configuration. Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command 72 Command Modes show ipv6 route Displays the current state...
...Reflectometry) technology the quality and characteristics of interfaces configured for IPv6. SP (SSH Public Key) Mode Command key-string user-key Description Manually specifies a SSH public key. show spanning-tree Displays spanning tree configuration. show ipv6 neighbors Displays IPv6 neighbor discovery ... the SNMP status. show ports storm-control Displays the storm control configuration. Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command 72 Command Modes show ipv6 route Displays the current state...
Command Line Interface Guide
Page 123
... month using the first three letters by date) in hours (military format), minutes, and seconds. (0 - 23, mm: 0 59, ss: 0 - 59) • day - User Guidelines • There are no user guidelines for the system clock. Clock 123 Example The following example sets the system time to 13:32:00 on the 7th March... an external time source for this command. Syntax • clock set hh:mm:ss day month year or • clock set Privileged EXEC mode command manually sets the system clock. Clock clock set The clock set hh:mm:ss month day year • hh:mm:ss -
... month using the first three letters by date) in hours (military format), minutes, and seconds. (0 - 23, mm: 0 59, ss: 0 - 59) • day - User Guidelines • There are no user guidelines for the system clock. Clock 123 Example The following example sets the system time to 13:32:00 on the 7th March... an external time source for this command. Syntax • clock set hh:mm:ss day month year or • clock set Privileged EXEC mode command manually sets the system clock. Clock clock set The clock set hh:mm:ss month day year • hh:mm:ss -
Command Line Interface Guide
Page 124
... mode. Minutes difference from UTC. (Range: -12 - +13) • minutes minutes-offset - Use the no clock source • sntp - User Guidelines • There are no clock timezone • hours-offset - Syntax • clock timezone hours-offset [minutes minutes-offset] [zone acronym] • no... this command to set . 124 Clock The acronym of this command. SNTP servers Default Configuration No external clock source. User Guidelines • The system internally keeps time in UTC, so this command is manually set the time to 4 characters) Default Configuration UTC.
... mode. Minutes difference from UTC. (Range: -12 - +13) • minutes minutes-offset - Use the no clock source • sntp - User Guidelines • There are no clock timezone • hours-offset - Syntax • clock timezone hours-offset [minutes minutes-offset] [zone acronym] • no... this command to set . 124 Clock The acronym of this command. SNTP servers Default Configuration No external clock source. User Guidelines • The system internally keeps time in UTC, so this command is manually set the time to 4 characters) Default Configuration UTC.
Command Line Interface Guide
Page 157
Command Mode Interface Configuration mode. Manual mdix • auto - Example The following example enables flow control on - Command Mode Interface Configuration (Ethernet) mode. Ethernet Configuration Commands 157 To disable ... is only operational on the 48 port device. Syntax • mdix {on | auto} • no system flowcontrol Default Configuration System flowcontrol is disabled. User Guidelines This command is enabled. Console(config)# interface ethernet 1/4 Console(config-if)# system flowcontrol mdix The mdix Interface Configuration mode command enables automatic crossover on...
Command Mode Interface Configuration mode. Manual mdix • auto - Example The following example enables flow control on - Command Mode Interface Configuration (Ethernet) mode. Ethernet Configuration Commands 157 To disable ... is only operational on the 48 port device. Syntax • mdix {on | auto} • no system flowcontrol Default Configuration System flowcontrol is disabled. User Guidelines This command is enabled. Console(config)# interface ethernet 1/4 Console(config-if)# system flowcontrol mdix The mdix Interface Configuration mode command enables automatic crossover on...
Command Line Interface Guide
Page 187
... The gvrp enable Interface Configuration mode command enables GVRP on the device. Syntax • gvrp enable • no form of this command. User Guidelines • There are no form of this command to disable GVRP on the network learn these VLANs dynamically. Example The following example globally ... VLAN information from device to disable GVRP globally on the switch. Use the no gvrp enable Default Configuration GVRP is manually configured with all desired VLANs for this command to device. GVRP Commands 187 With GVRP, a single switch is globally disabled.
... The gvrp enable Interface Configuration mode command enables GVRP on the device. Syntax • gvrp enable • no form of this command. User Guidelines • There are no form of this command to disable GVRP on the network learn these VLANs dynamically. Example The following example globally ... VLAN information from device to disable GVRP globally on the switch. Use the no gvrp enable Default Configuration GVRP is manually configured with all desired VLANs for this command to device. GVRP Commands 187 With GVRP, a single switch is globally disabled.
Command Line Interface Guide
Page 220
...contiguous bits of the address comprise the prefix (the network portion of the IPv6 address based on the interface MAC address. • anycast - User Guidelines • If the value specified for the interface. Syntax • ipv6 address ipv6-address/prefix-length [eui-64] [anycast] •... no ipv6 address command without arguments removes all manually configured IPv6 addresses from the interface. The address is defined for the /prefix-length argument is greater than 64 bits, the prefix bits ...
...contiguous bits of the address comprise the prefix (the network portion of the IPv6 address based on the interface MAC address. • anycast - User Guidelines • If the value specified for the interface. Syntax • ipv6 address ipv6-address/prefix-length [eui-64] [anycast] •... no ipv6 address command without arguments removes all manually configured IPv6 addresses from the interface. The address is defined for the /prefix-length argument is greater than 64 bits, the prefix bits ...
Command Line Interface Guide
Page 221
... be configured for a range of the interface is FE80::EUI64 (interface MAC address). Link local address of interfaces (range context). User Guidelines • Using the no form of this command to return to the default link local address on the interface. Multiple IPv6...system automatically generates a link-local address for interface g1. IP Addressing Commands 221 Use the no ipv6 link-local address command removes the manually configured link local IPv6 address from an interface. Command Mode Interface configuration (Ethernet, VLAN, Port-channel). When the no ipv6 address ...
... be configured for a range of the interface is FE80::EUI64 (interface MAC address). Link local address of interfaces (range context). User Guidelines • Using the no form of this command to return to the default link local address on the interface. Multiple IPv6...system automatically generates a link-local address for interface g1. IP Addressing Commands 221 Use the no ipv6 link-local address command removes the manually configured link local IPv6 address from an interface. Command Mode Interface configuration (Ethernet, VLAN, Port-channel). When the no ipv6 address ...
Command Line Interface Guide
Page 225
...interface-number - g2 7001::5668/64 [ANY] g2 6001::1234/64 g2 fe80::22/64 g2 ff02::1 g2 ff02::78 Type ----manual manual manual linklayer manual IP Addressing Commands 225 Ethernet port number • vlan vlan-id - Examples The following example defines an IPv6 default gateway. VLAN ...number • port-channel number - User Guidelines • To display IPv6 neighbor discovery cache information, use the show ipv6 interface ...
...interface-number - g2 7001::5668/64 [ANY] g2 6001::1234/64 g2 fe80::22/64 g2 ff02::1 g2 ff02::78 Type ----manual manual manual linklayer manual IP Addressing Commands 225 Ethernet port number • vlan vlan-id - Examples The following example defines an IPv6 default gateway. VLAN ...number • port-channel number - User Guidelines • To display IPv6 neighbor discovery cache information, use the show ipv6 interface ...
Command Line Interface Guide
Page 227
...:1:1:1:200:b0ff:fe00 other :: 3001::1/64 manual 4004::55/64 [ANY] manual fe80::200:b0ff:fe00:0 linklayer ff02::1 linklayer ff02::77 manual ff02::1:ff00:0 manual ff02::1:ff00:1 manual ff02::1:ff00:55 manual DAD State --------Active Active Active Active Active show ipv6 route The show ipv6 route Default Configuration This command has no user guidelines for this command.
...:1:1:1:200:b0ff:fe00 other :: 3001::1/64 manual 4004::55/64 [ANY] manual fe80::200:b0ff:fe00:0 linklayer ff02::1 linklayer ff02::77 manual ff02::1:ff00:0 manual ff02::1:ff00:1 manual ff02::1:ff00:55 manual DAD State --------Active Active Active Active Active show ipv6 route The show ipv6 route Default Configuration This command has no user guidelines for this command.
Command Line Interface Guide
Page 380
...Configuration mode command specifies which SSH public key is used when you need to manually specify SSH client's public keys. Example The following example enters the SSH Public Key-chain Configuration mode. User Guidelines • Use this command to enter Public Key-chain Configuration mode. ... • crypto key pubkey-chain ssh Default Configuration By default, there are no user guidelines for incoming SSH sessions. User Guidelines • There are no form of this command to manually specify other device public keys such as SSH client public keys. Example The following ...
...Configuration mode command specifies which SSH public key is used when you need to manually specify SSH client's public keys. Example The following example enters the SSH Public Key-chain Configuration mode. User Guidelines • Use this command to enter Public Key-chain Configuration mode. ... • crypto key pubkey-chain ssh Default Configuration By default, there are no user guidelines for incoming SSH sessions. User Guidelines • There are no form of this command to manually specify other device public keys such as SSH client public keys. Example The following ...
Command Line Interface Guide
Page 381
...rsa Console(config-pubkey-key)# key-string row key-string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl key-string The key-string SSH Public Key-String Configuration mode command manually specifies a SSH public key. RSA key. • dsa - Default Configuration By default, the keys do not exist. Specifies ...the remote SSH client username, which can be manually configured for the SSH public key chain called "bob". Command Mode SSH Public Key Chain Configuration mode. Syntax • user-key username {rsa | dsa} • no keys. Default Configuration By default...
...rsa Console(config-pubkey-key)# key-string row key-string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl key-string The key-string SSH Public Key-String Configuration mode command manually specifies a SSH public key. RSA key. • dsa - Default Configuration By default, the keys do not exist. Specifies ...the remote SSH client username, which can be manually configured for the SSH public key chain called "bob". Command Mode SSH Public Key Chain Configuration mode. Syntax • user-key username {rsa | dsa} • no keys. Default Configuration By default...
Command Line Interface Guide
Page 492
...• dot1x system-auth-control • no dot1x system-auth-control • This command has no user guidelines for this command to return to disable 802.1x globally. User Guidelines • There are no arguments or keywords. Use the no authentication. Console(config)# dot1x system-...auth-control dot1x port-control The dot1x port-control Interface Configuration mode command enables manual control of the authorization state of this...
...• dot1x system-auth-control • no dot1x system-auth-control • This command has no user guidelines for this command to return to disable 802.1x globally. User Guidelines • There are no arguments or keywords. Use the no authentication. Console(config)# dot1x system-...auth-control dot1x port-control The dot1x port-control Interface Configuration mode command enables manual control of the authorization state of this...
Command Line Interface Guide
Page 495
...interface - Valid Ethernet port. (Full syntax: unit/port) Default Configuration This command has no dot1x timeout quiet-period • seconds - User Guidelines There are no form of this command. Command Mode Privileged EXEC mode. Examples • The following a failed authentication exchange (for example...the default setting. dot1x re-authenticate The dot1x re-authenticate Privileged EXEC mode command manually initiates a re-authentication of the 802.1X-enabled port. Use the no user guidelines for 60 seconds. Console# dot1x re-authenticate ethernet g8 dot1x timeout quiet-...
...interface - Valid Ethernet port. (Full syntax: unit/port) Default Configuration This command has no dot1x timeout quiet-period • seconds - User Guidelines There are no form of this command. Command Mode Privileged EXEC mode. Examples • The following a failed authentication exchange (for example...the default setting. dot1x re-authenticate The dot1x re-authenticate Privileged EXEC mode command manually initiates a re-authentication of the 802.1X-enabled port. Use the no user guidelines for 60 seconds. Console# dot1x re-authenticate ethernet g8 dot1x timeout quiet-...