Command Line Interface Guide
Page 24
...-request-id 499 show dot1x 500 show dot1x users 502 show dot1x statistics 503 ADVANCED FEATURES 505 dot1x auth-not-req 505 dot1x multiple-hosts 506 dot1x single-host-violation 506 dot1x guest-vlan 507 dot1x guest-vlan enable 508 dot1x mac-authentication 509 dot1x traps mac-authentication failure 509 dot1x radius-attributes...
...-request-id 499 show dot1x 500 show dot1x users 502 show dot1x statistics 503 ADVANCED FEATURES 505 dot1x auth-not-req 505 dot1x multiple-hosts 506 dot1x single-host-violation 506 dot1x guest-vlan 507 dot1x guest-vlan enable 508 dot1x mac-authentication 509 dot1x traps mac-authentication failure 509 dot1x radius-attributes...
Command Line Interface Guide
Page 39
... dhcp snooping verify Configures the switch to verify that on a VLAN. Interface Configuration (Ethernet, port-channel) ip dhcp snooping information option allowed-untrusted Configures a switch to configure Global multiple Ethernet type interfaces. Configuration Disables interfaces. Global Configuration ip dhcp... Access Mode ip dhcp snooping Globally enables Dynamic Host Configuration Protocol (DHCP) snooping Global Configuration ip dhcp snooping vlan Enables DHCP snooping on an untrusted port the source MAC address in a DHCP packet matches the client hardware ...
... dhcp snooping verify Configures the switch to verify that on a VLAN. Interface Configuration (Ethernet, port-channel) ip dhcp snooping information option allowed-untrusted Configures a switch to configure Global multiple Ethernet type interfaces. Configuration Disables interfaces. Global Configuration ip dhcp... Access Mode ip dhcp snooping Globally enables Dynamic Host Configuration Protocol (DHCP) snooping Global Configuration ip dhcp snooping vlan Enables DHCP snooping on an untrusted port the source MAC address in a DHCP packet matches the client hardware ...
Command Line Interface Guide
Page 52
Interface Configuration Enables configuring an MST region by entering the Multiple Spanning Tree (MST) mode. Global Configuration Maps VLANS to Global MSTP instances. MST Configuration mode Exits the MST Configuration mode and applies all the spanning tree instances on Interface that interface. Global Configuration ... spanning-tree Spanning-tree guard root Spanning-tree guard root Configures port priority for the specified MST instance Interface Configuration Configures the path cost for multiple spanning tree (MST) calculations.
Interface Configuration Enables configuring an MST region by entering the Multiple Spanning Tree (MST) mode. Global Configuration Maps VLANS to Global MSTP instances. MST Configuration mode Exits the MST Configuration mode and applies all the spanning tree instances on Interface that interface. Global Configuration ... spanning-tree Spanning-tree guard root Spanning-tree guard root Configures port priority for the specified MST instance Interface Configuration Configures the path cost for multiple spanning tree (MST) calculations.
Command Line Interface Guide
Page 57
... commands entered in the All CLI mode hierarchy. Configures a name to User EXEC mode. All Returns to a VLAN. All Enables the command history function. All Changes a login username. All Switches the mode to configure multiple VLANs. User Interface Commands Command Group enable disable login configure exit(configuration) exit(EXEC) end help system. EXEC...
... commands entered in the All CLI mode hierarchy. Configures a name to User EXEC mode. All Returns to a VLAN. All Enables the command history function. All Changes a login username. All Switches the mode to configure multiple VLANs. User Interface Commands Command Group enable disable login configure exit(configuration) exit(EXEC) end help system. EXEC...
Command Line Interface Guide
Page 62
...users access to default. uration (Ethernet) dot1x macauthentication Enables authentication based on the interface access to auto. vlan Interface Configuration show dot1x advanced Displays 802.1X advanced features for the switch or for the Privileged EXEC specified...when a station of which Interface Config- Guest VLAN. Interface Configuration (Ethernet) dot1x single-hostviolation Configures the action to access the interface. (Ethernet) dot1x guest-vlan Defines a Guest VLAN. VLAN Configuration dot1x multiple-hosts Allows multiple hosts (clients) on an 802.1X-authorized...
...users access to default. uration (Ethernet) dot1x macauthentication Enables authentication based on the interface access to auto. vlan Interface Configuration show dot1x advanced Displays 802.1X advanced features for the switch or for the Privileged EXEC specified...when a station of which Interface Config- Guest VLAN. Interface Configuration (Ethernet) dot1x single-hostviolation Configures the action to access the interface. (Ethernet) dot1x guest-vlan Defines a Guest VLAN. VLAN Configuration dot1x multiple-hosts Allows multiple hosts (clients) on an 802.1X-authorized...
Command Line Interface Guide
Page 64
...SSH server. Enters the Interface Configuration mode of this command to return to configure the device. Enables the device to configure multiple portchannels. Enables public key authentication for http. Enables Internet Group Management Protocol (IGMP) snooping Sets the available name servers.... to complete unqualified host names. Enters the Interface Configuration mode to be configured from a browser. Specifies the port to configure multiple VLANs. Use the no form of a specific port-channel. dot1x system-auth-control enable password end gvrp enable (global) hostname ...
...SSH server. Enters the Interface Configuration mode of this command to return to configure the device. Enables the device to configure multiple portchannels. Enables public key authentication for http. Enables Internet Group Management Protocol (IGMP) snooping Sets the available name servers.... to complete unqualified host names. Enters the Interface Configuration mode to be configured from a browser. Specifies the port to configure multiple VLANs. Use the no form of a specific port-channel. dot1x system-auth-control enable password end gvrp enable (global) hostname ...
Command Line Interface Guide
Page 71
... number of the device show dot1x advanced Displays 802.1X enhanced features for the switch or for HTTPS. show dot1x Displays allowed multiple hosts on an interface. clear logging file Clears messages from a source to a port. clock set system Activates/deactivates specified features... active Reactivates an interface that has the dot1x port-control Interface Configuration command set mtu Sets the MTU size of all VLANs or at startup show crypto certificate mycertificate Displays the SSL certificates of addresses present in the ARP table. Displays Multicast MAC...
... number of the device show dot1x advanced Displays 802.1X enhanced features for the switch or for HTTPS. show dot1x Displays allowed multiple hosts on an interface. clear logging file Clears messages from a source to a port. clock set system Activates/deactivates specified features... active Reactivates an interface that has the dot1x port-control Interface Configuration command set mtu Sets the MTU size of all VLANs or at startup show crypto certificate mycertificate Displays the SSL certificates of addresses present in the ARP table. Displays Multicast MAC...
Command Line Interface Guide
Page 110
... Multicast filtering configuration. show bridge multicast filtering The show bridge multicast address-table format ip Multicast address table for VLANs in MAC-GROUP bridging mode: Vlan IP/Mac Address Type Ports ----- ---------- 1 224-239.130|2.2.3 static g1,g2 19 224-239.130|2.2.8 static... 224-239.130|2.2.8 dynamic g9-11 Forbidden ports for Multicast addresses: Vlan ---1 19 IP/Mac Address ----------224-239.130|2.2.3 224-239.130|2.2.8 Ports ---------g8 g8 NOTE: A Multicast MAC address maps to multiple IP addresses, as shown above. Syntax • show bridge multicast...
... Multicast filtering configuration. show bridge multicast filtering The show bridge multicast address-table format ip Multicast address table for VLANs in MAC-GROUP bridging mode: Vlan IP/Mac Address Type Ports ----- ---------- 1 224-239.130|2.2.3 static g1,g2 19 224-239.130|2.2.8 static... 224-239.130|2.2.8 dynamic g9-11 Forbidden ports for Multicast addresses: Vlan ---1 19 IP/Mac Address ----------224-239.130|2.2.3 224-239.130|2.2.8 Ports ---------g8 g8 NOTE: A Multicast MAC address maps to multiple IP addresses, as shown above. Syntax • show bridge multicast...
Command Line Interface Guide
Page 189
...Console (config)# interface ethernet g8 Console (config-if)# garp timer leave 900 gvrp vlan-creation-forbid The gvrp vlan-creation-forbid Interface Configuration mode command enables or disables dynamic VLAN creation. GVRP Commands 189 Default Configuration The default timer values are set differently on all... VLAN creation is enabled. Syntax • gvrp vlan-creation-forbid • no form of 10. • You must maintain the following example sets the leave timer for the various timer values: - ·Leave time must be a multiple of this command to disable dynamic VLAN ...
...Console (config)# interface ethernet g8 Console (config-if)# garp timer leave 900 gvrp vlan-creation-forbid The gvrp vlan-creation-forbid Interface Configuration mode command enables or disables dynamic VLAN creation. GVRP Commands 189 Default Configuration The default timer values are set differently on all... VLAN creation is enabled. Syntax • gvrp vlan-creation-forbid • no form of 10. • You must maintain the following example sets the leave timer for the various timer values: - ·Leave time must be a multiple of this command to disable dynamic VLAN ...
Command Line Interface Guide
Page 221
... command configures an IPv6 link-local address for link-local addresses. The address is FE80::EUI64 (interface MAC address). Command Mode Interface configuration (Ethernet, VLAN, Port-channel). Multiple IPv6 addresses can be used ). The system supports only 64 bits prefix length for an interface. The IPv6 network address assigned to the default...
... command configures an IPv6 link-local address for link-local addresses. The address is FE80::EUI64 (interface MAC address). Command Mode Interface configuration (Ethernet, VLAN, Port-channel). Multiple IPv6 addresses can be used ). The system supports only 64 bits prefix length for an interface. The IPv6 network address assigned to the default...
Command Line Interface Guide
Page 357
...,000 Short 4 4 19 100 Command Modes Interface Configuration (Ethernet, port-channel) mode. User Guidelines • All devices in an MST region must have the same VLAN mapping, configuration revision number and name. Default Setting Default path cost is no default configuration. Command Mode Global Configuration mode. Example The following example configures... Default Setting This command has no default configuration for Ethernet port g9 to 4. Spanning-Tree Commands 357 Default Configuration There is determined by entering the Multiple Spanning Tree (MST) mode.
...,000 Short 4 4 19 100 Command Modes Interface Configuration (Ethernet, port-channel) mode. User Guidelines • All devices in an MST region must have the same VLAN mapping, configuration revision number and name. Default Setting Default path cost is no default configuration. Command Mode Global Configuration mode. Example The following example configures... Default Setting This command has no default configuration for Ethernet port g9 to 4. Spanning-Tree Commands 357 Default Configuration There is determined by entering the Multiple Spanning Tree (MST) mode.
Command Line Interface Guide
Page 388
.... (Range: 1 - 64 characters) Default Configuration As described in the message. interface-name - integer - | - User Guidelines • Multiple syslog servers can be used . • If no logging {ip4-address | ip6-address | hostname} • ip4-address - vlan | ch | isatap | | 0 - Specifying interface zone=0 is selected. If unspecified, the default level is errors. • facility - Syntax...
.... (Range: 1 - 64 characters) Default Configuration As described in the message. interface-name - integer - | - User Guidelines • Multiple syslog servers can be used . • If no logging {ip4-address | ip6-address | hostname} • ip4-address - vlan | ch | isatap | | 0 - Specifying interface zone=0 is selected. If unspecified, the default level is errors. • facility - Syntax...
Command Line Interface Guide
Page 453
... command has no spaces; Example The following example groups VLAN 221 until 228 and VLAN 889 to configure multiple VLANs. Use the no name • string - Unique name, up to 32 characters in the range. Syntax • interface range vlan {vlan-range | all - a hyphen designates a range of valid VLAN IDs to be associated with a comma and no...
... command has no spaces; Example The following example groups VLAN 221 until 228 and VLAN 889 to configure multiple VLANs. Use the no name • string - Unique name, up to 32 characters in the range. Syntax • interface range vlan {vlan-range | all - a hyphen designates a range of valid VLAN IDs to be associated with a comma and no...
Command Line Interface Guide
Page 506
... as long as the port is not the supplicant MAC address, attempts to the network. • For unauthenticated VLANs multiple hosts are disabled. Multiple-hosts must be taken when a station of this port. Use the no form of which the MAC address is member in.... User Guidelines • This command enables the attachment of the attached hosts must be granted network access. console config-if(Config-VLAN)#dot1x multiple-hosts dot1x single-host-violation The dot1x single-host-violation Interface Configuration mode command configures the action to be successfully authorized for all...
... as long as the port is not the supplicant MAC address, attempts to the network. • For unauthenticated VLANs multiple hosts are disabled. Multiple-hosts must be taken when a station of this port. Use the no form of which the MAC address is member in.... User Guidelines • This command enables the attachment of the attached hosts must be granted network access. console config-if(Config-VLAN)#dot1x multiple-hosts dot1x single-host-violation The dot1x single-host-violation Interface Configuration mode command configures the action to be successfully authorized for all...
Command Line Interface Guide
Page 507
...-violation forward trap 100 dot1x guest-vlan The dot1x guest-vlan Interface Configuration mode command defines a Guest VLAN. The port is disabled and the user has been successfully authenticated. User Guidelines • The command is relevant when Multiple hosts is also shutdown. •... Configuration (Ethernet) mode. Use the no form of this command to return to forward frames with source addresses. Syntax • dot1x guest-vlan • no port dot1x single-host-violation • forward - Syntax • dot1x single-host-violation {forward | discard | discard-shutdown...
...-violation forward trap 100 dot1x guest-vlan The dot1x guest-vlan Interface Configuration mode command defines a Guest VLAN. The port is disabled and the user has been successfully authenticated. User Guidelines • The command is relevant when Multiple hosts is also shutdown. •... Configuration (Ethernet) mode. Use the no form of this command to return to forward frames with source addresses. Syntax • dot1x guest-vlan • no port dot1x single-host-violation • forward - Syntax • dot1x single-host-violation {forward | discard | discard-shutdown...
Command Line Interface Guide
Page 510
... traps when a MAC address was failed in the multiple sessions mode (multiple hosts with authentication). • When RADIUS attributes are enabled and the RADIUS Accept message does not contain as an attribute the supplicant's VLAN, then the supplicant is Forced Authorized. • ...of this command. console config-if(Config)# dot1x traps mac-authentication failure dot1x radius-attributes vlan The dot1x radius-attributes vlan Interface Configuration mode command enables user-based VLAN assignment. Command Mode Global configuration mode. User Guidelines • There are sent untagged. ...
... traps when a MAC address was failed in the multiple sessions mode (multiple hosts with authentication). • When RADIUS attributes are enabled and the RADIUS Accept message does not contain as an attribute the supplicant's VLAN, then the supplicant is Forced Authorized. • ...of this command. console config-if(Config)# dot1x traps mac-authentication failure dot1x radius-attributes vlan The dot1x radius-attributes vlan Interface Configuration mode command enables user-based VLAN assignment. Command Mode Global configuration mode. User Guidelines • There are sent untagged. ...
Command Line Interface Guide
Page 512
... g19 Authenticate Disabled Disabled g20 Authenticate Disabled Disabled g21 Authenticate Disabled Disabled g22 Authenticate Disabled Disabled 512 802.1x Commands Console# show dot1x advanced Guest VLAN: 100 Guest VLAN timeout Unauthenticated VLANs: Interface Multiple Hosts Guest VLAN MAC Assignment Async-reqId Authentication ----- ------- ---- Examples The following example displays 802.1X advanced features for the switch.
... g19 Authenticate Disabled Disabled g20 Authenticate Disabled Disabled g21 Authenticate Disabled Disabled g22 Authenticate Disabled Disabled 512 802.1x Commands Console# show dot1x advanced Guest VLAN: 100 Guest VLAN timeout Unauthenticated VLANs: Interface Multiple Hosts Guest VLAN MAC Assignment Async-reqId Authentication ----- ------- ---- Examples The following example displays 802.1X advanced features for the switch.
User's Guide
Page 9
... Settings 312 Configuring Rapid Spanning Tree 314 Configuring Multiple Spanning Tree 317 Defining MSTP Interface Settings 321 Configuring VLANs 323 Defining VLAN Ports Settings 331 Defining VLAN LAG Settings 334 Defining VLAN Protocol Groups 337 Adding Protocol Ports 339 Configuring GVRP 340 Configuring Voice VLANs 343 Defining Voice VLAN Port Settings 347 Defining OUIs 349 Aggregating Ports...
... Settings 312 Configuring Rapid Spanning Tree 314 Configuring Multiple Spanning Tree 317 Defining MSTP Interface Settings 321 Configuring VLANs 323 Defining VLAN Ports Settings 331 Defining VLAN LAG Settings 334 Defining VLAN Protocol Groups 337 Adding Protocol Ports 339 Configuring GVRP 340 Configuring Voice VLANs 343 Defining Voice VLAN Port Settings 347 Defining OUIs 349 Aggregating Ports...
User's Guide
Page 17
... 3 protocols. Port Based Virtual LANs (VLANs) Port-based VLANs classify incoming packets to a VLAN based on either the VLAN tag or based on page 317. GVRP Support GARP VLAN Registration Protocol (GVRP) provides IEEE 802.1Q-compliant VLAN pruning and dynamic VLAN creation on their ingress port. For more information, see "Configuring Multiple Spanning Tree" on a combination of...
... 3 protocols. Port Based Virtual LANs (VLANs) Port-based VLANs classify incoming packets to a VLAN based on either the VLAN tag or based on page 317. GVRP Support GARP VLAN Registration Protocol (GVRP) provides IEEE 802.1Q-compliant VLAN pruning and dynamic VLAN creation on their ingress port. For more information, see "Configuring Multiple Spanning Tree" on a combination of...
User's Guide
Page 18
... or "Defining STP LAG Settings" on page 351. This enables: • Fault tolerance protection from functioning as the root port for the switch Multiple Spanning Tree (MSTP) MTSP operation maps VLAN into STP instances. STP Root Guard Root guard restricts the interface from physical link disruption • Higher bandwidth connections 18 Introduction...
... or "Defining STP LAG Settings" on page 351. This enables: • Fault tolerance protection from functioning as the root port for the switch Multiple Spanning Tree (MSTP) MTSP operation maps VLAN into STP instances. STP Root Guard Root guard restricts the interface from physical link disruption • Higher bandwidth connections 18 Introduction...