Command Line Interface Guide
Page 5
Web Server Commands 59 802.1x Commands 60 802.1x Advanced Commands 62 3 Command Modes 63 GC (Global Configuration) Mode 63 IC (Interface Configuration) Mode 67 LC (Line Configuration) Mode 70 MA (Management Access-level) Mode 70 PE (Privileged User EXEC) Mode 70 SP (SSH Public Key) Mode 72 UE (User EXEC) Mode 73 VC (VLAN Configuration) Mode 74 4 ACL Commands 75 ip access-list 75 mac access-list 75 permit (ip 76 deny (IP 78 permit (MAC 80 deny (MAC 81 service-acl 82 show access-lists 83 show interfaces access-lists 84 Contents 5
Web Server Commands 59 802.1x Commands 60 802.1x Advanced Commands 62 3 Command Modes 63 GC (Global Configuration) Mode 63 IC (Interface Configuration) Mode 67 LC (Line Configuration) Mode 70 MA (Management Access-level) Mode 70 PE (Privileged User EXEC) Mode 70 SP (SSH Public Key) Mode 72 UE (User EXEC) Mode 73 VC (VLAN Configuration) Mode 74 4 ACL Commands 75 ip access-list 75 mac access-list 75 permit (ip 76 deny (IP 78 permit (MAC 80 deny (MAC 81 service-acl 82 show access-lists 83 show interfaces access-lists 84 Contents 5
Command Line Interface Guide
Page 36
... Address Table Commands Command Group Description Access Mode bridge address Adds a static MAC-layer station source address to VLAN forward-all Multicast frames to the VLAN bridge table. Configuration bridge multicast unregistered Configures the forwarding state of Multicast addresses. VLAN Configuration bridge multicast forbidden Enables forbidding forwarding of all Multicast frames on an interface. address Interface...
... Address Table Commands Command Group Description Access Mode bridge address Adds a static MAC-layer station source address to VLAN forward-all Multicast frames to the VLAN bridge table. Configuration bridge multicast unregistered Configures the forwarding state of Multicast addresses. VLAN Configuration bridge multicast forbidden Enables forbidding forwarding of all Multicast frames on an interface. address Interface...
Command Line Interface Guide
Page 41
... Enables automatic learning of Multicast router ports in VLAN the context of a specific VLAN. Configuration ip igmp snooping host-time-out Configures the host-time-out. VLAN Configuration ip igmp snooping mrouter-time-out Configures the mrouter-time-out. User EXEC Command Groups 41 Mode Global Configuration Interface Configuration Interface Configuration Interface Configuration Interface Configuration Privileged User EXEC User EXEC User EXEC...
... Enables automatic learning of Multicast router ports in VLAN the context of a specific VLAN. Configuration ip igmp snooping host-time-out Configures the host-time-out. VLAN Configuration ip igmp snooping mrouter-time-out Configures the mrouter-time-out. User EXEC Command Groups 41 Mode Global Configuration Interface Configuration Interface Configuration Interface Configuration Interface Configuration Privileged User EXEC User EXEC User EXEC...
Command Line Interface Guide
Page 57
... history size debug-mode show history show command Privileged without 'prompting'. All Displays the current privilege level. Access Mode Global Configuration VLAN Configuration Global Configuration Global Configuration Interface Configuration Command Groups 57 Enters the Interface Configuration (VLAN) mode. Configures a name to the All previous command mode. All Returns to debug. Closes an active terminal session by logging off the...
... history size debug-mode show history show command Privileged without 'prompting'. All Displays the current privilege level. Access Mode Global Configuration VLAN Configuration Global Configuration Global Configuration Interface Configuration Command Groups 57 Enters the Interface Configuration (VLAN) mode. Configures a name to the All previous command mode. All Returns to debug. Closes an active terminal session by logging off the...
Command Line Interface Guide
Page 58
... access vlan Configures the VLAN membership mode of the specified VLAN, and Interface vlan the VLAN ID is in general mode. Configuration switchport trunk allowed Adds or removes VLANs from a general port. Privileged User EXEC show interfaces switchport Displays switchport configuration. Interface Configuration switchport forbidden vlan Forbids adding specific VLANs to a named group of an interface. Interface Configuration switchport access vlan Configures the VLAN ID when...
... access vlan Configures the VLAN membership mode of the specified VLAN, and Interface vlan the VLAN ID is in general mode. Configuration switchport trunk allowed Adds or removes VLANs from a general port. Privileged User EXEC show interfaces switchport Displays switchport configuration. Interface Configuration switchport forbidden vlan Forbids adding specific VLANs to a named group of an interface. Interface Configuration switchport access vlan Configures the VLAN ID when...
Command Line Interface Guide
Page 59
... to configure the device. Global Configuration Command Groups 59 Global Configuration Enables the device to Global configure the device. voice vlan enable Enables automatic Voice VLAN configuration for the Voice VLAN. Global Configuration Configures a TCP port for user input before automatically loging off . voice vlan secure Configures the secure mode for a port. Voice VLAN Commands Command Group voice vlan id Description Enters the VLAN Configuration mode...
... to configure the device. Global Configuration Command Groups 59 Global Configuration Enables the device to Global configure the device. voice vlan enable Enables automatic Voice VLAN configuration for the Voice VLAN. Global Configuration Configures a TCP port for user input before automatically loging off . voice vlan secure Configures the secure mode for a port. Voice VLAN Commands Command Group voice vlan id Description Enters the VLAN Configuration mode...
Command Line Interface Guide
Page 62
... to be taken when a station of which Interface Config- VLAN Configuration dot1x multiple-hosts Allows multiple hosts (clients) on an 802.1X-authorized port with the dot1x port-control Interface Configuration mode command set to access the interface. (Ethernet) dot1x guest-vlan Defines a Guest VLAN. Interface Configuration dot1x traps macauthentication failure Enables sending traps when a MAC...
... to be taken when a station of which Interface Config- VLAN Configuration dot1x multiple-hosts Allows multiple hosts (clients) on an 802.1X-authorized port with the dot1x port-control Interface Configuration mode command set to access the interface. (Ethernet) dot1x guest-vlan Defines a Guest VLAN. Interface Configuration dot1x traps macauthentication failure Enables sending traps when a MAC...
Command Line Interface Guide
Page 74
... system mode service cpu-utilization show ip igmp snooping mrouter ip igmp snooping mrouter-time-out vlan Description Adds a static MAC-layer station source address to the bridge table. Displays the service id information. VC (VLAN Configuration) Mode Command bridge address bridge multicast address bridge multicast forbidden address bridge multicast forbidden forward-all...
... system mode service cpu-utilization show ip igmp snooping mrouter ip igmp snooping mrouter-time-out vlan Description Adds a static MAC-layer station source address to the bridge table. Displays the service id information. VC (VLAN Configuration) Mode Command bridge address bridge multicast address bridge multicast forbidden address bridge multicast forbidden forward-all...
Command Line Interface Guide
Page 451
... to be added. Example The following example enters the VLAN database mode. Console (config)# vlan database Console (config-vlan)# vlan Use the vlan VLAN Configuration mode command to delete a VLAN. Use the no default configuration. VLAN Commands vlan database The vlan database Global Configuration mode command enters the VLAN Database Configuration mode. List separate, non-consecutive VLAN IDs separated by commas (without spaces); Command Mode Global...
... to be added. Example The following example enters the VLAN database mode. Console (config)# vlan database Console (config-vlan)# vlan Use the vlan VLAN Configuration mode command to delete a VLAN. Use the no default configuration. VLAN Commands vlan database The vlan database Global Configuration mode command enters the VLAN Database Configuration mode. List separate, non-consecutive VLAN IDs separated by commas (without spaces); Command Mode Global...
Command Line Interface Guide
Page 452
.... Console (config)# vlan database Console (config-vlan)# vlan 1972 interface vlan The interface vlan Global Configuration mode command enters the Interface Configuration (VLAN) mode. Default Configuration This command has no default configuration. The ID of 131.108.1.27 and subnet mask 255.255.255.0. Command Mode Global Configuration mode. Example The following example VLAN number 1972 is created. Command Mode VLAN Configuration mode. Example...
.... Console (config)# vlan database Console (config-vlan)# vlan 1972 interface vlan The interface vlan Global Configuration mode command enters the Interface Configuration (VLAN) mode. Default Configuration This command has no default configuration. The ID of 131.108.1.27 and subnet mask 255.255.255.0. Command Mode Global Configuration mode. Example The following example VLAN number 1972 is created. Command Mode VLAN Configuration mode. Example...
Command Line Interface Guide
Page 461
... a protocol from a group. Protocol groups are used for this command. The protocol is in customer mode. Command Mode VLAN Configuration mode. Syntax • map protocol protocol [encapsulation] protocols-group group • no default configuration. The protocol number is a 16 or 40 bits protocol number or one of the following names; Command Modes Interface...
... a protocol from a group. Protocol groups are used for this command. The protocol is in customer mode. Command Mode VLAN Configuration mode. Syntax • map protocol protocol [encapsulation] protocols-group group • no default configuration. The protocol number is a 16 or 40 bits protocol number or one of the following names; Command Modes Interface...
Command Line Interface Guide
Page 472
... is a telephony MAC address (defined by the Voice VLAN aging-timeout Global Configuration command), the port is added to disable automatic Voice VLAN configuration. NOTE: The packet VLAN ID can be the Voice VLAN ID, or any other VLAN. User Guidelines • There are no voice vlan enable Default Configuration Automatic Voice VLAN configuration disabled. User Guidelines • The port is...
... is a telephony MAC address (defined by the Voice VLAN aging-timeout Global Configuration command), the port is added to disable automatic Voice VLAN configuration. NOTE: The packet VLAN ID can be the Voice VLAN ID, or any other VLAN. User Guidelines • There are no voice vlan enable Default Configuration Automatic Voice VLAN configuration disabled. User Guidelines • The port is...
Command Line Interface Guide
Page 474
Default Configuration OUI 0001e3 00036b 000fe2 0060b9 00d01e 00e075 00e0bb Description Siemens_AG_phone Cisco_phone H3C_Aolynk Philips_and_NEC_AG_ph one Pingtel_phone Polycom/Veritel_phone 3Com_phone Command Mode EXEC mode. Console # show voice vlan Aging timeout: 1440 minutes OUI table MAC Address-Prefix... Cisco_phone H3C_Aolynk Philips_and_NEC_AG_phone Pingtel_phone___________ Polycom/Veritel_phone___ Com_phone 474 Voice VLAN Example The following example displays the Voice VLAN configuration. User Guidelines • There are no user guidelines for this command.
Default Configuration OUI 0001e3 00036b 000fe2 0060b9 00d01e 00e075 00e0bb Description Siemens_AG_phone Cisco_phone H3C_Aolynk Philips_and_NEC_AG_ph one Pingtel_phone Polycom/Veritel_phone 3Com_phone Command Mode EXEC mode. Console # show voice vlan Aging timeout: 1440 minutes OUI table MAC Address-Prefix... Cisco_phone H3C_Aolynk Philips_and_NEC_AG_phone Pingtel_phone___________ Polycom/Veritel_phone___ Com_phone 474 Voice VLAN Example The following example displays the Voice VLAN configuration. User Guidelines • There are no user guidelines for this command.
Command Line Interface Guide
Page 505
... auth-not-req The dot1x auth-not-req VLAN Configuration mode command enables unauthorized users access to that have been received by this command to disable the access. Use the no arguments or keywords. Command Mode Interface Configuration (VLAN) mode. User Guidelines • An access ...a member in Unauthorized state). console config-if(Config-VLAN)# dot1x auth-not-req 802.1x Commands 505 Default Configuration User should be accepted in an unauthenticated VLAN. • The native VLAN of a trunk port cannot be an unauthenticated VLAN. • For a general port, the PVID can...
... auth-not-req The dot1x auth-not-req VLAN Configuration mode command enables unauthorized users access to that have been received by this command to disable the access. Use the no arguments or keywords. Command Mode Interface Configuration (VLAN) mode. User Guidelines • An access ...a member in Unauthorized state). console config-if(Config-VLAN)# dot1x auth-not-req 802.1x Commands 505 Default Configuration User should be accepted in an unauthenticated VLAN. • The native VLAN of a trunk port cannot be an unauthenticated VLAN. • For a general port, the PVID can...
Command Line Interface Guide
Page 508
... unauthorized users on an interface an access to the Guest VLAN. Syntax • dot1x guest-vlan enable • no form of this functionality, the port should not be statically a member in the switch, defined by the dot1x guest-vlan interface VLAN configuration command. If the Guest VLAN is defined and enabled, the port automatically joins the...
... unauthorized users on an interface an access to the Guest VLAN. Syntax • dot1x guest-vlan enable • no form of this functionality, the port should not be statically a member in the switch, defined by the dot1x guest-vlan interface VLAN configuration command. If the Guest VLAN is defined and enabled, the port automatically joins the...
Command Line Interface Guide
Page 511
... dot1x advanced [ethernet interface] • interface - • After successful authentication the port remains member in the unauthenticated VLANs and in the Guest VLAN. Other static VLAN configuration is not applied on the port. • If the supplicant VLAN does not exist on the switch, the supplicant is rejected. User Guidelines • There are no default...
... dot1x advanced [ethernet interface] • interface - • After successful authentication the port remains member in the unauthenticated VLANs and in the Guest VLAN. Other static VLAN configuration is not applied on the port. • If the supplicant VLAN does not exist on the switch, the supplicant is rejected. User Guidelines • There are no default...
User's Guide
Page 244
... MAC based authentication only. - 802.1x & MAC - If the Radius Accept Message doesn't contain the supplicant's VLAN, the supplicant is performed using a Guest VLAN for this field specifies which VLAN the guest will belong to the VLAN configured on the device. - If the port is not authenticated, then no authentication method is used, and the...
... MAC based authentication only. - 802.1x & MAC - If the Radius Accept Message doesn't contain the supplicant's VLAN, the supplicant is performed using a Guest VLAN for this field specifies which VLAN the guest will belong to the VLAN configured on the device. - If the port is not authenticated, then no authentication method is used, and the...
User's Guide
Page 245
... request are added to the port. - If a response is not received after the defined period, the authentication process is not applied to the supplicant VLAN as untagged. - Static VLAN configuration is restarted. The following a failed authentication exchange. Permits immediate port reauthentication, when selected. • Authentication Server Timeout (1-65535) - The field default is 0-65535...
... request are added to the port. - If a response is not received after the defined period, the authentication process is not applied to the supplicant VLAN as untagged. - Static VLAN configuration is restarted. The following a failed authentication exchange. Permits immediate port reauthentication, when selected. • Authentication Server Timeout (1-65535) - The field default is 0-65535...
User's Guide
Page 343
...-------Disabled Enabled Timers Leave (milliseconds) Join 200 900 200 600 Leave All ----10000 10000 Configuring Voice VLANs Voice VLAN allows network administrators enhance VoIP service by configuring ports to VoIP, ensuring that the quality of the CLI commands: console(config)# gvrp enable...registration-forbid console(config-if)# end console# show gvrp configuration GVRP Feature is received unevenly. Configuring Device Information 343 VoIP traffic has a preconfigured OUI prefix in auto Voice VLAN secure mode. Voice VLAN also provides QoS to carry IP voice traffic from IP...
...-------Disabled Enabled Timers Leave (milliseconds) Join 200 900 200 600 Leave All ----10000 10000 Configuring Voice VLANs Voice VLAN allows network administrators enhance VoIP service by configuring ports to VoIP, ensuring that the quality of the CLI commands: console(config)# gvrp enable...registration-forbid console(config-if)# end console# show gvrp configuration GVRP Feature is received unevenly. Configuring Device Information 343 VoIP traffic has a preconfigured OUI prefix in auto Voice VLAN secure mode. Voice VLAN also provides QoS to carry IP voice traffic from IP...
User's Guide
Page 345
... - Enables adding a CoS tag to disable automatic voice VLAN configuration. Table 7-33. Reassigns the CoS tag value to configure the voice VLAN ID, use the voice vlan cos command in global configuration mode. Configuring Voice VLAN global parameters: 1 Open the Voice VLAN Global Parameters page. 2 Complete the fields on the voice VLAN. To return to default, use the no voice...
... - Enables adding a CoS tag to disable automatic voice VLAN configuration. Table 7-33. Reassigns the CoS tag value to configure the voice VLAN ID, use the voice vlan cos command in global configuration mode. Configuring Voice VLAN global parameters: 1 Open the Voice VLAN Global Parameters page. 2 Complete the fields on the voice VLAN. To return to default, use the no voice...