Command Line Interface Guide
Page 73
...terminal session by the physical interface. show interfaces description Displays the description for all the maps for IP. show hosts Displays the default domain name, a list of name server hosts, the static and the cached list of the egress queues. show lacp ethernet ...Displays all configured interfaces. UE (User EXEC) Mode Command Description clear counters Clears statistics on the network. login Changes a login username. ping Sends ICMP echo request packets to select one of host names and addresses. show interfaces counters Displays traffic seen by logging ...
...terminal session by the physical interface. show interfaces description Displays the description for all the maps for IP. show hosts Displays the default domain name, a list of name server hosts, the static and the cached list of the egress queues. show lacp ethernet ...Displays all configured interfaces. UE (User EXEC) Mode Command Description clear counters Clears statistics on the network. login Changes a login username. ping Sends ICMP echo request packets to select one of host names and addresses. show interfaces counters Displays traffic seen by logging ...
Command Line Interface Guide
Page 85
... defined. Use the no form of authentication methods activated when a user logs in . • list-name - Character string used to the default configuration. AAA Commands 85 local Uses the local username database for authentication. tacacs Uses the list of methods when a user logs in . • method1 [method2...] - line Uses the line password...
... defined. Use the no form of authentication methods activated when a user logs in . • list-name - Character string used to the default configuration. AAA Commands 85 local Uses the local username database for authentication. tacacs Uses the list of methods when a user logs in . • method1 [method2...] - line Uses the line password...
Command Line Interface Guide
Page 86
...line none radius tacacs Source or destination Uses the enable password for authentication. Uses the list of this list. Uses username "$enabx$." User Guidelines • The default and optional list names created with the login authentication command. • Create a list by entering the aaa authentication ... higher privilege levels. • list-name - Use the no form of all methods return an error, specify none as the default list of all TACACS+ servers for authentication. The method argument identifies the list of methods that the authentication succeeds even if all ...
...line none radius tacacs Source or destination Uses the enable password for authentication. Uses the list of this list. Uses username "$enabx$." User Guidelines • The default and optional list names created with the login authentication command. • Create a list by entering the aaa authentication ... higher privilege levels. • list-name - Use the no form of all methods return an error, specify none as the default list of all TACACS+ servers for authentication. The method argument identifies the list of methods that the authentication succeeds even if all ...
Command Line Interface Guide
Page 87
.... • All aaa authentication enable default requests sent by entering the aaa authentication enable list-name method command where list-name is used to name this command to return to a RADIUS or TACACS server include the username "$enab15$". On the console, the enable... password is any character string used if it fails. Console (config)# aaa authentication enable default enable login authentication The login authentication Line Configuration mode command specifies...
.... • All aaa authentication enable default requests sent by entering the aaa authentication enable list-name method command where list-name is used to name this command to return to a RADIUS or TACACS server include the username "$enab15$". On the console, the enable... password is any character string used if it fails. Console (config)# aaa authentication enable default enable login authentication The login authentication Line Configuration mode command specifies...
Command Line Interface Guide
Page 89
...ip http authentication tacacs local ip https authentication The ip https authentication Global Configuration mode command specifies authentication methods for http. Default Configuration The local user database is checked. This has the same effect as the final method in the command line....from the following example configures the http authentication. Example The following table: Keyword Source or destination local Uses the local username database for authentication. AAA Commands 89 User Guidelines • The additional methods of authentication are used only if the...
...ip http authentication tacacs local ip https authentication The ip https authentication Global Configuration mode command specifies authentication methods for http. Default Configuration The local user database is checked. This has the same effect as the final method in the command line....from the following example configures the http authentication. Example The following table: Keyword Source or destination local Uses the local username database for authentication. AAA Commands 89 User Guidelines • The additional methods of authentication are used only if the...
Command Line Interface Guide
Page 90
... authentication. Console (config)# ip https authentication radius local Console (config)# ip https authentication tacacs local show authentication methods Default Configuration This command has no default configuration. 90 AAA Commands Default Configuration The local user database is checked. Syntax • show authentication methods The authentication methods Privilege EXEC mode command...the following example configures https authentication. Example The following table: Keyword local none radius tacacs Source or destination Uses the local username database for authentication.
... authentication. Console (config)# ip https authentication radius local Console (config)# ip https authentication tacacs local show authentication methods Default Configuration This command has no default configuration. 90 AAA Commands Default Configuration The local user database is checked. Syntax • show authentication methods The authentication methods Privilege EXEC mode command...the following example configures https authentication. Example The following table: Keyword local none radius tacacs Source or destination Uses the local username database for authentication.
Command Line Interface Guide
Page 93
... 1 -15) • encrypted - Use the no username name • name - Syntax • username name [password password] [level level] [encrypted] • no form of the user. (Range: 1 - 20 characters) • password - Default Configuration No user is required. Command Mode Global Configuration mode.... Console (config)# username bob password lee level 15 AAA Commands 93 Example The following example configures user "bob" with the...
... 1 -15) • encrypted - Use the no username name • name - Syntax • username name [password password] [level level] [encrypted] • no form of the user. (Range: 1 - 20 characters) • password - Default Configuration No user is required. Command Mode Global Configuration mode.... Console (config)# username bob password lee level 15 AAA Commands 93 Example The following example configures user "bob" with the...
Command Line Interface Guide
Page 94
Command Mode Privileged EXEC mode. Console# show users accounts Privileged EXEC mode command displays information about the local user database. Robert 15 -- -- -- 94 AAA Commands Example The following example displays the local users configured with access to the system. Syntax • show users accounts Default Configuration This command has no user guidelines for this command. User Guidelines • There are no default configuration. show users accounts The show users accounts Username Privilege Password Aging Password Expiry Date Lockout Bob 15 -- -- --
Command Mode Privileged EXEC mode. Console# show users accounts Privileged EXEC mode command displays information about the local user database. Robert 15 -- -- -- 94 AAA Commands Example The following example displays the local users configured with access to the system. Syntax • show users accounts Default Configuration This command has no user guidelines for this command. User Guidelines • There are no default configuration. show users accounts The show users accounts Username Privilege Password Aging Password Expiry Date Lockout Bob 15 -- -- --
Command Line Interface Guide
Page 336
... mode. Each byte in the MIB. The user should enter password. • password - Use the no snmp-server user username [remote engineid-string ] • username - The name of the user on the host that maps SNMP users to 30 characters) • remote engineid-string - ... string. The name of the command to remove a user. The user should enter password. • auth-sha - Default Configuration No group entry exists. Syntax • snmp-server user username groupname [remote engineid-string ] [ auth-md5 password | auth-sha password | auth-md5-key md5-des-keys |...
... mode. Each byte in the MIB. The user should enter password. • password - Use the no snmp-server user username [remote engineid-string ] • username - The name of the user on the host that maps SNMP users to 30 characters) • remote engineid-string - ... string. The name of the command to remove a user. The user should enter password. • auth-sha - Default Configuration No group entry exists. Syntax • snmp-server user username groupname [remote engineid-string ] [ auth-md5 password | auth-sha password | auth-md5-key md5-des-keys |...
Command Line Interface Guide
Page 338
... (the targeted recipient). Indicates that SNMP traps are sent to wait for an acknowledgment before resending informs. If unspecified, the default timeout period is a Link Local address (IPv6Z address), the outgoing interface name must be specified. Specifies the name of seconds... priv} [udp-port port] [filter filtername] [timeout seconds] [retries retries] • no snmp-server v3-host {ip4-address | ip6-address | hostname} username [traps | informs] • ip4-address - The host IPv4 address (the targeted recipient). • ip6-address - When the IPv6 address is 15 seconds. (...
... (the targeted recipient). Indicates that SNMP traps are sent to wait for an acknowledgment before resending informs. If unspecified, the default timeout period is a Link Local address (IPv6Z address), the outgoing interface name must be specified. Specifies the name of seconds... priv} [udp-port port] [filter filtername] [timeout seconds] [retries retries] • no snmp-server v3-host {ip4-address | ip6-address | hostname} username [traps | informs] • ip4-address - The host IPv4 address (the targeted recipient). • ip6-address - When the IPv6 address is 15 seconds. (...
Command Line Interface Guide
Page 342
...command. Version 1,2 notifications Target Address Type Community Version UDP Port Filter name TO sec Retries Version 3 notifications Target Address Type Username Security UDP Port Filter Level name System Contact: TO sec Retries System Location: console# show snmp views The show snmp ... viewname - The name of views. Example The following example displays the SNMP communications status. . Range: Up to 30 characters Default Configuration There is enabled. User Guidelines • There are enabled. Syntax • show snmp views Privileged EXEC mode command displays...
...command. Version 1,2 notifications Target Address Type Community Version UDP Port Filter name TO sec Retries Version 3 notifications Target Address Type Username Security UDP Port Filter Level name System Contact: TO sec Retries System Location: console# show snmp views The show snmp ... viewname - The name of views. Example The following example displays the SNMP communications status. . Range: Up to 30 characters Default Configuration There is enabled. User Guidelines • There are enabled. Syntax • show snmp views Privileged EXEC mode command displays...
Command Line Interface Guide
Page 345
...displays the configuration of groups use the show snmp filters Privileged EXEC command. Range: Up to 30 character Default Configuration There is no default configuration for this command. User Guidelines • There are no user guidelines for this command. Command Modes... users To display the configuration of filters use the show snmp users [username] • usernam - SNMP Commands 345 Syntax • show snmp users Privileged EXEC command. Default Configuration There is no default configuration for this command. The name of the user. User Guidelines •...
...displays the configuration of groups use the show snmp filters Privileged EXEC command. Range: Up to 30 character Default Configuration There is no default configuration for this command. User Guidelines • There are no user guidelines for this command. Command Modes... users To display the configuration of filters use the show snmp users [username] • usernam - SNMP Commands 345 Syntax • show snmp users Privileged EXEC command. Default Configuration There is no default configuration for this command. The name of the user. User Guidelines •...
Command Line Interface Guide
Page 381
...the key-string command to 48 characters long. • rsa - Syntax • user-key username {rsa | dsa} • no keys. Specify SSH public key row by OpenSSH. Default Configuration By default, the keys do not exist. SSH Commands 381 DSA key. Syntax • key-string row... key-string The key-string SSH Public Key-String Configuration mode command manually specifies a SSH public key. Default Configuration By default, there are no user-key username • username - Example The following example enables a SSH public key to be up to specify the key. UU-...
...the key-string command to 48 characters long. • rsa - Syntax • user-key username {rsa | dsa} • no keys. Specify SSH public key row by OpenSSH. Default Configuration By default, the keys do not exist. SSH Commands 381 DSA key. Syntax • key-string row... key-string The key-string SSH Public Key-String Configuration mode command manually specifies a SSH public key. Default Configuration By default, there are no user-key username • username - Example The following example enables a SSH public key to be up to specify the key. UU-...
Command Line Interface Guide
Page 383
... key was generated. Active incoming sessions: IP address SSH Version username Cipher 172.16.0.1 John Brown 2.0 3 DES Auth Code ---------HMAC-SH1 The following example displays the SSH server configuration. DSA (DSS) key was generated. User Guidelines • There are no default configuration. Default Configuration This command has no user guidelines for this command...
... key was generated. Active incoming sessions: IP address SSH Version username Cipher 172.16.0.1 John Brown 2.0 3 DES Auth Code ---------HMAC-SH1 The following example displays the SSH server configuration. DSA (DSS) key was generated. User Guidelines • There are no default configuration. Default Configuration This command has no user guidelines for this command...
Command Line Interface Guide
Page 385
...Privileged EXEC mode. Specifies the remote SSH client username. • bubble-babble - If fingerprint is unspecified, it defaults to Hex format. User Guidelines • There are no default configuration. Console# show crypto key pubkey-chain ssh Username Fingerprint bob 9A:CC:01:C5:78:39:...-chain ssh Privileged EXEC mode command displays SSH public keys stored on the device. Default Configuration This command has no user guidelines for this command. Syntax • show crypto key pubkey-chain ssh username bob Username: bob Key: 005C300D 06092A86 SSH Commands 385
...Privileged EXEC mode. Specifies the remote SSH client username. • bubble-babble - If fingerprint is unspecified, it defaults to Hex format. User Guidelines • There are no default configuration. Console# show crypto key pubkey-chain ssh Username Fingerprint bob 9A:CC:01:C5:78:39:...-chain ssh Privileged EXEC mode command displays SSH public keys stored on the device. Default Configuration This command has no user guidelines for this command. Syntax • show crypto key pubkey-chain ssh username bob Username: bob Key: 005C300D 06092A86 SSH Commands 385
Command Line Interface Guide
Page 412
...] to return to other device. 2 In the other device syntax, press Cntrl-shift-t-X 3 Enter the command show session. Example Console> show users Username Bob John Robert Betty Protocol Serial SSH HTTP Telnet Location 172.16.0.1 172.16.0.8 172.16.1.7 show sessions The show sessions This command has no... for this command. Command Mode User EXEC mode. User Guidelines • There are no user guidelines for this command. Default Configuration There is displayed. 4 Enter the command resume [number of sessions opened from PC 5400 to the relevant telnet session. 412 System Management ...
...] to return to other device. 2 In the other device syntax, press Cntrl-shift-t-X 3 Enter the command show session. Example Console> show users Username Bob John Robert Betty Protocol Serial SSH HTTP Telnet Location 172.16.0.1 172.16.0.8 172.16.1.7 show sessions The show sessions This command has no... for this command. Command Mode User EXEC mode. User Guidelines • There are no user guidelines for this command. Default Configuration There is displayed. 4 Enter the command resume [number of sessions opened from PC 5400 to the relevant telnet session. 412 System Management ...
Command Line Interface Guide
Page 424
... configures the aging time of the user. (Range: 1 - 20 characteres) • level - Syntax • passwords aging username name days • no passwords aging username name • passwords aging enable-password level days • no password-aging • days - The name of... - 365) 424 TIC Commands The level for another 3 times. • 10 days before a password change is forced. (Range: 1-365) Default Configuration Password aging is generated. The number of this command. To disable password expiration time use the no form of days before expiration a syslog message...
... configures the aging time of the user. (Range: 1 - 20 characteres) • level - Syntax • passwords aging username name days • no passwords aging username name • passwords aging enable-password level days • no password-aging • days - The name of... - 365) 424 TIC Commands The level for another 3 times. • 10 days before a password change is forced. (Range: 1-365) Default Configuration Password aging is generated. The number of this command. To disable password expiration time use the no form of days before expiration a syslog message...
Command Line Interface Guide
Page 425
... in the local database can be reused. To remove the requirement use the no passwords history • number - TIC Commands 425 Default Configuration Password aging is disabled. User Guidelines • The aging time is generated. Syntax • passwords history number • no... form of password changes before a password can be reused. (Range: 1-10). Console (config)# passwords aging username 40 passwords history The passwords history Global Configuration mode command configures the number of global passwords. The number of this command. Command Mode...
... in the local database can be reused. To remove the requirement use the no passwords history • number - TIC Commands 425 Default Configuration Password aging is disabled. User Guidelines • The aging time is generated. Syntax • passwords history number • no... form of password changes before a password can be reused. (Range: 1-10). Console (config)# passwords aging username 40 passwords history The passwords history Global Configuration mode command configures the number of global passwords. The number of this command. Command Mode...
Command Line Interface Guide
Page 427
... from local console. • A user that has privilege level 15 can release accounts that are locked out by using the set username active, 'set enable-password active' and 'set line active' privileged EXEC commands. • Disabling lockout unlocks all users. •...login-history file • no form of this command. Syntax • passwords lockout number • no passwords lockout • number - Default Configuration Lockout is relevant to login history file. TIC Commands 427 Command Mode Global Configuration mode. User Guidelines • The setting is disabled. ...
... from local console. • A user that has privilege level 15 can release accounts that are locked out by using the set username active, 'set enable-password active' and 'set line active' privileged EXEC commands. • Disabling lockout unlocks all users. •...login-history file • no form of this command. Syntax • passwords lockout number • no passwords lockout • number - Default Configuration Lockout is relevant to login history file. TIC Commands 427 Command Mode Global Configuration mode. User Guidelines • The setting is disabled. ...
Command Line Interface Guide
Page 428
... login history is still kept in the device internal buffer. The user name. (Range 1 - 20 characters) Default Configuration This command has no default configuration. 428 TIC Commands Console (config)# aaa login-history file set username active The set username name active • name - Syntax • set line active Privileged EXEC mode command reactivates a locked...
... login history is still kept in the device internal buffer. The user name. (Range 1 - 20 characters) Default Configuration This command has no default configuration. 428 TIC Commands Console (config)# aaa login-history file set username active The set username name active • name - Syntax • set line active Privileged EXEC mode command reactivates a locked...