Command Line Interface Guide
Page 5
Web Server Commands 59 802.1x Commands 60 802.1x Advanced Commands 62 3 Command Modes 63 GC (Global Configuration) Mode 63 IC (Interface Configuration) Mode 67 LC (Line Configuration) Mode 70 MA (Management Access-level) Mode 70 PE (Privileged User EXEC) Mode 70 SP (SSH Public Key) Mode 72 UE (User EXEC) Mode 73 VC (VLAN Configuration) Mode 74 4 ACL Commands 75 ip access-list 75 mac access-list 75 permit (ip 76 deny (IP 78 permit (MAC 80 deny (MAC 81 service-acl 82 show access-lists 83 show interfaces access-lists 84 Contents 5
Web Server Commands 59 802.1x Commands 60 802.1x Advanced Commands 62 3 Command Modes 63 GC (Global Configuration) Mode 63 IC (Interface Configuration) Mode 67 LC (Line Configuration) Mode 70 MA (Management Access-level) Mode 70 PE (Privileged User EXEC) Mode 70 SP (SSH Public Key) Mode 72 UE (User EXEC) Mode 73 VC (VLAN Configuration) Mode 74 4 ACL Commands 75 ip access-list 75 mac access-list 75 permit (ip 76 deny (IP 78 permit (MAC 80 deny (MAC 81 service-acl 82 show access-lists 83 show interfaces access-lists 84 Contents 5
Command Line Interface Guide
Page 18
show (mst 360 exit (mst 361 abort (mst 361 spanning-tree pathcost method 362 spanning-tree bpdu 362 clear spanning-tree detected-protocols 363 show spanning-tree 364 Spanning-tree guard root 376 29 SSH Commands 377 ip ssh port 377 ip ssh server 377 crypto key generate dsa 378 crypto key generate rsa 379 ip ssh pubkey-auth 379 crypto key pubkey-chain ssh 380 user-key 380 key-string 381 show ip ssh 382 show crypto key mypubkey 384 show crypto key pubkey-chain ssh 385 30 Syslog Commands 387 logging on 387 logging 387 logging console 389 logging buffered 389 18 Contents
show (mst 360 exit (mst 361 abort (mst 361 spanning-tree pathcost method 362 spanning-tree bpdu 362 clear spanning-tree detected-protocols 363 show spanning-tree 364 Spanning-tree guard root 376 29 SSH Commands 377 ip ssh port 377 ip ssh server 377 crypto key generate dsa 378 crypto key generate rsa 379 ip ssh pubkey-auth 379 crypto key pubkey-chain ssh 380 user-key 380 key-string 381 show ip ssh 382 show crypto key mypubkey 384 show crypto key pubkey-chain ssh 385 30 Syslog Commands 387 logging on 387 logging 387 logging console 389 logging buffered 389 18 Contents
Command Line Interface Guide
Page 28
...is used to enter the VLAN Database Interface Configuration mode. • Management Access List - Contains commands to manually specify other device SSH public keys. Contains commands to manage port configuration. The Global Configuration mode command qos config-services is used to enter the Interface...same as the commands in the Ethernet interface mode, and are used to enter the Port Channel Interface Configuration mode. • SSH Public Key-chain - The Global Configuration mode command interface ethernet is managed by entering command keywords and parameters at the prompt. ...
...is used to enter the VLAN Database Interface Configuration mode. • Management Access List - Contains commands to manually specify other device SSH public keys. Contains commands to manage port configuration. The Global Configuration mode command qos config-services is used to enter the Interface...same as the commands in the Ethernet interface mode, and are used to enter the Port Channel Interface Configuration mode. • SSH Public Key-chain - The Global Configuration mode command interface ethernet is managed by entering command keywords and parameters at the prompt. ...
Command Line Interface Guide
Page 34
... Banner Commands Management ACL Commands PHY Diagnostics Commands Port Channel Commands Port Monitor Commands QoS Commands RADIUS Commands RMON Commands SNMP Commands Spanning Tree Commands SSH Commands Syslog Commands System Management Commands TACACS Commands TIC Commands Tunnel Commands User Interface Commands VLAN Commands Voice VLAN Commands Web Server Commands 802.1x... manages IP addresses on specific target ports. Monitors activity on the device. Configures and displays QoS information. Configures and reports on Spanning Tree protocol Configures SSH authentication.
... Banner Commands Management ACL Commands PHY Diagnostics Commands Port Channel Commands Port Monitor Commands QoS Commands RADIUS Commands RMON Commands SNMP Commands Spanning Tree Commands SSH Commands Syslog Commands System Management Commands TACACS Commands TIC Commands Tunnel Commands User Interface Commands VLAN Commands Voice VLAN Commands Web Server Commands 802.1x... manages IP addresses on specific target ports. Monitors activity on the device. Configures and displays QoS information. Configures and reports on Spanning Tree protocol Configures SSH authentication.
Command Line Interface Guide
Page 53
... on logging logging console logging buffered Description Controls error messages logging. Global Configuration Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command. SSH Public Key Manually specifies a SSH public key. SSH Commands Command Group ip ssh port ip ssh server crypto key generate dsa crypto key generate rsa ip...
... on logging logging console logging buffered Description Controls error messages logging. Global Configuration Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command. SSH Public Key Manually specifies a SSH public key. SSH Commands Command Group ip ssh port ip ssh server crypto key generate dsa crypto key generate rsa ip...
Command Line Interface Guide
Page 63
... multicast unregistered clock timezone clock summer-time crypto certificate generate crypto certificate import crypto key generate dsa crypto key generate rsa crypto key pubkey-chain ssh Description Defines authentication method lists for the system clock. Generates RSA key pairs. Specifies and enables a message to summer time (daylight saving time). ...asset-tag. Configures how long an entry remains in the ARP cache. Configures the forwarding state of unregistered multicast addresses. Generates a HTTPS certificate. Enters SSH Public Key-chain configuration mode.
... multicast unregistered clock timezone clock summer-time crypto certificate generate crypto certificate import crypto key generate dsa crypto key generate rsa crypto key pubkey-chain ssh Description Defines authentication method lists for the system clock. Generates RSA key pairs. Specifies and enables a message to summer time (daylight saving time). ...asset-tag. Configures how long an entry remains in the ARP cache. Configures the forwarding state of unregistered multicast addresses. Generates a HTTPS certificate. Enters SSH Public Key-chain configuration mode.
Command Line Interface Guide
Page 64
...ip https authentication ip https certificate ip https server ip https port ip igmp snooping (Global) ip name-server ip ssh port ip ssh pubkey-auth Enables 802.1x globally. Enters the Interface Configuration mode to complete unqualified host names. Enters the Interface ...cache. Enters the Interface Configuration mode to be configured from a browser. Defines a default gateway. Specifies authentication methods for incoming SSH sessions. 64 Command Modes Specifies authentication methods for https Configures the active certificate for use by a secure web browser to be used...
...ip https authentication ip https certificate ip https server ip https port ip igmp snooping (Global) ip name-server ip ssh port ip ssh pubkey-auth Enables 802.1x globally. Enters the Interface Configuration mode to complete unqualified host names. Enters the Interface ...cache. Enters the Interface Configuration mode to be configured from a browser. Defines a default gateway. Specifies authentication methods for incoming SSH sessions. 64 Command Modes Specifies authentication methods for https Configures the active certificate for use by a secure web browser to be used...
Command Line Interface Guide
Page 65
... logged to the logging file based on severity. Controls error messages logging. Enables the egress queues to be configured from a SSH server. Command Modes 65 Changes the number of service (QoS) on login authentication management access-class management access-list port jumbo...error messages. Specifies a RADIUS server host. Enables jumbo frames for all RADIUS communications between the router and the RADIUS daemon. ip ssh server ipv6 default-gateway ipv6 host ipv6 icmp error-interval ipv6 neighbor lacp system-priority line logging logging buffered logging buffered size logging ...
... logged to the logging file based on severity. Controls error messages logging. Enables the egress queues to be configured from a SSH server. Command Modes 65 Changes the number of service (QoS) on login authentication management access-class management access-list port jumbo...error messages. Specifies a RADIUS server host. Enables jumbo frames for all RADIUS communications between the router and the RADIUS daemon. ip ssh server ipv6 default-gateway ipv6 host ipv6 icmp error-interval ipv6 neighbor lacp system-priority line logging logging buffered logging buffered size logging ...
Command Line Interface Guide
Page 71
...system clock. show bridge multicast address- show authentication methods Displays information about the authentication methods. show crypto key pubkey-chain Displays SSH public keys stored on specified ports. show copper-ports tdr Displays the last TDR (Time Domain Reflectometry) tests on the ... table information. crypto certificate request Generates and displays certificate requests for a specified interface. show crypto key mypubkey Displays the SSH public keys stored on an 802.1X-authorized port, that was suspended by the system. show bridge address-table count Displays...
...system clock. show bridge multicast address- show authentication methods Displays information about the authentication methods. show crypto key pubkey-chain Displays SSH public keys stored on specified ports. show copper-ports tdr Displays the last TDR (Time Domain Reflectometry) tests on the ... table information. crypto certificate request Generates and displays certificate requests for a specified interface. show crypto key mypubkey Displays the SSH public keys stored on an 802.1X-authorized port, that was suspended by the system. show bridge address-table count Displays...
Command Line Interface Guide
Page 72
... statistics for a port-channel. show radius-servers Displays the RADIUS server settings. Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command 72 Command Modes show management access-list Displays management access-lists....the usability status of the IPv6 routing table. show ports security Displays the port-lock status. show ip ssh Displays the SSH server configuration. show fiber-ports opticaltransceiver Displays the optical transceiver diagnostics. show startup-config Displays the startup ...
... statistics for a port-channel. show radius-servers Displays the RADIUS server settings. Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command 72 Command Modes show management access-list Displays management access-lists....the usability status of the IPv6 routing table. show ports security Displays the port-lock status. show ip ssh Displays the SSH server configuration. show fiber-ports opticaltransceiver Displays the optical transceiver diagnostics. show startup-config Displays the startup ...
Command Line Interface Guide
Page 87
.... Console (config)# aaa authentication enable default enable login authentication The login authentication Line Configuration mode command specifies the login authentication method list for a remote telnet, SSH or console. Use the no login authentication • default - Default Configuration Uses the default set , the process still succeeds. This has the same effect as...
.... Console (config)# aaa authentication enable default enable login authentication The login authentication Line Configuration mode command specifies the login authentication method list for a remote telnet, SSH or console. Use the no login authentication • default - Default Configuration Uses the default set , the process still succeeds. This has the same effect as...
Command Line Interface Guide
Page 88
User Guidelines • Changing login authentication from a remote telnet, SSH or console. Default Configuration Uses the default set with the authentication enable command. • list-name - Use the no form of this command. Uses the ...
User Guidelines • Changing login authentication from a remote telnet, SSH or console. Default Configuration Uses the default set with the authentication enable command. • list-name - Use the no form of this command. Uses the ...
Command Line Interface Guide
Page 91
Command Mode Privileged EXEC mode. Console# show authentication methods Login Authentication Method Lists Console_Default: None Network_Default: Local Enable Authentication Method Lists Console_Default: Enable None Network_Default: Enable Line Console Telnet SSH Login Method List Default Default Default Enable Method List Default Default Default http https dot1x : Tacacs Local : Tacacs Local : AAA Commands 91 Example The following example displays the authentication configuration. User Guidelines • There are no user guidelines for this command.
Command Mode Privileged EXEC mode. Console# show authentication methods Login Authentication Method Lists Console_Default: None Network_Default: Local Enable Authentication Method Lists Console_Default: Enable None Network_Default: Enable Line Console Telnet SSH Login Method List Default Default Default Enable Method List Default Default Default http https dot1x : Tacacs Local : Tacacs Local : AAA Commands 91 Example The following example displays the authentication configuration. User Guidelines • There are no user guidelines for this command.
Command Line Interface Guide
Page 122
Device> show motd Console: Enabled Telnet: Enabled SSH: Enabled MOTD Message $(bold)Upgrade$(bold) to all devices begins at March 12 122 Login Banner User Guidelines • There are no user guidelines for this command. Example The following example displays the banners configuration.
Device> show motd Console: Enabled Telnet: Enabled SSH: Enabled MOTD Message $(bold)Upgrade$(bold) to all devices begins at March 12 122 Login Banner User Guidelines • There are no user guidelines for this command. Example The following example displays the banners configuration.
Command Line Interface Guide
Page 247
...; console - Line Commands line The line Global Configuration mode command identifies a specific line for remote console access (Telnet). • ssh - Default Configuration This command has no user guidelines for remote console access. Examples The following example configures the device as a virtual terminal for this command. ... sets the line baud rate. Console terminal line. • telnet - User Guidelines • There are no default configuration. Virtual terminal for secured remote console access (SSH). Command Mode Global Configuration mode.
...; console - Line Commands line The line Global Configuration mode command identifies a specific line for remote console access (Telnet). • ssh - Default Configuration This command has no user guidelines for remote console access. Examples The following example configures the device as a virtual terminal for this command. ... sets the line baud rate. Console terminal line. • telnet - User Guidelines • There are no default configuration. Virtual terminal for secured remote console access (SSH). Command Mode Global Configuration mode.
Command Line Interface Guide
Page 250
... 20 terminal history The terminal history EXEC mode command enables the command history function for remote console access (Telnet). • ssh - Syntax • terminal history • no terminal history Default Configuration This command has no form of this command. User... Guidelines • There are no user guidelines for secured remote console access (SSH). Console terminal line. • telnet - show line The show line [console | telnet | ssh] • console - Default Configuration Default value is console. Examples The following example displays ...
... 20 terminal history The terminal history EXEC mode command enables the command history function for remote console access (Telnet). • ssh - Syntax • terminal history • no terminal history Default Configuration This command has no form of this command. User... Guidelines • There are no user guidelines for secured remote console access (SSH). Console terminal line. • telnet - show line The show line [console | telnet | ssh] • console - Default Configuration Default value is console. Examples The following example displays ...
Command Line Interface Guide
Page 271
... are permitted in the Access-List called 'mlist'. Console (config)# management access-list mlist Console (config-macl)# permit Management ACL 271 Example The following : telnet, ssh, http, https or snmp. Syntax • permit [ethernet interface-number | vlan vlan-id | port-channel number] [service service] • permit ip-source {ipv4-address | ipv6...
... are permitted in the Access-List called 'mlist'. Console (config)# management access-list mlist Console (config-macl)# permit Management ACL 271 Example The following : telnet, ssh, http, https or snmp. Syntax • permit [ethernet interface-number | vlan vlan-id | port-channel number] [service service] • permit ip-source {ipv4-address | ipv6...
Command Line Interface Guide
Page 272
... rule. Specifies the network mask of bits that comprise the source IPv4 address prefix. The parameter is optional. • mask mask - Example The following : telnet, ssh, http, https or snmp. Can be preceded by a forward slash (/). A valid VLAN number. • port-channel number - Source IPv6 address and prefix length. User Guidelines...
... rule. Specifies the network mask of bits that comprise the source IPv4 address prefix. The parameter is optional. • mask mask - Example The following : telnet, ssh, http, https or snmp. Can be preceded by a forward slash (/). A valid VLAN number. • port-channel number - Source IPv6 address and prefix length. User Guidelines...
Command Line Interface Guide
Page 377
... is 22. Command Mode Global Configuration mode. Console (config)# ip ssh port 8080 ip ssh server The ip ssh server Global Configuration mode command enables the device to disable this function. Syntax • ip ssh server • no ip ssh port • port-number - Use the no form of this command.... Use the no form of this command to be used by the SSH server as 8080. Example The following example specifies the port to be used by the SSH server. SSH Commands ip ssh port The ip ssh port Global Configuration mode command specifies the port to be configured from...
... is 22. Command Mode Global Configuration mode. Console (config)# ip ssh port 8080 ip ssh server The ip ssh server Global Configuration mode command enables the device to disable this function. Syntax • ip ssh server • no ip ssh port • port-number - Use the no form of this command.... Use the no form of this command to be used by the SSH server as 8080. Example The following example specifies the port to be used by the SSH server. SSH Commands ip ssh port The ip ssh port Global Configuration mode command specifies the port to be configured from...
Command Line Interface Guide
Page 378
...FLASH. Command Mode Global Configuration mode. Default Configuration SSH is 2048 bits. Console (config)# ip ssh server crypto key generate dsa The ip ssh server Global Configuration mode command generates DSA key pairs. The SSH keys can be configured from a SSH server. Example The following example generates DSA key ... • If encryption keys are generated in the startup configuration; User Guidelines • DSA keys are not generated, the SSH server is not saved in pairs: one public DSA key and one private DSA key. Console (config)# crypto key generate dsa 378...
...FLASH. Command Mode Global Configuration mode. Default Configuration SSH is 2048 bits. Console (config)# ip ssh server crypto key generate dsa The ip ssh server Global Configuration mode command generates DSA key pairs. The SSH keys can be configured from a SSH server. Example The following example generates DSA key ... • If encryption keys are generated in the startup configuration; User Guidelines • DSA keys are not generated, the SSH server is not saved in pairs: one public DSA key and one private DSA key. Console (config)# crypto key generate dsa 378...