Command Line Interface Guide
Page 29
The User Exec mode is entered, and the prompt "Console>" is displayed. 2 ...start using the CLI, there is a series of a parameter. This effectively logs off the current user and logs on the new user. Keywords identify a command, and arguments specify configuration parameters. Editing Features Entering Commands A CLI command is... administrator, enter: Console(config)# username admin password smith When working with the quit or exit command. When a different user is ? The command is not selected from a menu but is entered. For example, to request help information can ...
The User Exec mode is entered, and the prompt "Console>" is displayed. 2 ...start using the CLI, there is a series of a parameter. This effectively logs off the current user and logs on the new user. Keywords identify a command, and arguments specify configuration parameters. Editing Features Entering Commands A CLI command is... administrator, enter: Console(config)# username admin password smith When working with the quit or exit command. When a different user is ? The command is not selected from a menu but is entered. For example, to request help information can ...
Command Line Interface Guide
Page 37
... client on an interface. Configuration sntp authenticate Grants authentication for display purposes. Privileged User EXEC Clock Commands Command Group Description Access Mode clock set Manually sets the system clock. Global Configuration sntp anycast client enable Enables Anycast clients. Privileged User EXEC clock source Configures an external time source for Simple Network Global Time...
... client on an interface. Configuration sntp authenticate Grants authentication for display purposes. Privileged User EXEC Clock Commands Command Group Description Access Mode clock set Manually sets the system clock. Global Configuration sntp anycast client enable Enables Anycast clients. Privileged User EXEC clock source Configures an external time source for Simple Network Global Time...
Command Line Interface Guide
Page 53
... mode. SSH Public Key Displays the SSH server configuration. Privileged User EXEC Syslog Commands Command Group logging on the device. Global Configuration Generates RSA key pairs. SSH Public Key Manually specifies a SSH public key. Logs messages to the console based... Global Configuration Command Groups 53 Global Configuration Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command. Privileged User EXEC Displays the SSH public keys stored on logging logging console logging buffered Description...
... mode. SSH Public Key Displays the SSH server configuration. Privileged User EXEC Syslog Commands Command Group logging on the device. Global Configuration Generates RSA key pairs. SSH Public Key Manually specifies a SSH public key. Logs messages to the console based... Global Configuration Command Groups 53 Global Configuration Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command. Privileged User EXEC Displays the SSH public keys stored on logging logging console logging buffered Description...
Command Line Interface Guide
Page 60
...keys within a pkcs12 PKCS12 file Privileged User EXEC show crypto certificate Displays the SSL certificates of the client. Configuration ip http exec-timeout Sets the interval the system waits for HTTPS. dot1x port-control Enables manual control of the authorization state of ...the port dot1x re-authentication Enables periodic re-authentication of the device mycertificate Privileged User EXEC show ip https Displays the HTTPS server configuration. crypto ...
...keys within a pkcs12 PKCS12 file Privileged User EXEC show crypto certificate Displays the SSL certificates of the client. Configuration ip http exec-timeout Sets the interval the system waits for HTTPS. dot1x port-control Enables manual control of the authorization state of ...the port dot1x re-authentication Enables periodic re-authentication of the device mycertificate Privileged User EXEC show ip https Displays the HTTPS server configuration. crypto ...
Command Line Interface Guide
Page 61
... Command Groups 61 dot1x timeout reauthperiod Sets the number of all 802.1X-enabled Privileged User ports or the specified 802.1X-enabled port. Configuration dot1x re-authenticate Manually initiates a re-authentication of seconds between re-authentica- Configuration request/identity frame, from the client, before restart- ... process. dot1x timeout servertimeout Sets the time for the retransmission of packets to the client, before resending the request. Privileged User EXEC show dot1x users Displays 802.1X statistics for the specified interface. Interface tion attempts.
... Command Groups 61 dot1x timeout reauthperiod Sets the number of all 802.1X-enabled Privileged User ports or the specified 802.1X-enabled port. Configuration dot1x re-authenticate Manually initiates a re-authentication of seconds between re-authentica- Configuration request/identity frame, from the client, before restart- ... process. dot1x timeout servertimeout Sets the time for the retransmission of packets to the client, before resending the request. Privileged User EXEC show dot1x users Displays 802.1X statistics for the specified interface. Interface tion attempts.
Command Line Interface Guide
Page 67
...Back Pressure on the station's MAC address. Associates a port with TACACS servers. Adds a description to that the device sends. Enables user-based VLAN assignment. Enables authentication based on a given interface. Establishes a username-based authentication system. Maps assigned CoS values to select one...interface an access to the client, before the IP address of the ISATAP router is no active ISATAP router). Enables manual control of the authorization state of the port Enables periodic re-authentication of the egress queues. Configures the interval between ISATAP...
...Back Pressure on the station's MAC address. Associates a port with TACACS servers. Adds a description to that the device sends. Enables user-based VLAN assignment. Enables authentication based on a given interface. Establishes a username-based authentication system. Maps assigned CoS values to select one...interface an access to the client, before the IP address of the ISATAP router is no active ISATAP router). Enables manual control of the authorization state of the port Enables periodic re-authentication of the egress queues. Configures the interval between ISATAP...
Command Line Interface Guide
Page 71
...) tests on the device. reload Reloads the operating system. show bridge multicast filtering Displays the Multicast filtering configuration. show dot1x users Displays 802.1X statistics for HTTPS. ipv6 set mtu Sets the MTU size of the device show bootvar Displays the active system... 802.1X-enabled port. ssh show copper-ports cable-length Displays the estimated copper cable length attached to User EXEC mode. Command Modes 71 set Manually sets the system clock. show crypto certificate mycertificate Displays the SSL certificates of IPv6 packets sent on an...
...) tests on the device. reload Reloads the operating system. show bridge multicast filtering Displays the Multicast filtering configuration. show dot1x users Displays 802.1X statistics for HTTPS. ipv6 set mtu Sets the MTU size of the device show bootvar Displays the active system... 802.1X-enabled port. ssh show copper-ports cable-length Displays the estimated copper cable length attached to User EXEC mode. Command Modes 71 set Manually sets the system clock. show crypto certificate mycertificate Displays the SSL certificates of IPv6 packets sent on an...
Command Line Interface Guide
Page 72
...currently running configuration file. show ipv6 interface Displays the usability status of interfaces configured for a TACACS+ servers. Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command 72 Command Modes show ipv6 neighbors Displays IPv6 neighbor discovery cache information. show ip ...startup-config Displays the startup configuration file contents. show spanning-tree Displays spanning tree configuration. SP (SSH Public Key) Mode Command key-string user-key Description Manually specifies a SSH public key.
...currently running configuration file. show ipv6 interface Displays the usability status of interfaces configured for a TACACS+ servers. Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command 72 Command Modes show ipv6 neighbors Displays IPv6 neighbor discovery cache information. show ip ...startup-config Displays the startup configuration file contents. show spanning-tree Displays spanning tree configuration. SP (SSH Public Key) Mode Command key-string user-key Description Manually specifies a SSH public key.
Command Line Interface Guide
Page 123
...:mm:ss - Current year. (2000 - 2097) Default Configuration The default time set Privileged EXEC mode command manually sets the system clock. Current day (by name. (Jan, ..., Dec) • year - User Guidelines • There are no user guidelines for the system clock. Command Mode Privileged EXEC mode. Example The following example sets the system...
...:mm:ss - Current year. (2000 - 2097) Default Configuration The default time set Privileged EXEC mode command manually sets the system clock. Current day (by name. (Jan, ..., Dec) • year - User Guidelines • There are no user guidelines for the system clock. Command Mode Privileged EXEC mode. Example The following example sets the system...
Command Line Interface Guide
Page 124
... of this command to set . 124 Clock SNTP servers Default Configuration No external clock source. Use the no user guidelines for this command is used only for display purposes and when the time is manually set the time to 4 characters) Default Configuration UTC. Examples The following example configures an external time source...
... of this command to set . 124 Clock SNTP servers Default Configuration No external clock source. Use the no user guidelines for this command is used only for display purposes and when the time is manually set the time to 4 characters) Default Configuration UTC. Examples The following example configures an external time source...
Command Line Interface Guide
Page 157
.... Syntax system flowcontrol no mdix • on | auto} • no system flowcontrol Default Configuration System flowcontrol is disabled. Ethernet Configuration Commands 157 User Guidelines This command is enabled. Manual mdix • auto - system flowcontrol The system flowcontrol Interface Configuration mode command enables flow control on port 1/4. Example The following example enables flow...
.... Syntax system flowcontrol no mdix • on | auto} • no system flowcontrol Default Configuration System flowcontrol is disabled. Ethernet Configuration Commands 157 User Guidelines This command is enabled. Manual mdix • auto - system flowcontrol The system flowcontrol Interface Configuration mode command enables flow control on port 1/4. Example The following example enables flow...
Command Line Interface Guide
Page 187
... example globally enables GVRP on an interface. GVRP Commands 187 Syntax • gvrp enable • no form of this command. User Guidelines • There are no form of this command to disable GVRP globally on the switch. Command Mode Global Configuration mode. Use the...all other switches on the network learn these VLANs dynamically. GVRP Commands gvrp enable (global) GVRP, or GARP VLAN Registration Protocol, is manually configured with all desired VLANs for this command to disable GVRP on an interface. The gvrp enable Global Configuration mode command enables GVRP ...
... example globally enables GVRP on an interface. GVRP Commands 187 Syntax • gvrp enable • no form of this command. User Guidelines • There are no form of this command to disable GVRP globally on the switch. Command Mode Global Configuration mode. Use the...all other switches on the network learn these VLANs dynamically. GVRP Commands gvrp enable (global) GVRP, or GARP VLAN Registration Protocol, is manually configured with all desired VLANs for this command to disable GVRP on an interface. The gvrp enable Global Configuration mode command enables GVRP ...
Command Line Interface Guide
Page 220
..., VLAN, Port-channel) mode. Syntax • ipv6 address ipv6-address/prefix-length [eui-64] [anycast] • no ipv6 address command without arguments removes all manually configured IPv6 addresses from the interface. Example The following example displays the IPv6 ICMP error interval setting.. The address is an anycast address. A slash mark... address [ipv6-address/prefix-length] [eui-64] • ipv6-address - Cannot be configured for the /prefix-length argument is used) • eui-64 - User Guidelines • If the value specified for a range of interfaces (range context).
..., VLAN, Port-channel) mode. Syntax • ipv6 address ipv6-address/prefix-length [eui-64] [anycast] • no ipv6 address command without arguments removes all manually configured IPv6 addresses from the interface. Example The following example displays the IPv6 ICMP error interval setting.. The address is an anycast address. A slash mark... address [ipv6-address/prefix-length] [eui-64] • ipv6-address - Cannot be configured for the /prefix-length argument is used) • eui-64 - User Guidelines • If the value specified for a range of interfaces (range context).
Command Line Interface Guide
Page 221
...The following example configures an IPv6 address FE80::260:3EFF:FE11:6770 for link-local addresses. Default Configuration IPv6 is enabled on the interface. User Guidelines • Using the no ipv6 address link-local • ipv6-address - Multiple IPv6 addresses can be configured for a range ... Interface configuration (Ethernet, VLAN, Port-channel). The address is used by an interface, use the ipv6 link-local address command. To manually specify a link-local address to the interface. Syntax • ipv6 address ipv6-address link-local • no ipv6 link-local address command...
...The following example configures an IPv6 address FE80::260:3EFF:FE11:6770 for link-local addresses. Default Configuration IPv6 is enabled on the interface. User Guidelines • Using the no ipv6 address link-local • ipv6-address - Multiple IPv6 addresses can be configured for a range ... Interface configuration (Ethernet, VLAN, Port-channel). The address is used by an interface, use the ipv6 link-local address command. To manually specify a link-local address to the interface. Syntax • ipv6 address ipv6-address link-local • no ipv6 link-local address command...
Command Line Interface Guide
Page 225
...number - Command Mode Privileged EXEC mode. Console# show ipv6 neighbors command in the privileged EXEC mode. Examples The following example defines an IPv6 default gateway. User Guidelines • To display IPv6 neighbor discovery cache information, use the show ipv6 interface Interface IP addresses ---------- Port channel number Default Configuration Displays all IPv6... number • vlan vlan-id - g2 7001::5668/64 [ANY] g2 6001::1234/64 g2 fe80::22/64 g2 ff02::1 g2 ff02::78 Type ----manual manual manual linklayer manual IP Addressing Commands 225
...number - Command Mode Privileged EXEC mode. Console# show ipv6 neighbors command in the privileged EXEC mode. Examples The following example defines an IPv6 default gateway. User Guidelines • To display IPv6 neighbor discovery cache information, use the show ipv6 interface Interface IP addresses ---------- Port channel number Default Configuration Displays all IPv6... number • vlan vlan-id - g2 7001::5668/64 [ANY] g2 6001::1234/64 g2 fe80::22/64 g2 ff02::1 g2 ff02::78 Type ----manual manual manual linklayer manual IP Addressing Commands 225
Command Line Interface Guide
Page 227
...:b0ff:fe00 other :: 3001::1/64 manual 4004::55/64 [ANY] manual fe80::200:b0ff:fe00:0 linklayer ff02::1 linklayer ff02::77 manual ff02::1:ff00:0 manual ff02::1:ff00:1 manual ff02::1:ff00:55 manual DAD State --------Active Active Active Active Active show ipv6 route The show ipv6 route Default Configuration This command has no user guidelines for this command. Syntax...
...:b0ff:fe00 other :: 3001::1/64 manual 4004::55/64 [ANY] manual fe80::200:b0ff:fe00:0 linklayer ff02::1 linklayer ff02::77 manual ff02::1:ff00:0 manual ff02::1:ff00:1 manual ff02::1:ff00:55 manual DAD State --------Active Active Active Active Active show ipv6 route The show ipv6 route Default Configuration This command has no user guidelines for this command. Syntax...
Command Line Interface Guide
Page 380
...(config)# crypto key pubkey-chain ssh Console(config-pubkey-chain)# user-key The user-key SSH Public Key Chain Configuration mode command specifies which SSH public key is used when you need to manually specify SSH client's public keys. The mode is manually configured and enters the SSH Public Key-chain Configuration mode command...
...(config)# crypto key pubkey-chain ssh Console(config-pubkey-chain)# user-key The user-key SSH Public Key Chain Configuration mode command specifies which SSH public key is used when you need to manually specify SSH client's public keys. The mode is manually configured and enters the SSH Public Key-chain Configuration mode command...
Command Line Interface Guide
Page 381
...Follow this command with the key-string command to 48 characters long. • rsa - Specifies the remote SSH client username, which can be manually configured for the SSH public key chain called "bob". Default Configuration By default, the keys do not exist. Syntax • key-string ...row key-string • row - Console(config-pubkey-chain)# user-key bob rsa Console(config-pubkey-key)# key-string row key-string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl key-string The key-string SSH Public Key-String Configuration mode ...
...Follow this command with the key-string command to 48 characters long. • rsa - Specifies the remote SSH client username, which can be manually configured for the SSH public key chain called "bob". Default Configuration By default, the keys do not exist. Syntax • key-string ...row key-string • row - Console(config-pubkey-chain)# user-key bob rsa Console(config-pubkey-key)# key-string row key-string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl key-string The key-string SSH Public Key-String Configuration mode ...
Command Line Interface Guide
Page 492
... • no dot1x system-auth-control • This command has no user guidelines for this command. Command Modes Global Configuration mode. Console(config)# dot1x system-auth-control dot1x port-control The dot1x port-control Interface Configuration mode command enables manual control of the authorization state of this command to the default setting... of this command to return to disable 802.1x globally. Use the no form of the port. Examples The following example enables 802.1x globally. User Guidelines • There are no arguments or keywords.
... • no dot1x system-auth-control • This command has no user guidelines for this command. Command Modes Global Configuration mode. Console(config)# dot1x system-auth-control dot1x port-control The dot1x port-control Interface Configuration mode command enables manual control of the authorization state of this command to the default setting... of this command to return to disable 802.1x globally. Use the no form of the port. Examples The following example enables 802.1x globally. User Guidelines • There are no arguments or keywords.
Command Line Interface Guide
Page 495
... • dot1x re-authenticate [ethernet interface] • interface - Syntax • dot1x timeout quiet-period seconds • no user guidelines for this command to return to the default setting. Console# dot1x re-authenticate ethernet g8 dot1x timeout quiet-period The dot1x timeout... failed authentication exchange with the client. (Range: 0 - 65535 seconds) Default Configuration Switch remains in the quiet state following command manually initiates a re-authentication of all 802.1X-enabled ports or the specified 802.1X-enabled port. Command Mode Interface Configuration (Ethernet...
... • dot1x re-authenticate [ethernet interface] • interface - Syntax • dot1x timeout quiet-period seconds • no user guidelines for this command to return to the default setting. Console# dot1x re-authenticate ethernet g8 dot1x timeout quiet-period The dot1x timeout... failed authentication exchange with the client. (Range: 0 - 65535 seconds) Default Configuration Switch remains in the quiet state following command manually initiates a re-authentication of all 802.1X-enabled ports or the specified 802.1X-enabled port. Command Mode Interface Configuration (Ethernet...