Command Line Interface Guide
Page 6
... login 85 aaa authentication enable 86 login authentication 87 enable authentication 88 ip http authentication 89 ip https authentication 89 show authentication methods 90 password 92 enable password 92 username 93 show users accounts 94 6 Address Table Commands 95 bridge address 95 bridge multicast filtering 96 bridge multicast address 97 bridge multicast forbidden...
... login 85 aaa authentication enable 86 login authentication 87 enable authentication 88 ip http authentication 89 ip https authentication 89 show authentication methods 90 password 92 enable password 92 username 93 show users accounts 94 6 Address Table Commands 95 bridge address 95 bridge multicast filtering 96 bridge multicast address 97 bridge multicast forbidden...
Command Line Interface Guide
Page 20
show version 415 asset-tag 416 show system id 417 32 TACACS Commands 419 tacacs-server host 419 tacacs-server key 420 tacacs-server timeout 420 tacacs-server source-ip 421 show tacacs 422 33 TIC Commands 423 passwords min-length 423 password-aging 424 passwords aging 424 passwords history 425 passwords history hold-time 426 passwords lockout 426 aaa login-history file 427 set username active 428 set line active 428 set enable-password active 429 show passwords configuration 429 show users login-history 431 20 Contents
show version 415 asset-tag 416 show system id 417 32 TACACS Commands 419 tacacs-server host 419 tacacs-server key 420 tacacs-server timeout 420 tacacs-server source-ip 421 show tacacs 422 33 TIC Commands 423 passwords min-length 423 password-aging 424 passwords aging 424 passwords history 425 passwords history hold-time 426 passwords lockout 426 aaa login-history file 427 set username active 428 set line active 428 set enable-password active 429 show passwords configuration 429 show users login-history 431 20 Contents
Command Line Interface Guide
Page 29
... help messages are two instances where the help is complete. The matched parameters for the administrator, enter: Console(config)# username admin password smith When working with the quit or exit command. This effectively logs off the current user and logs on the new.... The character ? For example, to request help information can be displayed: • Keyword lookup - The standard command to set a password for this command are described: • Terminal Command Buffer • Command Completion • Keyboard Shortcuts Using the CLI 29 The following steps...
... help messages are two instances where the help is complete. The matched parameters for the administrator, enter: Console(config)# username admin password smith When working with the quit or exit command. This effectively logs off the current user and logs on the new.... The character ? For example, to request help information can be displayed: • Keyword lookup - The standard command to set a password for this command are described: • Terminal Command Buffer • Command Completion • Keyboard Shortcuts Using the CLI 29 The following steps...
Command Line Interface Guide
Page 36
...MAC-layer station source address to the group. Configuration bridge multicast forward-all Multicast frames on a port. password enable password username show bridge address-table Displays statically created entries in the bridge-forwarding database. Displays information about the local user...Disables new address learning on a line. Establishes a username-based authentication system. Adds MAC-layer secure addresses to normal and privilege levels. Privileged User EXEC show users accounts Specifies a password on an interface. Configuration bridge aging-time Sets the...
...MAC-layer station source address to the group. Configuration bridge multicast forward-all Multicast frames on a port. password enable password username show bridge address-table Displays statically created entries in the bridge-forwarding database. Displays information about the local user...Disables new address learning on a line. Establishes a username-based authentication system. Adds MAC-layer secure addresses to normal and privilege levels. Privileged User EXEC show users accounts Specifies a password on an interface. Configuration bridge aging-time Sets the...
Command Line Interface Guide
Page 46
.... Line Configuration Enables the display of message-of -the-day banner.. lldp med network-policy Attaches a LLDP MED network policy to be displayed before the username and password login prompts. Configuration (Ethernet) clear lldp rx Restarts the LLDP RX state machine and clearing the neighbors table. Configuration Enables a message to be displayed...
.... Line Configuration Enables the display of message-of -the-day banner.. lldp med network-policy Attaches a LLDP MED network policy to be displayed before the username and password login prompts. Configuration (Ethernet) clear lldp rx Restarts the LLDP RX state machine and clearing the neighbors table. Configuration Enables a message to be displayed...
Command Line Interface Guide
Page 55
... Configuration passwords aging Configures the aging time of line passwords. Global Configuration Sets the authentication encryption key used for Global the communication with access to the system.passwords minlength Configures the minimal length required for passwords in the local database can be used for a TACACS+ servers. Configuration passwords aging Configures the aging time of username passwords and...
... Configuration passwords aging Configures the aging time of line passwords. Global Configuration Sets the authentication encryption key used for Global the communication with access to the system.passwords minlength Configures the minimal length required for passwords in the local database can be used for a TACACS+ servers. Configuration passwords aging Configures the aging time of username passwords and...
Command Line Interface Guide
Page 56
... username active Reactivates a previously locked out user account. Privileged EXEC Tunnel Commands Command Group Description Access Mode interface tunnel Enters tunnel interface configuration mode. Interface Tunnel Configuration tunnel isatap query-interval Configures the interval between ISATAP router Global solicitations messages (when there is no active ISATAP Configuration router). Global Configuration show passwords...
... username active Reactivates a previously locked out user account. Privileged EXEC Tunnel Commands Command Group Description Access Mode interface tunnel Enters tunnel interface configuration mode. Interface Tunnel Configuration tunnel isatap query-interval Configures the interval between ISATAP router Global solicitations messages (when there is no active ISATAP Configuration router). Global Configuration show passwords...
Command Line Interface Guide
Page 63
... accessing higher privilege levels. Generates a HTTPS certificate. Sets the time zone for display purposes Configures the system to automatically switch to be displayed before the username and password login prompts. Enters SSH Public Key-chain configuration mode. Specifies and enables a message to summer time (daylight saving time). Command Modes GC (Global Configuration...
... accessing higher privilege levels. Generates a HTTPS certificate. Sets the time zone for display purposes Configures the system to automatically switch to be displayed before the username and password login prompts. Enters SSH Public Key-chain configuration mode. Specifies and enables a message to summer time (daylight saving time). Command Modes GC (Global Configuration...
Command Line Interface Guide
Page 85
...8226; list-name - This has the same effect as the default list of all RADIUS servers for authentication. local Uses the local username database for authentication. Default Configuration The local user database is not defined. AAA Commands 85 Specify at least one from the following ... checked. tacacs Uses the list of methods when a user logs in . • method1 [method2...] - line Uses the line password for authentication. Uses the listed authentication methods that follow this command to return to name the list of all TACACS servers for authentication....
...8226; list-name - This has the same effect as the default list of all RADIUS servers for authentication. local Uses the local username database for authentication. Default Configuration The local user database is not defined. AAA Commands 85 Specify at least one from the following ... checked. tacacs Uses the list of methods when a user logs in . • method1 [method2...] - line Uses the line password for authentication. Uses the listed authentication methods that follow this command to return to name the list of all TACACS servers for authentication....
Command Line Interface Guide
Page 86
...method returns an error, not if it fails. Specify at least one from the following example configures authentication login. Uses the line password for authentication. Uses username "$enabx$." Uses the list of methods, when using access higher privilege levels. • method1 [method2...] - Syntax • aaa...methods that follow this list. Example The following table: Keyword enable line none radius tacacs Source or destination Uses the enable password for authentication. Use the no form of all TACACS+ servers for authentication. Uses the list of this command to return ...
...method returns an error, not if it fails. Specify at least one from the following example configures authentication login. Uses the line password for authentication. Uses username "$enabx$." Uses the list of methods, when using access higher privilege levels. • method1 [method2...] - Syntax • aaa...methods that follow this list. Example The following table: Keyword enable line none radius tacacs Source or destination Uses the enable password for authentication. Use the no form of all TACACS+ servers for authentication. Uses the list of this command to return ...
Command Line Interface Guide
Page 87
...password is any character string used only if the previous method returns an error, not if it exists. User Guidelines • The default and optional list names created with the aaa authentication enable command are used to name this command to return to a RADIUS or TACACS server include the username...Uses the default list created with the authentication login command. Default Configuration If the default list is not set, only the enable password is set with the enable authentication command. • Create a list by the device to the default specified by the authentication login...
...password is any character string used only if the previous method returns an error, not if it exists. User Guidelines • The default and optional list names created with the aaa authentication enable command are used to name this command to return to a RADIUS or TACACS server include the username...Uses the default list created with the authentication login command. Default Configuration If the default list is not set, only the enable password is set with the enable authentication command. • Create a list by the device to the default specified by the authentication login...
Command Line Interface Guide
Page 93
... Configuration mode. Use the no form of the user. (Range: 1 - 20 characters) • password - Default Configuration No user is required. Syntax • username name [password password] [level level] [encrypted] • no user guidelines for the user. (Range: 8 - 64 characters) • level - Encrypted password entered, copied from another device configuration. User Guidelines • There are no...
... Configuration mode. Use the no form of the user. (Range: 1 - 20 characters) • password - Default Configuration No user is required. Syntax • username name [password password] [level level] [encrypted] • no user guidelines for the user. (Range: 8 - 64 characters) • level - Encrypted password entered, copied from another device configuration. User Guidelines • There are no...
Command Line Interface Guide
Page 94
Example The following example displays the local users configured with access to the system. Robert 15 -- -- -- 94 AAA Commands User Guidelines • There are no default configuration. Command Mode Privileged EXEC mode. Syntax • show users accounts Default Configuration This command has no user guidelines for this command. Console# show users accounts Privileged EXEC mode command displays information about the local user database. show users accounts The show users accounts Username Privilege Password Aging Password Expiry Date Lockout Bob 15 -- -- --
Example The following example displays the local users configured with access to the system. Robert 15 -- -- -- 94 AAA Commands User Guidelines • There are no default configuration. Command Mode Privileged EXEC mode. Syntax • show users accounts Default Configuration This command has no user guidelines for this command. Console# show users accounts Privileged EXEC mode command displays information about the local user database. show users accounts The show users accounts Username Privilege Password Aging Password Expiry Date Lockout Bob 15 -- -- --
Command Line Interface Guide
Page 116
... the host name for the device. Use the no form of the device. • To disable the EXEC banner on to be displayed before the username and password login prompts. End with the character '%'. $(bold)Session activated.$(bold) Enter commands at the prompt. Displays the system location string. Displays the domain name...
... the host name for the device. Use the no form of the device. • To disable the EXEC banner on to be displayed before the username and password login prompts. End with the character '%'. $(bold)Session activated.$(bold) Enter commands at the prompt. Displays the system location string. Displays the domain name...
Command Line Interface Guide
Page 336
...the user belongs. Each byte in the MIB. The user should enter password. • auth-sha - Command Mode Global Configuration mode. Syntax • snmp-server user username groupname [remote engineid-string ] [ auth-md5 password | auth-sha password | auth-md5-key md5-des-keys | auth-sha-key sha-des... Each byte can be separated by a period or colon. (Range: 5 - 32 characters) • auth-md5 - The user should enter password. • password - The name of the command to 30 characters) • auth-md5-key - The user should enter authentication and privacy keys. 336 SNMP Commands...
...the user belongs. Each byte in the MIB. The user should enter password. • auth-sha - Command Mode Global Configuration mode. Syntax • snmp-server user username groupname [remote engineid-string ] [ auth-md5 password | auth-sha password | auth-md5-key md5-des-keys | auth-sha-key sha-des... Each byte can be separated by a period or colon. (Range: 5 - 32 characters) • auth-md5 - The user should enter password. • password - The name of the command to 30 characters) • auth-md5-key - The user should enter authentication and privacy keys. 336 SNMP Commands...
Command Line Interface Guide
Page 424
... passwords. Syntax • passwords aging username name days • no passwords aging username name • passwords aging enable-password level days • no password-aging • days - The number of this command. To disable password expiration time use the no form of days before a password change is forced. (Range: 1-365) Default Configuration Password aging is generated. The number of username passwords and enables passwords...
... passwords. Syntax • passwords aging username name days • no passwords aging username name • passwords aging enable-password level days • no password-aging • days - The number of this command. To disable password expiration time use the no form of days before a password change is forced. (Range: 1-365) Default Configuration Password aging is generated. The number of username passwords and enables passwords...
Command Line Interface Guide
Page 425
.... To remove the requirement use the no passwords history • number - Console (config)# passwords aging username 40 passwords history The passwords history Global Configuration mode command configures the number of password changes that are required before a password can be reused. (Range: 1-10). Syntax • passwords history number • no form of passwords for another 3 times. • 10 days before...
.... To remove the requirement use the no passwords history • number - Console (config)# passwords aging username 40 passwords history The passwords history Global Configuration mode command configures the number of password changes that are required before a password can be reused. (Range: 1-10). Syntax • passwords history number • no form of passwords for another 3 times. • 10 days before...
Command Line Interface Guide
Page 427
... local console. • A user that has privilege level 15 can release accounts that are locked out by using the set username active, 'set enable-password active' and 'set line active' privileged EXEC commands. • Disabling lockout unlocks all users. • Re-enabling lockout...aaa login-history file Global Configuration mode command enables writing to login history file. Syntax • aaa login-history file • no passwords lockout • number - Command Mode Global Configuration mode. TIC Commands 427 Default Configuration Lockout is locked-out. (Range: 1-5). Command ...
... local console. • A user that has privilege level 15 can release accounts that are locked out by using the set username active, 'set enable-password active' and 'set line active' privileged EXEC commands. • Disabling lockout unlocks all users. • Re-enabling lockout...aaa login-history file Global Configuration mode command enables writing to login history file. Syntax • aaa login-history file • no passwords lockout • number - Command Mode Global Configuration mode. TIC Commands 427 Default Configuration Lockout is locked-out. (Range: 1-5). Command ...
Command Line Interface Guide
Page 431
...:23 Jan 19 2004 08:23:48 Jan 19 2004 08:29:29 Jan 19 2004 08:42:31 Jan 19 2004 08:49:52 Username -------Robert Robert Bob Robert John Betty Protocol -------HTTP HTTP Serial HTTP SSH Telnet Location -------172.16.1.8 172.16.0.8 172.16.0.8 172.16.0.1 172.16.1.7 ...TIC Commands 431 Command Mode Privileged EXEC mode. Syntax • show users login-history [username name] • name - If the password is enabled, it specifies "LOCKOUT". Lockout Line If lockout control is locked out it specifies how many times a user has failed to enter...
...:23 Jan 19 2004 08:23:48 Jan 19 2004 08:29:29 Jan 19 2004 08:42:31 Jan 19 2004 08:49:52 Username -------Robert Robert Bob Robert John Betty Protocol -------HTTP HTTP Serial HTTP SSH Telnet Location -------172.16.1.8 172.16.0.8 172.16.0.8 172.16.0.1 172.16.1.7 ...TIC Commands 431 Command Mode Privileged EXEC mode. Syntax • show users login-history [username name] • name - If the password is enabled, it specifies "LOCKOUT". Lockout Line If lockout control is locked out it specifies how many times a user has failed to enter...
Command Line Interface Guide
Page 442
Console# disable Console> login The login User EXEC mode command changes a login username. Syntax • login Default Configuration This command has no user guidelines for this command. Example The following example shows how to normal ...command. Command Mode User EXEC mode. Default Configuration The default privilege level is 1. Command Mode Privileged EXEC mode. Console> login User Name:admin Password:***** Console# 442 User Interface User Guidelines • There are no default configuration. Example The following example shows how to return to enter privileged EXEC...
Console# disable Console> login The login User EXEC mode command changes a login username. Syntax • login Default Configuration This command has no user guidelines for this command. Example The following example shows how to normal ...command. Command Mode User EXEC mode. Default Configuration The default privilege level is 1. Command Mode Privileged EXEC mode. Console> login User Name:admin Password:***** Console# 442 User Interface User Guidelines • There are no default configuration. Example The following example shows how to return to enter privileged EXEC...