Command Line Interface Guide
Page 35
... Specifies authentication methods for a remote telnet or console. Configuration Specifies the login authentication method list for HTTPS server users. Line Configuration Specifies the authentication method list when accessing a Line higher privilege level from ...AAA Commands Command Group aaa authentication login aaa authentication enable login authentication enable authentication ip http authentication ip https authentication show authentication methods password enable password username Description Access Mode Defines login authentication. Set permit conditions for...
... Specifies authentication methods for a remote telnet or console. Configuration Specifies the login authentication method list for HTTPS server users. Line Configuration Specifies the authentication method list when accessing a Line higher privilege level from ...AAA Commands Command Group aaa authentication login aaa authentication enable login authentication enable authentication ip http authentication ip https authentication show authentication methods password enable password username Description Access Mode Defines login authentication. Set permit conditions for...
Command Line Interface Guide
Page 59
... secure mode for a port. Displays the voice VLAN status. Global Configuration Global Configuration Command Groups 59 Enables configuring the device from a browser. Generates a self-signed HTTPS certificate. Access Mode Global Configuration Global Configuration Global Configuration Global Configuration Interface configuration (Ethernet, port-channel) Interface configuration (Ethernet, port-channel EXEC mode Web Server...
... secure mode for a port. Displays the voice VLAN status. Global Configuration Global Configuration Command Groups 59 Enables configuring the device from a browser. Generates a self-signed HTTPS certificate. Access Mode Global Configuration Global Configuration Global Configuration Global Configuration Interface configuration (Ethernet, port-channel) Interface configuration (Ethernet, port-channel EXEC mode Web Server...
Command Line Interface Guide
Page 60
...that has the dot1x port-control interface configuration command set to an Extensible Authentication Protocol (EAP) - Displays the HTTPS server configuration. 802.1x Commands Privileged EXEC Privileged EXEC Privileged EXEC Command aaa authentication dot1x dot1x system-authcontrol dot1x ...reauthperiod dot1x reauthentication dot1x timeout quietperiod dot1x timeout txperiod dot1x max-req dot1x timeout supptimeout dot1x timeout servertimeout show ip https Displays the SSH certificates of the client. Manually initiates a re-authentication of seconds between re-authentication attempts. ...
...that has the dot1x port-control interface configuration command set to an Extensible Authentication Protocol (EAP) - Displays the HTTPS server configuration. 802.1x Commands Privileged EXEC Privileged EXEC Privileged EXEC Command aaa authentication dot1x dot1x system-authcontrol dot1x ...reauthperiod dot1x reauthentication dot1x timeout quietperiod dot1x timeout txperiod dot1x max-req dot1x timeout supptimeout dot1x timeout servertimeout show ip https Displays the SSH certificates of the client. Manually initiates a re-authentication of seconds between re-authentication attempts. ...
Command Line Interface Guide
Page 63
...how long an entry remains in the ARP cache. Enters SSH Public Key-chain configuration mode. Defines authentication method lists for HTTPS. Sets the Address Table aging time. Generates and displays certificate requests for accessing higher privilege levels. Enables 802.1x globally....dot1x system-auth-control dot1x traps macauthentication failure Description Specifies one or more authentication, authorization, and accounting (AAA) methods for HTTPS. Adds a permanent entry in the ARP cache. Generates DSA key pairs. Configures the system to automatically switch to the ...
...how long an entry remains in the ARP cache. Enters SSH Public Key-chain configuration mode. Defines authentication method lists for HTTPS. Sets the Address Table aging time. Generates and displays certificate requests for accessing higher privilege levels. Enables 802.1x globally....dot1x system-auth-control dot1x traps macauthentication failure Description Specifies one or more authentication, authorization, and accounting (AAA) methods for HTTPS. Adds a permanent entry in the ARP cache. Generates DSA key pairs. Configures the system to automatically switch to the ...
Command Line Interface Guide
Page 65
...-list for user input before automatically logging off. Limits syslog messages sent to a syslog server. Configures the active certificate for HTTP server users. Enables Internet Group Management Protocol (IGMP) snooping. Creates Layer 2 ACLs. Specifies the port to configure the device...browser to be configured from a secured browser. Command Modes 65 ip http authentication ip http exec-timeout ip http port ip http server ip https authentication ip https certificate ip https exec-timeout ip https port ip https server ip igmp snooping (Global) ip name-server ip ssh port...
...-list for user input before automatically logging off. Limits syslog messages sent to a syslog server. Configures the active certificate for HTTP server users. Enables Internet Group Management Protocol (IGMP) snooping. Creates Layer 2 ACLs. Specifies the port to configure the device...browser to be configured from a secured browser. Command Modes 65 ip http authentication ip http exec-timeout ip http port ip http server ip https authentication ip https certificate ip https exec-timeout ip https port ip https server ip igmp snooping (Global) ip name-server ip ssh port...
Command Line Interface Guide
Page 73
... the system clock. Command Modes 73 Restarts the protocol migration process on the protocols specified interface. crypto certificate request Generates and displays certificate requests for HTTPS. Displays the current or pending MST region configuration. clear logging Clears messages from a Flash memory device. configure Enters the Global Configuration mode. Defines the configuration...
... the system clock. Command Modes 73 Restarts the protocol migration process on the protocols specified interface. crypto certificate request Generates and displays certificate requests for HTTPS. Displays the current or pending MST region configuration. clear logging Clears messages from a Flash memory device. configure Enters the Global Configuration mode. Defines the configuration...
Command Line Interface Guide
Page 75
... access lists applied on interfaces. show running-config Displays the contents of the currently running configuration file. show ip https Displays the HTTPS server configuration. show interfaces configuration Displays the configuration for all interfaces. show history Lists the commands entered in the.... show logging Displays the state of logging and the syslog messages stored in the internal buffer. show ip http Displays the HTTP server configuration. show interfaces status Displays the status for the device. show dot1x users Displays 802.1x users for...
... access lists applied on interfaces. show running-config Displays the contents of the currently running configuration file. show ip https Displays the HTTPS server configuration. show interfaces configuration Displays the configuration for all interfaces. show history Lists the commands entered in the.... show logging Displays the state of logging and the syslog messages stored in the internal buffer. show ip http Displays the HTTP server configuration. show interfaces status Displays the status for the device. show dot1x users Displays 802.1x users for...
Command Line Interface Guide
Page 85
...all TACACS+ servers for authentication. This has the same effect as the final method in the command line. Syntax • ip http authentication method1 [method2...] • no authentication. AAA Commands 85 Default Configuration The local user database is checked. Command Mode Global... an error, not if it fails. Console(config)# line console Console(config-line)# enable authentication default ip http authentication The ip http authentication Global Configuration mode command specifies authentication methods for this command to return to the default configuration. Use the...
...all TACACS+ servers for authentication. This has the same effect as the final method in the command line. Syntax • ip http authentication method1 [method2...] • no authentication. AAA Commands 85 Default Configuration The local user database is checked. Command Mode Global... an error, not if it fails. Console(config)# line console Console(config-line)# enable authentication default ip http authentication The ip http authentication Global Configuration mode command specifies authentication methods for this command to return to the default configuration. Use the...
Command Line Interface Guide
Page 86
...the authentication succeeds even if all methods return an error, specify none as the command ip https authentication local. Console(config)# ip https authentication radius local 86 AAA Commands Example The following table: Keyword local none radius tacacs Source ... database for authentication. Example The following example configures HTTPS authentication. Console(config)# ip http authentication radius local ip https authentication The ip https authentication Global Configuration mode command specifies authentication methods for HTTPS server users. This has the same effect as...
...the authentication succeeds even if all methods return an error, specify none as the command ip https authentication local. Console(config)# ip https authentication radius local 86 AAA Commands Example The following table: Keyword local none radius tacacs Source ... database for authentication. Example The following example configures HTTPS authentication. Console(config)# ip http authentication radius local ip https authentication The ip https authentication Global Configuration mode command specifies authentication methods for HTTPS server users. This has the same effect as...
Command Line Interface Guide
Page 88
... console Console(config-line)# password secret 88 AAA Commands Line Console Telnet SSH Login Method List Default Default Default Enable Method List Default Default Default http https dot1x console# : Local : Local : password The password Line Configuration mode command specifies a password on a console. Use the no password • password...
... console Console(config-line)# password secret 88 AAA Commands Line Console Telnet SSH Login Method List Default Default Default Enable Method List Default Default Default http https dot1x console# : Local : Local : password The password Line Configuration mode command specifies a password on a console. Use the no password • password...
Command Line Interface Guide
Page 247
A valid VLAN number. • port-channel port-channel-number - Possible values: telnet, ssh, http, https and snmp. Number of the source IP address. • mask prefix-length - Console(config)# management access-list mlist Console(config-macl)# permit Management ACL 247 ...
A valid VLAN number. • port-channel port-channel-number - Possible values: telnet, ssh, http, https and snmp. Number of the source IP address. • mask prefix-length - Console(config)# management access-list mlist Console(config-macl)# permit Management ACL 247 ...
Command Line Interface Guide
Page 248
... rules. Console(config)# management access-list mlist Console(config-macl)# deny 248 Management ACL A valid port-channel number. • ipv4-address - Possible values: telnet, ssh, http, https and snmp. A valid network mask of bits that comprise the source IP address prefix. Service type. Source IPv6 address and prefix length. Specifies the number...
... rules. Console(config)# management access-list mlist Console(config-macl)# deny 248 Management ACL A valid port-channel number. • ipv4-address - Possible values: telnet, ssh, http, https and snmp. A valid network mask of bits that comprise the source IP address prefix. Service type. Source IPv6 address and prefix length. Specifies the number...
Command Line Interface Guide
Page 429
User Guidelines There are no default configuration for this command. Console> show users Username ---------Bob John Robert Betty Protocol ----------Serial SSH HTTP Telnet Location 172.16.0.1 172.16.0.8 172.16.1.7 show sessions The show sessions Connection ---------1 2 Host Remote device 172.16.1.2 Address ---------172.16.1.1 172.16.1.2 Port ----...
User Guidelines There are no default configuration for this command. Console> show users Username ---------Bob John Robert Betty Protocol ----------Serial SSH HTTP Telnet Location 172.16.0.1 172.16.0.8 172.16.1.7 show sessions The show sessions Connection ---------1 2 Host Remote device 172.16.1.2 Address ---------172.16.1.1 172.16.1.2 Port ----...
Command Line Interface Guide
Page 450
... 19 2004 08:29:29 Jan 19 2004 08:42:31 Jan 19 2004 08:49:52 Username -------Robert Robert Bob Robert John Betty Protocol -------HTTP HTTP Serial HTTP SSH Telnet Location -------172.16.1.8 172.16.0.8 172.16.0.8 172.16.0.1 172.16.1.7 450 TIC Commands Example The following example displays the login history...
... 19 2004 08:29:29 Jan 19 2004 08:42:31 Jan 19 2004 08:49:52 Username -------Robert Robert Bob Robert John Betty Protocol -------HTTP HTTP Serial HTTP SSH Telnet Location -------172.16.1.8 172.16.0.8 172.16.0.8 172.16.0.1 172.16.1.7 450 TIC Commands Example The following example displays the login history...
Command Line Interface Guide
Page 501
... Mode Global Configuration mode. Console(config)# ip http server ip http port The ip http port Global Configuration mode command specifies the TCP port to the default configuration. Syntax • ip http port port-number • no ip http server Default Configuration HTTP server is enabled. Use the no form of... this command to disable this command to return to be used by the HTTP server. (Range: 1 - 65534) Web Server 501 Syntax • ip http server • no ip http port • port-number - Use the no form of this function. User Guidelines Only a...
... Mode Global Configuration mode. Console(config)# ip http server ip http port The ip http port Global Configuration mode command specifies the TCP port to the default configuration. Syntax • ip http port port-number • no ip http server Default Configuration HTTP server is enabled. Use the no form of... this command to disable this command to return to be used by the HTTP server. (Range: 1 - 65534) Web Server 501 Syntax • ip http server • no ip http port • port-number - Use the no form of this function. User Guidelines Only a...
Command Line Interface Guide
Page 502
... Configuration The default port number is 10 minutes. User Guidelines Specifying 0 as the port number effectively disables HTTP access to 100. Example The following example configures the http port number to the device. User Guidelines • This command also configures the exec-timeout for user ...to return to default. Additional time intervals in case the HTTPS timeout was not set. Use the no ip http exec-timeout Parameters • minutes - Console(config)# ip http port 100 ip http exec-timeout The ip http exec-timeout global configuration command sets the interval the system ...
... Configuration The default port number is 10 minutes. User Guidelines Specifying 0 as the port number effectively disables HTTP access to 100. Example The following example configures the http port number to the device. User Guidelines • This command also configures the exec-timeout for user ...to return to default. Additional time intervals in case the HTTPS timeout was not set. Use the no ip http exec-timeout Parameters • minutes - Console(config)# ip http port 100 ip http exec-timeout The ip http exec-timeout global configuration command sets the interval the system ...
Command Line Interface Guide
Page 503
... mode. Example The following example enables configuring the device from a secured browser. Syntax • ip https port port-number • no ip https server Default Configuration HTTPS server is disabled. Example The following example the interval the system waits for user input before automatically logging... off to be used by the HTTPS server. (Range: 1 - 65534) Web Server 503 console(config)# ip https server ip https port The ip https port Global Configuration mode command specifies the TCP port used by the server to...
... mode. Example The following example enables configuring the device from a secured browser. Syntax • ip https port port-number • no ip https server Default Configuration HTTPS server is disabled. Example The following example the interval the system waits for user input before automatically logging... off to be used by the HTTPS server. (Range: 1 - 65534) Web Server 503 console(config)# ip https server ip https port The ip https port Global Configuration mode command specifies the TCP port used by the server to...
Command Line Interface Guide
Page 504
...timeout that specifies the number of this command to return to default. Syntax • ip https exec-timeout minutes [seconds] • no timeout, enter the command ip https exec-timeout 0 0. 504 Web Server Command Mode Global Configuration mode. Additional time intervals in...before automatically logging off. Command Mode Global Configuration mode. Console(config)# ip https port 100 ip https exec-timeout The ip https exec-timeout Global Configuration command sets the interval the system waits for HTTPS in seconds. (Range: 0 - 59) Default Configuration The default configuration ...
...timeout that specifies the number of this command to return to default. Syntax • ip https exec-timeout minutes [seconds] • no timeout, enter the command ip https exec-timeout 0 0. 504 Web Server Command Mode Global Configuration mode. Additional time intervals in...before automatically logging off. Command Mode Global Configuration mode. Console(config)# ip https port 100 ip https exec-timeout The ip https exec-timeout Global Configuration command sets the interval the system waits for HTTPS in seconds. (Range: 0 - 59) Default Configuration The default configuration ...
Command Line Interface Guide
Page 505
... not specified, the default period of the device. (Range: 1 - 64) • or organization - Console (config)# ip https exec-timeout 3 30 crypto certificate generate The crypto certificate generate Global Configuration mode command generates a self-signed HTTPS certificate. If unspecified the certificate is 365 days. Specifies the location or city name. (Range: 1 - 64) •...
... not specified, the default period of the device. (Range: 1 - 64) • or organization - Console (config)# ip https exec-timeout 3 30 crypto certificate generate The crypto certificate generate Global Configuration mode command generates a self-signed HTTPS certificate. If unspecified the certificate is 365 days. Specifies the location or city name. (Range: 1 - 64) •...
Command Line Interface Guide
Page 506
...[cu country] • number - User Guidelines • The command is no default configuration for this command to generate a self-signed certificate for HTTPS. name - Specifies the organization name. (Range: 1 - 64) • loc location - Specifies the location or city name. (Range: 1... - 64) • st state - Command Mode Global Configuration mode. Example The following example regenerates an HTTPS certificate. Console(config)# crypto certificate 1 generate key-generate crypto certificate request The crypto certificate request Privileged EXEC mode command generates ...
...[cu country] • number - User Guidelines • The command is no default configuration for this command to generate a self-signed certificate for HTTPS. name - Specifies the organization name. (Range: 1 - 64) • loc location - Specifies the location or city name. (Range: 1... - 64) • st state - Command Mode Global Configuration mode. Example The following example regenerates an HTTPS certificate. Console(config)# crypto certificate 1 generate key-generate crypto certificate request The crypto certificate request Privileged EXEC mode command generates ...