Command Line Interface Guide
Page 9
...154 duplex 154 negotiation 155 flowcontrol 156 system flowcontrol 157 mdix 157 back-pressure 158 port jumbo-frame 159 clear counters 159 set interface active 160 show interfaces configuration 160 show interfaces status 162 show interfaces advertise 165 show interfaces description 167 show interfaces counters... 173 port storm-control broadcast rate 174 show ports storm-control 175 show system flowcontrol 176 11 DHCP Snooping 179 ip dhcp snooping 179 ip dhcp snooping vlan 179 ip dhcp snooping trust 180 ip dhcp snooping information option allowed-untrusted 180 Contents 9
...154 duplex 154 negotiation 155 flowcontrol 156 system flowcontrol 157 mdix 157 back-pressure 158 port jumbo-frame 159 clear counters 159 set interface active 160 show interfaces configuration 160 show interfaces status 162 show interfaces advertise 165 show interfaces description 167 show interfaces counters... 173 port storm-control broadcast rate 174 show ports storm-control 175 show system flowcontrol 176 11 DHCP Snooping 179 ip dhcp snooping 179 ip dhcp snooping vlan 179 ip dhcp snooping trust 180 ip dhcp snooping information option allowed-untrusted 180 Contents 9
Command Line Interface Guide
Page 20
show version 415 asset-tag 416 show system id 417 32 TACACS Commands 419 tacacs-server host 419 tacacs-server key 420 tacacs-server timeout 420 tacacs-server source-ip 421 show tacacs 422 33 TIC Commands 423 passwords min-length 423 password-aging 424 passwords aging 424 passwords history 425 passwords history hold-time 426 passwords lockout 426 aaa login-history file 427 set username active 428 set line active 428 set enable-password active 429 show passwords configuration 429 show users login-history 431 20 Contents
show version 415 asset-tag 416 show system id 417 32 TACACS Commands 419 tacacs-server host 419 tacacs-server key 420 tacacs-server timeout 420 tacacs-server source-ip 421 show tacacs 422 33 TIC Commands 423 passwords min-length 423 password-aging 424 passwords aging 424 passwords history 425 passwords history hold-time 426 passwords lockout 426 aaa login-history file 427 set username active 428 set line active 428 set enable-password active 429 show passwords configuration 429 show users login-history 431 20 Contents
Command Line Interface Guide
Page 28
... interface. Contains commands to the switch console port, or via a Telnet connection, ensure the device has an IP address defined, corresponding management access is used to manage the member ports as line speed, timeout settings, etc. Contains commands to entering commands on the console line only. 28 Using the CLI The Global...
... interface. Contains commands to the switch console port, or via a Telnet connection, ensure the device has an IP address defined, corresponding management access is used to manage the member ports as line speed, timeout settings, etc. Contains commands to entering commands on the console line only. 28 Using the CLI The Global...
Command Line Interface Guide
Page 42
... Naming System (DNS)-based host Global name-to complete unqualified host names. Global Configuration Deletes entries from the DHCP server. Interface Configuration Sets an IP address Interface Configuration Acquires an IP address on the device. Configuration Defines a default domain name, that the software uses to -address translation. Interface Configuration Defines a default gateway (router...
... Naming System (DNS)-based host Global name-to complete unqualified host names. Global Configuration Deletes entries from the DHCP server. Interface Configuration Sets an IP address Interface Configuration Acquires an IP address on the device. Configuration Defines a default domain name, that the software uses to -address translation. Interface Configuration Defines a default gateway (router...
Command Line Interface Guide
Page 49
... show rmon collection history show rmon history rmon alarm show rmon alarm-table show radius-servers Displays the RADIUS server settings. Displays RMON Ethernet Statistics history. radius-server retransmit Specifies the number of times the software searches the list Global ...of RADIUS server hosts. Displays the alarms summary table. Configuration radius-server source-ip Specifies the source IP address used for communication Global with RADIUS servers. RADIUS Commands Command Group Description Access Mode radius-server host Specifies...
... show rmon collection history show rmon history rmon alarm show rmon alarm-table show radius-servers Displays the RADIUS server settings. Displays RMON Ethernet Statistics history. radius-server retransmit Specifies the number of times the software searches the list Global ...of RADIUS server hosts. Displays the alarms summary table. Configuration radius-server source-ip Specifies the source IP address used for communication Global with RADIUS servers. RADIUS Commands Command Group Description Access Mode radius-server host Specifies...
Command Line Interface Guide
Page 55
...EXEC TACACS Commands Command Group tacacs-server host tacacs-server key tacacs-server source-ip show system id Lists the open Telnet sessions Displays system information. Specifies the source IP address that are Global required before a password in Global the local database. Configuration...Configures the number of password changes that will be Configuration reused. Command Groups 55 Specifies the device asset-tag. Global Configuration Sets the authentication encryption key used for passwords in the local database can be used for a TACACS+ servers. Privileged User EXEC ...
...EXEC TACACS Commands Command Group tacacs-server host tacacs-server key tacacs-server source-ip show system id Lists the open Telnet sessions Displays system information. Specifies the source IP address that are Global required before a password in Global the local database. Configuration...Configures the number of password changes that will be Configuration reused. Command Groups 55 Specifies the device asset-tag. Global Configuration Sets the authentication encryption key used for passwords in the local database can be used for a TACACS+ servers. Privileged User EXEC ...
Command Line Interface Guide
Page 56
...account after a series of DNS Query/Router Solicitation refresh messages that represents a specific automatic tunnel router domain name. Privileged EXEC set username active Reactivates a previously locked out user account. Global Configuration tunnel mode ipv6ip Configures an IPv6 transition mechanism global support mode.... tunnel isatap solicitationinterval Configures the interval between DNS Queries (before Global the IP address of the ISATAP router is known) for tracking passwords history. Privileged EXEC 56 Command Groups Interface Tunnel Configuration tunnel...
...account after a series of DNS Query/Router Solicitation refresh messages that represents a specific automatic tunnel router domain name. Privileged EXEC set username active Reactivates a previously locked out user account. Global Configuration tunnel mode ipv6ip Configures an IPv6 transition mechanism global support mode.... tunnel isatap solicitationinterval Configures the interval between DNS Queries (before Global the IP address of the ISATAP router is known) for tracking passwords history. Privileged EXEC 56 Command Groups Interface Tunnel Configuration tunnel...
Command Line Interface Guide
Page 58
protocols-group vlan Interface Configuration ip internal-usage-vlan Reserves a VLAN as a member of the specified VLAN, and Interface vlan the VLAN ID is the "port default VLAN ID (PVID)". ...group of an interface. ingress-filtering disable Interface Configuration switchport general acceptable-frame-type tagged-only Discards untagged frames at ingress. Configuration switchport general map Sets a protocol-based classification rule. Privileged User EXEC 58 Command Groups Interface Configuration switchport access vlan Configures the VLAN ID when the interface is in ...
protocols-group vlan Interface Configuration ip internal-usage-vlan Reserves a VLAN as a member of the specified VLAN, and Interface vlan the VLAN ID is the "port default VLAN ID (PVID)". ...group of an interface. ingress-filtering disable Interface Configuration switchport general acceptable-frame-type tagged-only Discards untagged frames at ingress. Configuration switchport general map Sets a protocol-based classification rule. Privileged User EXEC 58 Command Groups Interface Configuration switchport access vlan Configures the VLAN ID when the interface is in ...
Command Line Interface Guide
Page 59
...) Interface Configuration (Ethernet, portchannel) EXEC Web Server Commands Command Group ip http server ip http port ip https exec-timeout ip https server ip https port ip https exec-timeout crypto certificate generate Description Access Mode Enables the device to... be configured from a secured browser. Global Configuration Specifies the TCP port for use by a secure web browser to configure the device. voice vlan cos Sets...
...) Interface Configuration (Ethernet, portchannel) EXEC Web Server Commands Command Group ip http server ip http port ip https exec-timeout ip https server ip https port ip https exec-timeout crypto certificate generate Description Access Mode Enables the device to... be configured from a secured browser. Global Configuration Specifies the TCP port for use by a secure web browser to configure the device. voice vlan cos Sets...
Command Line Interface Guide
Page 60
... Certification Authority for user input before automatically loging off. Global Configuration ip https port Configures a TCP port for use by Certification Authority for HTTPS. Configuration ip http exec-timeout Sets the interval the system waits for Global HTTPS. Global Configuration crypto ... state of the port dot1x re-authentication Enables periodic re-authentication of the device mycertificate Privileged User EXEC show ip https Displays the HTTPS server configuration. Privileged User EXEC 802.1x Commands Command Description aaa authentication dot1x Specifies one...
... Certification Authority for user input before automatically loging off. Global Configuration ip https port Configures a TCP port for use by Certification Authority for HTTPS. Configuration ip http exec-timeout Sets the interval the system waits for Global HTTPS. Global Configuration crypto ... state of the port dot1x re-authentication Enables periodic re-authentication of the device mycertificate Privileged User EXEC show ip https Displays the HTTPS server configuration. Privileged User EXEC 802.1x Commands Command Description aaa authentication dot1x Specifies one...
Command Line Interface Guide
Page 64
...range vlan interface tunnel interface vlan ip default-gateway ip domain-lookup ip domain-name ip host ip http authentication ip http port ip https server ip https authentication ip https certificate ip https server ip https port ip igmp snooping (Global) ip name-server ip ssh port ip ssh pubkey-auth Enables 802.1x... normal and privilege levels. Enables public key authentication for use by a secure web browser to be configured from a browser. Sets a local password to control access to complete unqualified host names. Specifies the port to configure the device. Enters the Interface ...
...range vlan interface tunnel interface vlan ip default-gateway ip domain-lookup ip domain-name ip host ip http authentication ip http port ip https server ip https authentication ip https certificate ip https server ip https port ip igmp snooping (Global) ip name-server ip ssh port ip ssh pubkey-auth Enables 802.1x... normal and privilege levels. Enables public key authentication for use by a secure web browser to be configured from a browser. Sets a local password to control access to complete unqualified host names. Specifies the port to configure the device. Enters the Interface ...
Command Line Interface Guide
Page 65
...from an internal buffer based on severity. Enables jumbo frames for all RADIUS communications between the router and the RADIUS daemon. Sets the authentication and encryption key for the device. Configures the rate limit interval and bucket size parameters for configuration and enters... telnet or console. Modifies the DSCP to count Multicast packets. Defines an IPv6 default gateway. Configures the system LACP priority. ip ssh server ipv6 default-gateway ipv6 host ipv6 icmp error-interval ipv6 neighbor lacp system-priority line logging logging buffered logging buffered...
...from an internal buffer based on severity. Enables jumbo frames for all RADIUS communications between the router and the RADIUS daemon. Sets the authentication and encryption key for the device. Configures the rate limit interval and bucket size parameters for configuration and enters... telnet or console. Modifies the DSCP to count Multicast packets. Defines an IPv6 default gateway. Configures the system LACP priority. ip ssh server ipv6 default-gateway ipv6 host ipv6 icmp error-interval ipv6 neighbor lacp system-priority line logging logging buffered logging buffered...
Command Line Interface Guide
Page 66
... between the device and the TACACS+ daemon. 66 Command Modes radius-server source-ip Specifies the source IP address used for communication with RADIUS servers. snmp-server contact Sets up the community access string to permit access to reply. sntp authentication-key Defines... table-size Configures the maximum RMON tables sizes. spanning-tree priority Configures the spanning tree priority. spanning-tree pathcost method Sets the default pathcost method. spanning-tree bpdu Defines BPDU handling when spanning tree is located. snmp-server enable traps Enables ...
... between the device and the TACACS+ daemon. 66 Command Modes radius-server source-ip Specifies the source IP address used for communication with RADIUS servers. snmp-server contact Sets up the community access string to permit access to reply. sntp authentication-key Defines... table-size Configures the maximum RMON tables sizes. spanning-tree priority Configures the spanning tree priority. spanning-tree pathcost method Sets the default pathcost method. spanning-tree bpdu Defines BPDU handling when spanning tree is located. snmp-server enable traps Enables ...
Command Line Interface Guide
Page 67
...tacacs-server host tunnel isatap query-interval tunnel isatap robustness tunnel isatap solicitationinterval username vlan database wrr-queue cos-map Specifies the source IP address that will be used for the automatic tunnel router domain name. Configures the interval between ISATAP router solicitations messages (when there ... periodic re-authentication of times that the switch sends an EAP request/identity frame to that the device sends. Sets the timeout value. Establishes a username-based authentication system. Associates a port with TACACS servers. Specifies a TACACS+ host...
...tacacs-server host tunnel isatap query-interval tunnel isatap robustness tunnel isatap solicitationinterval username vlan database wrr-queue cos-map Specifies the source IP address that will be used for the automatic tunnel router domain name. Configures the interval between ISATAP router solicitations messages (when there ... periodic re-authentication of times that the switch sends an EAP request/identity frame to that the device sends. Sets the timeout value. Establishes a username-based authentication system. Associates a port with TACACS servers. Specifies a TACACS+ host...
Command Line Interface Guide
Page 68
...supp-timeout dot1x timeout tx-period duplex flowcontrol garp timer gvrp enable (interface) gvrp registration-forbid gvrp vlan-creation-forbid ip address ip address dhcp ip internal-usage-vlan ipv6 address ipv6 address autoconfig ipv6 address link-local ipv6 mld join-group ipv6 mld version ipv6 ...station whose MAC address is performed on the unicast IPv6 addresses of the interface. Configures the Flow Control on an interface. Sets an IP address Acquires an IP address on an interface from the client, before resending the request. Reserves a VLAN as the internal usage VLAN of seconds ...
...supp-timeout dot1x timeout tx-period duplex flowcontrol garp timer gvrp enable (interface) gvrp registration-forbid gvrp vlan-creation-forbid ip address ip address dhcp ip internal-usage-vlan ipv6 address ipv6 address autoconfig ipv6 address link-local ipv6 mld join-group ipv6 mld version ipv6 ...station whose MAC address is performed on the unicast IPv6 addresses of the interface. Configures the Flow Control on an interface. Sets an IP address Acquires an IP address on an interface from the client, before resending the request. Reserves a VLAN as the internal usage VLAN of seconds ...
Command Line Interface Guide
Page 72
...database. show startup-config Displays the startup configuration file contents. show ipv6 icmp error-interval Displays the IPv6 ICMP error interval setting show lacp port-channel Displays LACP information for a TACACS+ servers. show ipv6 interface Displays the usability status of logging and...public key is manually configured and enters the SSH public key-string configuration command 72 Command Modes show ip ssh Displays the SSH server configuration. show fiber-ports opticaltransceiver Displays the optical transceiver diagnostics. show syslog-servers Displays the ...
...database. show startup-config Displays the startup configuration file contents. show ipv6 icmp error-interval Displays the IPv6 ICMP error interval setting show lacp port-channel Displays LACP information for a TACACS+ servers. show ipv6 interface Displays the usability status of logging and...public key is manually configured and enters the SSH public key-string configuration command 72 Command Modes show ip ssh Displays the SSH server configuration. show fiber-ports opticaltransceiver Displays the optical transceiver diagnostics. show syslog-servers Displays the ...
Command Line Interface Guide
Page 77
..., isis. (Range: 0 - 255) • dscp number - If a flag is not set , it is prefixed by placing 1s in bit positions to be ignored. • destination - Specifies the source IP address of -flags] [srcport-wildcard source-port-wildcard] [dst-port-wildcard source-port-wildcard] ... 77 • permit-tcp {any|{ source source-wildcard}} {any|source-port} {any|{ destination destinationwildcard}} {any|destination-port} [dscp number | ip-precedence number] [flags list-of the packet. • source-wildcard - Specifies the name or the number of the following values: host-query, ...
..., isis. (Range: 0 - 255) • dscp number - If a flag is not set , it is prefixed by placing 1s in bit positions to be ignored. • destination - Specifies the source IP address of -flags] [srcport-wildcard source-port-wildcard] [dst-port-wildcard source-port-wildcard] ... 77 • permit-tcp {any|{ source source-wildcard}} {any|source-port} {any|{ destination destinationwildcard}} {any|destination-port} [dscp number | ip-precedence number] [flags list-of the packet. • source-wildcard - Specifies the name or the number of the following values: host-query, ...
Command Line Interface Guide
Page 79
...igmp, ip, tcp, egp, igp, udp, hmp, rdp, idpr, idrp, rsvp, gre, esp, ah, eigrp, ospf, ipip, pim, l2tp, isis. (Range: 0 - 255). • dscp number - Specifies the UDP/TCP destination port. (Range: 0 - 65535) • destination-port-wildcard - Specifies the list of the packet. • destination- If a flag is not set it... host-query, host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leavev2, host-report-v3. (Range: 0 - 255) • destination-port - Specifies the Source IP address of an IP protocol. If a flag should be set , it is matched. • source - wildcard -
...igmp, ip, tcp, egp, igp, udp, hmp, rdp, idpr, idrp, rsvp, gre, esp, ah, eigrp, ospf, ipip, pim, l2tp, isis. (Range: 0 - 255). • dscp number - Specifies the UDP/TCP destination port. (Range: 0 - 65535) • destination-port-wildcard - Specifies the list of the packet. • destination- If a flag is not set it... host-query, host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leavev2, host-report-v3. (Range: 0 - 255) • destination-port - Specifies the Source IP address of an IP protocol. If a flag should be set , it is matched. • source - wildcard -
Command Line Interface Guide
Page 80
...to the destination MAC address by placing 1s in hexadecimal format. (Range: 0 - 05dd-ffff) • inner-vlan vlad-id - Console(config)# ip access-list ip-acl1 Console(config-ip-al)# deny rsvp 192.1.1.1 0.0.0.255 any | {destination destination-wildcard}} [vlan vlan-id] [cos cos cos-wildcard] [ethtype eth-type] [inner-...the CoS. • eth-type - User Guidelines • Use the ip access-list Global Configuration mode command to enable the IP-Access List Configuration mode. • Before an Access Control Element (ACE) is added to set 00:00:00:00:10:XX use the Mac address 00:00:00:00...
...to the destination MAC address by placing 1s in hexadecimal format. (Range: 0 - 05dd-ffff) • inner-vlan vlad-id - Console(config)# ip access-list ip-acl1 Console(config-ip-al)# deny rsvp 192.1.1.1 0.0.0.255 any | {destination destination-wildcard}} [vlan vlan-id] [cos cos cos-wildcard] [ethtype eth-type] [inner-...the CoS. • eth-type - User Guidelines • Use the ip access-list Global Configuration mode command to enable the IP-Access List Configuration mode. • Before an Access Control Element (ACE) is added to set 00:00:00:00:10:XX use the Mac address 00:00:00:00...
User's Guide
Page 176
RADIUS Settings • IP Address - Specifies the server priority. The list of Authentication Server IP addresses. • Priority (1-65535) - Figure 6-67. The possible values are queried. • Authentication Port - Configuring RADIUS Global Parameters Remote Authorization Dial-In User Service (RADIUS) ...
RADIUS Settings • IP Address - Specifies the server priority. The list of Authentication Server IP addresses. • Priority (1-65535) - Figure 6-67. The possible values are queried. • Authentication Port - Configuring RADIUS Global Parameters Remote Authorization Dial-In User Service (RADIUS) ...