Command Line Interface Guide
Page 5
Web Server Commands 59 802.1x Commands 60 802.1x Advanced Commands 62 3 Command Modes 63 GC (Global Configuration) Mode 63 IC (Interface Configuration) Mode 67 LC (Line Configuration) Mode 70 MA (Management Access-level) Mode 70 PE (Privileged User EXEC) Mode 70 SP (SSH Public Key) Mode 72 UE (User EXEC) Mode 73 VC (VLAN Configuration) Mode 74 4 ACL Commands 75 ip access-list 75 mac access-list 75 permit (ip 76 deny (IP 78 permit (MAC 80 deny (MAC 81 service-acl 82 show access-lists 83 show interfaces access-lists 84 Contents 5
Web Server Commands 59 802.1x Commands 60 802.1x Advanced Commands 62 3 Command Modes 63 GC (Global Configuration) Mode 63 IC (Interface Configuration) Mode 67 LC (Line Configuration) Mode 70 MA (Management Access-level) Mode 70 PE (Privileged User EXEC) Mode 70 SP (SSH Public Key) Mode 72 UE (User EXEC) Mode 73 VC (VLAN Configuration) Mode 74 4 ACL Commands 75 ip access-list 75 mac access-list 75 permit (ip 76 deny (IP 78 permit (MAC 80 deny (MAC 81 service-acl 82 show access-lists 83 show interfaces access-lists 84 Contents 5
Command Line Interface Guide
Page 9
... storm-control broadcast rate 174 show ports storm-control 175 show system flowcontrol 176 11 DHCP Snooping 179 ip dhcp snooping 179 ip dhcp snooping vlan 179 ip dhcp snooping trust 180 ip dhcp snooping information option allowed-untrusted 180 Contents 9
... storm-control broadcast rate 174 show ports storm-control 175 show system flowcontrol 176 11 DHCP Snooping 179 ip dhcp snooping 179 ip dhcp snooping vlan 179 ip dhcp snooping trust 180 ip dhcp snooping information option allowed-untrusted 180 Contents 9
Command Line Interface Guide
Page 10
... dhcp snooping 184 show ip dhcp snooping binding 185 12 GVRP Commands 187 gvrp enable (global 187 gvrp enable (interface 187 garp timer 188 gvrp vlan-creation-forbid 189 gvrp registration-forbid 190 clear gvrp statistics 191 show gvrp configuration 191 show gvrp statistics 192 13 IGMP Snooping Commands 195 ip...
... dhcp snooping 184 show ip dhcp snooping binding 185 12 GVRP Commands 187 gvrp enable (global 187 gvrp enable (interface 187 garp timer 188 gvrp vlan-creation-forbid 189 gvrp registration-forbid 190 clear gvrp statistics 191 show gvrp configuration 191 show gvrp statistics 192 13 IGMP Snooping Commands 195 ip...
Command Line Interface Guide
Page 22
... general acceptable-frame-type tagged-only 458 switchport forbidden vlan 459 switchport mode 460 switchport customer vlan 460 map protocol protocols-group 461 switchport general map protocols-group vlan 462 switchport protected 463 ip internal-usage-vlan 463 show vlan 464 show vlan internal usage 465 show vlan protocols-groups 466 show interfaces switchport 467 22 Contents
... general acceptable-frame-type tagged-only 458 switchport forbidden vlan 459 switchport mode 460 switchport customer vlan 460 map protocol protocols-group 461 switchport general map protocols-group vlan 462 switchport protected 463 ip internal-usage-vlan 463 show vlan 464 show vlan internal usage 465 show vlan protocols-groups 466 show interfaces switchport 467 22 Contents
Command Line Interface Guide
Page 24
... users 502 show dot1x statistics 503 ADVANCED FEATURES 505 dot1x auth-not-req 505 dot1x multiple-hosts 506 dot1x single-host-violation 506 dot1x guest-vlan 507 dot1x guest-vlan enable 508 dot1x mac-authentication 509 dot1x traps mac-authentication failure 509 dot1x radius-attributes...
... users 502 show dot1x statistics 503 ADVANCED FEATURES 505 dot1x auth-not-req 505 dot1x multiple-hosts 506 dot1x single-host-violation 506 dot1x guest-vlan 507 dot1x guest-vlan enable 508 dot1x mac-authentication 509 dot1x traps mac-authentication failure 509 dot1x radius-attributes...
Command Line Interface Guide
Page 28
...enter the Interface Configuration mode. • QoS - Starting the CLI The switch can be managed over a direct connection to create a VLAN as the commands in the Ethernet interface mode, and are used to configure the management connections. Contains commands to the switch console port...Configuration mode. • Interface - The Global Configuration mode command interface ethernet is used to enter the Interface Configuration mode to a VLAN or port-channel. Contains commands to configure port-channels, for use on a UNIX system. Contains commands to enter the Line Configuration ...
...enter the Interface Configuration mode. • QoS - Starting the CLI The switch can be managed over a direct connection to create a VLAN as the commands in the Ethernet interface mode, and are used to configure the management connections. Contains commands to the switch console port...Configuration mode. • Interface - The Global Configuration mode command interface ethernet is used to enter the Interface Configuration mode to a VLAN or port-channel. Contains commands to configure port-channels, for use on a UNIX system. Contains commands to enter the Line Configuration ...
Command Line Interface Guide
Page 34
... Tree Commands SSH Commands Syslog Commands System Management Commands TACACS Commands TIC Commands Tunnel Commands User Interface Commands VLAN Commands Voice VLAN Commands Web Server Commands 802.1x Commands 34 Command Groups Configures all port configuration options for entering CLI ... Displays RMON statistics. Describes user commands used for example ports, storm control, port speed and auto-negotiation. Configures VLANs and displays VLAN information. Configures and manages IP addresses on specific target ports. Manages and displays syslog messages. Configures Web based access ...
... Tree Commands SSH Commands Syslog Commands System Management Commands TACACS Commands TIC Commands Tunnel Commands User Interface Commands VLAN Commands Voice VLAN Commands Web Server Commands 802.1x Commands 34 Command Groups Configures all port configuration options for entering CLI ... Displays RMON statistics. Describes user commands used for example ports, storm control, port speed and auto-negotiation. Configures VLANs and displays VLAN information. Configures and manages IP addresses on specific target ports. Manages and displays syslog messages. Configures Web based access ...
Command Line Interface Guide
Page 36
... Commands Command Group Description Access Mode bridge address Adds a static MAC-layer station source address to specific VLAN address ports. Configuration bridge multicast filtering Enables filtering of unregistered multicast Interface addresses. Establishes a username-based authentication... system. Global Configuration bridge multicast address Registers MAC-layer Multicast addresses to the bridge VLAN table, and adds static ports to a routed port. Configuration bridge multicast forward-all Enables forwarding of all...
... Commands Command Group Description Access Mode bridge address Adds a static MAC-layer station source address to specific VLAN address ports. Configuration bridge multicast filtering Enables filtering of unregistered multicast Interface addresses. Establishes a username-based authentication... system. Global Configuration bridge multicast address Registers MAC-layer Multicast addresses to the bridge VLAN table, and adds static ports to a routed port. Configuration bridge multicast forward-all Enables forwarding of all...
Command Line Interface Guide
Page 37
...). Privileged User EXEC Displays the port-lock status. Configuration sntp trusted-key Authenticates the identity of addresses present in all or at a Privileged User specific VLAN. EXEC Displays statically created entries in locked ports. Privileged User EXEC Clock Commands Command Group Description Access Mode clock set Manually sets the system clock...
...). Privileged User EXEC Displays the port-lock status. Configuration sntp trusted-key Authenticates the identity of addresses present in all or at a Privileged User specific VLAN. EXEC Displays statically created entries in locked ports. Privileged User EXEC Clock Commands Command Group Description Access Mode clock set Manually sets the system clock...
Command Line Interface Guide
Page 39
...mode to configure Global an Ethernet type interface. Global Configuration ip dhcp snooping verify Configures the switch to verify that on a VLAN. EXEC Ethernet Configuration Commands Command Group interface ethernet interface range ethernet shutdown Description Access Mode Enters the Interface Configuration mode to ... Mode ip dhcp snooping Globally enables Dynamic Host Configuration Protocol (DHCP) snooping Global Configuration ip dhcp snooping vlan Enables DHCP snooping on an untrusted port the source MAC address in a DHCP packet matches the client hardware address.
...mode to configure Global an Ethernet type interface. Global Configuration ip dhcp snooping verify Configures the switch to verify that on a VLAN. EXEC Ethernet Configuration Commands Command Group interface ethernet interface range ethernet shutdown Description Access Mode Enters the Interface Configuration mode to ... Mode ip dhcp snooping Globally enables Dynamic Host Configuration Protocol (DHCP) snooping Global Configuration ip dhcp snooping vlan Enables DHCP snooping on an untrusted port the source MAC address in a DHCP packet matches the client hardware address.
Command Line Interface Guide
Page 41
...EXEC Command Groups 41 Enables GVRP on dynamically learned Multicast User EXEC router interfaces. Displays GVRP statistics. Displays GVRP configuration information. VLAN Configuration ip igmp snooping leave-time-out Configures the leave-time-out. Adjusts the GARP application join, leave, and leaveall GARP... the host-time-out. GVRP Commands Command Group gvrp enable (global) gvrp enable (interface) garp timer gvrp vlan-creation-forbid gvrp registration-forbid clear gvrp statistics show gvrp configuration show ip igmp snooping groups Displays Multicast groups learned by IGMP...
...EXEC Command Groups 41 Enables GVRP on dynamically learned Multicast User EXEC router interfaces. Displays GVRP statistics. Displays GVRP configuration information. VLAN Configuration ip igmp snooping leave-time-out Configures the leave-time-out. Adjusts the GARP application join, leave, and leaveall GARP... the host-time-out. GVRP Commands Command Group gvrp enable (global) gvrp enable (interface) garp timer gvrp vlan-creation-forbid gvrp registration-forbid clear gvrp statistics show gvrp configuration show ip igmp snooping groups Displays Multicast groups learned by IGMP...
Command Line Interface Guide
Page 52
... the current or pending MST region configuration. Global Configuration Defines BPDU handling when spanning-tree is disabled Global on Interface that interface. Global Configuration Maps VLANS to Global MSTP instances. MST Configuration mode Exits the MST Configuration mode and applies all interfaces or on the specified interface. Configuration enables root guard...
... the current or pending MST region configuration. Global Configuration Defines BPDU handling when spanning-tree is disabled Global on Interface that interface. Global Configuration Maps VLANS to Global MSTP instances. MST Configuration mode Exits the MST Configuration mode and applies all interfaces or on the specified interface. Configuration enables root guard...
Command Line Interface Guide
Page 57
... All CLI mode hierarchy. All Executes a Global Configuration mode or any configuration mode to the All previous command mode. Creates a VLAN. All Returns to debug. Displays a brief description of all the output from the show privilege do Description Access Mode Enters the ...history size debug-mode show history show command Privileged without 'prompting'. All Displays the current privilege level. Enters the Interface Configuration (VLAN) mode. All Ends the current configuration session and returns to the next highest mode in the current session. All Enables the...
... All CLI mode hierarchy. All Executes a Global Configuration mode or any configuration mode to the All previous command mode. Creates a VLAN. All Returns to debug. Displays a brief description of all the output from the show privilege do Description Access Mode Enters the ...history size debug-mode show history show command Privileged without 'prompting'. All Displays the current privilege level. Enters the Interface Configuration (VLAN) mode. All Ends the current configuration session and returns to the next highest mode in the current session. All Enables the...
Command Line Interface Guide
Page 58
... disable Interface Configuration switchport general acceptable-frame-type tagged-only Discards untagged frames at ingress. Interface Configuration switchport forbidden vlan Forbids adding specific VLANs to a named group of VLANs being used for protocol-based VLAN assignment. Privileged User EXEC 58 Command Groups Privileged User EXEC show interfaces switchport Displays switchport configuration. Interface Configuration map...
... disable Interface Configuration switchport general acceptable-frame-type tagged-only Discards untagged frames at ingress. Interface Configuration switchport forbidden vlan Forbids adding specific VLANs to a named group of VLANs being used for protocol-based VLAN assignment. Privileged User EXEC 58 Command Groups Privileged User EXEC show interfaces switchport Displays switchport configuration. Interface Configuration map...
Command Line Interface Guide
Page 59
...to be configured from a secured browser. Global Configuration Enables the device to configure the device. voice vlan aging-timeout Sets the Voice VLAN aging timeout. Access Mode Global Configuration Global Configuration Global Configuration Global Configuration Interface Configuration (Ethernet, portchannel) ... device to Global configure the device. voice vlan cos Sets the Voice VLAN Class Of Service. voice vlan enable Enables automatic Voice VLAN configuration for the Voice VLAN. show voice vlan Displays the Voice VLAN status. Configuration Sets the interval the system ...
...to be configured from a secured browser. Global Configuration Enables the device to configure the device. voice vlan aging-timeout Sets the Voice VLAN aging timeout. Access Mode Global Configuration Global Configuration Global Configuration Global Configuration Interface Configuration (Ethernet, portchannel) ... device to Global configure the device. voice vlan cos Sets the Voice VLAN Class Of Service. voice vlan enable Enables automatic Voice VLAN configuration for the Voice VLAN. show voice vlan Displays the Voice VLAN status. Configuration Sets the interval the system ...
Command Line Interface Guide
Page 62
...in Global authentication of this command Interface Config- Guest VLAN. uration (Ethernet) dot1x macauthentication Enables authentication based on the interface access to that VLAN. dot1x radius-attributes Enables user-based VLAN assignment. vlan Interface Configuration show dot1x advanced Displays 802.1X advanced ...-hostviolation Configures the action to default. the MAC address is not the supplicant MAC address uration attempts to auto. VLAN Configuration dot1x multiple-hosts Allows multiple hosts (clients) on an 802.1X-authorized port with the dot1x port-control ...
...in Global authentication of this command Interface Config- Guest VLAN. uration (Ethernet) dot1x macauthentication Enables authentication based on the interface access to that VLAN. dot1x radius-attributes Enables user-based VLAN assignment. vlan Interface Configuration show dot1x advanced Displays 802.1X advanced ...-hostviolation Configures the action to default. the MAC address is not the supplicant MAC address uration attempts to auto. VLAN Configuration dot1x multiple-hosts Allows multiple hosts (clients) on an 802.1X-authorized port with the dot1x port-control ...
Command Line Interface Guide
Page 64
... end gvrp enable (global) hostname interface ethernet show interfaces port-channel interface ethernet interface range port-channel interface range vlan interface tunnel interface vlan ip default-gateway ip domain-lookup ip domain-name ip host ip http authentication ip http port ip https server ...auth Enables 802.1x globally. Enables GVRP globally. Specifies the port to -address mapping in the host cache. Enters the Interface Configuration (VLAN) mode. Defines static host name-to be configured from a browser. Enables the IP Domain Naming System (DNS)-based host name-toaddress ...
... end gvrp enable (global) hostname interface ethernet show interfaces port-channel interface ethernet interface range port-channel interface range vlan interface tunnel interface vlan ip default-gateway ip domain-lookup ip domain-name ip host ip http authentication ip http port ip https server ...auth Enables 802.1x globally. Enables GVRP globally. Specifies the port to -address mapping in the host cache. Enters the Interface Configuration (VLAN) mode. Defines static host name-to be configured from a browser. Enables the IP Domain Naming System (DNS)-based host name-toaddress ...
Command Line Interface Guide
Page 67
... is known) for the communication with a Port-channel. Sets the maximum number of DNS Query/Router Solicitation refresh messages that VLAN Defines a Guest VLAN. Maps assigned CoS values to select one of the 802.1X MAC authentication access control. Adds a description to an interface....) Mode Command back-pressure channel-group clear host dhcp description dot1x auth-not-req dot1x guest-vlan dot1x guest-vlan enable dot1x mac-authentication dot1x radius-attributes vlan dot1x traps mac-authentication failure dot1x max-req dot1x port-control dot1x re-authentication Description Enables Back...
... is known) for the communication with a Port-channel. Sets the maximum number of DNS Query/Router Solicitation refresh messages that VLAN Defines a Guest VLAN. Maps assigned CoS values to select one of the 802.1X MAC authentication access control. Adds a description to an interface....) Mode Command back-pressure channel-group clear host dhcp description dot1x auth-not-req dot1x guest-vlan dot1x guest-vlan enable dot1x mac-authentication dot1x radius-attributes vlan dot1x traps mac-authentication failure dot1x max-req dot1x port-control dot1x re-authentication Description Enables Back...
Command Line Interface Guide
Page 68
... operation of seconds that the switch waits for the retransmission of seconds between re-authentication attempts. De-registers all VLANs, and prevents dynamic VLAN registration on an interface from the client, before resending the request. Sets an IP address Acquires an IP address... on the port. Enables automatic configuration of the interface. Configures the priority value for a specified group. Reserves a VLAN as the internal usage VLAN of seconds that the switch remains in the quiet state following a failed authentication exchange. Adjusts the GARP application join, ...
... operation of seconds that the switch waits for the retransmission of seconds between re-authentication attempts. De-registers all VLANs, and prevents dynamic VLAN registration on an interface from the client, before resending the request. Sets an IP address Acquires an IP address... on the port. Enables automatic configuration of the interface. Configures the priority value for a specified group. Reserves a VLAN as the internal usage VLAN of seconds that the switch remains in the quiet state following a failed authentication exchange. Adjusts the GARP application join, ...
Command Line Interface Guide
Page 69
... mode. tunnel isatap router Configures a global string that represents a specific automatic tunnel router domain name. wrr-queue bandwidth Assigns Weighted Round Robin (WRR) weights to a VLAN. qos cos Configures the default port CoS value. speed Configures the speed of a given interface. spanning-tree disable Disables spanning tree on a given interface. spanning...
... mode. tunnel isatap router Configures a global string that represents a specific automatic tunnel router domain name. wrr-queue bandwidth Assigns Weighted Round Robin (WRR) weights to a VLAN. qos cos Configures the default port CoS value. speed Configures the speed of a given interface. spanning-tree disable Disables spanning tree on a given interface. spanning...