Command Line Interface Guide
Page 53
Global Configuration Generates DSA key pairs. Global Configuration Enables public key authentication for incoming SSH sessions. SSH Public Key Displays the SSH server configuration. Limits messages logged to the console based on the device. Global Configuration Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command. Privileged User EXEC Displays...
Global Configuration Generates DSA key pairs. Global Configuration Enables public key authentication for incoming SSH sessions. SSH Public Key Displays the SSH server configuration. Limits messages logged to the console based on the device. Global Configuration Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command. Privileged User EXEC Displays...
Command Line Interface Guide
Page 63
... a permanent entry in the ARP cache Specifies the device asset-tag. Enables filtering of Multicast addresses. Enters SSH Public Key-chain configuration mode. Command Modes 63 Sets the address table aging time. Enables a message to be displayed before the username and password login prompts. ... the system to automatically switch to summer time (daylight saving time). Generates DSA key pairs. Generates a HTTPS certificate. Specifies and enables a message to be displayed when an EXEC process is created. Sets the time zone for the system clock. Configures how long...
... a permanent entry in the ARP cache Specifies the device asset-tag. Enables filtering of Multicast addresses. Enters SSH Public Key-chain configuration mode. Command Modes 63 Sets the address table aging time. Enables a message to be displayed before the username and password login prompts. ... the system to automatically switch to summer time (daylight saving time). Generates DSA key pairs. Generates a HTTPS certificate. Specifies and enables a message to be displayed when an EXEC process is created. Sets the time zone for the system clock. Configures how long...
Command Line Interface Guide
Page 64
... authentication ip https certificate ip https server ip https port ip igmp snooping (Global) ip name-server ip ssh port ip ssh pubkey-auth Enables 802.1x globally. Specifies or modifies the device host name. Enters the Interface Configuration mode to configure multiple ... name-to complete unqualified host names. Specifies authentication methods for use by the SSH server. Specifies authentication methods for https Configures the active certificate for incoming SSH sessions. 64 Command Modes Enables Internet Group Management Protocol (IGMP) snooping Sets the available name servers...
... authentication ip https certificate ip https server ip https port ip igmp snooping (Global) ip name-server ip ssh port ip ssh pubkey-auth Enables 802.1x globally. Specifies or modifies the device host name. Enters the Interface Configuration mode to configure multiple ... name-to complete unqualified host names. Specifies authentication methods for use by the SSH server. Specifies authentication methods for https Configures the active certificate for incoming SSH sessions. 64 Command Modes Enables Internet Group Management Protocol (IGMP) snooping Sets the available name servers...
Command Line Interface Guide
Page 65
.... Specifies the login authentication method list for all RADIUS communications between the router and the RADIUS daemon. Enables the device to a syslog server. Enables quality of syslog messages stored in the host name cache. ip ssh server ipv6 default-gateway ipv6 host ipv6 icmp error-interval ipv6 neighbor lacp system-priority line logging...
.... Specifies the login authentication method list for all RADIUS communications between the router and the RADIUS daemon. Enables the device to a syslog server. Enables quality of syslog messages stored in the host name cache. ip ssh server ipv6 default-gateway ipv6 host ipv6 icmp error-interval ipv6 neighbor lacp system-priority line logging...
Command Line Interface Guide
Page 71
... specified interface. dot1x re-authenticate Manually initiates a re-authentication of addresses present in all 802.1X-enabled ports or the specified 802.1X-enabled port. show dot1x advanced Displays 802.1X enhanced features for the switch or for HTTPS. show bridge... Displays the banners configuration. show dot1x Displays allowed multiple hosts on specified ports. set Manually sets the system clock. ssh show crypto certificate mycertificate Displays the SSL certificates of IPv6 packets sent on the specified protocols interface. clear logging file ...
... specified interface. dot1x re-authenticate Manually initiates a re-authentication of addresses present in all 802.1X-enabled ports or the specified 802.1X-enabled port. show dot1x advanced Displays 802.1X enhanced features for the switch or for HTTPS. show bridge... Displays the banners configuration. show dot1x Displays allowed multiple hosts on specified ports. set Manually sets the system clock. ssh show crypto certificate mycertificate Displays the SSL certificates of IPv6 packets sent on the specified protocols interface. clear logging file ...
Command Line Interface Guide
Page 87
...TACACS server include the username "$enab15$". Console (config)# aaa authentication enable default enable login authentication The login authentication Line Configuration mode command specifies the login authentication method list for a remote telnet, SSH or console. If no login authentication • default - Example ...the process still succeeds. To ensure that the authentication algorithm tries, in the command line. • All aaa authentication enable default requests sent by the authentication login command. Use the no form of authentication are used if it fails. Uses...
...TACACS server include the username "$enab15$". Console (config)# aaa authentication enable default enable login authentication The login authentication Line Configuration mode command specifies the login authentication method list for a remote telnet, SSH or console. If no login authentication • default - Example ...the process still succeeds. To ensure that the authentication algorithm tries, in the command line. • All aaa authentication enable default requests sent by the authentication login command. Use the no form of authentication are used if it fails. Uses...
Command Line Interface Guide
Page 88
... The following example specifies the default authentication method when accessing a higher privilege level from a remote telnet, SSH or console. Syntax • enable authentication {default | list-name} • no user guidelines for a console. Uses the indicated list created with...value may disconnect the telnet session. Default Configuration Uses the default set with the authentication enable command. Console (config)# line console Console (config-line)# enable authentication default 88 AAA Commands User Guidelines • Changing login authentication from default to...
... The following example specifies the default authentication method when accessing a higher privilege level from a remote telnet, SSH or console. Syntax • enable authentication {default | list-name} • no user guidelines for a console. Uses the indicated list created with...value may disconnect the telnet session. Default Configuration Uses the default set with the authentication enable command. Console (config)# line console Console (config-line)# enable authentication default 88 AAA Commands User Guidelines • Changing login authentication from default to...
Command Line Interface Guide
Page 91
User Guidelines • There are no user guidelines for this command. Console# show authentication methods Login Authentication Method Lists Console_Default: None Network_Default: Local Enable Authentication Method Lists Console_Default: Enable None Network_Default: Enable Line Console Telnet SSH Login Method List Default Default Default Enable Method List Default Default Default http https dot1x : Tacacs Local : Tacacs Local : AAA Commands 91 Example The following example displays the authentication configuration. Command Mode Privileged EXEC mode.
User Guidelines • There are no user guidelines for this command. Console# show authentication methods Login Authentication Method Lists Console_Default: None Network_Default: Local Enable Authentication Method Lists Console_Default: Enable None Network_Default: Enable Line Console Telnet SSH Login Method List Default Default Default Enable Method List Default Default Default http https dot1x : Tacacs Local : Tacacs Local : AAA Commands 91 Example The following example displays the authentication configuration. Command Mode Privileged EXEC mode.
Command Line Interface Guide
Page 122
Device> show motd Console: Enabled Telnet: Enabled SSH: Enabled MOTD Message $(bold)Upgrade$(bold) to all devices begins at March 12 122 Login Banner User Guidelines • There are no user guidelines for this command. Example The following example displays the banners configuration.
Device> show motd Console: Enabled Telnet: Enabled SSH: Enabled MOTD Message $(bold)Upgrade$(bold) to all devices begins at March 12 122 Login Banner User Guidelines • There are no user guidelines for this command. Example The following example displays the banners configuration.
Command Line Interface Guide
Page 250
... terminal history • no terminal history Default Configuration This command has no user guidelines for remote console access (Telnet). • ssh - Syntax • show line User EXEC mode command displays line parameters. Default Configuration Default value is console. Console (config)# ...line console Console(config-line)# exec-timeout 20 terminal history The terminal history EXEC mode command enables the command history function for secured remote console access (SSH). Virtual terminal for this command to disable the command history function. User Guidelines • There...
... terminal history • no terminal history Default Configuration This command has no user guidelines for remote console access (Telnet). • ssh - Syntax • show line User EXEC mode command displays line parameters. Default Configuration Default value is console. Console (config)# ...line console Console(config-line)# exec-timeout 20 terminal history The terminal history EXEC mode command enables the command history function for secured remote console access (SSH). Virtual terminal for this command to disable the command history function. User Guidelines • There...
Command Line Interface Guide
Page 377
...this function. Use the no form of this command to disable this command. SSH Commands ip ssh port The ip ssh port Global Configuration mode command specifies the port to be used by the SSH server. Command Mode Global Configuration mode. Use the no user guidelines for ...no ip ssh server SSH Commands 377 Syntax • ip ssh server • no ip ssh port • port-number - Example The following example specifies the port to be configured from a SSH server. Console (config)# ip ssh port 8080 ip ssh server The ip ssh server Global Configuration mode command enables the ...
...this function. Use the no form of this command to disable this command. SSH Commands ip ssh port The ip ssh port Global Configuration mode command specifies the port to be used by the SSH server. Command Mode Global Configuration mode. Use the no user guidelines for ...no ip ssh server SSH Commands 377 Syntax • ip ssh server • no ip ssh port • port-number - Example The following example specifies the port to be configured from a SSH server. Console (config)# ip ssh port 8080 ip ssh server The ip ssh server Global Configuration mode command enables the ...
Command Line Interface Guide
Page 378
... Configuration mode. Example The following example generates DSA key pairs. Console (config)# crypto key generate dsa 378 SSH Commands The SSH keys can be configured from a SSH server. however, the keys generated by this command are saved in standby until the keys are generated in ...displayed with new keys is displayed. • This command is enabled. Console (config)# ip ssh server crypto key generate dsa The ip ssh server Global Configuration mode command generates DSA key pairs. Example The following example enables the device to execute. • DSA key size is in...
... Configuration mode. Example The following example generates DSA key pairs. Console (config)# crypto key generate dsa 378 SSH Commands The SSH keys can be configured from a SSH server. however, the keys generated by this command are saved in standby until the keys are generated in ...displayed with new keys is displayed. • This command is enabled. Console (config)# ip ssh server crypto key generate dsa The ip ssh server Global Configuration mode command generates DSA key pairs. Example The following example enables the device to execute. • DSA key size is in...
Command Line Interface Guide
Page 379
... 379 crypto key generate rsa The crypto key generate rsa Global Configuration mode command generates RSA key pairs. Use the no ip ssh pubkey-auth Default Configuration The function is not saved in the startup configuration; User Guidelines • RSA keys are saved in pairs... be displayed with new keys is displayed. • The maximum supported size for incoming SSH sessions. Console (config)# crypto key generate rsa ip ssh pubkey-auth The ip ssh pubkey-auth Global Configuration mode command enables public key authentication for the RSA key is 2048 bits. • This command is ...
... 379 crypto key generate rsa The crypto key generate rsa Global Configuration mode command generates RSA key pairs. Use the no ip ssh pubkey-auth Default Configuration The function is not saved in the startup configuration; User Guidelines • RSA keys are saved in pairs... be displayed with new keys is displayed. • The maximum supported size for incoming SSH sessions. Console (config)# crypto key generate rsa ip ssh pubkey-auth The ip ssh pubkey-auth Global Configuration mode command enables public key authentication for the RSA key is 2048 bits. • This command is ...
Command Line Interface Guide
Page 380
Example The following example enters the SSH Public Key-chain Configuration mode. Example The following example enables public key authentication for this command to enter Public Key-chain Configuration mode. • This command can also be used to remove a SSH public key. 380 SSH Commands User Guidelines • There are no keys. The mode is...
Example The following example enters the SSH Public Key-chain Configuration mode. Example The following example enables public key authentication for this command to enter Public Key-chain Configuration mode. • This command can also be used to remove a SSH public key. 380 SSH Commands User Guidelines • There are no keys. The mode is...
Command Line Interface Guide
Page 381
... key. RSA key. • dsa - Default Configuration By default, the keys do not exist. Command Mode SSH Public Key Chain Configuration mode. Example The following example enables a SSH public key to be up to specify the key. UU-encoded DER format is the same format in authorized_keys file used by row • key...
... key. RSA key. • dsa - Default Configuration By default, the keys do not exist. Command Mode SSH Public Key Chain Configuration mode. Example The following example enables a SSH public key to be up to specify the key. UU-encoded DER format is the same format in authorized_keys file used by row • key...
Command Line Interface Guide
Page 383
... guidelines for this command. SSH Public Key Authentication is enabled. DSA (DSS) key was generated. Command Mode Privileged EXEC mode. Active incoming sessions: IP address SSH Version username Cipher 172.16.0.1 John Brown 2.0 3 DES Auth Code ---------HMAC-SH1 The following example displays the SSH server configuration. Console# show ip ssh SSH server enabled. User Guidelines • There...
... guidelines for this command. SSH Public Key Authentication is enabled. DSA (DSS) key was generated. Command Mode Privileged EXEC mode. Active incoming sessions: IP address SSH Version username Cipher 172.16.0.1 John Brown 2.0 3 DES Auth Code ---------HMAC-SH1 The following example displays the SSH server configuration. Console# show ip ssh SSH server enabled. User Guidelines • There...
Command Line Interface Guide
Page 428
...active Privileged EXEC mode command reactivates a locked out line. Default Configuration This command has no default configuration. Example The following example enables writing to login history file. Console terminal line. • telnet - Command Mode Privileged EXEC mode. Console# set username ... username name active • name - Console (config)# aaa login-history file set username active The set line {console | telnet |ssh} active • console - Syntax • set username active Privileged EXEC mode command reactivates a locked out user account. Virtual terminal ...
...active Privileged EXEC mode command reactivates a locked out line. Default Configuration This command has no default configuration. Example The following example enables writing to login history file. Console terminal line. • telnet - Command Mode Privileged EXEC mode. Console# set username ... username name active • name - Console (config)# aaa login-history file set username active The set line {console | telnet |ssh} active • console - Syntax • set username active Privileged EXEC mode command reactivates a locked out user account. Virtual terminal ...
Command Line Interface Guide
Page 430
... expiry date of a password. 430 TIC Commands History hold time: 365 days Lock-out: Disabled Enable Passwords Level Aging ----- ----- 1 90 15 90 Expiry date ----------Jan 18 2005 Jan 18 2005 Lockout ------1 0 Line Passwords Level ----Console Telnet SSH Aging ----90 90 Expiry date ----------Jan 18 2005 Jan 21 2005 Lockout ------LOCKOUT 0 The following...
... expiry date of a password. 430 TIC Commands History hold time: 365 days Lock-out: Disabled Enable Passwords Level Aging ----- ----- 1 90 15 90 Expiry date ----------Jan 18 2005 Jan 18 2005 Lockout ------1 0 Line Passwords Level ----Console Telnet SSH Aging ----90 90 Expiry date ----------Jan 18 2005 Jan 21 2005 Lockout ------LOCKOUT 0 The following...
Command Line Interface Guide
Page 431
... is locked out it specifies how many times a user has failed to enter the correct password since the last successful login. If the password is enabled, it specifies "LOCKOUT". Console# show users login-history Login Time Jan 18 2004 23:58:17 Jan 19 2004 07:59:23 Jan 19 2004...:29 Jan 19 2004 08:42:31 Jan 19 2004 08:49:52 Username -------Robert Robert Bob Robert John Betty Protocol -------HTTP HTTP Serial HTTP SSH Telnet Location -------172.16.1.8 172.16.0.8 172.16.0.8 172.16.0.1 172.16.1.7 TIC Commands 431
... is locked out it specifies how many times a user has failed to enter the correct password since the last successful login. If the password is enabled, it specifies "LOCKOUT". Console# show users login-history Login Time Jan 18 2004 23:58:17 Jan 19 2004 07:59:23 Jan 19 2004...:29 Jan 19 2004 08:42:31 Jan 19 2004 08:49:52 Username -------Robert Robert Bob Robert John Betty Protocol -------HTTP HTTP Serial HTTP SSH Telnet Location -------172.16.1.8 172.16.0.8 172.16.0.8 172.16.0.1 172.16.1.7 TIC Commands 431
User's Guide
Page 22
... entry and the ingress port is invoked. Access Control Lists (ACL) Access Control Lists (ACL) allow network managers to that is currently available. The SSH server feature enables an SSH client to VLANs during the RADIUS server authentication. TACACS+ provides a centralized user management system, while still retaining consistency with specific MAC addresses. Packets...
... entry and the ingress port is invoked. Access Control Lists (ACL) Access Control Lists (ACL) allow network managers to that is currently available. The SSH server feature enables an SSH client to VLANs during the RADIUS server authentication. TACACS+ provides a centralized user management system, while still retaining consistency with specific MAC addresses. Packets...