Command Line Interface Guide
Page 3
Contents 1 Command Groups 55 Introduction 55 Command Groups 55 Layer 2 Commands 61 2 Using the CLI 135 135 Introduction 135 Entering and Editing CLI Commands 135 CLI Command Modes 141 3 Layer 2 Commands 187 Introduction 187 4 AAA Commands 188 aaa authentication enable 190 aaa authentication login 191 aaa authorization network default radius 193 Contents 3
Contents 1 Command Groups 55 Introduction 55 Command Groups 55 Layer 2 Commands 61 2 Using the CLI 135 135 Introduction 135 Entering and Editing CLI Commands 135 CLI Command Modes 141 3 Layer 2 Commands 187 Introduction 187 4 AAA Commands 188 aaa authentication enable 190 aaa authentication login 191 aaa authorization network default radius 193 Contents 3
Command Line Interface Guide
Page 4
enable authentication 194 enable password 194 ip http authentication 195 ip https authentication 196 login authentication 197 password (Line Configuration 198 password (User EXEC 199 show authentication methods 200 show users accounts 201 show users login-history 202 username 203 5 ACL Commands 205 deny | permit 207 ip access-group 209 no ip access-group 209 mac access-group 210 mac access-list extended 211 mac access-list extended rename 212 show ip access-lists 213 show mac access-list 214 4 Contents
enable authentication 194 enable password 194 ip http authentication 195 ip https authentication 196 login authentication 197 password (Line Configuration 198 password (User EXEC 199 show authentication methods 200 show users accounts 201 show users login-history 202 username 203 5 ACL Commands 205 deny | permit 207 ip access-group 209 no ip access-group 209 mac access-group 210 mac access-list extended 211 mac access-list extended rename 212 show ip access-lists 213 show mac access-list 214 4 Contents
Command Line Interface Guide
Page 61
... or more authentication, GC authorization and accounting (AAA) methods for a remote telnet or console. aaa authentication login Defines login authentication. GC aaa authorization network Enables the switch to the GC normal level. GC login authentication Specifies the login authentication method list LC for use on a line. aaa authentication enable Defines authentication method lists for...
... or more authentication, GC authorization and accounting (AAA) methods for a remote telnet or console. aaa authentication login Defines login authentication. GC aaa authorization network Enables the switch to the GC normal level. GC login authentication Specifies the login authentication method list LC for use on a line. aaa authentication enable Defines authentication method lists for...
Command Line Interface Guide
Page 62
... deny|permit ip access-group ip access-group out mac access-group mac access-list extended mac access-list extended rename show users login-history Displays information about login histories of interfaces. The permit command allows traffic if the conditions defined in the permit statement are defined for the ACL. 62 Command...
... deny|permit ip access-group ip access-group out mac access-group mac access-list extended mac access-list extended rename show users login-history Displays information about login histories of interfaces. The permit command allows traffic if the conditions defined in the permit statement are defined for the ACL. 62 Command...
Command Line Interface Guide
Page 125
.... Command Description Mode* show rmon statistics Displays RMON Ethernet Statistics. UE NOTE: *For the meaning of each Mode abbreviation, see "Mode Types" on PE the login session in which it is executed. PE Enables the display of IGMP Snooping packets PE transmitted and/or received by the switch. PE Enables tracing...
.... Command Description Mode* show rmon statistics Displays RMON Ethernet Statistics. UE NOTE: *For the meaning of each Mode abbreviation, see "Mode Types" on PE the login session in which it is executed. PE Enables the display of IGMP Snooping packets PE transmitted and/or received by the switch. PE Enables tracing...
Command Line Interface Guide
Page 155
...to the CLI. After completing the wizard, the user is not used by the SNMP manager. Using the CLI 155 • Enables CLI login and HTTP access to enter spaces in the community string, their use is running, the system does not display any unsolicited or unrelated status ...the local authentication setting only, which allows user account access via these management interfaces. If the user chooses to refer the documentation. During a subsequent login, the user may elect to run the setup wizard. The user may again elect not to correct only a few items instead of the community...
...to the CLI. After completing the wizard, the user is not used by the SNMP manager. Using the CLI 155 • Enables CLI login and HTTP access to enter spaces in the community string, their use is running, the system does not display any unsolicited or unrelated status ...the local authentication setting only, which allows user account access via these management interfaces. If the user chooses to refer the documentation. During a subsequent login, the user may elect to run the setup wizard. The user may again elect not to correct only a few items instead of the community...
Command Line Interface Guide
Page 160
... and changing privilege levels, see the user documentation. Optionally you may setup other accounts and change privilege levels later. The IP address is used to login to setup your initial privilege (Level 15) user account. This is setup. To setup an IP address: 160 Using the CLI For more information on...
... and changing privilege levels, see the user documentation. Optionally you may setup other accounts and change privilege levels later. The IP address is used to login to setup your initial privilege (Level 15) user account. This is setup. To setup an IP address: 160 Using the CLI For more information on...
Command Line Interface Guide
Page 162
... skip the setup wizard, and enter CLI mode to manually configure the switch. This account is not setup for Dell Network Manager) you like to setup the SNMP management interface now? [Y/N] n Step 2: Now we need to ...the setup wizard at any point by default. Waiting to the CLI and Web interface. Welcome to Dell Easy Setup Wizard The Setup Wizard guides you through the initial switch configuration, and gets you must ... wizard within 60 seconds)? [Y/N] y Step 1: The system is used to login to select management unit)> Applying configuration, please wait ... You can . Unit 1 -
... skip the setup wizard, and enter CLI mode to manually configure the switch. This account is not setup for Dell Network Manager) you like to setup the SNMP management interface now? [Y/N] n Step 2: Now we need to ...the setup wizard at any point by default. Waiting to the CLI and Web interface. Welcome to Dell Easy Setup Wizard The Setup Wizard guides you through the initial switch configuration, and gets you must ... wizard within 60 seconds)? [Y/N] y Step 1: The system is used to login to select management unit)> Applying configuration, please wait ... You can . Unit 1 -
Command Line Interface Guide
Page 168
...apply: • The user determines whether remote authentication servers or locally defined user authentication accounts are CISCO-AV-Pairs(Shell:priv-lvl=x) and Dell Radius VSA (user-group=x). These are used , the Vendor-Specific Option field returns the access level for the user. If the primary ... case, CLI reverts to using local user accounts when the remote authentication servers do not respond or if the CLI simply fails the login attempt because the authentication servers are supported. TACACS+ provides the appropriate level of two security levels. This level has full access to ...
...apply: • The user determines whether remote authentication servers or locally defined user authentication accounts are CISCO-AV-Pairs(Shell:priv-lvl=x) and Dell Radius VSA (user-group=x). These are used , the Vendor-Specific Option field returns the access level for the user. If the primary ... case, CLI reverts to using local user accounts when the remote authentication servers do not respond or if the CLI simply fails the login attempt because the authentication servers are supported. TACACS+ provides the appropriate level of two security levels. This level has full access to ...
Command Line Interface Guide
Page 169
...events are not recorded. The user configures the switch to generate all requests. • Even if the user configures the CLI to fail login when the remote authentication servers are down, the CLI allows the user to log in a configurable time period, the CLI automatically attempts to ...servers fail to respond. If the primary server fails to respond in to a remote log server. The following : • User login. • User logout. • Denied login attempts. • User attempt to authenticate the user with the server, TACACS+ or Radius. Syslogs The CLI uses syslog support to...
...events are not recorded. The user configures the switch to generate all requests. • Even if the user configures the CLI to fail login when the remote authentication servers are down, the CLI allows the user to log in a configurable time period, the CLI automatically attempts to ...servers fail to respond. If the primary server fails to respond in to a remote log server. The following : • User login. • User logout. • Denied login attempts. • User attempt to authenticate the user with the server, TACACS+ or Radius. Syslogs The CLI uses syslog support to...
Command Line Interface Guide
Page 188
... VLAN Commands • 802.1x Commands AAA Commands This chapter explains the following commands: • aaa authentication dot1x • aaa authentication enable • aaa authentication login • aaa authorization network default radius • enable authentication • enable password • ip http authentication • ip https authentication •...
... VLAN Commands • 802.1x Commands AAA Commands This chapter explains the following commands: • aaa authentication dot1x • aaa authentication enable • aaa authentication login • aaa authorization network default radius • enable authentication • enable password • ip http authentication • ip https authentication •...
Command Line Interface Guide
Page 189
... User Guidelines The additional methods of all methods return an error, specify none as the final method in Global Configuration mode to create an authentication login list. Example The following table: Keyword radius none Description Uses the list of authentication are used only if the previous method returns an error, not...
... User Guidelines The additional methods of all methods return an error, specify none as the final method in Global Configuration mode to create an authentication login list. Example The following table: Keyword radius none Description Uses the list of authentication are used only if the previous method returns an error, not...
Command Line Interface Guide
Page 191
... in . • list-name - To ensure that follow this argument as the final method in the given sequence. Syntax aaa authentication login {default|list-name} method1 [method2...] no form of methods that enable will not succeed for enable authentication. Note that the authentication algorithm...servers, add "$enabx$" users to privileged EXEC mode. To return to the default configuration, use the no aaa authentication login {default|list-name} • default - The login user ID is the requested privilege level. Create a list by the switch to a RADIUS server include the username "$...
... in . • list-name - To ensure that follow this argument as the final method in the given sequence. Syntax aaa authentication login {default|list-name} method1 [method2...] no form of methods that enable will not succeed for enable authentication. Note that the authentication algorithm...servers, add "$enabx$" users to privileged EXEC mode. To return to the default configuration, use the no aaa authentication login {default|list-name} • default - The login user ID is the requested privilege level. Create a list by the switch to a RADIUS server include the username "$...
Command Line Interface Guide
Page 192
...error, not if there is specified as the final method in the given sequence. "defaultList" is used by entering the aaa authentication login list-name method command for authentication. Create a list by the console and only contains the method none. Example The following table: ... name this list. Uses the list of authentication are used if the RADIUS server is any character string used with the aaa authentication login command are "defaultList" and "networkList." The additional methods of all TACACS+ servers for authentication. For example, if none is an authentication...
...error, not if there is specified as the final method in the given sequence. "defaultList" is used by entering the aaa authentication login list-name method command for authentication. Create a list by the console and only contains the method none. Example The following table: ... name this list. Uses the list of authentication are used if the RADIUS server is any character string used with the aaa authentication login command are "defaultList" and "networkList." The additional methods of all TACACS+ servers for authentication. For example, if none is an authentication...
Command Line Interface Guide
Page 193
...; default - Name of the authorization method Default Configuration By default, the switch does not accept VLAN assignments by the RADIUS server. console(config)# aaa authentication login default radius local enable none aaa authorization network default radius Use the aaa authorization network default radius command in a particular VLAN based on the external...
...; default - Name of the authorization method Default Configuration By default, the switch does not accept VLAN assignments by the RADIUS server. console(config)# aaa authentication login default radius local enable none aaa authorization network default radius Use the aaa authorization network default radius command in a particular VLAN based on the external...
Command Line Interface Guide
Page 197
...form of all TACACS+ servers for a line (console, telnet, or SSH). console(config)# ip https authentication radius local login authentication Use the login authentication command in the command line. Default Configuration The local user database is used only if the previous method returns an .... Example The following table: Keyword local none radius tacacs Source or destination Uses the local username database for authentication. Syntax login authentication {default|list-name} AAA Commands 197 Uses the list of authentication are used if the RADIUS server is specified as...
...form of all TACACS+ servers for a line (console, telnet, or SSH). console(config)# ip https authentication radius local login authentication Use the login authentication command in the command line. Default Configuration The local user database is used only if the previous method returns an .... Example The following table: Keyword local none radius tacacs Source or destination Uses the local username database for authentication. Syntax login authentication {default|list-name} AAA Commands 197 Uses the list of authentication are used if the RADIUS server is specified as...
Command Line Interface Guide
Page 198
...specify a password on a line. Uses the indicated list created with the aaa authentication login command. • list-name - console(config)# line console console(config-line)# login authentication default password (Line Configuration) Use the password command in Line Configuration mode to ...another switch configuration. 198 AAA Commands Uses the default list created with the aaa authentication login command. Default Configuration Uses the default set with the command aaa authentication login. Syntax password password [encrypted] no form of this level. (Range: 8- 64 characters...
...specify a password on a line. Uses the indicated list created with the aaa authentication login command. • list-name - console(config)# line console console(config-line)# login authentication default password (Line Configuration) Use the password command in Line Configuration mode to ...another switch configuration. 198 AAA Commands Uses the default list created with the aaa authentication login command. Default Configuration Uses the default set with the command aaa authentication login. Syntax password password [encrypted] no form of this level. (Range: 8- 64 characters...
Command Line Interface Guide
Page 200
... This command has no user guidelines. console>password Enter old password:******** Enter new password:******** Confirm new password:******** show authentication methods Use the show authentication methods Login Authentication Method Lists defaultList : local Enable Authentication Method Lists 200 AAA Commands
... This command has no user guidelines. console>password Enter old password:******** Enter new password:******** Confirm new password:******** show authentication methods Use the show authentication methods Login Authentication Method Lists defaultList : local Enable Authentication Method Lists 200 AAA Commands
Command Line Interface Guide
Page 201
enableList : local Line Login Method List Console defaultList Telnet defaultList SSH defaultList Enable Method List enableList enableList enableList HTTPS HTTP DOT1X :local :local :none show users accounts Use the show users accounts [long] Default Configuration This command has no user guidelines. Syntax show users accounts command in Privileged EXEC mode to display information about the local user database. Command Mode Privileged EXEC mode User Guidelines This command has no default configuration. AAA Commands 201
enableList : local Line Login Method List Console defaultList Telnet defaultList SSH defaultList Enable Method List enableList enableList enableList HTTPS HTTP DOT1X :local :local :none show users accounts Use the show users accounts [long] Default Configuration This command has no user guidelines. Syntax show users accounts command in Privileged EXEC mode to display information about the local user database. Command Mode Privileged EXEC mode User Guidelines This command has no default configuration. AAA Commands 201
Command Line Interface Guide
Page 202
Example The following example show users login-history command in Global Configuration mode to display information about the local user database. console#show users login-history [long] • name - Syntax show users accounts UserName Lockout Privilege Password Password ...Aging Expiry date admin 15 --- --- name of users. Example The following example displays information about the login history of user. (Range: 1-20 characters) Default Configuration This command has no user guidelines. False guest 1 --- --- Command...
Example The following example show users login-history command in Global Configuration mode to display information about the local user database. console#show users login-history [long] • name - Syntax show users accounts UserName Lockout Privilege Password Password ...Aging Expiry date admin 15 --- --- name of users. Example The following example displays information about the login history of user. (Range: 1-20 characters) Default Configuration This command has no user guidelines. False guest 1 --- --- Command...