Command Line Interface Guide
Page 3
Contents 1 Command Groups 55 Introduction 55 Command Groups 55 Layer 2 Commands 61 2 Using the CLI 135 135 Introduction 135 Entering and Editing CLI Commands 135 CLI Command Modes 141 3 Layer 2 Commands 187 Introduction 187 4 AAA Commands 188 aaa authentication enable 190 aaa authentication login 191 aaa authorization network default radius 193 Contents 3
Contents 1 Command Groups 55 Introduction 55 Command Groups 55 Layer 2 Commands 61 2 Using the CLI 135 135 Introduction 135 Entering and Editing CLI Commands 135 CLI Command Modes 141 3 Layer 2 Commands 187 Introduction 187 4 AAA Commands 188 aaa authentication enable 190 aaa authentication login 191 aaa authorization network default radius 193 Contents 3
Command Line Interface Guide
Page 17
radius-server host 507 radius-server key 508 radius-server retransmit 509 radius-server source-ip 509 radius-server timeout 510 retransmit 511 show radius-servers 512 show radius-servers statistics 514 source-ip 518 timeout 519 usage 520 25 Spanning Tree Commands 521 exit (mst 523 instance (mst 524 name (mst 525 revision (mst 526 show spanning-tree 526 show spanning-tree summary 539 spanning-tree 540 spanning-tree auto-portfast 541 spanning-tree bpdu flooding 542 Contents 17
radius-server host 507 radius-server key 508 radius-server retransmit 509 radius-server source-ip 509 radius-server timeout 510 retransmit 511 show radius-servers 512 show radius-servers statistics 514 source-ip 518 timeout 519 usage 520 25 Spanning Tree Commands 521 exit (mst 523 instance (mst 524 name (mst 525 revision (mst 526 show spanning-tree 526 show spanning-tree summary 539 spanning-tree 540 spanning-tree auto-portfast 541 spanning-tree bpdu flooding 542 Contents 17
Command Line Interface Guide
Page 22
dot1x timeout supp-timeout 628 dot1x timeout tx-period 629 show dot1x 630 show dot1x clients 633 show dot1x ethernet 635 show dot1x statistics 637 show dot1x users 639 dot1x guest-vlan 640 dot1x unauth-vlan 641 show dot1x advanced 641 radius-server attribute 4 644 31 Layer 3 Commands 645 Introduction 645 32 ARP Commands 646 arp cachesize 647 arp dynamicrenew 648 arp purge 649 arp resptime 650 arp retries 651 arp timeout 652 22 Contents
dot1x timeout supp-timeout 628 dot1x timeout tx-period 629 show dot1x 630 show dot1x clients 633 show dot1x ethernet 635 show dot1x statistics 637 show dot1x users 639 dot1x guest-vlan 640 dot1x unauth-vlan 641 show dot1x advanced 641 radius-server attribute 4 644 31 Layer 3 Commands 645 Introduction 645 32 ARP Commands 646 arp cachesize 647 arp dynamicrenew 648 arp purge 649 arp resptime 650 arp retries 651 arp timeout 652 22 Contents
Command Line Interface Guide
Page 56
... on specific target ports. LACP Configures and displays LACP information. LLDP Configures and displays LLDP information. Port Monitor Monitors activity on the switch. Radius Configures and displays RADIUS information. Ethernet Configuration Configures all port configuration options for filtering. GVRP Configures and displays GVRP configuration and information. Port Channel Configures and displays Port...
... on specific target ports. LACP Configures and displays LACP information. LLDP Configures and displays LLDP information. Port Monitor Monitors activity on the switch. Radius Configures and displays RADIUS information. Ethernet Configuration Configures all port configuration options for filtering. GVRP Configures and displays GVRP configuration and information. Port Channel Configures and displays Port...
Command Line Interface Guide
Page 60
... • MA - Policy Class Map Configuration • R - Captive Portal Configuration • CPI - Interface Configuration • IP - MST Configuration • ML - Policy Map Configuration • PCGC - Radius • RIP - Crypto Configuration • CP - Policy Map Global Configuration • PCMC - Mode Types The tables on the following pages use these abbreviations for Command...
... • MA - Policy Class Map Configuration • R - Captive Portal Configuration • CPI - Interface Configuration • IP - MST Configuration • ML - Policy Map Configuration • PCGC - Radius • RIP - Crypto Configuration • CP - Policy Map Global Configuration • PCMC - Mode Types The tables on the following pages use these abbreviations for Command...
Command Line Interface Guide
Page 61
... Key-chain • TC - aaa authentication login Defines login authentication. enable password Sets a local password to control access to accept VLAN assignment GC default radius by the RADIUS server. TACACS Configuration • UE - enable authentication Specifies the authentication method list when LC accessing a higher privilege level from a remote telnet or console. User...
... Key-chain • TC - aaa authentication login Defines login authentication. enable password Sets a local password to control access to accept VLAN assignment GC default radius by the RADIUS server. TACACS Configuration • UE - enable authentication Specifies the authentication method list when LC accessing a higher privilege level from a remote telnet or console. User...
Command Line Interface Guide
Page 81
... which the servers are unavailable. GC Sets the authentication and encryption key for GC communication with 0 being configured. Specifies the source IP address used , with RADIUS servers. Command Groups 81 Enables the message authenticator attribute to R be the R primary server in which have the same server name. Causes the unavailable servers...
... which the servers are unavailable. GC Sets the authentication and encryption key for GC communication with 0 being configured. Specifies the source IP address used , with RADIUS servers. Command Groups 81 Enables the message authenticator attribute to R be the R primary server in which have the same server name. Causes the unavailable servers...
Command Line Interface Guide
Page 82
... the MST configuration mode and applies MC configuration changes. MC name (mst) Defines the MST configuration name. MC show radius-servers Displays the RADIUS server settings. PE show spanning-tree summary Displays spanning tree settings and parameters PE for the switch. GC spanning-tree auto...-portfast Sets the port to an MST instance. Command Description Mode* radius-server timeout Sets the interval for which a switch waits for an authentication or PE accounting server. show spanning-tree Displays spanning ...
... the MST configuration mode and applies MC configuration changes. MC name (mst) Defines the MST configuration name. MC show radius-servers Displays the RADIUS server settings. PE show spanning-tree summary Displays spanning tree settings and parameters PE for the switch. GC spanning-tree auto...-portfast Sets the port to an MST instance. Command Description Mode* radius-server timeout Sets the interval for which a switch waits for an authentication or PE accounting server. show spanning-tree Displays spanning ...
Command Line Interface Guide
Page 89
... active 802.1X authenticated users for the PE switch or specified interface. Command Description Mode* show dot1x statistics Displays 802.1X statistics for the RADIUS server. dot1x guest-vlan Sets the guest VLAN on a port. radius-server attribute 4 Sets the network access server (NAS) IP address GC for the specified PE interface.
... active 802.1X authenticated users for the PE switch or specified interface. Command Description Mode* show dot1x statistics Displays 802.1X statistics for the RADIUS server. dot1x guest-vlan Sets the guest VLAN on a port. radius-server attribute 4 Sets the network access server (NAS) IP address GC for the specified PE interface.
Command Line Interface Guide
Page 145
... the parameters for the SNMP server host. • SNMP v3 Host Configuration - Configures the parameters for the TACACS server. • Radius - Configures the parameters for crypto certificate request. • Crypto Certificate Generation - Configures the parameters for the SNMP v3 server host. ... and identifies the command mode. Configures the parameters for crypto certificate generate. • Logging - Configures the parameters for the RADIUS server. • SNMP Host Configuration - The following is omitted for example, 1/g1). The Global Configuration mode command macaccess...
... the parameters for the SNMP server host. • SNMP v3 Host Configuration - Configures the parameters for the TACACS server. • Radius - Configures the parameters for crypto certificate request. • Crypto Certificate Generation - Configures the parameters for the SNMP v3 server host. ... and identifies the command mode. Configures the parameters for crypto certificate generate. • Logging - Configures the parameters for the RADIUS server. • SNMP Host Configuration - The following is omitted for example, 1/g1). The Global Configuration mode command macaccess...
Command Line Interface Guide
Page 149
...to Global Configuration mode, use the snmp-server v3-host command. To exit to Privileged EXEC mode. Command Mode Access Method Command Prompt Radius From Global Configuration mode, use the snmp-server community command. SNMP Community Configuration From Global Configuration mode, use the... radius-server host command. console(configsnmp)# Exit or Access Previous Mode To exit to Global Configuration mode, use the exit command, or press...
...to Global Configuration mode, use the snmp-server v3-host command. To exit to Privileged EXEC mode. Command Mode Access Method Command Prompt Radius From Global Configuration mode, use the snmp-server community command. SNMP Community Configuration From Global Configuration mode, use the... radius-server host command. console(configsnmp)# Exit or Access Previous Mode To exit to Global Configuration mode, use the exit command, or press...
Command Line Interface Guide
Page 155
... automatically is disabled until the user returns to configure security access for SNMPv3 (for the user to accept. The user may return later to configure Radius or TACACS+. • Sets up the IP address for the management VLAN or enables support for the SNMP management interface. Initially only SNMPv1/2c will...
... automatically is disabled until the user returns to configure security access for SNMPv3 (for the user to accept. The user may return later to configure Radius or TACACS+. • Sets up the IP address for the management VLAN or enables support for the SNMP management interface. Initially only SNMPv1/2c will...
Command Line Interface Guide
Page 167
... interface security consists of locally managed user accounts. User Accounts Management The CLI provides authentication for users either through remote authentication servers supporting TACACS+ or Radius or through a set of management interface security measures implemented by the CLI. The serial interface is the only interface from which the user may create...
... interface security consists of locally managed user accounts. User Accounts Management The CLI provides authentication for users either through remote authentication servers supporting TACACS+ or Radius or through a set of management interface security measures implemented by the CLI. The serial interface is the only interface from which the user may create...
Command Line Interface Guide
Page 168
... is created and maintained locally, each user is authenticated. Two vendor specific options are CISCO-AV-Pairs(Shell:priv-lvl=x) and Dell Radius VSA (user-group=x). • The user password is login through remote authentication servers, the authentication server is configured to pass ... specifications apply: • The user determines whether remote authentication servers or locally defined user authentication accounts are down . When Radius is the special access level assigned to one of access. If the primary authentication server fails to respond within the switch and...
... is created and maintained locally, each user is authenticated. Two vendor specific options are CISCO-AV-Pairs(Shell:priv-lvl=x) and Dell Radius VSA (user-group=x). • The user password is login through remote authentication servers, the authentication server is configured to pass ... specifications apply: • The user determines whether remote authentication servers or locally defined user authentication accounts are down . When Radius is the special access level assigned to one of access. If the primary authentication server fails to respond within the switch and...
Command Line Interface Guide
Page 169
... down, the CLI allows the user to log in a configurable time period, the CLI automatically attempts to authenticate the user with the server, TACACS+ or Radius. If no remote log server exists, then the CLI maintains a rolling log of the servers is primary and the other is the secondary server (the...
... down, the CLI allows the user to log in a configurable time period, the CLI automatically attempts to authenticate the user with the server, TACACS+ or Radius. If no remote log server exists, then the CLI maintains a rolling log of the servers is primary and the other is the secondary server (the...
Command Line Interface Guide
Page 188
• LLDP Commands • Port Channel Commands • Port Monitor Commands • QoS Commands • RADIUS Commands • Spanning Tree Commands • Switchport Voice Commands • TACACS+ Commands • VLAN Commands •...chapter explains the following commands: • aaa authentication dot1x • aaa authentication enable • aaa authentication login • aaa authorization network default radius • enable authentication • enable password • ip http authentication • ip https authentication • login authentication • password (...
• LLDP Commands • Port Channel Commands • Port Monitor Commands • QoS Commands • RADIUS Commands • Spanning Tree Commands • Switchport Voice Commands • TACACS+ Commands • VLAN Commands •...chapter explains the following commands: • aaa authentication dot1x • aaa authentication enable • aaa authentication login • aaa authorization network default radius • enable authentication • enable password • ip http authentication • ip https authentication • login authentication • password (...
Command Line Interface Guide
Page 189
... methods return an error, specify none as the final method in Global Configuration mode to create an authentication login list. Example The following table: Keyword radius none Description Uses the list of authentication are used only if the previous method returns an error, not if it fails. To ensure that the...
... methods return an error, specify none as the final method in Global Configuration mode to create an authentication login list. Example The following table: Keyword radius none Description Uses the list of authentication are used only if the previous method returns an error, not if it fails. To ensure that the...
Command Line Interface Guide
Page 190
...the listed authentication methods that follow this command. Specify at least one from the following table: Keyword enable line none radius tacacs Source or destination Uses the enable password for accessing higher privilege levels. It is "enableList." To return to the... the aaa authentication enable command in Global Configuration mode to set authentication for authentication. Character string used to name the list of all RADIUS servers for authentication. Uses no form of all TACACS+ servers for authentication. Syntax aaa authentication enable {default|list-name} method1 [method2...
...the listed authentication methods that follow this command. Specify at least one from the following table: Keyword enable line none radius tacacs Source or destination Uses the enable password for accessing higher privilege levels. It is "enableList." To return to the... the aaa authentication enable command in Global Configuration mode to set authentication for authentication. Character string used to name the list of all RADIUS servers for authentication. Uses no form of all TACACS+ servers for authentication. Syntax aaa authentication enable {default|list-name} method1 [method2...
Command Line Interface Guide
Page 191
... is any character string used only if the previous method returns an error, not if it fails. Create a list by the switch to a RADIUS server include the username "$enabx$", where x is the requested privilege level. For example, if none is specified as the default list of methods...in Global Configuration mode to TACACS+ servers for a level one user must authenticate to get to privileged EXEC mode. Character string used if the RADIUS server is now sent to set authentication at login. The additional methods of authentication methods activated when a user logs in . • list-...
... is any character string used only if the previous method returns an error, not if it fails. Create a list by the switch to a RADIUS server include the username "$enabx$", where x is the requested privilege level. For example, if none is specified as the default list of methods...in Global Configuration mode to TACACS+ servers for a level one user must authenticate to get to privileged EXEC mode. Character string used if the RADIUS server is now sent to set authentication at login. The additional methods of authentication methods activated when a user logs in . • list-...
Command Line Interface Guide
Page 192
...list of methods that the authentication succeeds even if all methods return an error, specify none as an authentication method after radius, no authentication. "networkList" is an authentication failure. The method argument identifies the list of all TACACS+ servers for ...by entering the aaa authentication login list-name method command for authentication. Example The following table: Keyword enable line local none radius tacacs Source or destination Uses the enable password for authentication. Uses the list of authentication are "defaultList" and "networkList."...
...list of methods that the authentication succeeds even if all methods return an error, specify none as an authentication method after radius, no authentication. "networkList" is an authentication failure. The method argument identifies the list of all TACACS+ servers for ...by entering the aaa authentication login list-name method command for authentication. Example The following table: Keyword enable line local none radius tacacs Source or destination Uses the enable password for authentication. Uses the list of authentication are "defaultList" and "networkList."...