3Com 3CRUS2475 User Manual

3Com® Unified Gigabit Wireless PoE Switch 24
Command Reference Guide
www.3Com.com
Part No. 10015248 Rev. AA Published October 2006
3Com Corporation 350 Campus Drive Marlborough, MA 01752-3064
Copyright © 2006, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.
3Com and the 3Com logo are registered trademarks of 3Com Corporation.
ntel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd.
IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc.
All other company and product names may be trademarks of the respective companies with which they are associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally friendly in all operations. To uphold our policy, we are committed to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labelled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
Environmental Statement about the Documentation
The documentation for this product is printed on paper that comes from sustainable, managed forests; it is fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally friendly, and the inks are vegetable-based with a low heavy-metal content.

CONTENTS

USING THE CLI
Overview 19
CLI Command Modes 19 Introduction 19 User EXEC Mode 20 Privileged EXEC 20 Global Configuration Mode 21
Interface Configuration and Specific Configuration Modes 21 Starting the CLI 22 Editing Features 23
Entering Commands 23
Terminal Command Buffer 24 Negating the Effect of Commands 25 Command Completion 25 Nomenclature 25 Keyboard Shortcuts 26 CLI Command Conventions 27
Copying and Pasting Text 27
AAA COMMANDS
aaa authentication login 29 aaa authentication enable 30 login authentication 32 enable authentication 33 ip http authentication 33 ip https authentication 34 show authentication methods 35 password 37 enable password 37 username 38
ACL COMMANDS
ip access-list 41 permit (ip) 41 deny (IP) 45 mac access-list 47 permit (MAC) 48 deny (MAC) 49 service-acl 50 show access-lists 51 show interfaces access-lists 52
ADDRESS TABLE COMMANDS
bridge address 55 bridge multicast filtering 56 bridge multicast address 57 bridge multicast forbidden address 58 bridge multicast forward-all 59 bridge multicast forbidden forward-all 60 bridge aging-time 62 clear bridge 62 port security 63 port security mode 64 port security routed secure-address 65 show bridge address-table 66 show bridge address-table static 67 show bridge address-table count 68 show bridge multicast address-table 70 show bridge multicast filtering 72 show ports security 73 show ports security addresses 74
ETHERNET CONFIGURATION COMMANDS
interface ethernet 77 interface range ethernet 77 shutdown 78
description 79 speed 80 duplex 81 negotiation 81 flowcontrol 82 mdix 83 clear counters 84 set interface active 85 show interfaces advertise 85 show interfaces configuration 87 show interfaces status 88 show interfaces description 90 show interfaces counters 91 port storm-control include-multicast (GC) 94 port storm-control include-multicast (IC) 95 port storm-control broadcast enable 96 port storm-control broadcast rate 97 show ports storm-control 97
LINE COMMANDS
line 99 speed 99 autobaud 100 exec-timeout 101 history 102 history size 102 terminal history 103 terminal history size 104 show line 105
PHY DIAGNOSTICS COMMANDS
test copper-port tdr 107 show copper-ports tdr 108 show copper-ports cable-length 109 show fiber-ports optical-transceiver 110
PORT CHANNEL COMMANDS
interface port-channel 113 interface range port-channel 113 channel-group 114 show interfaces port-channel 115
QOS COMMANDS
qos 117 show qos 118 class-map 118 show class-map 120 match 120 policy-map 121 class 122 show policy-map 123 trust cos-dscp 124 set 125 police 126 service-policy 127 qos aggregate-policer 128 show qos aggregate-policer 129 police aggregate 130 wrr-queue cos-map 131 wrr-queue bandwidth 132 priority-queue out num-of-queues 133 traffic-shape 134 rate-limit interface configuration 135 show qos interface 136 qos map policed-dscp 138 qos map dscp-queue 139 qos trust (Global) 140 qos trust (Interface) 141 qos cos 142 qos dscp-mutation 143 qos map dscp-mutation 143 security-suite enable 144
security-suite dos protect 145 security-suite deny martian-addresses 146
CLOCK COMMANDS
clock set 149 clock source 150 clock timezone 150 clock summer-time 151 sntp authentication-key 153 sntp authenticate 154 sntp trusted-key 155 sntp client poll timer 156 sntp anycast client enable 157 sntp client enable (Interface) 157 sntp unicast client enable 158 sntp unicast client poll 159 sntp server 159 show clock 160 show sntp configuration 162 show sntp status 163
RMON COMMANDS
show rmon statistics 167 rmon collection history 169 show rmon collection history 170 show rmon history 172 rmon alarm 175 show rmon alarm-table 177 show rmon alarm 178 rmon event 180 show rmon events 181 show rmon log 182 rmon table-size 183
IGMP SNOOPING COMMANDS
ip igmp snooping (Global) 185 ip igmp snooping (Interface) 185 ip igmp snooping mrouter learn-pim-dvmrp 186 ip igmp snooping host-time-out 187 ip igmp snooping mrouter-time-out 188 ip igmp snooping leave-time-out 189 show ip igmp snooping mrouter 189 show ip igmp snooping interface 190 show ip igmp snooping groups 191
LACP COMMANDS
lacp system-priority 193 lacp port-priority 193 lacp timeout 194 show lacp ethernet 195 show lacp port-channel 198
POWER OVER ETHERNET COMMANDS
power inline 201 power inline powered-device 202 power inline priority 202 power inline usage-threshold 203 power inline traps enable 204 show power inline 204
SPANNING-TREE COMMANDS
spanning-tree 209 spanning-tree mode 209 spanning-tree forward-time 210 spanning-tree hello-time 211 spanning-tree max-age 212 spanning-tree priority 213 spanning-tree disable 213
spanning-tree cost 214 spanning-tree port-priority 215 spanning-tree portfast 216 spanning-tree link-type 217 spanning-tree pathcost method 217 spanning-tree bpdu 218 clear spanning-tree detected-protocols 219 spanning-tree mst priority 220 spanning-tree mst max-hops 220 spanning-tree mst port-priority 221 spanning-tree mst cost 222 spanning-tree mst configuration 223 instance (mst) 224 name (mst) 224 revision (mst) 225 show (mst) 226 exit (mst) 227 abort (mst) 227 spanning-tree guard root 228 show spanning-tree 229
CONFIGURATION AND IMAGE FILE COMMANDS
copy 263 delete 266 boot system 267 show running-config 268 show startup-config 268 show bootvar 269
RADIUS COMMAND
radius-server host 271 radius-server key 272 radius-server retransmit 273 radius-server source-ip 274 radius-server timeout 275 radius-server deadtime 275
show radius-servers 276
PORT MONITOR COMMANDS
port monitor 279 show ports monitor 280
SNMP COMMANDS
snmp-server community 283 snmp-server view 284 snmp-server group 286 snmp-server user 287 snmp-server engineID local 289 snmp-server enable traps 291 snmp-server filter 291 snmp-server host 292 snmp-server v3-host 294 snmp-server trap authentication 295 snmp-server contact 296 snmp-server location 297 snmp-server set 297 show snmp 298 show snmp engineid 300 show snmp views 301 show snmp groups 302 show snmp filters 303 show snmp users 304
IP ADDRESS COMMANDS
ip address 307 ip address dhcp 308 ip default-gateway 309 show ip interface 310 arp 311 arp timeout 312 clear arp-cache 312
show arp 313 ip domain-name 314 ip name-server 315
MANAGEMENT ACL COMMANDS
management access-list 317 permit (Management) 318 deny (Management) 319 management access-class 320 show management access-list 321 show management access-class 322
WIRELESS ROGUE AP COMMANDS
rogue-detect enable (Radio) 323 rogue-detect rogue-scan-interval 324 wlan rogue-detect rogue-ap 325 clear wlan rogue-ap 326 show wlan rogue-aps configuration 326 show wlan rogue-aps list 327 show wlan rogue-aps neighborhood 328
WIRELESS ESS COMMANDS
wlan ess create 331 wlan ess configure 331 ssid 332 open vlan 333 qos 334 load-balancing 334 mac-filtering action 335 mac-filtering list 336 security suite create 337 security suite configure 339 vlan (Security-Suite ESS) 340 timer (Security-Suite ESS) 341 update-gkey-on-leave (Security-Suite ESS) 342
wpa2 pre-authentication 343 show wlan ess 344 show wlan ess mac-filtering lists 347 show wlan ess counters 348
WIRELESS AP GENERAL COMMANDS
clear wlan ap 351 wlan ap active 352 wlan ap key 352 wlan ap config 353 name 354 tunnel priority 355 wan enable 355 interface ethernet 356 vlan allowed 357 vlan native 358 wlan template ap configure 358 set wlan copy 359 show wlan aps 360 show wlan ap interface radio 364 show wlan ap interface ethernet 365 show wlan aps counters 366 show wlan aps discovered 368 show wlan template aps 369
SSH COMMANDS
ip ssh port 371 ip ssh server 372 crypto key generate dsa 372 crypto key generate rsa 373 ip ssh pubkey-auth 374 crypto key pubkey-chain ssh 374 user-key 375 key-string 376 show ip ssh 378 show crypto key mypubkey 379
show crypto key pubkey-chain ssh 380
WEB SERVER COMMANDS
ip http server 383 ip http port 383 ip http exec-timeout 384 ip https server 385 ip https port 385 crypto certificate generate 386 crypto certificate request 388 crypto certificate import 389 ip https certificate 390 show crypto certificate mycertificate 391 show ip http 392 show ip https 393
TACACS+ COMMANDS
tacacs-server host 395 tacacs-server key 396 tacacs-server timeout 397 tacacs-server source-ip 398 show tacacs 399
SYSLOG COMMANDS
logging on 401 logging 402 logging console 403 logging buffered 403 logging buffered size 404 clear logging 405 logging file 406 clear logging file 406 aaa logging 407 file-system logging 408 management logging 408
show logging 409 show logging file 411 show syslog-servers 413
WIRELESS AP BSS COMMANDS
bss 415 bss enable 415 advertise-ssid 416 data-rates 417
SYSTEM MANAGEMENT COMMANDS
ping 419 traceroute 421 telnet 424 resume 427 reload 428 hostname 429 show users 429 show sessions 430 show system 431 show version 432 service cpu-utilization 433 show cpu utilization 434
USER INTERFACE COMMANDS
enable 435 disable 436 login 436 configure 437 exit (Configuration) 438 exit 438 end 439 help 439 terminal data-dump 440 debug-mode 441
show history 442 show privilege 443
GVRP COMMANDS
gvrp enable (Global) 445 gvrp enable (Interface) 446 garp timer 446 gvrp vlan-creation-forbid 448 gvrp registration-forbid 448 clear gvrp statistics 449 show gvrp configuration 450 show gvrp statistics 451 show gvrp error-statistics 452
VLAN COMMANDS
vlan database 455 vlan 455 interface vlan 456 interface range vlan 457 name 458 switchport access vlan 458 switchport trunk allowed vlan 459 switchport trunk native vlan 460 switchport general allowed vlan 461 switchport general pvid 462 switchport general ingress-filtering disable 463 switchport general acceptable-frame-type tagged-only 463 switchport forbidden vlan 464 show vlan 465 show vlan internal usage 466 show interfaces switchport 467
802.1X COMMANDS
aaa authentication dot1x 469 dot1x system-auth-control 470
dot1x port-control 470 dot1x re-authentication 471 dot1x timeout re-authperiod 472 dot1x re-authenticate 473 dot1x timeout quiet-period 473 dot1x timeout tx-period 475 dot1x max-req 475 dot1x timeout supp-timeout 476 dot1x timeout server-timeout 477 show dot1x 478 show dot1x users 481 show dot1x statistics 483 dot1x auth-not-req 485 dot1x multiple-hosts 486 dot1x single-host-violation 487 dot1x guest-vlan 488 dot1x guest-vlan enable 489 show dot1x advanced 490
WIRELESS AP RADIO COMMANDS
interface radio 493 enable (ap radio) 494 channel 494 power 496 allow traffic 497 preamble 497 rts threshold 498 antenna 499 beacon period 500
WIRELESS WLAN COMMANDS
wlan tx-power off 501 wlan country-code 502 wlan tx-power auto enable 504 wlan tx-power auto interval 505 wlan tx-power auto signal-strength 506
wlan tx-power auto signal-loss 506 wlan station idle-timeout 507 clear wlan station 508 show wlan 509 show wlan auto-tx-power 510 show wlan logging configuration 511 show wlan stations 512 show wlan stations counters 513
TROUBLESHOOTING
Problem Management 515 Troubleshooting Solutions 515

USING THE CLI

1

Overview This document describes the Command Line Interface (CLI) used to

manage the 3Com Unified Gigabit Wireless PoE switch.
Most of the CLI commands are applicable to all devices.
This chapter describes how to start using the CLI and the CLI command editing features.

CLI Command Modes

Introduction To assist in configuring the device, the Command Line Interface (CLI) is

divided into different command modes. Each command mode has its own set of specific commands. Entering a question mark ? at the system prompt (console prompt) displays a list of commands available for that particular command mode.
From each mode, a specific command is used to navigate from one command mode to another. The standard order to access the modes is as follows: User EXEC mode, Privileged EXEC mode, Global Configuration mode, and Interface Configuration mode.
When starting a session, the initial mode is the User EXEC mode. Only a limited subset of commands are available in User EXEC mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required.
The Privileged EXEC mode gives access to commands that are restricted on User EXEC mode and provides access to the device Configuration mode.
The Global Configuration mode manages the device configuration on a global level.
The Interface Configuration mode configures specific interfaces in the device.
20 CHAPTER 1: USING THE CLI

User EXEC Mode After logging into the device, the user is automatically in User EXEC

command mode unless the user is defined as a privileged user. In general, the User EXEC commands allow the user to perform basic tests, and list system information.
The user-level prompt consists of the device host name followed by the angle bracket (>).
Console>
The default host name is Console unless it has been changed using the
hostname command in the Global Configuration mode.

Privileged EXEC Privileged access is password protected to prevent unauthorized use

because many of the Privileged commands set operating system parameters. The password is not displayed on the screen and is case sensitive.
Privileged users enter directly into the Privileged EXEC mode. To enter the Privileged EXEC mode from the User EXEC mode, perform the following steps:
1 At the prompt enter the enable command and press <Enter>. A
password prompt is displayed.
2 Enter the password and press <Enter>. The password is displayed as *.
The Privileged EXEC mode prompt is displayed. The Privileged EXEC mode prompt consists of the device host name followed by #.
3 To return from the Privileged EXEC mode to the User EXEC mode, use the
disable command.
The following example illustrates how to access the Privileged EXEC mode and return to the User EXEC mode:
Console> Enter Password: ****** Console# Console# Console>
enable
disable
4 The exit command is used to return from any mode to the previous
mode except when returning to the User EXEC mode from the Privileged EXEC mode. For example, the exit command is used to return from the Interface Configuration mode to the Global Configuration mode.
Overview 21
Global Configuration
Mode
Global Configuration mode commands apply to features that affect the system as a whole, rather than just a specific interface. The configure Privileged EXEC mode command is used to enter the Global Configuration mode.
To enter the Global Configuration mode perform the following steps:
1 At the Privileged EXEC mode prompt, enter the configure command and
press <Enter>. The Global Configuration mode prompt is displayed. The Global Configuration mode prompt consists of the device host name followed by (config) and #.
Console(config)#
2 To return from the Global Configuration mode to the Privileged EXEC
mode, the user can use one of the following commands:
exit
end
Ctrl+Z
The following example illustrates how to access the Global Configuration mode and return to the Privileged EXEC mode:
Console# Console# Console(config)# Console#
configure
exit
Interface
Configuration and
Specific
Configuration Modes
Interface Configuration mode commands modify specific interface operations. The following are the Interface Configuration modes:
Line Interface — Contains commands to configure the management
connections. These include commands such as line timeout settings,
etc. The line Global Configuration mode command is used to enter
the Line Configuration command mode.
VLAN Database — Contains commands to create a VLAN as a
whole. The vlan database Global Configuration mode command is
used to enter the VLAN Database Interface Configuration mode.
Management Access List — Contains commands to define
management access-lists. The management access-list Global
Configuration mode command is used to enter the Management
Access List Configuration mode.
22 CHAPTER 1: USING THE CLI
Ethernet — Contains commands to manage port configuration. The
Port Channel — Contains commands to configure port-channels, for
SSH Public Key-chain — Contains commands to manually specify
QoS — Contains commands related to service definitions. The qos
MAC Access-List — Configures conditions required to allow traffic
interface ethernet Global Configuration mode command is used to enter the Interface Configuration mode to configure an Ethernet type interface.
example, assigning ports to a port-channel. Most of these commands are the same as the commands in the Ethernet interface mode, and are used to manage the member ports as a single entity. The interface port-channel Global Configuration mode command is used to enter the Port Channel Interface Configuration mode.
other device SSH public keys. The crypto key pubkey-chain ssh Global Configuration mode command is used to enter the SSH Public Key-chain Configuration mode.
Global Configuration mode command is used to enter the QoS services configuration mode.
based on MAC addresses. The mac access-list Global Configuration mode command is used to enter the MAC access-list configuration mode.

Starting the CLI The device can be managed over a direct connection to the device

console port or via a Telnet connection. The device is managed by entering command keywords and parameters at the prompt. Using the device command-line interface (CLI) is very similar to entering commands on a UNIX system.
If access is via a Telnet connection, ensure that the device has a defined IP address, corresponding management access is granted, and the workstation used to access the device is connected to the device prior to using CLI commands.
The following instructions are for use on the console line only.
Editing Features 23
To start using the CLI, perform the following steps:
1 Connect the DB9 null-modem or cross over cable to the RS-232 serial
port of the device to the RS-232 serial port of the terminal or computer running the terminal emulation application.
a Set the data format to 8 data bits, 1 stop bit, and no parity. b Set Flow Control to none. c Under Properties, select VT100 for Emulation mode. d Select Terminal keys for Function, Arrow, and Ctrl keys. Ensure
that the setting is for Terminal keys (not Windows keys).
Note: When using HyperTerminal with Microsoft® Windows 2000, ensure that Windows® 2000 Service Pack 2 or later is installed.With Windows 2000 Service Pack 2, the arrow keys function properly in HyperTerminal’s VT100 emulation. Go to www.microsoft.com for information on Windows 2000 service packs.
2 Enter the following commands to begin the configuration procedure:
Console> Console# Console(config)#
enable configure
3 Configure the device and enter the necessary commands to complete the
required tasks.
4 When finished, exit the session with the exit command.
When a different user is required to log onto the system, use the login Privileged EXEC mode command. This effectively logs off the current user and logs on the new user.

Editing Features

Entering Commands A CLI command is a series of keywords and arguments. Keywords identify

a command, and arguments specify configuration parameters. For example, in the command show interfaces status ethernet g11, show, interfaces and status are keywords, ethernet is an argument that specifies the interface type, and g11 specifies the port.
24 CHAPTER 1: USING THE CLI
To enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter:
Console(config)#
username
admin
password
alansmith
When working with the CLI, the command options are not displayed. The command is not selected from a menu, but is manually entered. To see what commands are available in each mode or within an Interface Configuration, the CLI does provide a method of displaying the available commands, the command syntax requirements and in some instances parameters required to complete the command. The standard command to request help is ?.
There are two instances where help information can be displayed:
Keyword lookup — The character ? is entered in place of a
command. A list of all valid commands and corresponding help messages are is displayed.
Partial keyword lookup — If a command is incomplete and or the
character ? is entered in place of a parameter. The matched keyword or parameters for this command are displayed.
To assist in using the CLI, there is an assortment of editing features. The following features are described:
Terminal Command Buffer
Command Completion
Nomenclature
Keyboard Shortcuts
Terminal Command Buffer
Every time a command is entered in the CLI, it is recorded on an internally managed Command History buffer. Commands stored in the buffer are maintained on a First In First Out (FIFO) basis. These commands can be recalled, reviewed, modified, and reissued. This buffer is not preserved across device resets.
Table 1: Keyword Table 2: Description
Editing Features 25
Up-arrow key Ctrl+P
Down-arrow key Returns to more recent commands in
Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall successively older commands.
the history buffer after recalling commands with the up-arrow key. Repeating the key sequence will recall successively more recent commands.
By default, the history buffer system is enabled, but it can be disabled at any time. For information about the command syntax to enable or disable the history buffer, see history.
There is a standard default number of commands that are stored in the buffer. The standard number of 10 commands can be increased to 216. By configuring 0, the effect is the same as disabling the history buffer system. For information about the command syntax for configuring the command history buffer, see history size.
To display the history buffer, see “show history”.
Negating the Effect of Commands
For many configuration commands, the prefix keyword no can be entered to cancel the effect of a command or reset the configuration to the default value. This guide describes the negation effect for all applicable commands.
Command Completion
If the command entered is incomplete, invalid or has missing or invalid parameters, then the appropriate error message is displayed. This assists in entering the correct command. By pressing the <Tab> button, an incomplete command is entered. If the characters already entered are not enough for the system to identify a single matching command, press ? to display the available commands matching the characters already entered.
Nomenclature
When referring to an Ethernet port in a CLI command, the following format is used:
For an Ethernet port: Ethernet_type port_number
The Ethernet type may be Gigabit Ethernet (indicated by “g”).
For example, g3 stands for Gigabit Ethernet port 3 on the device.
26 CHAPTER 1: USING THE CLI
The ports may be described on an individual basis or within a range. Use format port number-port number to specify a set of consecutive ports and port number, port number to indicates a set of non-consecutive ports. For example, g1-3 stands for Gigabit Ethernet ports 1, 2 and 3, and g1,5 stands for Gigabit Ethernet ports 1 and 5.
Keyboard Shortcuts
The CLI has a range of keyboard shortcuts to assist in editing the CLI commands. The following table describes the CLI shortcuts.
Table 3: Keyboard Key Table 4: Description
Up-arrow key Recalls commands from the history
buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands.
Down-arrow key Returns the most recent commands
from the history buffer after recalling commands with the up arrow key. Repeating the key sequence will recall successively more recent commands.
Ctrl+A Moves the cursor to the beginning of
the command line.
Ctrl+E Moves the cursor to the end of the
command line.
Ctrl+Z / End Returns back to the Privileged EXEC
mode from any configuration mode.
Backspace key Deletes one character left to the cursor
position.
Editing Features 27
CLI Command Conventions
When entering commands there are certain command entry standards that apply to all commands. The following table describes the command conventions.
Convention Description
[ ] In a command line, square brackets
{ } In a command line, curly brackets
Italic font Indicates a parameter.
<Enter> Indicates an individual key on the
Ctrl+F4 Any combination keys pressed
Screen Display
all When a parameter is required to define
indicates an optional entry.
indicate a selection of compulsory parameters separated by the | character. One option must be selected. For example: flowcontrol {auto|on|off} means that for the
flowcontrol command either auto, on or off must be selected.
keyboard. For example, <Enter> indicates the Enter key.
simultaneously on the keyboard.
Indicates system messages and prompts appearing on the console.
a range of ports or parameters and all is an option, the default for the command is all when no parameters are defined. For example, the command interface range port-channel has the option of either entering a range of channels, or selecting all. When the command is entered without a parameter, it automatically defaults to all.
Copying and Pasting
Te xt
Up to 1000 lines of text (or commands) can be copied and pasted into the device.
It is the user’s responsibility to ensure that the text copied into the device consists of legal commands only.
This feature is dependent on the baud rate of the device.
When copying and pasting commands from a configuration file, make sure that the following conditions exist:
28 CHAPTER 1: USING THE CLI
A device Configuration mode has been accessed.
The commands contain no encrypted data, like encrypted passwords
or keys. Encrypted data cannot be copied and pasted into the device.
2

AAA COMMANDS

aaa authentication login

The aaa authentication login Global Configuration mode command defines login authentication. To restore defaults, use the no form of this command.
Syntax
aaa authentication login {default | list-name} method1 [method2...]
no aaa authentication login {default | list-name}
Parameters
default — Uses the listed authentication methods that follow this
argument as the default list of methods when a user logs in.
list-name — Character string used to name the list of authentication
methods activated when a user logs in. (Range: 1-12 characters)
method1 [method2...] — Specify at least one method from the
following list:
Keyword Description
enable Uses the enable password for authentication.
line Uses the line password for authentication.
local Uses the local username database for authentication.
none Uses no authentication.
radius Uses the list of all RADIUS servers for authentication.
tacacs Uses the list of all TACACS+ servers for authentication.
Default Configuration
The local user database is checked. This has the same effect as the command aaa authentication login list-name local.
30 CHAPTER 2: AAA COMMANDS
On the console, login succeeds without any authentication check if the authentication method is not defined.
Command Mode
Global Configuration mode
User Guidelines
The default and optional list names created with the aaa authentication login command are used with the login authentication command.
Create a list by entering the aaa authentication login list-name method command for a particular protocol, where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.
The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
Example

aaa authentication enable

The following example configures the authentication login.
Console(config)#
login default radius tacacs enable line local none
aaa authentication
The aaa authentication enable Global Configuration mode command defines authentication method lists for accessing higher privilege levels. To restore defaults, use the no form of this command.
Syntax
aaa authentication enable {default | list-name} method1 [method2...]
no aaa authentication enable {default | list-name}
Parameters
default — Uses the listed authentication methods that follow this
argument as the default list of methods, when using higher privilege levels.
Loading...
+ 492 hidden pages