3Com® Unified Gigabit Wireless
PoE Switch 24
Command Reference Guide
3CRUS2475
www.3Com.com
Part No. 10015248 Rev. AA
Published October 2006
3Com Corporation
350 Campus Drive
Marlborough,
MA 01752-3064
Copyright © 2006, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.
3Com and the 3Com logo are registered trademarks of 3Com Corporation.
ntel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd.
IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc.
All other company and product names may be trademarks of the respective companies with which they are associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally friendly in all operations. To uphold our policy, we are committed to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labelled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
Environmental Statement about the Documentation
The documentation for this product is printed on paper that comes from sustainable, managed forests; it is fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally friendly, and the inks are vegetable-based with a low heavy-metal content.
USING THE CLI
Overview |
19 |
|
|
|
|
|
CLI Command Modes |
19 |
|
|
|||
Introduction |
19 |
|
|
|
|
|
User EXEC Mode |
20 |
|
|
|
||
Privileged EXEC 20 |
|
|
|
|||
Global Configuration Mode |
21 |
|||||
Interface Configuration and Specific Configuration Modes 21 |
||||||
Starting the CLI |
22 |
|
|
|
|
|
Editing Features |
23 |
|
|
|
|
|
Entering Commands |
23 |
|
|
|||
Terminal Command Buffer |
24 |
|||||
Negating the Effect of Commands 25 |
||||||
Command Completion |
25 |
|
||||
Nomenclature |
25 |
|
|
|
||
Keyboard Shortcuts |
26 |
|
||||
CLI Command Conventions |
27 |
|||||
Copying and Pasting Text |
27 |
|
||||
|
|
|
|
|
||
AAA COMMANDS |
|
|
|
|
||
aaa authentication login |
29 |
|
|
|||
aaa authentication enable |
30 |
|
|
|||
login authentication |
32 |
|
|
|
||
enable authentication |
33 |
|
|
|||
ip http authentication |
33 |
|
|
|||
ip https authentication |
34 |
|
|
|||
show authentication methods |
35 |
|
||||
password |
37 |
|
|
|
|
|
enable password |
37 |
|
|
|
|
|
username |
38 |
|
|
|
|
|
ACL COMMANDS
ip access-list |
41 |
|
|
permit (ip) |
41 |
|
|
deny (IP) |
45 |
|
|
mac access-list |
47 |
|
|
permit (MAC) |
48 |
|
|
deny (MAC) |
49 |
|
|
service-acl |
50 |
|
|
show access-lists 51 |
|
||
show interfaces access-lists |
52 |
||
|
|||
ADDRESS TABLE COMMANDS |
|||
bridge address |
55 |
|
|
bridge multicast filtering |
56 |
||
bridge multicast address |
57 |
||
bridge multicast forbidden address 58 |
bridge multicast forward-all |
59 |
|
|||
bridge multicast forbidden forward-all |
60 |
||||
bridge aging-time |
62 |
|
|
|
|
clear bridge |
62 |
|
|
|
|
port security |
63 |
|
|
|
|
port security mode |
64 |
|
|
|
|
port security routed secure-address |
65 |
||||
show bridge address-table |
66 |
|
|
||
show bridge address-table static |
67 |
|
|||
show bridge address-table count |
68 |
||||
show bridge multicast address-table |
70 |
||||
show bridge multicast filtering |
72 |
|
|||
show ports security |
73 |
|
|
|
|
show ports security addresses |
|
74 |
|
||
|
|||||
ETHERNET CONFIGURATION COMMANDS |
|||||
interface ethernet |
77 |
|
|
|
|
interface range ethernet 77 |
|
|
|||
shutdown |
78 |
|
|
|
|
description |
|
79 |
|
|
|
|
|
|
speed |
80 |
|
|
|
|
|
|
|
duplex |
81 |
|
|
|
|
|
|
|
negotiation |
|
81 |
|
|
|
|
|
|
flowcontrol |
|
82 |
|
|
|
|
|
|
mdix |
83 |
|
|
|
|
|
|
|
clear counters |
84 |
|
|
|
|
|
||
set interface active |
85 |
|
|
|
|
|||
show interfaces advertise |
85 |
|
|
|
||||
show interfaces configuration |
87 |
|
|
|||||
show interfaces status |
88 |
|
|
|
||||
show interfaces description 90 |
|
|
||||||
show interfaces counters |
91 |
|
|
|
||||
port storm-control include-multicast (GC) |
94 |
|||||||
port storm-control include-multicast (IC) |
95 |
|||||||
port storm-control broadcast enable |
96 |
|
||||||
port storm-control broadcast rate |
97 |
|
||||||
show ports storm-control |
97 |
|
|
|
||||
|
|
|
|
|
|
|||
LINE COMMANDS |
|
|
|
|
|
|||
line |
99 |
|
|
|
|
|
|
|
speed |
99 |
|
|
|
|
|
|
|
autobaud |
100 |
|
|
|
|
|
||
exec-timeout |
101 |
|
|
|
|
|
||
history |
102 |
|
|
|
|
|
|
|
history size |
|
102 |
|
|
|
|
|
|
terminal history 103 |
|
|
|
|
||||
terminal history size |
104 |
|
|
|
||||
show line |
105 |
|
|
|
|
|
||
|
|
|||||||
PHY DIAGNOSTICS COMMANDS |
|
|||||||
test copper-port tdr |
107 |
|
|
|
||||
show copper-ports tdr |
108 |
|
|
|
||||
show copper-ports cable-length |
109 |
|
||||||
show fiber-ports optical-transceiver |
110 |
|
PORT CHANNEL COMMANDS
interface port-channel |
113 |
|
|
|||||
interface range port-channel |
113 |
|
||||||
channel-group |
114 |
|
|
|
|
|||
show interfaces port-channel |
115 |
|||||||
|
|
|
|
|
||||
QOS COMMANDS |
|
|
|
|
||||
qos |
117 |
|
|
|
|
|
|
|
show qos |
118 |
|
|
|
|
|
||
class-map |
118 |
|
|
|
|
|
||
show class-map |
120 |
|
|
|
||||
match |
120 |
|
|
|
|
|
|
|
policy-map |
121 |
|
|
|
|
|||
class |
122 |
|
|
|
|
|
|
|
show policy-map |
123 |
|
|
|
||||
trust cos-dscp |
124 |
|
|
|
|
|||
set 125 |
|
|
|
|
|
|
|
|
police |
126 |
|
|
|
|
|
|
|
service-policy |
127 |
|
|
|
|
|||
qos aggregate-policer |
|
128 |
|
|
||||
show qos aggregate-policer |
129 |
|
||||||
police aggregate |
130 |
|
|
|
||||
wrr-queue cos-map |
131 |
|
|
|||||
wrr-queue bandwidth |
|
132 |
|
|
||||
priority-queue out num-of-queues |
133 |
|||||||
traffic-shape |
134 |
|
|
|
|
|||
rate-limit interface configuration |
135 |
|||||||
show qos interface |
136 |
|
|
|||||
qos map policed-dscp |
|
138 |
|
|
||||
qos map dscp-queue |
|
139 |
|
|
||||
qos trust (Global) |
140 |
|
|
|||||
qos trust (Interface) |
141 |
|
|
|||||
qos cos |
142 |
|
|
|
|
|
||
qos dscp-mutation |
143 |
|
|
|||||
qos map dscp-mutation |
143 |
|
|
|||||
security-suite enable |
144 |
|
|
security-suite dos protect 145 security-suite deny martian-addresses 146
CLOCK COMMANDS
clock set 149 |
|
|
|
|
|
clock source |
150 |
|
|
|
|
clock timezone |
150 |
|
|
||
clock summer-time |
151 |
|
|
||
sntp authentication-key |
153 |
|
|||
sntp authenticate |
|
154 |
|
|
|
sntp trusted-key |
155 |
|
|
||
sntp client poll timer |
156 |
|
|||
sntp anycast client enable |
157 |
||||
sntp client enable (Interface) |
157 |
||||
sntp unicast client enable |
158 |
||||
sntp unicast client poll 159 |
|
||||
sntp server |
159 |
|
|
|
|
show clock |
160 |
|
|
|
|
show sntp configuration |
162 |
|
|||
show sntp status |
163 |
|
|
||
|
|
|
|||
RMON COMMANDS |
|
|
|||
show rmon statistics |
167 |
|
|||
rmon collection history |
169 |
|
|||
show rmon collection history |
170 |
||||
show rmon history |
172 |
|
|
||
rmon alarm |
175 |
|
|
|
|
show rmon alarm-table |
177 |
|
|||
show rmon alarm |
|
178 |
|
|
|
rmon event |
180 |
|
|
|
|
show rmon events |
181 |
|
|
||
show rmon log |
182 |
|
|
||
rmon table-size |
183 |
|
|
IGMP SNOOPING COMMANDS
ip igmp snooping (Global) |
185 |
ip igmp snooping (Interface) |
185 |
ip igmp snooping mrouter learn-pim-dvmrp 186 ip igmp snooping host-time-out 187
ip igmp snooping mrouter-time-out |
188 |
||||
ip igmp snooping leave-time-out |
189 |
||||
show ip igmp snooping mrouter |
|
189 |
|||
show ip igmp snooping interface |
190 |
||||
show ip igmp snooping groups |
191 |
||||
|
|
|
|
||
LACP COMMANDS |
|
|
|
||
lacp system-priority |
193 |
|
|
||
lacp port-priority 193 |
|
|
|
||
lacp timeout |
194 |
|
|
|
|
show lacp ethernet |
195 |
|
|
||
show lacp port-channel |
198 |
|
|
||
|
|||||
POWER OVER ETHERNET COMMANDS |
|||||
power inline |
201 |
|
|
|
|
power inline powered-device |
202 |
||||
power inline priority |
202 |
|
|
||
power inline usage-threshold |
203 |
||||
power inline traps enable |
204 |
|
|||
show power inline |
204 |
|
|
|
|
|
|
||||
SPANNING-TREE COMMANDS |
|
||||
spanning-tree |
209 |
|
|
|
|
spanning-tree mode |
209 |
|
|
||
spanning-tree forward-time 210 |
|
||||
spanning-tree hello-time |
211 |
|
|
||
spanning-tree max-age |
212 |
|
|
||
spanning-tree priority |
213 |
|
|
||
spanning-tree disable |
213 |
|
|
spanning-tree cost 214 |
|
spanning-tree port-priority 215 |
|
spanning-tree portfast |
216 |
spanning-tree link-type |
217 |
spanning-tree pathcost method 217 spanning-tree bpdu 218
clear spanning-tree detected-protocols 219
spanning-tree mst priority |
220 |
|
|
spanning-tree mst max-hops 220 |
|||
spanning-tree mst port-priority |
221 |
||
spanning-tree mst cost |
222 |
|
|
spanning-tree mst configuration |
223 |
||
instance (mst) |
224 |
|
|
name (mst) |
224 |
|
|
revision (mst) |
225 |
|
|
show (mst) |
226 |
|
|
exit (mst) 227 |
|
|
|
abort (mst) |
227 |
|
|
spanning-tree guard root |
228 |
|
|
show spanning-tree 229 |
|
CONFIGURATION AND IMAGE FILE COMMANDS
copy |
263 |
|
|
delete |
266 |
|
|
boot system |
267 |
|
|
show running-config |
268 |
||
show startup-config |
268 |
||
show bootvar |
269 |
|
RADIUS COMMAND
radius-server host |
271 |
|
radius-server key |
272 |
|
radius-server retransmit |
273 |
|
radius-server source-ip |
274 |
|
radius-server timeout |
275 |
|
radius-server deadtime |
275 |
show radius-servers |
276 |
|
|
||
PORT MONITOR COMMANDS |
||
port monitor 279 |
|
|
show ports monitor |
280 |
|
|
|
|
SNMP COMMANDS |
|
|
snmp-server community |
283 |
|
snmp-server view |
284 |
|
snmp-server group |
286 |
|
snmp-server user |
287 |
|
snmp-server engineID local |
289 |
|
snmp-server enable traps |
291 |
|
snmp-server filter |
291 |
|
snmp-server host |
292 |
|
snmp-server v3-host |
294 |
snmp-server trap authentication 295
snmp-server contact |
|
296 |
||
snmp-server location |
297 |
|||
snmp-server set |
297 |
|||
show snmp |
298 |
|
|
|
show snmp engineid |
300 |
|||
show snmp views |
|
|
301 |
|
show snmp groups |
|
302 |
||
show snmp filters |
|
|
303 |
|
show snmp users |
|
304 |
||
|
||||
IP ADDRESS COMMANDS |
||||
ip address |
307 |
|
|
|
ip address dhcp |
308 |
|||
ip default-gateway |
|
309 |
||
show ip interface |
|
310 |
||
arp 311 |
|
|
|
|
arp timeout |
312 |
|
|
|
clear arp-cache |
312 |
show arp |
313 |
|
|
|
|
|
|
|
ip domain-name |
314 |
|
|
|
|
|||
ip name-server |
315 |
|
|
|
|
|
||
|
||||||||
MANAGEMENT ACL COMMANDS |
||||||||
management access-list |
317 |
|
|
|
||||
permit (Management) |
318 |
|
|
|
||||
deny (Management) |
319 |
|
|
|
||||
management access-class |
320 |
|
|
|||||
show management access-list |
|
321 |
|
|||||
show management access-class |
322 |
|
||||||
|
||||||||
WIRELESS ROGUE AP COMMANDS |
||||||||
rogue-detect enable (Radio) |
323 |
|
||||||
rogue-detect rogue-scan-interval |
324 |
|||||||
wlan rogue-detect rogue-ap |
325 |
|
||||||
clear wlan rogue-ap |
326 |
|
|
|
||||
show wlan rogue-aps configuration |
326 |
|||||||
show wlan rogue-aps list |
327 |
|
|
|||||
show wlan rogue-aps neighborhood |
328 |
|||||||
|
|
|||||||
WIRELESS ESS COMMANDS |
|
|||||||
wlan ess create |
331 |
|
|
|
|
|||
wlan ess configure |
331 |
|
|
|
|
|||
ssid |
332 |
|
|
|
|
|
|
|
open vlan |
333 |
|
|
|
|
|
|
|
qos |
334 |
|
|
|
|
|
|
|
load-balancing |
334 |
|
|
|
|
|
||
mac-filtering action |
335 |
|
|
|
||||
mac-filtering list |
336 |
|
|
|
|
|||
security suite create |
337 |
|
|
|
||||
security suite configure |
339 |
|
|
|
||||
vlan (Security-Suite ESS) |
340 |
|
|
|
||||
timer (Security-Suite ESS) |
341 |
|
|
update-gkey-on-leave (Security-Suite ESS) 342
wpa2 pre-authentication 343 show wlan ess 344
show wlan ess mac-filtering lists 347 show wlan ess counters 348
WIRELESS AP GENERAL COMMANDS
clear wlan ap |
351 |
|
wlan ap active |
352 |
|
wlan ap key |
352 |
|
wlan ap config |
353 |
|
name 354 |
|
|
tunnel priority |
355 |
|
wan enable |
355 |
|
interface ethernet 356 |
|
|
vlan allowed |
357 |
|
vlan native 358 |
|
|
wlan template ap configure |
358 |
|
set wlan copy |
359 |
|
show wlan aps |
360 |
|
show wlan ap interface radio |
364 |
show wlan ap interface ethernet 365
show wlan aps counters |
366 |
||
show wlan aps discovered |
|
368 |
|
show wlan template aps |
369 |
||
|
|
|
|
SSH COMMANDS |
|
|
|
ip ssh port |
371 |
|
|
ip ssh server |
372 |
|
|
crypto key generate dsa |
372 |
||
crypto key generate rsa |
373 |
||
ip ssh pubkey-auth 374 |
|
|
|
crypto key pubkey-chain ssh |
374 |
||
user-key 375 |
|
|
|
key-string |
376 |
|
|
show ip ssh |
378 |
|
|
show crypto key mypubkey |
379 |
show crypto key pubkey-chain ssh |
380 |
||||
|
|
||||
WEB SERVER COMMANDS |
|
||||
ip http server |
383 |
|
|
|
|
ip http port |
383 |
|
|
|
|
ip http exec-timeout 384 |
|
||||
ip https server |
385 |
|
|
|
|
ip https port |
385 |
|
|
|
|
crypto certificate generate |
386 |
|
|||
crypto certificate request |
388 |
|
|||
crypto certificate import |
|
389 |
|
||
ip https certificate |
390 |
|
|
||
show crypto certificate mycertificate |
391 |
||||
show ip http |
392 |
|
|
|
|
show ip https |
393 |
|
|
|
|
|
|
||||
TACACS+ COMMANDS |
|
||||
tacacs-server host |
395 |
|
|
||
tacacs-server key |
396 |
|
|
|
|
tacacs-server timeout |
397 |
|
|||
tacacs-server source-ip |
398 |
|
|||
show tacacs |
399 |
|
|
|
|
|
|
|
|||
SYSLOG COMMANDS |
|
|
|||
logging on |
401 |
|
|
|
|
logging 402 |
|
|
|
|
|
logging console |
403 |
|
|
|
|
logging buffered |
403 |
|
|
|
|
logging buffered size |
404 |
|
|||
clear logging |
405 |
|
|
|
|
logging file |
406 |
|
|
|
|
clear logging file |
406 |
|
|
|
|
aaa logging |
407 |
|
|
|
|
file-system logging |
408 |
|
|
||
management logging |
408 |
|
show logging 409
show logging file |
411 |
show syslog-servers |
413 |
WIRELESS AP BSS COMMANDS
bss 415
bss enable 415 advertise-ssid 416 data-rates 417
SYSTEM MANAGEMENT COMMANDS
ping |
419 |
|
|
traceroute |
421 |
|
|
telnet |
424 |
|
|
resume |
427 |
|
|
reload |
428 |
|
|
hostname |
429 |
|
|
show users |
429 |
|
|
show sessions 430 |
|
||
show system |
431 |
|
|
show version |
432 |
|
|
service cpu-utilization |
433 |
||
show cpu utilization |
434 |
USER INTERFACE COMMANDS
enable |
|
435 |
|
disable |
436 |
|
|
login |
436 |
|
|
configure |
437 |
|
|
exit (Configuration) |
438 |
||
exit |
438 |
|
|
end |
439 |
|
|
help |
439 |
|
|
terminal data-dump |
440 |
||
debug-mode 441 |
|
show history |
442 |
|
|
|
|
show privilege |
443 |
|
|
|
|
|
|
|
|||
GVRP COMMANDS |
|
|
|||
gvrp enable (Global) |
445 |
|
|||
gvrp enable (Interface) |
446 |
|
|||
garp timer 446 |
|
|
|
||
gvrp vlan-creation-forbid |
448 |
|
|||
gvrp registration-forbid |
448 |
|
|||
clear gvrp statistics |
449 |
|
|||
show gvrp configuration |
450 |
|
|||
show gvrp statistics |
451 |
|
|||
show gvrp error-statistics |
452 |
|
|||
|
|
|
|||
VLAN COMMANDS |
|
|
|||
vlan database |
455 |
|
|
|
|
vlan |
455 |
|
|
|
|
interface vlan |
456 |
|
|
|
|
interface range vlan |
457 |
|
|||
name |
458 |
|
|
|
|
switchport access vlan |
458 |
|
|||
switchport trunk allowed vlan |
459 |
||||
switchport trunk native vlan 460 |
|||||
switchport general allowed vlan |
461 |
||||
switchport general pvid |
462 |
|
switchport general ingress-filtering disable 463
switchport general acceptable-frame-type tagged-only 463
switchport forbidden vlan |
464 |
show vlan 465 |
|
show vlan internal usage |
466 |
show interfaces switchport |
467 |
|
|
802.1X COMMANDS |
|
aaa authentication dot1x |
469 |
dot1x system-auth-control |
470 |
dot1x port-control |
470 |
|
|||
dot1x re-authentication |
471 |
||||
dot1x timeout re-authperiod |
472 |
||||
dot1x re-authenticate |
473 |
|
|||
dot1x timeout quiet-period |
473 |
||||
dot1x timeout tx-period |
475 |
||||
dot1x max-req |
475 |
|
|
||
dot1x timeout supp-timeout |
476 |
||||
dot1x timeout server-timeout |
477 |
||||
show dot1x |
478 |
|
|
|
|
show dot1x users |
481 |
|
|||
show dot1x statistics |
483 |
|
|||
dot1x auth-not-req |
485 |
|
|||
dot1x multiple-hosts 486 |
|
||||
dot1x single-host-violation |
487 |
||||
dot1x guest-vlan |
488 |
|
|
||
dot1x guest-vlan enable |
489 |
||||
show dot1x advanced |
490 |
|
|||
|
|||||
WIRELESS AP RADIO COMMANDS |
|||||
interface radio |
493 |
|
|
||
enable (ap radio) |
494 |
|
|
||
channel |
494 |
|
|
|
|
power |
496 |
|
|
|
|
allow traffic |
497 |
|
|
|
|
preamble |
497 |
|
|
|
|
rts threshold |
498 |
|
|
|
|
antenna |
499 |
|
|
|
|
beacon period |
500 |
|
|
||
|
|||||
WIRELESS WLAN COMMANDS |
|||||
wlan tx-power off |
501 |
|
|||
wlan country-code |
502 |
|
|||
wlan tx-power auto enable |
504 |
||||
wlan tx-power auto interval |
505 |
wlan tx-power auto signal-strength 506
wlan tx-power auto signal-loss |
506 |
||
wlan station idle-timeout |
507 |
|
|
clear wlan station |
508 |
|
|
show wlan 509 |
|
|
|
show wlan auto-tx-power |
510 |
|
|
show wlan logging configuration |
511 |
||
show wlan stations |
512 |
|
|
show wlan stations counters 513 |
|||
|
|
|
|
TROUBLESHOOTING |
|
|
|
Problem Management 515 |
|
||
Troubleshooting Solutions |
515 |
|
1 |
USING THE CLI |
|
Overview |
This document describes the Command Line Interface (CLI) used to |
|
manage the 3Com Unified Gigabit Wireless PoE switch. |
|
Most of the CLI commands are applicable to all devices. |
|
This chapter describes how to start using the CLI and the CLI command |
|
editing features. |
From each mode, a specific command is used to navigate from one command mode to another. The standard order to access the modes is as follows: User EXEC mode, Privileged EXEC mode, Global Configuration mode, and Interface Configuration mode.
When starting a session, the initial mode is the User EXEC mode. Only a limited subset of commands are available in User EXEC mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required.
The Privileged EXEC mode gives access to commands that are restricted on User EXEC mode and provides access to the device Configuration mode.
The Global Configuration mode manages the device configuration on a global level.
The Interface Configuration mode configures specific interfaces in the device.
20 CHAPTER 1: USING THE CLI
The user-level prompt consists of the device host name followed by the angle bracket (>).
Console>
The default host name is Console unless it has been changed using the hostname command in the Global Configuration mode.
Privileged users enter directly into the Privileged EXEC mode. To enter the Privileged EXEC mode from the User EXEC mode, perform the following steps:
1At the prompt enter the enable command and press <Enter>. A password prompt is displayed.
2Enter the password and press <Enter>. The password is displayed as *. The Privileged EXEC mode prompt is displayed. The Privileged EXEC mode prompt consists of the device host name followed by #.
3To return from the Privileged EXEC mode to the User EXEC mode, use the disable command.
The following example illustrates how to access the Privileged EXEC mode and return to the User EXEC mode:
Console> enable
Enter Password: ******
Console#
Console# disable
Console>
4The exit command is used to return from any mode to the previous mode except when returning to the User EXEC mode from the Privileged EXEC mode. For example, the exit command is used to return from the Interface Configuration mode to the Global Configuration mode.
Overview 21
Global Configuration Global Configuration mode commands apply to features that affect the Mode system as a whole, rather than just a specific interface. The configure
Privileged EXEC mode command is used to enter the Global Configuration mode.
To enter the Global Configuration mode perform the following steps:
1At the Privileged EXEC mode prompt, enter the configure command and press <Enter>. The Global Configuration mode prompt is displayed. The Global Configuration mode prompt consists of the device host name followed by (config) and #.
Console(config)#
■exit
■end
■Ctrl+Z
The following example illustrates how to access the Global Configuration mode and return to the Privileged EXEC mode:
Console#
Console# configure
Console(config)# exit
Console#
Interface
Configuration and
Specific
Configuration Modes
Interface Configuration mode commands modify specific interface operations. The following are the Interface Configuration modes:
■Line Interface — Contains commands to configure the management connections. These include commands such as line timeout settings, etc. The line Global Configuration mode command is used to enter the Line Configuration command mode.
■VLAN Database — Contains commands to create a VLAN as a whole. The vlan database Global Configuration mode command is used to enter the VLAN Database Interface Configuration mode.
■Management Access List — Contains commands to define management access-lists. The management access-list Global Configuration mode command is used to enter the Management Access List Configuration mode.
22CHAPTER 1: USING THE CLI
■Ethernet — Contains commands to manage port configuration. The interface ethernet Global Configuration mode command is used to enter the Interface Configuration mode to configure an Ethernet type interface.
■Port Channel — Contains commands to configure port-channels, for example, assigning ports to a port-channel. Most of these commands are the same as the commands in the Ethernet interface mode, and are used to manage the member ports as a single entity. The interface port-channel Global Configuration mode command is used to enter the Port Channel Interface Configuration mode.
■SSH Public Key-chain — Contains commands to manually specify other device SSH public keys. The crypto key pubkey-chain ssh Global Configuration mode command is used to enter the SSH Public Key-chain Configuration mode.
■QoS — Contains commands related to service definitions. The qos Global Configuration mode command is used to enter the QoS services configuration mode.
■MAC Access-List — Configures conditions required to allow traffic based on MAC addresses. The mac access-list Global Configuration mode command is used to enter the MAC access-list configuration mode.
Starting the CLI |
The device can be managed over a direct connection to the device |
|
console port or via a Telnet connection. The device is managed by |
|
entering command keywords and parameters at the prompt. Using the |
|
device command-line interface (CLI) is very similar to entering commands |
|
on a UNIX system. |
|
If access is via a Telnet connection, ensure that the device has a defined IP |
|
address, corresponding management access is granted, and the |
|
workstation used to access the device is connected to the device prior to |
|
using CLI commands. |
|
The following instructions are for use on the console line only. |
Editing Features |
23 |
To start using the CLI, perform the following steps:
1Connect the DB9 null-modem or cross over cable to the RS-232 serial port of the device to the RS-232 serial port of the terminal or computer running the terminal emulation application.
a Set the data format to 8 data bits, 1 stop bit, and no parity. b Set Flow Control to none.
Note: When using HyperTerminal with Microsoft® Windows 2000, ensure that Windows® 2000 Service Pack 2 or later is installed.With Windows 2000 Service Pack 2, the arrow keys function properly in HyperTerminal’s VT100 emulation. Go to www.microsoft.com for information on Windows 2000 service packs.
Console> enable
Console# configure
Console(config)#
4When finished, exit the session with the exit command.
When a different user is required to log onto the system, use the login Privileged EXEC mode command. This effectively logs off the current user and logs on the new user.
Editing Features
24 CHAPTER 1: USING THE CLI
To enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter:
Console(config)# username admin password alansmith
When working with the CLI, the command options are not displayed. The command is not selected from a menu, but is manually entered. To see what commands are available in each mode or within an Interface Configuration, the CLI does provide a method of displaying the available commands, the command syntax requirements and in some instances parameters required to complete the command. The standard command to request help is ?.
There are two instances where help information can be displayed:
■Keyword lookup — The character ? is entered in place of a command. A list of all valid commands and corresponding help messages are is displayed.
■Partial keyword lookup — If a command is incomplete and or the character ? is entered in place of a parameter. The matched keyword or parameters for this command are displayed.
To assist in using the CLI, there is an assortment of editing features. The following features are described:
■Terminal Command Buffer
■Command Completion
■Nomenclature
■Keyboard Shortcuts
Terminal Command Buffer
Every time a command is entered in the CLI, it is recorded on an internally managed Command History buffer. Commands stored in the buffer are maintained on a First In First Out (FIFO) basis. These commands can be recalled, reviewed, modified, and reissued. This buffer is not preserved across device resets.
Table 1: |
Keyword |
Table 2: |
Description |
|
|
|
|
|
Editing Features |
25 |
|
|
|
Up-arrow key |
Recalls commands in the history buffer, |
|
Ctrl+P |
beginning with the most recent |
|
|
command. Repeats the key sequence |
|
|
to recall successively older commands. |
|
|
|
|
Down-arrow key |
Returns to more recent commands in |
|
|
the history buffer after recalling |
|
|
commands with the up-arrow key. |
|
|
Repeating the key sequence will recall |
|
|
successively more recent commands. |
|
|
|
|
By default, the history buffer system is enabled, but it can be disabled at any time. For information about the command syntax to enable or disable the history buffer, see history.
There is a standard default number of commands that are stored in the buffer. The standard number of 10 commands can be increased to 216. By configuring 0, the effect is the same as disabling the history buffer system. For information about the command syntax for configuring the command history buffer, see history size.
Negating the Effect of Commands
For many configuration commands, the prefix keyword no can be entered to cancel the effect of a command or reset the configuration to the default value. This guide describes the negation effect for all applicable commands.
Command Completion
If the command entered is incomplete, invalid or has missing or invalid parameters, then the appropriate error message is displayed. This assists in entering the correct command. By pressing the <Tab> button, an incomplete command is entered. If the characters already entered are not enough for the system to identify a single matching command, press ? to display the available commands matching the characters already entered.
Nomenclature
When referring to an Ethernet port in a CLI command, the following format is used:
■ For an Ethernet port: Ethernet_type port_number
The Ethernet type may be Gigabit Ethernet (indicated by “g”).
For example, g3 stands for Gigabit Ethernet port 3 on the device.
26 CHAPTER 1: USING THE CLI
The ports may be described on an individual basis or within a range. Use format port number-port number to specify a set of consecutive ports and port number, port number to indicates a set of non-consecutive ports. For example, g1-3 stands for Gigabit Ethernet ports 1, 2 and 3, and g1,5 stands for Gigabit Ethernet ports 1 and 5.
Keyboard Shortcuts
The CLI has a range of keyboard shortcuts to assist in editing the CLI commands. The following table describes the CLI shortcuts.
Table 3: |
Keyboard Key |
Table 4: |
Description |
|
|
||
Up-arrow key |
Recalls commands from the history |
||
|
|
buffer, beginning with the most recent |
|
|
|
command. Repeat the key sequence to |
|
|
|
recall successively older commands. |
|
|
|
||
Down-arrow key |
Returns the most recent commands |
||
|
|
from the history buffer after recalling |
|
|
|
commands with the up arrow key. |
|
|
|
Repeating the key sequence will recall |
|
|
|
successively more recent commands. |
|
|
|
|
|
Ctrl+A |
|
Moves the cursor to the beginning of |
|
|
|
the command line. |
|
|
|
|
|
Ctrl+E |
|
Moves the cursor to the end of the |
|
|
|
command line. |
|
|
|
|
|
Ctrl+Z / End |
|
Returns back to the Privileged EXEC |
|
|
|
mode from any configuration mode. |
|
|
|
||
Backspace key |
Deletes one character left to the cursor |
||
|
|
position. |
|
|
|
|
|
Editing Features |
27 |
CLI Command Conventions
When entering commands there are certain command entry standards that apply to all commands. The following table describes the command conventions.
Convention |
Description |
|
|
[ ] |
In a command line, square brackets |
|
indicates an optional entry. |
|
|
{ } |
In a command line, curly brackets |
|
indicate a selection of compulsory |
|
parameters separated by the | |
|
character. One option must be |
|
selected. For example: flowcontrol |
|
{auto|on|off} means that for the |
|
flowcontrol command either auto, |
|
on or off must be selected. |
|
|
Italic font |
Indicates a parameter. |
|
|
<Enter> |
Indicates an individual key on the |
|
keyboard. For example, <Enter> |
|
indicates the Enter key. |
|
|
Ctrl+F4 |
Any combination keys pressed |
|
simultaneously on the keyboard. |
|
|
Screen Display |
Indicates system messages and |
|
prompts appearing on the console. |
all |
When a parameter is required to define |
|
a range of ports or parameters and all |
|
is an option, the default for the |
|
command is all when no parameters |
|
are defined. For example, the |
|
command interface range |
|
port-channel has the option of either |
|
entering a range of channels, or |
|
selecting all. When the command is |
|
entered without a parameter, it |
|
automatically defaults to all. |
|
|
Copying and Pasting Up to 1000 lines of text (or commands) can be copied and pasted into Text the device.
It is the user’s responsibility to ensure that the text copied into the device consists of legal commands only.
This feature is dependent on the baud rate of the device.
When copying and pasting commands from a configuration file, make sure that the following conditions exist:
28CHAPTER 1: USING THE CLI
■A device Configuration mode has been accessed.
■The commands contain no encrypted data, like encrypted passwords or keys. Encrypted data cannot be copied and pasted into the device.
2 |
AAA COMMANDS |
|
aaa authentication The aaa authentication login Global Configuration mode command login defines login authentication. To restore defaults, use the no form of this
command.
Syntax
aaa authentication login {default | list-name} method1 [method2...] no aaa authentication login {default | list-name}
Parameters
■default — Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.
■list-name — Character string used to name the list of authentication methods activated when a user logs in. (Range: 1-12 characters)
■method1 [method2...] — Specify at least one method from the following list:
Keyword |
Description |
|
|
enable |
Uses the enable password for authentication. |
|
|
line |
Uses the line password for authentication. |
|
|
local |
Uses the local username database for authentication. |
|
|
none |
Uses no authentication. |
|
|
radius |
Uses the list of all RADIUS servers for authentication. |
|
|
tacacs |
Uses the list of all TACACS+ servers for authentication. |
|
|
Default Configuration
30 CHAPTER 2: AAA COMMANDS
On the console, login succeeds without any authentication check if the authentication method is not defined.
Command Mode
Global Configuration mode
User Guidelines
The default and optional list names created with the aaa authentication login command are used with the login authentication command.
Create a list by entering the aaa authentication login list-name method command for a particular protocol, where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.
The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
Example
The following example configures the authentication login.
Console(config)# aaa authentication
login default radius tacacs enable line local none
To restore defaults, use the no form of this command.
Syntax
aaa authentication enable {default | list-name} method1 [method2...] no aaa authentication enable {default | list-name}
Parameters
■default — Uses the listed authentication methods that follow this argument as the default list of methods, when using higher privilege levels.