Cisco Sx350 Cli Manual

Page 1
CLI GUIDE

Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide

Page 2
1

Table of Contents

1 Introduction....................................................................................................... 26
2 ACL Commands............................................................................................... 47
permit ( IP ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
deny ( IP ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
ipv6 access-list (IPv6 extended) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
permit ( IPv6 ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
deny ( IPv6 ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
permit ( MAC ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
deny (MAC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
service-acl output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
time-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
absolute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
periodic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
show time-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
show access-lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
show interfaces access-lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
show interfaces access-lists trapped packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
ip access-list (IP standard) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
3 802.1X Commands .......................................................................................... 81
aaa authentication dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
authentication open . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
clear dot1x statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
dot1x auth-not-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
dot1x authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
dot1x guest-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
dot1x guest-vlan enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
dot1x guest-vlan timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
dot1x host-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
dot1x max-hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
dot1x port-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
dot1x re-authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
dot1x reauthentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
1 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 3
1
dot1x system-auth-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
dot1x timeout quiet-period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
dot1x timeout reauth-period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
dot1x timeout server-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
dot1x timeout silence-period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
dot1x timeout supp-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
dot1x timeout tx-period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
dot1x traps authentication failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
dot1x traps authentication quiet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
dot1x traps authentication success . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
dot1x unlock client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
dot1x violation-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
show dot1x locked clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
show dot1x statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
show dot1x users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
4 Address Table Commands ............................................................................ 124
bridge multicast filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124
bridge multicast mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
bridge multicast address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
bridge multicast forbidden address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
bridge multicast ip-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
bridge multicast forbidden ip-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
bridge multicast source group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
bridge multicast forbidden source group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
bridge multicast ipv6 mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
bridge multicast ipv6 ip-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
bridge multicast ipv6 forbidden ip-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
bridge multicast ipv6 source group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
bridge multicast ipv6 forbidden source group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
bridge multicast unregistered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
bridge multicast forward-all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
bridge multicast forbidden forward-all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
bridge unicast unknown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
show bridge unicast unknown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
mac address-table static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
clear mac address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
mac address-table aging-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
port security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
port security mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
port security max . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
show mac address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
show mac address-table count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
show bridge multicast mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
show bridge multicast address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158
show bridge multicast address-table static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 2
Page 4
1
show bridge multicast filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
show bridge multicast unregistered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
show ports security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
show ports security addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
bridge multicast reserved-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
show bridge multicast reserved-addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
5 Authentication, Authorization and Accounting (AAA) Commands ........... 171
aaa authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
aaa authentication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
login authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
enable authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
ip http authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
show authentication methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
service password-recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
show users accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
aaa accounting login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
aaa accounting dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
show accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
passwords complexity enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
passwords complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191
passwords aging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
show passwords configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
6 Auto-Update and Auto-Configuration ......................................................... 196
boot host auto-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
boot host auto-update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
show boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
ip dhcp tftp-server ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201
ip dhcp tftp-server file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
ip dhcp tftp-server image file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203
show ip dhcp tftp-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203
7 Bonjour Commands ....................................................................................... 205
bonjour enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
bonjour interface range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
show bonjour . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206
8 CDP Commands ............................................................................................. 208
cdp advertise-v2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208
cdp appliance-tlv enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208
cdp device-id format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
cdp enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210
cdp holdtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211
cdp log mismatch duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
3 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 5
1
cdp log mismatch native . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
cdp log mismatch voip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
cdp mandatory-tlvs validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
cdp pdu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
cdp run . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216
cdp source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
cdp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218
clear cdp counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218
clear cdp table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
show cdp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
show cdp entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
show cdp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
show cdp neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
show cdp tlv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
show cdp traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
9 Clock Commands ........................................................................................... 237
absolute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
clock dhcp timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238
clock set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
clock source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240
clock summer-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243
periodic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244
sntp anycast client enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
sntp authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
sntp authentication-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
sntp broadcast client enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
sntp client enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249
sntp client enable (interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .250
sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251
sntp source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
sntp source-interface-ipv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
sntp trusted-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254
sntp unicast client enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
sntp unicast client poll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
show clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .257
show sntp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
show sntp status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
show time-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
time-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .262
10 Denial of Service (DoS) Commands ............................................................ 264
security-suite deny fragmented . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
security-suite deny icmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265
security-suite deny martian-addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
security-suite deny syn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 4
Page 6
1
security-suite deny syn-fin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270
security-suite dos protect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .271
security-suite dos syn-attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
security-suite enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273
security-suite syn protection mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
security-suite syn protection recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276
security-suite syn protection threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
show security-suite configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278
show security-suite syn protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
11 DHCP Relay Commands................................................................................281
ip dhcp relay enable (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
ip dhcp relay enable (Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
ip dhcp relay address (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
ip dhcp relay address (Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284
show ip dhcp relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285
ip dhcp information option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
show ip dhcp information option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288
12 DHCP Server Commands.............................................................................. 289
address (DHCP Host) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
address (DHCP Network) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
auto-default-router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291
bootfile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
clear ip dhcp binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
client-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
default-router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
dns-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
domain-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
ip dhcp excluded-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297
ip dhcp pool host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
ip dhcp pool network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299
ip dhcp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
lease . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
netbios-name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302
netbios-node-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .303
next-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
next-server-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .306
show ip dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .308
show ip dhcp allocated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
show ip dhcp binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310
show ip dhcp declined . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
show ip dhcp excluded-addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
show ip dhcp expired . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .313
show ip dhcp pool host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
show ip dhcp pool network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
5 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 7
1
show ip dhcp pre-allocated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
show ip dhcp server statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
time-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319
13 DHCP Snooping Commands ......................................................................... 321
ip dhcp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
ip dhcp snooping vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
ip dhcp snooping trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
ip dhcp snooping information option allowed-untrusted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323
ip dhcp snooping verify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324
ip dhcp snooping database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
ip dhcp snooping binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
clear ip dhcp snooping database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327
show ip dhcp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
show ip dhcp snooping binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
ip source-guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
ip source-guard binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
ip source-guard tcam retries-freq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
ip source-guard tcam locate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
show ip source-guard configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .334
show ip source-guard status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
show ip source-guard inactive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
show ip source-guard statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
ip arp inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
ip arp inspection vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338
ip arp inspection trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
ip arp inspection validate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
ip arp inspection list create . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341
ip mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
ip arp inspection list assign . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343
ip arp inspection logging interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
show ip arp inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
show ip arp inspection list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
show ip arp inspection statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
clear ip arp inspection statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
14 DHCPv6 Commands ......................................................................................348
clear ipv6 dhcp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
ipv6 dhcp client information refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
ipv6 dhcp client information refresh minimum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350
ipv6 dhcp client stateless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .351
ipv6 dhcp duid-en . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .353
ipv6 dhcp relay destination (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
ipv6 dhcp relay destination (Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
show ipv6 dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
show ipv6 dhcp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
15 DNS Client Commands .................................................................................. 363
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 6
Page 8
1
clear host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
ip domain lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
ip domain name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
ip domain polling-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .366
ip domain retry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .367
ip domain timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
ip host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
ip name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370
show hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
16 EEE Commands .............................................................................................. 373
eee enable (global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373
eee enable (interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .374
eee lldp enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .374
show eee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
17 Ethernet Configuration Commands .............................................................382
interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382
interface range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
operation time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .386
speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .387
duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .388
negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
flowcontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
mdix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391
back-pressure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .392
port jumbo-frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
link-flap prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .393
clear counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
set interface active . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
errdisable recovery cause . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
errdisable recovery interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
errdisable recovery reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
show interfaces configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .399
show interfaces status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .401
show interfaces advertise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
show interfaces description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
show interfaces counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
show ports jumbo-frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
show link-flap prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .409
show errdisable recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
show errdisable interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
clear switchport monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
show switchport monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
18 File System Commands ................................................................................ 417
7 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 9
1
File Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
System Flash Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
boot config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
boot localization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423
boot system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
cd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .426
copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .429
dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
mkdir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
more . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432
pwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .434
rename . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436
rmdir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .439
service mirror-configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
show bootvar / show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
show mirror-configuration service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
show reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
show running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .447
show startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
write . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
19 GARP VLAN Registration Protocol (GVRP) Commands ............................ 452
clear gvrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
gvrp enable (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .453
gvrp enable (Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
gvrp registration-forbid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
gvrp vlan-creation-forbid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
show gvrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .456
show gvrp error-statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .457
show gvrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .458
20 Green Ethernet ............................................................................................... 460
green-ethernet energy-detect (global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .460
green-ethernet energy-detect (interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
green-ethernet short-reach (global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
green-ethernet short-reach (interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
green-ethernet power-meter reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463
show green-ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
21 IGMP Commands ...........................................................................................466
clear ip igmp counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466
ip igmp last-member-query-count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
ip igmp last-member-query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467
ip igmp query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
ip igmp query-max-response-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
ip igmp robustness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .471
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 8
Page 10
1
ip igmp version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
show ip igmp counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .472
show ip igmp groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
show ip igmp groups summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .475
show ip igmp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
22 IGMP Proxy Commands ................................................................................ 478
ip igmp-proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
ip igmp-proxy downstream protected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .479
ip igmp-proxy downstream protected interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .480
ip igmp-proxy ssm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .481
show ip igmp-proxy interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
23 IGMP Snooping Commands .......................................................................... 485
ip igmp snooping (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485
ip igmp snooping vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .485
ip igmp snooping vlan mrouter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
ip igmp snooping vlan mrouter interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
ip igmp snooping vlan forbidden mrouter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
ip igmp snooping vlan static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
ip igmp snooping vlan multicast-tv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .490
ip igmp snooping map cpe vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
ip igmp snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492
ip igmp snooping vlan querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .493
ip igmp snooping vlan querier address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
ip igmp snooping vlan querier election . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
ip igmp snooping vlan querier version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
ip igmp snooping vlan immediate-leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .496
show ip igmp snooping cpe vlans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497
show ip igmp snooping groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .498
show ip igmp snooping interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .499
show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .500
show ip igmp snooping multicast-tv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
24 IP Addressing Commands............................................................................. 503
ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
ip address dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505
renew dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .506
ip default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .507
show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
arp timeout (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510
ip arp proxy disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .511
ip proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
clear arp-cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .512
show arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .513
show arp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
interface ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
9 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 11
1
ip helper-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .515
show ip helper-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .517
show ip dhcp client interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
25 IP Routing Protocol-Independent Commands ........................................... 520
ip policy route-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
ip redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
ip routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .524
show ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .525
show ip route summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
26 IP System Management Commands ........................................................... 532
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535
telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
27 IPv4 IPM Router Commands.........................................................................544
ip multicast-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .544
ip multicast ttl-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
show ip mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .546
show ip multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .548
28 IPv6 Commands .............................................................................................551
clear ipv6 neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551
ipv6 address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551
ipv6 address anycast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
ipv6 address autoconfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .554
ipv6 address eui-64 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .555
ipv6 address link-local . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 557
ipv6 default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .558
ipv6 enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .559
ipv6 hop-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .560
ipv6 icmp error-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 561
ipv6 link-local default zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
ipv6 nd advertisement-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
ipv6 nd dad attempts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .564
ipv6 nd hop-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566
ipv6 nd managed-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
ipv6 nd ns-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .568
ipv6 nd other-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569
ipv6 nd prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570
ipv6 nd ra interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .574
ipv6 nd ra lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575
ipv6 nd ra suppress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
ipv6 nd reachable-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 578
ipv6 nd router-preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 10
Page 12
1
ipv6 neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580
ipv6 policy route-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582
ipv6 redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .584
ipv6 route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .585
ipv6 unicast-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .586
ipv6 unreachables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .587
show ipv6 interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .588
show ipv6 link-local default zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595
show ipv6 nd prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .596
show ipv6 neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .597
show ipv6 route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .599
show ipv6 route summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
show ipv6 static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 603
29 IPv6 First Hop Security.................................................................................. 607
address-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608
address-prefix-validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .609
clear ipv6 first hop security counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610
clear ipv6 first hop security error counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .611
clear ipv6 neighbor binding prefix table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .611
clear ipv6 neighbor binding table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .613
device-role (IPv6 DHCP Guard) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614
device-role (Neighbor Binding) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .615
device-role (ND Inspection Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .616
device-role (RA Guard Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .618
drop-unsecure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .619
hop-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .620
ipv6 dhcp guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621
ipv6 dhcp guard attach-policy (port mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623
ipv6 dhcp guard attach-policy (VLAN mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625
ipv6 dhcp guard policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 626
ipv6 dhcp guard preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 628
ipv6 first hop security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .630
ipv6 first hop security attach-policy (port mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631
ipv6 first hop security attach-policy (VLAN mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 633
ipv6 first hop security logging packet drop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 634
ipv6 first hop security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635
ipv6 nd inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637
ipv6 nd inspection attach-policy (port mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .638
ipv6 nd inspection attach-policy (VLAN mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641
ipv6 nd inspection drop-unsecure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642
ipv6 nd inspection policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643
ipv6 nd inspection sec-level minimum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645
ipv6 nd inspection validate source-mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .646
ipv6 nd raguard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .647
ipv6 nd raguard attach-policy (port mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648
ipv6 nd raguard attach-policy (VLAN mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .650
11 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 13
1
ipv6 nd raguard hop-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .651
ipv6 nd raguard managed-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 653
ipv6 nd raguard other-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .654
ipv6 nd raguard policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 655
ipv6 nd raguard router-preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 657
ipv6 neighbor binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659
ipv6 neighbor binding address-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660
ipv6 neighbor binding address-prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 662
ipv6 neighbor binding address-prefix-validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664
ipv6 neighbor binding attach-policy (port mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .665
ipv6 neighbor binding attach-policy (VLAN mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .667
ipv6 neighbor binding lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 668
ipv6 neighbor binding logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 669
ipv6 neighbor binding max-entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 670
ipv6 neighbor binding policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .671
ipv6 neighbor binding static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673
ipv6 source guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 674
ipv6 source guard attach-policy (port mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .675
ipv6 source guard policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .677
logging binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .678
logging packet drop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679
managed-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 680
match ra address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .681
match ra prefixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .683
match reply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .684
match server address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .685
max-entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 687
other-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .688
preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 689
router-preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .691
sec-level minimum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .692
show ipv6 dhcp guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693
show ipv6 dhcp guard policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .694
show ipv6 first hop security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .696
show ipv6 first hop security active policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .697
show ipv6 first hop security attached policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699
show ipv6 first hop security counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 700
show ipv6 first hop security error counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702
show ipv6 first hop security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702
show ipv6 nd inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .704
show ipv6 nd inspection policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705
show ipv6 nd raguard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 706
show ipv6 nd raguard policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 707
show ipv6 neighbor binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 709
show ipv6 neighbor binding policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 710
show ipv6 neighbor binding prefix table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .712
show ipv6 neighbor binding table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 713
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 12
Page 14
1
show ipv6 source guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 715
show ipv6 source guard policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .716
trusted-port (IPv6 Source Guard) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717
validate source-mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .718
30 IPv6 IPM Router Commands......................................................................... 720
ipv6 multicast-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 720
ipv6 multicast hop-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 721
show ipv6 mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .722
show ipv6 multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 724
31 IPv6 Prefix List Commands .......................................................................... 727
clear ipv6 prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 727
ipv6 prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 728
show ipv6 prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 732
32 iSCSI QoS Commands ................................................................................... 736
iscsi enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736
iscsi flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .737
iscsi qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .738
show iscsi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 740
33 IPv6 Tunnel Commands ................................................................................ 742
interface tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .742
tunnel isatap solicitation-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 743
tunnel isatap robustness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .743
tunnel isatap router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .744
tunnel mode ipv6ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .745
tunnel source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .747
show ipv6 tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .748
34 Line Commands.............................................................................................. 750
autobaud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 750
exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 751
line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .751
speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .752
show line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 753
35 Link Aggregation Control Protocol (LACP) Commands ............................ 755
lacp port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 755
lacp system-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 756
lacp timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 756
show lacp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .757
show lacp port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .759
36 Link Layer Discovery Protocol (LLDP) Commands.................................... 761
clear lldp table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761
lldp chassis-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761
13 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 15
1
lldp hold-multiplier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .762
lldp lldpdu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 763
lldp management-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765
lldp med . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 766
lldp med notifications topology-change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .767
lldp med fast-start repeat-count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .768
lldp med location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 768
lldp med network-policy (global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769
lldp med network-policy (interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771
lldp med network-policy voice auto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772
lldp notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 773
lldp notifications interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .774
lldp optional-tlv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .775
lldp optional-tlv 802.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .776
lldp run . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 777
lldp receive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 777
lldp reinit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 778
lldp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 779
lldp transmit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .780
lldp tx-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 781
show lldp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 782
show lldp local . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 784
show lldp local tlvs-overloading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 787
show lldp med configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 788
show lldp neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .789
show lldp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 795
37 Loopback Detection Commands .................................................................. 799
loopback-detection enable (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .799
loopback-detection enable (Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 800
loopback-detection interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 800
show loopback-detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801
38 Macro Commands .......................................................................................... 803
macro name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .803
macro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .806
macro description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 809
macro global . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 810
macro global description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 812
show parser macro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .813
39 Management ACL Commands...................................................................... 816
deny (Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .816
permit (Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817
management access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 818
management access-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .820
show management access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 821
show management access-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 821
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 14
Page 16
1
40 MLD Commands............................................................................................. 823
clear ipv6 mld counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 823
ipv6 mld last-member-query-count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 824
ipv6 mld last-member-query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 825
ipv6 mld query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 825
ipv6 mld query-max-response-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .826
ipv6 mld robustness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 828
ipv6 mld version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 828
show ipv6 mld counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .829
show ipv6 mld groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 830
show ipv6 mld groups summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 832
show ipv6 mld interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 833
41 MLD Proxy Commands..................................................................................835
ipv6 mld-proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 835
ipv6 mld-proxy downstream protected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 836
ipv6 mld-proxy downstream protected interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .837
ipv6 mld-proxy ssm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 838
show ipv6 mld-proxy interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .839
42 MLD Snooping Commands............................................................................ 842
ipv6 mld snooping (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 842
ipv6 mld snooping vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 842
ipv6 mld snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .843
ipv6 mld snooping vlan querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 844
ipv6 mld snooping vlan querier election . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .845
ipv6 mld snooping vlan querier version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 846
ipv6 mld snooping vlan mrouter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847
ipv6 mld snooping vlan mrouter interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .848
ipv6 mld snooping vlan forbidden mrouter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .849
ipv6 mld snooping vlan static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .850
ipv6 mld snooping vlan immediate-leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 851
show ipv6 mld snooping groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 851
show ipv6 mld snooping interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 853
show ipv6 mld snooping mrouter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 854
43 Network Management Protocol (SNMP) Commands ................................ 856
snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 856
snmp-server community-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 858
snmp-server server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 859
snmp-server source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .860
snmp-server source-interface-ipv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .861
snmp-server view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .862
snmp-server group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 864
show snmp views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 865
show snmp groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 866
snmp-server user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 867
15 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 17
1
show snmp users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 870
snmp-server filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .872
show snmp filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .873
snmp-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 874
snmp-server engineID local . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .876
snmp-server engineID remote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877
show snmp engineID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .878
snmp-server enable traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .879
snmp-server trap authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 880
snmp-server contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 880
snmp-server location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 881
snmp-server set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .882
snmp trap link-status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .883
show snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 883
44 PHY Diagnostics Commands ........................................................................ 886
test cable-diagnostics tdr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 886
show cable-diagnostics tdr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 887
show cable-diagnostics cable-length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 888
show fiber-ports optical-transceiver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 889
45 Power over Ethernet (PoE) Commands ....................................................... 891
power inline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 891
power inline inrush test disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 892
power inline legacy support disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .893
power inline powered-device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .893
power inline priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .894
power inline usage-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 895
power inline traps enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 896
power inline limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 896
power inline limit-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .897
power inline four-pair forced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .898
powered device forced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 899
show power inline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .900
show power inline savings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .905
clear power inline counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .906
clear power inline monitor consumption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 907
show power inline monitor consumption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .908
show powered-device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 910
46 Port Channel Commands ..............................................................................913
channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .913
port-channel load-balance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .914
show interfaces port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 915
47 Quality of Service (QoS) Commands............................................................ 916
qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 916
qos advanced-mode trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 16
Page 18
1
show qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .918
class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 919
show class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 920
match . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .921
policy-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 922
class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 923
show policy-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 924
trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .925
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 927
redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 928
mirror . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 929
police . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .931
service-policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .933
qos aggregate-policer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 934
show qos aggregate-policer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 937
police aggregate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .938
wrr-queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 939
wrr-queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 940
priority-queue out num-of-queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 941
traffic-shape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 942
traffic-shape queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 943
qos wrr-queue wrtd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .944
show qos wrr-queue wrtd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .945
show qos interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 946
qos map policed-dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .950
qos map dscp-queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .951
qos trust (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .952
qos trust (Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .953
qos cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 954
qos dscp-mutation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .955
qos map dscp-mutation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .956
show qos map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 957
clear qos statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 959
qos statistics policer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .960
qos statistics aggregate-policer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 960
qos statistics queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 961
show qos statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 962
48 RADIUS Commands....................................................................................... 965
radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 965
radius-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .967
radius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .968
radius-server host source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .969
radius-server host source-interface-ipv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 970
radius-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 971
radius-server deadtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 971
show radius-servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .972
17 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 19
1
show radius-servers key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 973
49 Radius Server Commands............................................................................. 975
allowed-time-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .975
clear radius server accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 976
clear radius server rejected users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 976
clear radius server statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 977
privilege-level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .978
radius server accounting-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .979
radius server authentication-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 980
radius server enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .981
radius server nas secret . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .982
radius server traps accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 984
radius server traps authentication failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .985
radius server traps authentication success . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 986
radius server user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .987
show radius server accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 988
show radius server configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 990
show radius server group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .991
show radius server rejected users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 992
show radius server nas secret . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .994
show radius server statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 996
show radius server user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 998
vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 999
50 Rate Limit and Storm Control Commands ................................................1001
clear storm-control counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1001
rate-limit (Ethernet) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1002
rate-limit vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1003
storm-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1005
show rate-limit interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1007
show rate-limit vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1007
show storm-control interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1008
51 Remote Network Monitoring (RMON) Commands...................................1011
rmon alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1011
show rmon alarm-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1013
show rmon alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1014
rmon event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1015
show rmon events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1017
show rmon log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1018
rmon table-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1019
show rmon statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1020
rmon collection stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1022
show rmon collection stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1023
show rmon history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1024
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 18
Page 20
1
52 Router Resources Commands....................................................................1027
system router resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1027
show system router resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1031
53 Route Map Commands ...............................................................................1033
match ip address (Policy Routing) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1033
match ipv6 address (Policy Routing) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1034
route-map (Policy Routing) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1035
set ip next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1038
set ipv6 next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1039
show route-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1040
54 RSA and Certificate Commands.................................................................1042
crypto key generate dsa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1043
crypto key generate rsa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1044
crypto key import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1045
show crypto key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1047
crypto certificate generate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1048
crypto certificate request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1050
crypto certificate import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1052
show crypto certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1058
55 Smartport Commands .................................................................................1060
macro auto (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1060
macro auto built-in parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1061
macro auto persistent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1063
macro auto processing cdp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1064
macro auto processing lldp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1064
macro auto processing type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1065
macro auto resume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1066
macro auto smartport (Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1067
macro auto smartport type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1068
macro auto trunk refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1070
macro auto user smartport macro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1071
show macro auto ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1072
show macro auto processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1075
show macro auto smart-macros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1076
smartport storm-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1078
56 sFlow Commands.........................................................................................1080
sflow receiver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1080
sflow flow-sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1081
sflow counters-sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1082
clear sflow statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1082
show sflow configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1083
show sflow statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1084
sflow receiver source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1085
19 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 21
1
sflow receiver source-interface-ipv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1086
57 SPAN and RSPAN Commands....................................................................1088
monitor session destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1088
monitor session source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1091
remote-span . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1094
show monitor session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1096
show vlan remote-span . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1099
58 Spanning-Tree Commands .........................................................................1101
spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1101
spanning-tree mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1102
spanning-tree forward-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1103
spanning-tree hello-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1104
spanning-tree max-age . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1104
spanning-tree priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1105
spanning-tree disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1106
spanning-tree cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1107
spanning-tree port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1108
spanning-tree portfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1109
spanning-tree link-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1110
spanning-tree pathcost method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1111
spanning-tree bpdu (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1112
spanning-tree bpdu (Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1113
spanning-tree guard root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1113
spanning-tree bpduguard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1114
clear spanning-tree detected-protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1115
spanning-tree mst priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1116
spanning-tree mst max-hops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1117
spanning-tree mst port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1118
spanning-tree mst cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1118
spanning-tree mst configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1120
instance (MST) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1120
name (MST) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1121
revision (MST) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1122
show (MST) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1123
exit (MST) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1124
abort (MST) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1124
show spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1125
show spanning-tree bpdu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1136
spanning-tree loopback-guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1137
59 SSH Client Commands ................................................................................1139
ip ssh-client authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1139
ip ssh-client change server password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1140
ip ssh-client key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1141
ip ssh-client password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1144
ip ssh-client server authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1145
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 20
Page 22
1
ip ssh-client server fingerprint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1146
ip ssh-client source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1147
ipv6 ssh-client source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1148
ip ssh-client username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1149
show ip ssh-client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1150
show ip ssh-client server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1153
60 SSD Commands............................................................................................1156
ssd config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1156
passphrase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1156
ssd rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1158
show SSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1160
ssd session read . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1162
show ssd session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1163
ssd file passphrase control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1164
ssd file integrity control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1165
61 SYSLOG Commands....................................................................................1167
aaa logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1167
clear logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1168
clear logging file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1168
file-system logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1169
logging buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1170
logging console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1171
logging file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1172
logging host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1173
logging on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1174
logging source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1175
logging source-interface-ipv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1176
logging aggregation on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1177
logging aggregation aging-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1178
logging origin-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1178
show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1179
show logging file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1181
show syslog-servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1182
62 System Management Commands ..............................................................1184
disable ports leds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1184
hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1185
reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1185
resume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1187
service cpu-utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1188
show cpu input rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1189
show cpu utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1189
show environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1190
show inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1193
show reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1193
show sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1194
21 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 23
1
show system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1195
show system languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1196
show system tcam utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1197
show services tcp-udp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1198
show tech-support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1199
show system fans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1200
show system sensors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1201
show system power-supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1202
show system id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1203
show ports leds configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1204
show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1205
show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1206
show hardware version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1206
system recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1207
63 TACACS+ Commands..................................................................................1208
tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1208
tacacs-server host source-interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1209
tacacs-server host source-interface-ipv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1210
tacacs-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1211
tacacs-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1212
show tacacs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1213
show tacacs key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1214
64 Telnet, Secure Shell (SSH) and Secure Login (Slogin) Commands........1216
ip telnet server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1216
ip ssh server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1217
ip ssh port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1217
ip ssh password-auth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1218
ip ssh pubkey-auth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219
crypto key pubkey-chain ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1220
user-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1221
key-string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1223
show ip ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1224
show crypto key pubkey-chain ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1225
65 UDLD Commands.........................................................................................1227
show udld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1227
udld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1231
udld message time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1232
udld port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1233
66 User Interface Commands ..........................................................................1235
banner exec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1235
banner login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1236
configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1238
disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1239
do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1239
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 22
Page 24
1
enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1240
end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1241
exit (Configuration) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1242
exit (EXEC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1243
help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1243
history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1244
history size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1245
login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1247
terminal datadump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1247
terminal history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1248
terminal history size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1249
terminal prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1250
terminal width . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1251
show banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1252
show history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1253
show privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1254
67 Virtual Local Area Network (VLAN) Commands.......................................1255
vlan database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1255
vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1256
show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1257
interface vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1258
interface range vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1258
name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1259
switchport protected-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1260
show interfaces protected-ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1261
switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1262
switchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1263
switchport access vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1265
switchport trunk allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1266
switchport trunk native vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1267
switchport general allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1268
switchport general pvid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1269
switchport general ingress-filtering disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1270
switchport general acceptable-frame-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1271
switchport general forbidden vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1272
switchport customer vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1273
map protocol protocols-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1274
switchport general map protocols-group vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1275
show vlan protocols-groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1276
map mac macs-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1277
switchport general map macs-group vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1278
show vlan macs-groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1280
map subnet subnets-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1280
switchport general map subnets-group vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1281
show vlan subnets-groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1282
show interfaces switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1283
23 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 25
1
private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1285
private-vlan association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1286
switchport private-vlan mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1287
switchport private-vlan host-association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1288
show vlan private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1289
switchport access multicast-tv vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1290
switchport customer multicast-tv vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1291
show vlan multicast-tv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1292
vlan prohibit-internal-usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1293
show vlan internal usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1295
68 Voice VLAN Commands...............................................................................1297
show voice vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1297
show voice vlan local . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1301
voice vlan state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1303
voice vlan refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1306
voice vlan id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1307
voice vlan vpt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1308
voice vlan dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1309
voice vlan oui-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1310
voice vlan cos mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1312
voice vlan cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1312
voice vlan aging-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1313
voice vlan enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1314
69 Web Server Commands...............................................................................1316
ip https certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1316
ip http port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1317
ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1317
ip http secure-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1318
ip http timeout-policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1319
show ip http . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1320
show ip https . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1320
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 24
Page 26
1
25 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 27

Introduction

1
This section describes how to use the Command Line Interface (CLI). It contains the following topics:
Overview
User (Privilege) Levels
CLI Command Modes
Accessing the CLI
CLI Command Conventions

Overview

Editing Features
Interface Naming Conventions
IPv6z Address Conventions
Loopback Interface
PHY Diagnostics
CLI Output Modifiers
The CLI is divided into various command modes. Each mode includes a group of commands. These modes are described in CLI Command Modes.
Users are assigned privilege levels. Each user privilege level can access specific CLI modes. User levels are described in the section below.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 26
Page 28
1

User (Privilege) Levels

Users can be created with one of the following user levels:
Level 1—Users with this level can only run User EXEC mode commands.
Users at this level cannot access the web GUI or commands in the Privileged EXEC mode.
Level 7—Users with this level can run commands in the User EXEC mode
and a subset of commands in the Privileged EXEC mode. Users at this level cannot access the web GUI.
Level 15—Users with this level can run all commands. Only users at this
level can access the web GUI.
A system administrator (user with level 15) can create passwords that allow a lower level user to temporarily become a higher level user. For example, the user may go from level 1 to level 7, level 1 to 15, or level 7 to level 15.
Introduction
The passwords for each level are set (by an administrator) using the following command:
level
enable password [
encrypted-password}
Using these passwords, you can raise your user level by entering the command: enable and the password for level 7 or 15. You can go from level 1 to level 7 or directly to level 15. The higher level holds only for the current session.
The disable command returns the user to a lower level.
To create a user and assign it a user level, use the username command. Only users with command level 15, can create users at this level.
Example—Create passwords for level 7 and 15 (by the administrator):
switchxxxxxx#configure switchxxxxxx<conf># enable password level 7 level7@abc switchxxxxxx<conf># enable password level 15 level15@abc switchxxxxxx<conf>#
privilege-level]{password|
encrypted
27 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 29
Introduction
1
Create a user with user level 1:
switchxxxxxx#configure switchxxxxxx<conf> username john password john1234
privilege 1 switchxxxxxx<conf>
Example 2— Switch between Level 1 to Level 15. The user must know the password:
switchxxxxxx# switchxxxxxx# enable Enter Password: ****** (this is the password for level 15
- level15@abc) switchxxxxxx#
NOTE If authentication of passwords is performed on RADIUS or TACACS+ servers, the
passwords assigned to user level 7 and user level 15 must be configured on the external server and associated with the $enable7$ and $enable15$ user names, respectively. See the Authentication, Authorization and Accounting (AAA)
Commands chapter for details.

CLI Command Modes

The CLI is divided into four command modes. The command modes are (in the order in which they are accessed):
User EXEC mode
Privileged EXEC mode
Global Configuration mode
Interface Configuration mode
Each command mode has its own unique console prompt and set of CLI commands. Entering a question mark at the console prompt displays a list of available commands for the current mode and for the level of the user. Specific commands are used to switch from one mode to another.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 28
Page 30
1
Introduction
Users are assigned privilege levels that determine the modes and commands available to them. User levels are described in User (Privilege) Levels.

User EXEC Mode

Users with level 1 initially log into User EXEC mode. User EXEC mode is used for tasks that do not change the configuration, such as performing basic tests and listing system information.
The user-level prompt consists of the switch host name followed by a #. The default host name is switchxxxxxx where xxxxxx is the last six digits of the device’s MAC address, as shown below
switchxxxxxx#
The default host name can be changed via the hostname command in Global Configuration mode.

Privileged EXEC Mode

A user with level 7 or 15 automatically logs into Privileged EXEC mode.
Users with level 1 can enter Privileged Exec mode by entering the enable command, and when prompted, the password for level 15.
To return from the Privileged EXEC mode to the User EXEC mode, use the disable command.

Global Configuration Mode

The Global Configuration mode is used to run commands that configure features at the system level, as opposed to the interface level.
Only users with command level of 7 or 15 can access this mode.
To access Global Configuration mode from Privileged EXEC mode, enter the configure command at the Privileged EXEC mode prompt and press Enter. The Global Configuration mode prompt, consisting of the device host name followed by (config)#, is displayed:
switchxxxxxx(config)#
Use any of the following commands to return from Global Configuration mode to the Privileged EXEC mode:
29 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 31
Introduction
1
exit
end
Ctrl+Z
The following example shows how to access Global Configuration mode and return to Privileged EXEC mode:
switchxxxxxx# switchxxxxxx# configure switchxxxxxx(config)# exit switchxxxxxx#

Interface or Line Configuration Modes

Various submodes may be entered from Global Configuration mode. These submodes enable performing commands on a group of interfaces or lines.
For instance to perform several operations on a specific port or range of ports, you can enter the Interface Configuration mode for that interface.
The following example enters Interface Configuration mode for vlan1 and then sets their speed:
The exit command returns to Global Configuration mode.
switchxxxxxx# switchxxxxxx# configure switchxxxxxx(config)# interface range vlan1 switchxxxxxx(config-if)#speed 10 switchxxxxxx(config-if)#exit switchxxxxxx(config)#
The following is a sample of some of the available submodes:
Interface—Contains commands that configure a specific interface (port,
VLAN, port channel, or tunnel) or range of interfaces. The Global Configuration mode command interface is used to enter the Interface
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 30
Page 32
1
Introduction
Configuration mode. The interface Global Configuration command is used to enter this mode.
Line Interface—Contains commands used to configure the management
connections for the console, Telnet and SSH. These include commands such as line timeout settings, etc. The line Global Configuration command is used to enter the Line Configuration command mode.
VLAN Database—Contains commands used to configure a VLAN as a
whole. The vlan database Global Configuration mode command is used to enter the VLAN Database Interface Configuration mode.
Management Access List—Contains commands used to define
management access-lists. The management access-list Global Configuration mode command is used to enter the Management Access List Configuration mode.
MAC Access-List, IPv6 Access List, IP Access List—Configures
conditions required to allow traffic based on MAC addresses, IPv6 address and IPv4 address, respectively. The mac access-list, ipv6 access-list and ip access-list Global Configuration mode commands are used to enter the these configuration mode.
To return from any Interface Configuration mode to the Global Configuration mode, use the exit command.

Accessing the CLI

The CLI can be accessed from a terminal or computer by performing one of the following tasks:
Running a terminal application, such as HyperTerminal, on a computer’s com
Running a Telnet session from a command prompt on a computer with a
Using SSH from an application that supports SSH client running on a
NOTE Telnet and SSH are disabled by default on the switch.
port that is directly connected to the switch’s console port,
—or—
network connection to the switch.
computer with a network connection to the switch.
31 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 33
Introduction
1
If access is via a Telnet or SSH connection, ensure that the following conditions are met before using CLI commands:
The switch has a defined IP address.
Corresponding management access is enabled.
There is an IP path such that the computer and the switch can reach each
other.

Using HyperTerminal over the Console Interface

The switch’s RJ45 port provides a direct connection to a computer’s serial port using a standard DB-9 null-modem or crossover cable. After the computer and switch are connected, run a terminal application to access the CLI.
The terminal emulator must be configured to databits=8 and parity=none.
Click Enter twice, so that the device sets the serial port speed to match the PC's serial port speed.
When the CLI appears, enter cisco at the User Name prompt and then enter cisco for the Password prompt.
The switchxxxxxx# prompt is displayed. You can now enter CLI commands to manage the switch. For detailed information on CLI commands, refer to the appropriate chapter(s) of this reference guide.

Using Telnet over an Ethernet Interface

Telnet provides a method of connecting to the CLI over an IP network.
To establish a telnet session from the command prompt, perform the following steps:
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 32
Page 34
1
Introduction
STEP 1 Click Start, then select All Programs > Accessories > Command Prompt to open a
command prompt.
Figure 1 Start > All Programs > Accessories > Command Prompt
STEP 2 At the prompt, enter telnet 1<IP address of switch>, then press Enter.
Figure 2 Command Prompt
STEP 3 CLI will be displayed.

CLI Command Conventions

When entering commands there are certain command entry standards that apply to all commands. The following table describes the command conventions.
Convention
[ ] In a command line, square brackets indicate an optional entry.
{ } In a command line, curly brackets indicate a selection of
Description
compulsory parameters separated the | character. One option must be selected. For example, flowcontrol {auto|on|off} means that for the flowcontrol command, either auto, on, or off must be selected.
33 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 35
Introduction
1
Convention
"" (inverted commas)
parameter
press key Names of keys to be pressed are shown in bold.
Ctrl+F4 Keys separated by the + character are to be pressed
Screen Display Fixed-width font indicates CLI prompts, CLI commands entered by
all When a parameter is required to define a range of ports or
text
Description
When the input string contains space and/or reserved words (i.e. VLAN), put the string in inverted commas.
Italic text indicates a parameter.
simultaneously on the keyboard
the user, and system messages displayed on the console.
parameters and all is an option, the default for the command is all when no parameters are defined. For example, the command interface range port-channel has the option of either entering a range of channels, or selecting all. When the command is entered without a parameter, it automatically defaults to all.
When free text can be entered as a parameter for a command (for example in command: snmp-server contact) if the text consists of multiple words separated by blanks, the entire string must appear in double quotes. For example: snmp-server contact "QA on floor 8"

Editing Features

Entering Commands

A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command show interfaces status Gigabitethernet 1, are keywords, Gigabitethernet is an argument that specifies the interface type,
1
specifies the port.
and
To enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter:
switchxxxxxx(config)# username admin password alansmith
When working with the CLI, the command options are not displayed. The standard command to request help is ?.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 34
show, interfaces
and
status
Page 36
1
Introduction
There are two instances where help information can be displayed:
Keyword lookup—The character ? is entered in place of a command. A list
of all valid commands and corresponding help messages are is displayed.
Partial keyword lookup—If a command is incomplete and or the character ?
is entered in place of a parameter, the matched keyword or parameters for this command are displayed.
To assist in using the CLI, there is an assortment of editing features. The following features are described:
Terminal Command Buffer
Command Completion
Interface Naming Conventions
Keyboard Shortcuts

Terminal Command Buffer

Every time a command is entered in the CLI, it is recorded on an internally managed Command History buffer. Commands stored in the buffer are maintained on a First In First Out (FIFO) basis. These commands can be recalled, reviewed, modified, and reissued. This buffer is not preserved across device resets.
Keyword Description
Up-Arrow key Ctrl+P
Down-Arrow key Returns to more recent commands in the history
By default, the history buffer system is enabled, but it can be disabled at any time. For more information on enabling or disabling the history buffer, refer to the history command.
Recalls commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands.
buffer after recalling commands with the up-arrow key. Repeating the key sequence will recall successively more recent commands.
35 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 37
Introduction
1
There is a standard default number of commands that are stored in the buffer. The standard number of 10 commands can be increased to 216. By configuring 0, the effect is the same as disabling the history buffer system. For more information on configuring the command history buffer, refer to the history size command.
To display the history buffer, refer to the show history command.
Negating the Effect of Commands
For many configuration commands, the prefix keyword no can be entered to cancel the effect of a command or reset the configuration to the default value. This Reference Guide provides a description of the negation effect for each CLI command.

Command Completion

If the command entered is incomplete, invalid or has missing or invalid parameters, then the appropriate error message is displayed. This assists in entering the correct command. By pressing Tab after an incomplete command is entered, the system will attempt to identify and complete the command. If the characters already entered are not enough for the system to identify a single matching command, press ? to display the available commands matching the characters already entered.

Keyboard Shortcuts

The CLI has a range of keyboard shortcuts to assist in editing the CLI commands. The following table describes the CLI shortcuts.
Keyboard Key
Up-arrow Recalls commands from the history buffer,
Down-arrow Returns the most recent commands from the
Ctrl+A Moves the cursor to the beginning of the
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 36
Description
beginning with the most recent command. Repeat the key sequence to recall successively older commands.
history buffer after recalling commands with the up arrow key. Repeating the key sequence will recall successively more recent commands.
command line.
Page 38
1
Introduction
Keyboard Key
Ctrl+E Moves the cursor to the end of the command line.
Ctrl+Z / End Returns back to the Privileged EXEC mode from
Backspace Deletes one character left to the cursor position.
Description
any configuration mode.

Copying and Pasting Text

Up to 1000 lines of text (or commands) can be copied and pasted into the device.
NOTE It is the user’s responsibility to ensure that the text copied into the device consists
of legal commands only.
When copying and pasting commands from a configuration file, make sure that the following conditions exist:
A device Configuration mode has been accessed.
The commands contain no encrypted data, like encrypted passwords or keys. Encrypted data cannot be copied and pasted into the device except for encrypted passwords where the keyword encrypted is used before the encrypted data (for instance in the enable password command).

Interface Naming Conventions

Interfaces on the device can be one of the following types:
Fast Ethernet (10/100 kbits) ports—This can be written as FastEthernet,
fa or fe.
Gigabit Ethernet (10/100/1000 kbits) ports—These can be written as
either GigabitEthernet or gi or GE.
—LAG (Port Channel)—Written as either Port-Channel or po.
VLAN—Written as VLAN
Tunnel—Written as tunnel or tu
37 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 39
Introduction
1
Within the CLI, interfaces are denoted by concatenating the following elements:
Type of Interface—As described above
Interface Number—Port, LAG, tunnel or VLAN numbers
Samples of these various options are shown in the example below:
switchxxxxxx(config)#interface GigabitEthernet 1 switchxxxxxx(config)#interface GE 1 switchxxxxxx(config)#interface FastEthernet switchxxxxxx((config)#interface fe1 switchxxxxxx(config)#interface po1 switchxxxxxx(config)# interface vlan 1
NOTE See Loopback Interface for a description of the loopback interface.

Interface Range

Interfaces may be described on an individual basis or within a range. The interface range command has the following syntax:
<interface-range> ::= {<port-type>[ ][/<first-port-number>[ - <last-port-number]} | port-channel[ ]<first-port-channel-number>[ -
<last-port-channel-number>] | tunnel[ ]<first-tunnel-number>[ - <last-tunnel-number>] | vlan[ ]<first-vlan-id>[ - <last-vlan-id>]
A sample of this command is shown in the example below:
switchxxxxxx#configure switchxxxxxx(config-if)#interface range gi1-5
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 38
Page 40
1
Introduction

List of Multiple Interface Types

A combination of interface types can be specified in the interface range command in the following format:
<range-list> ::= <interface-range> | <range-list>, < interface-range>
Up to five ranges can be included.
NOTE Range lists can contain either ports and port-channels or VLANs. Combinations of
port/port-channels and VLANs are not allowed
The space after the comma is optional.
When a range list is defined, a space after the first entry and before the comma (,) must be entered.
A sample of this command is shown in the example below:
switchxxxxxx#configure switchxxxxxx(config)#interface range gi1-5, vlan 1-2

IPv6z Address Conventions

The following describes how to write an IPv6z address, which is a link-local IPv6 address.
The format is:
where:
egress-interface (also known as zone) = vlan<vlan-id> | po<number> | tunnel<number> | port<number> | 0
If the egress interface is not specified, the default interface is selected. Specifying egress interface = 0 is equal to not defining an egress interface.
<ipv6-link-local-address>%<egress-interface>
The following combinations are possible:
ipv6_address%egress-interface—Refers to the IPv6 address on the
interface specified.
39 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 41
Introduction
ipv6_address%0—Refers to the IPv6 address on the single interface on
which an IPv6 address is defined.
ipv6_address—Refers to the IPv6 address on the single interface on which
an IPv6 address is defined.

Loopback Interface

When an IP application on a router wants to communicate with a remote IP application, it must select the local IP address to be used as its IP address. It can use any IP address defined on the router, but if this link goes down, the communication is aborted, even though there might well be another IP route between these IP applications.
The loopback interface is a virtual interface whose operational state is always up. If the IP address that is configured on this virtual interface is used as the local address when communicating with remote IP applications, the communication will not be aborted even if the actual route to the remote application was changed.
1
The name of the loopback interface is loopback1.
A loopback interface does not support bridging; it cannot be a member of any VLAN, and no layer 2 protocol can be enabled on it.

Layer 3 Specification

IP Interface
IPv4 and IPv6 addresses can be assigned to a loopback interface.
The IPv6 link-local interface identifier is 1.
Routing Protocols
A routing protocol running on the switch supports the advertising of the IP prefixes defined on the loopback interfaces via the routing protocol redistribution mechanism.
If a layer 2 switch with one IPv4 address supports a loopback interface, the above rules are replaced by the following ones:
This is the definition of the IP configuration when the device is in layer 2 mode:
Only one loopback interface is supported.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 40
Page 42
1
Introduction
Two IPv4 interfaces can be configured: one on a VLAN and one on the
loopback interface.
If the IPv4 address was configured on the default VLAN and the default
VLAN is changed, the switch moves the IPv4 address to the new default VLAN.
The ip address command does the following:
- In VLAN context, it replaces the existing configured IPv4 address on the
specified interface by the new one.
- In Loopback Interface context, it replaces the existing, configured IPv4
address on the loopback interface with the new one.
- In the Loopback Interface context, it does not support the keyword
default-gateway.

PHY Diagnostics

The following exceptions exist:
Copper Ports—PHY diagnostics are only supported on copper ports.
10G ports—TDR test is supported when the operational port speed is 10G.
Cable length resolution is 20 meters.

CLI Output Modifiers

To all show and more commands (except show technical support) an output modifier may be added as follows:
<show/more command> | <output-modifier> <regular-expression-pattern>
The output modifiers are:
begin: Start output from the first line that has a sequence of characters
matching the given regular expression pattern
include: Includes only lines that have a sequence of characters matching the
given regular expression pattern.
41 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 43
Introduction
1
exclude: Excludes all lines that have a sequence of characters matching the
given regular expression pattern.
count: Counts all lines that have a sequence of characters matching the
given regular expression pattern and displays the result (no other output is displayed).
NOTE Only 1 output modifier can be used in each command. The remainder of the text
typed in is part of the regular expression pattern.
A regular expression is a pattern (a phrase, number, or more complex pattern). The CLI String Search feature matches regular expressions to the show or more command output. Regular expressions are case-sensitive and allow for complex matching requirements.
A regular expression can be a single-character pattern or a multiple-character pattern. That is, a regular expression can be a single character that matches the same single character in the command output or multiple characters that match the same multiple characters in the command output. The pattern in the command output is referred to as a string. This section describes creating both single-character patterns and multiple-character patterns. It also discusses creating more complex regular expressions, using multipliers, alternation, anchoring, and parentheses.

Single-Character Patterns

The simplest regular expression is a single character that matches the same single character in the command output. You can use any letter (A-Z, a-z) or digit (0-9) as a single-character pattern. You can also use other keyboard characters (such as ! or ~) as single-character patterns, but certain keyboard characters have special meaning when used in regular expressions. Table lists the keyboard characters that have special meanings.
Character Meaning
.
* Matches 0 or more sequences of the pattern.
+ Matches 1 or more sequences of the pattern.
? Matches 0 or 1 occurrences of the pattern.
^ Matches the beginning of the string.
$ Matches the end of the string.
Matches any single character, including white space.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 42
Page 44
1
Introduction
To use these special characters as single-character patterns, remove the special meaning by preceding each character with a backslash (\).
The following examples are single-character patterns matching a dollar sign, an underscore, and a plus sign, respectively.
\$ \_ \+
You can specify a range of single-character patterns to match against command output. For example, you can create a regular expression that matches a string containing one of the following letters: a, e, i, o, or u. Only one of these characters must exist in the string for pattern matching to succeed. To specify a range of single-character patterns, enclose the single-character patterns in square brackets ([ ]). For example, [aeiou] matches any one of the five vowels of the lowercase alphabet, while [abcdABCD] matches any one of the first four letters of the lower- or uppercase alphabet.
You can simplify ranges by entering only the endpoints of the range separated by a dash (-). Simplify the previous range as follows:
[a-dA-D]
To add a dash as a single-character pattern in your range, include another dash and precede it with a backslash:
[a-dA-D\-]
You can also include a right square bracket (]) as a single-character pattern in your range, as shown here:
[a-dA-D\-\]]
The previous example matches any one of the first four letters of the lower- or uppercase alphabet, a dash, or a right square bracket.
You can reverse the matching of the range by including a caret (^) at the start of the range. The following example matches any letter except the ones listed:
[^a-dqsv]
The following example matches anything except a right square bracket (]) or the letter d:
[^\]d]
43 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 45
Introduction
1

Multiple-Character Patterns

When creating regular expressions, you can also specify a pattern containing multiple characters. You create multiple-character regular expressions by joining letters, digits, or keyboard characters that do not have special meaning. For example, a4% is a multiple-character regular expression.
With multiple-character patterns, order is important. The regular expression a4% matches the character a followed by a 4 followed by a % sign. If the string does not have a4%, in that order, pattern matching fails. The multiple-character regular expression a. uses the special meaning of the period character to match the letter a followed by any single character. With this example, the strings ab, a!, or a2 are all valid matches for the regular expression.
You can remove the special meaning of the period character by inserting a backslash before it. For example, when the expression a\. is used in the command syntax, only the string a. will be matched.
You can create a multiple-character regular expression containing all letters, all digits, all keyboard characters, or a combination of letters, digits, and other keyboard characters. For example, telebit 3107 v32bis is a valid regular expression.
Multipliers
You can create more complex regular expressions that instruct the system to match multiple occurrences of a specified regular expression. To do so, use some special characters with your single-character and multiple-character patterns.
Table 1 lists the special characters that specify multiples of a regular expression.
Table 1: Special Characters Used as Multipliers
Character
*
+
?
Description
Matches 0 or more single-character or multiple-character patterns.
Matches 1 or more single-character or multiple-character patterns.
Matches 0 or 1 occurrences of a single-character or multiple-character pattern.
The following example matches any number of occurrences of the letter a, including none:
a*
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 44
Page 46
1
Introduction
The following pattern requires that at least one letter a be in the string to be matched:
a+
The following pattern matches the string bb or bab:
ba?b
The following string matches any number of asterisks (*):
\**
To use multipliers with multiple-character patterns, enclose the pattern in parentheses. In the following example, the pattern matches any number of the multiple-character string ab:
(ab)*
The following pattern matches one or more instances of alphanumeric pairs, but not none (that is, an empty string is not a match):
([A-Za-z][0-9])+
The order for matches using multipliers (*, +, or ?) is to put the longest construct first. Nested constructs are matched from outside to inside. Concatenated constructs are matched beginning at the left side of the construct. Thus, the regular expression above matches A9b3, but not 9Ab3 because the letters are specified before the numbers.
Alternation
Alternation allows you to specify alternative patterns to match against a string. You separate the alternative patterns with a vertical bar (|). Only one of the alternatives can match the string. For example, the regular expression codex|telebit either matches the string codex or the string telebit, but not both codex and telebit.
45 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 47
Introduction
1
Anchoring
You can instruct the system to match a regular expression pattern against the beginning or the end of the string. You anchor these regular expressions to a portion of the string using the special characters shown in Table 2..
Table 2: Special Characters Used for Anchoring
Character
^
$
For example, the regular expression ^con matches any string that starts with con, and $sole matches any string that ends with sole.
In addition to indicating the beginning of a string, the ^ symbol can be used to indicate the logical function not when used in a bracketed range. For example, the expression [^abcd] indicates a range that matches any single letter, as long as it is not the letters a, b, c, or d.
Description
Matches the beginning of the string.
Matches the end of the string.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 46
Page 48

ACL Commands

2.0

2.1 ip access-list (IP extended)

Use the ip access-list extended Global Configuration mode command to name an IPv4 access list (ACL) and to place the device in IPv4 Access List Configuration mode. All commands after this command refer to this ACL. The rules (ACEs) for this ACL are defined in the permit ( IP ) and deny ( IP ) commands. The service-acl input command is used to attach this ACL to an interface.
2
Use the no form of this command to remove the access list.
Syntax
ip access-list extended
no ip access-list extended
Parameters
acl-name
acl-nam
e
acl-name—Name of the IPv4 access list. (Range 1-32 characters)
Default Configuration
No IPv4 access list is defined.
Command Mode
Global Configuration mode
User Guidelines
An IPv4 ACL is defined by a unique name. IPv4 ACL, IPv6 ACL, MAC ACL or policy maps cannot have the same name.
Example
switchxxxxxx(config)#
switchxxxxxx(config-ip-al)#
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 47
ip access-list extended
server
Page 49
ACL Commands
2

2.2 permit ( IP )

Use the permit IP Access-list Configuration mode command to set permit conditions for an IPv4 access list (ACL). Permit conditions are also known as access control entries (ACEs). Use the no form of the command to remove the access control entry.
Syntax
permit
protocol
destination-wildcard
[time-range
[log-input]
permit [any precedence
[log-input]
permit
icmp
| icmp-type]
igmp
destination-wildcard
precedence
[log-input]
permit tcp {any
{any
| source source-wildcard
} [ace-priority
time-range-name]
{any
| source source-wildcard
[any
| icmp-code]]
number]
[time-range
{any
| source source-wildcard
}[
igmp-type]
number]
[time-range
| source source-wildcard destination destination-wildcard priority
] [dscp
time-range-name
[log-input]
number |
precedence
]
} {any
| destination
priority]
[ace-priority
[dscp
number | precedence number]
} {any
| destination destination-wildcard}
priority]
time-range-name]
} {any
| destination
[ace-priority
priority]
time-range-name]
} {any
|source-port/port-range
} {any
|destination-port/port-range}
number
] [match-all
[dscp
number |
[dscp
number |
list-of-flags]
}{any
|
[ace-priority
[time-range
permit udp {any
destination destination-wildcard priority
[log-input]
no permit
] [dscp
destination-wildcard} time-range-name
[log-input]
no permit
destination-wildcard
precedence
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 48
| source source-wildcard
number |
precedence
protocol
]
{any
| source source-wildcard
[dscp
number |
icmp
{any
| source source-wildcard
} [any
| icmp-type
number
][time-range
} {any
|source-port/port-range
} {any
|destination-port/port-range}
number]
precedence
] [any
[time-range
} {any
| destination
number
} {any
| destination
| icmp-code
time-range-name]
} {any
[ace-priority
time-range-name]
][time-range
]] [dscp
number |
|
Page 50
2
ACL Commands
[log-input]
no permit
destination-wildcard time-range-name
[log-input]
no permit tcp {any
destination destination-wildcard
precedence
[log-input]
no permit udp {any
destination destination-wildcard
precedence
[log-input]
Parameters
igmp
{any
| source source-wildcard
}[
igmp-type
]
| source source-wildcard
number
number]
protocol
names are: icmp, igmp, ip, tcp, egp, igp, udp, hmp, rdp, idpr, ipv6, ipv6:rout, ipv6:frag, idrp, rsvp, gre, esp, ah, ipv6:icmp, eigrp, ospf, ipinip, pim, l2tp, isis. To match any protocol, use the ip keyword.(Range: 0–255)
] [match-all
| source source-wildcard
[time-range
—The name or the number of an IP protocol. Available protocol
] [dscp
} {any
list-of-flags]
} {any
} {any
| destination
number |
|destination-port/port-range
|destination-port/port-range
time-range-name]
precedence
} {any
|source-port/port-range
[time-range
} {any
|source-port/port-range
time-range-name]
number]
} [dscp
} [dscp
[time-range
}{any
|
number |
} {any
|
number |
source
source-wildcard
ones in the bit position that you want to be ignored.
destination
destination-wildcard
address. Use ones in the bit position that you want to be ignored.
priority
control list (ACL). "1" value represents the highest priority and "2147483647" number represents the lowest priority.(Range: 1-2147483647)
dscp
precedence
icmp-type
Enter a number or one of the following values: echo-reply, destination-unreachable, source-quench, redirect, alternate-host-address, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-problem, timestamp, timestamp-reply, information-request,
—Source IP address of the packet.
—Wildcard bits to be applied to the source IP address. Use
—Destination IP address of the packet.
—Wildcard bits to be applied to the destination IP
- Specify the priority of the access control entry (ACE) in the access
number
—Specifies the DSCP value.
number
—Specifies an ICMP message type for filtering ICMP packets.
—Specifies the IP precedence value.
49 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 51
ACL Commands
information-reply, address-mask-request, address-mask-reply, traceroute, datagram-conversion-error, mobile-host-redirect, mobile-registration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip, photuris. (Range: 0–255)
icmp-code
(Range: 0–255)
igmp-type
number or one of the following values: host-query, host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leave-v2, host-report-v3. (Range: 0–255)
destination-port
range of ports by using hyphen. E.g. 20 - 21. For TCP enter a number or one of the following values: bgp (179), chargen (19), daytime (13), discard (9), domain (53), drip (3949), echo (7), finger (79), ftp (21), ftp-data (20), gopher (70), hostname (42), irc (194), klogin (543), kshell (544), lpd (515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (1110, syslog (514), tacacs-ds (49), talk (517), telnet (23), time (37), uucp (117), whois (43), www (80). For UDP enter a number or one of the following values: biff (512), bootpc (68), bootps (67), discard (9), dnsix (90), domain (53), echo (7), mobile-ip (434), nameserver (42), netbios-dgm (138), netbios-ns (137), on500-isakmp (4500), ntp (123), rip (520), snmp (161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (49), talk (517), tftp (69), time (37), who (513), xdmcp (177).(Range: 0–65535).
—Specifies an ICMP message code for filtering ICMP packets.
—IGMP packets can be filtered by IGMP message type. Enter a
—Specifies the UDP/TCP destination port. You can enter
2
source-port
are defined in the destination-port parameter. (Range: 0–65535)
match-all
set, it is prefixed by “+”. If a flag should be unset, it is prefixed by “-”. Available options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst,
-syn and -fin. The flags are concatenated to a one string. For example: +fin-ack.
—Specifies the UDP/TCP source port. Predefined port names
list-of-flags
—List of TCP flags that should occur. If a flag should be
time-range-name—Name of the time range that applies to this permit
statement. (Range: 1–32)
log-input—Specifies sending an informational SYSLOG message about the
packet that matches the entry. Because forwarding/dropping is done in hardware and logging is done in software, if a large number of packets match an ACE containing a log-input keyword, the software might not be able to match the hardware processing rate, and not all packets will be logged.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 50
Page 52
2
ACL Commands
Default Configuration
No IPv4 access list is defined.
Command Mode
IP Access-list Configuration mode
User Guidelines
If a range of ports is used for source port in an ACE, it is not counted again, if it is also used for a source port in another ACE. If a range of ports is used for the destination port in an ACE, it is not counted again if it is also used for destination port in another ACE.
If a range of ports is used for source port it is counted again if it is also used for destination port.
If ace-priority is omitted, the system sets the rule's priority to the current highest priority ACE (in the current ACL) + 20. The ACE-priority must be unique per ACL.If the user types already existed priority, then the command is rejected.
Example
switchxxxxxx(config)#
switchxxxxxx(config-ip-al)#
ip access-list extended
permit ip
176.212.0.0 00.255.255
server
any

2.3 deny ( IP )

Use the deny IP Access-list Configuration mode command to set deny conditions for IPv4 access list. Deny conditions are also known as access control entries (ACEs). Use the no form of the command to remove the access control entry.
Syntax
protocol
deny
destination-wildcard
[time-range
icmp
deny [any
| icmp-type
precedence
{any
| source source-wildcard
} [ace-priority
time-range-name]
{any
| source source-wildcard
] [any
| icmp-code
number]
[time-range
[disable-port |log-input ]
} {any
| destination
priority]
]][ace-priority
[dscp
number |
} {any
| destination destination-wildcard
priority]
time-range-name]
precedence
[dscp
number |
[disable-port |log-input ]
number]
}
51 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 53
ACL Commands
deny
igmp
{any
| source source-wildcard destination-wildcard number
] [time-range
}[
igmp-type
][ace-priority
time-range-name]
} {any
| destination
priority]
[disable-port |log-input ]
[dscp
number |
2
precedence
deny tcp {any
| source source-wildcard destination destination-wildcard priority time-range-name
deny udp {any
] [dscp
number |
] [disable-port |log-input ]
precedence
| source source-wildcard destination destination-wildcard priority
[disable-port |log-input
no deny
] [dscp
destination-wildcard time-range-name
no deny
destination-wildcard
precedence
no deny
destination-wildcard time-range-name]
no deny tcp {any
number |
protocol
icmp
{any
number][
igmp
{any
precedence
]
{any
| source source-wildcard
} [dscp
] [disable-port
number |
| source source-wildcard
} [any
| icmp-type
time-range
| source source-wildcard
}[
igmp-type
[disable-port |log-input
| source source-wildcard
destination destination-wildcard
precedence [disable-port |log-input ]
number
] [match-all
} {any
|source-port/port-range
} {any
|destination-port/port-range}
number
} {any
|destination-port/port-range}
number]
precedence
|l
og-input ]
] [any
] [match-all
} {any
|source-port/port-range
[time-range
} {any
} {any
| icmp-code
time-range-name]
} {any
] [dscp
number |
]
} {any
|source-port/port-range
} {any
|destination-port/port-range
list-of-flags]
[time-range
[ace-priority
list-of-flags
][time-range
[ace-priority
time-range-name]
| destination
number]
[time-range
| destination
]] [dscp
[disable-port |log-input ]
number |
| destination
precedence
number] [
} [dscp
time-range-name]
}{any
|
} {any
|
time-range
}{any
number |
|
no deny udp {any
destination destination-wildcard precedence number]
Parameters
protocol
names: icmp, igmp, ip, tcp, egp, igp, udp, hmp, rdp, idpr, ipv6, ipv6:rout, ipv6:frag, idrp, rsvp, gre, esp, ah, ipv6:icmp, eigrp, ospf, ipinip, pim, l2tp, isis. To match any protocol, use the Ip keyword. (Range: 0–255)
source
source-wildcard
1s in the bit position that you want to be ignored.
destination
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 52
| source source-wildcard
} {any
[time-range
—The name or the number of an IP protocol. Available protocol
—Source IP address of the packet.
—Wildcard bits to be applied to the source IP address. Use
—Destination IP address of the packet.
time-range-name]
} {any
|source-port/port-range
|destination-port/port-range
[disable-port |log-input ]
} [dscp
} {any
number |
|
Page 54
2
ACL Commands
destination-wildcard
address. Use 1s in the bit position that you want to be ignored.
priority
control list (ACL). "1" value represents the highest priority and "2147483647" number represents the lowest priority.(Range: 1-2147483647)
- Specify the priority of the access control entry (ACE) in the access
—Wildcard bits to be applied to the destination IP
dscp
precedence
number
icmp-type
Enter a number or one of the following values: echo-reply, destination-unreachable, source-quench, redirect, alternate-host-address, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-problem, timestamp, timestamp-reply, information-request, information-reply, address-mask-request, address-mask-reply, traceroute, datagram-conversion-error, mobile-host-redirect, mobile-registration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip, photuris. (Range: 0–255)
icmp-code
(Range: 0–255)
igmp-type
number or one of the following values: host-query, host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leave-v2, host-report-v3. (Range: 0–255)
destination-port
range of ports by using hyphen. E.g. 20 - 21. For TCP enter a number or one of the following values: bgp (179), chargen (19), daytime (13), discard (9), domain (53), drip (3949), echo (7), finger (79), ftp (21), ftp-data (20), gopher (70), hostname (42), irc (194), klogin (543), kshell (544), lpd (515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (1110, syslog (514), tacacs-ds (49), talk (517), telnet (23), time (37), uucp (117), whois (43), www (80). For UDP enter a number or one of the following values: biff (512), bootpc (68), bootps (67), discard (9), dnsix (90), domain (53), echo (7), mobile-ip (434), nameserver (42), netbios-dgm (138), netbios-ns (137), non500-isakmp (4500), ntp (123), rip (520), snmp 161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (49), talk (517), tftp (69), time (37), who (513), xdmcp (177). (Range: 0–65535)
—Specifies the DSCP value.
number
—Specifies an ICMP message type for filtering ICMP packets.
—Specifies an ICMP message code for filtering ICMP packets.
—IGMP packets can be filtered by IGMP message type. Enter a
—Specifies the IP precedence value.
—Specifies the UDP/TCP destination port. You can enter
source-port
are defined in the destination-port parameter. (Range: 0–65535)
match-all
set it is prefixed by “+”.If a flag should be unset it is prefixed by “-”. Available
53 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
—Specifies the UDP/TCP source port. Predefined port names
list-of-flags
—List of TCP flags that should occur. If a flag should be
Page 55
ACL Commands
2
options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn and
-fin. The flags are concatenated to a one string. For example: +fin-ack.
time-range-name—Name of the time range that applies to this permit
statement. (Range: 1–32)
disable-port—The Ethernet interface is disabled if the condition is matched.
log-input—Specifies sending an informational syslog message about the
packet that matches the entry. Because forwarding/dropping is done in hardware and logging is done in software, if a large number of packets match an ACE containing a log-input keyword, the software might not be able to match the hardware processing rate, and not all packets will be logged.
Default Configuration
No IPv4 access list is defined.
Command Mode
IP Access-list Configuration mode
User Guidelines
The number of TCP/UDP ranges that can be defined in ACLs is limited. If a range of ports is used for a source port in ACE it is not counted again if it is also used for source port in another ACE. If a range of ports is used for destination port in ACE it is not counted again if it is also used for destination port in another ACE.
If a range of ports is used for source port, it is counted again if it is also used for destination port.
If ace-priority is omitted, the system sets the rule's priority to the current highest priority ACE (in the current ACL) + 20. The ACE-priority must be unique per ACL.If the user types already existed priority, then the command is rejected.
Example
switchxxxxxx(config)# switchxxxxxx(config-ip-al)#
ip access-list extended server
deny ip
176.212.0.0 00.255.255
any
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 54
Page 56
2
ACL Commands

2.4 ipv6 access-list (IPv6 extended)

Use the ipv6 access-list Global Configuration mode command to define an IPv6 access list (ACL) and to place the device in Ipv6 Access-list Configuration mode. All commands after this command refer to this ACL. The rules (ACEs) for this ACL are defined in the permit ( IPv6 ) and deny ( IPv6 ) commands. The service-acl
input command is used to attach this ACL to an interface.
Use the no form of this command to remove the access list.
Syntax
ipv6 access-list [
no ipv6 access-list
Parameters
acl-name—Name of the IPv6 access list. Range 1-32 characters.
Default Configuration
No IPv6 access list is defined.
Command Mode
Global Configuration mode
User Guidelines
IPv6 ACL is defined by a unique name. IPv4 ACL, IPv6 ACL, MAC ACL or policy maps cannot have the same name.
Every IPv6 ACL has an implicit permit icmp any any nd-ns any, permit icmp any any nd-na any, and deny ipv6 any any statements as its last match conditions. (The former two match conditions allow for ICMPv6 neighbor discovery.)
acl-name]
[acl-name]
The IPv6 neighbor discovery process uses the IPv6 network layer service, therefore, by default, IPv6 ACLs implicitly allow IPv6 neighbor discovery packets to be sent and received on an interface. In IPv4, the Address Resolution Protocol (ARP), which is equivalent to the IPv6 neighbor discovery process, uses a separate data link layer protocol; therefore, by default, IPv4 ACLs implicitly allow ARP packets to be sent and received on an interface.
Example
switchxxxxxx(config)#
55 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
ipv6 access-list
acl1
Page 57
ACL Commands
2
switchxxxxxx(config-ip-al)#
permit tcp
2001:0DB8:0300:0201::/64
any any
80

2.5 permit ( IPv6 )

Use the permit command in Ipv6 Access-list Configuration mode to set permit conditions (ACEs) for IPv6 ACLs. Use the no form of the command to remove the access control entry.
Syntax
permit [ace-priority
protocol
time-range-name
permit icmp {any | { {any|
icmp-type
number]
permit tcp {any | {
[time-range
destination-prefix/length priority
][dscp
time-range-name
{any |{
priority
source-prefix/length
][dscp
] [log-input]
number
source-prefix/length
} {any|
icmp-code}
time-range-name]
source-prefix/length
} {any|
number
| precedence
] [log-input]
}{any |
| precedence
destination-prefix/length
number]
}{any |
[ace-priority
[log-input]
} {any |
destination-prefix/length
priority
][dscp
source-port/port-range
destination-port/port-range}
number
] [match-all
[time-range
number
[ace-priority
list-of-flags]
}
}
| precedence
}}{any |
[time-range
permit
destination-prefix/length priority
[log-input]
no permit [dscp
no permit icmp {any | { {any|
time-range-name
no permit tcp {any | { destination- prefix/length} {any| precedence [log-input]
no permit udp {any | {
destination-prefix/length
precedence
udp
{any | {
][dscp
protocol
number
icmp-type
number
number]
source-prefix/length
} {any |
number
| precedence
| precedence
{any |{
source-prefix/length
number]
source-prefix/length
} {any|
icmp-code
] [log-input]
source-prefix/length
] [match-all
source-prefix/length
} {any|
[time-range
}} {any |
source-port/port-range
destination-port/port-range}
number
[time-range
} [dscp
][time-range
}{any |
time-range-name]
destination-prefix/length
time-range-name]
}{any |
number
} {any | source-port/port-range}}{any |
destination-prefix/length
| precedence
destination-port/port-range
list-of-flags]
[time-range
}} {any |
time-range-name]
source-port/port-range
destination-port/port-range
time-range-name]
[log-input]
[ace-priority
[log-input]
number]
} [dscp
} [dscp
number
number
}}{any |
}
}
[time-range
|
}}{any |
|
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 56
Page 58
2
Parameters
protocol
names are: icmp (58), tcp (6) and udp (17). To match any protocol, use the ipv6 keyword. (Range: 0–255)
source-prefix/length
which to set permit conditions. This argument must be in the form documented in RFC 3513 where the address is specified in hexadecimal using 16-bit values between colons.
destination-prefix/length
networks about which to set permit conditions. This argument must be in the form documented in RFC 3513 where the address is specified in hexadecimal using 16-bit values between colons.
priority
control list (ACL). "1" value represents the highest priority and "2147483647" number represents the lowest priority.(Range: 1-2147483647)
ACL Commands
—The name or the number of an IP protocol. Available protocol
—The source IPv6 network or class of networks about
—The destination IPv6 network or class of
- Specify the priority of the access control entry (ACE) in the access
dscp
precedence
number
icmp-type
Enter a number or one of the following values: destination-unreachable (1), packet-too-big (2), time-exceeded (3), parameter-problem (4), echo-request (128), echo-reply (129), mld-query (130), mld-report (131), mldv2-report (143), mld-done (132), router-solicitation (133), router-advertisement (134), nd-ns (135), nd-na (136). (Range: 0–255)
icmp-code
(Range: 0–255)
destination-port
range of ports by using a hyphen. E.g. 20 - 21. For TCP enter a number or one of the following values: bgp (179), chargen (19), daytime (13), discard (9), domain (53), drip (3949), echo (7), finger (79), ftp (21), ftp-data (20), gopher (70), hostname (42), irc (194), klogin (543), kshell (544), lpd (515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (1110, syslog (514), tacacs-ds (49), talk (517), telnet (23), time (37), uucp (117), whois (43), www (80). For UDP enter a number or one of the following values: biff (512), bootpc (68), bootps (67), discard (9), dnsix (90), domain (53), echo (7), mobile-ip (434), nameserver (42), netbios-dgm (138), netbios-ns (137), non500-isakmp (4500), ntp (123), rip (520), snmp (161), snmptrap (162), sunrpc (111), syslog (514), tacacs (49), talk (517), tftp (69), time (37), who (513), xdmcp (177). (Range: 0–65535)
—Specifies the DSCP value. (Range: 0–63)
number
—Specifies an ICMP message type for filtering ICMP packets.
—Specifies an ICMP message code for filtering ICMP packets.
—Specifies the IP precedence value.
—Specifies the UDP/TCP destination port. You can enter a
57 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 59
ACL Commands
source-port
are defined in the destination-port parameter. (Range: 0–65535)
—Specifies the UDP/TCP source port. Predefined port names
2
match-all
set it is prefixed by “+”.If a flag should be unset it is prefixed by “-”. Available options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn and
-fin. The flags are concatenated to a one string. For example: +fin-ack.
time-range-name
statement. (Range: 1–32)
list-of-flag
—Name of the time range that applies to this permit
—List of TCP flags that should occur. If a flag should be
log-input—Specifies sending an informational SYSLOG message about
the packet that matches the entry. Because forwarding/dropping is done in hardware and logging is done in software, if a large number of packets match an ACE containing a log-input keyword, the software might not be able to match the hardware processing rate, and not all packets will be logged.
Default Configuration
No IPv6 access list is defined.
Command Mode
Ipv6 Access-list Configuration mode
User Guidelines
If a range of ports is used for the destination port in an ACE, it is not counted again if it is also used for destination port in another ACE.
The number of TCP/UDP ranges that can be defined in ACLs is limited. If a range of ports is used for a source port in ACE, it is not counted again if it is also used for a source port in another ACE. If a range of ports is used for destination port in ACE it is not counted again if it is also used for destination port in another ACE.
If a range of ports is used for source port it is counted again if it is also used for destination port.
If ace-priority is omitted, the system sets the rule's priority to the current highest priority ACE (in the current ACL) + 20. The ACE-priority must be unique per ACL.If the user types already existed priority, then the command is rejected.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 58
Page 60
2
ACL Commands
Example
This example defines an ACL by the name of server and enters a rule (ACE) for tcp packets.
switchxxxxxx(config)# ipv6 access-list switchxxxxxx(config-ipv6-al)# permit tcp
server
3001::2/64
any any
80

2.6 deny ( IPv6 )

Use the deny command in Ipv6 Access-list Configuration mode to set permit conditions (ACEs) for IPv6 ACLs. Use the no form of the command to remove the access control entry.
Syntax
protocol
deny [ace-priority
time-range-name
deny icmp {any | { {any|
icmp-type
number]
deny tcp {any | {
destination-prefix/length priority
][dscp
time-range-name
{any | {
priority]
] [disable-port |log-input]
source-prefix/length
} {any|
[time-range
source-prefix/length
number
] [disable-port |log-input]
source-prefix/length
[dscp
icmp-code}
number
[ace-priority
| precedence
}{any |
time-range-name]
} {any |
} {any|
| precedence
destination-port/port-range}
number
}{any |
destination-prefix/length}
number]
[time-range
destination-prefix/length
priority
[disable-port |log-input]
][dscp
number
source-port/port-range
[ace-priority
] [match-all
list-of-flags]
}
| precedence
}}{any |
[time-range
deny udp {any | {
destination-prefix/length priority]
[disable-port |log-input]
no deny
number
|log-input]
no deny icmp {any | { {any|
[dscp
protocol
| precedence
icmp-type
time-range-name
no deny tcp {any | {
destination-prefix/length
59 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
source-prefix/length
} {any|
number
| precedence
{any | {
source-prefix/length
number]
[time-range
source-prefix/length
} {any|
icmp-code
] [disable-port |log-input]
source-prefix/length
} {any|
}} {any |
source-port/port-range
destination-port/port-range} [
number]
[time-range
}{any |
destination-prefix/length
time-range-name]
time-range-name]
}{any |
} [dscp
number
} {any |
destination-port/port-range
destination-prefix/length
| precedence
source-port/port-range
} [dscp
}}{any |
ace-priority
[disable-port
number]
[time-range
}}{any |
number
} [dscp
}
|
Page 61
ACL Commands
2
precedence [disable-port |log-input]
no deny udp {any | {
destination-prefix/length
precedence
Parameters
protocol
names are: icmp (58), tcp (6) and udp (17). To match any protocol, use the ipv6 keyword. (Range: 0–255)
source-prefix/length
which to set permit conditions. This argument must be in the format documented in RFC 3513 where the address is specified in hexadecimal using 16-bit values between colons.
destination-prefix/length
networks about which to set permit conditions. This argument must be in the format documented in RFC 3513 where the address is specified in hexadecimal using 16-bit values between colons.
number
number]
] [match-all
source-prefix/length
[time-range
—The name or the number of an IP protocol. Available protocol
list-of-flags
} {any|
destination-port/port-range
time-range-name]
—The source IPv6 network or class of networks about
—The destination IPv6 network or class of
] [time-range
}} {any |
source-port/port-range
time-range-name]
}}{any |
} [dscp
[disable-port |log-input]
number
|
priority
control list (ACL). "1" value represents the highest priority and "2147483647" number represents the lowest priority.(Range: 1-2147483647)
dscp
precedence
icmp-type
Enter a number or one of the following values: destination-unreachable (1), packet-too-big (2), time-exceeded (3), parameter-problem (4), echo-request (128), echo-reply (129), mld-query (130), mld-report (131), mldv2-report (143), mld-done (132), router-solicitation (133), router-advertisement (134), nd-ns (135), nd-na (136). (Range: 0–255)
icmp-code
(Range: 0–255)
destination-port
range of ports by using a hyphen. E.g. 20 - 21. For TCP enter a number or one of the following values: bgp (179), chargen (19), daytime (13), discard (9), domain (53), drip (3949), echo (7), finger (79), ftp (21), ftp-data 20), gopher (70), hostname (42), irc (194), klogin (543), kshell (544), lpd (515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (1110, syslog (514), tacacs-ds
- Specify the priority of the access control entry (ACE) in the access
number
—Specifies the DSCP value. (Range: 0–63)
number
—Specifies an ICMP message type for filtering ICMP packets.
—Specifies an ICMP message code for filtering ICMP packets.
—Specifies the IP precedence value.
—Specifies the UDP/TCP destination port. You can enter a
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 60
Page 62
2
ACL Commands
(49), talk (517), telnet (23), time (37), uucp (117), whois (43), www (80). For UDP enter a number or one of the following values: biff (512), bootpc (68), bootps (67), discard (9), dnsix (90), domain (53), echo (7), mobile-ip (434), nameserver (42), netbios-dgm (138), netbios-ns (137), non500-isakmp (4500), ntp (123), rip (520), snmp (161), snmptrap (162), sunrpc (111), syslog (514), tacacs (49), talk (517), tftp (69), time (37), who (513), xdmcp (177). (Range: 0–65535)
source-port
are defined in the destination-port parameter. (Range: 0–65535)
—Specifies the UDP/TCP source port. Predefined port names
match-all
set it is prefixed by “+”.If a flag should be unset it is prefixed by “-”. Available options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn and
-fin. The flags are concatenated to a one string. For example: +fin-ack.
time-range-name
statement. (Range: 1–32)
list-of-flags
—Name of the time range that applies to this permit
—List of TCP flags that should occur. If a flag should be
disable-port—The Ethernet interface is disabled if the condition is matched.
log-input—Specifies sending an informational syslog message about the
packet that matches the entry. Because forwarding/dropping is done in hardware and logging is done in software, if a large number of packets match an ACE containing a log-input keyword, the software might not be able to match the hardware processing rate, and not all packets will be logged.
Default Configuration
No IPv6 access list is defined.
Command Mode
Ipv6 Access-list Configuration mode
User Guidelines
The number of TCP/UDP ranges that can be defined in ACLs is limited. If a range of ports is used for source port in ACE it is not counted again if it is also used for source port in another ACE. If a range of ports is used for a destination port in ACE it is not counted again if it is also used for a destination port in another ACE.
If a range of ports is used for source port it is counted again if it is also used for destination port.
61 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 63
ACL Commands
2
If ace-priority is omitted, the system sets the rule's priority to the current highest priority ACE (in the current ACL) + 20. The ACE-priority must be unique per ACL.If the user types already existed priority, then the command is rejected.
Example
switchxxxxxx(config)# ipv6 access-list switchxxxxxx(config-ipv6-al)# deny tcp
server
3001::2/64
any any
80

2.7 mac access-list

Use the mac access-list Global Configuration mode command to define a Layer 2 access list (ACL) based on source MAC address filtering and to place the device in MAC Access-list Configuration mode. All commands after this command refer to this ACL. The rules (ACEs) for this ACL are defined in the permit ( MAC ) and deny
(MAC) commands. The service-acl input command is used to attach this ACL to an
interface.
Use the no form of this command to remove the access list.
Syntax
mac access-list extended
no mac access-list extended
acl-name
acl-name
Parameters
acl-name—Specifies the name of the MAC ACL (Range: 1–32 characters).
Default Configuration
No MAC access list is defined.
Command Mode
Global Configuration mode
User Guidelines
A MAC ACL is defined by a unique name. IPv4 ACL, IPv6 ACL, MAC ACL or policy maps cannot have the same name
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 62
Page 64
2
ACL Commands
If ace-priority is omitted, the system sets the rule's priority to the current highest priority ACE (in the current ACL) + 20. The ACE-priority must be unique per ACL.If the user types already existed priority, then the command is rejected.
Example
switchxxxxxx(config)#
switchxxxxxx(config-mac-al)#
mac access-list extended
permit
00:00:00:00:00:01 00:00:00:00:00:ff
server1
any

2.8 permit ( MAC )

Use the permit command in MAC Access-list Configuration mode to set permit conditions (ACEs) for a MAC ACL. Use the no form of the command to remove the access control entry.
Syntax
permit
ace-priority
[ diagnostic | dsm | etype-6000] [vlan vlan-id] [cos cos cos-wildcard] [ time-range-name]
[log-input]
no permit
[eth-type 0 | aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000] [vlan vlan-id] [cos cos cos-wildcard] [
{any | source source-wildcard} {any | destination destination-wildcard}
priority][eth-type 0 | aarp | amber | dec-spanning | decnet-iv |
time-range
{any | source source-wildcard} {any | destination destination-wildcard}
time-range
time-range-name]
[log-input]
Parameters
source
source-wildcard
Use 1s in the bit position that you want to be ignored.
destination
destination-wildcard
address. Use 1s in the bit position that you want to be ignored.
priority
control list (ACL). "1" value represents the highest priority and "2147483647" number represents the lowest priority.(Range: 1-2147483647)
63 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
—Source MAC address of the packet.
—Wildcard bits to be applied to the source MAC address.
—Destination MAC address of the packet.
—Wildcard bits to be applied to the destination MAC
- Specify the priority of the access control entry (ACE) in the access
Page 65
ACL Commands
eth-type
vlan-id
cos
cos-wildcard
time-range-name
statement. (Range: 1–32)
—The Ethernet type in hexadecimal format of the packet.
—The VLAN ID of the packet. (Range: 1–4094)
—The Class of Service of the packet. (Range: 0–7)
—Wildcard bits to be applied to the CoS.
—Name of the time range that applies to this permit
log-input—Specifies sending an informational SYSLOG message about
the packet that matches the entry. Because forwarding/dropping is done in hardware and logging is done in software, if a large number of packets match an ACE containing a log-input keyword, the software might not be able to match the hardware processing rate, and not all packets will be logged.
User Guidelines
2
A MAC ACL is defined by a unique name. IPv4 ACL, IPv6 ACL, MAC ACL or policy maps cannot have the same name
If ace-priority is omitted, the system sets the rule's priority to the current highest priority ACE (in the current ACL) + 20. The ACE-priority must be unique per ACL.If the user types already existed priority, then the command is rejected.
Default Configuration
No MAC access list is defined.
Command Mode
MAC Access-list Configuration mode
Example
switchxxxxxx(config)#
switchxxxxxx(config-mac-al)#
mac access-list extended
permit
00:00:00:00:00:01 00:00:00:00:00:ff
server1
any
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 64
Page 66
2
ACL Commands

2.9 deny (MAC)

Use the deny command in MAC Access-list Configuration mode to set deny conditions (ACEs) for a MAC ACL. Use the no form of the command to remove the access control entry.
Syntax
{any | source source-wildcard} {any | destination destination-wildcard}
deny
ace-priority
[ diagnostic | dsm | etype-6000] [vlan vlan-id] [cos cos cos-wildcard] [ time-range-name] [disable-port |log-input ]
priority][{eth-type 0}| aarp | amber | dec-spanning | decnet-iv |
time-range
no deny
[{eth-type 0}| aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000] [vlan vlan-id] [cos cos cos-wildcard] [ [disable-port |log-input ]
Parameters
{any | source source-wildcard} {any | destination destination-wildcard}
time-range
source
source-wildcard
Use ones in the bit position that you want to be ignored.
destination
destination-wildcard
address. Use 1s in the bit position that you want to be ignored.
priority
control list (ACL). "1" value represents the highest priority and "2147483647" number represents the lowest priority.(Range: 1-2147483647)
eth-type
vlan-id
—Source MAC address of the packet.
—Wildcard bits to be applied to the source MAC address.
—Destination MAC address of the packet.
—Wildcard bits to be applied to the destination MAC
- Specify the priority of the access control entry (ACE) in the access
—The Ethernet type in hexadecimal format of the packet.
—The VLAN ID of the packet. (Range: 1–4094).
time-range-name]
cos
—The Class of Service of the packet.(Range: 0–7).
cos-wildcard
time-range-name
statement. (Range: 1–32)
—Wildcard bits to be applied to the CoS.
—Name of the time range that applies to this permit
disable-port—The Ethernet interface is disabled if the condition is matched.
log-input—Specifies sending an informational syslog message about the
packet that matches the entry. Because forwarding/dropping is done in
65 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 67
ACL Commands
2
hardware and logging is done in software, if a large number of packets match an ACE containing a log-input keyword, the software might not be able to match the hardware processing rate, and not all packets will be logged.
Default Configuration
No MAC access list is defined.
Command Mode
MAC Access-list Configuration mode
User Guidelines
A MAC ACL is defined by a unique name. IPv4 ACL, IPv6 ACL, MAC ACL or policy maps cannot have the same name
If ace-priority is omitted, the system sets the rule's priority to the current highest priority ACE (in the current ACL) + 20. The ACE-priority must be unique per ACL.If the user types already existed priority, then the command is rejected.
Example
switchxxxxxx(config)#
switchxxxxxx(config-mac-al)#
mac access-list extended
deny
00:00:00:00:00:01 00:00:00:00:00:ff
server1
any

2.10 service-acl input

Use the service-acl input command in Interface Configuration mode to bind an access list(s) (ACL) to an interface.
Use the no form of this command to remove all ACLs from the interface.
Syntax
sevice-acl input acl-name1 [
no service-acl input
Parameters
acl-name2
] [default-action {deny-any | permit-any}]
acl-name
guidelines. (Range: 1–32 characters).
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 66
—Specifies an ACL to apply to the interface. See the user
Page 68
2
ACL Commands
deny-any—Deny all packets (that were ingress at the port) that do not meet
the rules in this ACL.
permit-any—Forward all packets (that were ingress at the port) that do not
meet the rules in this ACL.
Default Configuration
No ACL is assigned.
Command Mode
Interface Configuration mode (Ethernet, Port-Channel,,VLAN )
User Guidelines
The following rules govern when ACLs can be bound or unbound from an interface:
IPv4 ACLs and IPv6 ACLs can be bound together to an interface.
A MAC ACL cannot be bound on an interface which already has an IPv4
ACL or IPv6 ACL bound to it.
Two ACLs of the same type cannot be bound to a port.
An ACL cannot be bound to a port that is already bound to an ACL, without
first removing the current ACL. Both ACLs must be mentioned at the same time in this command.
MAC ACLs that include a VLAN as match criteria cannot be bound to a
VLAN.
ACLs with time-based configuration on one of its ACEs cannot be bound to
a VLAN.
ACLs with the action Shutdown cannot be bound to a VLAN.
When the user binds ACL to an interface, TCAM resources will be
consumed. One TCAM rule for each MAC or IP ACE and two TCAM rules for each IPv6 ACE.The TCAM consumption is always even number, so in case of odd number of rules the consumption will be increased by 1.
An ACL cannot be bound as input if it has been bound as output.
Example
switchxxxxxx(config)# mac access-list extended
67 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
server-acl
Page 69
ACL Commands
2
switchxxxxxx(config-mac-al)# permit switchxxxxxx(config-mac-al)# exit switchxxxxxx(config)# interface switchxxxxxx(config-if)# service-acl input
00:00:00:00:00:01 00:00:00:00:00:ff
gi1
1
server-acl
default-action deny-any
any

2.11 service-acl output

Use the service-acl output command in Interface Configuration mode to control access to an interface on the egress (transmit path).
Use the no form of this command to remove the access control.
Syntax
service-acl output acl-name1 [
no service-acl output
Parameters
acl-name2
]
acl-name-Specifies an ACL to apply to the interface. See the usage guidelines. (Range: acl-name is from 0-32 characters. Use "" for empty string)
Default
No ACL is assigned.
Command Mode
Interface Configuration mode(Ethernet, Port-Channel).
User Guidelines
The rule actions: log-input is not supported. Trying to use it will result in an error.
The deny rule action disable-port is not supported. Trying to use it will result in an error.
IPv4 and IPv6 ACLs can be bound together on an interface.
A MAC ACL cannot be bound on an interface together with an IPv4 ACL or IPv6 ACL.
Two ACLs of the same type cannot be added to a port.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 68
Page 70
2
ACL Commands
An ACL cannot be added to a port that is already bounded to an ACL, without first removing the current ACL and binding the two ACLs together.
An ACL cannot be bound as output if it has been bound as input.
Example
This example binds an egress ACL to a port:
switchxxxxxx(config)# mac access-list extended server
switchxxxxxx(config-mac-al)# permit 00:00:00:00:00:01 00:00:00:00:00:ff any
switchxxxxxx(config-mac-al)# exit
switchxxxxxx(config)# interface gi11
switchxxxxxx(config-if)# service-acl output server

2.12 time-range

Use the time-range Global Configuration mode command to define time ranges for different functions. In addition, this command enters the Time-range Configuration mode. All commands after this one refer to the time-range being defined.
This command sets a time-range name. Use the absolute and periodic commands to actually configure the time-range.
Use the no form of this command to remove the time range from the device.
Syntax
time-range
no time-range
Parameters
time-range-name—Specifies the name for the time range. (Range: 1–32 characters)
Default Configuration
time-range-name
time-range-name
No time range is defined
69 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 71
ACL Commands
2
Command Mode
Global Configuration mode
User Guidelines
After adding the name of a time range with this command, use the absolute and
periodic commands to actually configure the time-range. Multiple periodic
commands are allowed in a time range. Only one absolute command is allowed.
If a time-range command has both absolute and periodic values specified, then the periodic items are evaluated only after the absolute start time is reached, and are not evaluated again after the absolute end time is reached.
All time specifications are interpreted as local time.
To ensure that the time range entries take effect at the desired times, the software clock should be set by the user or by SNTP. If the software clock is not set by the user or by SNTP, the time range ACEs are not activated.
The user cannot delete a time-range that is bound to any features.
When a time range is defined, it can be used in the following commands:
dot1x port-control
power inline
operation time
permit (IP)
deny (IP)
permit (IPv6)
deny (IPv6)
permit (MAC)
deny (MAC)
Example
switchxxxxxx(config)#
time-range http-allowed
console(config-time-range)#periodic mon 12:00 to wed 12:00
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 70
Page 72
2
ACL Commands

2.13 absolute

Use the absolute Time-range Configuration mode command to specify an absolute time when a time range is in effect. Use the no form of this command to remove the time limitation.
Syntax
absolute
no absolute
absolute
no absolute
Parameters
start hh:mm day month year
start
end hh:mm day month year
end
start—Absolute time and date that the permit or deny statement of the
associated function going into effect. If no start time and date are specified, the function is in effect immediately.
end—Absolute time and date that the permit or deny statement of the
associated function is no longer in effect. If no end time and date are specified, the function is in effect indefinitely.
hh:mm—Time in hours (military format) and minutes (Range: 0–23, mm: 0–5)
day—Day (by date) in the month. (Range: 1–31)
month—Month (first three letters by name). (Range: Jan...Dec)
year—Year (no abbreviation) (Range: 2000–2097)
Default Configuration
There is no absolute time when the time range is in effect.
Command Mode
Time-range Configuration mode
Example
switchxxxxxx(config)#
switchxxxxxx(config-time-range)#
71 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
time-range http-allowed
absolute
start 12:00 1 jan 2005
Page 73
ACL Commands
2
switchxxxxxx(config-time-range)#
absolute
end 12:00 31 dec 2005

2.14 periodic

Use the periodic Time-range Configuration mode command to specify a recurring (weekly) time range for functions that support the time-range feature. Use the no form of this command to remove the time limitation.
Syntax
periodic
no periodic
periodic list
day-of-the-week7]
no periodic list
day-of-the-week7]
periodic list
day-of-the-week hh:mm to day-of-the-week hh:mm
day-of-the-week hh:mm to day-of-the-week hh:mm
hh:mm to hh:mm day-of-the-week1 [day-of-the-week2…
hh:mm to hh:mm day-of-the-week1 [day-of-the-week2…
hh:mm to hh:mm all
no periodic list
Parameters
hh:mm to hh:mm all
day-of-the-week—The starting day that the associated time range is in
effect. The second occurrence is the ending day the associated statement is in effect. The second occurrence can be the following week (see description in the User Guidelines). Possible values are: mon, tue, wed, thu, fri, sat, and sun.
hh:mm—The first occurrence of this argument is the starting hours:minutes
(military format) that the associated time range is in effect. The second occurrence is the ending hours:minutes (military format) the associated statement is in effect. The second occurrence can be at the following day (see description in the User Guidelines). (Range: 0–23, mm: 0–59)
list day-of-the-week1
effect.
Default Configuration
There is no periodic time when the time range is in effect.
—Specifies a list of days that the time range is in
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 72
Page 74
2
ACL Commands
Command Mode
Time-range Configuration mode
User Guidelines
The second occurrence of the day can be at the following week, e.g. Thursday– Monday means that the time range is effective on Thursday, Friday, Saturday, Sunday, and Monday.
The second occurrence of the time can be on the following day, e.g. “22:00–2:00”.
Example
switchxxxxxx(config)#
switchxxxxxx(config-time-range)#
time-range http-allowed
periodic
mon 12:00 to wed 12:00

2.15 show time-range

Use the show time-range User EXEC mode command to display the time range configuration.
Syntax
show time-range
Parameters
time-range-name—Specifies the name of an existing time range.
Command Mode
User EXEC mode
time-range-name
Example
switchxxxxxx> show time-range
http-allowed
--------------
absolute start 12:00 1 Jan 2005 end 12:00 31 Dec 2005
periodic Monday 12:00 to Wednesday 12:00
73 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 75
ACL Commands
2

2.16 show access-lists

Use the show access-lists Privileged EXEC mode command to display access control lists (ACLs) configured on the switch.
Syntax
name
show access-lists [
]
show access-lists
time-range-active [name]
Parameters
name—Specifies the name of the ACL.(Range: 1-160 characters).
time-range-active—Shows only the Access Control Entries (ACEs) whose
time-range is currently active (including those that are not associated with time-range).
Command Mode
Privileged EXEC mode
Example
switchxxxxxx# show access-lists
Standard IP access list 1
Extended IP access list ACL2
permit 234 172.30.19.1 0.0.0.255 any
priority 20 time-range
weekdays
permit 234 172.30.23.8 0.0.0.255 any
switchxxxxxx#
Extended IP access list ACL1
permit 234 172.30.40.1 0.0.0.0 any
permit 234 172.30.8.8 0.0.0.0 any
Extended IP access list ACL2
permit 234 172.30.19.1 0.0.0.255 any
switchxxxxxx#
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 74
show access-lists time-range-active
show access-lists
priority 40 time-range
priority 20
priority 40
priority 20time-range
ACL1
weekdays
weekdays
Page 76
2
ACL Commands
Extended IP access list ACL1
permit 234 172.30.40.1 0.0.0.0 any priority 20
permit 234 172.30.8.8 0.0.0.0 any priority 40

2.17 show interfaces access-lists

Use the show interfaces access-lists Privileged EXEC mode command to display access lists (ACLs) applied on interfaces.
Syntax
show interfaces access-lists
Parameters
interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port, port-channel or VLAN.
Command Mode
Privileged EXEC mode
Example
Interface ACLs
--------- -----------------------
gi12 Ingress: server1
Egress : ip
[interface-id]

2.18 clear access-lists counters

Use the clear access-lists counters Privileged EXEC mode command to clear access-lists (ACLs) counters.
Syntax
clear access-lists counters
75 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
[interface-id]
Page 77
ACL Commands
2
Parameters
interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or port-channel.
Command Mode
Privileged EXEC mode
Example
switchxxxxxx#
clear access-lists counters
gi11

2.19 show interfaces access-lists trapped packets

Use the show interfaces access-lists trapped packets Privileged EXEC mode command to display Access List (ACLs) trapped packets.
Syntax
show interfaces access-lists trapped packets
VLAN]
Parameters
interface-id—Specifies an interface ID, the interface ID is an Ethernet port
port-channel.
port-channel—Specifies a port-channel.
VLAN—Specifies a VLAN
[interface-id | port-channel-number |
Command Mode
Privileged EXEC mode
User Guidelines
This command shows whether packets were trapped from ACE hits with logging enable on an interface.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 76
Page 78
2
ACL Commands
Examples
Example 1:
switchxxxxxx# show interfaces access-lists trapped packets
Ports/LAGs: gi11-gi13, ch1-ch3, ch4
VLANs: VLAN1, VLAN12-VLAN15
Packets were trapped globally due to lack of resources
Example 2:
switchxxxxxx# show interfaces access-lists trapped packets
Packets were trapped on interface gi11
gi1
1

2.20 ip access-list (IP standard)

Use the ip access-list Global Configuration mode command to define an IP standard list. The no format of the command removes the list.
Syntax
ip access-list
no ip access-list
Parameters
access-list-name—The name of the Standard IP access list. The name may
contain maximum 32 characters.
deny/permit—Denies/permits access if the conditions are matched.
access-list-name
access-list-name
{deny|permit} {
src-addr[/src-len
] | any}
-
src-addr[/src-len
any. The any value matches all IP addresses. If value of 32 is applied. A value of
Default Configuration
No access list is defined.
77 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
] | any— IP prefix defined as an IP address and length or
src-len
src-len
must be in the interval 1-32.
is not defined, a
Page 79
ACL Commands
2
Command Mode
Global Configuration mode
User Guidelines
Use the ip access-list command to configure IP address filtering. Access lists are configured with permit or deny keywords to either permit or deny an IP address based on a matching condition. An implicit deny is applied to address that does not match any access-list entry.
An access-list entry consists of an IP address and a bit mask. The bit mask is a number from 1 to 32.
Evaluation of an IP address by an access list starts with the first entry of the list and continues down the list until a match is found. When the IP address match is found, the permit or deny statement is applied to that address and the remainder of the list is not evaluated.
Use the no ip access-list command to delete the access list.
In addition to filtering IP traffic on a per port base, a basic IP access control list can be used by RIP (Routing Information Protocol) to filter route updates.
Examples
Example 1 - The following example of a standard access list allows only the three specified networks. Any IP address that does not match the access list statements will be rejected.
switchxxxxxx(config)#
switchxxxxxx(config)#
switchxxxxxx(config)#
ip access-list
ip access-list
ip access-list
1
1
1
permit
permit
permit
192.168.34.0/24
10.88.0.0/16
10.0.0.0/8
Note: all other access is implicitly denied.
Example 2 - The following example of a standard access list allows access for IP addresses in the range from 10.29.2.64 to 10.29.2.127. All IP addresses not in this range will be rejected.
switchxxxxxx(config)# ip access-list apo permit 10.29.2.64/26
Note: all other access is implicitly denied.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 78
Page 80
2
ACL Commands
Example 3 - To specify a large number of individual addresses more easily, you can omit the mask length if it is 32. Thus, the following two configuration commands are identical in effect:
switchxxxxxx(config)#
switchxxxxxx(config)# i
ip access-list
p access-list
2aa
2aa
permit
permit
10.48.0.3
10.48.0.3/32

2.21 ipv6 access-list (IP standard)

The ipv6 access-list Global Configuration mode command defines an IPv6 standard list. The no format of the command removes the list.
Syntax
ipv6 access-list
no ipv6 access-list
Parameters
access-list-name—The name of the Standard IPv6 access list. The name
may contain maximum 32 characters.
deny—Denies access if the conditions are matched.
access-list-name
access-list-name
{deny|permit} {
src-addr[/src-len
] | any}
permit—Permits access if the conditions are matched.
src-addr[/src-len
or any. The any value matches to all IPv6 addresses. If the defined a value of 128 is applied. A value of 1-128.
Default Configuration
no access list
Command Mode
Global Configuration mode
User Guidelines
Use the ipv6 access-list command to configure IPv6 address filtering. Access lists are configured with permit or deny keywords to either permit or deny an IPv6 address based on a matching condition. An implicit deny is applied to address that does not match any access-list entry.
] | any— IPv6 prefix defined as an IPv6 address and length
src-len
src-len
must be in interval
is not
79 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 81
ACL Commands
2
An access-list entry consists of an IP address and a bit mask. The bit mask is a number from 1 to 128.
Evaluation of an IPv6 address by an access list starts with the first entry of the list and continues down the list until a match is found. When the IPv6 address match is found, the permit or deny statement is applied to that address and the remainder of the list is not evaluated.
Use the no ipv6 access-list command to delete the access list.
The IPv6 standard access list is used to filter received and sent IPv6 routing information.
Example
The following example of an access list allows only the one specified prefix: Any IPv6 address that does not match the access list statements will be rejected.
switchxxxxxx(config)# ipv6 access-list 1 permit
Note: all other access implicitly denied.
3001::2/64
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 80
Page 82

802.1X Commands

3.0

3.1 aaa authentication dot1x

To specify which servers are used for authentication when 802.1X authentication is enabled, use the aaa authentication dot1x command in Global Configuration mode. To restore the default configuration, use the no form of this command.
Syntax
3
aaa authentication dot1x default {radius | none | {radius none}}
no aaa authentication dot1x default
Parameters
radius - Uses the list of all RADIUS servers for authentication
none - Uses no authentication
Default Configuration
RADIUS server.
Command Mode
Global Configuration mode
User Guidelines
You can select either authentication by a RADIUS server, no authentication (none), or both methods.
If you require that authentication succeeds even if no RADIUS server response was received, specify none as the final method in the command line.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 81
Page 83
802.1X Commands
3
Example
The following example sets the 802.1X authentication mode to RADIUS server authentication. Even if no response was received, authentication succeeds.
switchxxxxxx(config)#
aaa authentication dot1x default
radius none

3.2 authentication open

To enable open access (monitoring mode) on this port, use the authentication open command in Interface Configuration mode. To disable open access on this port, use the no form of this command.
Syntax
authentication open
no authentication open
Parameters
This command has no arguments or keywords.
Default Configuration
Disabled.
Command Mode
Interface (Ethernet) Configuration mode
User Guidelines
Open Access or Monitoring mode allows clients or devices to gain network access before authentication is performed. In the mode the switch performs failure replies received from a Radius server as success.
Example
The following example enables open mode on interface gi11:
switchxxxxxx(config)#
switchxxxxxx(config-if)#
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 82
interface
authentication open
gi1
1
Page 84
3
802.1X Commands

3.3 clear dot1x statistics

To clear 802.1X statistics, use the clear dot1x statistics command in Privileged EXEC mode.
Syntax
clear dot1x statistics [i
Parameters
interface-id
Default Configuration
Statistics on all ports are cleared.
Command Mode
Privileged EXEC mode
User Guidelines
This command clears all the counters displayed in the
statistics
Example
switchxxxxxx#
command.
clear dot1x statistics
nterface-id
—Specify an Ethernet port ID.
]
show dot1x and show dot1x

3.4 data

To specify web-based page customizing, the data command is used in Web-Based Page Customization Configuration mode.
Syntax
value
data
Parameters
value
—String of hexadecimal digit characters up to 320 characters.
83 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 85
802.1X Commands
3
Default Configuration
No user customization.
Command Mode
Web-Based Page Customization Configuration mode
User Guidelines
The command should not be entered or edited manually (unless using copy-paste). It is a part of the configuration file produced by the switch.
A user can only customize the web-based authentication pages by using the WEB interface.
Examples
Example 1—The following example shows a partial web-based page
customization configuration:
switchxxxxxx(config)#
switchxxxxxx(config-web-page)#
switchxxxxxx(config-web-page)#
switchxxxxxx(config-web-page)#
Example 2—The following example shows how Web-Based Page customization is displayed when
running the show running-config command:
switchxxxxxx#
.
.
.
dot1x page customization
data ********
exit
.
show running-config
dot1x page customization
data 1feabcde
data 17645874
exit
.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 84
Page 86
3
802.1X Commands
.

3.5 dot1x auth-not-req

To enable unauthorized devices access to a VLAN, use the dot1x auth-not-req command in Interface (VLAN) Configuration mode. To disable access to a VLAN, use the no form of this command.
Syntax
dot1x auth-not-req
no dot1x auth-not-req
Parameters
N/A
Default Configuration
Access is enabled.
Command Mode
Interface (VLAN) Configuration mode
User Guidelines
The guest VLAN cannot be configured as unauthorized VLAN.
Example
The following example enables unauthorized devices access to VLAN 5.
switchxxxxxx(config)#
switchxxxxxx(config-if)#
interface vlan
dot1x auth-not-req
5
85 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 87
802.1X Commands
3

3.6 dot1x authentication

To enable authentication methods on a port, use the dot1x authentication command in Interface Configuration mode. To restore the default configuration, use the no form of this command.
Syntax
dot1x authentication [802.1x] [mac] [web]
no dot1x authentication
Parameters
802.1x—Enables authentication based on 802.1X (802.1X-based
authentication).
mac—Enables authentication based on the station's MAC address
(MAC-Based authentication).
web—Enables WEB-Based authentication.
Default Configuration
802.1X-Based authentication is enabled.
Command Mode
Interface (Ethernet) Configuration mode
User Guidelines
Static MAC addresses cannot be authorized by the MAC-based method.
It is not recommended to change a dynamic MAC address to a static one or delete it if the MAC address was authorized by the MAC-based authentication:
a. If a dynamic MAC address authenticated by MAC-based authentication is
changed to a static one, it will not be manually re-authenticated.
b. Removing a dynamic MAC address authenticated by the MAC-based
authentication causes its re-authentication.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 86
Page 88
3
802.1X Commands
Example
The following example enables MAC address
switchxxxxxx(config)#
switchxxxxxx(config-if)#
on port
gi1
interface
authentication based on 802.1x and the station’s
1:
gi1
1
dot1x authentication 802.1x mac

3.7 dot1x guest-vlan

To define a guest VLAN, use the dot1x guest-vlan mode command in Interface (VLAN) Configuration mode. To restore the default configuration, use the no form of this command.
Syntax
dot1x guest-vlan
no dot1x guest-vlan
Parameters
N/A
Default Configuration
No VLAN is defined as a guest VLAN.
Command Mode
Interface (VLAN) Configuration mode
User Guidelines
Use the dot1x guest-vlan enable command to enable unauthorized users on an interface to access the guest VLAN.
A device can have only one global guest VLAN.
The guest VLAN must be a static VLAN and it cannot be removed.
An unauthorized VLAN cannot be configured as guest VLAN.
87 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 89
802.1X Commands
3
Example
The following example defines VLAN 2 as a guest VLAN.
switchxxxxxx(config)#
switchxxxxxx(config-if)#
interface
dot1x guest-vlan
vlan
2

3.8 dot1x guest-vlan enable

To enable unauthorized users on the access interface to the guest VLAN, use the dot1x guest-vlan enable command in Interface Configuration mode. To disable access, use the no form of this command.
Syntax
dot1x guest-vlan enable
no dot1x guest-vlan enable
Parameters
N/A
Default Configuration
The default configuration is disabled.
Command Mode
Interface (Ethernet) Configuration mode
User Guidelines
The port cannot belong to the guest VLAN.
The guest VLAN and the WEB-Based authentication cannot be configured on a port at the same time.
This command cannot be configured if the monitoring VLAN is enabled on the interface.
If the port does not belong to the guest VLAN it
VLAN as an egress untagged port.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 88
The port is added to the guest
Page 90
3
802.1X Commands
If the authentication mode is single-host or multi-host, the value of PVID is set to the guest VLAN_ID.
If the authentication mode is multi-sessions mode, the PVID is not changed and all untagged traffic and tagged traffic not belonging to the unauthenticated VLANs from unauthorized hosts are mapped to the guest VLAN.
If 802.1X is disabled, the port static configuration is reset.
See the User Guidelines of the dot1x host-mode command for more information.
Example
The following example enables unauthorized users on gi11 to access the guest VLAN.
switchxxxxxx(config)#
switchxxxxxx(config-if)#
interface
dot1x guest-vlan enable
gi11

3.9 dot1x guest-vlan timeout

To set the time delay between enabling 802.1X (or port up) and adding a port to the guest VLAN, use the dot1x guest-vlan timeout command in Global Configuration mode. To restore the default configuration, use the no form of this command.
Syntax
dot1x guest-vlan timeout
no dot1x guest-vlan timeout
Parameters
timeout
port up) and adding the port to the guest VLAN. (Range: 30–180).
—Specifies the time delay in seconds between enabling 802.1X (or
timeout
Default Configuration
The guest VLAN is applied immediately.
Command Mode
Global Configuration mode
89 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 91
802.1X Commands
3
User Guidelines
This command is relevant if the guest VLAN is enabled on the port. Configuring the timeout adds a delay from enabling 802.1X (or port up) to the time the device adds the port to the guest VLAN.
Example
The following example sets the delay between enabling 802.1X and adding a port to a guest VLAN to 60 seconds.
switchxxxxxx(config)#
dot1x guest-vlan timeout
60

3.10 dot1x host-mode

To allow a single host (client) or multiple hosts on an IEEE 802.1X-authorized port, use the dot1x host-mode command in Interface Configuration mode. To restore the default configuration, use the no form of this command.
Syntax
|
dot1x host-mode {multi-host
Parameters
multi-host—Enable multiple-hosts mode.
single-host—Enable single-hosts mode.
multi-sessions—Enable multiple-sessions mode.
Default Configuration
single-host | multi-sessions}
Default mode is multi-host.
Command Mode
Interface (Ethernet) Configuration mode
User Guidelines
Single-Host Mode
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 90
Page 92
3
802.1X Commands
The single-host mode manages the authentication status of the port: the port is authorized if there is an authorized host. In this mode, only a single host can be authorized on the port.
When a port is unauthorized and the guest VLAN is enabled, untagged traffic is remapped to the guest VLAN. Tagged traffic is dropped unless the VLAN tag is the guest VLAN or the unauthenticated VLANs. If guest VLAN is not enabled on the port, only tagged traffic belonging to the unauthenticated VLANs is bridged.
When a port is authorized, untagged and tagged traffic from the authorized host is bridged based on the static vlan membership configured at the port. Traffic from other hosts is dropped.
A user can specify that untagged traffic from the authorized host will be remapped to a VLAN that is assigned by a RADIUS server during the authentication process. In this case, tagged traffic is dropped unless the VLAN tag is the RADIUS-assigned VLAN or the unauthenticated VLANs. See the dot1x
radius-attributes vlan command to enable RADIUS VLAN assignment at a port.
The switch removes from FDB all MAC addresses learned on a port when its authentication status is changed from authorized to unauthorized.
Multi-Host Mode
The multi-host mode manages the authentication status of the port: the port is authorized after at least one host is authorized.
When a port is unauthorized and the guest VLAN is enabled, untagged traffic is remapped to the guest VLAN. Tagged traffic is dropped unless the VLAN tag is the guest VLAN or the unauthenticated VLANs. If guest VLAN is not enabled on the port, only tagged traffic belonging to the unauthenticated VLANs is bridged.
When a port is authorized, untagged and tagged traffic from all hosts connected to the port is bridged based on the static vlan membership configured at the port.
A user can specify that untagged traffic from the authorized port will be remapped to a VLAN that is assigned by a RADIUS server during the authentication process. In this case, tagged traffic is dropped unless the VLAN tag is the RADIUS assigned VLAN or the unauthenticated VLANs. See the dot1x
radius-attributes vlan command to enable RADIUS VLAN assignment at a port.
The switch removes from FDB all MAC addresses learned on a port when its authentication status is changed from authorized to unauthorized.
Multi-Sessions Mode
Unlike the single-host and multi-host modes (port-based modes) the multi-sessions mode manages the authentication status for each host connected to the port (session-based mode). If the multi-sessions mode is configured on a port the port does have any authentication status. Any number of hosts can be
91 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 93
802.1X Commands
3
authorized on the port. The dot1x max-hosts command can limit the maximum number of authorized hosts allowed on the port.
Each authorized client requires a TCAM rule. If there is no available space in the TCAM, the authentication is rejected.
When using the dot1x host-mode command to change the port mode to single-host or multi-host when authentication is enabled, the port state is set to unauthorized.
If the dot1x host-mode command changes the port mode to multi-session when authentication is enabled, the state of all attached hosts is set to unauthorized.
To change the port mode to single-host or multi-host, set the port (dot1x port-control) to force-unauthorized, change the port mode to single-host or multi-host, and set the port to authorization auto.
multi-sessions mode cannot be configured on the same interface together with Policy Based VLANs configured by the following commands:
- switchport general map protocol-group vlans
- switchport general map macs-group vlans
Tagged traffic belonging to the unauthenticated VLANs is always bridged regardless if a host is authorized or not.
When the guest VLAN is enabled, untagged and tagged traffic from unauthorized hosts not belonging to the unauthenticated VLANs is bridged via the guest VLAN.
Traffic from an authorized hosts is bridged in accordance with the port static configuration. A user can specify that untagged and tagged traffic from the authorized host not belonging to the unauthenticated VLANs will be remapped to a VLAN that is assigned by a RADIUS server during the authentication process. See the dot1x radius-attributes vlan command to enable RADIUS VLAN assignment at a port.
The switch does not remove from FDB the host MAC address learned on the port when its authentication status is changed from authorized to unauthorized. The MAC address will be removed after the aging timeout expires.
Example
switchxxxxxx(config)#
interface
gi11
switchxxxxxx(config-if)#
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 92
dot1x host-mode multi-host
Page 94
3
802.1X Commands

3.11 dot1x max-hosts

To configure the maximum number of authorized hosts allowed on the interface, use the dot1x max-hosts command in Interface Configuration mode. To restore the default configuration, use the no form of this command.
Syntax
dot1x max-hosts
no dot1x max-hosts
Parameters
count
interface. May be any 32 bits positive number.
Default Configuration
No limitation.
Command Mode
Interface (Ethernet) Configuration mode
User Guidelines
By default, the number of authorized hosts allowed on an interface is not limited. To limit the number of authorized hosts allowed on an interface, use the dot1x max-hosts command.
This command is relevant only for multi-session mode.
count
—Specifies the maximum number of authorized hosts allowed on the
Example
The following example limits the maximum number of authorized hosts on Ethernet port gi11 to 6:
switchxxxxxx(config)#
switchxxxxxx(config-if)#
93 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
interface
dot1x max-hosts
gi1
1
6
Page 95
802.1X Commands
3

3.12 dot1x max-login-attempts

To set the maximum number of allowed login attempts, use the dot1x max-login-attempts command in Interface Configuration mode. To restore the default configuration, use the no form of this command.
Syntax
dot1x max-login-attempts
no dot1x max-login-attempts
Parameters
count
—Specifies the maximum number of allowed login attempts. A value
of 0 means an infinite numbers of attempts. The valid range is 3-10.
Default Configuration
Unlimited.
Command Mode
Interface (Ethernet) Configuration mode
User Guidelines
By default, the switch does not limit the number of failed login attempts. To specify the number of allowed fail login attempts, use this command. After this number of failed login attempts, the switch does not allow the host to be authenticated for a period defined by the dot1x timeout quiet-period command.
count
The command is applied only to the Web-based authentication.
Example
The following example sets maximum number of allowed login attempts to 5:
switchxxxxxx(config)#
switchxxxxxx(config-if)#
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 94
interface gi11
dot1x max-login-attempts 5
Page 96
3
802.1X Commands

3.13 dot1x max-req

To set the maximum number of times that the device sends an Extensible Authentication Protocol (EAP) request/identity frame (assuming that no response is received) to the client before restarting the authentication process, use the dot1x max-req command in Interface Configuration mode. To restore the default configuration, use the no form of this command.
Syntax
dot1x max-req
no dot1x max-req
Parameters
count
EAP request/identity frame before restarting the authentication process. (Range: 1–10).
Default Configuration
The default maximum number of attempts is 2.
Command Mode
Interface (Ethernet) Configuration mode
User Guidelines
The default value of this command should be changed only to adjust to unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers.
count
—Specifies the maximum number of times that the device sends an
Example
The following example sets the maximum number of times that the device sends an EAP request/identity frame to 6.
switchxxxxxx(config)#
switchxxxxxx(config-if)#
95 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
interface
dot1x max-req
gi1
1
6
Page 97
802.1X Commands
3

3.14 dot1x page customization

To enter Web-Based Page Customization Configuration mode, use the dot1x page customization command in Global Configuration mode.
Syntax
dot1x page customization
Parameters
N/A
Default Configuration
No user customization.
Command Mode
Global Configuration mode
User Guidelines
The command should not be entered or edited manually (unless when using copy-paste). It is a part of the configuration file produced by the switch.
A user must customize the web-based authentication pages by using the browser Interface.
Example
The following example shows part of a web-based page customization configuration:
switchxxxxxx(config)#
switchxxxxxx(config-web-page)#
switchxxxxxx(config-web-page)#
switchxxxxxx(config-web-page)#
dot1x page customization
data 1feabcde
data 17645874
exit
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 96
Page 98
3
802.1X Commands

3.15 dot1x port-control

To enable manual control of the port authorization state, use the dot1x port-control command in Interface Configuration mode. To restore the default configuration, use the no form of this command.
Syntax
|
dot1x port-control {auto
time-range-name
Parameters
]
auto—Enables 802.1X authentication on the port and causes it to transition
to the authorized or unauthorized state, based on the 802.1X authentication exchange between the device and the client.
force-authorized—Disables 802.1X authentication on the interface and
causes the port to transition to the authorized state without any authentication exchange required. The port sends and receives traffic without 802.1X-based client authentication.
force-authorized | force-unauthorized} [time-range
force-unauthorized—Denies all access through this port by forcing it to
transition to the unauthorized state and ignoring all attempts by the client to authenticate. The device cannot provide authentication services to the client through this port.
time-range
Range is not in effect, the port state is Unauthorized. (Range: 1-32 characters).
Default Configuration
The port is in the force-authorized state.
Command Mode
Interface (Ethernet) Configuration mode
User Guidelines
The switch removes all MAC addresses learned on a port when its authorization control is changed from force-authorized to another.
Note. It is recommended to disable spanning tree or to enable spanning-tree PortFast mode on 802.1X edge ports in auto state that are connected to end
time-range-name
—Specifies a time range. When the Time
97 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Page 99
802.1X Commands
3
stations, in order to proceed to the forwarding state immediately after successful authentication.
Example
The following example sets 802.1X authentication on gi11 to auto mode.
sing
switchxxxxxx(config)#
interface
gi1
1
switchxxxxxx(config-if)#
dot1x port-control auto

3.16 dot1x radius-attributes vlan

To enable RADIUS-based VLAN assignment, use the dot1x radius-attributes vlan command in Interface Configuration mode. To disable RADIUS-based VLAN assignment, use the no form of this command.
Syntax
dot1x radius-attributes vlan [reject | static]
no dot1x radius-attributes vlan
Parameters
reject—If the RADIUS server authorized the supplicant, but did not provide
a supplicant VLAN the supplicant is rejected. If the parameter is omitted, this option is applied by default.
static—If the RADIUS server authorized the supplicant, but did not provide
a supplicant VLAN, the supplicant is accepted.
Default Configuration
reject
Command Mode
Interface (Ethernet) Configuration mode
User Guidelines
If RADIUS provides invalid VLAN information, the authentication is rejected.
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide 98
Page 100
3
802.1X Commands
If a RADIUS server assigns a client with a non-existing VLAN, the switch creates the VLAN. The VLAN is removed when it is no longer being used.
If RADIUS provides valid VLAN information and the port does not belong to the VLAN received from RADIUS, it is added to the VLAN as an egress untagged port. When the last authorized client assigned to the VLAN becomes unauthorized or
802.1x is disabled on the port, the port is excluded from the VLAN.
If the authentication mode is single-host or multi-host, the value of PVID is set to the VLAN_ID.
If an authorized port in the single-host or multi-host mode changes its status to unauthorized, the port static configuration is reset.
If the authentication mode is multi-sessions mode, the PVID is not changed and all untagged traffic and tagged traffic not belonging to the unauthenticated VLANs are mapped to the VLAN using TCAM.
If the last authorized host assigned to a VLAN received from RADIUS connected to a port in the multi-sessions mode changes its status to unauthorized, the port is removed from the VLAN if it is not in the static configuration.
See the User Guidelines of the dot1x host-mode command for more information.
If 802.1X is disabled the port static configuration is reset.
If the reject keyword is configured and the RADIUS server authorizes the host but the RADIUS accept message does not assign a VLAN to the supplicant, authentication is rejected.
If the static keyword is configured and the RADIUS server authorizes the host then even though the RADIUS accept message does not assign a VLAN to the supplicant, authentication is accepted and the traffic from the host is bridged in accordance with port static configuration.
If this command is used when there are authorized ports/hosts, it takes effect at subsequent authentications. To manually re-authenticate, use the dot1x re-authenticate command.
The command cannot be configured on a port if it together with
WEB-Based authentication
Multicast TV-VLAN
Q-in-Q
Voice VLAN
99 Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
Loading...