Dell PowerConnect 3424P, PowerConnect 3448, PowerConnect 3424 User Manual

Dell™ PowerConnect™ 3400 Series
CLI Reference Guide
www.dell.com | support.dell.com
Notes, Notices, and Cautions
NOTE: A NOTE indicates important information that helps you make better use of your devices.
NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem.
CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death.
Information in this document is subject to change without notice. © 2006 Dell Inc. All rights reserved.
Reproduction in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. Trademarks used in this text: Dell, the DELL logo, and PowerConnect are trademarks of Dell Inc. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products.
Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
September 2006 Rev. A01
Contents
1 Command Groups
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Command Groups
AAA Commands
ACL Commands
Address Table Commands
Clock Commands
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Configuration and Image Files Commands
DHCP Filtering Commands
Ethernet Configuration Commands
GVRP Commands
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
IGMP Snooping Commands
IP Addressing
LACP Commands
LLDP Commands
Line Commands
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Management ACL Commands
PHY Diagnostics Commands
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
. . . . . . . . . . . . . . . . . . . . . . . 29
. . . . . . . . . . . . . . . . . . . . . . . . . . . 31
. . . . . . . . . . . . . . . . . . . . . . . . . . 35
. . . . . . . . . . . . . . . . . . . . . . . . . . . 36
. . . . . . . . . . . . . . . . . . . 29
Port Channel Commands
Port Monitor Commands
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Power-over-Ethernet Commands
QoS Commands
Radius Commands
RMON Commands
SNMP Commands
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
. . . . . . . . . . . . . . . . . . . . . . . . 37
Contents 3
Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
SSH Commands
Syslog Commands
System Management Commands
TACACS Commands
User Interface Commands
VLAN Commands
Web Server Commands
802.1x Commands
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
. . . . . . . . . . . . . . . . . . . . . . . . 43
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
2 Command Modes
GC (Global Configuration) Mode. . . . . . . . . . . . . . . . . . . . . . . . . 49
IC (Interface Configuration) Mode
LC (Line Configuration) Mode
MA (Management Access-level) Mode
MC (MST Configuration) Mode
ML (MAC Access-List) Mode
. . . . . . . . . . . . . . . . . . . . . . . . 53
. . . . . . . . . . . . . . . . . . . . . . . . . . 56
. . . . . . . . . . . . . . . . . . . . . 56
. . . . . . . . . . . . . . . . . . . . . . . . . 57
. . . . . . . . . . . . . . . . . . . . . . . . . . 57
3 Using the CLI
4 Contents
PE (Privileged EXEC) Mode
SP (SSH Public Key) Mode
UE (User EXEC) Mode
VC (VLAN Configuration) Mode
. . . . . . . . . . . . . . . . . . . . . . . . . . . 57
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
. . . . . . . . . . . . . . . . . . . . . . . . . 62
CLI Command Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Introduction User EXEC Mode Privileged EXEC Mode Global Configuration Mode Interface Configuration Mode and Specific Configuration Modes
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
. . . . . . . . . . . . . . . . . . . . . . . . . . . 65
. . . . . . . . . . . . . . . . . . . . . . . . . 66
. . . . 66
Starting the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Editing Features
Setup Wizard
Terminal Command Buffer Negating the Effect of Commands Command Completion Keyboard Shortcuts CLI Command Conventions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
. . . . . . . . . . . . . . . . . . . . . . . . . 69
. . . . . . . . . . . . . . . . . . . . . 70
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
. . . . . . . . . . . . . . . . . . . . . . . . . 71
4 AAA Commands
aaa authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
aaa authentication enable
login authentication
enable authentication
ip http authentication
ip https authentication
show authentication methods
password
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
. . . . . . . . . . . . . . . . . . . . . . . . . . 79
enable password
username
passwords min-length
passwords aging
password-aging
passwords history
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
passwords history hold-time
passwords lockout
aaa login-history file
set username active
set line active
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
. . . . . . . . . . . . . . . . . . . . . . . . . . 85
Contents 5
set enable-password active . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
show passwords configuration
show users login-history
show users accounts
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
. . . . . . . . . . . . . . . . . . . . . . . . . 89
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
5 ACL Commands
mac access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
deny (MAC)
service-acl
show access-lists
show interfaces access-lists
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
. . . . . . . . . . . . . . . . . . . . . . . . . . 97
6 Address Table Commands
bridge address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
bridge multicast filtering
bridge multicast address
bridge multicast forbidden address
. . . . . . . . . . . . . . . . . . . . . . . . . . . 100
. . . . . . . . . . . . . . . . . . . . . . . . . . . 101
. . . . . . . . . . . . . . . . . . . . . . 102
6 Contents
bridge multicast forward-all
. . . . . . . . . . . . . . . . . . . . . . . . . . 103
bridge multicast forbidden forward-all
bridge aging-time
clear bridge
port security
port security mode
port security max
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
port security routed secure-address
show bridge address-table
show bridge address-table static
. . . . . . . . . . . . . . . . . . . . . . . . . . 109
. . . . . . . . . . . . . . . . . . . . . . . 110
. . . . . . . . . . . . . . . . . . . . 104
. . . . . . . . . . . . . . . . . . . . . 108
show bridge address-table count . . . . . . . . . . . . . . . . . . . . . . . 111
show bridge multicast address-table
show bridge multicast filtering
show ports security
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
show ports security addresses
. . . . . . . . . . . . . . . . . . . . . 112
. . . . . . . . . . . . . . . . . . . . . . . . 114
. . . . . . . . . . . . . . . . . . . . . . . . 116
7 Clock
clock set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
clock source
clock timezone
clock summer-time
sntp authentication-key
sntp authenticate
sntp trusted-key
sntp client poll timer
sntp broadcast client enable
sntp anycast client enable
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
. . . . . . . . . . . . . . . . . . . . . . . . . 125
. . . . . . . . . . . . . . . . . . . . . . . . . . . 126
sntp client enable (Interface)
sntp unicast client enable
sntp unicast client poll
sntp server
show clock
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
show sntp configuration
show sntp status
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
. . . . . . . . . . . . . . . . . . . . . . . . . 126
. . . . . . . . . . . . . . . . . . . . . . . . . . . 127
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
8 Configuration and Image Files
copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Contents 7
delete. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
delete startup-config
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
dir
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
more
rename
boot system
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
show running-config
show startup-config
show bootvar
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
9 DHCP Filtering
ip dhcp filtering vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
ip dhcp filtering trust
show ip dhcp filtering
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
10 Ethernet Configuration Commands
interface ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
8 Contents
interface range ethernet
shutdown
description
speed
duplex
negotiation
flowcontrol
mdix
back-pressure
clear counters
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
set interface active . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
show interfaces advertise
show interfaces configuration
show interfaces status
show interfaces description
show interfaces counters
port storm-control include-multicast
port storm-control broadcast enable
port storm-control broadcast rate
show ports storm-control
. . . . . . . . . . . . . . . . . . . . . . . . . . . 159
. . . . . . . . . . . . . . . . . . . . . . . . . 162
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
. . . . . . . . . . . . . . . . . . . . . . . . . . 165
. . . . . . . . . . . . . . . . . . . . . . . . . . . 166
. . . . . . . . . . . . . . . . . . . . . 168
. . . . . . . . . . . . . . . . . . . . . 169
. . . . . . . . . . . . . . . . . . . . . . . 170
. . . . . . . . . . . . . . . . . . . . . . . . . . . 170
11 GVRP Commands
gvrp enable (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
gvrp enable (Interface)
garp timer
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
gvrp vlan-creation-forbid
gvrp registration-forbid
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
. . . . . . . . . . . . . . . . . . . . . . . . . . . 175
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
clear gvrp statistics
show gvrp configuration
show gvrp statistics
show gvrp error-statistics
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
. . . . . . . . . . . . . . . . . . . . . . . . . . . 179
12 IGMP Snooping Commands
ip igmp snooping (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
ip igmp snooping (Interface)
ip igmp snooping mrouter learn-pim-dvmrp
ip igmp snooping host-time-out
. . . . . . . . . . . . . . . . . . . . . . . . . . 181
. . . . . . . . . . . . . . . . . . 182
. . . . . . . . . . . . . . . . . . . . . . . . 183
Contents 9
ip igmp snooping mrouter-time-out . . . . . . . . . . . . . . . . . . . . . . 183
ip igmp snooping leave-time-out
show ip igmp snooping mrouter
show ip igmp snooping interface
show ip igmp snooping groups
. . . . . . . . . . . . . . . . . . . . . . . 184
. . . . . . . . . . . . . . . . . . . . . . . . 185
. . . . . . . . . . . . . . . . . . . . . . . 186
. . . . . . . . . . . . . . . . . . . . . . . . 187
13 IP Addressing Commands
ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
ip address dhcp
ip default-gateway
show ip interface
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
arp
arp timeout
clear arp-cache
show arp
ip domain-lookup
ip domain-name
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
14 LACP Commands
10 Contents
ip name-server
ip host
clear host
clear host dhcp
show hosts
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
lacp system-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
lacp port-priority
lacp timeout
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
show lacp ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
show lacp port-channel
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
15 Line Commands
line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
speed
autobaud
exec-timeout
history
history size
terminal history
terminal history size
show line
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
16 LLDP Commands
lldp enable (global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
lldp enable (interface)
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
lldp timer
lldp hold-multiplier
lldp reinit-delay
lldp tx-delay
lldp optional-tlv
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
lldp management-address
clear lldp rx
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
show lldp configuration
show lldp local
show lldp neighbors
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
. . . . . . . . . . . . . . . . . . . . . . . . . . . 219
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Contents 11
17 Management ACL
management access-list. . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
permit (Management)
deny (Management)
management access-class
show management access-list
show management access-class
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
. . . . . . . . . . . . . . . . . . . . . . . . . . 228
. . . . . . . . . . . . . . . . . . . . . . . . 229
. . . . . . . . . . . . . . . . . . . . . . . 230
18 PHY Diagnostics Commands
test copper-port tdr. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
show copper-ports tdr
show copper-ports cable-length
show fiber-ports optical-transceiver
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
. . . . . . . . . . . . . . . . . . . . . . . 232
. . . . . . . . . . . . . . . . . . . . . 233
19 Port Channel Commands
interface port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
interface range port-channel
channel-group
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
. . . . . . . . . . . . . . . . . . . . . . . . . 235
20 Port Monitor Commands
21 Power over Ethernet Commands
12 Contents
show interfaces port-channel
. . . . . . . . . . . . . . . . . . . . . . . . . 237
port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
port monitor vlan-tagging
show ports monitor
. . . . . . . . . . . . . . . . . . . . . . . . . . . 240
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
power inline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
power inline powered-device . . . . . . . . . . . . . . . . . . . . . . . . . 244
power inline priority
power inline usage-threshold
power inline traps enable
show power inline
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
. . . . . . . . . . . . . . . . . . . . . . . . . 245
. . . . . . . . . . . . . . . . . . . . . . . . . . . 246
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
22 QoS Commands
qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
show qos
priority-queue out num-of-queues
show qos interface
wrr-queue cos-map
qos map dscp-queue
qos trust (Global)
qos trust (Interface)
qos cos
show qos map
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
. . . . . . . . . . . . . . . . . . . . . . . 252
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
23 Radius Commands
radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
radius-server key
radius-server retransmit
radius-server source-ip
radius-server timeout
radius-server deadtime
show radius-servers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Contents 13
24 RMON Commands
show rmon statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
rmon collection history
show rmon collection history
show rmon history
rmon alarm
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
show rmon alarm-table
show rmon alarm
rmon event
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
show rmon events
show rmon log
rmon table-size
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
. . . . . . . . . . . . . . . . . . . . . . . . . 268
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
25 SNMP Commands
snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
snmp-server view
snmp-server group
snmp-server user
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
14 Contents
snmp-server engineID local
snmp-server enable traps
snmp-server filter
snmp-server host
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
snmp-server v3-host
. . . . . . . . . . . . . . . . . . . . . . . . . . 287
. . . . . . . . . . . . . . . . . . . . . . . . . . . 288
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
snmp-server trap authentication
snmp-server contact
snmp-server location
snmp-server set
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
. . . . . . . . . . . . . . . . . . . . . . . 292
show snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
show snmp engineid
show snmp views
show snmp groups
show snmp filters
show snmp users
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
26 Spanning-Tree Commands
spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
spanning-tree mode
spanning-tree forward-time
spanning-tree hello-time
spanning-tree max-age
spanning-tree priority
spanning-tree disable
spanning-tree cost
spanning-tree port-priority
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
. . . . . . . . . . . . . . . . . . . . . . . . . . 304
. . . . . . . . . . . . . . . . . . . . . . . . . . . 305
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
. . . . . . . . . . . . . . . . . . . . . . . . . . 308
spanning-tree portfast
spanning-tree link-type
spanning-tree pathcost method
spanning-tree bpdu
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
. . . . . . . . . . . . . . . . . . . . . . . . 310
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
clear spanning-tree detected-protocols
spanning-tree mst priority
spanning-tree mst max-hops
spanning-tree mst port-priority
spanning-tree mst cost
spanning-tree mst configuration
. . . . . . . . . . . . . . . . . . . . . . . . . . . 312
. . . . . . . . . . . . . . . . . . . . . . . . . 313
. . . . . . . . . . . . . . . . . . . . . . . . 314
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
. . . . . . . . . . . . . . . . . . . . . . . 315
. . . . . . . . . . . . . . . . . . . 312
Contents 15
instance (mst) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
name (mst)
revision (mst)
show (mst)
exit (mst)
abort (mst)
show spanning-tree
spanning-tree guard root
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
. . . . . . . . . . . . . . . . . . . . . . . . . . . 335
27 SSH Commands
ip ssh port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
ip ssh server
crypto key generate dsa
crypto key generate rsa
ip ssh pubkey-auth
crypto key pubkey-chain ssh
user-key
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
. . . . . . . . . . . . . . . . . . . . . . . . . 340
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
28 Syslog Commands
16 Contents
key-string
show ip ssh
show crypto key mypubkey
show crypto key pubkey-chain ssh
crypto slogin key generate dsa
crypto slogin key generate rsa
show crypto slogin key mypubkey
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
. . . . . . . . . . . . . . . . . . . . . . . . . . 345
. . . . . . . . . . . . . . . . . . . . . . 346
. . . . . . . . . . . . . . . . . . . . . . . . 347
. . . . . . . . . . . . . . . . . . . . . . . . 347
. . . . . . . . . . . . . . . . . . . . . . 348
logging on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
logging
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
logging console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
logging buffered
logging buffered size
clear logging
logging file
clear logging file
aaa logging
file-system logging
management logging
show logging
show logging file
show syslog-servers
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
29 System Management
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
traceroute
telnet
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
resume
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
reload
hostname
stack master
stack reload
stack display-order
show stack
show users
show sessions
show system
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Contents 17
show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
asset-tag
show system id
service cpu-utilization
show cpu utilization
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
30 TACACS+ Commands
tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
tacacs-server key
tacacs-server timeout
tacacs-server source-ip
show tacacs
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
31 User Interface
enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
disable
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
login
18 Contents
configure
exit (Configuration)
exit
end
help
terminal datadump
show history
show privilege
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
32 VLAN Commands
vlan database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
vlan
interface vlan
interface range vlan
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
name
private-vlan primary
private-vlan isolated
private-vlan community
switchport mode
switchport access vlan
switchport private-vlan
show vlan private-vlan
switchport trunk allowed vlan
switchport trunk native vlan
switchport general allowed vlan
switchport general pvid
switchport general ingress-filtering disable
switchport general acceptable-frame-type tagged-only
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
. . . . . . . . . . . . . . . . . . . . . . . . . 410
. . . . . . . . . . . . . . . . . . . . . . . . . . 410
. . . . . . . . . . . . . . . . . . . . . . . 411
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
. . . . . . . . . . . . . . . . . 413
. . . . . . . . . . . 413
switchport forbidden vlan
switchport customer vlan
ip internal-usage-vlan
mac-to-vlan
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
show vlan mac-to-vlan
show vlan
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
show vlan internal usage
show interfaces switchport
. . . . . . . . . . . . . . . . . . . . . . . . . . . 414
. . . . . . . . . . . . . . . . . . . . . . . . . . . 415
. . . . . . . . . . . . . . . . . . . . . . . . . . . 419
. . . . . . . . . . . . . . . . . . . . . . . . . . 419
Contents 19
33 Web Server
ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
ip http port
ip https server
ip https port
crypto certificate generate
crypto certificate request
crypto certificate import
ip https certificate
show crypto certificate mycertificate
show ip http
show ip https
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
. . . . . . . . . . . . . . . . . . . . . . . . . . 427
. . . . . . . . . . . . . . . . . . . . . . . . . . . 428
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
. . . . . . . . . . . . . . . . . . . . . 432
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
34 802.1x Commands
aaa authentication dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
dot1x system-auth-control
dot1x port-control
dot1x re-authentication
. . . . . . . . . . . . . . . . . . . . . . . . . . . 438
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
20 Contents
dot1x timeout re-authperiod
dot1x re-authenticate
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
dot1x timeout quiet-period
dot1x timeout tx-period
dot1x max-req
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
dot1x timeout supp-timeout
dot1x timeout server-timeout
show dot1x
show dot1x users
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
. . . . . . . . . . . . . . . . . . . . . . . . . . 440
. . . . . . . . . . . . . . . . . . . . . . . . . . . 441
. . . . . . . . . . . . . . . . . . . . . . . . . . 444
. . . . . . . . . . . . . . . . . . . . . . . . . 444
show dot1x statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
ADVANCED FEATURES
dot1x auth-not-req
dot1x multiple-hosts
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
dot1x single-host-violation
dot1x guest-vlan
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
dot1x guest-vlan enable
show dot1x advanced
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
. . . . . . . . . . . . . . . . . . . . . . . . . . 452
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
Contents 21
22 Contents
Command Groups
Introduction
The Command Language Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphical User Interface (GUI) driven software application. By directly entering commands, you achieve greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
You can configure and maintain a device by entering commands from the CLI, which is based solely on textual input and output; you enter commands using a terminal keyboard and the textual output displays via a terminal monitor. You can access the CLI from a VT100 terminal connected to the console port of the device or through a Telnet connection from a remote host.
The first time you use the CLI from the console a Setup Wizard is invoked. The Setup Wizard guides you in setting up a minimum configuration, so that the device can be managed from the Web Based Interface. Refer to the Getting Started Guide and User Guide for more information on the Setup Wizard.
This guide describes how the Command Line Interface (CLI) is structured, describes the command syntax, and describes the command functionality.
This guide also provides information for configuring the PowerConnect device, details the procedures, and provides configuration examples. Basic installation configuration is described in the User’s Guide and must be completed before using this document.
Command Groups
The system commands can be broken down into functional groups as shown below.
Command Group Description
AAA Configures connection security including authorization and
passwords.
ACL Configures and displays ACL information.
Address Table Configures bridging address tables.
Configuration and Image Files Manages the device configuration files.
Clock Configures clock commands on the device.
DHCP Filtering Configures DHCP filtering commands.
Command Groups 23
Ethernet Configuration Configures all port configuration options for, example ports, storm
GVRP Configures and displays GVRP configuration and information.
IGMP Snooping Configures IGMP snooping and displays IGMP configuration and
IP Addressing Configures and manages IP addresses on the device.
LACP Configures and displays LACP information.
Line Configures the console and remote Telnet connection.
LLDP Configures and displays LLDP information.
www.dell.com | support.dell.com
Management ACL Configures and displays management access-list information.
PHY Diagnostics Diagnoses and displays the interface status.
Port Channel Configures and displays Port Channel information.
Port Monitor Monitors activity on specific target ports.
QoS Configures and displays QoS information.
RADIUS Configures and displays RADIUS information.
RMON Displays RMON statistics.
SNMP Configures SNMP communities, traps and displays SNMP
Spanning Tree Configures and reports on Spanning Tree protocol.
SSH Configures SSH authentication.
Syslog Commands Manages and displays syslog messages.
System Management Configures the device clock, name and authorized users.
TACACS Configures TACACS+ commands.
User Interface Describes user commands used for entering CLI commands.
VLAN Configures VLANs and displays VLAN information.
Web Server Configures Web based access to the device.
802.1x Configures commands related to 802.1x security protocol.
control, and auto-negotiation.
IGMP information.
information.
24 Command Groups
AAA Commands
Command Group Description Access Mode
aaa authentication login Defines login authentication. Global
Configuration
aaa authentication enable Defines authentication method lists for accessing higher
privilege levels.
login authentication Specifies the login authentication method list for a
remote telnet or console.
enable authentication Specifies the authentication method list when accessing a
higher privilege level from a remote telnet or console.
ip http authentication Specifies authentication methods for HTTP server users. Global
ip https authentication Specifies authentication methods for HTTPS server users. Global
show authentication methods
password Specifies a password on a line. Line
enable password Sets a local password to control access to normal and
username Establishes a username-based authentication system. Global
passwords min-length Sets the minimum required length for passwords in the
passwords aging Sets the expiration time for username and enable
password-aging Sets the expiration time of line passwords in the local
passwords history
passwords history hold-time Sets the number of days a password is relevant for tracking
passwords lockout
aaa login-history file Enables writing to the login history file. Global
set username active
Displays information about the authentication methods. Privileged EXEC
privilege levels.
local database.
passwords.
database.
Sets the number of required password changes before a password in the local database can be reused.
its password history.
Sets the number of failed login attempts before a user account is locked.
Reactivates a locked user account.
Global Configuration
Line Configuration
Line Configuration
Configuration
Configuration
Configuration
Global Configuration
Configuration
Global Configuration
Global Configuration
Line Configuration
Global Configuration
Global Configuration
Global Configuration
Configuration
Privileged EXEC
Command Groups 25
set line active Reactivates a locked line. Privileged EXEC
set enable-password active Reactivates a locked local password. Privileged EXEC
show passwords configuration
show users login-history Displays information about the login history of users. Privileged EXEC
show users accounts Displays information about the local user database. Privileged EXEC
Displays information about password management. Privileged EXEC
ACL Commands
www.dell.com | support.dell.com
Command Group Description Access Mode
mac access-list Creates Layer 2 ACLs. Global
deny (MAC) Denies traffic if the conditions defined in the permit
service-acl Applies an ACL to the input interface. Interface (VLAN)
show access-lists Displays ACLs defined on the device. Privileged EXEC
show interfaces access­lists
Address Table Commands
Command Group Description Access Mode
bridge address Adds a static MAC-layer station source address to
bridge multicast filtering Enables filtering of multicast addresses. Global
bridge multicast address Registers MAC-layer multicast addresses to the
bridge multicast forbidden address
bridge multicast forward­all
bridge multicast forbidden forward-all
bridge aging-time Sets the address table aging time. Global
Configuration
MAC Access-List
statement match.
Displays access lists applied on interfaces. Privileged EXEC
the bridge table.
bridge table, and adds static ports to the group.
Forbids adding a specific multicast address to specific ports.
Enables forwarding all multicast frames on a port. Interface (VLAN)
Forbids a port from becoming a forward-all multicast port.
Configuration
Configuration
Interface (VLAN) Configuration
Configuration
Interface (VLAN) Configuration
Interface (VLAN) Configuration
Configuration
Interface (VLAN) Configuration
Configuration
26 Command Groups
clear bridge Removes any learned entries from the forwarding
database.
port security Disables new address learning/forwarding on an
interface.
port security mode Configures the port security learning mode. Interface
port security max Configures the maximum number of addresses that
may be learned on the port while the port is in port security mode.
port security routed secure-address
show bridge address-table Displays all entries in the bridge-forwarding
show bridge address-table static
show bridge address-table count
show bridge multicast address-table
show bridge multicast filtering
show ports security Displays the port-lock status. Privileged EXEC
show ports security addresses
Adds MAC-layer secure addresses to a routed port. Interface
database.
Displays statically created entries in the bridge­forwarding database
Displays the number of addresses present in the bridge-forwarding database.
Displays all entries in the bridge-forwarding database.
Displays the multicast filtering configuration. Privileged EXEC
Displays current dynamic addresses in locked ports. Privileged EXEC
.
Privileged EXEC
Interface Configuration
Configuration
Interface Configuration
Configuration
Privileged EXEC
Privileged EXEC
Privileged EXEC
Privileged EXEC
Command Groups 27
Clock Commands
Command Group Description Access Mode
clock set Manually sets the system clock. Privileged EXEC
clock source Configures an external time source for the system
clock timezone Sets the time zone for display purposes. Global
clock summer-time Configures the system to automatically switch to
www.dell.com | support.dell.com
sntp authentication-key Defines an authentication key for Simple Network
sntp authenticate Grants authentication for received Network Time
sntp trusted-key Authenticates the identity of a system to which
sntp client poll timer Sets the polling time for the Simple Network Time
sntp broadcast client enable
sntp anycast client enable Enables anycast clients. Global
sntp client enable (Interface)
sntp unicast client enable Enables the device to use the Simple Network Time
sntp unicast client poll Enables polling for the Simple Network Time
sntp server Configures the device to use the Simple Network
show clock Displays the time and date from the system clock. User EXEC
show sntp configuration Shows the configuration of the Simple Network
show sntp status Shows the status of the Simple Network Time
clock.
summer time (daylight saving time).
Time Protocol (SNTP).
Protocol (NTP) traffic from servers.
Simple Network Time Protocol (SNTP) will synchronize.
Protocol (SNTP) client.
Enables the Simple Network Time Protocol (SNTP) broadcast clients.
Enables the Simple Network Time Protocol (SNTP) client on an interface.
Protocol (SNTP) to request and accept Simple Network Time Protocol (SNTP) traffic from servers.
Protocol (SNTP) predefined unicast clients.
Time Protocol (SNTP) to request and accept Simple Network Time Protocol (SNTP) traffic from a server.
Time Protocol (SNTP).
Protocol (SNTP).
Global Configuration
Configuration
Global Configuration
Global Configuration
Global Configuration
Global Configuration
Global Configuration
Global Configuration
Configuration
Interface Configuration
Global Configuration
Global Configuration
Global Configuration
Privileged EXEC
Privileged EXEC
28 Command Groups
Configuration and Image Files Commands
Command Group Description Access Mode
copy Copies files from a source to a destination. Privileged EXEC
delete Deletes a file from a Flash memory device. Privileged EXEC
delete startup-config Deletes the startup-config file. Privileged EXEC
dir Displays a list of files on a flash file system. Privileged EXEC
more Displays a file. Privileged EXEC
rename Renames a file. Privileged EXEC
boot system Specifies the system image that the device loads at
startup.
show running-config Displays the contents of the currently running
configuration file.
show startup-config Displays the startup configuration file contents. Privileged EXEC
show bootvar Displays the active system image file that the device
loads at startup.
Privileged EXEC
Privileged EXEC
Privileged EXEC
DHCP Filtering Commands
Command Group Description Access Mode
ip dhcp filtering vlan Enable filtering of DHCP requests on a VLAN. Global
Configuration
ip dhcp filtering trust Configure a port as trusted for DHCP filtering
purposes.
show ip dhcp filtering Display the DHCP filtering configuration. EXEC
Interface Configuration
Ethernet Configuration Commands
Command Group Description Access Mode
interface ethernet Enters the interface configuration mode to
configure an Ethernet type interface.
interface range ethernet Enters the interface configuration mode to
configure multiple Ethernet type interfaces.
shutdown Disables interfaces. Interface
Global Configuration
Global Configuration
Configuration
Command Groups 29
description Adds a description to an interface. Interface
duplex Configures the full/half duplex operation of a given
speed Configures the speed of a given Ethernet interface
negotiation Enables auto-negotiation operation for the speed
flowcontrol Configures the Flow Control on a given interface. Interface
www.dell.com | support.dell.com
mdix Enables automatic crossover on a given interface. Interface
back-pressure Enables Back Pressure on a given interface. Interface
clear counters Clears statistics on an interface. User EXEC
set interface active Reactivates an interface that was suspended by the
show interfaces advertise Displays auto negotiation advertisement data. Privileged EXEC
show interfaces configuration
show interfaces status Displays the status for all interfaces. Privileged EXEC
show interfaces description
show interfaces counters Displays traffic seen by the physical interface. Privileged EXEC
port storm-control include-multicast
port storm-control broadcast enable
port storm-control broadcast rate
show ports storm-control Displays the storm control configuration. Privileged User
Configuration
Interface
Ethernet interface when not using auto-negotiation.
when not using auto-negotiation.
and duplex parameters of a given interface.
system.
Displays the configuration for all interfaces. Privileged EXEC
Displays the description for all interfaces. Privileged EXEC
Enables the device to count multicast packets with broadcast packets.
Enables broadcast storm control. Interface
Configures the maximum broadcast rate. Interface
Configuration
Interface Configuration
Interface Configuration
Configuration
Configuration
Configuration
Privileged EXEC
Interface Configuration
Configuration
Configuration
EXEC
30 Command Groups
GVRP Commands
Command Group Description Mode
gvrp enable (Global) Enables GVRP globally. Global
Configuration
gvrp enable (Interface) Enables GVRP on an interface. Interface
Configuration
garp timer Adjusts the GARP application join, leave, and
leaveall GARP timer values.
gvrp vlan-creation-forbid Enables or disables dynamic VLAN creation. Interface
gvrp registration-forbid De-registers all VLANs, and prevents dynamic
VLAN registration on the port.
clear gvrp statistics Clears all the GVRP statistics information. Privileged EXEC
show gvrp configuration Displays GVRP configuration information. User EXEC
show gvrp statistics Displays GVRP statistics. User EXEC
show gvrp error-statistics Displays GVRP error statistics. User EXEC
Interface Configuration
Configuration
Interface Configuration
IGMP Snooping Commands
Command Group Description Access Mode
ip igmp snooping (Global)
ip igmp snooping (Interface)
ip igmp snooping mrouter learn-pim-dvmrp
ip igmp snooping host­time-out
ip igmp snooping mrouter-time-out
ip igmp snooping leave­time-out
show ip igmp snooping mrouter
show ip igmp snooping interface
Enables Internet Group Management Protocol (IGMP) snooping.
Enables Internet Group Management Protocol (IGMP) snooping on a specific VLAN.
Enables automatic learning of multicast router ports.
Configures the host-time-out. Interface (VLAN)
Configures the mrouter-time-out. Interface (VLAN)
Configures the leave-time-out. Interface (VLAN)
Displays information on dynamically learned multicast router interfaces.
Displays IGMP snooping configuration. User EXEC
Global Configuration
Interface (VLAN)
Interface (VLAN)
User EXEC
Command Groups 31
show ip igmp snooping groups
IP Addressing
Command Group Description Access Mode
ip address
ip address dhcp Acquires an IP address on an interface from the
www.dell.com | support.dell.com
ip default-gateway
show ip interface Displays the usability status of interfaces configured
arp Adds a permanent entry in the ARP cache. Global
arp timeout Configures how long an entry remains in the ARP
clear arp-cache Deletes all dynamic entries from the ARP cache. Privileged EXEC
show arp Displays entries in the ARP table. Privileged EXEC
ip domain-lookup Enables the IP Domain Naming System (DNS)-based
ip domain-name Defines a default domain name, that the software
ip name-server Sets the available name servers.
ip host Defines static host name-to-address mapping in the
clear host Deletes entries from the host name-to-address cache.
clear host dhcp Deletes entries from the host name-to-address
show hosts Displays the default domain name, a list of name
Displays multicast groups learned by IGMP snooping.
Sets an IP address.
DHCP server.
Defines a default gateway (router).
for IP.
cache.
host name-to-address translation.
uses to complete unqualified host names.
host cache.
mapping received from Dynamic Host Configuration Protocol (DHCP).
server hosts, the static and cached list of host names and addresses.
User EXEC
Interface Configuration
Interface Configuration
Global Configuration
Privileged EXEC
Configuration
Global Configuration
Global Configuration
Global Configuration
Global Configuration
Global Configuration
Privileged EXEC
Privileged EXEC
Privileged EXEC
32 Command Groups
LACP Commands
Command Group Description Access Mode
lacp system-priority Configures the system LACP priority. Global
Configuration
lacp port-priority Configures the priority value for physical ports. Interface
Configuration
lacp timeout Assigns an administrative LACP timeout. Interface
Configuration
show lacp ethernet Displays LACP information for Ethernet ports. Privileged EXEC
show lacp port-channel
Displays LACP information for a port-channel.
Privileged EXEC
Command Groups 33
LLDP Commands
Command Group Description Access Mode
lldp enable (global) Enables Link Layer Discovery Protocol. Global
lldp enable (interface) Enables Link Layer Discovery Protocol (LLDP) on an
lldp timer Specifies how often the software sends Link Layer
www.dell.com | support.dell.com
lldp hold-multiplier Specifies the amount of time the receiving device should
lldp reinit-delay Specifies the minimum time an LLDP port will wait
lldp tx-delay Specifies the delay between successive LLDP frame
lldp optional-tlv Specifies which optional TLVs from the basic set should
lldp management­address
clear lldp rx Restarts the LLDP RX state machine and clears the
show lldp configuration
show lldp local Displays the Link Layer Discovery Protocol (LLDP)
show lldp neighbors Displays information about discovered neighboring
interface.
Discovery Protocol (LLDP) updates.
hold a Link Layer Discovery Protocol packet before discarding it.
before reinitializing LLDP transmission.
transmissions initiated by value/status changes in the LLDP local systems MIB.
be transmitted.
Specifies the management address that would be advertised from an interface.
neighbors table.
Displays the Link Layer Discovery Protocol (LLDP) configuration.
information that is advertised from a specific port.
devices using Link Layer Discovery Protocol (LLDP)
configuration
Interface configuration (Ethernet)
Global configuration
Global configuration
Global configuration
Global configuration
Interface configuration (Ethernet)
Interface configuration (Ethernet)
Privileged EXEC
Privileged EXEC
Privileged EXEC
Privileged EXEC
34 Command Groups
Line Commands
Command Group Description Access Mode
line Identifies a specific line for configuration and enters
the line configuration command mode.
speed Configures the baud rate of the line. Line
autobaud Configures the line for automatic baud rate
detection (autobaud).
exec-timeout Configures the interval that the system waits until
user input is detected.
history Enables the command history function. Line
history size Configures the command history buffer size for a
particular line.
terminal history Enables the command history function for the
current terminal session.
terminal history size Configures the command history buffer size for the
current terminal session.
show line Displays line parameters. User EXEC
Global Configuration
Configuration
Line Configuration
Line Configuration
Configuration
Line Configuration
User EXEC
User EXEC
Management ACL Commands
Command Group Description Access Mode
management access-list Defines a management access-list, and enters the
access-list for configuration.
permit (Management) Defines a permit rule. Management
deny (Management) Defines a deny rule. Management
management access-class Defines which management access-list is used. Global
show management access-list
show management access-class
Displays management access-lists. Privileged EXEC
Displays the active management access-list. Privileged EXEC
Global Configuration
Access-level
Access-level
Configuration
Command Groups 35
PHY Diagnostics Commands
Command Group Description Access Mode
test copper-port tdr Diagnoses with TDR (Time Domain Reflectometry)
show copper-ports tdr Displays the last TDR (Time Domain
show copper-ports cable-length
www.dell.com | support.dell.com
show fiber-ports optical-transceiver
Port Channel Commands
Command Group Description Access Mode
interface port-channel Enters the interface configuration mode of a specific
interface range port­channel
channel-group Associates a port with a port-channel. Interface
show interfaces port­channel
Privileged EXEC technology the quality and characteristics of a copper cable attached to a port.
User EXEC Reflectometry) tests on specified ports.
Displays the estimated copper cable length attached to a port.
Displays the optical transceiver diagnostics. Privileged EXEC
port-channel.
Enters the interface configuration mode to configure multiple port-channels.
Displays port-channel information. Privileged EXEC
User EXEC
Global
Configuration
Global
Configuration
Configuration
Port Monitor Commands
Command Group Description Access Mode
port monitor Starts a port monitoring session. Interface
port monitor vlan­tagging
show ports monitor Displays port monitoring status. User EXEC
36 Command Groups
Configuration
Transmits tagged ingress mirrored packets. Interface
Configuration
Power-over-Ethernet Commands
Command Group Description Access Mode
power inline Configures the administrative mode of the inline
power on an interface.
power inline powered­device
power inline priority Displays port monitoring status. Interface
power inline usage­threshold
power inline traps enable
show power inline Displays port monitoring status. User EXEC
Adds a description of the powered device type attached to the interface.
Configures the administrative mode of the inline power on an interface.
Adds a description of the powered device type attached to the interface.
Interface Configuration
Interface Configuration
Configuration
Global Configuration
Global Configuration
QoS Commands
Command Group Description Access Mode
qos Enables quality of service (QoS) on the device and
enters QoS basic mode.
show qos Displays the QoS status. User EXEC
wrr-queue cos-map
priority-queue out num-of-queues
show qos interface Displays interface QoS data. User EXEC
qos map dscp-queue Modifies the DSCP to CoS map. Global
qos trust (Global) Configures the system to basic mode and the "trust"
qos trust (Interface) Enables each port trust state. Interface
qos cos Configures the default port CoS value. Interface
show qos map Displays all the maps for QoS. User EXEC
Maps assigned CoS values to select one of the egress queues.
Configures the number of expedite queues. Global
state.
Global Configuration
Global Configuration
Configuration
Configuration
Global Configuration
Configuration
Configuration
Command Groups 37
Radius Commands
Command Group Description Access Mode
radius-server host Specifies a RADIUS server host. Global
radius-server key Sets the authentication and encryption key for all
radius-server retransmit
www.dell.com | support.dell.com
radius-server source-ip Specifies the source IP address used for
radius-server timeout Sets the interval for which a device waits for a server
radius-server deadtime Improves RADIUS response times when servers are
show radius-servers Displays the RADIUS server settings. Privileged EXEC
RMON Commands
Command Group Description Mode
show rmon statistics Displays RMON Ethernet Statistics. User EXEC
rmon collection history Enables a Remote Monitoring (RMON) MIB history
show rmon collection history
show rmon history Displays RMON Ethernet statistics history. User EXEC
rmon alarm Configures alarm conditions. Global
show rmon alarm-table Displays the alarms table. User EXEC
show rmon alarm Displays alarm configurations. User EXEC
rmon event Configures a RMON event. Global
show rmon events Displays the RMON event table. User EXEC
show rmon log Displays the RMON logging table. User EXEC
rmon table-size Configures the maximum RMON tables sizes. Global
Configuration
Global RADIUS communications between the device and the RADIUS daemon.
Specifies the number of times the software searches the list of RADIUS server hosts.
communication with RADIUS servers.
host to reply.
unavailable.
statistics group on an interface.
Displays the requested history group configuration. User EXEC
Configuration
Global
Configuration
Global
Configuration
Global
Configuration
Global
Configuration
Interface
Configuration
Configuration
Configuration
Configuration
38 Command Groups
SNMP Commands
Command Group Description Access Mode
snmp-server community
snmp-server view Creates and modifies view entries. Global
snmp-server group Configures a new SNMP group or a table that maps
snmp-server user Configures a new SNMP v3 user. Global
snmp-server engineID local
snmp-server enable traps
snmp-server filter Creates and modifies filter entries. Global
snmp-server host Specifies an SNMP notification recipient. Global
snmp-server v3-host Specifies an SNMP v3 notification recipient. Global
snmp-server trap authentication
snmp-server contact Sets up a system contact. Global
snmp-server location Sets up the information on where the device is
snmp-server set Sets SNMP MIB value by the CLI. Global
show snmp Displays the SNMP status. Privileged EXEC
show snmp engineid Displays the local SNMP EngineID. Privileged EXEC
show snmp views Displays the configuration of SNMP views. Privileged EXEC
show snmp groups Displays the configuration of SNMP groups. Privileged EXEC
show snmp filters Displays the configuration of SNMP filters. Privileged EXEC
show snmp users Displays the configuration of SNMP users. Privileged EXEC
Sets up the community access string to permit access to SNMP protocol.
SNMP users to SNMP views.
Specifies an SNMP EngineID on the local device. Global
Enables the device to send SNMP traps or SNMP notifications.
Enables the device to send Simple Network Management Protocol traps when authentication failed.
located.
Global Configuration
Configuration
Global Configuration
Configuration
Configuration
Global Configuration
Configuration
Configuration
Configuration
Global Configuration
Configuration
Global Configuration
Configuration
Command Groups 39
Spanning Tree Commands
Command Group Description Access Mode
spanning-tree Enables spanning tree functionality. Global
spanning-tree mode Configures the spanning tree protocol. Global
spanning-tree forward­time
spanning-tree hello-
www.dell.com | support.dell.com
time
spanning-tree max-age Configures the spanning tree bridge maximum age. Global
spanning-tree priority Configures the spanning tree priority. Global
spanning-tree disable Disables spanning tree on a specific port. Interface
spanning-tree cost Configures the spanning tree path cost for a port. Interface
spanning-tree port­priority
spanning-tree portfast Enables PortFast mode. Interface
spanning-tree link-type
spanning-tree pathcost method
spanning-tree bpdu Defines BPDU handling when spanning tree is
clear spanning-tree detected-protocols
spanning-tree mst priority
spanning-tree mst max-hops
spanning-tree mst port-priority
Configuration
Configuration
Configures the spanning tree bridge forward time. Global
Configuration
Configures the spanning tree bridge Hello Time. Global
Configuration
Configuration
Configuration
Configuration
Configuration
Configures port priority. Interface
Configuration
Configuration
Overrides the default link-type setting
Sets the default path cost method. Global
disabled on an interface.
Restarts the protocol migration process on all interfaces or on the specified interface.
Configures the device priority for the specified spanning-tree instance.
Configures the number of hops in an MST region before the BDPU is discarded and the port information is aged out.
Configures the priority of a port. Interface
. Interface
Configuration
Configuration
Global
Configuration
Privileged EXEC
Global
Configuration
Global
Configuration
Configuration
40 Command Groups
spanning-tree mst cost Configures the path cost for multiple spanning tree
(MST) calculations.
spanning-tree mst configuration
instance (mst) Maps VLANs to the MST instance. MST Configuration
name (mst) Defines the configuration name. MST Configuration
revision (mst) Defines the configuration revision number. MST Configuration
show (mst) Displays the current or pending MST region
exit (mst) Exits the MST region configuration mode and
abort (mst) Exits the MST region configuration mode without
show spanning-tree Displays spanning tree configuration. Privileged EXEC
spanning-tree guard root
Enables configuring an MST region by entering the Multiple Spanning Tree (MST) mode.
configuration.
applies all configuration changes.
applying configuration changes.
Enables root guard on all the spanning tree instances in the interface.
Interface Configuration
Global Configuration
MST Configuration
MST Configuration
MST Configuration
Interface Configuration
SSH Commands
Command Group Description Access Mode
ip ssh port Specifies the port to be used by the SSH server. Global
Configuration
ip ssh server Enables the device to be configured from a SSH
server.
crypto key generate dsa Generates DSA key pairs. Global
crypto key generate rsa Generates RSA key pairs. Global
ip ssh pubkey-auth Enables public key authentication for incoming SSH
sessions.
crypto key pubkey­chain ssh
user-key Specifies which SSH public key is manually
key-string Manually specifies a SSH public key. SSH Public Key
show ip ssh Displays the SSH server configuration. Privileged EXEC
Enters SSH Public Key-chain configuration mode. Global
configured and enters the SSH public key-string configuration command.
Global Configuration
Configuration
Configuration
Global Configuration
Configuration
SSH Public Key
Command Groups 41
show crypto key mypubkey
show crypto key pubkey-chain ssh
crypto slogin key generate dsa
crypto slogin key generate rsa
show crypto slogin key mypubkey
www.dell.com | support.dell.com
Syslog Commands
Command Group Description Access Mode
logging on Controls error messages logging. Global
logging Logs messages to a syslog server. Global
logging console Limits messages logged to the console based on
logging buffered Limits syslog messages displayed from an internal
logging buffered size Changes the number of syslog messages stored in
clear logging Clears messages from the internal logging buffer. Privileged EXEC
logging file Limits syslog messages sent to the logging file based
clear logging file Clears messages from the logging file. Privileged EXEC
aaa logging Enables logging AAA login events. Global
file-system logging Enables logging file system events. Global
management logging Enables logging management access list events. Global
show logging Displays the state of logging and the syslog messages
show logging file Displays the state of logging and the syslog messages
Displays the SSH public keys stored on the device. Privileged EXEC
Displays SSH public keys stored on the device. Privileged EXEC
Generates DSA key pairs for secure login to a remote access server.
Generates RSA key pairs for secure login to a remote access server.
Displays the secure login public key of the device. Privileged EXEC
severity.
buffer based on severity.
the internal buffer.
on severity.
stored in the internal buffer.
stored in the logging file.
Global
Configuration
Global
Configuration
Configuration
Configuration
Global
Configuration
Global
Configuration
Global
Configuration
Global
Configuration
Configuration
Configuration
Configuration
Privileged EXEC
Privileged EXEC
42 Command Groups
show syslog-servers Displays the syslog servers settings. Privileged EXEC
System Management Commands
Command Group Description Access Mode
ping Sends ICMP echo request packets to another node
on the network.
traceroute Discovers the routes that packets will actually take
when traveling to their destination.
telnet Logs in to a host that supports Telnet.
resume Switches to another open Telnet session
reload
hostname Specifies or modifies the device host name. Global
stack master Forces selection of a stack master. Global
stack reload Reloads stack members. Privileged EXEC
stack display-order Configures the display order of the units in a stack. Global
show stack Displays information about stack status. User EXEC
show users Displays information about the active users. User EXEC
show sessions Lists the open Telnet sessions.
show system Displays system information. User EXEC
show version Displays the system version information. User EXEC
asset-tag Specifies the device asset-tag. Global
show system id Displays the service ID information. User EXEC
service cpu-utilization Enables measuring CPU utilization. Global
show cpu utilization Displays information about the CPU utilization of
Reloads the operating system. Privileged EXEC
active processes.
User EXEC
User EXEC
User EXEC
User EXEC
Configuration
Configuration
Configuration
User EXEC
Configuration
Configuration
Privileged EXEC
Command Groups 43
TACACS Commands
Command Group Description Mode
tacacs-server host Specifies a TACACS+ host. Global
tacacs-server key Sets the authentication encryption key used for all
tacacs-server source-ip Specifies the source IP address that will be used for the
www.dell.com | support.dell.com
tacacs-server timeout Sets the timeout value. Global
show tacacs Displays configuration and statistics for a TACACS+
User Interface Commands
Command Group Description Access Mode
enable Enters the privileged EXEC mode. User EXEC
disable Returns to User EXEC mode. Privileged EXEC
login Changes a login username. Priv/User EXEC
configure
exit (Configuration) Exits any configuration mode to the next highest
exit Closes an active terminal session by logging off the
end Ends the current configuration session and returns to
help Displays a brief description of the help system. All
terminal datadump Enables dumping all output of a show command
show history Lists the commands entered in the current session. Privileged EXEC
show privilege Displays the current privilege level. User EXEC
TACACS+ communications between the device and the TACACS+ daemon.
communication with TACACS+ servers.
servers.
Enables the global configuration mode.
mode in the CLI mode hierarchy.
device.
the Privileged EXEC mode.
without prompting.
Configuration
Global Configuration
Global Configuration
Configuration
Privileged EXEC
Privileged EXEC
All
Priv/User EXEC
After Privileged EXEC
User EXEC
44 Command Groups
VLAN Commands
Command Group Description Access Mode
vlan database Enters the VLAN database configuration mode. Global
Configuration
vlan Creates a VLAN. VLAN Database
interface vlan Enters the interface configuration (VLAN) mode. Global
Configuration
interface range vlan Enters the interface configuration mode to configure
multiple VLANs.
name Configures a name to a VLAN. Interface (VLAN)
private-vlan primary Defines the primary PVLAN. Interface (VLAN)
private-vlan isolated Defines the isolated VLAN of the PVLAN. Interface (VLAN)
private-vlan community
switchport mode Configures the VLAN membership mode of a port. Interface
switchport access vlan Configures the VLAN ID when the interface is in
switchport private-vlan Defines the private-vlan port VLANs. Interface
show vlan private-vlan Displays information about private VLANs. Privileged EXEC
switchport trunk allowed vlan
switchport trunk native vlan
switchport general allowed vlan
switchport general pvid Configures the PVID when the interface is in general
switchport general ingress-filtering disable
Associates the primary VLAN and community VLANs. Interface (VLAN)
access mode.
Adds or removes VLANs from a port in general mode. Interface
Defines the port as a member of the specified VLAN, and the VLAN ID is the "port default VLAN ID (PVID)".
Adds or removes VLANs from a general port. Interface
mode.
Disables port ingress filtering. Interface
Global Configuration
Configuration
Configuration
Configuration
Configuration
Configuration
Interface Configuration
Configuration
Configuration
Interface Configuration
Configuration
Interface Configuration
Configuration
Command Groups 45
switchport general acceptable-frame-type tagged-only
switchport forbidden vlan
switchport customer vlan
ip internal-usage-vlan Reserves a VLAN as the internal usage VLAN of an
mac-to-vlan Adds MAC addresses to the MAC-to-VLAN database. VLAN
www.dell.com | support.dell.com
show vlan mac-to-vlan Displays the MAC-to-VLAN database. Privileged EXEC
show vlan Displays VLAN information. Privileged EXEC
show vlan internal usage
show interfaces switchport
Web Server Commands
Command Group Description Access Mode
ip http server Enables the device to be configured from a browser. Global
ip http port Specifies the TCP port for use by a web browser to
ip https port Configures a TCP port for use by a secure web browser
ip https server Enables the device to be configured from a secured
crypto certificate generate
crypto certificate request
crypto certificate import
ip https certificate Configures the active certificate for HTTPS. Global
Discards untagged frames at ingress. Interface
Configuration
Forbids adding specific VLANs to a port. Interface
Configuration
Sets the port’s VLAN when the interface is in customer mode.
interface.
Displays a list of VLANs used internally by the device. Privileged EXEC
Displays switchport configuration. Privileged EXEC
configure the device.
to configure the device.
browser.
Generates a HTTPS certificate. Global
Generates and displays certificate requests for HTTPS. Privileged EXEC
Imports a certificate signed by Certification Authority for HTTPS.
Interface
Configuration
Interface Configuration
Configuration
Configuration
Global Configuration
Global Configuration
Global Configuration
Configuration
Global Configuration
Configuration
46 Command Groups
show ip http Displays the HTTP server configuration. Privileged EXEC
show ip https Displays the HTTPS server configuration. Privileged EXEC
show crypto certificate mycertificate
Displays the SSL certificates of the device. Privileged EXEC
802.1x Commands
Command Description Access Mode
aaa authentication dot1x
dot1x system-auth­control
dot1x port-control Enables manual control of the authorization state of
dot1x re­authentication
dot1x timeout re­authperiod
dot1x re-authenticate Manually initiates a re-authentication of all 802.1x-
dot1x timeout quiet­period
dot1x timeout tx­period
dot1x max-req Sets the maximum number of times that the device
dot1x timeout supp­timeout
dot1x timeout server­timeout
show dot1x Allows multiple hosts on an 802.1x-authorized port,
Specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1x.
Enables 802.1x globally. Global
the port
Enables periodic re-authentication of the client. Interface
Sets the number of seconds between re-authentication attempts.
enabled ports or the specified 802.1x-enabled port.
Sets the number of seconds that the device remains in the quiet state following a failed authentication exchange.
Sets the number of seconds that the device waits for a response to an Extensible Authentication Protocol (EAP) - request/identity frame from the client, before resending the request.
sends an EAP - request/identity frame to the client, before restarting the authentication process.
Sets the time for the retransmission of an Extensible Authentication Protocol (EAP)-request frame to the client.
Sets the time for the retransmission of packets to the authentication server.
that has the dot1x port-control interface configuration command set to auto.
Global Configuration
Configuration
Interface Configuration
Configuration
Interface Configuration
Privileged EXEC
Interface Configuration
Interface Configuration
Interface Configuration
Interface Configuration
Interface Configuration
Privileged EXEC
Command Groups 47
show dot1x users
show dot1x statistics Displays 802.1x statistics for the specified interface. Privileged EXEC
dot1x auth-not-req Enables unauthorized users access to that VLAN. Interface (VLAN)
dot1x multiple-hosts Allows multiple hosts (clients) on an 802.1x-
dot1x single-host­violation
www.dell.com | support.dell.com
dot1x guest-vlan Defines a guest VLAN. Interface
dot1x guest-vlan enable
show dot1x advanced Displays 802.1x advanced features for the device or for
Displays active 802.1x authenticated users.
authorized port, that has the dot1x port-control Interface Configuration mode command set to auto.
Configures the action to be taken, when a station whose MAC address is not the supplicant MAC address, attempts to access the interface.
Enables unauthorized users on the interface to access the guest VLAN.
the specified interface.
Privileged EXEC
Configuration
Interface Configuration
Interface Configuration
Configuration
Interface Configuration
Privileged EXEC
48 Command Groups
Command Modes
GC (Global Configuration) Mode
Command Description
aaa authentication enable Defines authentication method lists for accessing higher privilege
levels.
aaa authentication login Defines login authentication.
aaa authentication dot1x Specifies one or more authentication, authorization, and accounting
(AAA) methods for use on interfaces running IEEE 802.1x.
aaa logging Enables logging AAA login events.
aaa login-history file Enables writing to the login history file.
arp Adds a permanent entry in the ARP cache.
arp timeout Configures how long an entry remains in the ARP cache
asset-tag Specifies the device asset-tag.
bridge aging-time Sets the address table aging time.
bridge multicast filtering Enables filtering of multicast addresses.
clock source Configures an external time source for the system clock
clock timezone Sets the time zone for display purposes
clock summer-time Configures the system to automatically switch to summer time
(daylight saving time).
crypto certificate generate Generates a HTTPS certificate.
crypto certificate import Imports a certificate signed by Certification Authority for HTTPS.
crypto key generate dsa Generates DSA key pairs.
crypto key generate rsa Generates RSA key pairs.
crypto key pubkey-chain ssh Enters SSH Public Key-chain configuration mode.
crypto slogin key generate dsa Generates DSA key pairs for secure login to a remote access server.
crypto slogin key generate rsa Generates RSA key pairs for secure login to a remote access server.
dot1x system-auth-control Enables 802.1x globally.
Command Modes 49
enable password Sets a local password to control access to normal and privilege levels.
end Ends the current configuration session and returns to the previous
file-system logging Enables logging file system events.
gvrp enable (Global) Enables GVRP globally.
hostname Specifies or modifies the device host name.
interface ethernet Enters the interface configuration mode to configure an Ethernet
interface port-channel Enters the interface configuration mode of a specific port-channel.
www.dell.com | support.dell.com
interface range ethernet Enters the interface configuration mode to configure multiple
interface range port-channel Enters the interface configuration mode to configure multiple port-
interface range vlan Enters the interface configuration mode to configure multiple
interface vlan Enters the interface configuration (VLAN) mode.
ip default-gateway Defines a default gateway.
ip domain-lookup Enables the IP Domain Naming System (DNS)-based host name-to-
ip domain-name Defines a default domain name, that the software uses to complete
ip host Defines static host name-to-address mapping in the host cache.
ip http authentication Specifies authentication methods for HTTP server users.
ip http port Specifies the TCP port for use by a web browser to configure the
ip http server Enables the device to be configured from a browser.
ip https authentication Specifies authentication methods for HTTPS server users.
ip https certificate Configures the active certificate for HTTPS.
ip https server Enables the device to be configured from a secured browser.
ip https port Configures a TCP port for use by a secure web browser to configure
ip igmp snooping (Global) Enables Internet Group Management Protocol (IGMP) snooping
ip name-server Sets the available name servers.
ip ssh port Specifies the port to be used by the SSH server.
ip ssh pubkey-auth Enables public key authentication for incoming SSH sessions.
command mode.
type interface.
ethernet type interfaces.
channels.
VLANs.
address translation.
unqualified host names.
device.
the device.
50 Command Modes
ip ssh server Enables the device to be configured from a SSH server.
lacp system-priority Configures the system LACP priority.
line Identifies a specific line for configuration and enters the line
configuration command mode.
logging Logs messages to a syslog server.
logging buffered Limits syslog messages displayed from an internal buffer based on
severity.
logging buffered size Changes the number of syslog messages stored in the internal buffer.
logging console Limits messages logged to the console based on severity.
logging file Limits syslog messages sent to the logging file based on severity.
logging on Controls error messages logging.
mac access-list Creates Layer 2 ACLs.
management access-class Defines which management access-list is used.
management access-list Defines a management access-list, and enters the access-list for
configuration.
management logging Enables logging management access list events.
passwords aging Sets the expiration time for passwords in the local database.
passwords history
passwords history hold-time Sets the number of days a password is relevant for tracking its
passwords lockout
passwords min-length Sets the minimum required length for passwords in the local
power inline traps enable
power inline usage-threshold Configures the administrative mode of the inline power on an
priority-queue out num-of­queues
qos Enables Quality of Service (QoS) on the device and enters QoS basic
qos map dscp-queue Modifies the DSCP to CoS map.
qos trust (Global) Configure the system to "trust" state.
radius-server deadtime Improves RADIUS response times when servers are unavailable.
Sets the number of required password changes before a password in the local database can be reused.
password history.
Sets the number of failed login attempts before a user account is locked.
database.
Adds a description of the powered device type attached to the interface.
interface.
Enables the egress queues to be SP queues.
or advance mode.
Command Modes 51
radius-server host Specifies a RADIUS server host.
radius-server key Sets the authentication and encryption key for all RADIUS
radius-server retransmit Specifies the number of times the software searches the list of
radius-server source-ip Specifies the source IP address used for communication with
radius-server timeout Sets the interval for which a device waits for a server host to reply.
rmon alarm Configures alarm conditions.
www.dell.com | support.dell.com
rmon event Configures a RMON event.
rmon table-size Configures the maximum RMON tables sizes.
service cpu-utilization Enables measuring CPU utilization.
snmp-server community Sets up the community access string to permit access to SNMP
snmp-server contact Sets up a system contact.
snmp-server enable traps Enables the device to send SNMP traps or SNMP notifications.
snmp-server engineID local Specifies an SNMP EngineID on the local device.
snmp-server filter Creates and modifies filter entries.
snmp-server group Configures a new SNMP group or a table that maps SNMP users to
snmp-server host Specifies the recipient of Simple Network Management Protocol
snmp-server v3-host Specifies an SNMP v3 notification recipient.
snmp-server location Sets up the information on where the device is located.
snmp-server set Sets SNMP MIB value by the CLI.
snmp-server trap authentication
snmp-server user Configures a new SNMP v3 user.
snmp-server view Creates and modifies view entries.
sntp authenticate Grants authentication for received Simple Network Time Protocol
sntp authentication-key Defines an authentication key for Simple Network Time Protocol
spanning-tree Enables spanning tree functionality.
communications between the device and the RADIUS daemon.
RADIUS server hosts.
RADIUS servers.
protocol.
SNMP views.
notification operation.
Enables the device to send Simple Network Management Protocol traps when authentication failed.
(SNTP) traffic from servers.
(SNTP).
52 Command Modes
spanning-tree bpdu Defines BPDU handling when spanning tree is disabled on an
interface
spanning-tree forward-time Configures the spanning tree bridge forward time.
spanning-tree hello-time Configures the spanning tree bridge Hello Time.
spanning-tree max-age Configures the spanning tree bridge maximum age.
spanning-tree mode Configures the spanning tree protocol.
spanning-tree mst configuration
spanning-tree mst max-hops Configures the number of hops in an MST region before the BDPU is
spanning-tree mst priority Configures the device priority for the specified spanning-tree
spanning-tree pathcost method
spanning-tree priority Configures the spanning tree priority.
stack display-order Configures the display order of the units in a stack.
stack master Forces selection of a stack master.
tacacs-server key Sets the authentication encryption key used for all TACACS+
tacacs-server source-ip Specifies the source IP address that will be used for the
tacacs-server timeout Sets the timeout value.
tacacs-server host Specifies a TACACS+ host.
username Establishes a username-based authentication system.
vlan database Enters the VLAN database configuration mode.
wrr-queue cos-map
Enables configuring an MST region by entering the Multiple Spanning Tree (MST) mode.
discarded and the port information is aged out.
instance.
Sets the default pathcost method.
communications between the device and the TACACS+ daemon.
communication with TACACS+ servers.
Maps CoS values to a specific egress queu
IC (Interface Configuration) Mode
Command Description
back-pressure Enables Back Pressure on a given interface.
bridge multicast forward-all Enables forwarding all multicast frames on a port.
bridge multicast forbidden forward-all
channel-group Associates a port with a Port-channel.
description Adds a description to an interface.
Forbids a port from becoming a forward-all multicast port.
Command Modes 53
dot1x guest-vlan Defines a guest VLAN.
dot1x guest-vlan enable Enables unauthorized users on the interface to access the guest
dot1x max-req Sets the maximum number of times that the device sends an EAP -
dot1x multiple-hosts Allows multiple hosts (clients) on an 802.1x-authorized port, that has
dot1x port-control Enables manual control of the authorization state of the port
www.dell.com | support.dell.com
dot1x re-authentication Enables periodic re-authentication of the client.
dot1x single-host-violation Configures the action to be taken, when a station whose MAC address
dot1x timeout quiet-period Sets the number of seconds that the device remains in the quiet state
dot1x timeout re-authperiod Sets the number of seconds between re-authentication attempts.
dot1x timeout server-timeout Sets the time for the retransmission of packets to the authentication
dot1x timeout supp-timeout Sets the time for the retransmission of an EAP-request frame to the
dot1x timeout tx-period Sets the number of seconds that the device waits for a response to an
duplex Configures the full/half duplex operation of a given ethernet interface
flowcontrol Configures the Flow Control on a given interface.
garp timer Adjusts the GARP application join, leave, and leaveall GARP timer
gvrp enable (Interface) Enables GVRP on an interface.
gvrp registration-forbid De-registers all VLANs, and prevents dynamic VLAN registration on
gvrp vlan-creation-forbid Enables or disables dynamic VLAN creation.
ip address Sets an IP address
ip address dhcp Acquires an IP address on an interface from the DHCP server.
ip internal-usage-vlan Reserves a VLAN as the internal usage VLAN of an interface.
lacp port-priority Configures the priority value for physical ports.
lacp timeout Assigns an administrative LACP timeout.
VLAN.
request/identity frame to the client, before restarting the authentication process.
the dot1x port-control Interface Configuration mode command set to auto.
is not the supplicant MAC address, attempts to access the interface.
following a failed authentication exchange.
server
client.
Extensible Authentication Protocol (EAP) - request/identity frame, from the client, before resending the request.
when not using auto-negotiation.
values.
the port.
54 Command Modes
mdix Enables automatic crossover on a given interface.
name Configures a name to a VLAN.
negotiation Enables auto-negotiation operation for the speed and duplex
parameters of a given interface.
power inline Configures the administrative mode of the inline power on an
interface.
power inline powered-device
power inline priority Displays port monitoring status
port monitor Starts a port monitoring session.
port security Disables new address learning/forwarding on an interface.
port monitor vlan-tagging Transmits tagged ingress mirrored packets.
port security max Configures the maximum number of addresses that may be learned
port security mode Configures the port security learning mode
port security routed secure­address
port storm-control broadcast enable
port storm-control broadcast rate
port storm-control include­multicast
private-vlan community Associates the primary VLAN and community VLANs.
private-vlan isolated Defines the isolated VLAN of the PVLAN.
private-vlan primary Defines the primary PVLAN.
qos cos Configures the default port CoS value.
qos trust (Interface) Enables each port trust state while the system is in basic mode.
rmon collection history Enables a Remote Monitoring (RMON) MIB history statistics group
service-acl Applies an ACL to the input interface.
shutdown Disables interfaces.
sntp client enable (Interface) Enables the Simple Network Time Protocol (SNTP) client on an
spanning-tree cost Configures the spanning tree path cost for a port.
spanning-tree disable Disables spanning tree on a specific port.
Adds a description of the powered device type attached to the interface.
on the port while the port is in port security mode
Adds MAC-layer secure addresses to a routed port.
Enables broadcast storm control.
Configures the maximum broadcast rate.
Enables the device to count multicast packets.
on an interface.
interface.
Command Modes 55
spanning-tree link-type Overrides the default link-type setting.
spanning-tree mst cost Configures the path cost for multiple spanning tree (MST)
spanning-tree mst port­priority
spanning-tree portfast Enables PortFast mode.
spanning-tree port-priority Configures port priority.
speed Configures the speed of a given Ethernet interface when not using
switchport private-vlan Defines the private-vlan port VLANs.
www.dell.com | support.dell.com
LC (Line Configuration) Mode
Command Description
autobaud Configures the line for automatic baud rate detection (autobaud)
enable authentication Specifies the authentication method list when accessing a higher
history Enables the command history function.
history size Configures the command history buffer size for a particular line.
login authentication Specifies the login authentication method list for a remote telnet or
password Specifies a password on a line.
password-aging Sets the expiration time of line passwords in the local database.
speed Configures the baud rate of the line.
calculations.
Configures the priority of a port.
auto-negotiation.
privilege level from a remote telnet or console.
console.
MA (Management Access-level) Mode
Command Description
deny (Management) Defines a deny rule.
permit (Management) Defines a permit rule.
56 Command Modes
MC (MST Configuration) Mode
Command Description
abort (mst) Exits the MST region configuration mode without applying
configuration changes.
exit (mst) Exits the MST region configuration mode and applies all
configuration changes.
instance (mst) Maps VLANs to the MST instance.
name (mst) Defines the configuration name.
revision (mst) Defines the configuration revision number.
show (mst) Displays the current or pending MST region configuration.
ML (MAC Access-List) Mode
Command Description
deny (MAC) Denies traffic if the conditions defined in the permit statement
match.
PE (Privileged EXEC) Mode
Command Description
boot system Specifies the system image that the device loads at startup.
clear arp-cache Deletes all dynamic entries from the ARP cache.
clear bridge Removes any learned entries from the forwarding database.
clear gvrp statistics Clears all the GVRP statistics information.
clear host Deletes entries from the host name-to-address cache
clear host dhcp Deletes entries from the host name-to-address mapping received
from Dynamic Host Configuration Protocol (DHCP).
clear logging Clears messages from the internal logging buffer.
clear logging file Clears messages from the logging file
clear spanning-tree detected­protocols
clock set Manually sets the system clock.
configure Enters the Global Configuration mode.
copy Copies files from a source to a destination.
crypto certificate request Generates and displays certificate requests for HTTPS.
Restarts the protocol migration process on all interfaces or on the specified interface.
Command Modes 57
delete Deletes a file from a Flash memory device.
delete startup-config Deletes the startup-config file.
dir Displays a list of files on a flash file system.
dot1x re-authenticate Manually initiates a re-authentication of all 802.1x-enabled ports or
exit Closes an active terminal session by logging off the device.
login Changes a login username.
more Displays a file.
reload Reloads the operating system.
www.dell.com | support.dell.com
rename Renames a file.
set enable-password active Reactivates a locked local password.
set interface active Reactivates an interface that was suspended by the system.
set line active Reactivates a locked line.
set username active
show access-lists Displays ACLs defined on the device.
show arp Displays entries in the ARP table.
show authentication methods Displays information about the authentication methods.
show bootvar Displays the active system image file that the device loads at startup
show bridge address-table Displays all entries in the bridge-forwarding database.
show bridge address-table count
show bridge multicast address-table
show bridge multicast filtering
show crypto key mypubkey Displays the SSH public keys stored on the device.
show crypto key pubkey-chain ssh
show crypto certificate mycertificate
show crypto slogin key mypubkey
show dot1x Displays 802.1x status for the device or for the specified interface.
show dot1x advanced Displays 802.1x enhanced features for the device or for the specified
the specified 802.1x-enabled port.
Reactivates a locked user account.
Displays the number of addresses present in all VLANs or at specific VLAN.
Displays multicast MAC or IP address table information.
Displays the multicast filtering configuration.
Displays SSH public keys stored on the device.
Displays the SSL certificates of the device
Displays the secure login public key of the device.
interface.
58 Command Modes
show dot1x users Displays 802.1x users for the device.
show dot1x statistics Displays 802.1x statistics for the specified interface.
show fiber-ports optical­transceiver
show hosts Displays the default domain name, a list of name server hosts, the
show interfaces access-lists Displays access lists applied on interfaces.
show interfaces advertise Displays autonegotiation advertisement data.
show interfaces configuration Displays the configuration for all interfaces.
show interfaces counters Displays traffic seen by the physical interface.
show interfaces description Displays the description for all interfaces.
show interfaces port-channel Displays Port-channel information.
show interfaces status Displays the status for all interfaces.
show ip interface Displays the usability status of interfaces configured for IP.
show ip ssh Displays the SSH server configuration.
show logging Displays the state of logging and the syslog messages stored in the
show logging file Displays the state of logging and the syslog messages stored in the
show management access­class
show management access-list Displays management access-lists.
show passwords configuration Displays information about password management.
show ports security Displays the port-lock status.
show ports security addresses Displays current dynamic addresses in locked ports
show ports storm-control Displays the storm control configuration.
show cpu utilization Displays information about the CPU utilization of active processes.
show radius-servers Displays the RADIUS server settings.
show running-config Displays the contents of the currently running configuration file.
show snmp Displays the SNMP status.
show snmp engineid Displays the local SNMP EngineID.
show snmp filters Displays the configuration of SNMP filters.
show snmp groups Displays the configuration of SNMP groups.
show snmp users Displays the configuration of SNMP users.
Displays the optical transceiver diagnostics
static and the cached list of host names and addresses.
internal buffer.
logging file.
Displays the active management access-list.
Command Modes 59
show snmp views Displays the configuration of SNMP views.
show spanning-tree Displays spanning tree configuration.
show startup-config Displays the startup configuration file contents.
show syslog-servers Displays the syslog servers settings.
show tacacs Displays configuration and statistics for a TACACS+ servers.
show users accounts Displays information about the local user database.
show users login-history Displays information about the login history of users.
show vlan internal usage Displays a list of VLANs used internally by the device.
show vlan mac-to-vlan Displays the MAC-to-VLAN database.
www.dell.com | support.dell.com
show vlan private-vlan Displays information about private VLANs.
stack reload Reloads stack members
test copper-port tdr Diagnoses with TDR (Time Domain Reflectometry) technology the
SP (SSH Public Key) Mode
Command Description
key-string Manually specifies a SSH public key.
user-key Specifies which SSH public key is manually configured and enters
quality and characteristics of a copper cable attached to a port.
the SSH public key-string configuration command
UE (User EXEC) Mode
Command Description
clear counters Clears statistics on an interface.
enable Enters the Privileged EXEC mode.
exit Closes an active terminal session by logging off the device.
login Changes a login username.
ping Sends ICMP echo request packets to another node on the network.
show clock Displays the time and date from the system clock.
show copper-ports cable­length
show copper-ports tdr Displays the last TDR (Time Domain Reflectometry) tests on
show gvrp configuration Displays GVRP configuration information.
60 Command Modes
Displays the estimated copper cable length attached to a port.
specified ports.
show gvrp error-statistics Displays GVRP error statistics.
clear gvrp statistics Displays GVRP statistics.
show history Lists the commands entered in the current session.
show ip igmp snooping mrouter
show ip igmp snooping groups
show ip igmp snooping interface
show ip igmp snooping mrouter
show lacp ethernet Displays LACP information for Ethernet ports.
show lacp port-channel Displays LACP information for a port-channel.
show line Displays line parameters.
show ports monitor Displays port monitoring status
show power inline Displays information about inline power.
show privilege Displays the current privilege level.
show qos Displays the QoS status.
show qos interface Assigns CoS values to select one of the egress queues.
show qos map Displays all the maps for QoS.
show rmon alarm Displays alarm configurations.
show rmon alarm-table Displays the alarms table.
show rmon collection history Displays the requested history group configuration.
show rmon events Displays the RMON event table.
show rmon history Displays RMON Ethernet Statistics history.
show rmon log Displays the RMON logging table.
show rmon statistics Displays RMON Ethernet Statistics.
show stack Displays information about stack status.
show system Displays system information.
show system id Displays the service id information.
show users Displays information about the active users.
show version Displays the system version information.
terminal datadump Enables dumping all output of a show command without prompting.
Enables automatic learning of multicast switch ports in the context of a specific VLAN.
Displays multicast groups learned by IGMP snooping.
Displays IGMP snooping configuration.
Displays information on dynamically learned multicast router interfaces.
Command Modes 61
terminal history Enables the command history function for the current
terminal history size Configures the command history buffer size for the current
VC (VLAN Configuration) Mode
Command Description
bridge address Adds a static MAC-layer station source address to the bridge table.
bridge multicast address Registers MAC-layer multicast addresses to the bridge table, and
www.dell.com | support.dell.com
bridge multicast forbidden address
bridge multicast forbidden forward-all
bridge multicast forward-all Enables forwarding of all multicast frames on a port.
ip igmp snooping (Interface) Enables Internet Group Management Protocol (IGMP) snooping on
ip igmp snooping host-time­out
ip igmp snooping leave-time­out
ip igmp snooping mrouter learn-pim-dvmrp
ip igmp snooping mrouter­time-out
mac-to-vlan Adds MAC addresses to the MAC-to-VLAN database.
vlan Creates a VLAN.
dot1x auth-not-req Enables unauthorized users access to that VLAN.
name Configures a name to a VLAN.
terminal session.
terminal session.
adds static ports to the group.
Forbids adding a specific multicast address to specific ports.
Enables forbidding forwarding of all multicast frames to a port.
a specific VLAN.
Configures the host-time-out.
Configures the leave-time-out.
Enables automatic learning of multicast router ports.
Configures the mrouter-time-out.
62 Command Modes
Using the CLI
This chapter describes how to start using the CLI and describes the command editing features to assist in using the CLI.
CLI Command Modes
Introduction
To assist in configuring the device, the Command Line Interface (CLI) is divided into different command modes. Each command mode has its own set of specific commands. Entering a question mark "?" at the system prompt (console prompt) displays a list of commands available for that particular command mode.
From each mode a specific command is used to navigate from one command mode to another. The standard order to access the modes is as follows: User EXEC mode, Privileged EXEC mode, Global Configuration mode, and Interface Configuration mode. The following figure illustrates the command mode access path.
Using the CLI 63
www.dell.com | support.dell.com
When starting a session, the initial mode is the User EXEC mode. Only a limited subset of commands are available in the User EXEC mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required.
The Privileged EXEC mode gives access to commands that are restricted on User EXEC mode and provides access to the device Configuration mode.
The Global Configuration mode manages the device configuration on a global level.
The Interface Configuration mode configures specific interfaces in the device.
User EXEC Mode
After logging into the device, the user is automatically in the User EXEC command mode unless the user is defined as a privileged user. In general, the User EXEC commands allow the user to perform basic tests, and list system information.
64 Using the CLI
The user-level prompt consists of the device host name followed by the angle bracket (>).
Console>
The default host name is Console unless it was changed using the hostname command in the Global Configuration mode.
Privileged EXEC Mode
Privileged access is password protected to prevent unauthorized use because, many of the privileged commands set operating system parameters. The password is not displayed on the screen and is case sensitive.
Privileged users enter directly into the Privileged EXEC mode. To enter the Privileged EXEC mode from the User EXEC mode, perform the following steps:
1
At the prompt enter the appears.
2
Enter the password and press <Enter>. The password is displayed as *. The Privileged EXEC mode prompt is displayed. The Privileged EXEC mode prompt consists of the device host name followed by
Console#
To return from the Privileged EXEC mode to the User EXEC mode, use the disable command. The following example illustrates how to access the Privileged EXEC mode and return to the User EXEC mode:
#
.
enable
command and press <Enter>. A password prompt
Console> enable
Enter Password: ******
Console#
Console# disable
Console>
The exit command is used to return from any mode to the previous mode except when returning to the User EXEC mode from the Privileged EXEC mode. For example, the exit command is used to return from the Interface Configuration mode to the Global Configuration mode.
Using the CLI 65
Global Configuration Mode
Global Configuration mode commands apply to features that affect the system as a whole, rather than just a specific interface. The configure Privileged EXEC mode command is used to enter the Global Configuration mode.
To enter the Global Configuration mode, at the Privileged EXEC mode prompt enter the command configure and press <Enter>. The Global Configuration mode prompt is displayed. The Global Configuration mode prompt consists of the device host name followed by (config) and #.
Console(config)#
www.dell.com | support.dell.com
To return from the Global Configuration mode to the Privileged EXEC mode, the user can use one of the following commands:
exit
•end
Ctrl+Z
The following example illustrates how to access the Global Configuration mode and return to the Privileged EXEC mode:
Console#
Console# configure
Console(config)# exit
Console#
Interface Configuration Mode and Specific Configuration Modes
Interface Configuration mode commands modify specific interface operations. The following are the Interface Configuration modes:
Line Interface
include commands such as line timeout settings, etc. The command is used to enter the Line Configuration command mode.
VLAN Database
Global Configuration mode command is used to enter the VLAN Database Interface Configuration mode.
Management Access List
management access-list
Management Access List Configuration mode.
— Contains commands to configure the management connections. These
line
Global Configuration mode
— Contains commands to create a VLAN as a whole. The
— Contains commands to define management access-lists. The
Global Configuration mode command is used to enter the
vlan database
66 Using the CLI
Ethernet
Global Configuration mode command is used to enter
— Contains commands to manage port configuration. The
the Interface Configuration mode to
interface ethernet
configure an Ethernet type interface.
Port Channel
— Contains commands to configure port-channels, for example, assigning ports to a port-channel. Most of these commands are the same as the commands in the Ethernet interface mode, and are used to manage the member ports as a single entity. The
interface port-channel
Global Configuration mode command is used to enter the Port
Channel Interface Configuration mode.
SSH Public Key-chain
• keys. The
crypto key pubkey-chain ssh
— Contains commands to manually specify other device SSH public
Global Configuration mode command is used to enter
the SSH Public Key-chain Configuration mode.
QoS — Contains commands related to service definitions. The qos Global Configuration mode command is used to enter the QoS services configuration mode.
MAC Access-List— Configures conditions required to allow traffic based on MAC addresses. The mac access-list Global Configuration mode command is used to enter the MAC access-list configuration mode..
Starting the CLI
The device can be managed over a direct connection to the device console port or via a Telnet connection. The device is managed by entering command keywords and parameters at the prompt. Using the device command-line interface (CLI) is very similar to entering commands on a UNIX system.
If access is via a Telnet connection, ensure that the device has a defined IP address, corresponding management access is granted, and the workstation used to access the device is connected to the device prior to using CLI commands.
NOTE: The following steps are for use on the console line only.
To start using the CLI, perform the following steps:
1
Connect the DB9 null-modem or cross over cable to the RS-232 serial port of the device to the RS-232 serial port of the terminal or computer running the terminal emulation application.
NOTE: The default data rate, for Carrier, is 115,200 (Console port on unit shows a default data rate of
9600).
a
Set the data format to 8 data bits, 1 stop bit, and no parity.
b
Set Flow Control to
c
Under
Properties
d
Select
Terminal keys for
Terminal keys (not Windows keys
none
, select
.
VT100 for Emulation
mode.
Function, Arrow, and Ctrl keys
).
. Ensure that the setting is for
Using the CLI 67
NOTICE: When using HyperTerminal with Microsoft® Windows 2000,ensure that Windows® 2000
Service Pack 2 or later is installed.With Windows 2000 Service Pack 2, the arrow keys function properly in HyperTerminal’s VT100 emulation. Go to www.microsoft.com for information on Windows 2000 service packs.
For more information, see
2
Enter the following commands to begin the configuration procedure:
Console> enable
Console# configure
Console(config)#
Configure the device and enter the necessary commands to complete the required tasks.
www.dell.com | support.dell.com
3
4
When finished, exit the session with the
When a different user is required to log onto the system, use the login Privileged EXEC mode command. This effectively logs off the current user and logs on the new user.
Editing Features
Entering Commands
A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command show interfaces status ethernet 1/e11, show, interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/e11 specifies the port.
To enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter:
Console(config)# username admin password alansmith
Dell™ PowerConnect™ 3400 Series User's Guide
exit
command.
.
When working with the CLI, the command options are not displayed. The command is not selected from a menu, but is manually entered. To see what commands are available in each mode or within an interface configuration, the CLI provides a method of displaying the available commands, the command syntax requirements and in some instances, parameters required to complete the command. The standard command to request help is the character ?.
There are two instances where help information can be displayed:
Keyword lookup
commands and corresponding help messages are is displayed.
Partial keyword lookup
• place of a parameter. The matched keyword or parameters for this command are displayed.
68 Using the CLI
— The character ? is entered in place of a command. A list of all valid
— If a command is incomplete and or the character ? is entered in
To assist in using the CLI, there is an assortment of editing features. The following features are described:
Terminal Command Buffer
Command Completion
Keyboard Shortcuts
Copying and Pasting Text
Up to 100 lines of text (i.e., commands) can be copied and pasted into the device.
NOTE: This editing features are for Telnet only.
NOTE: It is the user’s responsibility to ensure that the text copied into the device consists of legal
commands only.
When copying and pasting commands from a configuration file, make sure that the following conditions exist:
A device Configuration mode has been accessed.
The commands contain no encrypted data, like encrypted passwords or keys. Encrypted data cannot be copied and pasted into the device.
Setup Wizard
The CLI supports a Setup Wizard. This is an easy-to-use user interface which quickly guides the user in setting up basic device information, so that the device can be easily managed from a Web Based Interface. Refer to the Getting Started Guide and User Guide for more information on the Setup Wizard.
Terminal Command Buffer
Every time a command is entered in the CLI, it is recorded on an internally managed Command History buffer. Commands stored in the buffer are maintained on a First In First Out (FIFO) basis. These commands can be recalled, reviewed, modified, and reissued. This buffer is not preserved across device resets.
Keyword Description
Up-arrow key Ctrl+P
Down-arrow key Returns to more recent commands in the history buffer after recalling
By default, the history buffer system is enabled, but it can be disabled at any time. For information about the command syntax to enable or disable the history buffer, see history.
Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall successively older commands.
commands with the up-arrow key. Repeating the key sequence will recall successively more recent commands.
Using the CLI 69
There is a standard default number of commands that are stored in the buffer. The standard number of 10 commands can be increased to 216. By configuring 0, the effect is the same as disabling the history buffer system. For information about the command syntax for configuring the command history buffer, see history size.
To display the history buffer, see show history.
Negating the Effect of Commands
For many configuration commands, the prefix keyword no can be entered to cancel the effect of a command or reset the configuration to the default value. This guide describes the negation effect for all applicable commands.
www.dell.com | support.dell.com
Command Completion
An appropriate error message displays if the entered command is incomplete or invalid; or has missing or invalid parameters. This assists in entering the correct command.
Keyboard Shortcuts
The CLI has a range of keyboard shortcuts to assist in editing the CLI commands. The following table describes the CLI shortcuts.
Keyboard Key Description
Up-arrow key Recalls commands from the history buffer, beginning with the most recent
Down-arrow key Returns the most recent commands from the history buffer after recalling
Ctrl+A Moves the cursor to the beginning of the command line.
Ctrl+E Moves the cursor to the end of the command line.
Ctrl+Z / End Returns back to the Privileged EXEC mode from any configuration mode.
Backspace key Deletes one character left to the cursor position.
command. Repeat the key sequence to recall successively older commands.
commands with the up arrow key. Repeating the key sequence will recall successively more recent commands.
70 Using the CLI
CLI Command Conventions
When entering commands there are certain command entry standards that apply to all commands. The following table describes the command conventions.
Convention Description
[ ] In a command line, square brackets indicate an optional entry.
{ } In a command line, curly brackets indicate a selection of compulsory
parameters separated by the | character. One option must be selected. For example, flowcontrol {auto|on|off} means that for the flowcontrol command either auto, on or off must be selected.
Italic font Indicates a parameter.
<Enter> Indicates an individual key on the keyboard. For example, <Enter>
indicates the Enter key.
Ctrl+F4 Any combination of keys pressed simultaneously on the keyboard.
Screen Display
all
Indicates system messages and prompts appearing on the console.
When a parameter is required to define a range of ports or parameters and
all
is an option, the default for the command is
defined. For example, the command
interface range port-channel
option of either entering a range of channels, or selecting command is entered without a parameter, it automatically defaults to
all
when no parameters are
has the
all
. When the
all
.
Using the CLI 71
www.dell.com | support.dell.com
72 Using the CLI
AAA Commands
aaa authentication login
The aaa authentication login Global Configuration mode command defines login authentication. To return to the default configuration, use the no form of this command.
Syntax
aaa authentication login {default | list-name} method1 [method2
...]
no aaa authentication login {default | list-name
default
Keyword Description
enable Uses the enable password for authentication.
line Uses the line password for authentication.
local Uses the local username database for authentication.
none Uses no authentication.
radius Uses the list of all RADIUS servers for authentication.
tacacs Uses the list of all TACACS+ servers for authentication.
Default Configuration
The local user database is checked. This has the same effect as the command
authentication login default local
NOTE: On the console, login succeeds without any authentication check if the authentication method is
not defined.
— Uses the listed authentication methods that follow this argument as the
default list of methods when a user logs in.
list-name
when a user logs in. (Range: 1-12 characters).
method1 [method2
— Character string used to name the list of authentication methods activated
...] — Specify at least one from the following table:
.
}
aaa
Command Mode
Global Configuration mode
AAA Commands 73
User Guidelines
The default and optional list names created with the used with the
login authentication
Create a list by entering the particular protocol, where
list-name
command.
aaa authentication login
is any character string used to name this list. The
aaa authentication login
list-name method
command for a
command are
method
argument identifies the list of methods that the authentication algorithm tries, in the given sequence.
The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify
none
as the final method in the command line.
www.dell.com | support.dell.com
Example
The following example configures the authentication login, so that user authentication is performed as follows: Authentication is attempted at the RADIUS server. If the RADIUS server is not available, authentication is attempted at the local user database. If there is no database, then no authentication is performed.
Console(config)# aaa authentication login radius local none
aaa authentication enable
The aaa authentication enable Global Configuration mode command defines authentication method lists for accessing higher privilege levels. To return to the default configuration, use the no form of this command.
Syntax
aaa authentication enable {default | list-name} method1 [method2
no aaa authentication enable {default | list-name
default
default list of methods, when using higher privilege levels.
list-name
when using access higher privilege levels (Range: 1-12 characters).
method1 [method2
...]
}
— Uses the listed authentication methods that follow this argument as the
— Character string used to name the list of authentication methods activated,
...] — Specify at least one from the following table:
Keyword Description
enable Uses the enable password for authentication.
line Uses the line password for authentication.
none Uses no authentication.
74 AAA Commands
radius Uses the list of all RADIUS servers for authentication. Uses username
$enabx$., where x is the privilege level.
tacacs Uses the list of all TACACS+ servers for authentication. Uses username
"$enabx$." where x is the privilege level.
Default Configuration
If the
default
the command
list is not set, only the enable password is checked. This has the same effect as
aaa authentication enable default enable
.
On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has the same effect as using the command
enable none
Command Mode
.
aaa authentication enable default
Global Configuration mode
User Guidelines
The default and optional list names created with the used with the
enable authentication
command.
aaa authentication enable
command are
The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify
•All
aaa authentication enable default
none
as the final method in the command line.
requests sent by the device to a RADIUS or TACACS+
server include the username $enabx$., where x is the requested privilege level.
Example
The following example sets the enable password for authentication when accessing higher privilege levels.
Console(config)# aaa authentication enable default enable
login authentication
The login authentication Line Configuration mode command specifies the login authentication method list for a remote telnet or console. To return to the default configuration specified by the aaa authentication login command, use the no form of this command.
AAA Commands 75
Syntax
login authentication {default
no login authentication
default
list-name
Default Configuration
Uses the default set with the command
Command Mode
www.dell.com | support.dell.com
Line Configuration mode
User Guidelines
Changing login authentication from default to another value may disconnect the telnet session.
Example
The following example specifies the default authentication method for a console.
Console(config)# line console
Console(config-line)# login authentication default
|
list-name
— Uses the default list created with the
— Uses the indicated list created with the
}
aaa authentication login
aaa authentication login
aaa authentication login
.
command.
command.
enable authentication
The enable authentication Line Configuration mode command specifies the authentication method list when accessing a higher privilege level from a remote telnet or console. To return to the default configuration specified by the aaa authentication enable command, use the no form of this command.
Syntax
enable authentication {default
no enable authentication
default
list-name
command.
Default Configuration
Uses the default set with the
76 AAA Commands
|
list-name
— Uses the default list created with the
— Uses the indicated list created with the
aaa authentication enable
}
aaa authentication enable
aaa authentication enable
command.
command.
Command Mode
Line Configuration mode
User Guidelines
There are no user guidelines for this command.
Example
The following example specifies the default authentication method when accessing a higher privilege level from a console.
Console(config)# line console
Console(config-line)# enable authentication default
ip http authentication
The ip http authentication Global Configuration mode command specifies authentication methods for HTTP server users. To return to the default configuration, use the no form of this command.
Syntax
ip http authentication
no ip http authentication
method1 [method2
method1 [method2
...]
...] — Specify at least one from the following table:
Keyword Description
local Uses the local username database for authentication.
none Uses no authentication.
radius Uses the list of all RADIUS servers for authentication.
tacacs Uses the list of all TACACS+ servers for authentication.
Default Configuration
The local user database is checked. This has the same effect as the command
authentication local
Command Mode
.
Global Configuration mode
ip http
AAA Commands 77
User Guidelines
The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify
Example
The following example configures the HTTP authentication.
Console(config)# ip http authentication radius local
ip https authentication
www.dell.com | support.dell.com
The ip https authentication Global Configuration mode command specifies authentication methods for HTTPS server users. To return to the default configuration, use the no form of this command.
Syntax
ip https authentication
no ip https authentication
method1 [method2
Keyword Source or destination
local Uses the local username database for authentication.
none Uses no authentication.
radius Uses the list of all RADIUS servers for authentication.
tacacs Uses the list of all TACACS+ servers for authentication.
none
as the final method in the command line.
method1 [method2
...]
...] — Specify at least one from the following table:
Default Configuration
The local user database is checked. This has the same effect as the command
authentication local
Command Mode
Global Configuration mode
User Guidelines
The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify
78 AAA Commands
.
none
as the final method in the command line.
ip https
Example
The following example configures HTTPS authentication.
Console(config)# ip https authentication radius local
show authentication methods
The show authentication methods Privileged EXEC mode command displays information about the authentication methods.
Syntax
show authentication methods
Default Configuration
This command has no default configuration.
Command Mode
Privileged EXEC mode
User Guidelines
There are no user guidelines for this command.
Example
The following example displays the authentication configuration.
Console# sh authentication methods
Login Authentication Method Lists
---------------------------------
Console_Default: None
Network_Default:
Enable Authentication Method Lists
----------------------------------
Console_Default:
Network_Default:
Local
Enable, None
Enable
AAA Commands 79
Line Login Method List Enable Method List
-------------- ----------------- ------------------
Console Default Default
Telnet Default Default
SSH Default Default
http : Local
https : Local
www.dell.com | support.dell.com
dot1x :
console#
password
The password Line Configuration mode command specifies a password on a line. To remove the password, use the no form of this command.
Syntax
password
no password
password
encrypted
configuration.
password [encrypted
— Password for this level (Range: 1-159 characters).
— Encrypted password to be entered, copied from another device
]
Default Configuration
No password is defined.
Command Mode
Line Configuration mode
User Guidelines
If a password is defined as encrypted, the required password length is 32 characters.
Example
The following example specifies password secret on a console.
Console(config)# line console
Console(config-line)# password secret
80 AAA Commands
enable password
The enable password Global Configuration mode command sets a local password to control access to user and privilege levels. To remove the password requirement, use the no form of this command.
Syntax
enable password [level
level] password [encrypted
]
no enable password [level
password
level
(Range: 1-15).
encrypted
Default Configuration
No enable password is defined.
Command Mode
Global Configuration mode
User Guidelines
There are no user guidelines for this command.
Example
The following example sets local level 15 password secret to control access to privilege levels.
Console(config)# enable password level 15 secret
— Password for this level (Range: 1-159 characters).
— Level for which the password applies. If not specified the level is 15
— Encrypted password entered, copied from another device configuration.
level
]
username
The username Global Configuration mode command creates a user account in the local database. To remove a user name, use the no form of this command.
Syntax
username
no username
name [password password
name
name
— The name of the user (Range: 1- 20 characters).
password
level
encrypted
— The authentication password for the user (Range: 1-159 characters).
— The user level (Range: 1-15).
— Encrypted password entered, copied from another device configuration.
] [
level level
] [
encrypted
]
AAA Commands 81
Default Configuration
No user is defined.
Command Mode
Global Configuration mode
User Guidelines
User account can be created without a password.
Example
The following example configures user bob with password lee and user level 15 to the system.
www.dell.com | support.dell.com
Console(config)# username bob password lee level 15
passwords min-length
The passwords min-length Global Configuration mode command sets the minimum length required for passwords in the local database. To remove the minimum password length requirement, use the no form of this command.
Syntax
passwords min-length length
no passwords min-length
length
Default Configuration
No minimum password length.
Command Mode
Global Configuration mode
User Guidelines
Relevant to local user passwords, line passwords, and enable passwords.
The software checks the password length when an unencrypted password is defined or a user enters an unencrypted password when logging in.
NOTE: The length of encrypted passwords is only checked when the user logs in. Similarly, the length of
passwords that were defined before the minimum password length requirement was configured are checked only when the user logs in.
82 AAA Commands
— The minimum length required for passwords. (Range: 8-64 characters)
Example
The following example configures a minimum length of 8 characters required for passwords in the local database.
Console(config)# passwords min-length 8
passwords aging
The passwords aging Global Configuration mode command sets the expiration time of username and enable passwords. To remove the password expiration time, use the no form of this command.
Syntax
passwords aging username
name days
no passwords aging username
passwords aging enable-password
no passwords aging enable-password
days—
The number of days before a password expires. (Range: 1-365)
name
— The name of the user (Range: 1- 20 characters).
level
— The level to which the password applies (Range: 1-15).
Default Configuration
No password expiration time.
Command Mode
Global Configuration mode
User Guidelines
Relevant to local user passwords, line passwords, and enable passwords.
The password expiration date is calculated from the day the password is defined, and not from the day aging time is defined.
Ten days before the password expiration date, the user receives a syslog warning to change the password within "n" days. These warnings continue until the password expiration date.
After the password expiration date, the user receives three chances to log in and change the password. If the user still does not change the password, the account is locked.
It is recommended that local device time be updated using an external SNTP clock.
name
level days
level
AAA Commands 83
Example
The following example sets the expiration time of the level 15 enable password to 180 days.
Console (config)# passwords aging enable-password 15 180
password-aging
The password-aging Line Configuration mode command configures the expiration time of line passwords in the local database. To return to the default configuration, use the no form of this command.
www.dell.com | support.dell.com
Syntax
password-aging
no password-aging
days—
Default Configuration
No password expiration time.
Command Mode
Line Configuration mode
User Guidelines
The password expiration date is calculated from the day the password is defined, and not from the day aging time is defined.
Ten days before the password expiration date, the user receives a warning to change the password within "n" days. These warnings continue until the password expiration date.
After the password expiration date, the user receives three chances to log in and change the password. If the user still does not change the password, the account is locked.
Example
The following example configures password aging to 120 days.
Console(config)# line telnet
days
The number of days before a password expires (Range: 1-365).
Console(config-line)# password-aging 120
84 AAA Commands
passwords history
The passwords history Global Configuration mode command sets the number of required password changes before a password in the local database can be reused. To remove this requirement, use the no form of this command.
Syntax
passwords history
no passwords history
number—
reused. (Range: 1-10).
Default Configuration
No required number of password changes before reusing a password.
Command Mode
Global Configuration mode
User Guidelines
Relevant to local user passwords, line passwords, and enable passwords.
Password history is not checked during the configuration download.
Password history is saved even if the feature is disabled.
A user’s password history is saved as long as the user is defined.
If the user enters a password that is identical to the previously used one, the password is not included in the password history count. This is required to enable the user to modify privilege level or aging, without having to change passwords.
number
Indicates the required number of password changes before a password can be
Example
The following example configures the required number of password changes before a password can be reused to 3.
Console(config)# passwords history 3
passwords history hold-time
The passwords history hold-time Global Configuration mode command configures the number of days a password is relevant for tracking its password history. To return to the default configuration, use the no form of this command.
AAA Commands 85
Syntax
passwords history hold-time
no passwords hold-time
days—
(Range: 1-product specific).
Default Configuration
Not enabled.
Command Mode
Global Configuration mode
www.dell.com | support.dell.com
User Guidelines
Relevant to local user passwords, line passwords, and enable passwords.
Passwords are not deleted from the history database when they are no longer relevant for tracking purposes. Increasing the number of days a password is relevant, for tracking purposes, may make a password, that is no longer relevant for tracking purposes, relevant again.
Example
The following example configures the number of days that a password is relevant for tracking its password history to 120.
Console(config)# passwords history hold-time 120
days
Number of days a password is relevant for tracking its password history
passwords lockout
The passwords lockout Global Configuration mode command sets the number of failed login attempts before a user account is locked. To remove this condition, use the no form of this command.
Syntax
passwords lockout
no passwords lockout
number—
Default Configuration
No locked user account due to failed login attempts.
Command Mode
Global Configuration mode
86 AAA Commands
number
Number of failed login attempts before the user account is locked (Range: 1-5).
User Guidelines
Relevant to local user passwords, line passwords, and enable passwords.
The user account can still access the local console.
A different administrator, with privilege level 15, can release a locked account by using the
username active
Example
The following example configures the number of failed login attempts before a user account is locked to 3.
Console(config)# passwords lockout 3
command.
set
aaa login-history file
The aaa login-history file Global Configuration mode command enables writing to the login history file. To disable writing to the file, use the no form of this command.
Syntax
aaa login-history file
no aaa login-history file
Default Configuration
Writing to the login history file is enabled.
Command Mode
Global Configuration mode
User Guidelines
The login history is also saved in the internal buffer of the device.
Example
The following example enables writing to the login history file.
Console(config)# aaa login-history file
AAA Commands 87
set username active
The set username active Privileged EXEC mode command reactivates a locked user account.
Syntax
set username
name—
Default Configuration
This command has no default configuration.
name
active
Name of the user (Range: 1-20 characters).
www.dell.com | support.dell.com
Command Mode
Privileged EXEC mode
User Guidelines
A locked user account can be reactivated from the local console.
A different user, with privilege level 15, can reactivate a locked user account from any remote or local connection.
Example
The following example reactivates a suspended user with username bob.
Console# set username bob active
set line active
The set line active Privileged EXEC mode command reactivates a locked line.
Syntax
set line {console | telnet | ssh} active
console
telnet
ssh
—Virtual terminal for secured remote console access (SSH).
—Console terminal line.
—Virtual terminal for remote console access (Telnet).
Default Configuration
This command has no default configuration.
Command Mode
Privileged EXEC mode
88 AAA Commands
User Guidelines
There are no user guidelines for this command.
Example
The following example reactivates the line for a virtual terminal for remote console access.
Console# set line telnet active
set enable-password active
The set enable-password active Privileged EXEC mode command reactivates a locked enable password.
Syntax
set enable-password
level
—The user level (Range: 1 -15).
Default Configuration
This command has no default configuration.
Command Mode
Privileged EXEC mode
User Guidelines
There are no user guidelines for this command.
level
active
Example
The following example reactivates a locked level 15 enable password.
Console# set enable-password 15 active
show passwords configuration
The show passwords configuration Privileged EXEC mode command displays information about password management.
Syntax
show passwords configuration
Default Configuration
This command has no default configuration.
AAA Commands 89
Command Mode
Privileged EXEC mode
User Guidelines
There are no user guidelines for this command.
Example
The following example displays information about password management in the local database.
Console# show passwords configuration
Minimal length: 8
www.dell.com | support.dell.com
History: 10
History hold time: 365 days
Lock-out: Disabled
Enable Passwords
Level Aging Expiry date Lockout
----- ----- ----------- -------
1 90 Jan 18 2005 1
15 90 Jan 18 2005 0
Line Passwords
Level Aging Expiry date Lockout
----- ----- ----------- -------
Console - - -
Telnet 90 Jan 18 2005 LOCKOUT
SSH 90 Jan 21 2005 0
90 AAA Commands
The following table describes significant fields shown above.
Field Description
Minimal length Minimum length required for passwords in the local database.
History Number of required passwords changes before a password in the local
database can be reused.
History hold time Period of time that a password is relevant for tracking password history.
Lockout control Control locking a user account after a series of authentication failures.
Enable passwords Describes the configuration and status of a local password with a specific
level.
Aging Password expiration time in days.
Expiry date Expiration date of a password.
Lockout If lockout control is enabled, specifies the number of failed authentication
attempts since the user last logged in successfully. If the user account is locked, specifies LOCKOUT.
Line Passwords Describes the configuration and status of a specific line password.
show users login-history
The show users login-history Privileged EXEC mode command displays information about the login history of users.
Syntax
show users login-history [username
name—
Default Configuration
Name of the user (Range: 1-20 characters).
This command has no default configuration.
Command Mode
Privileged EXEC mode
User Guidelines
There are no user guidelines for this command.
name
]
AAA Commands 91
Example
The following example displays the login history of users.
Console# show users login-history
Login Time Username Protocol Location
-------------- -------- -------- --------
Jan 18 2004 23:58:17 Robert HTTP 172.16.1.8
Jan 19 2004 07:59:23 Robert HTTP 172.16.0.8
www.dell.com | support.dell.com
Jan 19 2004 08:23:48 Bob Serial
Jan 19 2004 08:29:29 Robert HTTP 172.16.0.8
Jan 19 2004 08:42:31 John SSH 172.16.0.1
Jan 19 2004 08:49:52 Betty Telnet 172.16.1.7
show users accounts
The show users accounts Privileged EXEC mode command displays information about the local user database.
Syntax
show users accounts
Default Configuration
This command has no default configuration.
Command Mode
Privileged EXEC mode
User Guidelines
There are no user guidelines for this command.
92 AAA Commands
Example
The following example displays the local users configured with access to the system.
Console# show users accounts
Username Privilege Password
Aging
Password Expiry date
Lockout
-------- --------- -------- ----------- -------
Bob 1 120 Jan 21 2005 -
Admin 15 120 Jan 21 2005 -
The following table describes significant fields shown above.
Field Description
Username Name of the user.
Privilege User’s privilege level.
Password Aging User’s password expiration time in days.
Password Expiry Date Expiration date of the user’s password.
Lockout If lockout control is enabled, specifies the number of failed authentication
attempts since the user last logged in successfully. If the user account is locked, specifies LOCKOUT.
AAA Commands 93
www.dell.com | support.dell.com
94 AAA Commands
ACL Commands
mac access-list
The mac access-list Global Configuration mode command creates Layer 2 ACLs. To delete an ACL, use the no form of this command.
Syntax
mac access-list
name
no mac access-list
name
Default Configuration
The default for all ACLs is permit all.
Command Mode
Global Configuration mode
User Guidelines
There are no user guidelines for this command.
Example
The following example shows how to create a MAC ACL.
Console(config)# mac access-list macl-1
Console(config-mac-al)#
—Specifies the name of the ACL.
name
deny (MAC)
The deny MAC-Access List Configuration mode command denies traffic if the conditions defined in the deny statement match.
Syntax
deny
destination
destination — Specifies the MAC address of the host to which the packet is being sent.
ACL Commands 95
Default Configuration
This command has no default configuration.
Command Mode
MAC-Access List Configuration mode
User Guidelines
MAC BPDU packets cannot be denied.
Each MAC address in the ACL is a ACE (Access Control Element) and can only be removed by deleting the ACL using the the Web-based interface.
www.dell.com | support.dell.com
Example
The following example shows how to create a MAC ACL with rules.
Console(config)# mac access-list macl-1
Console (config-mac-acl)# deny 66:66:66:66:66:66
Console(config-mac-acl)# exit
Console(config)#
service-acl
no mac access-list
Global Configuration mode command or
The service-acl Interface (VLAN) Configuration mode command applies an ACL to the input interface. To detach an ACL from an input interface, use the no form of this command.
Syntax
service-acl input acl-name
no service-acl input
Default Configuration
This command has no default configuration.
Command Mode
Interface (VLAN) Configuration mode
User Guidelines
There are no user guidelines for this command.
96 ACL Commands
acl-name
—Specifies the ACL to be applied to the input interface.
Example
The following example, binds (services) an ACL to VLAN 2.
Console(config)# interface vlan 2
Console(config-if)# service-acl input macl-1
show access-lists
The show access-lists Privileged EXEC mode command displays access control lists (ACLs) defined on the device.
Syntax
show access-lists [name
name
Default Configuration
This command has no default configuration.
Command Mode
Privileged EXEC mode
User Guidelines
There are no user guidelines for this command.
—Name of the ACL.
]
Examples
The following example displays the access lists.
Console# show access-lists
MAC access list macl-1
deny host 66:66:66:66:66:66
show interfaces access-lists
The show interfaces access-lists Privileged EXEC mode command displays access lists applied on interfaces.
Syntax
show interfaces access-lists [vlan
vlan-id
—VLAN number.
vlan-id
]
ACL Commands 97
Default Configuration
This command has no default configuration.
Command Mode
Privileged EXEC mode
User Guidelines
There are no user guidelines for this command.
Examples
The following example displays an ACLs applied on the device interfaces:
www.dell.com | support.dell.com
Console# show interfaces access-lists
Interface Input ACL
--------- ----------
VLAN 2 ACL1
VLAN 10 ACL3
98 ACL Commands
Address Table Commands
bridge address
The bridge address Interface Configuration (VLAN) mode command adds a MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of this command.
Syntax
bridge address
[
permanent
mac-address {ethernet interface | port-channel
|
delete-on-reset
|
delete-on-timeout
|
secure
port-channel-number
]
}
no bridge address [mac-address
mac-address
interface —
port-channel-number —
permanent —
delete-on-reset
delete-on-timeout —
secure security
locked mode.
Default Configuration
No static addresses are defined. The default mode for an added address is
Command Mode
Interface Configuration (VLAN) mode
User Guidelines
•Using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN.
— A valid MAC address.
A valid Ethernet port.
The address can only be deleted by the
— The address is deleted after reset.
— The address is deleted after the port changes mode to unlock learning (
command). This parameter is only available when the port is in the learning
]
A valid port-channel number.
no bridge address
The address is deleted after "age out" time has expired.
command.
permanent
no port
.
Address Table Commands 99
Example
The following example adds a permanent static MAC-layer station source address 3aa2.64b3.a245 on port 1/e16 to the bridge table.
Console(config)# interface vlan 2
Console(config-if)# bridge address 3aa2.64b3.a245 ethernet 1/e16
permanent
bridge multicast filtering
The bridge multicast filtering Global Configuration mode command enables filtering multicast
www.dell.com | support.dell.com
addresses. To disable filtering multicast addresses, use the no form of this command.
Syntax
bridge multicast filtering
no bridge multicast filtering
Default Configuration
Filtering multicast addresses is disabled. All multicast addresses are flooded to all ports.
Command Mode
Global Configuration mode
User Guidelines
If multicast routers exist on the VLAN, do not change the unregistered multicast addresses state to drop on the switch ports.
If multicast routers exist on the VLAN and IGMP-snooping is not enabled, use the
multicast forward-all
switches.
bridge
command to enable forwarding all multicast packets to the multicast
Example
In this example, bridge multicast filtering is enabled.
Console(config)# bridge multicast filtering
100 Address Table Commands
Loading...