Dell PowerConnect 5316M Quick Reference Guide

Download

Dell™ PowerConnect™ 5316M

CLI Reference Guide

www.dell.com | support.dell.com

Notes, Notices, and Cautions

NOTE: A NOTE indicates important information that helps you make better use of your devices.

NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to

avoid the problem.

CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death.

____________________

Reproduction in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. Trademarks used in this text: Dell, the DELL logo, and PowerConnect are trademarks of Dell Inc. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or

their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.

September 2006 Rev. A01

1 Command Groups

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Command Groups

AAA Commands

Address Table Commands

Clock Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

. . . . . . . . . . . . . . . . . . . . . . . . . . . 3

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Configuration and Image Files Commands

Ethernet Configuration Commands

GVRP Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

IGMP Snooping Commands

IP Addressing

LACP Commands

Line Commands

LLDP Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Management ACL Commands

PHY Diagnostics Commands

Port Channel Commands

Port Monitor Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . 12

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

. . . . . . . . . . . . . . . . . . . . . . 6

. . . . . . . . . . . . . . . . . . . . . . . . . . 8

. . . . . . . . . . . . . . . . . . . . . . . . . 11

. . . . . . . . . . . . . . . . . . . . . . . . . . 11

. . . . . . . . . . . . . . . . . . . 5

QoS Commands

Radius Commands

RMON Commands

SNMP Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Spanning Tree Commands

SSH Commands

Syslog Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

. . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Contents 3

System Management Commands . . . . . . . . . . . . . . . . . . . . . . . 19

TACACS Commands

User Interface Commands

VLAN Commands

Web Server Commands

802.1x Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

. . . . . . . . . . . . . . . . . . . . . . . . . . . 20

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2 Command Modes

GC (Global Configuration) Mode . . . . . . . . . . . . . . . . . . . . . . . . 25

IC (Interface Configuration) Mode

LC (Line Configuration) Mode

MA (Management Access-level) Mode

PE (Privileged EXEC) Mode

SP (SSH Public Key) Mode

UE (User EXEC) Mode

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

VC (VLAN Configuration) Mode

. . . . . . . . . . . . . . . . . . . . . . . 28

. . . . . . . . . . . . . . . . . . . . . . . . . 30

. . . . . . . . . . . . . . . . . . . . 31

. . . . . . . . . . . . . . . . . . . . . . . . . . 31

. . . . . . . . . . . . . . . . . . . . . . . . . . 33

. . . . . . . . . . . . . . . . . . . . . . . . 34

3 Using the CLI

4 Contents

CLI Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Introduction User EXEC Mode Privileged EXEC Mode Global Configuration Mode

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

. . . . . . . . . . . . . . . . . . . . . . . . . . 38

. . . . . . . . . . . . . . . . . . . . . . . . 39

Interface Configuration Mode and Specific Configuration Modes. . . . . 40

Starting the CLI

Editing Features

Terminal Command Buffer Negating the Effect of Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

. . . . . . . . . . . . . . . . . . . . . . . . 43

. . . . . . . . . . . . . . . . . . . . 43

Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Keyboard Shortcuts

. . . . . . . . . . . . . . . . . . . . . . . . . . . 44

CLI Command Conventions . . . . . . . . . . . . . . . . . . . . . . . . 44

4 AAA Commands

aaa authentication login. . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

aaa authentication enable

enable authentication

ip http authentication

ip https authentication

show authentication methods

password

enable password

username

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

show users accounts

. . . . . . . . . . . . . . . . . . . . . . . . . . . 48

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

. . . . . . . . . . . . . . . . . . . . . . . . . 52

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

5 Address Table Commands

bridge address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

bridge multicast filtering

bridge multicast address

bridge multicast forbidden address

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

. . . . . . . . . . . . . . . . . . . . . . . . . . . 58

. . . . . . . . . . . . . . . . . . . . . . 60

bridge multicast forward-all

. . . . . . . . . . . . . . . . . . . . . . . . . . 61

bridge multicast forbidden forward-all

bridge aging-time

clear bridge

port security

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

port security routed secure-address

show bridge address-table

. . . . . . . . . . . . . . . . . . . . . . . . . . 65

. . . . . . . . . . . . . . . . . . . . . 61

. . . . . . . . . . . . . . . . . . . . . 64

Contents 5

show bridge address-table static . . . . . . . . . . . . . . . . . . . . . . . 66

show bridge address-table count

show bridge multicast address-table

show bridge multicast filtering

show ports security

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

. . . . . . . . . . . . . . . . . . . . . . . 67

. . . . . . . . . . . . . . . . . . . . . 68

. . . . . . . . . . . . . . . . . . . . . . . . 70

6 Clock

clock set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

clock source

clock timezone

clock summer-time

sntp authentication-key

sntp authenticate

sntp trusted-key

sntp client poll timer

sntp broadcast client enable

sntp anycast client enable

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

. . . . . . . . . . . . . . . . . . . . . . . . . 79

. . . . . . . . . . . . . . . . . . . . . . . . . . . 80

7 Configuration and Image Files

6 Contents

sntp client enable (interface)

sntp unicast client enable

sntp unicast client poll

sntp server

show clock

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

show sntp configuration

show sntp status

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

. . . . . . . . . . . . . . . . . . . . . . . . . 80

. . . . . . . . . . . . . . . . . . . . . . . . . . . 81

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

delete startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

copy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

boot system

show running-config

show startup-config

show backup-config

show bootvar

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

8 Ethernet Configuration Commands

interface ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

interface range ethernet

shutdown

description

speed

duplex

negotiation

flowcontrol

mdix

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

. . . . . . . . . . . . . . . . . . . . . . . . . . . 99

back-pressure

port jumbo-frame

clear counters

set interface active

show interfaces configuration

show interfaces status

show interfaces description

show interfaces counters

show ports jumbo-frame

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

. . . . . . . . . . . . . . . . . . . . . . . . 107

. . . . . . . . . . . . . . . . . . . . . . . . . . . 109

. . . . . . . . . . . . . . . . . . . . . . . . . 111

. . . . . . . . . . . . . . . . . . . . . . . . . . 112

. . . . . . . . . . . . . . . . . . . . . . . . . . 115

port storm-control include-multicast

. . . . . . . . . . . . . . . . . . . . 116

Contents 7

port storm-control broadcast enable . . . . . . . . . . . . . . . . . . . . 117

port storm-control broadcast rate

show ports storm-control

nic-redundancy

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

show nic-redundancy

. . . . . . . . . . . . . . . . . . . . . . . . . . 118

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

. . . . . . . . . . . . . . . . . . . . . . 117

9 GVRP Commands

gvrp enable (global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

gvrp enable (interface)

garp timer

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

gvrp vlan-creation-forbid

gvrp registration-forbid

clear gvrp statistics

show gvrp configuration

show gvrp statistics

show gvrp error-statistics

. . . . . . . . . . . . . . . . . . . . . . . . . . . 121

. . . . . . . . . . . . . . . . . . . . . . . . . . 123

. . . . . . . . . . . . . . . . . . . . . . . . . . . 124

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

. . . . . . . . . . . . . . . . . . . . . . . . . . . 125

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

. . . . . . . . . . . . . . . . . . . . . . . . . . 127

10 IGMP Snooping Commands

8 Contents

ip igmp snooping (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . 129

ip igmp snooping

ip igmp snooping mrouter learn-pim-dvmrp

ip igmp snooping host-time-out

ip igmp snooping mrouter-time-out

ip igmp snooping leave-time-out

show ip igmp snooping mrouter

show ip igmp snooping interface

show ip igmp snooping groups

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

. . . . . . . . . . . . . . . . . 130

. . . . . . . . . . . . . . . . . . . . . . . 130

. . . . . . . . . . . . . . . . . . . . . 131

. . . . . . . . . . . . . . . . . . . . . . . 132

. . . . . . . . . . . . . . . . . . . . . . . 133

. . . . . . . . . . . . . . . . . . . . . . 133

. . . . . . . . . . . . . . . . . . . . . . . 134

11 IP Addressing Commands

clear host dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

ip address

ip address dhcp

ip default-gateway

show ip interface

arp

arp timeout

clear arp-cache

show arp

ip domain-lookup

ip domain-name

ip name-server

ip host

clear host

show hosts

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

12 LACP Commands

lacp system-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

lacp port-priority

lacp timeout

show lacp ethernet

show lacp port-channel

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

. . . . . . . . . . . . . . . . . . . . . . . . . . . 153

13 Line Commands

line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

exec-timeout

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Contents 9

show line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

14 LLDP Commands

lldp enable (global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

lldp enable (interface)

lldp timer

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

lldp hold-multiplier

lldp reinit-delay

lldp tx-delay

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

lldp optional-tlv

lldp management-address

clear lldp rx

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

show lldp configuration

show lldp local

show lldp neighbors

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

. . . . . . . . . . . . . . . . . . . . . . . . . . 164

. . . . . . . . . . . . . . . . . . . . . . . . . . . 165

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

15 Management ACL

management access-list . . . . . . . . . . . . . . . . . . . . . . . . . . 169

permit (management)

deny (management)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

16 PHY Diagnostics Commands

10 Contents

management access-class

show management access-list

show management access-class

. . . . . . . . . . . . . . . . . . . . . . . . . 172

. . . . . . . . . . . . . . . . . . . . . . . 173

. . . . . . . . . . . . . . . . . . . . . . 173

test copper-port tdr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

show copper-ports tdr

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

show copper-ports cable-length. . . . . . . . . . . . . . . . . . . . . . . 176

17 Port Channel Commands

interface port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

interface range port-channel

channel-group

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

port channel load balance

show interfaces port-channel

. . . . . . . . . . . . . . . . . . . . . . . . 179

. . . . . . . . . . . . . . . . . . . . . . . . . . 181

. . . . . . . . . . . . . . . . . . . . . . . . 181

18 Port Monitor Commands

port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

show ports monitor

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

19 QoS Commands

qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

show qos

wrr-queue cos-map

wrr-queue bandwidth

priority-queue out num-of-queues

show qos interface

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

. . . . . . . . . . . . . . . . . . . . . . 190

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

qos map dscp-queue

qos trust (Global)

qos trust (Interface)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

qos cos

show qos map

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

Contents 11

20 Radius Commands

radius-server host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

radius-server key

radius-server retransmit

radius-server source-ip

radius-server timeout

radius-server deadtime

show radius-servers

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

. . . . . . . . . . . . . . . . . . . . . . . . . . . 199

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

. . . . . . . . . . . . . . . . . . . . . . . . . . . 201

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

21 RMON Commands

show rmon statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

rmon collection history

show rmon collection history

show rmon history

rmon alarm

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

show rmon alarm-table

show rmon alarm

rmon event

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

. . . . . . . . . . . . . . . . . . . . . . . . . . . 205

. . . . . . . . . . . . . . . . . . . . . . . . 206

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

. . . . . . . . . . . . . . . . . . . . . . . . . . . 211

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

22 SNMP Commands

12 Contents

show rmon events

show rmon log

rmon table-size

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

snmp-server community. . . . . . . . . . . . . . . . . . . . . . . . . . . 219

snmp-server view

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . snmp-server filter

snmp-server contact

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

221

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

snmp-server location . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

snmp-server enable traps

. . . . . . . . . . . . . . . . . . . . . . . . . . 223

snmp-server trap authentication

snmp-server host

snmp-server set

snmp-server group

snmp-server user

snmp-server v3-host

snmp-server engineID local

show snmp engineid

show snmp

show snmp views

show snmp groups

show snmp filters

show snmp users

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

. . . . . . . . . . . . . . . . . . . . . . . . . 230

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

23 Spanning-Tree Commands

. . . . . . . . . . . . . . . . . . . . . . 224

spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

spanning-tree mode

spanning-tree forward-time

spanning-tree hello-time

spanning-tree max-age

spanning-tree priority

spanning-tree disable

spanning-tree cost

spanning-tree port-priority

spanning-tree portfast

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

. . . . . . . . . . . . . . . . . . . . . . . . . 240

. . . . . . . . . . . . . . . . . . . . . . . . . . 241

. . . . . . . . . . . . . . . . . . . . . . . . . . . 241

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

. . . . . . . . . . . . . . . . . . . . . . . . . 244

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Contents 13

spanning-tree link-type . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

spanning-tree pathcost method

spanning-tree bpdu

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

. . . . . . . . . . . . . . . . . . . . . . . 246

clear spanning-tree detected-protocols

show spanning-tree

spanning-tree mst priority

spanning-tree mst max-hops

spanning-tree mst port-priority

spanning-tree mst cost

spanning-tree mst configuration

instance (mst)

name (mst)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

revision (mst)

show (mst)

exit (mst)

abort (mst)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

spanning-tree mst mstp-rstp

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

. . . . . . . . . . . . . . . . . . . . . . . . . . 255

. . . . . . . . . . . . . . . . . . . . . . . . 255

. . . . . . . . . . . . . . . . . . . . . . . 256

. . . . . . . . . . . . . . . . . . . . . . . . . . . 257

. . . . . . . . . . . . . . . . . . . . . . . 257

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

. . . . . . . . . . . . . . . . . . . . . . . . 262

. . . . . . . . . . . . . . . . . . . 247

24 SSH Commands

14 Contents

spanning-tree guard root

. . . . . . . . . . . . . . . . . . . . . . . . . . 263

ip ssh server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

ip ssh port

crypto key generate dsa

crypto key generate rsa

ip ssh pubkey-auth

crypto key pubkey-chain ssh

user-key

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

. . . . . . . . . . . . . . . . . . . . . . . . . . . 266

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

. . . . . . . . . . . . . . . . . . . . . . . . 268

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

key-string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

show ip ssh

show crypto key mypubkey

show crypto key pubkey-chain ssh

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

. . . . . . . . . . . . . . . . . . . . . . . . . 271

. . . . . . . . . . . . . . . . . . . . . 272

25 Syslog Commands

logging on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

logging

logging console

logging buffered

logging buffered size

clear logging

logging file

clear logging file

show logging

show logging file

show syslog-servers

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

26 System Management

ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

traceroute

telnet

resume

reload

hostname

show users

show sessions

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Contents 15

show system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

show version

asset-tag

show system id

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

27 TACACS Commands

tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

tacacs-server key

tacacs-server timeout

tacacs-server source-ip

show tacacs

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

. . . . . . . . . . . . . . . . . . . . . . . . . . . 301

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

28 User Interface

enable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

disable

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

configure

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

16 Contents

exit(configuration)

exit(EXEC)

end

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

help

history

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

history size

debug-mode

show history

show privilege

terminal history

terminal history size

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

29 VLAN Commands

vlan database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

vlan

interface vlan

interface range vlan

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

name

switchport mode

switchport access vlan

switchport customer vlan

switchport trunk allowed vlan

switchport trunk native vlan

switchport general allowed vlan

switchport general pvid

switchport general ingress-filtering disable

switchport general acceptable-frame-type tagged-only

switchport forbidden vlan

map protocol protocols-group

switchport general map protocols-group vlan

show vlan

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

. . . . . . . . . . . . . . . . . . . . . . . . . . . 317

. . . . . . . . . . . . . . . . . . . . . . . . . . 317

. . . . . . . . . . . . . . . . . . . . . . . . 318

. . . . . . . . . . . . . . . . . . . . . . . . . 319

. . . . . . . . . . . . . . . . . . . . . . . 319

. . . . . . . . . . . . . . . . . . . . . . . . . . . 320

. . . . . . . . . . . . . . . . . 321

. . . . . . . . . . . 321

. . . . . . . . . . . . . . . . . . . . . . . . . . 322

. . . . . . . . . . . . . . . . . . . . . . . . 323

. . . . . . . . . . . . . . . . 324

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

show vlan protocols-groups

show interfaces switchport

. . . . . . . . . . . . . . . . . . . . . . . . . 325

. . . . . . . . . . . . . . . . . . . . . . . . . 326

30 Web Server

ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

ip http port

ip https server

ip https port

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

Contents 17

crypto certificate generate . . . . . . . . . . . . . . . . . . . . . . . . . 331

crypto certificate request

crypto certificate import

ip https certificate

show crypto certificate mycertificate

show ip http

show ip https

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

. . . . . . . . . . . . . . . . . . . . . . . . . . 332

. . . . . . . . . . . . . . . . . . . . . . . . . . . 333

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

. . . . . . . . . . . . . . . . . . . . 336

31 802.1x Commands

aaa authentication dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . 341

dot1x system-auth-control

dot1x port-control

dot1x re-authentication

dot1x timeout re-authperiod

dot1x re-authenticate

dot1x timeout quiet-period

dot1x timeout tx-period

. . . . . . . . . . . . . . . . . . . . . . . . . . 342

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

. . . . . . . . . . . . . . . . . . . . . . . . . . . 343

. . . . . . . . . . . . . . . . . . . . . . . . . 344

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 344

. . . . . . . . . . . . . . . . . . . . . . . . . . 345

. . . . . . . . . . . . . . . . . . . . . . . . . . . 346

18 Contents

dot1x max-req

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347

dot1x timeout supp-timeout

dot1x timeout server-timeout

show dot1x

show dot1x users

show dot1x statistics

ADVANCED FEATURES

dot1x auth-not-req

dot1x multiple-hosts

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 352

. . . . . . . . . . . . . . . . . . . . . . . . . . . 354

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

dot1x single-host-violation

. . . . . . . . . . . . . . . . . . . . . . . . . 347

. . . . . . . . . . . . . . . . . . . . . . . . 348

. . . . . . . . . . . . . . . . . . . . . . . . . 355

show dot1x advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

Contents 19

20 Contents

Command Groups

Introduction

The Command Language Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, you have greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.

An Ethernet Switch Module can be configured and maintained by entering commands from the CLI, which is based solely on textual input and output with commands being entered from a terminal keyboard and the output displayed as text via a terminal monitor. The CLI can be accessed from a VT100 terminal connected to the console port of the Ethernet Switch Module or through a Telnet connection from a remote host.

This guide describes how the Command Line Interface (CLI) is structured, describes the command syntax, and describes the command functionality.

This guide also provides information for configuring the PowerConnect Ethernet Switch Module, details the procedures and provides configuration examples. Basic installation configuration is described in the

Command Groups

User’s Guide

and must be completed before using this document.

The system commands can be broken down into the functional groups shown below.

Command Group Description

AAA Configures connection security including authorization and

passwords.

Address Table Configures bridging address tables.

Configuration and Image Files Manages the Ethernet Switch Module configuration files.

Clock Configures clock commands on the Ethernet Switch Module.

Ethernet Configuration Configures all port configuration options for, example ports, storm

control, and auto-negotiation.

GVRP Configures and displays GVRP configuration and information.

IGMP Snooping Configures IGMP snooping and displays IGMP configuration and

IGMP information.

IP Configures and manages IP addresses on the device.

LACP Configures and displays LACP information.

Line Configures the console and remote Telnet connection.

LLDP Configures and displays LLDP information.

Command Groups 1

Management ACL Configures and displays management access-list information.

PHY Diagnostics Diagnoses and displays the interface status.

Port Channel Configures and displays Port Channel information.

Port Monitor Monitors activity on specific target ports.

QoS Configures and displays QoS information.

RADIUS Configures and displays RADIUS information.

RMON Displays RMON statistics.

SNMP Configures SNMP communities, traps and displays SNMP

information.

Spanning Tree

SSH Configures SSH authentication.

Syslog Commands Manages and displays syslog messages.

System Management Configures the Ethernet Switch Module clock, name and

TACACS

User Interface Describes user commands used for entering CLI commands.

VLAN Configures VLANs and displays VLAN information.

Web Server Configures Web based access to the Ethernet Switch Module.

802.1x

Configures and reports on Spanning Tree protocol

authorized users.

Configures TACACS+ commands

Configures commands related to 802.1x security protocol.

2 Command Groups

AAA Commands

Command Group Description Access Mode

aaa authentication login Defines login authentication. Global

Configuration

aaa authentication enable Defines authentication method lists for accessing higher

privilege levels.

remote telnet or console.

enable authentication Specifies the authentication method list when accessing

a higher privilege level from a remote telnet or console.

ip http authentication Specifies authentication methods for http. Global

ip https authentication Specifies authentication methods for https. Global

show authentication methods

password Specifies a password on a line. Line

enable password Sets a local password to control access to normal and

username Establishes a username-based authentication system. Global

show users accounts Displays information about the local user database. Privileged EXEC

Displays information about the authentication methods. Privileged EXEC

privilege levels.

Global Configuration

Line Configuration

Configuration

Global Configuration

Configuration

Address Table Commands

Command Group Description Access Mode

bridge address Adds a static MAC-layer station source address to

the bridge table.

bridge multicast filtering Enables filtering of multicast addresses. Global

bridge multicast address Registers MAC-layer multicast addresses to the

bridge table, and adds static ports to the group.

bridge multicast forbidden address

bridge multicast forwardall

Forbids adding a specific multicast address to specific ports.

Enables forwarding of all multicast frames on a port. Interface (VLAN)

Interface (VLAN) Configuration

Configuration

Interface (VLAN) Configuration

Configuration

Command Groups 3

bridge multicast forbidden forward-all

bridge aging-time Sets the address table aging time. Global

clear bridge Removes any learned entries from the forwarding

port security Disables new address learning/forwarding on an

port security routed secure-address

show bridge address-table Displays all entries in the bridge-forwarding

show bridge address-table static

show bridge address-table count

show bridge multicast address-table

show bridge multicast filtering

show ports security Displays the port-lock status. Privileged EXEC

Enables forbidding forwarding of all multicast frames to a port.

database.

interface.

Adds MAC-layer secure addresses to a routed port. Interface

database.

Displays statically created entries in the bridgeforwarding database

Displays the number of addresses present in all VLANs or at a specific VLAN.

Displays all entries in the bridge-forwarding database.

Displays the multicast filtering configuration. Privileged EXEC

Interface (VLAN) Configuration

Configuration

Privileged EXEC

Interface Configuration

Configuration

Privileged EXEC

Clock Commands

Command Group Description Access Mode

clock set Manually sets the system clock Privileged EXEC

clock source Configures an external time source for the system

clock timezone Sets the time zone for display purposes Global

clock summer-time Configures the system to automatically switch to

sntp authentication-key Defines an authentication key for Simple Network

sntp authenticate Grants authentication for received Network Time

4 Command Groups

clock.

summer time (daylight saving time).

Time Protocol (SNTP).

Protocol (NTP) traffic from servers.

Global Configuration

Configuration

Global Configuration

sntp trusted-key Authenticates the identity of a system to which

Simple Network Time Protocol (SNTP) will synchronize.

sntp client poll timer Sets the polling time for the Simple Network Time

Protocol (SNTP) client.

sntp broadcast client enable

sntp anycast client enable Enables anycast clients Global

sntp client enable (interface)

sntp unicast client enable Enables the Ethernet Switch Module to use the

sntp unicast client poll Enables polling for the Simple Network Time

sntp server Configures the Ethernet Switch Module to use the

show clock Displays the time and date from the system clock. User EXEC

show sntp configuration Shows the configuration of the Simple Network

show sntp status Shows the status of the Simple Network Time

Enables the Simple Network Time Protocol (SNTP) broadcast clients.

Enables the Simple Network Time Protocol (SNTP) client on an interface.

Simple Network Time Protocol (SNTP) to request and accept Network Time Protocol (NTP) traffic from servers.

Protocol (SNTP) predefined unicast clients.

Simple Network Time Protocol (SNTP) to request and accept Network Time Protocol (NTP) traffic from a server.

Time Protocol (SNTP).

Protocol (SNTP).

Global Configuration

Configuration

Interface Configuration

Global Configuration

Privileged EXEC

Configuration and Image Files Commands

Command Group Description Access Mode

delete startup-config Deletes the startup-config file. Privileged EXEC

copy Copies files from a source to a destination. Privileged EXEC

boot system Specifies the system image that the Ethernet Switch

Module loads at startup.

show running-config Displays the contents of the currently running

configuration file.

show startup-config Displays the startup configuration file contents. Privileged EXEC

show backup-config Displays the backup configuration file contents. Privileged EXEC

Privileged EXEC

Command Groups 5

show bootvar Displays the active system image file that the

Ethernet Switch Module loads at startup.

Privileged EXEC

Ethernet Configuration Commands

Command Group Description Access Mode

interface ethernet Enters the interface configuration mode to

configure an Ethernet type interface.

interface range ethernet Enters the interface configuration mode to

configure multiple Ethernet type interfaces.

shutdown Disables interfaces. Interface

description Adds a description to an interface. Interface

duplex Configures the full/half duplex operation of a given

Ethernet interface when not using auto-negotiation.

speed Configures the speed of a given Ethernet interface

when not using auto-negotiation.

negotiation Enables auto-negotiation operation for the speed

and duplex parameters of a given interface.

flowcontrol Configures the Flow Control on a given interface. Interface

mdix Enables automatic crossover on a given interface. Interface

back-pressure Enables Back Pressure on a given interface. Interface

port jumbo-frame Enables jumbo frames for the Ethernet Switch

Module.

clear counters Clears statistics on an interface. User EXEC

set interface active Reactivates an interface that was suspended by the

system.

show interfaces configuration

show interfaces status Displays the status for all interfaces. User EXEC

Displays the configuration for all interfaces. User EXEC

Global Configuration

Configuration

Interface Configuration

Configuration

Global Configuration

Privileged User EXEC

6 Command Groups

show interfaces description

show interfaces counters Displays traffic seen by the physical interface. User EXEC

show ports jumbo-frame Displays the jumbo frames configuration. User EXEC

port storm-control include-multicast

port storm-control broadcast enable

port storm-control broadcast rate

show ports storm-control Displays the storm control configuration. Privileged User

Displays the description for all interfaces. User EXEC

Enables the Ethernet Switch Module to count multicast packets with broadcast packets.

Enables broadcast storm control. Interface

Configures the maximum broadcast rate. Global

Global Configuration

Configuration

EXEC

GVRP Commands

Command Group Description Mode

gvrp enable (global) Enables GVRP globally. Global

Configuration

gvrp enable (interface) Enables GVRP on an interface. Interface

Configuration

garp timer Adjusts the GARP application join, leave, and

leaveall GARP timer values.

gvrp vlan-creation-forbid Enables or disables dynamic VLAN creation. Interface

gvrp registration-forbid De-registers all VLANs, and prevents dynamic

VLAN registration on the port.

clear gvrp statistics Clears all the GVRP statistics information. Privileged EXEC

show gvrp configuration Displays GVRP configuration information. User EXEC

show gvrp statistics Displays GVRP statistics. User EXEC

show gvrp error-statistics Displays GVRP error statistics. User EXEC

Interface Configuration

Configuration

Interface Configuration

Command Groups 7

IGMP Snooping Commands

Command Group Description Access Mode

ip igmp snooping (Global)

ip igmp snooping Enables Internet Group Management Protocol

ip igmp snooping mrouter learn-pim-dvmrp

ip igmp snooping hosttime-out

ip igmp snooping mrouter-time-out

ip igmp snooping leavetime-out

show ip igmp snooping mrouter

show ip igmp snooping interface

show ip igmp snooping groups

Enables Internet Group Management Protocol (IGMP) snooping.

(IGMP) snooping on a specific VLAN.

Enables automatic learning of multicast switch ports in the context of a specific VLAN.

Configures the host-time-out. Interface (VLAN)

Configures the mrouter-time-out. Interface (VLAN)

Configures the leave-time-out. Interface (VLAN)

Displays information on dynamically learned multicast router interfaces.

Displays IGMP snooping configuration. User EXEC

Displays multicast groups learned by IGMP snooping.

Global Configuration

Interface (VLAN)

User EXEC

IP Addressing

Command Group Description Access Mode

ip address

ip address dhcp Acquires an IP address on an interface from the

ip default-gateway

show ip interface Displays the usability status of interfaces configured

arp Adds a permanent entry in the ARP cache. Global

arp timeout Configures how long an entry remains in the ARP

8 Command Groups

Sets an IP address

DHCP server.

Defines a default gateway (router)

for IP.

cache

Interface Configuration

Global Configuration

Privileged EXEC

Configuration

Global Configuration

clear arp-cache Deletes all dynamic entries from the ARP cache. Privileged EXEC

show arp Displays entries in the ARP table. Privileged EXEC

ip domain-lookup Enables the IP Domain Naming System (DNS)-based

host name-to-address translation.

ip domain-name Defines a default domain name, that the software

uses to complete unqualified host names.

ip name-server Sets the available name servers.

ip host Defines static host name-to-address mapping in the

host cache.

clear host

Deletes entries from the host name-to-address

Global Configuration

Privileged EXEC

cache

show hosts Displays the default domain name, a list of name

server hosts, the static and cached list of host names and addresses.

Privileged EXEC

LACP Commands

Command Group Description Access Mode

lacp system-priority Configures the system LACP priority. Global

Configuration

lacp port-priority Configures the priority value for physical ports. Interface

Configuration

lacp timeout Assigns an administrative LACP timeout. Interface

Configuration

show lacp ethernet Displays LACP information for Ethernet ports. Privileged EXEC

show lacp port-channel

Displays LACP information for a port-channel.

Privileged EXEC

Line Commands

Command Group Description Access Mode

line Identifies a specific line for configuration and enters

the line configuration command mode.

exec-timeout Configures the interval that the system waits until

user input is detected.

show line Displays line parameters. User EXEC

Global Configuration

Line Configuration

Command Groups 9

LLDP Commands

Command Group Description Access Mode

lldp enable (global) Enables Link Layer Discovery Protocol. Global

Configuration

lldp enable (interface) Enables Link Layer Discovery Protocol (LLDP) on an

interface.

lldp timer Specifies how often the software sends Link Layer

Discovery Protocol (LLDP) updates.

lldp hold-multiplier Specifies the amount of time the receiving device should

hold a Link Layer Discovery Protocol packet before discarding it.

lldp reinit-delay Specifies the minimum time an LLDP port will wait

before reinitializing LLDP transmission.

lldp tx-delay Specifies the delay between successive LLDP frame

transmissions initiated by value/status changes in the LLDP local systems MIB.

Interface Configuration (Ethernet)

Global Configuration

lldp optional-tlv Specifies which optional TLVs from the basic set should

be transmitted.

lldp managementaddress

clear lldp rx Restarts the LLDP RX state machine and clears the

show lldp configuration

show lldp local Displays the Link Layer Discovery Protocol (LLDP)

show lldp neighbors Displays information about discovered neighboring

Specifies the management address that would be advertised from an interface.

neighbors table.

Displays the Link Layer Discovery Protocol (LLDP) configuration.

information that is advertised from a specific port.

devices using Link Layer Discovery Protocol (LLDP).

Interface Configuration (Ethernet)

Privileged EXEC

10 Command Groups

Management ACL Commands

Command Group Description Access Mode

management accesslist

permit (management) Defines a permit rule. Management

deny (management) Defines a deny rule. Management

management accessclass

show management access-list

show management access-class

Defines a management access-list, and enters the accesslist for configuration.

Defines which management access-list is used. Global

Displays management access-lists. Privileged

Displays the active management access-list. Privileged

Global Configuration

Access-level

Configuration

EXEC

PHY Diagnostics Commands

Command Group Description Access Mode

test copper-port tdr Diagnoses with TDR (Time Domain Reflectometry)

technology the quality and characteristics of a copper cable attached to a port.

show copper-ports tdr Displays the last TDR (Time Domain Reflectometry)

tests on specified ports.

show copper-ports cable-length

Displays the estimated copper cable length attached to a port.

Privileged EXEC

Command Groups 11

Port Channel Commands

Command Group Description Access Mode

interface port-channel Enters the interface configuration mode of a specific

port-channel.

interface range portchannel

channel-group Associates a port with a port-channel. Interface

port channel load balance

show interfaces portchannel

Enters the interface configuration mode to configure multiple port-channels.

Configures the load balancing policy of the port channeling

Displays port-channel information. User EXEC

Global Configuration

Configuration

Global Configuration

Port Monitor Commands

Command Group Description Access Mode

port monitor Starts a port monitoring session. Interface

Configuration

show ports monitor Displays the port monitoring status. User EXEC

QoS Commands

Command Group Description Access Mode

qos Enables quality of service (QoS) on the Ethernet

show qos Displays the QoS status. User EXEC

wrr-queue cos-map

wrr-queue bandwidth Assigns Weighted Round Robin (WRR) weights to

priority-queue out numof-queues

show qos interface Displays interface QoS data. User EXEC

qos map dscp-queue Modifies the DSCP to CoS map. Global

12 Command Groups

Switch Module and enters QoS basic mode.

Maps assigned CoS values to select one of the egress queues.

egress queues.

Enables the egress queues to be SP queues

. Global

Global Configuration

Configuration

qos trust (Global) Configures the system to basic mode and the "trust"

state.

qos trust (Interface)

qos cos Configures the default port CoS value. Interface

show qos map Displays all the maps for QoS. User EXEC

Enables each port trust state

Global Configuration

Interface Configuration

Configuration

Radius Commands

Command Group Description Access Mode

radius-server host Specifies a RADIUS server host. Global

Configuration

radius-server key Sets the authentication and encryption key for all

RADIUS communications between the Ethernet Switch Module and the RADIUS daemon.

radius-server retransmit

radius-server source-ip Specifies the source IP address used for communication

radius-server timeout Sets the interval for which a Ethernet Switch Module

radius-server deadtime Improves RADIUS response times when servers are

show radius-servers Displays the RADIUS server settings. Privileged

Specifies the number of times the software searches the list of RADIUS server hosts.

with RADIUS servers.

waits for a server host to reply.

unavailable.

Global Configuration

EXEC

Command Groups 13

RMON Commands

Command Group Description Mode

show rmon statistics Displays RMON Ethernet Statistics. User EXEC

rmon collection history Enables a Remote Monitoring (RMON) MIB history

statistics group on an interface.

show rmon collection history

show rmon history Displays RMON Ethernet statistics history. User EXEC

rmon alarm Configures alarm conditions. Global

show rmon alarm-table Displays the alarms summary table. User EXEC

show rmon alarm Displays alarm configurations. User EXEC

rmon event Configures a RMON event. Global

show rmon events Displays the RMON event table. User EXEC

show rmon log Displays the RMON logging table. User EXEC

rmon table-size Configures the maximum RMON tables sizes. Global

Displays the requested history group configuration. User EXEC

Interface Configuration

Configuration

SNMP Commands

Command Group Description Access Mode

snmp-server community Sets up the community access string to permit access

snmp-server view Sets up a system contact. Global

snmp-server filter Creates or updates a filter entry. Global

snmp-server contact Sets up a system contact. Global

snmp-server location Sets up the information on where the Ethernet Switch

snmp-server enable traps Enables the Ethernet Switch Module to send SNMP

snmp-server trap authentication

14 Command Groups

to SNMP protocol.

Module is located.

traps or SNMP notifications.

Enables the Ethernet Switch Module to send Simple Network Management Protocol traps when authentication failed.

Global Configuration

Configuration

Global Configuration

snmp-server host Specifies the recipient of Simple Network

Management Protocol notification operation.

snmp-server set Sets SNMP MIB value by the CLI. Global

snmp-server group Configures a new Simple Network Management

Protocol (SNMP) group.

snmp-server user Configure a new SNMP Version 3 user.

snmp-server v3-host Specifies the recipient of SimpleNetwork Management

Protocol Version 3 notifications.

snmp-server engineID local

show snmp engineid Displays the ID of the local Simple Network

show snmp Displays the SNMP status. Privileged

show snmp views Displays the configuration of views. Privileged User

show snmp groups Displays the configuration of groups. Privileged User

show snmp filters Displays the configuration of filters. Privileged User

show snmp users Displays the configuration of groups. Privileged User

Specifies the Simple Network Management Protocol (SNMP) engineID on the local device.

Management Protocol (SNMP) engine.

Global Configuration

Configuration

Global Configuration

Privileged User EXEC

EXEC

Spanning Tree Commands

Command Group Description Access Mode

spanning-tree Enables spanning tree functionality. Global

Configuration

spanning-tree mode Configures the spanning tree protocol. Global

Configuration

spanning-tree forwardtime

spanning-tree hello-time Configures the spanning tree bridge Hello Time. Global

spanning-tree max-age Configures the spanning tree bridge maximum age. Global

Configures the spanning tree bridge forward time. Global

Configuration

Command Groups 15

spanning-tree priority Configures the spanning tree priority. Global

Configuration

spanning-tree disable Disables spanning tree on a specific port. Interface

Configuration

spanning-tree cost Configures the spanning tree path cost for a port. Interface

Configuration

spanning-tree portpriority

spanning-tree portfast Enables PortFast mode. Interface

spanning-tree link-type

spanning-tree pathcost method

spanning-tree bpdu Defines BPDU handling when spanning tree is

clear spanning-tree detected-protocols

show spanning-tree Displays spanning tree configuration. Privileged

spanning-tree mst priority

spanning-tree mst maxhops

spanning-tree mst portpriority

spanning-tree mst cost Configures the path cost for multiple spanning tree

spanning-tree mst configuration

instance (mst) Maps VLANS to an MST instance. MST

name (mst) Defines the configuration name. MST

Configures port priority. Interface

Configuration

Overrides the default link-type setting

Sets the default path cost method.

disabled on an interface.

Restarts the protocol migration process on all interfaces or on the specified interface.

Configures the device priority for the specified spanning-tree instance.

Configures the number of hops in an MST region before the BDPU is discarded and the port information is aged out.

Configures port priority for the specified MST instance

(MST) calculations.

Enables configuring an MST region by entering the Multiple Spanning Tree (MST) mode.

.Interface

Configuration

Global Configuration

Privileged EXEC

EXEC

Global Configuration

Interface Configuration

Global Configuration

Configuration mode

16 Command Groups

revision (mst) Defines the configuration revision number. MST

Configuration mode

show (mst) Displays the current or pending MST region

configuration.

exit (mst) Exits the MST configuration mode and applies all

configuration changes.

abort (mst) Exits the MST configuration mode without applying

the configuration changes

spanning-tree mst mstprstp

spanning-tree guard root Enables root guard on all the spanning tree instances

Configure the switch to convert STP/RSTP packets to MSTP instances.

on that interface.

MST Configuration mode

Global Configuration

Interface Configuration

SSH Commands

Command Group Description Access Mode

ip ssh port Specifies the port to be used by the SSH server. Global

Configuration

ip ssh server Enables the Ethernet Switch Module to be

configured from a SSH server.

crypto key generate dsa Generates DSA key pairs. Global

crypto key generate rsa Generates RSA key pairs. Global

ip ssh pubkey-auth Enables public key authentication for incoming

SSH sessions.

crypto key pubkey-chain ssh Enters SSH Public Key-chain configuration mode. Global

user-key Specifies which SSH public key is manually

configured and enters the SSH public key-string configuration command.

key-string Manually specifies a SSH public key. SSH Public Key

show ip ssh Displays the SSH server configuration. Privileged

Global Configuration

Configuration

Global Configuration

Configuration

SSH Public Key

EXEC

Command Groups 17

show crypto key mypubkey Displays the SSH public keys stored on the

Ethernet Switch Module.

show crypto key pubkey-chain ssh

Displays SSH public keys stored on the Ethernet Switch Module.

Privileged EXEC

Syslog Commands

Command Group Description Access Mode

logging on Controls error messages logging. Global

Configuration

logging Logs messages to a syslog server. Global

Configuration

logging console Limits messages logged to the console based on

severity.

logging buffered Limits syslog messages displayed from an internal

buffer based on severity.

logging buffered size Changes the number of syslog messages stored in

the internal buffer.

clear logging Clears messages from the internal logging buffer. Privileged

logging file Limits syslog messages sent to the logging file

based on severity.

clear logging file Clears messages from the logging file. Privileged

show logging Displays the state of logging and the syslog

messages stored in the internal buffer.

show logging file Displays the state of logging and the syslog

messages stored in the logging file.

show syslog-servers Displays the syslog servers settings. Privileged

Global Configuration

EXEC

Global Configuration

EXEC

Privileged EXEC

EXEC

18 Command Groups

System Management Commands

Command Group Description Access Mode

ping Sends ICMP echo request packets to another

node on the network.

traceroute Discovers the routes that packets will actually take

when traveling to their destination.

telnet Logs in to a host that supports Telnet.

resume Switches to another open Telnet session

reload

hostname Specifies or modifies the Ethernet Switch Module

show users Displays information about the active users. User EXEC

show sessions Lists the open Telnet sessions.

show system Displays system information. User EXEC

show version Displays the system version information. User EXEC

asset-tag Specifies the Ethernet Switch Module asset-tag. Global

show system id Displays the service ID information. User EXEC

Reloads the operating system

host name.

User EXEC

Privileged EXEC

Global Configuration

User EXEC

Configuration

TACACS Commands

Command Group Description Mode

tacacs-server host Specifies a TACACS+ host. Global

tacacs-server key Sets the authentication encryption key used for all

TACACS+ communications between the Ethernet Switch Module and the TACACS+ daemon.

tacacs-server source-ip Specifies the source IP address that will be used

for the communication with TACACS+ servers.

tacacs-server timeout Sets the timeout value. Global

show tacacs Displays configuration and statistics for a

TACACS+ servers.

Configuration

Global Configuration

Configuration

Privileged EXEC

Command Groups 19

User Interface Commands

Command Group Description Access Mode

enable Enters the privileged EXEC mode. User EXEC

disable Returns to User EXEC mode. Privileged

EXEC

configure

exit(configuration) Exits any configuration mode to the next highest mode in

exit(EXEC) Closes an active terminal session by logging off the

end Ends the current configuration session and returns to the

help Displays a brief description of the help system. All

history Enables the command history function. Line

history size Changes the command history buffer size for a particular

debug-mode Switches the mode to debug. Privileged

show history Lists the commands entered in the current session. Privileged

terminal history Enables the command history function for the current

terminal history size Sets the command history buffer size for the current

Enables the global configuration mode

the CLI mode hierarchy.

Ethernet Switch Module.

Privileged EXEC mode.

line.

terminal session.

Privileged EXEC

All

Priv/User EXEC

After Privileged EXEC

Configuration

Line Configuration

EXEC

Priv/User EXEC

VLAN Commands

Command Group Description Access Mode

vlan database Enters the VLAN database configuration mode. Global

vlan Creates a VLAN. VLAN Database

20 Command Groups

Configuration

interface vlan

interface range vlan Enters the interface configuration mode to configure

name Configures a name to a VLAN. Interface (VLAN)

switchport mode Configures the VLAN membership mode of a port. Interface

switchport customer vlan

switchport access vlan Configures the VLAN ID when the interface is in

switchport trunk allowed vlan

switchport trunk native vlan

switchport general allowed vlan

switchport general pvid Configures the PVID when the interface is in general

switchport general ingress-filtering disable

switchport general acceptable-frame-type tagged-only

switchport forbidden vlan

map protocol protocols-group

switchport general map protocols-group vlan

show vlan Displays VLAN information. Privileged EXEC

show vlan protocolsgroups

show interfaces switchport

Enters the interface configuration (VLAN) mode

multiple VLANs.

Sets the port's VLAN when the interface is in customer mode.

access mode.

Adds or removes VLANs from a port in general mode. Interface

Defines the port as a member of the specified VLAN, and the VLAN ID is the "port default VLAN ID (PVID)".

Adds or removes VLANs from a general port. Interface

mode.

Disables port ingress filtering. Interface

Discards untagged frames at ingress. Interface

Forbids adding specific VLANs to a port. Interface

Adds a special protocol to a named group of protocols, which may be used for protocol-based VLAN assignment.

Sets a protocol-based classification rule. Interface

Displays protocols-groups information. Privileged EXEC

Displays switchport configuration. Privileged EXEC

Global Configuration

Configuration

Interface Configuration

Configuration

Interface Configuration

Configuration

Interface Configuration

Configuration

VLAN Database

Configuration

Command Groups 21

Web Server Commands

Command Group Description Access Mode

ip http server Enables the Ethernet Switch Module to be configured

from a browser.

ip http port Specifies the TCP port for use by a web browser to

configure the Ethernet Switch Module.

ip https port Configures a TCP port for use by a secure web browser to

configure the Ethernet Switch Module.

ip https server Enables the Ethernet Switch Module to be configured

from a secured browser.

crypto certificate generate

crypto certificate request

crypto certificate import

ip https certificate

show ip http Displays the HTTP server configuration. Privileged

show ip https Displays the HTTPS server configuration. Privileged

show crypto certificate mycertificate

Generates a HTTPS certificate. Global

Generates and displays certificate requests for HTTPS.

Imports a certificate signed by Certification Authority for HTTPS.

Configures the active certificate for HTTPS.

Displays the SSL certificates of the Ethernet Switch Module

Global Configuration

Configuration

Privileged EXEC

Global Configuration

EXEC

Privileged EXEC

802.1x Commands

Command Description Access Mode

aaa authentication dot1x

dot1x system-authcontrol

dot1x port-control

22 Command Groups

Specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1X.

Enables 802.1x globally.

Enables manual control of the authorization state of the port

Global Configuration

Interface Configuration

dot1x re-authentication

dot1x timeout reauthperiod

dot1x re-authenticate

dot1x timeout quietperiod

dot1x timeout tx-period

dot1x max-req

dot1x timeout supptimeout

dot1x timeout servertimeout

show dot1x Allows multiple hosts on an 802.1X-authorized port, that

show dot1x users Displays 802.1X statistics for the specified interface. Privileged

show dot1x statistics Displays 802.1X statistics for the specified interface. Privileged

dot1x auth-not-req Enables unauthorized users access to that VLAN. VLAN

dot1x multiple-hosts Allows multiple hosts (clients) on an 802.1X-authorized

dot1x single-hostviolation

show dot1x advanced Displays 802.1X advanced features for the switch or for

Enables periodic re-authentication of the client.

Sets the number of seconds between re-authentication attempts.

Manually initiates a re-authentication of all 802.1Xenabled ports or the specified 802.1X-enabled port.

Sets the number of seconds that the Ethernet Switch Module remains in the quiet state following a failed authentication exchange.

Sets the number of seconds that the Ethernet Switch Module waits for a response to an Extensible Authentication Protocol (EAP) - request/identity frame from the client, before resending the request.

Sets the maximum number of times that the Ethernet Switch Module sends an EAP - request/identity frame to the client, before restarting the authentication process.

Sets the time for the retransmission of an Extensible Authentication Protocol (EAP)-request frame to the client.

Sets the time for the retransmission of packets to the authentication server.

dot1x port-control

has the mand set to

port, that has the dot1x port-control Interface Configuration mode command set to auto.

Configures the action to be taken, when a station whose MAC address is not the supplicant MAC address, attempts to access the interface.

the specified interface.

auto

interface configuration com-

Interface Configuration

Privileged EXEC

Interface Configuration

Privileged EXEC

EXEC

Configuration

Interface Configuration

Privileged EXEC

Command Groups 23

24 Command Groups

Command Modes

GC (Global Configuration) Mode

Command Description

aaa authentication enable Defines authentication method lists for accessing higher privilege

levels.

aaa authentication login Defines login authentication.

aaa authentication dot1x Specifies one or more authentication, authorization, and accounting

(AAA) methods for use on interfaces running IEEE 802.1X.

arp Adds a permanent entry in the ARP cache.

arp timeout Configures how long an entry remains in the ARP cache.

asset-tag Specifies the Ethernet Switch Module asset-tag.

bridge aging-time Sets the address table aging time.

bridge multicast filtering Enables filtering of multicast addresses.

clock source Configures an external time source for the system clock.

clock timezone Sets the time zone for display purposes.

clock summer-time Configures the system to automatically switch to summer time

(daylight saving time).

crypto certificate generate Generates a HTTPS certificate.

crypto certificate import Imports a certificate signed by Certification Authority for HTTPS.

crypto key generate dsa Generates DSA key pairs.

crypto key generate rsa Generates RSA key pairs.

crypto key pubkey-chain ssh Enters SSH Public Key-chain configuration mode.

dot1x system-auth-control Enables 802.1x globally.

enable password Sets a local password to control access to normal and privilege levels.

end Ends the current configuration session and returns to the previous

command mode.

gvrp enable (global) Enables GVRP globally.

hostname Specifies or modifies the Ethernet Switch Module host name.

interface ethernet Enters the interface configuration mode to configure an Ethernet type

interface.

interface port-channel Enters the interface configuration mode of a specific port-channel.

Command Modes 25

interface range ethernet Enters the interface configuration mode to configure multiple ethernet

type interfaces.

interface range port-channel Enters the interface configuration mode to configure multiple port-

channels.

interface range vlan Enters the interface configuration mode to configure multiple VLANs.

interface vlan Enters the interface configuration (VLAN) mode.

ip default-gateway Defines a default gateway.

ip domain-lookup Enables the IP Domain Naming System (DNS)-based host name-to-

address translation.

ip domain-name Defines a default domain name, that the software uses to complete

unqualified host names.

ip host Defines static host name-to-address mapping in the host cache.

ip http authentication Specifies authentication methods for HTTP.

ip http port Specifies the TCP port for use by a web browser to configure the

Ethernet Switch Module.

ip http server Enables the Ethernet Switch Module to be configured from a

browser.

ip https authentication Specifies authentication methods for HTTPS.

ip https certificate Configures the active certificate for HTTPS. Use the no form of this

command to return to default.

ip https server Enables the Ethernet Switch Module to be configured from a secured

browser.

ip https port Configures a TCP port for use by a secure web browser to configure

the Ethernet Switch Module.

ip igmp snooping (Global) Enables Internet Group Management Protocol (IGMP) snooping.

ip name-server Sets the available name servers.

ip ssh port Specifies the port to be used by the SSH server.

ip ssh pubkey-auth Enables public key authentication for incoming SSH sessions.

ip ssh server Enables the Ethernet Switch Module to be configured from a SSH

server.

lacp system-priority Configures the system LACP priority.

line Identifies a specific line for configuration and enters the line

configuration command mode.

logging Logs messages to a syslog server.

logging buffered Limits syslog messages displayed from an internal buffer based on

severity.

26 Command Modes

logging buffered size Changes the number of syslog messages stored in the internal buffer.

logging console Limits messages logged to the console based on severity.

logging file Limits syslog messages sent to the logging file based on severity.

logging on Controls error messages logging.

management access-class Defines which management access-list is used.

management access-list Defines a management access-list, and enters the access-list for

configuration.

port jumbo-frame Enables jumbo frames for the Ethernet Switch Module.

port storm-control includemulticast

priority-queue out num-ofqueues

qos Enables Quality of Service (QoS) on the Ethernet Switch Module and

qos map dscp-queue Modifies the DSCP to CoS map.

qos trust (Global) Configure the system to "trust" state.

radius-server deadtime Improves RADIUS response times when servers are unavailable.

port storm-control broadcast rate

qos map dscp-queue Defines the wrr-queue mechanism on an egress queue.

wrr-queue bandwidth Assigns Weighted Round Robin (WRR) weights to egress queues.

radius-server host Specifies a RADIUS server host.

radius-server key Sets the authentication and encryption key for all RADIUS

radius-server retransmit Specifies the number of times the software searches the list of RADIUS

radius-server source-ip Specifies the source IP address used for communication with RADIUS

radius-server timeout Sets the interval for which a Ethernet Switch Module waits for a server

rmon alarm Configures alarm conditions.

rmon event Configures a RMON event.

rmon table-size Configures the maximum RMON tables sizes.

snmp-server community Sets up the community access string to permit access to SNMP

Enables the Ethernet Switch Module to count multicast packets.

Enables the egress queues to be SP queues.

enters QoS basic or advance mode.

Configures the maximum broadcast rate.

communications between the Ethernet Switch Module and the RADIUS daemon.

server hosts.

servers.

host to reply.

protocol.

Command Modes 27

snmp-server contact Sets up a system contact.

snmp-server enable traps Enables the Ethernet Switch Module to send SNMP traps or SNMP

notifications.

snmp-server host

snmp-server location Sets up the information on where the Ethernet Switch Module is

snmp-server set Sets SNMP MIB value by the CLI.

snmp-server trap authentication

sntp authenticate Grants authentication for received Network Time Protocol (NTP)

sntp authentication-key Defines an authentication key for Simple Network Time Protocol

spanning-tree Enables spanning tree functionality.

spanning-tree bpdu Defines BPDU handling when spanning tree is disabled on an interface.

spanning-tree forward-time Configures the spanning tree bridge forward time.

spanning-tree hello-time Configures the spanning tree bridge Hello Time.

spanning-tree max-age Configures the spanning tree bridge maximum age.

spanning-tree mode Configures the spanning tree protocol.

spanning-tree pathcost method Sets the default pathcost method.

spanning-tree priority Configures the spanning tree priority.

tacacs-server key Sets the authentication encryption key used for all TACACS+

tacacs-server source-ip Specifies the source IP address that will be used for the communication

tacacs-server timeout Sets the timeout value.

tacacs-server host Specifies a TACACS+ host.

username Establishes a username-based authentication system.

wrr-queue cos-map

Specifies the recipient of Simple Network Management Protocol notification operation

located.

Enables the Ethernet Switch Module to send Simple Network Management Protocol traps when authentication failed.

traffic from servers.

(SNTP).

communications between the Ethernet Switch Module and the TAC A C S + daemo n .

with TACACS+ servers.

Maps assigned CoS values to select one of the egress queues.

IC (Interface Configuration) Mode

Command Description

28 Command Modes

back-pressure Enables Back Pressure on a given interface.

channel-group Associates a port with a Port-channel.

description Adds a description to an interface.

dot1x max-req Sets the maximum number of times that the Ethernet Switch Module

sends an EAP - request/identity frame to the client, before restarting the authentication process.

dot1x multiple-hosts Allows multiple hosts (clients) on an 802.1X-authorized port, that has

the dot1x port-control Interface Configuration mode command set to auto.

dot1x port-control Enables manual control of the authorization state of the port.

dot1x re-authentication Enables periodic re-authentication of the client.

dot1x single-host-violation Configures the action to be taken, when a station whose MAC address is

not the supplicant MAC address, attempts to access the interface.

dot1x timeout quiet-period Sets the number of seconds that the Ethernet Switch Module remains in

the quiet state following a failed authentication exchange.

dot1x timeout re-authperiod Sets the number of seconds between re-authentication attempts.

dot1x timeout server-timeout Sets the time for the retransmission of packets to the authentication

server.

dot1x timeout supp-timeout Sets the time for the retransmission of an EAP-request frame to the

client.

dot1x timeout tx-period

duplex Configures the full/half duplex operation of a given ethernet interface

flowcontrol Configures the Flow Control on a given interface.

garp timer Adjusts the GARP application join, leave, and leaveall GARP timer

gvrp enable (interface) Enables GVRP on an interface.

gvrp registration-forbid De-registers all VLANs, and prevents dynamic VLAN registration on the

gvrp vlan-creation-forbid Enables or disables dynamic VLAN creation.

ip address Sets an IP address.

ip address dhcp Acquires an IP address on an interface from the DHCP server.

lacp port-priority Configures the priority value for physical ports.

lacp timeout Assigns an administrative LACP timeout.

Sets the number of seconds that the Ethernet Switch Module waits for a response to an Extensible Authentication Protocol (EAP) request/identity frame, from the client, before resending the request.

when not using auto-negotiation.

values.

port.

Command Modes 29

mdix Enables automatic crossover on a given interface.

name Configures a name to a VLAN.

negotiation Enables auto-negotiation operation for the speed and duplex parameters

of a given interface.

port monitor Starts a port monitoring session.

port security Disables new address learning/forwarding on an interface.

port security routed secureaddress

port storm-control broadcast enable

qos cos Configures the default port CoS value.

qos trust (Interface) Enables each port trust state while the system is in basic mode.

rmon collection history Enables a Remote Monitoring (RMON) MIB history statistics group on

shutdown Disables interfaces.

sntp client enable (interface) Enables the Simple Network Time Protocol (SNTP) client on an

spanning-tree cost Configures the spanning tree path cost for a port.

spanning-tree disable Disables spanning tree on a specific port.

spanning-tree link-type Overrides the default link-type setting.

spanning-tree portfast Enables PortFast mode.

spanning-tree port-priority Configures port priority.

speed

Adds MAC-layer secure addresses to a routed port.

Enables broadcast storm control.

an interface.

interface.

Configures the speed of a given Ethernet interface when not using auto-negotiation.

LC (Line Configuration) Mode

Command Description

enable authentication Specifies the authentication method list when accessing a higher

exec-timeout Configures the interval that the system waits until user input is detected.

history Enables the command history function.

history size Changes the command history buffer size for a particular line.

30 Command Modes

privilege level from a remote telnet or console.

console.

password Specifies a password on a line.

MA (Management Access-level) Mode

Command Description

deny (management) Defines a deny rule.

permit (management) Defines a permit rule.

PE (Privileged EXEC) Mode

Command Description

boot system Specifies the system image that the Ethernet Switch Module loads at

startup.

clear arp-cache Deletes all dynamic entries from the ARP cache.

clear bridge Removes any learned entries from the forwarding database.

clear gvrp statistics Clears all the GVRP statistics information.

clear host Deletes entries from the host name-to-address cache.

clear host dhcp Deletes entries from the host name-to-address mapping received from

Dynamic Host Configuration Protocol (DHCP).

clear logging Clears messages from the internal logging buffer.

clear logging file Clears messages from the logging file.

clear spanning-tree detectedprotocols

clock set Manually sets the system clock.

configure Enters the global configuration mode.

copy Copies files from a source to a destination.

crypto certificate request Generates and displays certificate requests for HTTPS.

dot1x re-authenticate Manually initiates a re-authentication of all 802.1X-enabled ports or the

reload Reloads the operating system.

set interface active Reactivates an interface that was suspended by the system.

show arp Displays entries in the ARP table.

show authentication methods Displays information about the authentication methods.

Restarts the protocol migration process on all interfaces or on the specified interface.

specified 802.1X-enabled port.

Command Modes 31

show bootvar Displays the active system image file that the Ethernet Switch Module

loads at startup

show bridge address-table Displays all entries in the bridge-forwarding database.

show bridge address-table count

show bridge multicast addresstable

show bridge multicast filtering Displays the multicast filtering configuration.

show copper-ports cablelength

show copper-ports tdr Displays the last TDR (Time Domain Reflectometry) tests on specified

show crypto key mypubkey Displays the SSH public keys stored on the Ethernet Switch Module.

show crypto key pubkey-chain ssh

show crypto certificate mycertificate

show dot1x Displays 802.1X status for the Ethernet Switch Module or for the

show dot1x advanced Displays 802.1X enhanced features for the Ethernet Switch Module or

show dot1x users Displays 802.1X users for the Ethernet Switch Module.

show dot1x statistics Displays 802.1X statistics for the specified interface.

show hosts Displays the default domain name, a list of name server hosts, the static

show ip ssh Displays the SSH server configuration.

show ip interface Displays the usability status of interfaces configured for IP.

show lacp ethernet Displays LACP information for Ethernet ports.

show lacp port-channel

show logging Displays the state of logging and the syslog messages stored in the

show logging file Displays the state of logging and the syslog messages stored in the

show management access-class Displays the active management access-list.

Displays the number of addresses present in all VLANs or at specific VLAN.

Displays all entries in the bridge-forwarding database.

Displays multicast MAC or IP address table information.

Displays the estimated copper cable length attached to a port.

ports.

Displays SSH public keys stored on the Ethernet Switch Module.

Displays the SSL certificates of the Ethernet Switch Module.

specified interface.

for the specified interface.

and the cached list of host names and addresses.

Displays LACP information for a port-channel.

internal buffer.

logging file.

32 Command Modes

show management access-list Displays management access-lists.

show ports security Displays the port-lock status.

show ports storm-control Displays the storm control configuration.

show radius-servers Displays the RADIUS server settings.

show running-config Displays the contents of the currently running configuration file.

show snmp Displays the SNMP status.

show spanning-tree Displays spanning tree configuration.

show startup-config Displays the startup configuration file contents.

show syslog-servers Displays the syslog servers settings.

show tacacs Displays configuration and statistics for a TACACS+ servers.

show users accounts Displays information about the local user database.

test copper-port tdr Diagnoses with TDR (Time Domain Reflectometry) technology the

quality and characteristics of a copper cable attached to a port.

SP (SSH Public Key) Mode

Command Description

key-string Manually specifies a SSH public key.

user-key Specifies which SSH public key is manually configured and enters the

SSH public key-string configuration command.

UE (User EXEC) Mode

Command Description

clear counters Clears statistics on an interface.

enable Enters the privileged EXEC mode.

exit(EXEC) Closes an active terminal session by logging off the Ethernet Switch

Module.

ping Sends ICMP echo request packets to another node on the network.

show clock Displays the time and date from the system clock.

show gvrp configuration Displays GVRP configuration information.

show gvrp error-statistics Displays GVRP error statistics.

Command Modes 33

clear gvrp statistics Displays GVRP statistics.

show history Lists the commands entered in the current session.

show ip igmp snooping mrouter

show interfaces configuration Displays the configuration for all interfaces.

show interfaces counters Displays traffic seen by the physical interface.

show interfaces description Displays the description for all interfaces.

show interfaces port-channel Displays Port-channel information.

show interfaces status Displays the status for all interfaces.

show ip igmp snooping groups Displays multicast groups learned by IGMP snooping.

show ip igmp snooping interface

show ip igmp snooping mrouter

show line Displays line parameters.

show ports jumbo-frame Displays the jumbo frames configuration.

show ports monitor Displays the port monitoring status.

show privilege Displays the current privilege level.

show qos Displays the QoS status.

show qos interface Assigns CoS values to select one of the egress queues.

show qos map Displays all the maps for QoS.

show rmon alarm Displays alarm configurations.

show rmon alarm-table Displays the alarms summary table.

show rmon collection history Displays the requested history group configuration.

show rmon events Displays the RMON event table.

show rmon history Displays RMON Ethernet Statistics history.

show rmon log Displays the RMON logging table.

show rmon statistics Displays RMON Ethernet Statistics.

show system Displays system information.

show system id Displays the service id information.

show users Displays information about the active users.

show version Displays the system version information.

Enables automatic learning of multicast switch ports in the context of a specific VLAN.

Displays IGMP snooping configuration.

Displays information on dynamically learned multicast router interfaces.

34 Command Modes

VC (VLAN Configuration) Mode

Command Description

bridge address Adds a static MAC-layer station source address to the bridge table.

bridge multicast address Registers MAC-layer multicast addresses to the bridge table, and adds

static ports to the group.

bridge multicast forbidden address

bridge multicast forbidden forward-all

bridge multicast forward-all Enables forwarding of all multicast frames on a port.

ip igmp snooping Enables Internet Group Management Protocol (IGMP) snooping on a

ip igmp snooping host-timeout

ip igmp snooping leave-timeout

ip igmp snooping mroutertime-out

ip igmp snooping mrouter learn-pim-dvmrp

vlan Creates a VLAN.

vlan database Enters the VLAN database configuration mode.

dot1x auth-not-req Enables unauthorized users access to that VLAN

name Configures a name to a VLAN.

Forbids adding a specific multicast address to specific ports.

Enables forbidding forwarding of all multicast frames to a port.

specific VLAN.

Configures the host-time-out.

Configures the leave-time-out.

Configures the mrouter-time-out.

The ip igmp snooping mrouter Interface Configuration mode command enables automatic learning of multicast router ports in the context of a specific VLAN.

Command Modes 35

36 Command Modes

Using the CLI

This chapter describes how to start using the CLI and describes implemented command editing features to assist in using the CLI.

CLI Command Modes

Introduction

To assist in configuring Ethernet Switch Modules, the Command Line Interface (CLI) is divided into different command modes. Each command mode has its own set of specific commands. Entering a question mark "?" at the system prompt (console prompt) displays a list of commands available for that particular command mode.

From each mode a specific command is used to navigate from one command mode to another. The standard order to access the modes is as follows:

Configuration

command mode access path.

mode, and

Interface Configuration

User EXEC

mode. The following figure illustrates the

mode,

Privileged EXEC

mode,

Global

Using the CLI 37

When starting a session, the initial mode is the User EXEC mode. Only a limited subset of commands are available in User EXEC Mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required.

The Privileged mode gives access to commands that are restricted on EXEC mode and provides access to the Ethernet Switch Module Configuration mode.

The Global Configuration mode manages the Ethernet Switch Module configuration on a global level.

The Interface Configuration mode configures specific interfaces in the Ethernet Switch Module.

User EXEC Mode

After logging into the Ethernet Switch Module, the user is automatically in User EXEC command mode unless the user is defined as a privileged user. In general, the User EXEC commands allow the user to perform basic tests, and list system information.

The user-level prompt consists of the Ethernet Switch Module "host name" followed by the angle bracket (>).

console>

The default host name is "Console" unless it has been changed using the

hostname

command in

the Global Configuration mode.

Privileged EXEC Mode

Privileged access is password protected to prevent unauthorized use because many of the privileged commands set operating system parameters:. The password is not displayed on the screen and is case sensitive.

Privileged users enter directly into the Privileged EXEC mode. To enter the Privileged EXEC mode from the User EXEC mode, perform the following steps:

At the prompt, enter the command displayed.

Enter the password and press <Enter>. The password is displayed as "*". The Privileged EXEC mode prompt is displayed. The Privileged EXEC mode prompt consists of the device Ethernet Switch Module "host name" followed by "

console#

To return from Privileged Exec mode to User EXEC mode, type the command prompt.

enable

and press <Enter>. A password prompt is

disable

command at the

38 Using the CLI

The following example illustrates how to access Privileged Exec mode and return back to the User EXEC mode:

console>enable Enter Password: ****** console# console#disable console>

Exit

The to User EXEC mode from the Privileged EXEC mode. For example, the

command is used to return from any mode to the previous mode except when returning

Exit

command is used to

return from the Interface Configuration mode to the Global Configuration mode.

Global Configuration Mode

Global Configuration mode commands apply to features that affect the system as a whole, rather than just a specific interface. The Privileged EXEC mode command Global Configuration mode.

To enter the Global Configuration mode, perform the following steps:"

At the Privileged EXEC mode prompt, enter the command The Global Configuration mode prompt is displayed. The Global Configuration mode prompt consists of the Ethernet Switch Module "host name" followed by the word "(config)" and "

configure

is used to enter the

and press

<Enter>

console(config)#

To return from the Global Configuration mode to the Privileged EXEC mode, the user can use one of the following commands:

•exit

•end

•Ctrl+Z

The following example illustrates how to access Global Configuration mode and returns to the Privileged EXEC mode:

console# console#configure console(config)#exit console#

Using the CLI 39

Interface Configuration Mode and Specific Configuration Modes

Interface Configuration mode commands are used to modify specific interface operations. The following are the Interface Configuration modes:

•

Line Interface

include commands such as line timeout settings, etc. The Global Configuration mode command

•

VLAN Database

Configuration mode command Configuration mode.

•

Management Access List

Global Configuration mode command Management Access List Configuration mode.

•

Ethernet

mode command configure an Ethernet type interface.

•

Port Channel

ports to a port-channel. Most of these commands are the same as the commands in the Ethernet interface mode, and are used to manage the member ports as a single entity. The Global Configuration mode command Channel Interface Configuration mode.

•

SSH Public Key-chain

Module SSH public keys. The Global Configuration mode command

chain ssh

• QoS — Contains commands related to service definitions. The Global Configuration mode command qos is used to enter the QoS services configuration mode.

— Contains commands to configure the management connections. These

line

is used to enter the Line Configuration command mode.

— Contains commands to create a VLAN as a whole. The Global

vlan database

— Contains commands to define management access-lists. The

— Contains commands to manage port configuration. The Global Configuration

interface ethernet

— Contains commands to configure port-channels, for example, assigning

— Contains commands to manually specify other Ethernet Switch

is used to enter the SSH Public Key-chain Configuration mode.

is used to enter the Interface Configuration mode to

is used to enter the VLAN Database Interface

management access-list

interface port-channel

is used to enter the

is used to enter the Port

crypto key pubkey-

Starting the CLI

The Ethernet Switch Module can be managed over a direct connection to the Ethernet Switch Module console port or via a Telnet connection. The Ethernet Switch Module is managed by entering command keywords and parameters at the prompt. Using the Ethernet Switch Module command-line interface (CLI) is very similar to entering commands on a UNIX system.

If access is via a Telnet connection, ensure the Ethernet Switch Module has an IP address defined, corresponding management access is granted, and the workstation used to access the Ethernet Switch Module is connected to the Ethernet Switch Module prior to using CLI commands.

NOTE: The following steps are for use on the console line only.

To start using the CLI, perform the following steps:

Ensure the Ethernet Switch Module is installed in the Dell Modular Server Chassis, see

PowerConnect 5316M Ethernet Switch Module User’s Guide

40 Using the CLI

Dell

Connect the DB9 null-modem or cross over cable to the RS-232 serial port of the Dell Remote Access Controller / Modular Chassis (DRAC/MC) in the Dell Modular Server Chassis to the RS-232 serial port of the terminal or computer running the terminal emulation application.

NOTE: The default data rate of the DRAC/MC is 115200.

Set the data format to 8 data bits, 1 stop bit, and no parity.

Set Flow Control to

Under

Properties

Select

Term in a l k ey s for

Ter mi na l k ey s (not Windows keys

NOTICE: When using HyperTerminal with Microsoft® Windows 2000, ensure that Windows® 2000

Service Pack 2 or later is installed. With Windows 2000 Service Pack 2, the arrow keys function properly in HyperTerminal’s VT100 emulation. Go to www.microsoft.com for information on Windows 2000 service packs.

none

, select

VT100 for Emulation

mode.

Function, Arrow, and Ctrl keys

. Ensure that the setting is for

On the console monitor, the DRAC/MC application displays a login screen.

The DRAC/MC CLI command prompt "DRAC/MC:" is displayed.

For more information, see

If Dell Modular Server Chassis is off then power it on using the following DRAC/MC CLI

Dell Modular Server System User's Guide

command:

racadm chassisaction -m chassis powerup

NOTE: The Ethernet Switch Module inserted into the Chassis I/O bay is powered on automatically when

the Dell Modular Server Chassis is powered on. For further details on configuring the Dell Modular Server Chassis via the DRAC/MC CLI interface, please see the Dell Remote Access Controller / Modular Chassis User's Guide.

Power cycle the Ethernet Switch Module using the following DRAC/MC CLI command:

racadm chassisaction -m switch-N powercycle

where N is the Chassis I/O Module bay number in which the Ethernet Switch Module is inserted.

Redirect the DRAC/MC serial console to the Ethernet Switch Module internal serial console interface. This action is performed by entering the CLI command at the command prompt of the DRAC/MC CLI.

connect switch-N

where N is the Chassis I/O Module bay number in which the Ethernet Switch Module is inserted.

Using the CLI 41

NOTE: To switch back to the context of the DRAC/MC CLI command prompt press the following

sequence of keys: "<Enter>~."; that is, first press <Enter>, then press on tilde "~" (remember to depress the <Shift> key if the tilde character is located in the upper register of your keyboard) and then press period (dot) ".".

For further details on configuring and using the DRAC/MC see

/ Modular Chassis User's Guide

Dell Remote Access Controller

Once the Ethernet Switch Module is connected to the console, wait until the Ethernet Switch Module is fully booted. Observe the booting information being outputed to the terminal window and wait for the Ethernet Switch Module CLI command prompt "console>" to appear. Press <Enter> several times in order to ensure that the terminal connection is successfully established and the Ethernet Switch Module can be configured through the CLI command interface.

Make sure that the system LED on the Ethernet Switch Module is illuminated green and is not flashing, which indicates that the Ethernet Switch Module is operating properly.

If an error is displayed, or the green system LED is flashing, stop the installation process and contact Dell technical support.

Enter the following commands to begin the configuration procedure:

console> enable console# configure console(config)#

Configure the Ethernet Switch Module and enter the necessary commands to complete the required tasks.

When finished, exit the session with the

exit

command.

When a different user is required to log onto the system, in the Privileged EXEC mode command mode, the

command is entered. This effectively logs off the current user and logs on the new

user.

Editing Features

Entering Commands

A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command "

ethernet g11

interface type, and

To enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter: console(config)#

42 Using the CLI

show, interfaces

g11

specifies the port.

username

and

admin

status

are keywords,

password

smith

ethernet

show interfaces status

is an argument that specifies the

When working with the CLI, the command options are not displayed. The command is not selected from a menu, but is manually entered. To see what commands are available in each mode or within an interface configuration, the CLI does provide a method of displaying the available commands, the command syntax requirements and in some instances parameters required to complete the command. The standard command to request help is "

There are two instances where the help information can be displayed:

•

Keyword lookup

— The character ? is entered in place of a command. A list of all valid

commands and corresponding help messages are is displayed.

•

Partial keyword lookup

— If an A command is incomplete and or the character ? is entered in

place of a parameter. The matched keyword or parameters for this command are displayed.

To assist in using the CLI, there is an assortment of editing features. The following features are described:

• Terminal Command Buffer

• Command Completion

•Keyboard Shortcuts

Terminal Command Buffer

Every time a command is entered in the CLI, it is recorded on an internally managed Command History buffer. Commands stored in the buffer are maintained on a These commands can be recalled, reviewed, modified, and reissued. This buffer is not preserved across Ethernet Switch Module resets.

First In First Out (FIFO)

basis.

Keyword Description

Up-arrow key Ctrl+P

Down-arrow key Returns to more recent commands in the history buffer after recalling

Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall successively older commands.

commands with the up-arrow key. Repeating the key sequence will recall successively more recent commands.

By default, the history buffer system is enabled, but it can be disabled at any time. For information about the command syntax to enable or disable the history buffer, see

history

There is a standard default number of commands that are stored in the buffer. The standard number of 10 commands can be increased to 216. By configuring 0, the effect is the same as disabling the history buffer system. For information about the command syntax for configuring the command history buffer, see

To display the history buffer, see

history size

show history

Using the CLI 43

Negating the Effect of Commands

For many configuration commands, the prefix keyword "no" can be entered to cancel the effect of a command or reset the configuration to the default value. This guide describes the negation effect for all applicable commands.

Command Completion

If the command entered is incomplete, invalid or has missing or invalid parameters, then the appropriate error message is displayed. This assists in entering the correct command. By pressing the <

Ta b

> button, an incomplete command is entered. If the characters already entered are not

enough for the system to identify a single matching command, press "

" to display the available

commands matching the characters already entered.

Keyboard Shortcuts

The CLI has a range of keyboard shortcuts to assist in editing the CLI commands. The following table describes the CLI shortcuts.

Keyboard Key Description

Up-arrow key Recalls commands from the history buffer, beginning with the most recent

command. Repeat the key sequence to recall successively older commands.

Down-arrow key Returns the most recent commands from the history buffer after recalling

commands with the up arrow key. Repeating the key sequence will recall successively more recent commands.

Ctrl+A Moves the cursor to the beginning of the command line.

Ctrl+E Moves the cursor to the end of the command line.

Ctrl+Z / End Returns back to the Privileged EXEC mode from any mode.

Backspace key Deletes one character left to the cursor position.

CLI Command Conventions

When entering commands, there are certain command entry standards that apply to all commands. The following table describes the command conventions.

Convention Description

[ ] In a command line, square brackets indicates an optional entry.

{ } In a command line, curly brackets indicate a selection of compulsory

Italic font

44 Using the CLI

parameters separated by the | character. One option must be selected. For example: command either

flowcontrol {auto|on|off}

auto, on

off

must be selected.

means that for the

flowcontrol

Indicates a parameter.

<Enter>

Any individual key on the keyboard. For example press <Enter>.

Ctrl+F4 Any combination keys pressed simultaneously on the keyboard.

Screen

Indicates system messages and prompts appearing on the console.

Display

all

When a parameter is required to define a range of ports or parameters and all is an option, the default for the command is all when no parameters are defined. For example, the command interface range port-

channel has the option of either entering a range of channels, or selecting all. When the command is entered without a parameter, it automatically defaults to all.

Using the CLI 45

46 Using the CLI

AAA Commands

aaa authentication login

The

aaa authentication login

To return to the default configuration, use the

Syntax

aaa authentication login {default | list-name} method1 [method2

Global Configuration mode commands define login authentication.

form of this command.

...]

no aaa authentication login {default | list-name

•

default

— Uses the listed authentication methods that follow this argument as the

default list of methods when a user logs in.

•

list-name

when a user logs in.

•

method1 [method2

Keyword Description

enable Uses the enable password for authentication.

line Uses the line password for authentication.

local Uses the local username database for authentication.

none Uses no authentication.

radius Uses the list of all RADIUS servers for authentication.

tacacs Uses the list of all TACACS+ servers for authentication.

Default Configuration

The local user database is checked. This has the same effect as the command

authentication login list-name local

NOTE: On the console, login succeeds without any authentication check if the authentication method is

not defined.

Command Mode

Global Configuration mode

— Character string used to name the list of authentication methods activated

...] — Specify at least one from the following table:

}

aaa

User Guidelines

• The default and optional list names created with the used with the

command.

aaa authentication login

command are

AAA Commands 47

• Create a list by entering the particular protocol, where

aaa authentication login

list-name

is any character string used to name this list. The

list-name method

command for a

method

argument identifies the list of methods that the authentication algorithm tries, in the given sequence.

• The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify

Example

none

as the final method in the command line.

The following example configures authentication login.

console(config)# aaa authentication login default radius local enable none

aaa authentication enable

The

aaa authentication enable

method lists for accessing higher privilege levels. To return to the default configuration use the form of this command.

Syntax

aaa authentication enable {default | list-name} method1 [method2

no aaa authentication enable default

Global Configuration mode command defines authentication

...]

•

default

default list of methods, when using higher privilege levels.

•

list-name

methods activated, when using access higher privilege levels.

•

method1 [method2

Keyword Description

enable Uses the enable password for authentication.

line Uses the line password for authentication.

none Uses no authentication.

radius Uses the list of all RADIUS servers for authentication. Uses username

tacacs Uses the list of all TACACS+ servers for authentication. Uses

48 AAA Commands

— Uses the listed authentication methods that follow this argument as the

— Character string, up to 12 characters, used to name the list of authentication

...] — Specify at least one from the following table:

"$enabx$." where x is the privilege level.

username "$enabx$." where x is the privilege level.

Default Configuration

If the

default

the command

list is not set, only the enable password is checked. This has the same effect as

aaa authentication enable default enable

On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has the same effect as using the command

enable none

Command Mode

aaa authentication enable default

Global Configuration mode

User Guidelines

• The default and optional list names created with the used with the

• Create a list by entering the

list-name

enable authentication

command.

aaa authentication enable

is any character string used to name this list. The

aaa authentication enable

list-name method

method

command where

argument identifies the

command are

list of methods that the authentication algorithm tries, in the given sequence.

•All

aaa authentication enable default

none

as the final method in the command line.

requests sent by the Ethernet Switch Module to a

RADIUS or TACACS+ server include the username "$enab15$".

Example

The following example sets authentication when accessing higher privilege levels.

console(config)# aaa authentication enable default enable

login authentication

The

method list for a remote telnet, SSH or console. To return to the default specified by the authentication login command, use the

Syntax

no login authentication

•

default

— Uses the default list created with the

•

list-name

Line Configuration mode command specifies the login authentication

form of this command.

list-name

}

authentication login

— Uses the indicated list created with the

command.

authentication login

command.

AAA Commands 49

Default Configuration

Uses the default set with the command

Command Mode

authentication login

Line Configuration mode

User Guidelines

• Changing login authentication from default to another value may disconnect the telnet session.

Example

The following example specifies the default authentication method for a console.

console(config)# line console console(config-line)# login authentication default

enable authentication

The

enable authentication

method list when accessing a higher privilege level from a remote telnet, SSH or console. To return to the default specified by the

Syntax

enable authentication {default

Line Configuration mode command specifies the authentication

enable authentication

list-name

command, use the no form of this command.

}

no enable authentication

•

default

•

list-name

Default Configuration

Uses the default set with the command

Command Mode

Line Configuration mode

User Guidelines

There are no user guidelines for this command.

Example

The following example specifies the default authentication method when accessing a higher privilege level from a console.

50 AAA Commands

— Uses the default list created with the

— Uses the indicated list created with the

authentication enable

command.

console(config)# line console console(config-line)# enable authentication default

ip http authentication

The

ip http authentication

methods for http. To return to the default, use the

Syntax

ip http authentication

no ip http authentication

•

method1 [method2

Keyword Description

local Uses the local username database for authentication.

none Uses no authentication.

radius Uses the list of all RADIUS servers for authentication.

tacacs Uses the list of all TACACS+ servers for authentication.

Default Configuration

The local user database is checked. This has the same effect as the command

authentication local

Global Configuration mode command specifies authentication

form of this command.

method1 [method2

...]

...] — Specify at least one from the following table:

ip http

Command Mode

Global Configuration mode

User Guidelines

Example

none

as the final method in the command line.

The following example configures the http authentication.

console(config)# ip http authentication radius local

ip https authentication

The

ip https authentication

methods for https servers. To return to the default, use the

Global Configuration mode command specifies authentication

form of this command.

AAA Commands 51

Syntax

ip https authentication

method1 [method2

...]

no ip https authentication

•

method1 [method2

Keyword Source or destination

local Uses the local username database for authentication.

none Uses no authentication.

radius Uses the list of all RADIUS servers for authentication.

tacacs Uses the list of all TACACS+ servers for authentication.

Default Configuration

The local user database is checked. This has the same effect as the command

authentication local

Command Mode

...] — Specify at least one from the following table:

ip https

Global Configuration mode

User Guidelines

none

as the final method in the command line.

Example

The following example configures https authentication.

console(config)# ip https authentication radius local

show authentication methods

The

authentication methods

authentication methods.

Syntax

show authentication methods

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

52 AAA Commands

Privileged EXEC mode command displays information about the

User Guidelines

There are no user guidelines for this command.

Example

The following example displays the authentication configuration.

console# show authentication methods Login Authentication Method Lists

--------------------- -------------Console_Default: None Network_Default: Local

Enable Authentication Method Lists

---------------------- ------------Console_Default: Enable None Network_Default: Enable

Line Login Method List Enable Method List

-------------- ----------------- -----------------Console Default Default Telnet Default Default SSH Default Default

http: Tacacs Local https: Tacacs Local

dot1x:

password

The

password

password, use the

Syntax

password

no password

•

Line Configuration mode command specifies a password on a line. To remove the

form of this command.

password [encrypted

password

— Password for this level, from 1 to 159 characters in length.

]

AAA Commands 53

•

encrypted

— Encrypted password to be entered, copied from another Ethernet Switch

Module configuration.

Default Configuration

No password is defined.

Command Mode

Line Configuration mode

User Guidelines

There are no user guidelines for this command.

Example

The following example specifies a password "secret" on a line.

console(config-line)# password secret

enable password

The

enable password

to user and privilege levels. To remove the password requirement, use the command.

Syntax

enable password [level

Global Configuration mode command sets a local password to control access

level] password [encrypted

]

form of this

no enable password [level

•

password

•

level

15).

•

encrypted

configuration.

Default Configuration

No enable password is defined.

Command Mode

Global Configuration mode

User Guidelines

There are no user guidelines for this command.

54 AAA Commands

level

]

— Password for this level, from 1 to 159 characters in length.

— Level for which the password applies. If not specified the level is 15 (Range: 1-

— Encrypted password entered, copied from another Ethernet Switch Module

Example

The following example sets a local level 15 password "secret" to control access to user and privilege levels.

console(config)# enable password level 15 secret

username

The

username

To remove a user name, use the

Syntax

username

Global Configuration mode command creates a user account in the local database.

form of this command.

name [password password

] [

level level

] [

encrypted

]

no username

•

name

•

password

•

level

•

encrypted

name

— The name of the user. (Range: 1 - 20 characters)

— The authentication password for the user. (Range: 1 - 159 characters).

— The user level (Range: 1 - 15).

— Encrypted password entered, copied from another Ethernet Switch Module

configuration.

Default Configuration

No user is defined.

Command Mode

Global Configuration mode

User Guidelines

• User account can be created without a password.

Example

The following example configures user "bob" with the password "lee" and user level 15 to the system.

console(config)# username bob password lee level 15

show users accounts

The

show users accounts

user database.

Privileged EXEC mode command displays information about the local

AAA Commands 55

Syntax

show users accounts

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

The following example displays the local users configured with access to the system.

console# show users accounts

Username Privilege

-------- --------Bob 15 Robert 15

56 AAA Commands

Address Table Commands

NOTE: Some of the commands included in this group may have implications on internal ports.

bridge address

The

bridge address

station source address to the bridge table. To delete the MAC address, use the

bridge address

deletes all static MAC addresses belonging to this VLAN).

Syntax

bridge address

{

ethernet interface | port-channel

Interface Configuration (VLAN) mode command adds a static MAC-layer

command (using the no form of the command without specifying a MAC address

mac-address [permanent

delete-on-reset

port-channel-number

delete-on-timeout

}

form of the

secure

]

no bridge address [mac-address

•

mac-address

•

interface —

•

port-channel-number —

•

permanent —

•

delete-on-reset

•

delete-on-timeout —

•

secure security

mode.

Default Configuration

No static addresses are defined. The default mode for an added address is

Command Mode

Interface Configuration (VLAN) mode

User Guidelines

There are no user guidelines for this command.

Example

The following example adds a permanent static MAC-layer station source address 3aa2.64b3.a245 on port g16 to the bridge table.

— A valid MAC address in the format of xx:xx:xx:xx:xx:xx.

A valid Ethernet port.

The address can only be deleted by the

— The address is deleted after reset.

— The address is deleted after the port changes mode to unlock learning (

command). This parameter is only available when the port is in learning locked

]

A valid port-channel number.

no bridge address

The address is deleted after "age out" time has expired.

command.

permanent

no port

Address Table Commands 57

console(config)# interface vlan 2 console(config-if)# bridge address 3a:a2:64:b3:a2:45 ethernet

g16 permanent

bridge multicast filtering

The

bridge multicast filtering

addresses. To disable filtering of multicast addresses, use the

filtering

Syntax

command.

bridge multicast filtering

no bridge multicast filtering

Default Configuration

Filtering of multicast addresses is disabled. All multicast addresses are flooded to all ports.

Command Mode

Global Configuration mode

User Guidelines

• If multicast routers exist on the VLAN, do not change the unregistered multicast addresses state to drop on the multicast router ports.

• If multicast routers exist on the VLAN and IGMP-snooping is not enabled, the

multicast forward-all

the multicast routers.

Global Configuration mode command enables filtering of multicast

form of the

bridge multicast

bridge

command should be used to enable forwarding all multicast packets to

Example

In this example, bridge multicast filtering is enabled.

console(config)# bridge multicast filtering

bridge multicast address

The

bridge multicast address

layer multicast addresses to the bridge table, and adds static ports to the group. To unregister the MAC address, use the

Syntax

bridge multicast address {mac-multicast-address | ip-multicast-address

58 Address Table Commands

Interface Configuration (VLAN) mode command registers MAC-

form of the

bridge multicast address

command.

}

bridge multicast address {mac-multicast-address | ip-multicast-address} [add | remove]

{

ethernet interface-list | port-channel

port-channel-number-list

}

no bridge multicast address {mac-multicast-address | ip-multicast-address

•

add

— Adds ports to the group. If no option is specified, this is the default option.

•

remove

— Removes ports from the group.

•

mac-multicast-address

•

ip- multicast-address

•

interface-list

— Separate non-consecutive Ethernet ports with a comma and no spaces; a

— MAC multicast address in the format of xx:xx:xx:xx:xx:xx.

— IP multicast address.

hyphen is used to designate a range of ports.

•

port-channel-number-list

— Separate non-consecutive port-channels with a comma and

no spaces; a hyphen is used to designate a range of ports.

Default Configuration

No multicast addresses are defined.

Command Mode

Interface configuration (VLAN) mode

User Guidelines

• If the command is executed without

add

remove

, the command only registers the group in

the bridge database.

• Static multicast addresses can only be defined on static VLANs.

Examples

The following example registers the MAC address:

}

console(config)# interface vlan 8 console(config-if)# bridge multicast address 01:00:5e:02:02:03

The following example registers the MAC address and adds ports statically.

console(config)# interface vlan 8 console(config-if)# bridge multicast address 01:00:5e:02:02:03

add ethernet g11-14

Address Table Commands 59

bridge multicast forbidden address

The

bridge multicast forbidden address

adding a specific multicast address to specific ports. Use the default.

Syntax

bridge multicast forbidden address {mac-multicast-address | ip-multicast-address remove

} {

ethernet interface-list | port-channel

Interface Configuration (VLAN) mode command forbids

form of this command to return to

port-channel-number-list

} {

add

}

no bridge multicast forbidden address {mac-multicast-address | ip-multicast-address

•

add

— Adds ports to the group.

•

remove

— Removes ports from the group.

•

mac-multicast-address

•

ip- multicast-address

•

interface-list —

— MAC multicast address in the format of xx:xx:xx:xx:xx:xx.

— IP multicast address in the format of xxx.xxx.xxx.xxx.

Separate non-consecutive valid Ethernet ports with a comma and no

}

spaces; hyphen is used to designate a range of ports.

•

port-channel-number-list —

Separate non-consecutive valid port-channels with a comma

and no spaces; a hyphen is used to designate a range of port-channels.

Default Configuration

No forbidden addresses are defined.

Command Modes

Interface Configuration (VLAN) mode

User Guidelines

• Before defining forbidden ports, the multicast group should be registered.

Examples

In this example, the MAC address 01:00:5e:02:02:03 is forbidden on port g16 within VLAN 8.

console(config)# interface vlan 8 console(config-if)# bridge multicast address 01:00:5e:02:02:03 console(config-if)# bridge multicast forbidden address

01:00:5e:02:02:03 add ethernet g16

60 Address Table Commands

bridge multicast forward-all

The

bridge multicast forward-all

forwarding of all multicast packets on a port. To restore the default, use the

multicast forward-all

Syntax

command.

bridge multicast forward-all {add | remove} {ethernet interface-list | port-channel

channel-number-list

}

no bridge multicast forward-all

•

add

— Adds ports to the group.

•

remove

— Removes ports from the group.

•

interface-list

— Separate non-consecutive valid Ethernet ports with a comma and no

spaces; a hyphen is used to designate a range of ports.

•

port-channel-number-list

and no spaces; a hyphen is used to designate a range of port-channels.

Default Configuration

Forward-all is not defined on any interface.

Command Mode

Interface Configuration (VLAN) mode

Interface Configuration (VLAN) mode command enables

— Separate non-consecutive valid port-channels with a comma

form of the

bridge

port-

User Guidelines

There are no user guidelines for this command.

Example

In this example all multicast packets are forwarded to port g16.

console(config)# interface vlan 2 console(config-if)# bridge multicast forward-all add ethernet

g16

bridge multicast forbidden forward-all

The

bridge multicast forbidden forward-all

forbids a port to be a forward-all-multicast port. To restore the default, use the

bridge multicast forward-all

command.

Interface Configuration (VLAN) mode command

form of the

Address Table Commands 61

Syntax

bridge multicast forbidden forward-all {add | remove} {ethernet interface-list | portchannel

port-channel-number-list

}

no bridge multicast forward-all

•

add

— Forbids forwarding all multicast packets.

•

remove

— Does not forbid forwarding all multicast packets.

•

interface-list

— Separates non-consecutive valid Ethernet ports with a comma and no

spaces; a hyphen is used to designate a range of ports.

•

port-channel-number-list

— Separates non-consecutive valid port-channels with a comma

and no spaces; a hyphen is used to designate a range of port-channels.

Default Configuration

By default, this setting is disabled (forwarding to the port is not forbidden).

Command Mode

Interface Configuration (VLAN) mode

User Guidelines

• IGMP snooping dynamically discovers multicast router ports. When a multicast router port is discovered, all the multicast packets are forwarded to it unconditionally.

• This command prevents a port to be a multicast router port.

Example

In this example, forwarding all multicast packets to g16 are forbidden.

console(config)# interface vlan 2 console(config-if)# bridge multicast forbidden forward-all add

ethernet g16

bridge aging-time

The

bridge aging-time

restore the default, use the

Syntax

bridge aging-time

no bridge aging-time

•

seconds

— Time in seconds. (Range: 10 - 360 seconds)

62 Address Table Commands

Global Configuration mode command sets the address table aging time. To

form of the

bridge aging-time

command.

seconds

Default Configuration

300 seconds

Command Mode

Global Configuration mode

User Guidelines

There are no user guidelines for this command.

Example

In this example the bridge aging time is set to 250.

console(config)# bridge aging-time 250

clear bridge

The

clear bridge

forwarding database.

Syntax

clear bridge

• This command has no keywords or arguments.

Default Configuration

This command has no default configuration.

Privileged EXEC mode command removes any learned entries from the

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

In this example, the bridge tables are cleared.

console# clear bridge

port security

The

port security

By locking the port, unknown traffic can be blocked and new addresses are not learned on the port. To enable new address learning, use the

Interface Configuration (Ethernet, port-channel) mode command locks the port.

form of the

port security

command.

Address Table Commands 63

Syntax

port security [forward

discard | discard-shutdown

] [

trap

seconds

]

no port security

•

forward

— Forwards frames with unlearned source addresses, but does not learn the

address.

•

discard

— Discards frames with unlearned source addresses. This is the default if no

option is indicated.

•

discard-shutdown

— Discards frames with unlearned source addresses. The port is also

shut down.

•

seconds

— Sends SNMP traps and defines the minimal amount of time in seconds

between two consecutive traps. (Range: 1 - 1000000)

Default Configuration

Disabled - No port security

Command Mode

Interface Configuration (Ethernet, port-channel) mode

User Guidelines

• Multiple hosts must be enabled see "dot1x multiple-hosts".

Example

In this example, the port g12 is locked for learning, but continues to forward all packets received, with traps being sent every 100 seconds if a packet with an unkown source address is received.

console(config)# interface ethernet g12 console(config-if)# port security forward trap 100

port security routed secure-address

The

port security routed secure-address

command adds MAC-layer secure addresses to a routed port. Use the delete the MAC addresses.

Syntax

port security routed secure-address

no port security routed secure-address

•

mac-address

64 Address Table Commands

Interface Configuration (Ethernet, port-channel) mode

form of this command to

mac-address

— Specify a MAC address in the format of xx:xx:xx:xx:xx:xx.

Default Configuration

No addresses are defined.

Command Mode

Interface configuration (Ethernet, port-channel) mode. Cannot be configured for a range of interfaces (range context).

User Guidelines

• The command enables adding secure MAC addresses to a routed port in port security mode. The command is available when the port is a routed port and in port security mode. The address is deleted if the port exits the security mode or is not a routed port.

Example

In this example, the MAC-layer address 66:66:66:66:66:66 is added to port g13.

console(config)# interface ethernet g13 console(config-if)# port security routed secure-address

66:66:66:66:66:66

show bridge address-table

The

show bridge address-table

forwarding database.

Privileged EXEC mode command displays all entries in the bridge-

Syntax

show bridge address-table [vlan

number

]

•

vlan

— Specific valid VLAN, such as VLAN 1.

•

interface —

•

port-channel-number

Default Configuration

A valid Ethernet port

— A valid port-channel number.

vlan

] [

ethernet interface |

port-channel

port-channel-

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

• Internal usage VLANs (VLANs that are automatically allocated on routed ports) would be presented in the VLAN column by a port number and not by a VLAN ID.

Address Table Commands 65

Example

In this example, all classes of entries in the bridge-forwarding database are displayed.

console# show bridge address-table

Aging time is 300 sec

Vlan Mac address Port Type

---- ----------- ---- ---1 00:60:70:4C:73:FF g11 dynamic 1 00:60:70:8C:73:FF g12 dynamic 200 00:10:0D:48:37:FF g13 static 8 00:10:0D:48:37:FF g14 dynamic

show bridge address-table static

The

show bridge address-table static

entries in the bridge-forwarding database.

Syntax

show bridge address-table static [vlan

number

]

Privileged EXEC mode command displays statically created

vlan

] [

ethernet interface | port-channel

port-channel-

•

vlan

— Specific valid VLAN, such as VLAN 1.

•

interface —

•

port-channel-number

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

In this example, all static entries in the bridge-forwarding database are displayed.

66 Address Table Commands

A valid Ethernet port

— A valid port-channel number.

console# show bridge address-table static

Aging time is 300 sec

vlan mac address port type

---- ----------- ---- ---1 00:60:70:4C:73:FF g16 permanent 1 00:60:70:8C:73:FF g16 delete-on-timeout 200 00:10:0D:48:37:FF g16 delete-on-reset

show bridge address-table count

The

show bridge address-table count

addresses present in the Forwarding Database.

Syntax

show bridge address-table count [vlan vlan

channel-number

•

vlan

•

interface —

•

port-channel-number

]

— Specific VLAN.

A valid Ethernet port

Privileged EXEC mode command displays the number of

][

ethernet interface-number

— A valid port-channel number.

port-channel port-

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

• This command displays the count of addresses for one of the VLANs, for all VLANs or for a specific port.

Example

In this example, the number of addresses present in all VLANs are displayed.

Address Table Commands 67

console# show bridge address-table count

Capacity: 8192 Free: 8084 Used: 108 Secure addresses: 0 Static addresses: 2 Dynamic addresses: 97 Internal addresses: 9

show bridge multicast address-table

The

show bridge multicast address-table

MAC address or IP table information.

Syntax

show bridge multicast address-table [vlan

multicast-address

•

vlan-id

•

mac-multicast-address

•

ip-multicast-address —

•

format

default is

] [

format ip

— A VLAN ID value.

— A MAC multicast address in the format of xx:xx:xx:xx:xx:xx.

An IP multicast address in the format of xxx.xxx.xxx.xxx..

—

Multicast address format. Can be ip or

mac

Privileged EXEC mode command displays multicast

vlan-id] [address

mac

]

mac-multicast-address | ip-

mac

. If format is unspecified, the

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

• A MAC address can be displayed in IP format only if it is in the range of 0100.5e00.0000-

0100.5e7f.ffff.

Example

In this example, multicast MAC address table information is displayed.

68 Address Table Commands

console# show bridge multicast address-table

Vlan MAC Address Type

---- ----------- ----1 01:00:5e:02:02:03 static 19 01:00:5e:02:02:08 static 19 01:00:5e:02:02:08 dynamic

Ports

---------g11, g12 g13-14 g15-16

Forbidden ports for multicast addresses:

Vlan MAC Address Ports

---- ----------- ---------1 01:00:5e:02:02:03 g11 19 01:00:5e:02:02:08 g12

console# show bridge multicast address-table format ip

Vlan IP Address Type

---- ----------- ----1 224-239.130|2.2.3 static 19 224-239.130|2.2.8 static 19 224-239.130|2.2.8 dynamic

Ports

---------g11,g12 g13-14 g15-16

Forbidden ports for multicast addresses:

Vlan IP Address Ports

---- ----------- ---------1 224-239.130|2.2.3 g16 19 224-239.130|2.2.8 g16

NOTE: A multicast MAC address maps to multiple IP addresses, as shown above.

Address Table Commands 69

show bridge multicast filtering

The

show bridge multicast filtering

filtering configuration.

Syntax

show bridge multicast filtering vlan-id

•

vlan-id —

Default Configuration

A valid VLAN ID value.

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

In this example, the multicast configuration for VLAN 1 is displayed.

console# show bridge multicast filtering 1 Filtering: Enabled VLAN: 1

Privileged EXEC mode command displays the multicast

Port Static Status

------- ----------------- ----------g11 Forbidden Filter g12 Forward Forward(s) g13 - Forward(d)

show ports security

The

show ports security

Syntax

show ports security [ethernet interface | port-channel

•

interface

•

port-channel-number —

70 Address Table Commands

— A valid Ethernet port

Privileged EXEC mode command displays the port-lock status.

port-channel-number

]

A valid port-channel number

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

• If no parameters are entered, all entries are displayed.

• The extra columns in the displayed port-lock status are as follows:

–

Example

Frequency

Counter

— Minimum time in seconds between consecutive traps

— Number of actions since last trap

In this example, all classes of entries in the port-lock status are displayed.

console# show ports security

Port Status Action Trap Frequency Counter

----- ------- ------- ------- --------- -------g11 Locked Discard Enable 100 88 g12 Unlocked - - - g13 Locked Discard,

Disable - -

Shutdown

Address Table Commands 71

72 Address Table Commands

Clock

clock set

The

clock set

Syntax

clock set

clock set hh:mm:ss month day year

•

Default Configuration

The default time set is 0:0:0 Jan 1 2000 or xxxxx Month Day Year.

Privileged EXEC mode command manually sets the system clock.

hh:mm:ss day month year

hh:mm:ss

mm: 0 - 59, ss: 0 - 59

day

month

year

— Current time in hours (military format), minutes, and seconds (hh: 0 - 23,

— Current day (by date) in the month (1 - 31)

— Current month using the first three letters by name (Jan, …, Dec).

— Current year (2000 - 2097).

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

The following example sets the system time to 13:32:00 on the 7th March 2002.

console# clock set 13:32:00 7 Mar 2002

clock source

The

clock source

system clock. Use

Syntax

clock source {sntp

no clock source

•

Global Configuration mode command configures an external time source for the

form of this command to disable external time source.

}

sntp

— SNTP servers

Clock 73

Default Configuration

No external clock source

Command Mode

Global Configuration mode

User Guidelines

There are no user guidelines for this command.

Examples

The following example configures an external time source for the system clock.

console(config)# clock source sntp

clock timezone

The

clock timezone

To set the time to Coordinated Universal Time (UTC), use the

Syntax

clock timezone hours-offset [minutes minutes-offset

no clock timezone

•

hours-offset —

•

minutes-offset —

•

acronym —

Global Configuration mode command sets the time zone for display purposes.

form of this command.

] [

zone acronym

Hours difference from UTC. (Range: -12

Minutes difference from UTC. (Range: 0 – 59)

The acronym of the time zone. (Range: Up to 4 characters)

]

– +

13)

Default Configuration

Command Mode

User Guidelines

Examples

The following example sets the timezone to 6 hours difference from UTC.

74 Clock

Clock set to UTC.

Global Configuration mode

• The system internally keeps time in UTC, so this command is used only for display purposes and when the time is manually set.

console(config)

# clock timezone -6 zone CST

clock summer-time

The

clock summer-time

automatically switch to summer time (daylight saving time). To configure the software not to automatically switch to summer time, use the

Syntax

clock summer-time recurring {usa

[

offset

Global Configuration mode command configures the system to

form of this command.

] [

zone acronym

| eu | {

]

week day month hh:mm week day month hh:mm

}}

clock summer-time date date month year hh:mm date month year hh:mm [offset offset

acronym

clock summer-time date month date year hh:mm month date year hh:mm [offset

acronym

]

offset

]

no clock summer-time recurring

•

recurring

— Indicates that summer time should start and end on the corresponding

specified days every year.

•

date

— Indicates that summer time should start on the first specific date listed in the

command and end on the second specific date in the command.

•

usa

— The summer time rules are the United States rules.

•

— The summer time rules are the European Union rules.

•

week —

day —

date —

month —

year —

hh:mm —

offset —

acronym

Week of the month. (Range: 1 - 5,

Day of the week (Range: first three letters by name, like

first, last

)

sun

)

Date of the month (Range:1 - 31)

Month (Range: first three letters by name, like Jan)

year - no abbreviation (Range: 2000 - 2097)

Time in military format, in hours and minutes (Range: hh: 0 - 23, mm:0 - 59)

Number of minutes to add during summer time (Range: 1 - 1440).

— The acronym of the time zone to be displayed when summer time is in effect.

If unspecified default to the timezone acronym. (Range: Up to 4 characters)

] [

zone

Default Configuration

Summer time is disabled.

offset —

acronym

Default is 60 minutes.

— If unspecified default to the timezone acronym.

If the timezone has not been defined, the default will be UTC.

Clock 75

Command Mode

Global Configuration mode

User Guidelines

• In both the

date

and

recurring

forms of the command, the first part of the command specifies when summer time begins, and the second part specifies when it ends. All times are relative to the local time zone. The start time is relative to standard time. The end time is relative to summer time. If the starting month is chronologically after the ending month, the system assumes that you are in the southern hemisphere.

• USA rule for daylight saving time:

• Start: First Sunday in April

• End: Last Sunday in October

• Time: 2 am local time

• EU rule for daylight saving time:

• Start: Last Sunday in March

• End: Last Sunday in October

• Time: 1 am (01:00)

• The following steps must be completed before setting the summer clock:

Configure the summer time.

Define the timezone.

Set the clock. For example:

console(config)# clock summer-time recurring usa

Examples

The following example sets summer time starting on the first Sunday in April at 2 am and finishing on the last Sunday in October at 2 am.

sntp authentication-key

The for Simple Network Time Protocol (SNTP). To remove the authentication key for SNTP, use the form of this command.

76 Clock

console(config)# clock timezone 2 zone TMZ2 console(config)# clock set 10:00:00 apr 15 2004

console(config)# clock summer-time recurring first sun apr 2:00 last sun oct 2:00

sntp authentication-key

Global Configuration mode command defines an authentication key

Syntax

sntp authentication-key

no sntp authentication-key

•

number —

•

value —

Default Configuration

number

md5 value

number

Key number (Range: 1 - 4294967295)

Key value (Range: 1-8 characters)

No authentication key is defined.

Command Mode

Global Configuration mode

User Guidelines

• Multiple keys can be generated.

Examples

The following example defines the authentication key for SNTP.

console(config)# sntp authentication-key 8 md5 ClkKey

sntp authenticate

The

sntp authenticate

Network Time Protocol (NTP) traffic from servers. To disable the feature, use the command.

Global Configuration mode command grants authentication for received

form of this

Syntax

sntp authenticate

no sntp authenticate

Default Configuration

No authentication

Command Mode

Global Configuration mode

User Guidelines

• The command is relevant for both unicast and broadcast.

Clock 77

Examples

The following example defines the authentication key for SNTP and grants authentication.

console(config)# sntp authentication-key 8 md5 ClkKey console(config)# sntp trusted-key 8 console(config)# sntp authenticate

sntp trusted-key

The

sntp trusted-key

to which Simple Network Time Protocol (SNTP) will synchronize. To disable authentication of the identity of the system, use the

Syntax

sntp trusted-key

Global Configuration mode command authenticates the identity of a system

form of this command.

key-number

no sntp trusted-key

•

key-number —

Default Configuration

key-number

Key number of authentication key to be trusted. (Range: 1 - 4294967295)

No keys are trusted.

Command Mode

Global Configuration mode

User Guidelines

• The command is relevant for both received unicast and broadcast.

• If there is at least 1 trusted key, then unauthenticated messages will be ignored.

Examples

The following example authenticates key 8.

console(config)# sntp authentication-key 8 md5 ClkKey console(config)# sntp trusted-key 8

sntp client poll timer

The

sntp client poll timer

Simple Network Time Protocol (SNTP) client. To return to default, use the command.

Global Configuration mode command sets the polling time for the

form of this

78 Clock

Syntax

sntp client poll timer

seconds

no sntp client poll timer

•

seconds —

Default Configuration

Polling interval in seconds (Range: 60-86400)

Polling interval is 1024 seconds.

Command Mode

Global Configuration mode

User Guidelines

There are no user guidelines for this command.

Examples

The following example sets the polling time for the Simple Network Time Protocol (SNTP) client to 120 seconds.

console(config)# sntp client poll timer 120

sntp broadcast client enable

The

sntp broadcast client enable

Network Time Protocol (SNTP) broadcast clients. To disable the SNTP broadcast clients, use the

form of this command.

Global Configuration mode command enables the Simple

Syntax

sntp broadcast client enable

no sntp broadcast client enable

Default Configuration

Client is disabled.

Command Mode

Global Configuration mode

User Guidelines

•Use the

sntp client enable

Interface Configuration mode command to enable the SNTP

client on a specific interface.

• The port must have an IP interface already configured.

Clock 79

Examples

The following example enables the SNTP broadcast clients.

console(config)# sntp broadcast client enable

sntp anycast client enable

The

sntp anycast client enable

disable the anycast client, use the

Syntax

sntp anycast client enable

no sntp anycast client enable

Default Configuration

Client is disabled.

Command Mode

Global Configuration mode

User Guidelines

Global Configuration mode command enables anycast client. To

form of this command.

Examples

The following example enables anycast clients.

sntp client enable (interface)

The enables the Simple Network Time Protocol (SNTP) client on an interface. This applies to both receive broadcast and anycast updates. To disable the SNTP client, use the command.

Syntax

80 Clock

• Polling time is determined by the

sntp client poll timer

Global Configuration mode

command.

•Use the

sntp client enable

Interface Configuration mode command to enable the SNTP

client on a specific interface.

• The port must have an IP interface already configured.

console(config)# sntp anycast client enable

sntp client enable

Interface Configuration (Ethernet, port-channel, VLAN) mode command

sntp client enable

no sntp client enable

form of this

Dell PowerConnect 5316M Quick Reference Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

Command Groups

Introduction

Command Groups

AAA Commands

Address Table Commands

Clock Commands

Configuration and Image Files Commands

Ethernet Configuration Commands

GVRP Commands

IGMP Snooping Commands

IP Addressing

LACP Commands

Line Commands

LLDP Commands

Management ACL Commands

PHY Diagnostics Commands

Port Channel Commands

Port Monitor Commands

QoS Commands

Radius Commands

RMON Commands

SNMP Commands

Spanning Tree Commands

SSH Commands

Syslog Commands

System Management Commands

TACACS Commands

User Interface Commands

VLAN Commands

Web Server Commands

802.1x Commands

Command Modes

GC (Global Configuration) Mode

IC (Interface Configuration) Mode

LC (Line Configuration) Mode

MA (Management Access-level) Mode

PE (Privileged EXEC) Mode

SP (SSH Public Key) Mode

UE (User EXEC) Mode

VC (VLAN Configuration) Mode

Using the CLI

CLI Command Modes

Starting the CLI

Editing Features

AAA Commands

aaa authentication login

aaa authentication enable

login authentication

enable authentication

ip http authentication

ip https authentication

show authentication methods

password

enable password

username

show users accounts

Address Table Commands

bridge address

bridge multicast filtering

bridge multicast address

bridge multicast forbidden address

bridge multicast forward-all

bridge multicast forbidden forward-all

bridge aging-time

clear bridge

port security

port security routed secure-address

show bridge address-table

show bridge address-table static

show bridge address-table count

show bridge multicast address-table

show bridge multicast filtering

show ports security

Clock

clock set