Dell PowerConnect 5424 Quick Reference Guide

Download

Dell™ PowerConnect™ 5400

Systems

CLI Reference Guide

www.dell.com | support.dell.com

Notes, Cautions, and Warnings

NOTE: A NOTE indicates important information that helps you make better use of your computer.

CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

____________________

Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. Trademarks used in this text: Dell, the DELL logo, PowerConnect are trademarks of Dell Inc. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products.

Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.

December 2008 Rev. A01

Contents

1 Using the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

CLI Command Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Introduction User EXEC Mode Privileged EXEC Mode Global Configuration Mode

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

. . . . . . . . . . . . . . . . . . . . . . . . . . . 26

. . . . . . . . . . . . . . . . . . . . . . . . . 27

Interface Configuration Mode and Specific Configuration Modes

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Starting the CLI

Editing Features

Setup Wizard

Terminal Command Buffer Negating the Effect of Commands Command Completion Keyboard Shortcuts CLI Command Conventions

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

. . . . . . . . . . . . . . . . . . . . . . . . . 30

. . . . . . . . . . . . . . . . . . . . . 30

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

. . . . . . . . . . . . . . . . . . . . . . . . . 32

2 Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Command Groups

ACL Commands

AAA Commands

Address Table Commands

Clock Commands

Configuration and Image Files Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

. . . . . . . . . . . . . . . . . . . 38

DHCP Snooping Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Ethernet Configuration Commands

GVRP Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

. . . . . . . . . . . . . . . . . . . . . . . 39

Contents 3

IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

IP Addressing Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

IPv6 Addressing Commands

iSCSI Commands

LACP Commands

Line Commands

LLDP Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Management ACL Commands

PHY Diagnostics Commands

Port Channel Commands

Port Monitor Commands

QoS Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

RADIUS Commands

RMON Commands

SNMP Commands

Spanning Tree Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

. . . . . . . . . . . . . . . . . . . . . . . . . . . 43

. . . . . . . . . . . . . . . . . . . . . . . . . . 46

. . . . . . . . . . . . . . . . . . . . . . . . . . . 47

4 Contents

SSH Commands

Syslog Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

System Management Commands

TACACS Commands

TIC Commands

Tunnel Commands

User Interface Commands

VLAN Commands

Voice VLAN Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

. . . . . . . . . . . . . . . . . . . . . . . . 54

Web Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

802.1x Commands

802.1x Advanced Commands

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

. . . . . . . . . . . . . . . . . . . . . . . . . . . 62

3 Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

GC (Global Configuration) Mode. . . . . . . . . . . . . . . . . . . . . . . . . 63

IC (Interface Configuration) Mode

LC (Line Configuration) Mode

MA (Management Access-level) Mode

PE (Privileged User EXEC) Mode

SP (SSH Public Key) Mode

UE (User EXEC) Mode

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

VC (VLAN Configuration) Mode

. . . . . . . . . . . . . . . . . . . . . . . . 67

. . . . . . . . . . . . . . . . . . . . . . . . . . 70

. . . . . . . . . . . . . . . . . . . . . 70

. . . . . . . . . . . . . . . . . . . . . . . . 70

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

. . . . . . . . . . . . . . . . . . . . . . . . . 74

4 ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

ip access-list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

mac access-list

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

permit (ip)

deny (IP)

permit (MAC)

deny (MAC)

service-acl

show access-lists

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

show interfaces access-lists

. . . . . . . . . . . . . . . . . . . . . . . . . . 84

Contents 5

5 AAA Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

aaa authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

aaa authentication enable

enable authentication

ip http authentication

ip https authentication

show authentication methods

password

enable password

username

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

show users accounts

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

. . . . . . . . . . . . . . . . . . . . . . . . . . 90

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

6 Address Table Commands . . . . . . . . . . . . . . . . . . . . . . . 95

bridge address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

bridge multicast filtering

bridge multicast address

bridge multicast forbidden address

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

. . . . . . . . . . . . . . . . . . . . . . . 98

6 Contents

bridge multicast unregistered

bridge multicast forward-all

. . . . . . . . . . . . . . . . . . . . . . . . . . 99

. . . . . . . . . . . . . . . . . . . . . . . . . . 100

bridge multicast forbidden forward-all

bridge aging-time

clear bridge

port security

port security mode

port security max

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

port security routed secure-address

. . . . . . . . . . . . . . . . . . . . 100

. . . . . . . . . . . . . . . . . . . . . 105

show bridge address-table . . . . . . . . . . . . . . . . . . . . . . . . . . 106

show bridge address-table static

show bridge address-table count

show bridge multicast address-table

show bridge multicast filtering

show ports security

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

show ports security addresses

. . . . . . . . . . . . . . . . . . . . . . . 107

. . . . . . . . . . . . . . . . . . . . . . . 108

. . . . . . . . . . . . . . . . . . . . . 109

. . . . . . . . . . . . . . . . . . . . . . . . 110

. . . . . . . . . . . . . . . . . . . . . . . . 113

7 Login Banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

banner exec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

banner login

banner motd

exec-banner

motd-banner

show banner

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

8 Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

clock set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

clock source

clock timezone

clock summer-time

sntp authentication-key

sntp authenticate

sntp trusted-key

sntp client poll timer

sntp broadcast client enable

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

. . . . . . . . . . . . . . . . . . . . . . . . . 129

Contents 7

sntp anycast client enable. . . . . . . . . . . . . . . . . . . . . . . . . . . 130

sntp client enable

sntp client enable (interface)

sntp unicast client enable

sntp unicast client poll

sntp server

show clock

show sntp configuration

show sntp status

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

. . . . . . . . . . . . . . . . . . . . . . . . . 131

. . . . . . . . . . . . . . . . . . . . . . . . . . . 132

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

9 Configuration and Image Files. . . . . . . . . . . . . . . . . . . . 139

dir. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

rename

delete startup-config

copy

delete

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

10 Ethernet Configuration Commands . . . . . . . . . . . . . . . . 151

8 Contents

boot system

show running-config

show startup-config

show bootvar

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

interface ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

interface range ethernet

shutdown

description

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

duplex

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

negotiation

flowcontrol

system flowcontrol

mdix

back-pressure

port jumbo-frame

clear counters

set interface active

show interfaces configuration

show interfaces status

show interfaces advertise

show interfaces description

show interfaces counters

show ports jumbo-frame

port storm-control include-multicast

port storm-control broadcast enable

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

. . . . . . . . . . . . . . . . . . . . . . . . . 160

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

. . . . . . . . . . . . . . . . . . . . . . . . . . . 165

. . . . . . . . . . . . . . . . . . . . . . . . . . 167

. . . . . . . . . . . . . . . . . . . . . . . . . . . 168

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

. . . . . . . . . . . . . . . . . . . . . 173

port storm-control broadcast rate

show ports storm-control

show system flowcontrol

. . . . . . . . . . . . . . . . . . . . . . . 174

. . . . . . . . . . . . . . . . . . . . . . . . . . . 175

. . . . . . . . . . . . . . . . . . . . . . . . . . . 176

11 DHCP Snooping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

ip dhcp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

ip dhcp snooping vlan

ip dhcp snooping trust

ip dhcp snooping information option allowed-untrusted

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

. . . . . . . . . . . 180

Contents 9

ip dhcp snooping verify . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

ip dhcp snooping database

ip dhcp snooping database update-freq

ip dhcp snooping binding

clear ip dhcp snooping database

show ip dhcp snooping

show ip dhcp snooping binding

. . . . . . . . . . . . . . . . . . . . . . . . . . 182

. . . . . . . . . . . . . . . . . . . . 182

. . . . . . . . . . . . . . . . . . . . . . . . . . . 183

. . . . . . . . . . . . . . . . . . . . . . . 184

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

. . . . . . . . . . . . . . . . . . . . . . . . 185

12 GVRP Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

gvrp enable (global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

gvrp enable (interface)

garp timer

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

gvrp vlan-creation-forbid

gvrp registration-forbid

clear gvrp statistics

show gvrp configuration

show gvrp statistics

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

. . . . . . . . . . . . . . . . . . . . . . . . . . . 189

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

13 IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . 195

10 Contents

ip igmp snooping (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

ip igmp snooping (Interface)

ip igmp snooping mrouter

ip igmp snooping host-time-out

ip igmp snooping mrouter-time-out

ip igmp snooping leave-time-out

ip igmp snooping querier enable

ip igmp snooping querier address

. . . . . . . . . . . . . . . . . . . . . . . . . . 195

. . . . . . . . . . . . . . . . . . . . . . . . . . . 196

. . . . . . . . . . . . . . . . . . . . . . . . 197

. . . . . . . . . . . . . . . . . . . . . . 197

. . . . . . . . . . . . . . . . . . . . . . . 198

. . . . . . . . . . . . . . . . . . . . . . . 199

. . . . . . . . . . . . . . . . . . . . . . . 200

show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . . . . . . 200

show ip igmp snooping interface

show ip igmp snooping groups

. . . . . . . . . . . . . . . . . . . . . . . 201

. . . . . . . . . . . . . . . . . . . . . . . . 202

14 IP Addressing Commands . . . . . . . . . . . . . . . . . . . . . . 205

clear host dhcp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

ip address

ip address dhcp

ip default-gateway

show ip interface

arp

arp timeout

clear arp-cache

show arp

ip domain-lookup

ip domain-name

ip name-server

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

ip host

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

clear host

show hosts

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

15 IPv6 Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

ipv6 enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

ipv6 address autoconfig

ipv6 icmp error-interval

show ipv6 icmp error-interval

ipv6 address

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

. . . . . . . . . . . . . . . . . . . . . . . . . 219

Contents 11

ipv6 address link-local. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

ipv6 unreachables

ipv6 default-gateway

ipv6 mld join-group

ipv6 mld version

show ipv6 interface

show ipv6 route

ipv6 nd dad attempts

ipv6 host

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

ipv6 neighbor

ipv6 set mtu

show ipv6 neighbors

clear ipv6 neighbors

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

16 iSCSI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

iscsi enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

iscsi target port

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

17 LACP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

12 Contents

iscsi cos

iscsi aging time

iscsi max connections

show iscsi

show iscsi sessions

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

lacp system-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

lacp port-priority

lacp timeout

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

show lacp ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

show lacp port-channel

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

18 Line Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

speed

autobaud

show line

terminal history

terminal history size

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

exec-timeout

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

19 LLDP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

lldp enable (global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

lldp enable (interface)

lldp timer

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

lldp hold-multiplier

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

lldp reinit-delay

lldp tx-delay

lldp optional-tlv

lldp management-address

lldp med enable

lldp med network-policy (global)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

. . . . . . . . . . . . . . . . . . . . . . . . . . . 258

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

. . . . . . . . . . . . . . . . . . . . . . . 259

lldp med network-policy (interface)

lldp med location

clear lldp rx

show lldp configuration

show lldp local

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

. . . . . . . . . . . . . . . . . . . . . . 260

Contents 13

show lldp neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

show lldp med configuration

. . . . . . . . . . . . . . . . . . . . . . . . . 266

20 Management ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

management access-list. . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

permit (management)

deny (management)

management access-class

show management access-list

show management access-class

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

. . . . . . . . . . . . . . . . . . . . . . . . . . 273

. . . . . . . . . . . . . . . . . . . . . . . . 273

. . . . . . . . . . . . . . . . . . . . . . . 274

21 PHY Diagnostics Commands. . . . . . . . . . . . . . . . . . . . . 275

test copper-port tdr. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

show copper-ports tdr

show copper-ports cable-length

show fiber-ports optical-transceiver

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

. . . . . . . . . . . . . . . . . . . . . . . 276

. . . . . . . . . . . . . . . . . . . . . 277

22 Port Channel Commands . . . . . . . . . . . . . . . . . . . . . . . 281

23 Port Monitor Commands . . . . . . . . . . . . . . . . . . . . . . . 285

14 Contents

interface port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

interface range port-channel

channel-group

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

port-channel load-balance

show interfaces port-channel

. . . . . . . . . . . . . . . . . . . . . . . . . 281

. . . . . . . . . . . . . . . . . . . . . . . . . . 283

. . . . . . . . . . . . . . . . . . . . . . . . . 284

port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

show ports monitor

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

24 QoS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

show qos

wrr-queue cos-map

wrr-queue bandwidth

priority-queue out num-of-queues

traffic-shape

rate-limit (Ethernet)

show qos interface

qos map dscp-queue

qos trust (Global)

qos trust (Interface)

qos cos

show qos map

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

. . . . . . . . . . . . . . . . . . . . . . . 292

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

25 Radius Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

radius-server key

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

radius-server retransmit

radius-server source-ip

radius-server source-ipv6

radius-server timeout

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

radius-server deadtime

show radius-servers

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

. . . . . . . . . . . . . . . . . . . . . . . . . . . 304

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

Contents 15

26 RMON Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

show rmon statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

rmon collection history

show rmon collection history

show rmon history

rmon alarm

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317

show rmon alarm-table

show rmon alarm

rmon event

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

show rmon events

show rmon log

rmon table-size

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

. . . . . . . . . . . . . . . . . . . . . . . . . 312

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

27 SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

snmp-server view

snmp-server filter

snmp-server contact

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

16 Contents

snmp-server location

snmp-server enable traps

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

. . . . . . . . . . . . . . . . . . . . . . . . . . . 331

snmp-server trap authentication

snmp-server host

snmp-server set

snmp-server group

snmp-server user

snmp-server v3-host

snmp-server engineID local

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

. . . . . . . . . . . . . . . . . . . . . . . . . . 339

. . . . . . . . . . . . . . . . . . . . . . . 332

show snmp engineid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

show snmp

show snmp views

show snmp groups

show snmp filters

show snmp users

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345

28 Spanning-Tree Commands . . . . . . . . . . . . . . . . . . . . . . 347

spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347

spanning-tree mode

spanning-tree forward-time

spanning-tree hello-time

spanning-tree max-age

spanning-tree priority

spanning-tree disable

spanning-tree cost

spanning-tree port-priority

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347

. . . . . . . . . . . . . . . . . . . . . . . . . . 348

. . . . . . . . . . . . . . . . . . . . . . . . . . . 349

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 350

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352

. . . . . . . . . . . . . . . . . . . . . . . . . . 352

spanning-tree portfast

spanning-tree link-type

spanning-tree mst priority

spanning-tree mst max-hops

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 354

. . . . . . . . . . . . . . . . . . . . . . . . . . . 354

. . . . . . . . . . . . . . . . . . . . . . . . . 355

spanning-tree mst port-priority

spanning-tree mst cost

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

spanning-tree mst configuration

instance (mst)

name (mst)

revision (mst)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

. . . . . . . . . . . . . . . . . . . . . . . . 356

. . . . . . . . . . . . . . . . . . . . . . . 357

Contents 17

show (mst) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360

exit (mst)

abort (mst)

spanning-tree pathcost method

spanning-tree bpdu

clear spanning-tree detected-protocols

show spanning-tree

Spanning-tree guard root

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

. . . . . . . . . . . . . . . . . . . . . . . . 362

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

. . . . . . . . . . . . . . . . . . . 363

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364

. . . . . . . . . . . . . . . . . . . . . . . . . . . 376

29 SSH Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

ip ssh port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

ip ssh server

crypto key generate dsa

crypto key generate rsa

ip ssh pubkey-auth

crypto key pubkey-chain ssh

user-key

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 379

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379

. . . . . . . . . . . . . . . . . . . . . . . . . 380

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380

30 Syslog Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

18 Contents

key-string

show ip ssh

show crypto key mypubkey

show crypto key pubkey-chain ssh

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382

. . . . . . . . . . . . . . . . . . . . . . . . . . 384

. . . . . . . . . . . . . . . . . . . . . . 385

logging on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

logging

logging console

logging buffered

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

logging buffered size. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390

clear logging

logging file

clear logging file

aaa logging

file-system logging

management logging

show logging

show logging file

show syslog-servers

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398

31 System Management . . . . . . . . . . . . . . . . . . . . . . . . . . 401

ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401

traceroute

telnet

resume

reload

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

hostname

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

service cpu-utilization

show cpu utilization

show users

show sessions

show system

set system

show system mode

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411

Contents 19

show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415

asset-tag

show system id

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

32 TACACS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

tacacs-server key

tacacs-server timeout

tacacs-server source-ip

show tacacs

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 421

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422

33 TIC Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423

passwords min-length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423

password-aging

passwords aging

passwords history

passwords history hold-time

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425

. . . . . . . . . . . . . . . . . . . . . . . . . 426

20 Contents

passwords lockout

aaa login-history file

set username active

set line active

set enable-password active

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428

. . . . . . . . . . . . . . . . . . . . . . . . . . 429

show passwords configuration

show users login-history

. . . . . . . . . . . . . . . . . . . . . . . . . . . 431

. . . . . . . . . . . . . . . . . . . . . . . . 429

34 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433

interface tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433

tunnel mode ipv6ip

tunnel isatap router

tunnel source

tunnel isatap query-interval

tunnel isatap solicitation-interval

tunnel isatap robustness

show ipv6 tunnel

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435

. . . . . . . . . . . . . . . . . . . . . . . . . . 436

. . . . . . . . . . . . . . . . . . . . . . . 436

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 437

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438

35 User Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441

enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441

disable

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442

configure

exit(configuration)

exit(EXEC)

end

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445

help

history

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445

terminal datadump

history size

debug-mode

show history

show privilege

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449

Contents 21

36 VLAN Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

vlan database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

vlan

interface vlan

interface range vlan

name

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453

switchport access vlan

switchport trunk allowed vlan

switchport trunk native vlan

switchport general allowed vlan

switchport general pvid

switchport general ingress-filtering disable

switchport general acceptable-frame-type tagged-only

switchport forbidden vlan

switchport mode

switchport customer vlan

map protocol protocols-group

switchport general map protocols-group vlan

switchport protected

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 454

. . . . . . . . . . . . . . . . . . . . . . . . . 455

. . . . . . . . . . . . . . . . . . . . . . . . . . 455

. . . . . . . . . . . . . . . . . . . . . . . 456

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 457

. . . . . . . . . . . . . . . . . 458

. . . . . . . . . . . 458

. . . . . . . . . . . . . . . . . . . . . . . . . . . 459

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460

. . . . . . . . . . . . . . . . . . . . . . . . . . . 460

. . . . . . . . . . . . . . . . . . . . . . . . . 461

. . . . . . . . . . . . . . . . 462

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

22 Contents

ip internal-usage-vlan

show vlan

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

show vlan internal usage

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

. . . . . . . . . . . . . . . . . . . . . . . . . . . 465

show vlan protocols-groups

show interfaces switchport

. . . . . . . . . . . . . . . . . . . . . . . . . . 466

. . . . . . . . . . . . . . . . . . . . . . . . . . 467

37 Voice VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

voice vlan id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

voice vlan oui-table

voice vlan cos

voice vlan aging-timeout

voice vlan enable

voice vlan secure

show voice vlan

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471

. . . . . . . . . . . . . . . . . . . . . . . . . . . 471

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

38 Web Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477

ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477

ip http port

ip http exec-timeout

ip https server

ip https port

ip https exec-timeout

crypto certificate generate

crypto certificate request

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

. . . . . . . . . . . . . . . . . . . . . . . . . . 481

. . . . . . . . . . . . . . . . . . . . . . . . . . . 482

crypto certificate import

ip https certificate

crypto certificate import pkcs12

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 483

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485

. . . . . . . . . . . . . . . . . . . . . . . . 485

show crypto certificate mycertificate

show ip http

show ip https

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

. . . . . . . . . . . . . . . . . . . . . 487

Contents 23

39 802.1x Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

aaa authentication dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

dot1x system-auth-control

dot1x port-control

dot1x re-authentication

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 493

dot1x timeout re-authperiod

dot1x re-authenticate

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

dot1x timeout quiet-period

dot1x timeout tx-period

dot1x max-req

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

dot1x timeout supp-timeout

dot1x timeout server-timeout

dot1x send-async-request-id

show dot1x

show dot1x users

show dot1x statistics

ADVANCED FEATURES

dot1x auth-not-req

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505

. . . . . . . . . . . . . . . . . . . . . . . . . . . 492

. . . . . . . . . . . . . . . . . . . . . . . . . . 494

. . . . . . . . . . . . . . . . . . . . . . . . . . . 495

. . . . . . . . . . . . . . . . . . . . . . . . . . 498

. . . . . . . . . . . . . . . . . . . . . . . . . 498

. . . . . . . . . . . . . . . . . . . . . . . . . 499

24 Contents

dot1x multiple-hosts

dot1x single-host-violation

dot1x guest-vlan

dot1x guest-vlan enable

dot1x mac-authentication

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506

. . . . . . . . . . . . . . . . . . . . . . . . . . 506

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 508

. . . . . . . . . . . . . . . . . . . . . . . . . . . 509

dot1x traps mac-authentication failure

dot1x radius-attributes vlan

show dot1x advanced

. . . . . . . . . . . . . . . . . . . . . . . . . . 510

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511

. . . . . . . . . . . . . . . . . . . . 509

Using the CLI

This chapter describes how to start using the CLI and describes implemented command editing features to assist in using the CLI.

CLI Command Modes

Introduction

To assist in configuring devices, the CLI (Command Line Interface) is divided into different command modes. Each command mode has its own set of specific commands. Entering a question mark "?" at the system prompt (console prompt) displays a list of commands available for that particular command mode.

From each mode a specific command is used to navigate from one command mode to another. The standard order to access the modes is as follows: User EXEC mode, Privileged EXEC mode, Global Configuration mode, and Interface Configuration mode. The following figure illustrates the command mode access path.

Using the CLI 25

When starting a session, the initial mode is the User EXEC mode. Only a limited subset of commands are available in User EXEC Mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required.

The Privileged mode gives access to commands that are restricted on EXEC mode and provides access to the device Configuration mode.

The Global Configuration mode manages the device configuration on a global level.

The Interface Configuration mode configures specific interfaces in the device.

User EXEC Mode

After logging into the device, the user is automatically in User EXEC command mode unless the user is defined as a privileged user. In general, the User EXEC commands allow the user to perform basic tests, and list system information.

The user-level prompt consists of the device "host name" followed by the angle bracket (>).

console

The default host name is "Console" unless it has been changed using the hostname command in the Global Configuration mode.

Privileged EXEC Mode

Privileged access is password protected to prevent unauthorized use because many of the privileged commands set operating system parameters: The password is not displayed on the screen and is case sensitive.

Privileged users enter directly into the Privileged EXEC mode. To enter the Privileged EXEC mode from the User EXEC mode, perform the following steps:

At the prompt enter the command

Enter the password and press <Enter>. The password is displayed as "*". The Privileged EXEC mode prompt is displayed. The Privileged EXEC mode prompt consists of the device "host name" followed by "

console#

To return from Privileged Exec mode to User EXEC mode, type the disable command at the command prompt.

enable

and press <Enter>. A password prompt is displayed.

26 Using the CLI

The following example illustrates how to access Privileged Exec mode and return back to the User EXEC mode:

console>enable Enter Password: ****** console# console#disable console>

The Exit command is used to return from any mode to the previous mode except when returning to User EXEC mode from the Privileged EXEC mode. For example, the Exit command is used to return from the Interface Configuration mode to the Global Configuration mode

Global Configuration Mode

Global Configuration mode commands apply to features that affect the system as a whole, rather than just a specific interface. The Privileged EXEC mode command configure is used to enter the Global Configuration mode.

To enter the Global Configuration mode perform the following steps:

At the Privileged EXEC mode prompt enter the command Configuration mode prompt is displayed. The Global Configuration mode prompt consists of the device "host name" followed by the word "(config)" and "

configure

and press

<Enter>

. The Global

console(config)#

Use one of the following commands to return from the Global Configuration mode to the Privileged EXEC mode:

•exit

•end

• Ctrl+Z

The following example illustrates how to access Global Configuration mode and returns to the Privileged EXEC mode:

console# console#configure console(config)#exit console#

Using the CLI 27

Interface Configuration Mode and Specific Configuration Modes

Interface Configuration mode commands are to modify specific interface operations. The following are the Interface Configuration modes:

•

Line Interface

commands such as line speed, timeout settings, etc. The Global Configuration mode command line is used to enter the Line Configuration command mode.

•

VLAN Database

mode command vlan database is used to enter the VLAN Database Interface Configuration mode.

•

Management Access List

Configuration mode command management access-list is used to enter the Management Access List Configuration mode.

•

Ethernet

command interface ethernet is used to enter Ethernet type interface.

•

Port Channel

VLAN or port-channel. Most of these commands are the same as the commands in the Ethernet interface mode, and are used to manage the member ports as a single entity. The Global Configuration mode command interface port-channel is used to enter the Port Channel Interface Configuration mode.

•

SSH Public Key-chain

Global Configuration mode command crypto key pubkey-chain ssh is used to enter the SSH Public Key-chain Configuration mode.

•

Interface

command

• QoS — Contains commands related to service definitions. The Global Configuration mode command qos config-services

— Contains commands to configure the management connections. These include

— Contains commands to create a VLAN as a whole. The Global Configuration

— Contains commands to define management access-lists. The Global

— Contains commands to manage port configuration. The Global Configuration mode

the Interface Configuration mode to configure an

— Contains commands to configure port-channels, for example, assigning ports to a

— Contains commands to manually specify other device SSH public keys. The

— Contains commands that configure the interface. The Global Configuration mode

interface ethernet is used to enter the Interface Configuration mode.

is used to enter the QoS services configuration mode.

Starting the CLI

The switch can be managed over a direct connection to the switch console port, or via a Telnet connection. The switch is managed by entering command keywords and parameters at the prompt. Using the switch command-line interface (CLI) is very similar to entering commands on a UNIX system.

If access is via a Telnet connection, ensure the device has an IP address defined, corresponding management access is granted, and the workstation used to access the device is connected to the device prior to using CLI commands.

NOTE: The following steps are for use on the console line only.

28 Using the CLI

To start using the CLI, perform the following steps:

Start the device and wait until the startup procedure is complete.

The User Exec mode is entered, and the prompt "Console>" is displayed.

Configure the device and enter the necessary commands to complete the required tasks.

When finished, exit the session with the

When a different user is required to log onto the system, in the Privileged EXEC mode command mode the login command is entered. This effectively logs off the current user and logs on the new user.

quit

exit

command.

Editing Features

Entering Commands

A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command "show interfaces status ethernet g5," show, interfaces and status are keywords, ethernet is an argument that specifies the interface type, and g5 specifies the port.

To enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter: Console(config)# username admin password smith

When working with the CLI, the command options are not displayed. The command is not selected from a menu but is manually entered. To see what commands are available in each mode or within an Interface Configuration, the CLI does provide a method of displaying the available commands, the command syntax requirements and in some instances parameters required to complete the command. The standard command to request help is?

There are two instances where the help information can be displayed:

•

Keyword lookup

corresponding help messages are displayed.

•

Partial keyword lookup

parameter. The matched parameters for this command are displayed.

To assist in using the CLI, there is an assortment of editing features. The following features are described:

• Terminal Command Buffer

• Command Completion

• Keyboard Shortcuts

— The character ? is entered in place of a command. A list of all valid commands and

— A command is incomplete and the character ? is entered in place of a

Using the CLI 29

Setup Wizard

The CLI supports a Setup Wizard. This is an easy-to-use user interface which quickly guides the user in setting up basic device information, so that the device can be easily managed from a Web Based Interface. Refer to the Getting Started Guide and User Guide for more information on the Setup Wizard.

Terminal Command Buffer

Every time a command is entered in the CLI, it is recorded on an internally managed Command History buffer. Commands stored in the buffer are maintained on a First In First Out (FIFO) basis.These commands can be recalled, reviewed, modified, and reissued. This buffer is not preserved across device resets.

Keyword Source or destination

Up-arrow key Ctrl+P

Down-arrow key Returns to more recent commands in the history buffer after recalling

By default, the history buffer system is enabled, but it can be disabled at any time. For information about the command syntax to enable or disable the history buffer, see history.

There is a standard default number of commands that are stored in the buffer. The standard number of 10 commands can be increased to 256. By configuring 0, the effect is the same as disabling the history buffer system. For information about the command syntax for configuring the command history buffer, see history size.

To display the history buffer, see show history.

Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall successively older commands.

commands with the up-arrow key. Repeating the key sequence will recall successively more recent commands.

Negating the Effect of Commands

For many configuration commands, the prefix keyword "no" can be entered to cancel the effect of a command or reset the configuration to the default value. This guide describes the negation effect for all applicable commands.

30 Using the CLI

Command Completion

If the command entered is incomplete, invalid, or has missing or invalid parameters, then the appropriate error message is displayed. This assists in entering the correct command. By pressing the <Tab> button, an incomplete command is entered. If the characters already entered are not enough for the system to identify a single matching command, press "?" to display the available commands matching the characters already entered.

Incorrect or incomplete commands are automatically re-entered next to the cursor. If a parameter must be added, the parameter can be added to the basic command already displayed next to the cursor. The following example indicates that the command interface ethernet requires a missing parameter.

(config)#interface ethernet %missing mandatory parameter (config)#interface ethernet

Keyboard Shortcuts

The CLI has a range of keyboard shortcuts to assist in editing the CLI commands. The following table describes the CLI shortcuts.

Keyboard Key Description

Up-arrow key Recalls commands from the history buffer, beginning with the most recent command. Repeat the

key sequence to recall successively older commands.

Down-arrow key Returns the most recent commands from the history buffer after recalling commands with the up

arrow key. Repeating the key sequence will recall successively more recent commands.

Ctrl+A Moves the cursor to the beginning of the command line.

Ctrl+E Moves the cursor to the end of the command line.

Ctrl+Z / End Returns back to the Privileged EXEC mode from any mode.

Backspace key Moves the cursor back one space.

Using the CLI 31

CLI Command Conventions

When entering commands there are certain command entry standards that apply to all commands. The following table describes the command conventions.

Convention Description

[ ] In a command line, square brackets indicates an optional entry.

{ } In a command line, curly brackets indicate a selection of compulsory parameters

separated by the | character. One option must be selected. For example:

flowcontrol {auto|on|off} means that for the flowcontrol command either auto, on or off must be selected.

Italic font Indicates a parameter.

<Enter> Any individual key on the keyboard. For example click <Enter>.

Ctrl+F4 Any combination keys pressed simultaneously on the keyboard.

Screen Display Indicates system messages and prompts appearing on the console.

all When a parameter is required to define a range of ports or parameters and all is an

option, the default for the command is all when no parameters are defined. For example, the command interface range port-channel has the option of either entering a range of channels, or selecting all. When the command is entered without a parameter, it automatically defaults to all.

32 Using the CLI

Command Groups

Introduction

The Command Language Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, you have greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.

A device can be configured and maintained by entering commands from the CLI, which is based solely on textual input and output with commands being entered from a terminal keyboard and the output displayed as text via a terminal monitor. The CLI can be accessed from a VT100 terminal connected to the console port of the device or through a Telnet connection from a remote host.

The first time you use the CLI from the console a Setup Wizard is invoked. The Setup Wizard guides you in setting up a minimum configuration, so that the device can be managed from the Web Based Interface. Refer to the Getting Started Guide and User Guide for more information on the Setup Wizard.

This guide describes how the Command Line Interface (CLI) is structured, describes the command syntax, and describes the command functionality.

This guide also provides information for configuring the Dell™ PowerConnect™ switch, details the procedures and provides configuration examples. Basic installation configuration is described in the User’s Guide and must be completed before using this document.

Command Groups

The system commands can be broken down into the functional groups shown below.

Command Group Description

ACL Commands Configures and displays ACL configuration and information.

AAA Commands Configures connection security including authorization and

passwords.

Address Table Commands Configures bridging address tables.

Configuration and Image Files Commands Manages the device Configuration files.

Clock Commands Configures clock commands on the device.

DHCP Snooping Commands Configures DHCP snooping and displays DHCP configuration

and DHCP information.

Command Groups 33

Ethernet Configuration Configures all port configuration options for example ports, storm

control, port speed and auto-negotiation.

GVRP Commands Configures and displays GVRP configuration and information.

IGMP Snooping Commands Configures IGMP snooping and displays IGMP configuration and

IGMP information.

IP Addressing Commands Configures and manages IP addresses on the device.

IPv6 Addressing Commands Configures and manages IPv6 addresses on the device.

iSCSI Commands Configures and manages Internet Small Computer Interface

System Information (iSCSI).

LACP Commands Configures and displays LACP information.

Line Commands Configures the console and remote Telnet connection.

Management ACL Commands Configures and displays management access-list information.

PHY Diagnostics Commands Diagnoses and displays the interface status.

Port Channel Commands Configures and displays Port channel information.

Port Monitor Commands Monitors activity on specific target ports.

QoS Commands Configures and displays QoS information.

RADIUS Commands Configures and displays RADIUS information.

RMON Commands Displays RMON statistics.

SNMP Commands Configures SNMP communities, traps and displays SNMP

information.

Spanning Tree Commands

SSH Commands Configures SSH authentication.

Syslog Commands Manages and displays syslog messages.

System Management Commands Configures the device clock, name and authorized users.

TACACS Commands

TIC Commands

Tunnel Commands

User Interface Commands Describes user commands used for entering CLI commands.

VLAN Commands Configures VLANs and displays VLAN information.

Voice VLAN Commands Configures Voice VLANs and displays Voice VLAN information.

Web Server Commands Configures Web based access to the device.

802.1x Commands

Configures and reports on Spanning Tree protocol

Configures TACACS commands

Configures password access and control.

Configures tunnel routing configurations.

Configures commands related to 802.1x security protocol.

34 Command Groups

ACL Commands

Command Group Description Access Mode

ip access-list Defines an IPv4 Access List and places the device in

IPv4 Access List Configuration mode.

mac access-list Enables the MAC-Access List Configuration mode and

creates Layer 2 ACLs.

permit (ip) Permits traffic if the conditions defined in the permit

statement match.

deny (IP) Denies traffic if the conditions defined in the deny

statement match.

permit (MAC) Defines permit conditions of an MAC ACL. MAC-Access List

deny (MAC) Denies traffic if the conditions defined in the deny

statement match.

service-acl Applies an ACL to the input interface.

show access-lists Displays access control lists (ACLs) defined on the

device.

show interfaces access-lists Displays access lists applied on interfaces.

Global Configuration

IP-Access List Configuration

Configuration

MAC-Access List Configuration

Interface Configuration (Ethernet, port-channel)

Privileged EXEC

AAA Commands

Command Group Description Access Mode

aaa authentication login Defines login authentication. Global

Configuration

aaa authentication enable Defines authentication method lists for accessing higher

privilege levels.

enable authentication Specifies the authentication method list when accessing

a higher privilege level from a remote telnet or console.

ip http authentication Specifies authentication methods for http. Global

ip https authentication Specifies authentication methods for https. Global

show authentication methods

Displays information about the authentication methods. Privileged User

Global Configuration

Line Configuration

Configuration

EXEC

Command Groups 35

password Specifies a password on a line. Line Configuration

enable password Sets a local password to control access to normal and

privilege levels.

username Establishes a username-based authentication system. Global

show users accounts Displays information about the local user database. Privileged User

Global Configuration

Configuration

EXEC

Address Table Commands

Command Group Description Access Mode

bridge address Adds a static MAC-layer station source address to the

bridge table.

bridge multicast filtering Enables filtering of Multicast addresses. Global

bridge multicast address Registers MAC-layer Multicast addresses to the bridge

table, and adds static ports to the group.

bridge multicast forbidden address

bridge multicast unregistered

bridge multicast forward-all Enables forwarding of all Multicast frames on a port. VLAN

bridge multicast forbidden forward-all

bridge aging-time Sets the address table aging time. Global

clear bridge Removes any learned entries from the forwarding

port security Disables new address learning on an interface. Interface

port security routed secureaddress

show bridge address-table Displays dynamically created entries in the

show bridge address-table static

Forbids adding a specific Multicast address to specific ports.

Configures the forwarding state of unregistered multicast addresses.

Enables forbidding forwarding of all Multicast frames to a port.

database.

Adds MAC-layer secure addresses to a routed port. Interface

bridge-forwarding database.

Displays statically created entries in the bridge-forwarding database

VLAN Configuration

Configuration

VLAN Configuration

Interface Configuration

Configuration

VLAN Configuration

Configuration

Privileged User EXEC

Configuration

Privileged User EXEC

36 Command Groups

show bridge address-table count

show bridge multicast address-table

show bridge multicast filtering

show ports security Displays the port-lock status. Privileged User

show ports security addresses

Displays the number of addresses present in all or at a specific VLAN.

Displays statically created entries in the bridgeforwarding database.

Displays the Multicast filtering configuration. Privileged User

Displays the current dynamic addresses in locked ports. Privileged User

Privileged User EXEC

EXEC

Clock Commands

Command Group Description Access Mode

clock set

clock source

clock timezone

clock summer-time

sntp authentication-key

sntp authenticate

sntp trusted-key

sntp client poll timer

sntp broadcast client enable

sntp anycast client enable

sntp client enable (interface)

Manually sets the system clock.

Configures an external time source for the system clock.

Sets the time zone for display purposes.

Configures the system to automatically switch to summer time (daylight saving time).

Defines an authentication key for Simple Network Time Protocol (SNTP).

Grants authentication for received Network Time Protocol (NTP) traffic from servers.

Authenticates the identity of a system to which SNTP will synchronize.

Sets the polling time for the SNTP client.

Enables the SNTP Broadcast clients.

Enables Anycast clients.

Enables the SNTP client on an interface.

Privileged User EXEC

Global Configuration

Interface Configuration

Command Groups 37

sntp unicast client enable

sntp unicast client poll

sntp server

show clock

show sntp configuration

show sntp status

Enables the device to use the SNTP to request and accept NTP traffic from servers.

Enables polling for the SNTP predefined Unicast clients.

Specifies SNTP UDP port of the SNTP server

Displays the time and date from the system clock.

Shows the configuration of the SNTP.

Shows the status of the SNTP.

Global Configuration

User EXEC

Privileged User EXEC

Configuration and Image Files Commands

Command Group Description Access Mode

dir Displays list of files on a flash file system Privileged User

EXEC

more Displays a file Privileged EXEC

rename Renames a file. Privileged User

EXEC

delete startup-config Deletes the startup-config file. Privileged User

EXEC

copy Copies files from a source to a destination. Privileged User

EXEC

delete Deletes a file from a Flash memory device. Privileged User

EXEC

boot system Specifies the system image that the device loads at

startup.

show running-config Displays the contents of the currently running

configuration file.

show startup-config Displays the startup configuration file contents. Privileged User

show bootvar Displays the active system image file that the device

loads at startup.

Privileged User EXEC

EXEC

Privileged EXEC

38 Command Groups

DHCP Snooping Commands

Command Group Description Access Mode

ip dhcp snooping Globally enables Dynamic Host Configuration

Protocol (DHCP) snooping

ip dhcp snooping vlan Enables DHCP snooping on a VLAN. Global

ip dhcp snooping trust Configures a port as trusted for DHCP snooping

purposes.

ip dhcp snooping information option allowed-untrusted

ip dhcp snooping verify Configures the switch to verify that on an untrusted

ip dhcp snooping database Configures the DHCP snooping binding file. Global

ip dhcp snooping database update-freq

ip dhcp snooping binding Configures the DHCP snooping binding database and

clear ip dhcp snooping database

show ip dhcp snooping Displays the DHCP snooping configuration. EXEC

show ip dhcp snooping binding

Configures a switch to accept DHCP packets with option-82 information from an untrusted port.

port the source MAC address in a DHCP packet matches the client hardware address.

Configures the update frequency ofthe DHCP snooping binding file.

to add binding entries to the database.

Clears the DHCP binding database. Privileged EXEC

Display the DHCP snooping binding database and configuration information for all interfaces on a switch.

Global Configuration

Configuration

Interface Configuration (Ethernet, port-channel)

Global Configuration

Configuration

Global Configuration

Privileged EXEC

EXEC

Ethernet Configuration Commands

Command Group Description Access Mode

interface ethernet Enters the Interface Configuration mode to configure

an Ethernet type interface.

interface range ethernet Enters the Interface Configuration mode to configure

multiple Ethernet type interfaces.

shutdown Disables interfaces. Interface

Global Configuration

Configuration

Command Groups 39

description Adds a description to an interface. Interface

Configuration

speed Configures the speed of a given Ethernet interface

when not using auto-negotiation.

duplex Configures the full/half duplex operation of a given

Ethernet interface when not using auto-negotiation.

negotiation Enables auto-negotiation operation for the speed and

duplex parameters of a given interface.

flowcontrol Configures the Flow Control on a given interface. Interface

system flowcontrol Enables flow control on cascade ports. Interface

mdix Enables automatic crossover on a given interface. Interface

back-pressure Enables Back Pressure on a given interface. Interface

port jumbo-frame Enables jumbo frames for the device. Global

clear counters Clears statistics on an interface. User EXEC

set interface active Reactivates an interface that was suspended by the

system.

show interfaces configuration

show interfaces status Displays the status for all configured interfaces. User EXEC

show interfaces description Displays the description for all configured interfaces. User EXEC

show interfaces counters Displays traffic seen by the physical interface. User EXEC

show ports jumbo-frame Displays the jumbo frames configuration. User EXEC

port storm-control includemulticast

port storm-control broadcast enable

port storm-control broadcast rate

show ports storm-control Displays the storm control configuration. Privileged User

show system flowcontrol Displays the flow control state on cascade ports. Privileged User

Displays the configuration for all configured interfaces.

Enables the device to count Multicast packets. Global

Enables Broadcast storm control. Interface

Configures the maximum Broadcast rate. Interface

Interface Configuration

Configuration

Privileged User EXEC

User EXEC

Configuration

EXEC

40 Command Groups

GVRP Commands

Command Group Description Mode

gvrp enable (global) Enables GVRP globally. Global Configuration

gvrp enable (interface) Enables GVRP on an interface. Interface

Configuration

garp timer Adjusts the GARP application join, leave,

and leaveall GARP timer values.

gvrp vlan-creation-forbid Enables or disables dynamic VLAN creation. Interface

gvrp registration-forbid De-registers all VLANs, and prevents dynamic

VLAN registration on the port.

clear gvrp statistics Clears all the GVRP statistics information. Privileged User EXEC

show gvrp configuration Displays GVRP configuration information. User EXEC

show gvrp statistics Displays GVRP statistics. User EXEC

Interface Configuration

Configuration

Interface Configuration

IGMP Snooping Commands

Command Group Description Access Mode

ip igmp snooping (Global) Enables Internet Group Management Protocol (IGMP)

snooping.

ip igmp snooping (Interface) Enables Internet Group Management Protocol (IGMP)

snooping on a specific VLAN.

ip igmp snooping mrouter Enables automatic learning of Multicast router ports in

the context of a specific VLAN.

ip igmp snooping host-time-out Configures the host-time-out. VLAN

ip igmp snooping mrouter-time-out Configures the mrouter-time-out. VLAN

ip igmp snooping leave-time-out Configures the leave-time-out. VLAN

show ip igmp snooping mrouter Displays information on dynamically learned Multicast

router interfaces.

show ip igmp snooping interface Displays IGMP snooping configuration. User EXEC

show ip igmp snooping groups Displays Multicast groups learned by IGMP snooping. User EXEC

Global Configuration

VLAN Configuration

Configuration

User EXEC

Command Groups 41

IP Addressing Commands

Command Group Description Access Mode

clear host dhcp Sets an IP address on the device. Interface

Configuration

ip address

ip address dhcp Acquires an IP address on an interface from the DHCP

ip default-gateway

show ip interface Displays the usability status of interfaces configured for IP. User EXEC

arp Adds a permanent entry in the ARP cache. Global

arp timeout Configures how long an entry remains in the ARP cache Global

clear arp-cache Deletes all dynamic entries from the ARP cache. Privileged User

show arp Displays entries in the ARP table. Privileged User

ip domain-lookup Enables the IP Domain Naming System (DNS)-based host

ip domain-name Defines a default domain name, that the software uses to

ip name-server Sets the available name servers.

ip host Defines static host name-to-address mapping in the host

clear host

show hosts Displays the default domain name, a list of name server

Sets an IP address

server.

Defines a default gateway (router)

name-to-address translation.

complete unqualified host names.

cache.

Deletes entries from the host name-to-address cache

hosts, the static and cached list of host names and addresses.

Interface Configuration

Global Configuration

Configuration

EXEC

Global Configuration

Privileged User EXEC

User EXEC

42 Command Groups

IPv6 Addressing Commands

Command Group Description Access Mode

ipv6 enable Enables IPv6 processing on an interface. Interface Configuration

ipv6 address autoconfig Enables automatic configuration of IPv6 addresses

using stateless autoconfiguration on an interface.

ipv6 icmp error-interval Configures the rate limit interval and bucket size

parameters for IPv6 ICMP error messages.

show ipv6 icmp errorinterval

ipv6 address Configures an IPv6 address for an interface. Interface Configuration

ipv6 address link-local Configures an IPv6 link-local address for an interface. Interface Configuration

ipv6 unreachables Enables the generation of Internet Control Message

ipv6 default-gateway Defines an IPv6 default gateway. Global Configuration

ipv6 mld join-group Configures Multicast Listener Discovery (MLD)

ipv6 mld version Changes the Multicast Listener Discovery Protocol

show ipv6 interface Displays the usability status of interfaces configured

show ipv6 route Displays the current state of the IPv6 routing table. Privileged EXEC

ipv6 nd dad attempts Configures the number of consecutive neighbor

ipv6 host Defines a static host name-to-address mapping in the

ipv6 neighbor Configures a static entry in the IPv6 neighbor

ipv6 set mtu Sets the MTU size of IPv6 packets sent on an

show ipv6 neighbors Displays IPv6 neighbor discovery cache informatio. Privileged EXEC

clear ipv6 neighbors Deletes all entries in the IPv6 neighbor discovery

Displays

Protocol for IPv6 (ICMPv6) unreachable messages for any packets arriving on a specified interface.

reporting for a specified group.

(MLD) version.

for IPv6.

solicitation messages that are sent on an interface while duplicate address detection is performed on the unicast IPv6 addresses of the interface.

host name cache.

discovery cache.

interface.

cache, except static entries.

the IPv6 ICMP error interval setting Privileged EXEC

Interface Configuration

Global Configuration

Interface Configuration

Privileged EXEC

Interface Configuration

Global Configuration

Privileged EXEC

Command Groups 43

iSCSI Commands

Command Group Description Access Mode

iscsi enable

iscsi target port Configures iSCSI port(s), target address and name. Global

iscsi cos Sets the quality of service profile applied to iSCSI

iscsi aging time

iscsi max connections Sets the maximum number of iSCSI connections that

show iscsi Displays the iSCSI settings Privileged User

show iscsi sessions Display the iSCSI sessions Privileged EXEC

Globally enables iSCSI awareness.

flows.

Sets aging time for iSCSI sessions.

can be supported

Global Configuration

Configuration

Global Configuration

EXEC

LACP Commands

Command Group Description Access Mode

lacp system-priority Configures the system LACP priority. Global

Configuration

lacp port-priority Configures the priority value for physical ports. Interface

Configuration

lacp timeout Assigns an administrative LACP timeout. Interface

Configuration

show lacp ethernet Displays LACP information for Ethernet ports. User EXEC

show lacp port-channel

Displays LACP information for a port-channel.

User EXEC

Line Commands

Command Group Description Access Mode

line Identifies a specific line for configuration and enters

the Line Configuration command mode.

speed Sets the line baud rate. Line Configuration

autobaud

Sets the line for automatic baud rate detection

44 Command Groups

Global Configuration

Line Configuration

exec-timeout Configures the interval that the system waits until

user input is detected.

show line Displays line parameters. User EXEC

terminal history Enables the command history function for the current

terminal session.

terminal history size Cand history buffer size for the current terminal

session.

Line Configuration

User EXEC

LLDP Commands

Command Group Description Access Mode

lldp enable (global) Enables Link Layer Discovery Protocol. Interface

Configuration (Ethernet)

lldp enable (interface) Enables Link Layer Discovery Protocol (LLDP) on an

interface.

lldp timer Specifies how often the software sends LLDP updates. Global

lldp hold-multiplier Specifies the amount of time the receiving device should

hold a Link Layer Discovery Protocol packet before discarding it.

lldp reinit-delay Specifies the minimum time an LLDP port will wait before

reinitializing LLDP transmission.

lldp tx-delay Specifies the delay between successive LLDP frame

transmissions initiated by value/status

changes in the LLDP local systems MIB.

lldp optional-tlv Specifies which optional TLVs from the basic set should be

transmitted.

lldp managementaddress

lldp med enable Enables LLDP Media Endpoint Discovery (MED) on an

lldp med network-policy (global)

Specifies the management address to be advertised from an interface.

interface.

Defines LLDP MED network policy. Global

Interface Configuration (Ethernet)

Configuration

Global Configuration

Interface Configuration (Ethernet)

Configuration

Command Groups 45

lldp med network-policy (interface)

lldp med location Configures location information for the LLDP MED for an

clear lldp rx Restarts the LLDP RX state machine and clearing the

show lldp configuration Displays the LLDP configuration. Privileged EXEC

show lldp local Displays the LLDP information that is advertised from a

show lldp neighbors Displays information about neighboring devices discovered

show lldp med configuration

Attaches a LLDP MED network policy to a port. Interface

Configuration (Ethernet)

Interface

interface.

neighbors table.

specific port.

usingLLDP.

Displays the LLDP MED configuration. Privileged EXEC

Configuration (Ethernet)

Privileged EXEC

Login Banner Commands

Command Group Description Access Mode

banner exec Specifies and enables a message to be displayed when

an EXEC process is created.

banner login Enables a message to be displayed before the

username and password login prompts.

banner motd Specifies and enables a message-of-the-day banner.. Global

exec-banner Enables the display of exec banners. Line Configuration

motd-banner Enables the display of message-of-the-day banners. Line Configuration

show banner Displays the banners configuration. Privileged EXEC

Global Configuration

Configuration

Management ACL Commands

Command Group Description Access Mode

management access-list Defines a management access-list, and enters the access-

list for configuration.

permit (management) Defines a permit rule. Management

46 Command Groups

Global Configuration

Access-level

deny (management) Defines a deny rule. Management

Access-level

management access-class Defines which management access-list is used. Global

Configuration

show management access-list

show management access-class

Displays management access-lists. Privileged User

EXEC

Displays the active management access-list. Privileged User

EXEC

PHY Diagnostics Commands

Command Group Description Access Mode

test copper-port tdr Diagnoses with TDR (Time Domain Reflectometry)

technology the quality and characteristics of a copper cable attached to a port.

show copper-ports tdr Displays the last TDR (Time Domain Reflectometry) tests

on specified ports.

show copper-ports cablelength

show fiber-ports opticaltransceiver

Displays the estimated copper cable length attached to a port.

Displays the optical transceiver diagnostics. Privileged User

Privileged User EXEC

EXEC

Port Channel Commands

Command Group Description Access Mode

interface port-channel Enters the Interface Configuration mode of a specific port-

channel.

interface range portchannel

channel-group Associates a port with a port-channel. Interface

port-channel loadbalance

show interfaces portchannel

Enters the Interface Configuration mode to configure multiple port-channels.

Configures the load balancing policy of the port channeling User EXEC

Displays port-channel information. User EXEC

Global Configuration

Configuration

Command Groups 47

Port Monitor Commands

Command Group Description Access Mode

port monitor Starts a port monitoring session. Interface

Configuration

show ports monitor Displays the port monitoring status. User EXEC

QoS Commands

Command Group Description Access Mode

qos Enables quality of service (QoS) on the device

and enters QoS basic or advance mode.

show qos Displays the QoS status. User EXEC

wrr-queue cos-map

wrr-queue bandwidth Assigns Weighted Round Robin (WRR)

priority-queue out num-ofqueues

traffic-shape Sets the shaper on an egress port. Interface Configuration

rate-limit (Ethernet) Limits the rate of the incoming traffic. Interface Configuration

show qos interface Displays interface QoS data. User EXEC

qos map dscp-queue Modifies the DSCP to CoS map. Global Configuration

qos trust (Global) Configures the system to basic mode and the

qos trust (Interface)

qos cos Configures the default port CoS value. Interface Configuration

show qos map Displays all the maps for QoS. User EXEC

Maps assigned CoS values to select one of the egress queues.

weights to egress queues.

Enables the egress queues to be expedite

queues

"trust" state.

Enables each port trust state

Global Configuration

Interface Configuration

Global Configuration

(Ethernet, Port-Channel)

Global Configuration

Interface Configuration

48 Command Groups

RADIUS Commands

Command Group Description Access Mode

radius-server host Specifies a RADIUS server host. Global

Configuration

radius-server key Sets the authentication and encryption key for all RADIUS

communications between the router and the RADIUS daemon.

radius-server retransmit Specifies the number of times the software searches the list

of RADIUS server hosts.

radius-server source-ip Specifies the source IP address used for communication

with RADIUS servers.

radius-server source-ipv6

Specifies the source IPv6 address used for the IPv6 communication with RADIUS servers.

radius-server timeout Sets the interval for which a router waits for a server host to

reply.

radius-server deadtime Improves RADIUS response times when servers are

unavailable.

show radius-servers Displays the RADIUS server settings. Privileged User

Global Configuration

EXEC

RMON Commands

Command Group Description Mode

show rmon statistics Displays RMON Ethernet Statistics. User EXEC

rmon collection history Enables a Remote Monitoring (RMON) MIB history

statistics group on an interface.

show rmon collection history

show rmon history Displays RMON Ethernet Statistics history. User EXEC

rmon alarm Configures alarm conditions. Global

show rmon alarm-table Displays the alarms summary table. User EXEC

show rmon alarm Displays alarm configurations. User EXEC

rmon event Configures a RMON event. Global

Displays the requested history group configuration. User EXEC

Interface Configuration (Ethernet, portchannel)s

Configuration

Command Groups 49

show rmon events Displays the RMON event table. User EXEC

show rmon log Displays the RMON logging table. User EXEC

rmon table-size Configures the maximum RMON tables sizes. Global

Configuration

SNMP Commands

Command Group Description Access Mode

snmp-server community the community access string to permit access to SNMP

protocol.

snmp-server view Creates or update a view entry, Global

snmp-server contact Sets up a system contact. Global

snmp-server location Sets up the information on where the device is located. Global

snmp-server enable traps Enables the switch to send SNMP traps or SNMP

notifications.

snmp-server trap authentication

snmp-server host Specifies the recipient of Simple Network Management

snmp-server set Sets SNMP MIB value by the CLI. Global

snmp-server group Configures a new Simple Network Management Protocol

snmp-server user Configure a new SNMP Version 3 user.

snmp-server v3-host Specifies the recipient of Simple

snmp-server engineID local Specifies the Simple Network Management Protocol

show snmp engineid Displays the ID of the local Simple Network Management

show snmp Displays the SNMP status. Privileged User

Enables the switch to send Simple Network Management Protocol traps when authentication failed.

Protocol notification operation,

(SNMP) group, or a table that maps

SNMP users to SNMP views.

Network Management Protocol Version 3 notifications.

(SNMP) engineID on the local device.

Protocol (SNMP) engine

Global Configuration

Configuration

Global Configuration

Configuration

Global Configuration

Privileged User EXEC

EXEC

50 Command Groups

show snmp views Displays the configuration of views. Privileged EXEC

show snmp groups Displays the configuration of groups. Privileged EXEC

show snmp filters Displays the configuration of filters Privileged EXEC

show snmp users Displays the configuration of groups. Privileged EXEC

Spanning Tree Commands

Command Group Description Access Mode

spanning-tree Enables spanning tree functionality. Global

Configuration

spanning-tree mode Configures the spanning tree protocol. Global

Configuration

spanning-tree forward-time Configures the spanning tree bridge forward time. Global

Configuration

spanning-tree hello-time Configures the spanning tree bridge Hello Time. Global

Configuration

spanning-tree max-age Configures the spanning tree bridge maximum age. Global

Configuration

spanning-tree priority Configures the spanning tree priority. Global

Configuration

spanning-tree disable Disables spanning tree on a specific port. Interface

Configuration

spanning-tree cost Configures the spanning tree path cost for a port. Interface

Configuration

spanning-tree port-priority Configures port priority. Interface

Configuration

spanning-tree portfast Enables PortFast mode. Interface

Configuration

spanning-tree link-type Overrides the default link-type setting. Interface

Configuration (Ethernet, portchannel)

spanning-tree mst priority Configures the device priority for the specified spanning-

tree instance

spanning-tree mst maxhops

Configures the number of hops in an MST region before the BDPU is discarded and the port information is aged out.

Global Configuration

Command Groups 51

spanning-tree mst priority Configures port priority for the specified MST instance Interface

Configuration

sspanning-tree mst cost Configures the path cost for multiple spanning tree

(MST) calculations.

spanning-tree mst configuration

instance (mst) Maps VLANS to an MST instance. MST

name (mst) Defines the configuration name. MST

revision (mst) Defines the configuration revision number. MST

show (mst) Displays the current or pending MST region

exit (mst) Exits the MST Configuration mode and applies all

abort (mst) Exits the MST Configuration mode without applying

spanning-tree pathcost method

spanning-tree bpdu Defines BPDU handling when spanning-tree is disabled

clear spanning-tree detected-protocols

show spanning-tree Displays spanning-tree configuration. Privileged EXEC

Spanning-tree guard root Configure the switch to convert STP/RSTP packets to

Spanning-tree guard root enables root guard on all the spanning tree instances on

Enables configuring an MST region by entering the Multiple Spanning Tree (MST) mode.

configuration.

configuration changes.

the configuration changes

Sets the default path cost method. Global

on an interface.

Restarts the protocol migration process (force the renegotiation with neighboring switches) on all interfaces or on the specified interface.

MSTP instances.

that interface.

Interface Configuration

Global Configuration

Configuration mode

MST Configuration mode

Configuration

Global Configuration

Privileged EXEC mode

mode

Global Configuration

Interface Configuration

52 Command Groups

SSH Commands

Command Group Description Access Mode

ip ssh port Specifies the port to be used by the SSH server. Global

Configuration

ip ssh server Enables the device to be configured from a SSH

server.

crypto key generate dsa Generates DSA key pairs. Global

crypto key generate rsa Generates RSA key pairs. Global

ip ssh pubkey-auth Enables public key authentication for incoming

SSH sessions.

crypto key pubkey-chain ssh Enters SSH Public Key-chain Configuration mode. Global

user-key Specifies which SSH public key is manually

configured and enters the SSH public key-string configuration command.

key-string Manually specifies a SSH public key. SSH Public Key

show ip ssh Displays the SSH server configuration. Privileged User

show crypto key mypubkey Displays the SSH public keys stored on the device. Privileged User

show crypto key pubkey-chain ssh

Displays SSH public keys stored on the device. Privileged User

Global Configuration

Configuration

Global Configuration

Configuration

SSH Public Key

EXEC

Syslog Commands

Command Group Description Access Mode

logging on Controls error messages logging. Global

Configuration

logging Logs messages to a syslog server. Global

Configuration

logging console Limits messages logged to the console based on

severity.

logging buffered Limits syslog messages displayed from an internal

buffer based on severity.

Global Configuration

Command Groups 53

logging buffered size Changes the number of syslog messages stored in

the internal buffer.

clear logging Clears messages from the internal logging buffer. Privileged User

logging file Limits syslog messages sent to the logging file based

on severity.

clear logging file Clears messages from the logging file. Privileged User

aaa logging Controls logging of AAA events. Global

file-system logging Controls logging file system events. Global

management logging Controls logging of management access lists events. Global

show logging Displays the state of logging and the syslog

messages stored in the internal buffer.

show logging file Displays the state of logging and the syslog

messages stored in the logging file.

show syslog-servers Displays the syslog servers settings. Privileged User

Global Configuration

EXEC

Global Configuration

EXEC

Configuration

Privileged User EXEC

EXEC

System Management Commands

Command Group Description Access Mode

ping Sends ICMP echo request packets to another node

on the network.

traceroute Discovers the routes that packets will actually take

when traveling to their destination.

telnet Logs in to a host that supports Telnet. User EXEC

resume Switches to another open Telnet session User EXEC

reload Reloads the operating system Privileged User

hostname Specifies or modifies the device host name. Global

service cpu-utilization Allows the software to measure CPU utilization. Global

show cpu utilization Displays information about the active users. User EXEC

User EXEC

EXEC

Configuration

54 Command Groups

show users Lists the open Telnet sessions. User EXEC

show sessions Lists the open Telnet sessions User EXEC

show system Displays system information. User EXEC

set system Activates/deactivates specified features. Priviledged EXEC

show system mode Displays information on features control User EXEC

show version Displays the system version information. User EXEC

asset-tag Specifies the device asset-tag. Global

Configuration

show system id Displays the service ID information. User EXEC

TACACS Commands

Command Group Description Mode

tacacs-server host Specifies a TACACS+ host. Global

Configuration

tacacs-server key Sets the authentication encryption key used for all

TACACS+ communications between the device and the TACACS+ daemon.

tacacs-server source-ip Specifies the source IP address that will be used for

the communication with TACACS servers.

show tacacs Displays configuration and statistics for a

TACACS+ servers.

Global Configuration

Privileged User EXEC

TIC Commands

Command Group Description Access Mode

The following example displays the local users configured with access to the system.passwords minlength

passwords aging Configures the aging time of line passwords. Line

passwords aging Configures the aging time of username passwords and

passwords history Configures the number of password changes that are

Configures the minimal length required for passwords in the local database.

enables passwords.

required before a password in the local database can be reused.

Global Configuration

Configuration

Global Configuration

Command Groups 55

passwords history hold-time Configures the duration of time a password is relevant

for tracking passwords history.

passwords lockout Enables lockout of a user account after a series of

authentication failures.

aaa login-history file Enables writing to login history file. Global

set username active Reactivates a previously locked out user account. Privileged EXEC

set line active Reactivates a previously locked out line. Privileged EXEC

set enable-password active Reactivates a previously locked out password. Privileged EXEC

show passwords configuration

show users login-history Displays information about the login history of users. Privileged EXEC

Displays information about the passwords management configuration.

Global Configuration

Configuration

Privileged EXEC

Tunnel Commands

Command Group Description Access Mode

interface tunnel Enters tunnel interface configuration mode. Global

Configuration

tunnel mode ipv6ip Configures an IPv6 transition mechanism global

support mode.

tunnel isatap router Configures a global string that represents a specific

automatic tunnel router domain name.

tunnel source Sets the local (source) tunnel interface IPv4 address. Interface Tunnel

tunnel isatap query-interval Configures the interval between DNS Queries (before

the IP address of the ISATAP router is known) for the automatic tunnel router domain name.

tunnel isatap solicitationinterval

tunnel isatap robustness Configures the number of DNS Query/Router

show ipv6 tunnel Displays information on the ISATAP tunnel. Privileged EXEC

Configures the interval between ISATAP router solicitations messages (when there is no active ISATAP router).

Solicitation refresh messages that the device sends.

Interface Tunnel Configuration

Configuration

Global Configuration

56 Command Groups

User Interface Commands

Command Group Description Access Mode

enable Enters the privileged EXEC mode. All

disable Returns to User EXEC mode. All

configure

exit(configuration) Exits any configuration mode to the next highest mode in the

exit(EXEC) Closes an active terminal session by logging off the device. All

end Ends the current configuration session and returns to the

help Displays a brief description of the help system. All

history Enables the command history function. All

terminal datadump Enables dumping of all the output from the show command

history size Changes the command history buffer size for a particular line. All

debug-mode

show history Lists the commands entered in the current session. All

show privilege Displays the current privilege level. All

do Executes a Global Configuration mode or any configuration

Enables the Global Configuration mode

CLI mode hierarchy.

previous command mode.

without ’prompting’.

Switches the mode to debug

submode.

.All

All

Privileged EXEC

All

VLAN Commands

Command Group Description Access Mode

vlan database Enters the VLAN Database Configuration mode. Global

Configuration

vlan Creates a VLAN. VLAN

Configuration

interface vlan

interface range vlan Enters the Interface Configuration mode to configure

name Configures a name to a VLAN. Interface

Enters the Interface Configuration (VLAN) mode.

multiple VLANs.

Global Configuration

Configuration

Command Groups 57

switchport access vlan Configures the VLAN membership mode of a port. Interface

Configuration

switchport access vlan Configures the VLAN ID when the interface is in access

mode.

switchport trunk allowed vlan

switchport trunk native vlan

switchport general allowed vlan

switchport general pvid Configures the PVID when the interface is in general

switchport general ingress-filtering disable

switchport general acceptable-frame-type tagged-only

switchport forbidden vlan

map protocol protocolsgroup

switchport general map protocols-group vlan

ip internal-usage-vlan

Adds or removes VLANs from a port in general mode. Interface

Defines the port as a member of the specified VLAN, and the VLAN ID is the "port default VLAN ID (PVID)".

Adds or removes VLANs from a general port. Interface

mode.

Disables port ingress filtering. Interface

Discards untagged frames at ingress. Interface

Forbids adding specific VLANs to a port. Interface

Adds a special protocol to a named group of protocols, which may be used for protocol-based VLAN assignment.

Sets a protocol-based classification rule. Interface

Reserves a VLAN as the internal usage VLAN of an interface.

show vlan Displays VLAN information. Privileged User

show vlan internal usage Displays a list of VLANs being used internally by the

switch.

show vlan protocolsgroups

show interfaces switchport

Displays protocols-groups information. Privileged User

Displays switchport configuration. Privileged User

Interface Configuration

Configuration

Interface Configuration

Configuration

Interface Configuration

Configuration

VLAN Configuration

Configuration

Interface Configuration

EXEC

Privileged User EXEC

EXEC

58 Command Groups

Voice VLAN Commands

Command Group Description Access Mode

voice vlan id Enters the VLAN Configuration mode. Global

Configuration

voice vlan oui-table Configure the Voice OUI table. Global

Configuration

voice vlan cos Sets the Voice VLAN Class Of Service. Global

Configuration

voice vlan aging-timeout

voice vlan enable Enables automatic Voice VLAN configuration for a port. Interface

voice vlan secure Configures the secure mode for the Voice VLAN. Interface

show voice vlan Displays the Voice VLAN status. EXEC

Sets the Voice VLAN aging timeout.

Global Configuration

Configuration (Ethernet, portchannel)

Web Server Commands

Command Group Description Access Mode

ip http server Enables the device to be configured from a browser. Global

Configuration

ip http port Specifies the TCP port for use by a web browser to

configure the device.

ip https exec-timeout Sets the interval the system waits for user input before

automatically loging off.

ip https server Enables the device to be configured from a secured browser. Global

ip https port Configures a TCP port for use by a secure web browser to

configure the device.

ip https exec-timeout Sets the interval the system waits for user input before

automatically loging off.

crypto certificate generate

Generates a HTTPS certificate. Global

Global Configuration

Configuration

Global Configuration

Configuration

Command Groups 59

crypto certificate import Imports a certificate signed by Certification Authority for

HTTPS.

ip https certificate Configures the active certificate for HTTPS. Global

ip https port Configures a TCP port for use by a secure web browser to

configure the device.

ip http exec-timeout Sets the interval the system waits for user input before

automatically loging off.

ip https server Enables the device to be configured from a secured browser. Global

crypto certificate request Generates and displays certificate requests for HTTPS. Privileged EXEC

crypto certificate import Imports a certificate signed by Certification Authority for

HTTPS.

ip https certificate Configures the active certificate for HTTPS. Global

crypto certificate import pkcs12

show crypto certificate mycertificate

show ip http Displays the HTTP server configuration. Privileged User

show ip https Displays the HTTPS server configuration. Privileged User

Exports the certificate and the RSA keys within a PKCS12 file

Imports the certificate and the RSA keys within a PKCS12 file

Displays the SSL certificates of the device Privileged User

Global Configuration

Configuration

Global Configuration

Configuration

Global Configuration

Configuration

Privileged User EXEC

EXEC

802.1x Commands

Command Description Access Mode

aaa authentication dot1x Specifies one or more authentication, authorization, and

accounting (AAA) methods for use on interfaces running IEEE 802.1X.

dot1x system-authcontrol

dot1x port-control Enables manual control of the authorization state of the

dot1x re-authentication Enables periodic re-authentication of the client. Interface

Enables 802.1x globally. Global

port

60 Command Groups

Global Configuration

Configuration

Interface Configuration

Configuration

dot1x timeout reauthperiod

dot1x re-authenticate Manually initiates a re-authentication of all 802.1X-enabled

dot1x timeout quietperiod

dot1x timeout tx-period Sets the number of seconds that the switch waits for a

dot1x max-req Sets the maximum number of times that the switch sends

dot1x timeout supptimeout

dot1x timeout servertimeout

show dot1x Allows multiple hosts on an 802.1X-authorized port, that

show dot1x users Displays 802.1X statistics for the specified interface. Privileged User

show dot1x statistics Displays 802.1X statistics for the specified interface. Privileged User

Sets the number of seconds between re-authentication attempts

ports or the specified 802.1X-enabled port.

Sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange

response to an Extensible Authentication Protocol (EAP) request/identity frame, from the client, before resending the request.

an EAP - request/identity frame to the client, before restarting the authentication process.

Sets the time for the retransmission of an Extensible Authentication Protocol (EAP)-request frame to the client.

Sets the time for the retransmission of packets to the authentication server

has the dot1x port-control interface configuration command set to auto.

Interface Configuration

Privileged User EXEC

Interface Configuration

EXEC

Command Groups 61

802.1x Advanced Commands

dot1x auth-not-req Enables unauthorized users access to that VLAN. VLAN

Configuration

dot1x multiple-hosts Allows multiple hosts (clients) on an 802.1X-authorized

port with the dot1x port-control Interface Configuration mode command set to auto.

dot1x single-hostviolation

dot1x guest-vlan Defines a Guest VLAN. Use the no form of this command

dot1x guest-vlan enable Enables unauthorized users on the interface access to the

dot1x macauthentication

dot1x traps macauthentication failure

dot1x radius-attributes vlan

show dot1x advanced Displays 802.1X advanced features for the switch or for the

Configures the action to be taken when a station of which the MAC address is not the supplicant MAC address attempts to access the interface.

to return to default.

Guest VLAN.

Enables authentication based on the station’s MAC address.

Enables sending traps when a MAC address was failed in authentication of the 802.1X MAC authentication access control.

Enables user-based VLAN assignment. Interface

specified interface.

Interface Configuration (Ethernet)

Interface Configuration (VLAN)

Interface Configuration (Ethernet)

Interface Configuration

Global Configuration

Configuration

Privileged EXEC

62 Command Groups

Command Modes

GC (Global Configuration) Mode

Command Description

aaa authentication enable Defines authentication method lists for accessing higher privilege

levels.

aaa authentication login Defines login authentication.

aaa authentication dot1x Specifies one or more authentication, authorization, and accounting

(AAA) methods for use on interfaces running IEEE 802.1X.

arp Adds a permanent entry in the ARP cache.

arp timeout Configures how long an entry remains in the ARP cache

asset-tag Specifies the device asset-tag.

banner exec Specifies and enables a message to be displayed when an EXEC process

is created.

banner login Enables a message to be displayed before the username and password

banner motd Specifies and enables a message-of-the-day banner..

bridge aging-time Sets the address table aging time.

bridge multicast filtering Enables filtering of Multicast addresses.

clock source Configures an external time source for the system clock.

bridge multicast unregistered Configures the forwarding state of unregistered multicast addresses.

clock timezone Sets the time zone for display purposes

clock summer-time Configures the system to automatically switch to summer time

(daylight saving time).

crypto certificate generate Generates a HTTPS certificate.

crypto certificate import Imports a certificate signed by Certification Authority for HTTPS.

crypto key generate dsa Generates DSA key pairs.

crypto key generate rsa Generates RSA key pairs.

crypto key pubkey-chain ssh Enters SSH Public Key-chain configuration mode.

Command Modes 63

dot1x system-auth-control Enables 802.1x globally.

enable password Sets a local password to control access to normal and privilege levels.

end Ends the current configuration session and returns to the previous

command mode.

gvrp enable (global) Enables GVRP globally.

hostname Specifies or modifies the device host name.

interface ethernet Enters the Interface Configuration mode to configure an Ethernet type

interface.

show interfaces port-channel Enters the Interface Configuration mode of a specific port-channel.

interface ethernet Enters the Interface Configuration mode to configure multiple

ethernet type interfaces.

interface range port-channel Enters the Interface Configuration mode to configure multiple port-

channels.

interface range vlan Enters the Interface Configuration mode to configure multiple VLANs.

interface tunnel Enters tunnel interface configuration mode.

interface vlan Enters the Interface Configuration (VLAN) mode.

ip default-gateway Defines a default gateway.

ip domain-lookup Enables the IP Domain Naming System (DNS)-based host name-to-

address translation.

ip domain-name Defines a default domain name, that the software uses to complete

unqualified host names.

ip host Defines static host name-to-address mapping in the host cache.

ip http authentication Specifies authentication methods for http.

ip http port Specifies the TCP port for use by a web browser to configure the device.

ip https server

ip https authentication Specifies authentication methods for https

ip https certificate Configures the active certificate for HTTPS. Use the no form of this

ip https server

ip https port Configures a TCP port for use by a secure web browser to configure the

ip igmp snooping (Global) Enables Internet Group Management Protocol (IGMP) snooping

ip name-server Sets the available name servers.

ip ssh port Specifies the port to be used by the SSH server.

ip ssh pubkey-auth Enables public key authentication for incoming SSH sessions.

Enables the device to be configured from a browser

command to return to default.

Enables the device to be configured from a secured browser

device.

64 Command Modes

ip ssh server Enables the device to be configured from a SSH server.

ipv6 default-gateway Defines an IPv6 default gateway.

ipv6 host Defines a static host name-to-address mapping in the host name cache.

ipv6 icmp error-interval Configures the rate limit interval and bucket size parameters for IPv6

ICMP error messages.

ipv6 neighbor Configures a static entry in the IPv6 neighbor discovery cache.

lacp system-priority Configures the system LACP priority.

line Identifies a specific line for configuration and enters the Line

Configuration command mode.

logging Logs messages to a syslog server.

logging buffered Limits syslog messages displayed from an internal buffer based on

severity.

logging buffered size Changes the number of syslog messages stored in the internal buffer.

logging console Limits messages logged to the console based on severity.

The following example clears messages from the internal syslog message logging buffer.

logging on Controls error messages logging.

management access-class Defines which management Access-List is used.

management access-list Defines a management Access-List, and enters the Access-List for

port jumbo-frame Enables jumbo frames for the device.

port storm-control includemulticast

priority-queue out num-ofqueues

qos Enables quality of service (QoS) on the device and enters QoS basic or

qos map dscp-queue Modifies the DSCP to CoS map.

qos trust (Global) Configure the system to "trust" state.

radius-server deadtime Improves RADIUS response times when servers are unavailable.

radius-server host Specifies a RADIUS server host.

radius-server key Sets the authentication and encryption key for all RADIUS

Limits syslog messages sent to the logging file based on severity.

console.

configuration.

Enables the device to count Multicast packets.

Enables the egress queues to be expedite queues.

advance mode.

communications between the router and the RADIUS daemon.

Command Modes 65

radius-server retransmit Specifies the number of times the software searches the list of RADIUS

server hosts.

radius-server source-ip Specifies the source IP address used for communication with RADIUS

servers.

radius-server source-ipv6 Specifies the source IPv6 address used for the IPv6 communication

with RADIUS servers.

radius-server timeout Sets the interval for which a router waits for a server host to reply.

rmon alarm Configures alarm conditions.

rmon event Configures a RMON event.

rmon table-size Configures the maximum RMON tables sizes.

snmp-server community Sets up the community access string to permit access to SNMP

protocol.

snmp-server contact Sets up a system contact.

snmp-server enable traps Enables the switch to send SNMP traps or SNMP notifications.

snmp-server host Specifies the recipient of Simple Network Management Protocol

notification operation.

snmp-server location Sets up the information on where the device is located.

snmp-server set Sets SNMP MIB value by the CLI.

snmp-server trap authentication Enables the switch to send Simple Network Management Protocol traps

when authentication failed.

sntp authenticate Grants authentication for received Network Time Protocol (NTP)

traffic from servers.

sntp authentication-key Defines an authentication key for Simple Network Time Protocol

(SNTP).

spanning-tree Enables spanning tree functionality.

spanning-tree bpdu Defines BPDU handling when spanning tree is disabled on an interface

spanning-tree forward-time Configures the spanning tree bridge forward time.

spanning-tree hello-time Configures the spanning tree bridge Hello Time.

spanning-tree max-age Configures the spanning tree bridge maximum age.

spanning-tree mode Configures the spanning tree protocol.

spanning-tree pathcost method Sets the default pathcost method.

spanning-tree priority Configures the spanning tree priority.

tacacs-server key Sets the authentication encryption key used for all TACACS+

communications between the device and the TACACS+ daemon.

66 Command Modes

tacacs-server source-ip Specifies the source IP address that will be used for the communication

with TACACS servers.

tacacs-server timeout Sets the timeout value.

tacacs-server host Specifies a TACACS+ host.

tunnel isatap query-interval Configures the interval between DNS Queries (before the IP address of

the ISATAP router is known) for the automatic tunnel router domain name.

tunnel isatap robustness Configures the number of DNS Query/Router Solicitation refresh

messages that the device sends.

tunnel isatap solicitationinterval

username Establishes a username-based authentication system.

vlan database Enters the VLAN Database Configuration mode.

wrr-queue cos-map

Configures the interval between ISATAP router solicitations messages (when there is no active ISATAP router).

Maps assigned CoS values to select one of the egress queues.

IC (Interface Configuration) Mode

Command Description

back-pressure Enables Back Pressure on a given interface.

channel-group Associates a port with a Port-channel.

clear host dhcp Sets an IP address on the device.

description Adds a description to an interface.

dot1x auth-not-req Enables unauthorized users access to that VLAN

dot1x guest-vlan Defines a Guest VLAN.

dot1x guest-vlan enable Enables unauthorized users on the interface an access to the Guest VLAN.

dot1x mac-authentication Enables authentication based on the station’s MAC address.

dot1x radius-attributes vlan Enables user-based VLAN assignment.

dot1x traps mac-authentication failure

dot1x max-req Sets the maximum number of times that the switch sends an EAP -

dot1x port-control Enables manual control of the authorization state of the port

dot1x re-authentication Enables periodic re-authentication of the client.

Enables sending traps when a MAC address was failed in authentication of the 802.1X MAC authentication access control.

request/identity frame to the client, before restarting the authentication process.

Command Modes 67

dot1x single-host-violation Configures the action to be taken, when a station whose MAC address is not

the supplicant MAC address, attempts to access the interface.

dot1x timeout quiet-period Sets the number of seconds that the switch remains in the quiet state

following a failed authentication exchange.

dot1x timeout re-authperiod Sets the number of seconds between re-authentication attempts.

dot1x timeout server-timeout Sets the time for the retransmission of packets to the authentication server

dot1x timeout supp-timeout Sets the time for the retransmission of an EAP-request frame to the client.

dot1x timeout tx-period Sets the number of seconds that the switch waits for a response to an

Extensible Authentication Protocol (EAP) - request/identity frame, from the client, before resending the request.

duplex Configures the full/half duplex operation of a given ethernet interface when

not using auto-negotiation.

flowcontrol Configures the Flow Control on a given interface.

garp timer Adjusts the GARP application join, leave, and leaveall GARP timer values.

gvrp enable (interface) Enables GVRP on an interface.

gvrp registration-forbid De-registers all VLANs, and prevents dynamic VLAN registration on the port.

gvrp vlan-creation-forbid Enables or disables dynamic VLAN creation.

ip address Sets an IP address

ip address dhcp Acquires an IP address on an interface from the DHCP server.

ip internal-usage-vlan Reserves a VLAN as the internal usage VLAN of an interface.

ipv6 address Configures an IPv6 address for an interface.

ipv6 address autoconfig Enables automatic configuration of IPv6 addresses using stateless

autoconfiguration on an interface.

ipv6 address link-local Configures an IPv6 link-local address for an interface.

ipv6 mld join-group Configures Multicast Listener Discovery (MLD) reporting for a specified

group.

ipv6 mld version Changes the Multicast Listener Discovery Protocol (MLD) version.

ipv6 nd dad attempts Configures the number of consecutive neighbor solicitation messages that

are sent on an interface while duplicate address detection is performed on the unicast IPv6 addresses of the interface.

ipv6 enable Enables IPv6 processing on an interface.

ipv6 unreachables Enables the generation of Internet Control Message Protocol for IPv6

(ICMPv6) unreachable messages for any packets arriving on a specified interface.

lacp port-priority Configures the priority value for physical ports.

lacp timeout Assigns an administrative LACP timeout.

68 Command Modes

mdix Enables automatic crossover on a given interface.

name Configures a name to a VLAN.

negotiation Enables auto-negotiation operation for the speed and duplex parameters of a

given interface.

port monitor Starts a port monitoring session.

port security Disables new address learning on an interface.

port security routed secureaddress

port storm-control broadcast enable

port storm-control broadcast rate Configures the maximum Broadcast rate.

qos cos Configures the default port CoS value.

qos trust (Interface) Enables each port trust state while the system is in basic mode.

rmon collection history Enables a Remote Monitoring (RMON) MIB history statistics group on an

shutdown Disables interfaces.

sntp client enable (interface) Enables the Simple Network Time Protocol (SNTP) client on an interface.

spanning-tree cost Configures the spanning tree path cost for a port.

spanning-tree disable Disables spanning tree on a specific port.

spanning-tree link-type Overrides the default link-type setting.

spanning-tree portfast Enables PortFast mode.

spanning-tree port-priority Configures port priority.

speed Configures the speed of a given ethernet interface when not using auto-

system flowcontrol Enables flow control on cascade ports.

tunnel isatap router Configures a global string that represents a specific automatic tunnel router

tunnel mode ipv6ip Configures an IPv6 transition mechanism global support mode.

tunnel source Sets the local (source) tunnel interface IPv4 address.

qos map dscp-queue Defines the wrr-queue mechanism on an egress queue.

wrr-queue bandwidth Assigns Weighted Round Robin (WRR) weights to egress queues.

Adds MAC-layer secure addresses to a routed port.

Enables Broadcast storm control.

interface.

negotiation.

domain name.

Command Modes 69

LC (Line Configuration) Mode

Command Description

enable authentication Specifies the authentication method list when accessing a higher privilege level

from a remote telnet or console.

exec-banner Enables the display of exec banners.

exec-timeout Configures the interval that the system waits until user input is detected.

history Enables the command history function.

history size Changes the command history buffer size for a particular line.

motd-banner Enables the display of message-of-the-day banners.

password Specifies a password on a line.

autobaud

speed Sets the line baud rate.

Sets the line for automatic baud rate detection

MA (Management Access-level) Mode

Command Description

deny (management) Defines a deny rule.

permit (management) Defines a permit rule.

PE (Privileged User EXEC) Mode

Command Description

boot system Specifies the system image that the device loads at startup.

clear arp-cache Deletes all dynamic entries from the ARP cache.

clear bridge Removes any learned entries from the forwarding database.

clear gvrp statistics Clears all the GVRP statistics information.

clear host Deletes entries from the host name-to-address cache

clear host dhcp Deletes entries from the host name-to-address mapping received from Dynamic

Host Configuration Protocol (DHCP).

clear ipv6 neighbors Deletes all entries in the IPv6 neighbor discovery cache, except static entries.

clear logging Clears messages from the internal logging buffer.

70 Command Modes

clear logging file Clears messages from the logging file

clear spanning-tree detectedprotocols

clock set Manually sets the system clock.

configure Enters the global configuration mode.

copy Copies files from a source to a destination.

crypto certificate request Generates and displays certificate requests for HTTPS.

dot1x re-authenticate Manually initiates a re-authentication of all 802.1X-enabled ports or the specified

ipv6 set mtu Sets the MTU size of IPv6 packets sent on an interface.

reload Reloads the operating system.

set interface active Reactivates an interface that was suspended by the system.

set system Activates/deactivates specified features.

show arp Displays entries in the ARP table.

show authentication methods Displays information about the authentication methods.

show banner Displays the banners configuration.

show bootvar Displays the active system image file that the device loads at startup

show bridge address-table Displays dynamically created entries in the bridge-forwarding database.

show bridge address-table count Displays the number of addresses present in all VLANs or at specific VLAN.

show bridge multicast addresstable

show bridge multicast filtering Displays the Multicast filtering configuration.

show copper-ports cable-length Displays the estimated copper cable length attached to a port.

show copper-ports tdr Displays the last TDR (Time Domain Reflectometry) tests on specified ports.

show crypto key mypubkey Displays the SSH public keys stored on the device.

show crypto key pubkey-chain ssh

show crypto certificate mycertificate

show dot1x Displays allowed multiple hosts on an 802.1X-authorized port, that has the dot1x

show dot1x advanced Displays 802.1X enhanced features for the switch or for the specified interface.

show dot1x users Displays 802.1X statistics for a specified interface.

Restarts the protocol migration process on all interfaces or on the specified interface.

802.1X-enabled port.

Displays Multicast MAC address table information.

Displays SSH public keys stored on the device.

Displays the SSL certificates of the device

port-control Interface Configuration command set to auto.

Command Modes 71

show fiber-ports opticaltransceiver

show ip ssh Displays the SSH server configuration.

show ipv6 icmp error-interval

show ipv6 interface Displays the usability status of interfaces configured for IPv6.

show ipv6 neighbors Displays IPv6 neighbor discovery cache information.

show ipv6 route Displays the current state of the IPv6 routing table.

show ipv6 tunnel Displays information on the ISATAP tunnel.

show lacp port-channel Displays LACP information for a port-channel.

show logging Displays the state of logging and the syslog messages stored in the internal buffer.

show logging file Displays the state of logging and the syslog messages stored in the logging file.

show management access-class Displays the active management Access-List.

show management access-list Displays management access-lists.

show ports security Displays the port-lock status.

show ports storm-control Displays the storm control configuration.

show radius-servers Displays the RADIUS server settings.

show running-config Displays the contents of the currently running configuration file.

show snmp Displays the SNMP status.

show spanning-tree Displays spanning tree configuration.

show startup-config Displays the startup configuration file contents.

show syslog-servers Displays the syslog servers settings.

show system flowcontrol Displays the flow control state on cascade ports.

show tacacs Displays configuration and statistics for a TACACS+ servers.

show users accounts Displays information about the local user database.

test copper-port tdr Diagnoses with TDR (Time Domain Reflectometry) technology the quality and

Displays the optical transceiver diagnostics.

Displays

characteristics of a copper cable attached to a port.

the IPv6 ICMP error interval setting

SP (SSH Public Key) Mode

Command Description

key-string Manually specifies a SSH public key.

user-key Specifies which SSH public key is manually configured and enters the SSH public key-string

configuration command

72 Command Modes

UE (User EXEC) Mode

Command Description

clear counters Clears statistics on an interface.

enable Enters the privileged EXEC mode.

exit(EXEC) Closes an active terminal session by logging off the device.

ping Sends ICMP echo request packets to another node on the network.

show clock Displays the time and date from the system clock.

show gvrp configuration Displays GVRP configuration information.

clear gvrp statistics Displays GVRP statistics.

show history Lists the commands entered in the current session.

show hosts Displays the default domain name, a list of name server hosts, the static and the

cached list of host names and addresses.

show interfaces configuration Displays the configuration for all configured interfaces.

show interfaces counters Displays traffic seen by the physical interface.

show interfaces description Displays the description for all configured interfaces.

port-channel load-balance Displays Port-channel information.

show interfaces status Displays the status for all configured interfaces.

show ip igmp snooping groups Displays Multicast groups learned by IGMP snooping.

show ip igmp snooping interface

show ip igmp snooping mrouter Displays information on dynamically learned Multicast router interfaces.

show ip interface Displays the usability status of interfaces configured for IP.

show lacp ethernet Displays LACP information for Ethernet ports.

show line Displays line parameters.

show ports jumbo-frame Displays the jumbo frames configuration.

show ports monitor Displays the port monitoring status.

show privilege Displays the current privilege level.

show qos Displays the QoS status.

show qos interface Assigns CoS values to select one of the egress queues.

show qos map Displays all the maps for QoS.

show rmon alarm Displays alarm configurations.

Displays IGMP snooping configuration.

Command Modes 73

show rmon alarm-table Displays the alarms summary table.

show rmon collection history Displays the requested history group configuration.

show rmon events Displays the RMON event table.

show rmon history Displays RMON Ethernet Statistics history.

show rmon log Displays the RMON logging table.

show rmon statistics Displays RMON Ethernet Statistics.

show system Displays system information.

show system id Displays the service id information.

show system mode Displays information on features control

service cpu-utilization Displays information about the active users.

show version Displays the system version information.

VC (VLAN Configuration) Mode

Command Description

bridge address Adds a static MAC-layer station source address to the bridge table.

bridge multicast address Registers MAC-layer Multicast addresses to the bridge table, and adds

static ports to the group.

bridge multicast forbidden address Forbids adding a specific Multicast address to specific ports.

bridge multicast forbidden forward-all Enables forbidding forwarding of all Multicast frames to a port.

bridge multicast forward-all Enables forwarding of all Multicast frames on a port.

ip igmp snooping (Interface) Enables Internet Group Management Protocol (IGMP) snooping on a

specific VLAN.

ip igmp snooping leave-time-out Configures the host-time-out.

show ip igmp snooping mrouter Enables automatic learning of Multicast router ports in the context of a

specific VLAN.

ip igmp snooping mrouter-time-out Configures the mrouter-time-out.

vlan Creates a VLAN.

74 Command Modes

ACL Commands

ip access-list

The ip access-list Global Configuration mode command defines an IPv4 Access List and places the device in IPv4 Access List Configuration mode. Use the no form of this command to remove the Access List.

Syntax

•

ip access-list

•

no ip access-list

•

access-list-name

Default Configuration

No IPv4 Access List is defined.

Command Mode

Global Configuration mode.

User Guidelines

• IPv4 ACLs are defined by a unique name. An IPv4 ACL and MAC ACL cannot share the same name.

access-list-name

— Specifies the name

of the IPv4 Access-List

Example

The following example shows how to define an IPv4 Access List called dell-access-1 and to place the device in IPv4 Access List Configuration mode.

Console(config)# ip access-list dell-access-1 Console(config-ip-al)#

mac access-list

The mac access-list Global Configuration mode command enables the MAC-Access List Configuration mode and creates Layer 2 ACLs. Use the no form of this command to delete an ACL.

ACL Commands 75

Syntax

•

mac access-list

•

no mac access-list

•

access-list-name

Default Configuration

No MAC Access List is defined.

Command Mode

Global Configuration mode.

User Guidelines

• MAC ACLs are defined by a unique name. An IPv4 ACL, IPv6 ACL and MAC ACL cannot share the same name.

Example

The following example shows how to create a MAC ACL.

Console(config)# mac access-list macl-acl1 Console(config-mac-al)#

name

— Name of the MAC Access List.

permit (ip)

The permit IP-Access List Configuration mode command permits traffic if the conditions defined in the permit statement match.

Syntax

•

permit {any| protocol

[

dscp number

•

permit-icmp {any|{source source-wildcard

type

} {

•

permit-igmp {any|{source source-wildcard

type

} [

76 ACL Commands

any|icmp-code

dscp number

} {

any|{source source-wildcard

ip-precedence number

} [

dscp number

ip-precedence number

}} {

]

}} {

any|{destination destination-wildcard

ip-precedence number

}} {

any|{destination destination-wildcard

]

any|{destination destination-wildcard

}} {

any|icmp-

]

}} {

any|igmp-

}}

•

permit-tcp {any

wildcard

port-wildcard

•

permit-udp {any

wildcard port-wildcard

•

source

•

source-wildcard

bit positions to be ignored.

•

destination

•

destination-wildcard

placing 1s in bit positions to be ignored.

•

protocol

igmp, ip, tcp, egp, igp, udp, hmp, rdp, idpr, idrp, rsvp, gre, esp, ah, eigrp, ospf, ipip, pim, l2tp, isis

•

dscp

•

ip-precedence

•

icmp-type

one

alternate-host-address, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-problem, timestamp, timestamp-reply, information-request, information-reply, address-mask-request, address-mask-reply, traceroute, datagram-conversion-error, mobile-host-redirect, mobile-registration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip, photuris

•

icmp-code

•

igmp-type

the following values:

v2, host-report-v3

•

destination-port

•

destination-port-wildcard

1s in bit positions to be ignored.

•

source-port

•

source-port-wildcard

positions to be ignored.

•

flags list-of-flags

not set, it is prefixed by "-". Available options are

-psh, -rst, -syn

•

byte

source source-wildcard

}} {

any|destination-port

source-port-wildcard

source source-wildcard

}} {

any|destination-port

] [

dst-port-wildcard source-port-wildcard

} [

}} {

any|source-port

dscp number

] [

dst-port-wildcard source-port-wildcard

dscp number

ip-precedence number

}} {

any| source-port

ip-precedence number

} {

any

} {

any|{destination destination-

]

destination destination-

] [

flags list-of-flags

]

] [

src-port-wildcard source-

— Specifies the source IP address of the packet.

— Specifies wildcard bits to be applied to the sources IP address by placing 1s in

— Specifies the destination IP address of the packet.

— Specifies wildcard bits to be applied to the destination IP address by

— Specifies the name or the number of an IP protocol. Available protocol names:

. (Range: 0 - 255)

number

— Specifies the DSCP value.

number

— Specifies the IP precedence value.

— Specifies an ICMP message type for filtering ICMP packets. Enter a number or

of the following values:

echo-reply, destination-unreachable, source-quench, redirect,

. (Range: 0 - 255)

— Specifies an ICMP message code for filtering ICMP packets. (Range: 0 - 255)

— Specifies IGMP packets filtered by IGMP message type. Enter a number or one of

host-query, host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leave-

. (Range: 0 - 255)

— Specifies the UDP/TCP destination port. (Range: 0 - 65535)

— Specifies wildcard bits to be applied to the destination port by placing

— Specifies the UDP/TCP source port. (Range: 0 - 65535)

— Specifies wildcard bits to be applied to the source port by placing 1s in bit

— Specifies the list of TCP flags. If a flag is set, it is prefixed by "+". If a flag is

+urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack,

and

-fin

. The flags are concatenated to a one string. For example:

+fin-ack

— Specifies the user-defined bytes.

] [

src-

icmp,

ACL Commands 77

Default Configuration

No IPv4 ACL is defined.

Command Mode

IP-Access List Configuration mode.

User Guidelines

• Use the Configuration mode.

• Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied match the conditions defined in the permit statement are denied.

Example

The following example shows how to define a permit statement for an IP ACL.

Console(config)# ip access-list ip-acl1 Console(config-ip-al)# permit rsvp 192.1.1.1 0.0.0.0 any dscp 56

ip access-list

Global Configuration mode command to enable the IP-Access List

deny-any-any

condition exists at the end of the list and those packets that do not

deny (IP)

The deny IP-Access List Configuration mode command denies traffic if the conditions defined in the deny statement match.

Syntax

•

deny [disable-port

wildcard

•

deny-icmp [disable-port

{

•

deny-igmp

{

•

deny-tcp [disable-port

destination-wildcard flags

•

deny-udp [disable-port

destination-wildcard

wildcard

78 ACL Commands

}} [

dscp number

any|icmp-type

[

disable-port

any|igmp-type

] [

src-port-wildcard source-port-wildcard

source-port-wildcard

] {

any| protocol

] {

} {

any|icmp-code

} [

dscp number

] {

}} {

any|destination-port

] {

}} {

any|destination-port

} {

any|{source source-wildcard

ip-precedence

any|{source source-wildcard

} [

] {

any|{source source-wildcard

ip-precedence number

any

source source-wildcard

any

source source-wildcard

] [

dst-port-wildcard

number

dscp number

} [ ] [

} [

]

dscp number

dst-port-wildcard source-port-wildcard

dscp number

source-port-wildcard

}} {

any|{destination destination-wildcard

ip-precedence

}} {

any|{destination destination-wildcard

]

}} {

any|source-port

ip-precedence number

}} {

any| source-port

ip-precedence number

}} {

any|{destination destination-

number

]

} {

any|{destination

] [

]

} {

any|{destination

] [

flags list-of-

src-port-

}}

•

disable-port

•

source

•

source-wildcard

— Specifies that the Ethernet interface is disabled if the condition is matched.

— Specifies the Source IP address of the packet.

— Specifies wildcard bits to be applied to the source IP address by placing 1s in bit

positions to be ignored.

•

destination

•

destination- wildcard

— Specifies the destination IP address of the packet.

— Specifies wildcard bits to be applied to the destination IP address by

placing 1s in bit positions to be ignored.

•

protocol

— Specifies the name or the number of an IP protocol. Available protocol names:

igmp, ip, tcp, egp, igp, udp, hmp, rdp, idpr, idrp, rsvp, gre, esp, ah, eigrp, ospf, ipip, pim, l2tp, isis

. (Range: 0 - 255).

•

dscp number

•

ip-precedence number

•

icmp-type

of the following values:

— Specifies the DSCP value.

— Specifies the IP precedence value.

— Specifies an ICMP message type for filtering ICMP packets. Enter a number or one

echo-reply, destination-unreachable, source-quench, redirect, alternatehost-address, echo-request, router-advertisement, router-solicitation, time-exceeded, parameterproblem, timestamp, timestamp-reply, information-request, information-reply, address-maskrequest, address-mask-reply, traceroute, datagram-conversion-error, mobile-host-redirect, mobileregistration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip, photuris

•

icmp-code

•

igmp-type

the following values:

v2, host-report-v3

•

destination-port

•

destination-port-wildcard

— Specifies an ICMP message code for filtering ICMP packets. (Range: 0 - 255)

— Specifies IGMP packets filtered by IGMP message type. Enter a number or one of

host-query, host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leave-

. (Range: 0 - 255)

— Specifies the UDP/TCP destination port. (Range: 0 - 65535)

— Specifies wildcard bits to be applied to the destination port by placing

1s in bit positions to be ignored.

•

source-port

•

source-port-wildcard

— Specifies the UDP/TCP source port. (Range: 0 - 65535)

— Specifies wildcard bits to be applied to the source port by placing 1s in bit

positions to be ignored.

•

flags list-of-flags

— Specifies the list of TCP flags. If a flag should be set it is prefixed by "+". If a flag is

not set, it is prefixed by "-". Available options are

-rst, -syn

and

-fin

. The flags are concatenated to a one string. For example:

icmp,

+urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh,

+fin-ack

Default Configuration

No IPv4 Access List is defined.

Command Mode

IP-Access List Configuration mode.

ACL Commands 79

User Guidelines

• Use the Configuration mode.

• Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied match the defined conditions are denied.

Example

The following example shows how to define a permit statement for an IP ACL.

Console(config)# ip access-list ip-acl1 Console(config-ip-al)# deny rsvp 192.1.1.1 0.0.0.255 any

ip access-list

Global Configuration mode command to enable the IP-Access List

deny-any-any

condition exists at the end of the list and those packets that do not

permit (MAC)

The permit MAC-Access List Configuration mode command defines permit conditions of an MAC ACL.

Syntax

•

permit {any

[

cos cos cos-wildcard

•

source

•

source-wildcard

bit positions to be ignored.

•

any

address 00:00:00:00:10:00 and mask 00:00:00:00:00:FF.

•

destination

•

destination-wildcard

placing 1s in bit positions to be ignored.

•

vlan-id

•

cos

•

cos-wildcard

•

eth-type

•

inner-vlan vlad-id

| {

host source source-wildcard} any

] [

ethtype eth-type

— Specifies the source MAC address of the packet.

— Specifies wildcard bits to be applied to the source MAC address by placing 1s in

— Specify a MAC address and mask. For example, to set 00:00:00:00:10:XX use the Mac

— Specifies the MAC address of the host to which the packet is being sent.

— Specifies wildcard bits to be applied to the destination MAC address by

— Specifies the ID of the packet vlan. (Range: 1 - 4094)

— Specifies the Class of Service (CoS) for the packet. (Range: 0 - 7)

— Specifies wildcard bits to be applied to the CoS.

— Specifies the Ethernet type of the packet in hexadecimal format. (Range: 0 - 05dd-ffff)

— Specifies the inner vlan id of a double tagged packet.

] [

| {

destination destination-wildcard

inner-vlan vlan-id

}} [

vlan vlan-id

]

80 ACL Commands

Default Configuration

No MAC ACL is defined.

Command Mode

MAC-Access List Configuration mode.

User Guidelines

• Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied match the conditions defined in the permit statement are denied.

• If the VLAN ID is specified, the policy map cannot be connected to the VLAN interface.

Example

The following example shows how to create a MAC ACL with permit rules.

Console(config)# mac access-list macl-acl1 Console(config-mac-al)# permit 6:6:6:6:6:6 0:0:0:0:0:0 any vlan 6

deny-any-any

condition exists at the end of the list and those packets that do not

deny (MAC)

The deny MAC-Access List Configuration mode command denies traffic if the conditions defined in the deny statement match.

Syntax

•

deny [disable-port

vlan-id

•

disable-port

•

source

•

source-wildcard

to be ignored.

•

any

address 00:00:00:00:10:00 and mask 00:00:00:00:00:FF.

•

destination

•

destination-wildcard

positions to be ignored.

•

vlan-id

] {

any

| {

source source-wildcard

] [

cos cos cos-wildcard

— Indicates that the port is disabled if the condition is matched.

— Specifies the MAC address of the host from which the packet was sent.

— Specifies wildcard bits to the source MAC address by placing 1s in bit positions

— Specify a MAC address and mask. For example, to set 00:00:00:00:10:XX use the Mac

— Specifies the MAC address of the host to which the packet is being sent.

— Specifies the vlan id of the packet. (Range: 1 - 4094)

] [

ethtype eth-type

— Specifies wildcard bits to the destination MAC address by placing 1s in bit

} {

any

| {

destination destination- wildcard

] [

inner-vlan vlan-id

}}[

]

ACL Commands 81

vlan

•

cos

— Specifies the packets’s Class of Service (CoS). (Range: 0 - 7)

•

cos-wildcard

•

eth-type

•

inner-vlan vlan id

Default Configuration

No MAC Access List is defined.

Command Mode

MAC-Access List Configuration mode.

User Guidelines

• The MAC ACL Global Configuration command allows access to the IP-Access List Configuration mode.

• Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied match the conditions defined in the permit statement are denied.

Example

The following example shows how to create a MAC ACL with deny rules on a device.

Console(config)# mac access-list macl1 Console (config-mac-acl)# deny 6:6:6:6:6:6:0:0:0:0:0:0 any

— Specifies wildcard bits to be applied to the CoS.

— Specifies the packet’s Ethernet type in hexadecimal format. (Range: 0 - 05dd-ffff)

— Specifies the inner vlan id of a double tagged packet.

deny-any-any

condition exists at the end of the list and those packets that do not

service-acl

The service-acl Interface Configuration (Ethernet, port-channel) mode command applies an ACL to the input interface. Use the no form of this command to detach an ACL from an input interface.

Syntax

•

service-acl {input acl-name | acl-name

•

no service-acl {input

•

input

— Applies the specified ACL to the input interface.

Default Configuration

This command has no default configuration.

Command Mode

Interface Configuration (Ethernet, port-channel) mode.

82 ACL Commands

}

User Guidelines

There are no user guidelines for this command.

Example

The following example binds (services) an ACL to VLAN 2.

Console(config)# interface eth g1 Console(config-if)# service-acl input macl1

show access-lists

The show access-lists Privileged EXEC mode command displays access control lists (ACLs) defined on the device.

Syntax

•

show access-lists [name

•

name

— The name of the ACL.

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode.

]

User Guidelines

There are no user guidelines for this command.

Example

The following example displays access lists defined on a device.

Console# show access-lists IP access list ACL1

permit 234 172.30.40.1 0.0.0.0 any permit 234 172.30.8.8 0.0.0.0 any

ACL Commands 83

show interfaces access-lists

The show interfaces access-lists Privileged EXEC mode command displays access lists applied on interfaces.

Syntax

•

show interfaces access-lists

•

interface

•

port-channel-number —

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode.

User Guidelines

There are no user guidelines for this command.

Example

The following example displaynews ACLs applied to the interfaces of a device.

Console# show interfaces access-lists

— Specifies the Valid Ethernet port.

[

ethernet interface

Specifies the port-channel index.

port-channel port-channel-number

]

Interface Input ACL

--------- --------- --------g1 ACL1 ACL2 g2 ACL3 ACL4

84 ACL Commands

AAA Commands

aaa authentication login

The aaa authentication login Global Configuration mode commands defines login authentication. Use the no form of this command to return to the default configuration.

Syntax

•

aaa authentication login {default | list-name} method1 [method2

•

no aaa authentication login {default | list-name

•

default

— Uses the listed authentication methods that follow this argument as the default list

of methods when a user logs in.

•

list-name

a user logs in.

•

method1 [method2

Keyword Source or destination

enable Uses the enable password for authentication.

line Uses the line password for authentication.

local Uses the local username database for authentication.

none Uses no authentication.

radius Uses the list of all RADIUS servers for authentication.

tacacs Uses the list of all TACACS servers for authentication.

— Character string used to name the list of authentication methods activated when

...] — Specify at least one from the following table:

}

...]

Default Configuration

The local user database is checked. This has the same effect as the command

NOTE: On the console, login succeeds without any authentication check if the authentication method is not

defined.

Command Mode

Global Configuration mode.

aaa authentication

AAA Commands 85

User Guidelines

• The default and optional list names created with the

the

• Create a list by entering the protocol, where

list-name

command.

aaa authentication login

is any character string used to name this list. The

aaa authentication login

list-name method

command for a particular

method

command are used with

argument identifies

the list of methods that the authentication algorithm tries, in the given sequence.

• The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify

none

the final method in the command line.

Example

The following example configures authentication login.

Console (config)# aaa authentication login default radius local enable none

aaa authentication enable

The aaa authentication enable Global Configuration mode command defines authentication method lists for accessing higher privilege levels. Use the no form of this command to return to the default configuration.

Syntax

•

aaa authentication enable {default | list-name

• no aaa authentication enable default

•

default

— Uses the listed authentication methods that follow this argument as the default list of

methods, when using higher privilege levels.

•

list-name

— Character string used to name the list of authentication methods activated, when

using access higher privilege levels.

•

method1 [method2

...] — Specify at least one from the following table:

}

method1 [method2

...]

Keyword Source or destination

enable Uses the enable password for authentication.

line Uses the line password for authentication.

none Uses no authentication.

radius Uses the list of all RADIUS servers for authentication. Uses username

tacacs Uses the list of all TACACS+ servers for authentication. Uses username

86 AAA Commands

"$enabx$." where x is the privilege level.

Default Configuration

If the

default

command

list is not set, only the enable password is checked. This has the same effect as the

aaa authentication enable default enable

On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has the same effect as using the command

Command Mode

aaa authentication enable default enable none

Global Configuration mode.

User Guidelines

• The default and optional list names created with the with the

enable authentication

• Create a list by entering the

command.

aaa authentication enable

any character string used to name this list. The

aaa authentication enable

list-name method

method

argument identifies the list of methods that the

command are used

command where

list-name

authentication algorithm tries, in the given sequence.

none

the final method in the command line.

•All

aaa authentication enable default

requests sent by the device to a RADIUS or TACACS server

include the username "$enab15$".

Example

The following example sets authentication when accessing higher privilege levels.

Console (config)# aaa authentication enable default enable

login authentication

The login authentication Line Configuration mode command specifies the login authentication method list for a remote telnet, SSH or console. Use the no form of this command to return to the default specified by the authentication login command.

Syntax

•

• no login authentication

•

default

— Uses the default list created with the

•

list-name

Default Configuration

— Uses the indicated list created with the

Uses the default set with the command

list-name

}

authentication login

command.

AAA Commands 87

Command Mode

Line Configuration mode.

User Guidelines

• Changing login authentication from default to another value may disconnect the telnet session.

Example

The following example specifies the default authentication method for a console.

Console (config)# line console Console (config-line)# login authentication default

enable authentication

The enable authentication Line Configuration mode command specifies the authentication method list when accessing a higher privilege level from a remote telnet, SSH or console. Use the no form of this command to return to the default specified by the enable authentication command.

Syntax

•

enable authentication {default

• no enable authentication

•

default

— Uses the default list created with the

•

list-name

— Uses the indicated list created with the

list-name

}

authentication enable

command.

Default Configuration

Uses the default set with the command

Command Mode

authentication enable

Line Configuration mode.

User Guidelines

• There are no user guidelines for this command.

Example

The following example specifies the default authentication method when accessing a higher privilege level from a console.

Console (config)# line console Console (config-line)# enable authentication default

88 AAA Commands

ip http authentication

The ip http authentication Global Configuration mode command specifies authentication methods for http. Use the no form of this command to return to the default.

Syntax

•

ip http authentication

• no ip http authentication

•

method1 [method2

Keyword Source or destination

local Uses the local username database for authentication.

none Uses no authentication.

radius Uses the list of all RADIUS servers for authentication.

tacacs Uses the list of all TACACS servers for authentication.

Default Configuration

The local user database is checked. This has the same effect as the command

local

Command Mode

Global Configuration mode.

method1 [method2

...]

...] — Specify at least one from the following table:

ip http authentication

User Guidelines

none

the final method in the command line.

Example

The following example configures the http authentication.

Console (config)# ip http authentication radius local Console (config)# ip http authentication tacacs local

ip https authentication

The ip https authentication Global Configuration mode command specifies authentication methods for https servers. Use the no form of this command to return to the default.

AAA Commands 89

Syntax

•

ip https authentication

method1 [method2

...]

• no ip https authentication

•

method1 [method2

Keyword Source or destination

local Uses the local username database for authentication.

none Uses no authentication.

radius Uses the list of all RADIUS servers for authentication.

tacacs Uses the list of all TACACS servers for authentication.

Default Configuration

The local user database is checked. This has the same effect as the command

local

Command Mode

...] — Specify at least one from the following table:

ip https authentication

Global Configuration mode.

User Guidelines

none

the final method in the command line.

Example

The following example configures https authentication.

Console (config)# ip https authentication radius local Console (config)# ip https authentication tacacs local

show authentication methods

The authentication methods Privilege EXEC mode command displays information about the authentication methods.

Syntax

• show authentication methods

Default Configuration

This command has no default configuration.

90 AAA Commands

Command Mode

Privileged EXEC mode.

User Guidelines

• There are no user guidelines for this command.

Example

The following example displays the authentication configuration.

Console# show authentication methods

----------------------------------Console_Default: None Network_Default: Local

Enable Authentication Method Lists

----------------------------------Console_Default: Enable None Network_Default: Enable

Line Login Method List Enable Method List

-------------- ----------------- -----------------Console Default Default Telnet Default Default SSH Default Default

http : Tacacs Local https : Tacacs Local dot1x :

AAA Commands 91

password

The password Line Configuration mode command specifies a password on a line. Use the no form of this command to remove the password.

Syntax

•

password

• no password

•

Default Configuration

No password is required.

Command Mode

Line Configuration mode.

User Guidelines

• There are no user guidelines for this command.

Example

The following example specifies a password ’secret’ on a line.

password [encrypted

password

encrypted

— Password for this level, from 1 to 159 characters in length.

— Encrypted password to be entered, copied from another device configuration.

]

Console (config-line)# password secret

enable password

The enable password Global Configuration mode command sets a local password to control access to normal and privilege levels. Use the no form of this command to remove the password requirement.

Syntax

•

enable password [level

•

no enable password [level

•

password

•

level level

•

encrypted

Default Configuration

This command has no default configuration.

92 AAA Commands

— Password for this level, from 1 to 159 characters in length.

— Level for which the password applies. If not specified the level is 15. (Range: 1 - 15)

— Encrypted password entered, copied from another device configuration.

level] password [encrypted

level

]

Command Mode

Global Configuration mode.

User Guidelines

• There are no user guidelines for this command.

Example

The following example sets a local level 15 password "secret" to control access to user and privilege levels.

Console (config)# enable password level

15 secret

username

The username Global Configuration mode command establishes a username-based authentication system. Use the no form of this command to remove a user name.

Syntax

•

username

•

no username

•

Default Configuration

No user is defined.

Command Mode

Global Configuration mode.

User Guidelines

• No password is required.

name [password password

name

— The name of the user. (Range: 1 - 20 characters)

password

level

encrypted

— The authentication password for the user. (Range: 8 - 64 characters)

— The user level. (Range: 1 -15)

— Encrypted password entered, copied from another device configuration.

] [

level level

] [

encrypted

]

Example

The following example configures user "bob" with the password "lee" and user level 15 to the system.

Console (config)# username bob password lee level 15

AAA Commands 93

show users accounts

The show users accounts Privileged EXEC mode command displays information about the local user database.

Syntax

• show users accounts

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode.

User Guidelines

• There are no user guidelines for this command.

Example

The following example displays the local users configured with access to the system.

Console# show users accounts

Username Privilege Password Aging Password Expiry Date Lockout

-------- --------- ---------------- -------------------- --------------Bob 15 -- -- -Robert 15 -- -- --

94 AAA Commands

Address Table Commands

bridge address

The bridge address VLAN Interface Configuration mode command adds a static MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of the bridge address command (using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN).

Syntax

•

bridge address delete-on-reset

•

no bridge address [mac-address

•

mac-address

•

interface —

•

port-channel-number —

•

permanent —

•

delete-on-reset

•

delete-on-timeout —

•

secure security

mode.

mac-address {ethernet interface | port-channel port-channel-number

delete-on-timeout

— A valid MAC address in the format of xx:xx:xx:xx:xx:xx.

A valid Ethernet port.

A valid port-channel number.

The address can only be deleted by the

— The address is deleted after reset.

The address is deleted after "age out" time has expired.

— The address is deleted after the port changes mode to unlock learning (

command). This parameter is only available when the port is in learning locked

secure

]

no bridge address

} [

permanent

command.

no port

Default Configuration

No static addresses are defined. The default mode for an added address is

Command Mode

Interface Configuration (VLAN) mode.

User Guidelines

• There are no user guidelines for this command.

permanent

Address Table Commands 95

Example

The following example adds a permanent static MAC-layer station source address 3aa2.64b3.a245 on port g8 to the bridge table.

Console (config)# interface vlan 2 Console (config-vlan)# bridge address 3a:a2:64:b3:a2:45 ethernet

g8 permanent

bridge multicast filtering

The bridge multicast filtering Global Configuration mode command enables filtering of Multicast addresses. To disable filtering of Multicast addresses, use the no form of the bridge multicast filtering command.

Syntax

• bridge multicast filtering

• no bridge multicast filtering

Default Configuration

Disabled. All Multicast addresses are flooded to all ports.

Command Mode

Global Configuration mode.

User Guidelines

• If devices exist on the VLAN, do not change the unregistered Multicast addresses state to drop on the devices ports.

• If Multicast routers exist on the VLAN and IGMP-snooping is not enabled, the

forward-all

routers.

Example

In this example, bridge Multicast filtering is enabled.

Console (config)# bridge multicast filtering

96 Address Table Commands

command should be used to enable forwarding all Multicast packets to the Multicast

bridge multicast

bridge multicast address

The bridge multicast address Interface Configuration mode command registers MAC-layer Multicast addresses to the bridge table, and adds static ports to the group. To unregister the MAC address, use the no form of the bridge multicast address command.

Syntax

•

bridge multicast address {mac-multicast-address | ip-multicast-address

•

bridge multicast address {mac-multicast-address | ip-multicast-address} [add | remove] {ethernet

interface-list | port-channel port-channel-number-list

•

no bridge multicast address {mac-multicast-address | ip-multicast-address

•

add

— Adds ports to the group. If no option is specified, this is the default option.

•

remove

— Removes ports from the group.

•

mac-multicast-address

•

ip- multicast-address

•

interface-list

used to designate a range of ports.

•

port-channel-number-list

a hyphen is used to designate a range of ports.

Default Configuration

No Multicast addresses are defined.

— Separate nonconsecutive Ethernet ports with a comma and no spaces; a hyphen is

— MAC Multicast address in the format of xx:xx:xx:xx:xx:xx.

— IP Multicast address.

— Separate nonconsecutive port-channels with a comma and no spaces;

}

Command Mode

Interface Configuration (VLAN) mode.

User Guidelines

• If the command is executed without bridge database.

• Static Multicast addresses can only be defined on static VLANs.

Examples

The following example registers the MAC address.

Console (config)# interface vlan 8 Console (config-if)# bridge multicast address 01:00:5e:02:02:03

add

remove

, the command only registers the group in the

Address Table Commands 97

The following example registers the MAC address and adds ports statically.

Console (config)# interface vlan 8 Console (config-if)# bridge multicast address 01:00:5e:02:02:03

add ethernet g1-9

bridge multicast forbidden address

The bridge multicast forbidden address Interface Configuration mode command forbids adding a specific Multicast address to specific ports. Use the no form of this command to return to default.

Syntax

•

bridge multicast forbidden address {mac-multicast-address | ip-multicast-address

ethernet interface-list | port-channel port-channel-number-list

{

•

no bridge multicast forbidden address {mac-multicast-address | ip-multicast-address

•

add

— Adds ports to the group.

•

remove

— Removes ports from the group.

•

mac-multicast-address

•

ip- multicast-address

•

interface-list —

hyphen is used to designate a range of ports.

•

port-channel-number-list —

spaces; a hyphen is used to designate a range of port-channels.

— MAC Multicast address in the format of xx:xx:xx:xx:xx:xx.

— IP Multicast address is in the format xxx.xxx.xxx.xxx.

Separate non consecutive valid Ethernet ports with a comma and no spaces;

Separate non consecutive valid port-channels with a comma and no

}

} {

add | remove

}

Default Configuration

No forbidden addresses are defined.

Command Modes

Interface Configuration (VLAN) mode.

User Guidelines

• Before defining forbidden ports, the Multicast group should be registered.

98 Address Table Commands

Examples

In this example the MAC address 01:00:5e:02:02:03 is forbidden on port g9 within VLAN 8.

Console (config)# interface vlan 8 Console (config-if)# bridge multicast address 01:00:5e:02:02:03 Console (config-if)# bridge multicast forbidden address

01:00:5e:02:02:03 add ethernet g9

bridge multicast unregistered

The bridge multicast unregistered Interface Configuration mode command configures the forwarding state of unregistered multicast addresses. Use the no form of this command to return to default.

Syntax

•

bridge multicast unregistered {forwarding

• no bridge multicast unregistered

•

forwarding

•

filtering

is a router port.

Default Configuration

Forwarding

— Forward unregistered multicast packets.

— Filter unregistered multicast packets. See usage guidelines for the case where the port

filtering

}

Command Modes

Interface configuration (Ethernet, Port-Channel) mode

Default Configuration

• Unregistered multicast filtering should not be enabled on ports that are connected to routers, because the 224.0.0.x address range should not be filtered. Routers would not necessarily send IGMP reports for the 224.0.0.x range.

Examples

This example configures the forwarding state of unregistered multicast addresses to allow forwarding.

Console (config)# bridge multicast unregistered forwarding

Address Table Commands 99

bridge multicast forward-all

The bridge multicast forward-all Interface Configuration mode command enables forwarding of all Multicast packets on a port. To restore the default, use the no form of the bridge multicast forward-all command.

Syntax

•

bridge multicast forward-all {add | remove} {ethernet interface-list | port-channel port-channel-

number-list

• no bridge multicast forward-all

•

Default Configuration

Disable forward-all on the specified interface.

Command Mode

Interface Configuration (VLAN) mode.

}

add

— Adds ports to the group.

remove

— Removes ports from the group.

interface-list

hyphen is used to designate a range of ports.

port-channel-number-list

spaces; a hyphen is used to designate a range of port-channels.

— Separate non consecutive valid Ethernet ports with a comma and no spaces; a

— Separate non consecutive valid port-channels with a comma and no

User Guidelines

There are no user guidelines for this command.

Example

In this example all Multicast packets on port g8 are forwarded.

Console (config)# interface vlan 2 Console (config-if)# bridge multicast forward-all add ethernet

bridge multicast forbidden forward-all

The bridge multicast forbidden forward-all Interface Configuration mode command forbids a port to be a forward-all-Multicast port. To restore the default, use the no form of the bridge multicast forward-all command.

100 Address Table Commands

Dell PowerConnect 5424 Quick Reference Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Using the CLI

CLI Command Modes

Starting the CLI

Editing Features

Setup Wizard

Command Groups

Introduction

Command Groups

ACL Commands

AAA Commands

Address Table Commands

Clock Commands

Configuration and Image Files Commands

DHCP Snooping Commands

Ethernet Configuration Commands

GVRP Commands

IGMP Snooping Commands

IP Addressing Commands

IPv6 Addressing Commands

iSCSI Commands

LACP Commands

Line Commands

LLDP Commands

Login Banner Commands

Management ACL Commands

PHY Diagnostics Commands

Port Channel Commands

Port Monitor Commands

QoS Commands

RADIUS Commands

RMON Commands

SNMP Commands

Spanning Tree Commands

SSH Commands

Syslog Commands

System Management Commands

TACACS Commands

TIC Commands

Tunnel Commands

User Interface Commands

VLAN Commands

Voice VLAN Commands

Web Server Commands

802.1x Commands

802.1x Advanced Commands

Command Modes

GC (Global Configuration) Mode

IC (Interface Configuration) Mode

LC (Line Configuration) Mode

MA (Management Access-level) Mode

PE (Privileged User EXEC) Mode

SP (SSH Public Key) Mode

UE (User EXEC) Mode

VC (VLAN Configuration) Mode

ACL Commands

ip access-list

mac access-list

permit (ip)

deny (IP)

permit (MAC)

deny (MAC)

service-acl

show access-lists

show interfaces access-lists

AAA Commands

aaa authentication login

aaa authentication enable

login authentication

enable authentication

ip http authentication

ip https authentication

show authentication methods

password

enable password

username

show users accounts