Zyxel MES3500-10 User Manual [ru]

CLI Reference Guide

Ethernet Switch

Default Login Details

IP Address http://192.168.0.1

(Out-of-band MGMT

port)

http://192.168.1.1

(In-band ports)
User Name admin
Password 1234

Firmware Version 3.79, 3.80, 3.90
and 4.00
Edition 2, 08/2011

www.zyxel.com

www.zyxel.com

Copyright © 2011
ZyXEL Communications Corporation

About This CLI Reference Guide

About This CLI Reference Guide

Intended Audience

This manual is intended for people who want to configure ZyXEL Switches via Command
Line Interface (CLI).

The version number on the cover page refers to the latest firmware version supported by the
ZyXEL Switches. This guide applies to version 3.79, 3.80, 3.90 and 4.00 at the time of
writing.

 This guide is intended as a command reference for a series of products.

Therefore many commands in this guide may not be available in your product.
See your User’s Guide for a list of supported features and details about feature
implementation.

Please refer to www.zyxel.com or your product’s CD for product specific User Guides and
product certifications.

How To Use This Guide

•Read the How to Access the CLI chapter for an overview of various ways you can get to

the command interface on your Switch.

• Use the Reference section in this guide for command syntax, description and examples.

Each chapter describes commands related to a feature.

• To find specific information in this guide, use the Contents Overview, the Index of
Commands, or search the PDF file. E-mail techwriters@zyxel.com.tw if you cannot find
the information you require.

Ethernet Switch CLI Reference Guide

3

Document Conventions

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this CLI Reference Guide.

 Warnings tell you about things that could harm you or your device. See your

User’s Guide for product specific warnings.

 Notes tell you other important information (for example, other things you may

need to configure or helpful tips) or recommendations.

Syntax Conventions

This manual follows these general conventions:

• ZyXEL’s switches (such as the ES-2024A, ES-2108, GS-3012, and so on) may be referred
to as the “Switch”, the “device”, the “system” or the “product” in this Reference Guide.

• Units of measurement may denote the “metric” value or the “scientific” value. For
example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000”
or “1048576” and so on.

Command descriptions follow these conventions:

• Commands are in

• Required input values are in angle brackets <>; for example,
must specify an IP address for this command.

• Optional fields are in square brackets []; for instance show logins [name], the name
field is optional.

The following is an example of a required field within an optional field: snmp-server
[contact <system contact>], the contact field is optional. However, if you
use contact, then you must provide the system contact information.

• Lists (such as <port-list>) consist of one or more elements separated by commas.
Each element might be a single value (1, 2, 3, ...) or a range of values (1-2, 3-5, ...)
separated by a dash.

•The | (bar) symbol means “or”.

• italic terms represent user-defined input values; for example, in snmp-server
[contact <system contact>], system contact can be replaced by the
administrator’s name.

• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER]
means the “Enter” or “Return” key on your keyboard.

courier new font.

ping <ip> means that you

4

Ethernet Switch CLI Reference Guide

Document Conventions

• <cr> means press the [ENTER] key.

• An arrow (-->) indicates that this line is a continuation of the previous line.

Command summary tables are organized as follows:

Table 1 Example: Command Summary Table

COMMAND DESCRIPTION M P

show vlan Displays the status of all VLANs. E 3
vlan <1-4094> Enters config-vlan mode for the specified VLAN. Creates the

VLAN, if necessary.

inactive Disables the specified VLAN. C 13
no inactive Enables the specified VLAN. C 13

no vlan <1-4094> Deletes a VLAN. C 13

C13

The Table title identifies commands or the specific feature that the commands configure.
The COMMAND column shows the syntax of the command.

• If a command is not indented, you run it in the enable or config mode. See Chapter 2 on

page 17 for more information on command modes.

• If a command is indented, you run it in a sub-command mode.

The DESCRIPTION column explains what the command does. It also identifies legal input
values, if necessary.

The M column identifies the mode in which you run the command.

• E: The command is available in enable mode. It is also available in user mode if the
privilege level (P) is less than 13.

• C: The command is available in config (not indented) or one of the sub-command modes
(indented).

The P column identifies the privilege level of the command. If you don’t have a high enough
privilege level you may not be able to view or execute some of the co mmands. See Chapter 2

on page 17 for more information on privilege levels.

Ethernet Switch CLI Reference Guide

5

Document Conventions

Icons Used in Figures

Figures in this guide may use the following generic icons. The Switch icon is not an exact
representation of your device.

Switch Computer Notebook computer

Server DSLAM Firewall

Telephone Switch Router

6

Ethernet Switch CLI Reference Guide

Contents Overview

Contents Overview

Introduction ............................................................................................................................11

How to Access and Use the CLI ................................................................................................13

Privilege Level and Command Mode .........................................................................................17

Initial Setup ................................................................................................................................23

Reference A-G ........................................................................................................................27

AAA Commands .........................................................................................................................29

ARP Commands ....................... ... ... ... .... ... .................................................................................31

ARP Inspection Commands ............... .... ... ... ... ... .... ... ................................................ .... ... ... ....... 33

ARP Learning Commands ........................ ... ... ... .... ... ... ... .... ... ... ... .... ... ... ....................................39

Bandwidth Commands ................. ... ... .... ... ... ................................................ .... ... .......................41

Broadcast Storm Commands .....................................................................................................45

CFM Commands ........................................................................................................................49

Classifier Commands .................................................................................................................59

Cluster Commands ...................... ... ... .... ... ... ... ... .... ... ................................................ .... ... ..........63

Date and Time Commands ........................................................................................................67

DHCP Commands ......................................................................................................................71

DHCP Snooping & DHCP VLAN Commands ............................................................................75

DiffServ Commands ...................................................................................................................79

Display Commands ....................................................................................................................81

DVMRP Commands ..... ... ................................................ .... ... ................................................ ....83

Error Disable and Recovery Commands ....................................................................................85

Ethernet OAM Commands .............. ... .... ... ... ... ................................................. ... ... ... .................89

External Alarm Commands ........................................................................................................95

GARP Commands ......................................................................................................................97

GVRP Commands ......................................................................................................................99

Reference H-M ......................................................................................................................101

HTTPS Server Commands ......................................................................................................103

IEEE 802.1x Authentication Commands ..................................................................................107

IGMP and Multicasting Commands .......................................................................................... 111

IGMP Snooping Commands .................................................................................................... 115

IGMP Filtering Commands .......................................................................................................123

Interface Commands ................................................................................................................125

Interface Route-domain Mode ..................................................................................................131

IP Commands ....................... .... ... ... ... .... ... ...............................................................................133

IP Source Binding Commands .................. ................................................ ... .... ... ... ..................137

IPv6 Commands .......................................................................................................................139

Ethernet Switch CLI Reference Guide

7

Contents Overview

Layer 2 Protocol Tunnel (L2PT) Commands ............................................................................167

Link Layer Discovery Protocol (LLDP) Commands ..................................................................171

Load Sharing Commands ......................... ... ... ... .... ... ... ... .... ... ... ... .... ... ... ..................................175

Logging Commands .................................................................................................................177

Login Account Commands ................. .... ... ... ... ... .... ... ... ... .... ... ................................................ ..179

Loopguard Commands .................................... ... .... ... ... ... .... ... ... ... ............................................181

MAC Address Commands ........................................................................................................183

MAC Authentication Commands ..............................................................................................185

MAC Filter Commands .............................................................................................................187

MAC Forward Commands ........................................................................................................189

Mirror Commands ....................................................................................................................191

MRSTP Commands .................................................................................................................195

MSTP Commands ....................................................................................................................197

Multiple Login Commands ........................................................................................................203

MVR Commands ......................................................................................................................205

Reference N-S ......................................................................................................................207

OSPF Commands .............. ... .... ... ............................................................................................209

Password Commands ..............................................................................................................215

PoE Commands .......................................................................................................................217

Policy Commands ....................................................................................................................221

Policy Route Commands ..........................................................................................................225

Port Security Commands .................................................... ... ... ... .... ........................................227

Port-based VLAN Commands ..................................................................................................229

PPPoE IA Commands ..............................................................................................................231

Private VLAN Commands ............................................ ... .... ... ... ... ............................................237

Protocol-based VLAN Commands ...........................................................................................241

Queuing Commands .................................................... ... .... ... ... ... .... ... ... ... ...............................243

RADIUS Commands ................................................................................................................247

Remote Management Commands ...........................................................................................249

RIP Commands ........................................................................................................................251

RMON ......................................................................................................................................253

Running Configuration Commands ..........................................................................................259

sFlow ............................... ................................ ................................. ........................................261

Smart Isolation Commands ......................................................................................................263

SNMP Server Commands ........................................................................................................267

STP and RSTP Commands .....................................................................................................271

SSH Commands ....................... ... ... ... .... ... ...............................................................................275

Static Multicast Commands ......................................................................................................277

Static Route Commands ..........................................................................................................279

Subnet-based VLAN Commands ....................... .................................................................... ..283

Syslog Commands ...................................................................................................................285

8

Ethernet Switch CLI Reference Guide

Contents Overview

Reference T-Z .......................................................................................................................287

TACACS+ Commands .................... ... .... ... ... ... ... .... ... ... ............................................. .... ... ... ... ..289

TFTP Commands ..... ................................................................................................................291

Trunk Commands ............................... .... ... ... ... ... .... ... ... ... .... .....................................................293

trTCM Commands . ... .... ... ... ... .... ... ... .........................................................................................297

VLAN Commands ....................................................................................................................301

VLAN IP Commands ................................................................................................................307

VLAN Mapping Commands ......................................................................................................309

VLAN Port Isolation Commands ..............................................................................................311

VLAN Stacking Commands ......................................................................................................313

VLAN Trunking Commands .....................................................................................................317

VRRP Commands ....................................................................................................................319

Additional Commands .................. ... ... .... ... ... ... ... .... ... ... ... ................................................. ... .....323

Appendices and Index of Commands ................................................................................333

Ethernet Switch CLI Reference Guide

9

Contents Overview

10

Ethernet Switch CLI Reference Guide

PART I

Introduction

How to Access and Use the CLI (13)
Privilege Level and Command Mode (17)
Initial Setup (23)

11

12

CHAPTER 1

How to Access and Use the CLI

This chapter introduces the command line interface (CLI).

1.1 Accessing the CLI

Use any of the following methods to access the CLI.

1.1.1 Console Port

1 Connect your computer to the console port on the Switch using the appropriate cable.
2 Use terminal emulation software with the following settings:

Table 2 Default Settings for the Console Port

SETTING DEFAULT VALUE

Terminal Emulation VT100
Baud Rate 9600 bps
Parity None
Number of Data Bits 8
Number of Stop Bits 1
Flow Control None

3 Press [ENTER] to open the login screen.

1.1.2 Telnet

1 Connect your computer to one of the Ethernet ports.
2 Open a T elnet session to the Switch’ s IP address. If this is your first login, use the default

values.

Table 3 Default Management IP Address

SETTING DEFAULT VALUE

IP Address 192.168.1.1
Subnet Mask 255.255.255.0

Make sure your computer IP address is in the same subnet, unless you are accessing the
Switch through one or more routers.

Ethernet Switch CLI Reference Guide

13

Chapter 1 How to Access and Use the CLI

1.1.3 SSH

1 Connect your computer to one of the Ethernet ports.
2 Use a SSH client program to access the Switch. If this is your first login, use the default

values in Table 3 on page 13 and Table 4 on page 14. Make sure your computer IP
address is in the same subnet, unless you are accessing the Switch through one or more
routers.

1.2 Logging in

Use the administrator username and password. If this is your first login, use the default values.

Table 4 Default User Name and Password

SETTING DEFAULT VALUE

User Name admin
Password 1234

 The Switch automatically logs you out of the management interface after five

minutes of inactivity. If this happens to you, simply log back in again.

1.3 Using Shortcuts and Getting Help

This table identifies some shortcuts in the CLI, as well as how to get help.

Table 5 CLI Shortcuts and Help

COMMAND / KEY(S) DESCRIPTION

history Displays a list of recently-used commands.

 (up/down arrow keys) Scrolls through the list of recently-used commands. You can edit

[CTRL]+U Clears the current command.
[TAB] Auto-completes the keyword you are typing if possible. For

? Displays the keywords and/or input values that are allowed in

help Displays the (full) commands that are allowed in place of help.

any command or press [ENTER] to run it again.

example, type config, and press [TAB]. The Switch finishes the
word configure.

place of the ?.

14

Ethernet Switch CLI Reference Guide

Chapter 1 How to Access and Use the CLI

1.4 Saving Your Configuration

When you run a command, the Switch saves any changes to its run-time memory. The Switch
loses these changes if it is turned off or loses power. Use the
enable mode to save the current configuration permanently to non-volatile memory.

sysname# write memory

write memory command in

 You should save your changes after each CLI session. All unsaved

configuration changes are lost once you restart the Switch.

1.5 Logging Out

Enter logout to log out of the CLI. You have to be in user, enable, or config mode. See

Chapter 2 on page 17 for more information about modes.

Ethernet Switch CLI Reference Guide

15

Chapter 1 How to Access and Use the CLI

16

Ethernet Switch CLI Reference Guide

CHAPTER 2

Privilege Level and Command

Mode

This chapter introduces the CLI privilege levels and command modes.

• The privilege level determines whether or not a user can run a particular command.

• If a user can run a particular command, the user has to run it in the correct mode.

2.1 Privilege Levels

Every command has a privilege level (0-14). Users can run a command if the session’s
privilege level is greater than or equal to the command’s privilege level. The session’s
privilege level initially comes from the login account’s privilege level, though it is possible to
change the session’s privilege level after logging in.

2.1.1 Privilege Levels for Commands

The privilege level of each command is listed in the Reference A-G chapters on page 27.
At the time of writing, commands have a privilege level of 0, 3, 13, or 14. The following table

summarizes the types of commands at each of these privilege levels.

Table 6 Types of Commands at Different Privilege Levels

PRIVILEGE LEVEL T YPES OF COMMANDS AT THIS PRIVILEGE LEVEL

0 Display basic system information.
3 Display configuration or status.

13 Configure features except for login accounts, SNMP user accounts, the

authentication method sequence and authorization settings, multiple lo gins,
administrator and enable passwords, and configuration information display.

14 Configure login accounts, SNMP user accounts, the authentication method

sequence and authorization settings, multiple logins, and administrator and
enable passwords, and display configuration information.

2.1.2 Privilege Levels for Login Accounts

You can manage the privilege levels for login accounts in the following ways:

• Using commands. Login accounts can be configured by the admin account or any login
account with a privilege level of 14. See Chapter 38 on page 179.

Ethernet Switch CLI Reference Guide

17

Chapter 2 Privilege Level and Command Mode

• Using vendor-specific attributes in an external authentication server. See the User’ s Guide
for more information.

The admin account has a privilege level of 14, so the administrator can run every command.
You cannot change the privilege level of the admin account.

2.1.3 Privilege Levels for Sessions

The session’s privilege level initially comes from the privilege level of the login account the
user used to log in to the Switch. After logging in, the user can use the following commands to
change the session’s privilege level.

2.1.3.1 enable Command

This command raises the session’s privilege level to 14. It also changes the session to enable
mode (if not already in enable mode). This command is available in user mode or enable
mode, and users have to know the enable password.

In the following example, the login account user0 has a privilege level of 0 but knows that the
enable password is 123456. Afterwards, the session’s privilege level is 14, instead of 0, and
the session changes to enable mode.

sysname> enable
Password: 123456
sysname#

The default enable password is 1234. Use this command to set the enable password.

password <password>

<password> consists of 1-32 alphanumeric characters. For example, the following

command sets the enable password to 123456. See Chapter 85 on page 323 for more
information about this command.

sysname(config)# password 123456

The password is sent in plain text and stored in the Switch’s buffers. Use this command to set
the cipher password for password encryption.

password cipher <password>

<password> consists of 32 alphanumeric characters. For example, the following command

encrypts the enable password with a 32-character cipher password. See Chapter 50 on page

215 for more information about this command.

sysname(config)# password cipher qwertyuiopasdfghjklzxcvbnm123456

2.1.3.2 enable <0-14> Command

This command raises the session’s privilege level to the specified level. It also changes the
session to enable mode, if the specified level is 13 or 14. This command is available in user
mode or enable mode, and users have to know the password for the specified privilege level.

18

Ethernet Switch CLI Reference Guide

In the following example, the login account user0 has a privilege level of 0 but knows that the
password for privilege level 13 is pswd13. Afterwards, the session’s privilege level is 13,
instead of 0, and the session changes to enable mode.

sysname> enable 13
Password: pswd13
sysname#

Users cannot use this command until you create passwords for specific privilege levels. Use
the following command to create passwords for specific privilege levels.

password <password> privilege <0-14>

<password> consists of 1-32 alphanumeric characters. For example, the following

command sets the password for privilege level 13 to pswd13. See Chapter 85 on page 323 for
more information about this command.

sysname(config)# password pswd13 privilege 13

2.1.3.3 disable Command

This command reduces the session’s privilege level to 0. It also changes the session to user
mode. This command is available in enable mode.

Chapter 2 Privilege Level and Command Mode

2.1.3.4 show privilege command

This command displays the session’s current privilege level. This command is available in
user mode or enable mode.

sysname# show privilege
Current privilege level : 14

2.2 Command Modes

The CLI is divided into several modes. If a user has enough privilege to run a particular
command, the user has to run the command in the correct mode. The modes that are available
depend on the session’s privilege level.

2.2.1 Command Modes for Privilege Levels 0-12

If the session’s privilege level is 0-12, the user and all of the allowed commands are in user
mode. Users do not have to change modes to run any allowed commands.

Ethernet Switch CLI Reference Guide

19

Chapter 2 Privilege Level and Command Mode

2.2.2 Command Modes for Privilege Levels 13-14

If the session’s privilege level is 13-14, the allowed commands are in one of several modes.

Table 7 Command Modes for Privilege Levels 13-14 and the Types of Commands in Each One

MODE PROMPT COMMAND FUNCTIONS IN THIS MODE

enable sysname# Display current configuration, diagnostics, maintenance.
config sysname(config)# Configure features other than those below.
config-interface sysname(config-interface)# Configure ports.
config-mvr sysname(config-mvr)# Configure multicast VLAN.
config-route-

domain
config-dvmrp sysname(config-dvmrp)# Configure Distance Vector Multicast Routing Protocol

config-igmp sysname(config-igmp)# Configure Internet Group Management Protocol (IGMP).
config-ma sysname(config-ma)# Configure an Maintenance Association (MA) in

config-ospf sysname(config-ospf)# Configure Open Shortest Path First (OSPF) protocol.
config-rip sysname(config-rip)# Configure Routing Information Protocol (RIP).
config-vrrp sysname(config-vrrp)# Configure Virtual Router Redundancy Protocol (VRRP).

sysname(config-if)# Enable and enter configuration mode for an IPv4 or IPv6

routing domain.

(DVRMP).

Connectivity Fault Management (CFM).

Each command is usually in one and only one mode. If a user wants to run a particular
command, the user has to change to the appropriate mode. The command modes are organized
like a tree, and users start in enable mode. The following table explains how to change from
one mode to another.

Table 8 Changing Between Command Modes for Privilege Levels 13-14

MODE ENTER MODE LEAVE MODE

enable -- --

config configure exit

config-interface interface port-channel <port-list> exit
config-mvr mvr <1-4094> exit
config-vlan vlan <1-4094> exit
config-route-domain interface route domain <ip-address>/<mask-bits> exit
config-dvmrp router dvmrp exit
config-igmp router igmp exit
config-ospf router ospf <router-id> exit
config-rip router rip exit
config-vrrp router vrrp network <ip-address>/<mask-bits>

vr-id <1~7> uplink-gateway <ip-address>

exit

20

Ethernet Switch CLI Reference Guide

2.3 Listing Available Commands

Use the help command to view the executable commands on the Switch. You must have the
highest privilege level in order to view all the commands. Follow these steps to create a list of
supported commands:

1 Log into the CLI. This takes you to the enable mode.
2 Type help and press [ENTER]. A list comes up which shows all the commands

available in enable mode. The example shown next has been edited for brevity’s sake.

sysname# help
Commands available:

help
logout
exit
history
enable <0-14>
enable <cr>
.
.
traceroute <ip|host-name> [vlan <vlan-id>][..]
traceroute help
ssh <1|2> <[user@]dest-ip> <cr>
ssh <1|2> <[user@]dest-ip> [command </>]
sysname#

Chapter 2 Privilege Level and Command Mode

3 Copy and paste the results into a text editor of your choice. This creates a list of all the

executable commands in the user and enable modes.

4 Type configure and press [ENTER]. This takes you to the config mode.
5 Type help and press [ENTER]. A list is displayed which shows all the commands

available in config mode and all the sub-commands. The sub-commands are preceded by
the command necessary to enter that sub-command mode. For example, the command
name <name-str> as shown next, is preceded by the command used to enter the
config-vlan sub-mode:

sysname# help
.
.
no arp inspection log-buffer logs
no arp inspection filter-aging-time
no arp inspection <cr>
vlan <1-4094>
vlan <1-4094> name <name-str>
vlan <1-4094> normal <port-list>
vlan <1-4094> fixed <port-list>

vlan <1-4094>.

6 Copy and paste the results into a text editor of your choice. This creates a list of all the

executable commands in config and the other submodes, for example, the config-vlan
mode.

Ethernet Switch CLI Reference Guide

21

Chapter 2 Privilege Level and Command Mode

22

Ethernet Switch CLI Reference Guide

CHAPTER 3

Initial Setup

This chapter identifies tasks you might want to do when you first configure the Switch.

3.1 Changing the Administrator Password

 It is recommended you change the default administrator password. You can

encrypt the password with a cipher password. See Chapter 50 on page 215 for
more information.

Use this command to change the administrator password.

admin-password <pw-string> <Confirm-string>

where <pw-string> may be 1-32 alphanumeric characters long.

sysname# configure
sysname(config)# admin-password t1g2y7i9 t1g2y7i9

3.2 Changing the Enable Password

 It is recommended you change the default enable password. You can encrypt

the password with a cipher password. See Chapter 50 on page 215 for more
information.

Use this command to change the enable password.

password <password>

where <password> may be 1-32 alphanumeric characters long.

sysname# configure
sysname(config)# password k8s8s3dl0

Ethernet Switch CLI Reference Guide

23

Chapter 3 Initial Setup

3.3 Prohibiting Concurrent Logins

By default, multiple CLI sessions are allowed via the console port or Telnet. See the User’s
Guide for the maximum number of concurrent sessions for your Switch . Use this comman d to
prohibit concurrent logins.

no multi-login

Console port has higher priority than Telnet. See Chapter 47 on page 203 for more multi-

login

commands.

sysname# configure
sysname(config)# no multi-login

3.4 Changing the Management IP Address

The Switch has a different IP address in each VLAN. By default, the Switch has VLAN 1 with
IP address 192.168.1.1 and subnet mask 255.255.255.0. Use this command in config-vlan
mode to change the management IP address in a specific VLAN.

ip address <ip> <mask>

This example shows you how to change the management IP address in VLAN 1 to 172.16.0.1
with subnet mask 255.255.255.0.

sysname# configure
sysname(config)# vlan 1
sysname(config-vlan)# ip address 172.16.0.1 255.255.255.0

 Afterwards, you have to use the new IP address to access the Switch.

3.5 Changing the Out-of-band Management IP Address

If your Switch has a MGMT port (also referred to as the out-of-band management port), then
the Switch can also be managed via this interface. By default, the MGMT port IP address is

192.168.0.1 and the subnet mask is 255.255.255.0. Use this command in config mode to
change the out-of-band management IP address.

ip address <ip> <mask>

This example shows you how to change the out-of-band management IP address to 10.10.10.1
with subnet mask 255.255.255.0 and the default gateway 10.10.10.254

24

sysname# configure
sysname(config)# ip address 10.10.10.1 255.255.255.0
sysname(config)# ip address default-gateway 10.10.10.254

Ethernet Switch CLI Reference Guide

3.6 Looking at Basic System Information

Use this command to look at general system information about the Switch.

show system-information

This is illustrated in the following example.

sysname# show system-information

System Name : sysname
System Contact :
System Location :
Ethernet Address : 00:13:49:ae:fb:7a
ZyNOS F/W Version : V3.80(AII.0)b0 | 04/18/2007
RomRasSize : 1746416
System up Time : 280:32:52 (605186d ticks)
Bootbase Version : V1.00 | 05/17/2006
ZyNOS CODE : RAS Apr 18 2007 19:59:49
Product Model : ES-2024PWR

Chapter 3 Initial Setup

See Chapter 85 on page 323 for more information about these attributes.

3.7 Looking at the Operating Configuration

Use this command to look at the current operating configuration.

show running-config

This is illustrated in the following example.

sysname# show running-config
Building configuration...

Current configuration:

vlan 1
name 1
normal ""
fixed 1-9
forbidden ""
untagged 1-9
ip address default-management 172.16.37.206 255.255.255.0
ip address default-gateway 172.16.37.254
exit

Ethernet Switch CLI Reference Guide

25

Chapter 3 Initial Setup

26

Ethernet Switch CLI Reference Guide

PART II

Reference A-G

AAA Commands (29)
ARP Commands (31)
ARP Inspection Commands (33)
ARP Learning Commands (39)
Bandwidth Commands (41)
Broadcast Storm Commands (45)
CFM Commands (49)
Classifier Commands (59)
Cluster Commands (63)
Date and Time Commands (67)
DHCP Commands (71)
DHCP Snooping & DHCP VLAN Commands (75)
DiffServ Commands (79)
Display Commands (81)
DVMRP Commands (83)
Error Disable and Recovery Commands (85)
Ethernet OAM Commands (89)
External Alarm Commands (95)
GARP Commands (97)
GVRP Commands (99)

27

28

CHAPTER 4

AAA Commands

Use these commands to configure authentication, authorization and accounting on the Switch.

4.1 Command Summary

The following section lists the commands for this feature.

Table 9 aaa authentication Command Summa ry

COMMAND DESCRIPTION M P

show aaa authentication Displays what methods are used for authentication. E 3
show aaa authentication enable Displays the authentication method(s) for checking privilege

level of administrators.

aaa authentication enable
<method1> [<method2> ...]

no aaa authentication enable Resets the method list for checking privileges to its default

show aaa authentication login Displays the authentication methods for administrator login

aaa authentication login
<method1> [<method2> ...]

no aaa authentication login Resets the method list for the authentication of login accounts

Specifies which method should be used first, second, and
third for checking privileges.

method: enable, radius, or tacacs+.

value.

accounts.
Specifies which method should be used first, second, and

third for the authentication of login accounts.
method: local, radius, or tacacs+.

to its default value.

E3

C14

C14

E3

C14

C14

Table 10 Command Summary: aaa accounting

COMMAND DESCRIPTION M P

show aaa accounting Displays accounting settings configured on the Switch. E 3
show aaa accounting update Display the update period setting on the Switch for

accounting sessions.

aaa accounting update periodic
<1-2147483647>

no aaa accounting update Resets the accounting update interval to the default value. C 13
show aaa accounting commands Displays accounting settings for recording command events. E 3
aaa accounting commands

<privilege> stop-only tacacs+
[broadcast]

Ethernet Switch CLI Reference Guide

Sets the update period (in minutes) for accounting sessions.
This is the time the Switch waits to send an update to an
accounting server after a session starts.

Enables accounting of command sessions and specifies the
minimum privilege level (0-14) for the command sessions that
should be recorded. Optionally, sends accounting information
for command sessions to all configured accounting servers at
the same time.

E3

C13

C13

29

Chapter 4 AAA Commands

Table 10 Command Summary: aaa accounting (continued)

COMMAND DESCRIPTION M P

no aaa accounting commands Disables accounting of command sessions on the Switch. C 13
show aaa accounting dot1x Displays accounting settings for recording IEEE 802.1x

aaa accounting dot1x <start­stop|stop-only>
<radius|tacacs+> [broadcast]

no aaa accounting dot1x Disables accounting of IEEE 802.1x authentication sessions

show aaa accounting exec Displays accounting settings for recording administrative

aaa accounting exec <start­stop|stop-only>
<radius|tacacs+> [broadcast]

no aaa accounting exec Disables accounting of administrative sessions via SSH,

show aaa accounting system Displays accounting settings for recording system events, for

aaa accounting system
<radius|tacacs+> [broadcast]

no aaa accounting system Disables accounting of system events on the Switch. C 13

session events.
Enables accounting of IEEE 802.1x authentication sessions

and specifies the mode and protocol method. Optionally,
sends accounting information for IEEE 802.1x authentication
sessions to all configured accounting servers at the same
time.

on the Switch.

sessions via SSH, Telnet or the console port.
Enables accounting of administrative sessions via SSH,

Telnet and console port and specifies the mode and protocol
method. Optionally, sends accounting information for
administrative sessions via SSH, Telnet and console port to
all configured accounting servers at the same time.

Telnet or console on the Switch.

example system shut down, start up, accounting enabled or
accounting disabled.

Enables accounting of system events and specifies the
protocol method. Optionally, sends accounting information for
system events to all configured accounting servers at the
same time.

E3

C13

C13

E3

C13

C13

E3

C13

Table 11 aaa authorization Command Summary

COMMAND DESCRIPTION M P

show aaa authorization Displays authorization settings configured on the Switch. E 3
show aaa authorization dot1x Displays the authorization method used to allow an IEEE

802.1x client to have different bandwidth limit or VLAN ID
assigned via the external server.

show aaa authorization exec Displays the authorization method used to allow an

administrator which logs in the Switch through Telnet or SSH
to have different access privilege level assigned via the
external server.

aaa authorization dot1x radius Enables authorization for IEEE 802.1x clients using RADIUS. C 14
aaa authorization exec

<radius|tacacs+>
no aaa authorization dot1x Disables authorization of allowing an IEEE 802.1x client to

no aaa authorization exec Disables authorization of allowing an administrator which logs

Specifies which method (radius or tacacs+) should be
used for administrator authorization.

have different bandwidth limit or VLAN ID assigned via the
external server.

in the Switch through Telnet or SSH to have different access
privilege level assigned via the external server.

E3

E3

C14

C14

C14

30

Ethernet Switch CLI Reference Guide