Page 1: Cli Reference Guide
Dell™ PowerConnect™ 5400 Systems CLI Reference Guide w w w . d e l l . c o m | s u p p o r t . d e l l . c o m...
Page 2 © 2008 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. Trademarks used in this text: Dell, the DELL logo, PowerConnect are trademarks of Dell Inc.
Page 3: Table Of Contents
Contents Using the CLI ....... . . CLI Command Modes .
Page 4 IGMP Snooping Commands ......IP Addressing Commands ......IPv6 Addressing Commands .
Page 5 Web Server Commands ......802.1x Commands ....... . 802.1x Advanced Commands .
Page 6 AAA Commands ......aaa authentication login ......aaa authentication enable .
Page 7 show bridge address-table ......show bridge address-table static ..... . . show bridge address-table count .
Page 8 sntp anycast client enable ......sntp client enable ....... sntp client enable (interface) .
Page 9 speed ........duplex .
Page 10 ip dhcp snooping verify ......ip dhcp snooping database ......ip dhcp snooping database update-freq .
Page 11 show ip igmp snooping mrouter ......show ip igmp snooping interface ..... . . show ip igmp snooping groups .
Page 12 ipv6 address link-local ......ipv6 unreachables ....... ipv6 default-gateway .
Page 13 show lacp ethernet ......show lacp port-channel ......18 Line Commands .
Page 14 show lldp neighbors ......show lldp med configuration ......20 Management ACL .
Page 15 24 QoS Commands ..............show qos .
Page 16 26 RMON Commands ......show rmon statistics ......rmon collection history .
Page 17 show snmp engineid ......show snmp ........show snmp views .
Page 18 show (mst) ........exit (mst) ........abort (mst) .
Page 19 logging buffered size ......clear logging ........logging file .
Page 20 show version ........asset-tag ........show system id .
Page 21 34 Tunnel ........interface tunnel .
Page 22 36 VLAN Commands ......vlan database ....... . . vlan .
Page 23 37 Voice VLAN ....... . . voice vlan id ........voice vlan oui-table .
Page 24 39 802.1x Commands ......aaa authentication dot1x ......dot1x system-auth-control .
Page 25: Using The Cli
Using the CLI This chapter describes how to start using the CLI and describes implemented command editing features to assist in using the CLI. CLI Command Modes Introduction To assist in configuring devices, the CLI (Command Line Interface) is divided into different command modes.
Page 26: User Exec Mode
When starting a session, the initial mode is the User EXEC mode. Only a limited subset of commands are available in User EXEC Mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required. The Privileged mode gives access to commands that are restricted on EXEC mode and provides access to the device Configuration mode.
Page 27: Global Configuration Mode
The following example illustrates how to access Privileged Exec mode and return back to the User EXEC mode: console>enable Enter Password: ****** console# console#disable console> The Exit command is used to return from any mode to the previous mode except when returning to User EXEC mode from the Privileged EXEC mode.
Page 28: Interface Configuration Mode And Specific Configuration Modes
Interface Configuration Mode and Specific Configuration Modes Interface Configuration mode commands are to modify specific interface operations. The following are the Interface Configuration modes: • Line Interface — Contains commands to configure the management connections. These include commands such as line speed, timeout settings, etc. The Global Configuration mode command line is used to enter the Line Configuration command mode.
Page 29: Editing Features
To start using the CLI, perform the following steps: 1 Start the device and wait until the startup procedure is complete. The User Exec mode is entered, and the prompt "Console>" is displayed. 2 Configure the device and enter the necessary commands to complete the required tasks. 3 When finished, exit the session with the quit or exit command.
Page 30: Setup Wizard
Setup Wizard The CLI supports a Setup Wizard. This is an easy-to-use user interface which quickly guides the user in setting up basic device information, so that the device can be easily managed from a Web Based Interface. Refer to the Getting Started Guide and User Guide for more information on the Setup Wizard.
Page 31: Command Completion
Command Completion If the command entered is incomplete, invalid, or has missing or invalid parameters, then the appropriate error message is displayed. This assists in entering the correct command. By pressing the button, an incomplete command is entered. If the characters already entered are not enough for the system to identify a single matching command, press "?"...
Page 32: Cli Command Conventions
CLI Command Conventions When entering commands there are certain command entry standards that apply to all commands. The following table describes the command conventions. Convention Description In a command line, square brackets indicates an optional entry. In a command line, curly brackets indicate a selection of compulsory parameters separated by the | character.
Page 33: Command Groups
This guide describes how the Command Line Interface (CLI) is structured, describes the command syntax, and describes the command functionality. This guide also provides information for configuring the Dell™ PowerConnect™ switch, details the procedures and provides configuration examples. Basic installation configuration is described in the User’s Guide and must be completed before using this document.
Page 34 Ethernet Configuration Configures all port configuration options for example ports, storm control, port speed and auto-negotiation. GVRP Commands Configures and displays GVRP configuration and information. IGMP Snooping Commands Configures IGMP snooping and displays IGMP configuration and IGMP information. IP Addressing Commands Configures and manages IP addresses on the device.
Page 35: Acl Commands
ACL Commands Command Group Description Access Mode ip access-list Defines an IPv4 Access List and places the device in Global IPv4 Access List Configuration mode. Configuration mac access-list Enables the MAC-Access List Configuration mode and Global creates Layer 2 ACLs. Configuration permit (ip) Permits traffic if the conditions defined in the permit...
Page 36: Address Table Commands
password Specifies a password on a line. Line Configuration enable password Sets a local password to control access to normal and Global privilege levels. Configuration username Establishes a username-based authentication system. Global Configuration show users accounts Displays information about the local user database. Privileged User EXEC Address Table Commands...
Page 37: Clock Commands
show bridge address-table Displays the number of addresses present in all or at a Privileged User count specific VLAN. EXEC show bridge multicast Displays statically created entries in the bridge- Privileged User address-table forwarding database. EXEC show bridge multicast Displays the Multicast filtering configuration. Privileged User filtering EXEC...
Page 38: Configuration And Image Files Commands
sntp unicast client enable Enables the device to use the SNTP to request and Global Configuration accept NTP traffic from servers. sntp unicast client poll Enables polling for the SNTP predefined Unicast Global Configuration clients. sntp server Specifies SNTP UDP port of the SNTP server Global Configuration show clock...
Page 39: Dhcp Snooping Commands
DHCP Snooping Commands Command Group Description Access Mode ip dhcp snooping Globally enables Dynamic Host Configuration Global Protocol (DHCP) snooping Configuration ip dhcp snooping vlan Enables DHCP snooping on a VLAN. Global Configuration ip dhcp snooping trust Configures a port as trusted for DHCP snooping Interface purposes.
Page 40 description Adds a description to an interface. Interface Configuration speed Configures the speed of a given Ethernet interface Interface when not using auto-negotiation. Configuration duplex Configures the full/half duplex operation of a given Interface Ethernet interface when not using auto-negotiation. Configuration negotiation Enables auto-negotiation operation for the speed and...
Page 41: Gvrp Commands
GVRP Commands Command Group Description Mode gvrp enable (global) Enables GVRP globally. Global Configuration gvrp enable (interface) Enables GVRP on an interface. Interface Configuration garp timer Adjusts the GARP application join, leave, Interface and leaveall GARP timer values. Configuration gvrp vlan-creation-forbid Enables or disables dynamic VLAN creation.
Page 42: Ip Addressing Commands
IP Addressing Commands Command Group Description Access Mode clear host dhcp Sets an IP address on the device. Interface Configuration ip address Sets an IP address Interface Configuration ip address dhcp Acquires an IP address on an interface from the DHCP Interface server.
Page 43: Ipv6 Addressing Commands
IPv6 Addressing Commands Command Group Description Access Mode ipv6 enable Enables IPv6 processing on an interface. Interface Configuration ipv6 address autoconfig Enables automatic configuration of IPv6 addresses Interface Configuration using stateless autoconfiguration on an interface. ipv6 icmp error-interval Configures the rate limit interval and bucket size Global Configuration parameters for IPv6 ICMP error messages.
Page 44: Iscsi Commands
iSCSI Commands Command Group Description Access Mode Globally enables iSCSI awareness. iscsi enable Global Configuration iscsi target port Configures iSCSI port(s), target address and name. Global Configuration iscsi cos Sets the quality of service profile applied to iSCSI Global flows. Configuration iscsi aging time Sets aging time for iSCSI sessions.
Page 45: Lldp Commands
exec-timeout Configures the interval that the system waits until Line Configuration user input is detected. show line Displays line parameters. User EXEC terminal history Enables the command history function for the current User EXEC terminal session. terminal history size Cand history buffer size for the current terminal User EXEC session.
Page 46: Login Banner Commands
lldp med network-policy Attaches a LLDP MED network policy to a port. Interface (interface) Configuration (Ethernet) lldp med location Configures location information for the LLDP MED for an Interface interface. Configuration (Ethernet) clear lldp rx Restarts the LLDP RX state machine and clearing the Privileged EXEC neighbors table.
Page 47: Phy Diagnostics Commands
deny (management) Defines a deny rule. Management Access-level management access-class Defines which management access-list is used. Global Configuration show management Displays management access-lists. Privileged User access-list EXEC show management Displays the active management access-list. Privileged User access-class EXEC PHY Diagnostics Commands Command Group Description Access Mode...
Page 48: Port Monitor Commands
Port Monitor Commands Command Group Description Access Mode port monitor Starts a port monitoring session. Interface Configuration show ports monitor Displays the port monitoring status. User EXEC QoS Commands Command Group Description Access Mode Enables quality of service (QoS) on the device Global Configuration and enters QoS basic or advance mode.
Page 49: Radius Commands
RADIUS Commands Command Group Description Access Mode radius-server host Specifies a RADIUS server host. Global Configuration radius-server key Sets the authentication and encryption key for all RADIUS Global communications between the router and the RADIUS Configuration daemon. radius-server retransmit Specifies the number of times the software searches the list Global of RADIUS server hosts.
Page 50: Snmp Commands
show rmon events Displays the RMON event table. User EXEC show rmon log Displays the RMON logging table. User EXEC rmon table-size Configures the maximum RMON tables sizes. Global Configuration SNMP Commands Command Group Description Access Mode snmp-server community the community access string to permit access to SNMP Global protocol.
Page 51: Spanning Tree Commands
show snmp views Displays the configuration of views. Privileged EXEC show snmp groups Displays the configuration of groups. Privileged EXEC show snmp filters Displays the configuration of filters Privileged EXEC show snmp users Displays the configuration of groups. Privileged EXEC Spanning Tree Commands Command Group Description...
Page 52 spanning-tree mst priority Configures port priority for the specified MST instance Interface Configuration sspanning-tree mst cost Configures the path cost for multiple spanning tree Interface (MST) calculations. Configuration spanning-tree mst Enables configuring an MST region by entering the Global configuration Multiple Spanning Tree (MST) mode.
Page 53: Ssh Commands
SSH Commands Command Group Description Access Mode ip ssh port Specifies the port to be used by the SSH server. Global Configuration ip ssh server Enables the device to be configured from a SSH Global server. Configuration crypto key generate dsa Generates DSA key pairs.
Page 54: System Management Commands
logging buffered size Changes the number of syslog messages stored in Global the internal buffer. Configuration clear logging Clears messages from the internal logging buffer. Privileged User EXEC logging file Limits syslog messages sent to the logging file based Global on severity.
Page 55: Tacacs Commands
show users Lists the open Telnet sessions. User EXEC show sessions Lists the open Telnet sessions User EXEC show system Displays system information. User EXEC set system Activates/deactivates specified features. Priviledged EXEC show system mode Displays information on features control User EXEC show version Displays the system version information.
Page 56: Tunnel Commands
passwords history hold-time Configures the duration of time a password is relevant Global for tracking passwords history. Configuration passwords lockout Enables lockout of a user account after a series of Global authentication failures. Configuration aaa login-history file Enables writing to login history file. Global Configuration set username active...
Page 57: User Interface Commands
User Interface Commands Command Group Description Access Mode enable Enters the privileged EXEC mode. disable Returns to User EXEC mode. login Changes a login username. configure Enables the Global Configuration mode exit(configuration) Exits any configuration mode to the next highest mode in the CLI mode hierarchy.
Page 58 switchport access vlan Configures the VLAN membership mode of a port. Interface Configuration switchport access vlan Configures the VLAN ID when the interface is in access Interface mode. Configuration switchport trunk allowed Adds or removes VLANs from a port in general mode. Interface vlan Configuration...
Page 59: Voice Vlan Commands
Voice VLAN Commands Command Group Description Access Mode voice vlan id Enters the VLAN Configuration mode. Global Configuration voice vlan oui-table Configure the Voice OUI table. Global Configuration voice vlan cos Sets the Voice VLAN Class Of Service. Global Configuration voice vlan aging-timeout Sets the Voice VLAN aging timeout.
Page 60: 802.1X Commands
crypto certificate import Imports a certificate signed by Certification Authority for Global HTTPS. Configuration ip https certificate Configures the active certificate for HTTPS. Global Configuration ip https port Configures a TCP port for use by a secure web browser to Global configure the device.
Page 61 Sets the number of seconds between re-authentica- dot1x timeout re- Interface tion attempts authperiod Configuration dot1x re-authenticate Manually initiates a re-authentication of all 802.1X-enabled Privileged User ports or the specified 802.1X-enabled port. EXEC Sets the number of seconds that the switch remains dot1x timeout quiet- Interface in the quiet state following a failed authentication...
Page 62: 802.1X Advanced Commands
802.1x Advanced Commands dot1x auth-not-req Enables unauthorized users access to that VLAN. VLAN Configuration dot1x multiple-hosts Allows multiple hosts (clients) on an 802.1X-authorized Interface Config- port with the dot1x port-control Interface Configuration uration mode command set to auto. (Ethernet) dot1x single-host- Configures the action to be taken when a station of which Interface Config- violation...
Page 63: Command Modes
Command Modes GC (Global Configuration) Mode Command Description aaa authentication enable Defines authentication method lists for accessing higher privilege levels. aaa authentication login Defines login authentication. aaa authentication dot1x Specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1X. Adds a permanent entry in the ARP cache.
Page 64 dot1x system-auth-control Enables 802.1x globally. enable password Sets a local password to control access to normal and privilege levels. Ends the current configuration session and returns to the previous command mode. gvrp enable (global) Enables GVRP globally. hostname Specifies or modifies the device host name. interface ethernet Enters the Interface Configuration mode to configure an Ethernet type interface.
Page 65 ip ssh server Enables the device to be configured from a SSH server. ipv6 default-gateway Defines an IPv6 default gateway. ipv6 host Defines a static host name-to-address mapping in the host name cache. ipv6 icmp error-interval Configures the rate limit interval and bucket size parameters for IPv6 ICMP error messages.
Page 66 radius-server retransmit Specifies the number of times the software searches the list of RADIUS server hosts. radius-server source-ip Specifies the source IP address used for communication with RADIUS servers. radius-server source-ipv6 Specifies the source IPv6 address used for the IPv6 communication with RADIUS servers.
Page 67: Ic (Interface Configuration) Mode
tacacs-server source-ip Specifies the source IP address that will be used for the communication with TACACS servers. tacacs-server timeout Sets the timeout value. tacacs-server host Specifies a TACACS+ host. tunnel isatap query-interval Configures the interval between DNS Queries (before the IP address of the ISATAP router is known) for the automatic tunnel router domain name.
Page 68 dot1x single-host-violation Configures the action to be taken, when a station whose MAC address is not the supplicant MAC address, attempts to access the interface. dot1x timeout quiet-period Sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange.
Page 69 mdix Enables automatic crossover on a given interface. name Configures a name to a VLAN. negotiation Enables auto-negotiation operation for the speed and duplex parameters of a given interface. port monitor Starts a port monitoring session. port security Disables new address learning on an interface. port security routed secure- Adds MAC-layer secure addresses to a routed port.
Page 70: Lc (Line Configuration) Mode
LC (Line Configuration) Mode Command Description enable authentication Specifies the authentication method list when accessing a higher privilege level from a remote telnet or console. exec-banner Enables the display of exec banners. exec-timeout Configures the interval that the system waits until user input is detected. history Enables the command history function.
Page 71 clear logging file Clears messages from the logging file clear spanning-tree detected- Restarts the protocol migration process on all interfaces or on the specified protocols interface. clock set Manually sets the system clock. configure Enters the global configuration mode. copy Copies files from a source to a destination.
Page 72: Sp (Ssh Public Key) Mode
show fiber-ports optical- Displays the optical transceiver diagnostics. transceiver show ip ssh Displays the SSH server configuration. show ipv6 icmp error-interval Displays the IPv6 ICMP error interval setting show ipv6 interface Displays the usability status of interfaces configured for IPv6. show ipv6 neighbors Displays IPv6 neighbor discovery cache information.
Page 73: Ue (User Exec) Mode
UE (User EXEC) Mode Command Description clear counters Clears statistics on an interface. enable Enters the privileged EXEC mode. exit(EXEC) Closes an active terminal session by logging off the device. login Changes a login username. ping Sends ICMP echo request packets to another node on the network. show clock Displays the time and date from the system clock.
Page 74: Vc (Vlan Configuration) Mode
show rmon alarm-table Displays the alarms summary table. show rmon collection history Displays the requested history group configuration. show rmon events Displays the RMON event table. show rmon history Displays RMON Ethernet Statistics history. show rmon log Displays the RMON logging table. show rmon statistics Displays RMON Ethernet Statistics.
Page 75: Acl Commands
IPv4 ACLs are defined by a unique name. An IPv4 ACL and MAC ACL cannot share the same name. Example The following example shows how to define an IPv4 Access List called dell-access-1 and to place the device in IPv4 Access List Configuration mode. Console(config)# ip access-list dell-access-1...
Page 76: Permit (Ip)
Syntax • mac access-list name • no mac access-list name • access-list-name — Name of the MAC Access List. Default Configuration No MAC Access List is defined. Command Mode Global Configuration mode. User Guidelines • MAC ACLs are defined by a unique name. An IPv4 ACL, IPv6 ACL and MAC ACL cannot share the same name.
Page 77 permit-tcp {any|{ source source-wildcard}} {any|source-port} {any|{ destination destination- • wildcard}} {any|destination-port} [dscp number | ip-precedence number] [flags list-of-flags] [src- port-wildcard source-port-wildcard] [dst-port-wildcard source-port-wildcard] • permit-udp {any|{ source source-wildcard}} {any| source-port} {any|{destination destination- wildcard}} {any|destination-port} [dscp number | ip-precedence number] [src-port-wildcard source- port-wildcard] [dst-port-wildcard source-port-wildcard] •...
Page 78: Deny (Ip)
Default Configuration No IPv4 ACL is defined. Command Mode IP-Access List Configuration mode. User Guidelines • Use the ip access-list Global Configuration mode command to enable the IP-Access List Configuration mode. • Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied.
Page 79 • disable-port — Specifies that the Ethernet interface is disabled if the condition is matched. • source — Specifies the Source IP address of the packet. • source-wildcard — Specifies wildcard bits to be applied to the source IP address by placing 1s in bit positions to be ignored.
Page 80: Permit (Mac)
User Guidelines • Use the ip access-list Global Configuration mode command to enable the IP-Access List Configuration mode. • Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the defined conditions are denied.
Page 81: Deny (Mac)
Default Configuration No MAC ACL is defined. Command Mode MAC-Access List Configuration mode. User Guidelines • Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied.
Page 82: Service-Acl
cos — Specifies the packets’s Class of Service (CoS). (Range: 0 - 7) • • cos-wildcard — Specifies wildcard bits to be applied to the CoS. • eth-type — Specifies the packet’s Ethernet type in hexadecimal format. (Range: 0 - 05dd-ffff) •...
Page 83: Show Access-Lists
User Guidelines There are no user guidelines for this command. Example The following example binds (services) an ACL to VLAN 2. Console(config)# interface eth g1 Console(config-if)# service-acl input macl1 show access-lists The show access-lists Privileged EXEC mode command displays access control lists (ACLs) defined on the device.
Page 84: Show Interfaces Access-Lists
show interfaces access-lists The show interfaces access-lists Privileged EXEC mode command displays access lists applied on interfaces. Syntax • show interfaces access-lists [ ethernet interface | port-channel port-channel-number ] interface — Specifies the Valid Ethernet port. • • port-channel-number — Specifies the port-channel index. Default Configuration This command has no default configuration.
Page 85: Aaa Commands
AAA Commands aaa authentication login The aaa authentication login Global Configuration mode commands defines login authentication. Use the no form of this command to return to the default configuration. Syntax • aaa authentication login {default | list-name} method1 [method2...] • no aaa authentication login {default | list-name} •...
Page 86: Aaa Authentication Enable
User Guidelines • The default and optional list names created with the aaa authentication login command are used with the login authentication command. • Create a list by entering the aaa authentication login list-name method command for a particular protocol, where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.
Page 87: Login Authentication
Default Configuration If the default list is not set, only the enable password is checked. This has the same effect as the command aaa authentication enable default enable. On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has the same effect as using the command aaa authentication enable default enable none.
Page 88: Enable Authentication
Command Mode Line Configuration mode. User Guidelines • Changing login authentication from default to another value may disconnect the telnet session. Example The following example specifies the default authentication method for a console. Console (config)# line console Console (config-line)# login authentication default enable authentication The enable authentication Line Configuration mode command specifies the authentication method list when accessing a higher privilege level from a remote telnet, SSH or console.
Page 89: Ip Http Authentication
ip http authentication The ip http authentication Global Configuration mode command specifies authentication methods for http. Use the no form of this command to return to the default. Syntax • ip http authentication method1 [method2...] • no ip http authentication •...
Page 90: Show Authentication Methods
Syntax • ip https authentication method1 [method2...] • no ip https authentication • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication.
Page 91 Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the authentication configuration. Console# show authentication methods Login Authentication Method Lists ----------------------------------- Console_Default: None Network_Default: Local Enable Authentication Method Lists ----------------------------------- Console_Default: Enable None Network_Default: Enable...
Page 92: Password
password The password Line Configuration mode command specifies a password on a line. Use the no form of this command to remove the password. Syntax • password password [encrypted] • no password • password — Password for this level, from 1 to 159 characters in length. •...
Page 93: Username
Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example sets a local level 15 password "secret" to control access to user and privilege levels. Console (config)# enable password level 15 secret username The username Global Configuration mode command establishes a username-based authentication system.
Page 94: Show Users Accounts
show users accounts The show users accounts Privileged EXEC mode command displays information about the local user database. Syntax • show users accounts Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the local users configured with access to the system.
Page 95: Address Table Commands
Address Table Commands bridge address The bridge address VLAN Interface Configuration mode command adds a static MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of the bridge address command (using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN).
Page 96: Bridge Multicast Filtering
Example The following example adds a permanent static MAC-layer station source address 3aa2.64b3.a245 on port g8 to the bridge table. Console (config)# interface vlan 2 Console (config-vlan)# bridge address 3a:a2:64:b3:a2:45 ethernet g8 permanent bridge multicast filtering The bridge multicast filtering Global Configuration mode command enables filtering of Multicast addresses.
Page 97: Bridge Multicast Address
bridge multicast address The bridge multicast address Interface Configuration mode command registers MAC-layer Multicast addresses to the bridge table, and adds static ports to the group. To unregister the MAC address, use the no form of the bridge multicast address command. Syntax •...
Page 98: Bridge Multicast Forbidden Address
The following example registers the MAC address and adds ports statically. Console (config)# interface vlan 8 Console (config-if)# bridge multicast address 01:00:5e:02:02:03 add ethernet g1-9 bridge multicast forbidden address The bridge multicast forbidden address Interface Configuration mode command forbids adding a specific Multicast address to specific ports.
Page 99: Bridge Multicast Unregistered
Examples In this example the MAC address 01:00:5e:02:02:03 is forbidden on port g9 within VLAN 8. Console (config)# interface vlan 8 Console (config-if)# bridge multicast address 01:00:5e:02:02:03 Console (config-if)# bridge multicast forbidden address 01:00:5e:02:02:03 add ethernet g9 bridge multicast unregistered The bridge multicast unregistered Interface Configuration mode command configures the forwarding state of unregistered multicast addresses.
Page 100: Bridge Multicast Forward-All
bridge multicast forward-all The bridge multicast forward-all Interface Configuration mode command enables forwarding of all Multicast packets on a port. To restore the default, use the no form of the bridge multicast forward-all command. Syntax • bridge multicast forward-all {add | remove} {ethernet interface-list | port-channel port-channel- number-list} •...
Page 101: Bridge Aging-Time
Syntax • bridge multicast forbidden forward-all {add | remove} {ethernet interface-list | port-channel port- channel-number-list} • no bridge multicast forward-all • add — Forbids forwarding all Multicast packets. • remove — Does not forbid forwarding all Multicast packets. • interface-list — Separates non consecutive valid Ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports.
Page 102: Clear Bridge
Default Configuration 300 seconds Command Mode Global Configuration mode. User Guidelines There are no user guidelines for this command. Example In this example the bridge aging time is set to 250. Console (config)# bridge aging-time 250 clear bridge The clear bridge Privileged EXEC mode command removes any learned entries from the forwarding database.
Page 103: Port Security
port security The port security Interface Configuration mode command locks the port. By locking the port, new addresses are not learned on the port. To enable new address learning, use the no form of the port security command. Syntax • port security [forward | discard | discard-shutdown] [trap seconds] •...
Page 104: Port Security Max
Syntax • port security mode {lock | max-addresses} • no port security mode • lock — Saves the current dynamic MAC addresses associated with the port and disables learning, relearning and aging. • max-addresses — Deletes the current dynamic MAC addresses associated with the port and learns up to the maximum number addresses allowed on the port.
Page 105: Port Security Routed Secure-Address
User Guidelines • The command is relevant only in port security max-addresses mode. Example In this example, port security mode is set to dynamic for Ethernet interface g7. Console(config)# interface ethernet g7 Console(config-if)# port security mode mac-addresses port security routed secure-address The port security routed secure-address Interface Configuration mode command adds MAC-layer secure addresses to a routed port.
Page 106: Show Bridge Address-Table
show bridge address-table The show bridge address-table Privileged EXEC mode command displays all entries in the bridge- forwarding database. Syntax • show bridge address-table [vlan vlan] [ethernet interface | port-channel port-channel-number] vlan — Specific valid VLAN, such as VLAN 1. •...
Page 107: Show Bridge Address-Table Static
show bridge address-table static The show bridge address-table static Privileged EXEC mode command displays statically created entries in the bridge-forwarding database. Syntax • show bridge address-table static [vlan vlan] [ethernet interface | port-channel port-channel-number] Parameters • vlan — Specifies a valid VLAN, such as VLAN 1. •...
Page 108: Show Bridge Address-Table Count
show bridge address-table count The show bridge address-table count Privileged EXEC mode command displays the number of addresses present in all VLANs or in a specific VLAN. Syntax • show bridge address-table count [vlan vlan] [ethernet interface-number | port-channel port-channel- number] Parameters •...
Page 109: Show Bridge Multicast Address-Table
show bridge multicast address-table The show bridge multicast address-table Privileged EXEC mode command displays Multicast MAC address table information. Syntax • show bridge multicast address-table [vlan vlan-id] [address mac-multicast-address | ip-multicast- address] [format ip | mac] • vlan_id — A VLAN ID value. •...
Page 110: Show Bridge Multicast Filtering
Forbidden ports for Multicast addresses: Vlan MAC Address Ports ---- ----------- ---------- 01:00:5e:02:02:03 01:00:5e:02:02:08 Console # show bridge multicast address-table format ip Multicast address table for VLANs in MAC-GROUP bridging mode: Vlan IP/Mac Address Type Ports ---- ----------- ----- ---------- 224-239.130|2.2.3 static g1,g2...
Page 111: Show Ports Security
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example In this example, the Multicast configuration for VLAN 1 is displayed. Console # show bridge multicast filtering 1 Filtering: Enabled VLAN: 1 Port...
Page 112 User Guidelines • There are no user guidelines for this command. Example In this example, all classes of entries in the port-lock status are displayed. Console # show ports security Port Status Learning Action Maximum Trap Frequency ----- ------- ------- ------- -------- --------...
Page 113: Show Ports Security Addresses
Frequency: Minimum time in seconds between consecutive traps Counter: Number of actions since last trap show ports security addresses The show ports security addresses Privileged EXEC mode command displays the current dynamic addresses in locked ports. Syntax • show ports security addresses [ethernet interface | port-channel port-channel-number] •...
Page 114 Address Table Commands...
Page 115: Login Banner
Login Banner banner exec The banner exec Global Configuration mode command specifies and enables a message to be displayed when an EXEC process is created (The user has successfully logged in). Use the no form of this command to delete the existing EXEC banner. Syntax •...
Page 116: Banner Login
• To customize the banner, use tokens in the form $(token) in the message text. The following table displays the tokens. Token Information displayed in the banner $(hostname) Displays the host name for the device. $(domain) Displays the domain name for the device. $(bold) Indicates that the next text is a bold text.
Page 117 Syntax • banner login d message d • no banner login • d — Delimiting character, for example a pound sign (#). A delimiting character cannot be used in the banner message. • message — Message text. The message must start in a new line and can be a multi-line message. Tokens in the form $(token) in the message text can be included.
Page 118: Banner Motd
Example The following example sets a Login banner that uses tokens. The percent sign (%) is used as a delimiting character. Notice that the $(token) syntax is replaced by the corresponding configuration variable. Console (config)# banner login % Enter TEXT message. End with the character '%'. You have entered $(hostname).$(domain) When the login banner is executed, the user will see the following banner: You have entered host123.ourdomain.com...
Page 119: Exec-Banner
• To customize the banner, use tokens in the form $(token) in the message text. The following table displays the tokens. Token Information displayed in the banner $(hostname) Displays the host name for the device. $(domain) Displays the domain name for the device. $(bold) Indicates that the next text is a bold text.
Page 120: Login-Banner
Default Configuration Enabled Command Mode Line Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example enables the display of exec banners. Console (config)# line console Console(config-line)# exec-banner login-banner The login-banner Line Configuration mode command enables the display of login banners. Use the no form of this command to disable the display of login banners.
Page 121: Motd-Banner
motd-banner The motd-banner Line Configuration mode command enables the display of message-of-the-day banners. Use the no form of this command to disable the display of motd banners. Syntax • motd-banner • no motd-banner Default Configuration Enabled Command Mode Line Configuration mode. User Guidelines •...
Page 122 User Guidelines • There are no user guidelines for this command. Example The following example displays the banners configuration. Device> show motd Console: Enabled Telnet: Enabled SSH: Enabled MOTD Message $(bold)Upgrade$(bold) to all devices begins at March 12 Login Banner...
Page 123: Clock
Clock clock set The clock set Privileged EXEC mode command manually sets the system clock. Syntax • clock set hh:mm:ss day month year • clock set hh:mm:ss month day year hh:mm:ss — Current time in hours (military format), minutes, and seconds. (0 - 23, mm: 0 - •...
Page 124: Clock Timezone
Syntax • clock source {sntp} • no clock source • sntp — SNTP servers Default Configuration No external clock source. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Examples The following example configures an external time source for the system clock. Console# clock source sntp clock timezone The clock timezone Global Configuration mode command sets the time zone for display purposes.
Page 125: Clock Summer-Time
Examples The following example sets the timezone to 6 hours difference from UTC. Console# (config) clock timezone -6 zone CST clock summer-time The clock summer-time Global Configuration mode command configures the system to automatically switch to summer time (daylight saving time). Use the no form of this command to configure the software to not automatically switch to summer time.
Page 126: Sntp Authentication-Key
Default Configuration Summer time is disabled. offset offset — default is 60 zone acronym — If unspecified default to the timezone acronym. If the timezone has not been defined, the default will be UTC. Command Mode Global Configuration mode. User Guidelines •...
Page 127: Sntp Authenticate
Syntax • sntp authentication-key number md5 value • no sntp authentication-key number • number — Key number. (Range: 1 - 4294967295) • value — Key value. (Range: Up to 8 characters) Default Configuration No authentication key is defined. Command Mode Global Configuration mode.
Page 128: Sntp Trusted-Key
User Guidelines • The command is relevant for both Unicast and Broadcast. Examples The following example defines the authentication key for SNTP and grants authentication. Console(config)# sntp authentication-key 8 md5 ClkKey Console(config)# sntp trusted-key 8 Console(config)# sntp authenticate sntp trusted-key The sntp trusted-key Global Configuration mode command authenticates the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize.
Page 129: Sntp Client Poll Timer
sntp client poll timer The sntp client poll timer Global Configuration mode command sets the polling time for the Simple Network Time Protocol (SNTP) client. Use the no form of this command to return to default. Syntax • sntp client poll timer seconds •...
Page 130: Sntp Anycast Client Enable
User Guidelines • The sntp Broadcast client enable Interface Configuration mode command enables the device to receive Broadcast transmissions globally and on ALL interfaces. • Use the sntp client enable Interface Configuration mode command to enable the SNTP client on a specific interface.
Page 131: Sntp Client Enable
sntp client enable The sntp client enable Global Configuration mode command enables the Simple Network Time Protocol (SNTP) Broadcast and Anycast client on an interface. Use the no form of this command to disable the SNTP client. Syntax • sntp client enable {ethernet interface-number | vlan vlan-id | port-channel number} •...
Page 132: Sntp Unicast Client Enable
Default Configuration Disabled. Command Mode Interface Configuration (Ethernet, Port-Channel, VLAN) mode. User Guidelines • Use the sntp client enable Global Configuration mode command to enable Broadcast clients globally. • Use the sntp anycast client enable Global Configuration mode command to enable Anycast clients globally.
Page 133: Sntp Unicast Client Poll
Examples The following example enables the device to use the Simple Network Time Protocol (SNTP) to request and accept Network Time Protocol (NTP) traffic from servers. Console (config)# sntp unicast client enable sntp unicast client poll The sntp unicast client poll Global Configuration mode command enables polling for the Simple Network Time Protocol (SNTP) predefined Unicast clients.
Page 134 Syntax • sntp server {ip4-address | ip6-address | hostname}[poll] [key keyid] • no sntp server {ip4-address | ip6-address | hostname} • ip4-address — IPv4 server address. • ipv6-address — IPv6 server address. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified.
Page 135: Show Clock
Example The following example configures the device to accept SNTP traffic from the server on 192.1.1.1. Console(config)# sntp server 192.1.1.1 show clock The show clock User EXEC mode command displays the time and date from the system clock. Syntax • show clock [detail] •...
Page 136: Show Sntp Configuration
Example The following example displays the time and date from the system clock. Console# show clock 15:29:03 PDT(UTC-7) Jun 17 2002 Time source is SNTP Device> show clock detail 15:29:03 PDT(UTC-7) Jun 17 2002 Time source is SNTP Time zone: Acronym is PST Offset is UTC-8 Summertime:...
Page 137 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Examples Console# show sntp configuration Polling interval: 7200 seconds MD5 Authentication keys: 8, 9 Authentication is required for synchronization. Trusted Keys: 8,9 Unicast Clients Polling: Enabled.
Page 138: Show Sntp Status
show sntp status The show sntp status Privileged EXEC mode command shows the status of the Simple Network Time Protocol (SNTP). Syntax • show sntp status This command has no keywords or arguments. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
Page 139: Configuration And Image Files
Configuration and Image Files To display list of files on a flash file system, use the dir Privileged EXEC command. Syntax • This command has no arguments or keywords. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines •...
Page 140: More
syslog1.sys 262144 07-Feb-2005 10:16:02 syslog2.sys 262144 07-Feb-2005 10:16:02 directry.prv 262144 07-Feb-2005 10:15:56 startup-config rw 400000 13-Feb-2005 18:46:34 Total size of flash: 33292288 bytes Free size of flash: 20708893 bytes more To display a file, use the more Privileged EXEC command. Syntax more url •...
Page 141: Rename
Examples Console# more version 12.1 interface FastEthernetg1 ip address 176.242.100.100 255. ip pim dense-mode duplex auto speed auto rename To rename a file, use the rename Privileged EXEC command Syntax • rename url new-url • url — The location URL. new-url —...
Page 142: Delete Startup-Config
The following table shows keywords and URL prefixes: Keyword Source Destination flash Source or destination URL for Flash memory. It's the default in case a URL is specified without a prefix. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
Page 143: Copy
copy The copy Privileged EXEC command copies any file from a source to a destination. Syntax • copy source-url destination-url [snmp] • source-url — The location URL or reserved keyword of the source file to be copied. (Range: 1 - 160 characters) •...
Page 144 User Guidelines • The location of a file system dictates the format of the source or destination URL. • The entire copying process may take several minutes and differs from protocol to protocol and from network to network. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified.
Page 145 Use the copy source-url running-config command to load a "configuration file" from a network server to the device "running configuration". The configuration is added to the "running configuration" as if the commands were typed in the command-line interface (CLI). The resulting configuration file is a combination of the previous "running configuration"...
Page 146: Delete
delete The delete Privileged EXEC mode command deletes a file from a Flash memory device. Syntax • delete url • url — The location URL or reserved keyword of the source file to be copied. The following table shows keywords and URL prefixes: Keyword Source or Destination flash...
Page 147: Show Running-Config
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • Use the show bootvar command to find out which image is the active image. Examples The following example loads system image 1 for the next device startup. Console# boot system image-1 show running-config The show running-config Privileged EXEC mode command displays the contents of the currently...
Page 148: Show Startup-Config
Examples The following example displays the contents of the running-config file. Console# show running-config no spanning-tree vlan database vlan 2 exit interface range ethernet g(1-2) switchport access vlan 2 exit interface vlan 2 bridge address 00:00:00:00:00:01 ethernet g1 exit interface ethernet g1 gvrp enable exit gvrp enable...
Page 149 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Examples The following example displays the contents of the startup-config file. Console# show startup-config no spanning-tree vlan database vlan 2 exit...
Page 150: Show Bootvar
show bootvar The show bootvar Privileged EXEC mode command displays the active system image file that the device loads at startup. Syntax • show bootvar Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines •...
Page 151: Ethernet Configuration Commands
Ethernet Configuration Commands interface ethernet The interface ethernet Global Configuration mode command enters the Interface Configuration mode to configure an Ethernet type interface. Syntax • interface ethernet interface • interface — Valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Global Configuration mode.
Page 152: Shutdown
Syntax • interface range ethernet {port-range | all} • port-range — List of valid ports to add. Separate non consecutive ports with a comma and no spaces; a hyphen is used to designate a range of ports. • all — All Ethernet ports. Default Configuration This command has no default configuration.
Page 153: Description
User Guidelines • There are no user guidelines for this command. Examples The following example disables port g5. Console(config)# interface ethernet g5 Console(config-if)# shutdown The following example re-enables port g5. Console(config)# interface ethernet g5 Console(config-if)# no shutdown description The description Interface Configuration mode command adds a description to an interface. Use the no form of this command to remove the description.
Page 154: Speed
speed The speed Interface Configuration mode command configures the speed of a given Ethernet interface when not using auto-negotiation. Use the no form of this command to restore the default. Syntax • speed {10| 100 | 1000}. • no speed •...
Page 155: Negotiation
Default Configuration The interface is set to full duplex. Command Mode Interface Configuration (Ethernet) mode. User Guidelines • Before attempting to force a particular duplex mode on the port operating at 10/100/1000 Mbps, disable the auto-negotiation on that port. • Half duplex mode can be set only for ports operating at 10 Mbps or 100 Mbps.
Page 156: Flowcontrol
Example The following example enables auto negotiation of Ethernet port 5. (config)# interface ethernet g5 (config-if)# negotiation (config-if)# flowcontrol The flowcontrol Interface Configuration mode command configures the Flow Control on a given interface. Use the no form of this command to restore the default. Syntax •...
Page 157: System Flowcontrol
system flowcontrol The system flowcontrol Interface Configuration mode command enables flow control on cascade ports. To disable flow control, use the no form of this command. Syntax system flowcontrol no system flowcontrol Default Configuration System flowcontrol is disabled. Command Mode Interface Configuration mode.
Page 158: Back-Pressure
User Guidelines • Mdix Auto: All possibilities to connect a PC with cross OR normal cables are supported and are automatically detected. • Mdix ON: It is possible to connect to a PC only with a normal cable and to connect to another switch ONLY with a cross cable.
Page 159: Port Jumbo-Frame
port jumbo-frame The port jumbo-frame Global Configuration mode command enables jumbo frames for the device. The size of the port jumbo frame is 10K. Use the no form of this command to disable jumbo frames. Syntax • port jumbo-frame • no port jumbo-frame Default Configuration Jumbo Frames are not enabled.
Page 160: Set Interface Active
Example In the following example, the counters for interface g1 are cleared. Console# clear counters ethernet g1 set interface active The set interface active Privileged EXEC mode command reactivates an interface that was suspended by the system. Syntax • set interface active {ethernet interface | port-channel port-channel-number} •...
Page 161 Default Configuration This command has no default configuration. Command Modes Privilege EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the configuration for all configured interfaces: Console# show interfaces configuration Port Type Duplex Speed Flow Control Admin State MdixMode ---- ---- ------ ------ ----...
Page 162: Show Interfaces Status
The displayed port configuration information includes the following: • Port — The port number. • Port Type — The port designated IEEE shorthand identifier. For example 1000Base-T refers to 1000 Mbps baseband signaling. • Duplex — Displays the port Duplex status. •...
Page 163 Console# show interfaces status Port Type Duplex Speed Neg Flow Link State Back MDIX Control Pressure Mode ---- --------- ------ ---- ---- ------ ----- ----- ---- 1G Copper half Enabled off Disable 1G Copper half Enabled off Disable 1G-Copper half Enabled off Disable 1G-Copper...
Page 164 Type Duplex Speed Neg Flow Link State Control ---- ----- ----- ------- Not Present Not Present Not Present Not Present Not Present Not Present Not Present Not Present console# The displayed port status information includes the following: • Port — The port number. •...
Page 165: Show Interfaces Advertise
show interfaces advertise The show interfaces advertise Privileged EXEC mode command displays auto-negotiation data. Syntax show interfaces advertise [ ethernet interface | port-channel port-channel-number ] • interface — A valid Ethernet port. • port-channel-number — Port channel index. A valid port channel. Default Configuration This command has no default configuration.
Page 166 1G-Copper Enabled 1000f, 100f, 100h, 10f, 10h 1G-Copper Enabled 1000f, 100f, 100h, 10f, 10h 1G-Copper Enabled 1000f, 100f, 100h, 10f, 10h 1G-Copper Enabled 1000f, 100f, 100h, 10f, 10h 1G-Copper Enabled 1000f, 100f, 100h, 10f, 10h 1G-Copper Enabled 1000f, 100f, 100h, 10f, 10h 1G-Copper Enabled 1000f, 100f, 100h, 10f, 10h 1G-Copper...
Page 167: Show Interfaces Description
Type: 1G-Copper Link state: Up Auto Negotiation: enabled 1000f 1000h 100f 100h Admin Local Link Advertisement Oper Local Link Advertisement Remote Link Advertisement Priority Resolution Link State: Up Auto Negotiation: disabled. show interfaces description The show interfaces description User EXEC mode command displays the description for all configured interfaces.
Page 168: Show Interfaces Counters
Example The following example displays the description for the interface g1. Console# show interfaces description ethernet g1 Port Description ---- ------------------ Management_port R&D_port Finance_port Description ---- ------------------ Ch 1 Output show interfaces counters The show interfaces counters User EXEC mode command displays traffic seen by the physical interface. Syntax show interfaces counters [ethernet interface | port-channel port-channel-number] •...
Page 169 Examples The following example displays traffic seen by the physical interface. Console# show interfaces counters Port InUcastPkts InMcastPkts InBcastPkts InOctets ------ ---------- ----------- ----------- -------- 1289 183892 1788 123899 Port OutUcastPkt OutMcastPkts OutBcastPkts OutOctets ------ --------- ------------ --------- --------- 9188 8789 InUcastPkts InMcastPkts...
Page 170 The following example displays counters for port g1. Console# show interfaces counters ethernet g1 Port InOctets InUcastPkts InMcastPkts InBcastPkts ------ ----------- -------------- -------------- ----------- 183892 1289 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts ------ ----------- -------------- -------------- ----------- 9188 FCS Errors: 8 Single Collision Frames: 0 Multiple Collision Frames: 0 SQE Test Errors: 0...
Page 171 The following table describes the fields shown in the display: Field Description InOctets Counted received octets. InUcastPkts Counted received Unicast packets. InMcastPkts Counted received Multicast packets. InBcastPkts Counted received Broadcast packets. OutOctets Counted transmitted octets. OutUcastPkts Counted transmitted Unicast packets. OutMcastPkts Counted transmitted Multicast packets.
Page 172: Show Ports Jumbo-Frame
Symbol Errors For an interface operating at 100 Mb/s, the number of times there was an invalid data symbol when a valid carrier was present.For an interface operating in half-duplex mode at 1000 Mb/s, the number of times the receiving media is non-idle (a carrier event) for a period of time equal to or greater than slotTime, and during which there was at least one occurrence of an event that causes the PHY to indicate 'Data reception error' or 'carrier extend error' on the GMII.For an interface operating in full-duplex mode at...
Page 173: Port Storm-Control Include-Multicast
port storm-control include-multicast The port storm-control include-multicast Interface Configuration (Ethernet) mode command enables counting Multicast packets in the port storm-control broadcast rate command. Use the no form of this command to disable counting Multicast packets. Syntax • port storm-control include-multicast [unknown-unicast] •...
Page 174: Port Storm-Control Broadcast Rate
User Guidelines • Use the port storm-control Broadcast rate Interface Configuration command to the set the maximum rate. • Use the port storm-control include-multicast Interface Configuration command to count also Multicast packets and optionally unknown Unicast packets in the storm control calculation. •...
Page 175: Show Ports Storm-Control
Example The following example configures the maximum Broadcast rate 10 kilobytes per second. console(config)# interface ethernet g2 console(config-if)# port storm-control broadcast rate 10 show ports storm-control The show ports storm-control Privileged EXEC mode command displays the storm control configuration. Syntax show ports storm-control [interface] •...
Page 176: Show System Flowcontrol
Disabled 3500 Broadcast Disabled 3500 Broadcast Disabled 3500 Broadcast Disabled 3500 Broadcast Disabled 3500 Broadcast Disabled 3500 Broadcast Disabled 3500 Broadcast Disabled 3500 Broadcast Disabled 3500 Broadcast Disabled 3500 Broadcast Disabled 3500 Broadcast Disabled 3500 Broadcast Disabled 3500 Broadcast Disabled 3500 Broadcast Disabled...
Page 177 User Guidelines • There are no user guidelines for this command. Example The following example displays the flow control state on cascade ports.. console(config)# show system flowcontrol Flow control for internal cascade ports: Enabled Ethernet Configuration Commands...
Page 178 Ethernet Configuration Commands...
Page 179: Dhcp Snooping
DHCP Snooping ip dhcp snooping The ip dhcp snooping Global Configuration mode command globally enables DHCP snooping. Use the no form of this command to return to the default setting. Syntax • ip dhcp snooping • no ip dhcp snooping Default Configuration DHCP snooping disabled.
Page 180: Ip Dhcp Snooping Trust
Default Configuration DHCP snooping on VLAN disabled. Command Mode Global Configuration mode. User Guidelines • Prior to enabling DHCP snooping on a VLAN, globally enable DHCP snooping. Example The following example enables DHCP snooping on a VLAN. console (config)#ip dhcp snooping vlan vlan-id ip dhcp snooping trust The ip dhcp snooping trust Interface Configuration mode command configures a port as trusted for DHCP snooping purposes.
Page 181: Ip Dhcp Snooping Verify
Syntax • ip dhcp snooping information option allowed-untrusted • no ip dhcp snooping information option allowed-untrusted Default Configuration Discard DHCP packets with option-82 information from an untrusted port. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example configures a switch to accept DHCP packets with option-82 information from an untrusted port.
Page 182: Ip Dhcp Snooping Database
Example The following example configures the switch to verify on an untrusted port that the source MAC address in a DHCP packet matches the client hardware address. console (config)#ip dhcp snooping verify ip dhcp snooping database The ip dhcp snooping database Global Configuration mode command configures the DHCP snooping binding file.
Page 183: Ip Dhcp Snooping Binding
Default Configuration 1200. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example configures the update frequency ofthe DHCP snooping binding file. console (config)# ip dhcp snooping database update-freq seconds ip dhcp snooping binding The ip dhcp snooping binding Privileged EXEC mode command configures the DHCP snooping binding database and adds binding entries to the database.
Page 184: Clear Ip Dhcp Snooping Database
User Guidelines • After entering this command, an entry is added to the DHCP snooping database. If DHCP snooping binding file exists, the entry is also added to that file. • The entries are displayed in the show commands as a ’DHCP Snooping entry’. Example The following example configures the DHCP snooping binding database and adds binding entries to the database.
Page 185: Show Ip Dhcp Snooping Binding
Default Configuration This command has no default configuration. Command Mode EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the DHCP snooping configuration. Console # show ip dhcp snooping DHCP snooping is enabled DHCP snooping is configured on following VLANs: 2, 7-18 DHCP snooping database: enabled Verification of hwaddr field is enabled...
Page 186 Command Mode EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the DHCP snooping binding database and configuration information for all interfaces on a switch. Console# show ip dhcp snooping binding Update frequency: 1200 Total number of binding: 2 Mac Address...
Page 187: Gvrp Commands
GVRP Commands gvrp enable (global) GVRP , or GARP VLAN Registration Protocol, is an industry-standard protocol designed to propagate VLAN information from device to device. With GVRP , a single switch is manually configured with all desired VLANs for the network, and all other switches on the network learn these VLANs dynamically.
Page 188: Garp Timer
Syntax • gvrp enable • no gvrp enable Default Configuration GVRP is disabled on all interfaces by default. Command Mode Interface Configuration (Ethernet, port-channel) mode. User Guidelines • An access port would not dynamically join a VLAN because it is always a member in only one VLAN. •...
Page 189: Gvrp Vlan-Creation-Forbid
Default Configuration The default timer values are as follows: • Join timer — 200 milliseconds • Leave timer — 600 milliseconds • Leavall timer — 10000 milliseconds Command Mode Interface Configuration (Ethernet, port-channel) mode. User Guidelines • The timer_value value must be a multiple of 10. •...
Page 190: Gvrp Registration-Forbid
User Guidelines • This command forbids dynamic VLAN creation from the interface. The creation or modification of dynamic VLAN registration entries as a result of the GVRP exchanges on an interface are restricted only to those VLANs for which static VLAN registration exists. Example The following example disables dynamic VLAN creation on port g8.
Page 191: Clear Gvrp Statistics
clear gvrp statistics The clear gvrp statistics Privileged EXEC mode command clears all the GVRP statistics information. Syntax • clear gvrp statistics [ethernet interface | port-channel port-channel-number] • interface — A valid Ethernet interface. • port-channel-number — A valid port-channel trunk index. Default Configuration This command has no default configuration.
Page 192: Show Gvrp Statistics
User Guidelines • There are no user guidelines for this command. Example The following example shows how to display GVRP configuration information: Console# show gvrp configuration GVRP Feature is currently enabled on the switch. Maximum VLANs: 255 Port(s) GVRP- Registration Dynamic Timers Leave Leave All...
Page 193 Example The following example shows GVRP statistics information: Console# show gvrp statistics GVRP statistics: ---------------- : Join Empty Received rJIn : Join In Received rEmp : Empty Receiaved rLIn : Leave In Received : Leave Empty Received : Leave All Received : Join Empty Sent sJIn : Join In Sent sEmp : Empty Sent...
Page 194 GVRP Commands...
Page 195: Igmp Snooping Commands
IGMP Snooping Commands ip igmp snooping (Global) The ip igmp snooping Global Configuration mode command enables Internet Group Management Protocol (IGMP) snooping. Use the no form of this command to disable IGMP snooping. Syntax • ip igmp snooping • no ip igmp snooping Default Configuration IGMP snooping is disabled.
Page 196: Ip Igmp Snooping Mrouter
Default Configuration IGMP snooping is disabled. Command Mode Interface Configuration (VLAN) mode. User Guidelines • IGMP snooping can only be enabled on static VLANs. Example The following example enables IGMP snooping on VLAN 2. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping ip igmp snooping mrouter The ip igmp snooping mrouter Interface Configuration mode command enables automatic learning of Multicast router ports of a specific VLAN.
Page 197: Ip Igmp Snooping Host-Time-Out
ip igmp snooping host-time-out The ip igmp snooping host-time-out Interface Configuration mode command configures the host-time- out. If an IGMP report for a Multicast group was not received for a host-time-out period from a specific port, this port is deleted from the member list of that Multicast group. Use the no form of this command to reset to default host-time-out.
Page 198: Ip Igmp Snooping Leave-Time-Out
Default Configuration The default value is 300 seconds. Command Mode Interface Configuration (VLAN) mode. User Guidelines • There are no user guidelines for this command. Example The following example configures the mrouter timeout to 200 seconds. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping mrouter-time-out 200 ip igmp snooping leave-time-out The ip igmp snooping leave-time-out VLAN Interface Configuration mode command configures the...
Page 199: Ip Igmp Snooping Querier Enable
Example The following example configures the host leave-time-out to 60 seconds. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping leave-time-out 60 ip igmp snooping querier enable The ip igmp snooping querier enable Interface Configuration mode command enables Internet Group Management Protocol (IGMP) querier on a specific VLAN.
Page 200: Ip Igmp Snooping Querier Address
ip igmp snooping querier address The ip igmp snooping querier address Interface Configuration mode command defines the source IP address that the IGMP Snooping querier uses. Use the no form of this command to return to default. Syntax • ip igmp snooping querier address ip-address •...
Page 201: Show Ip Igmp Snooping Interface
User Guidelines • There are no user guidelines for this command. Example The following example shows IGMP snooping mrouter information. Console # show ip igmp snooping mrouter VLAN Ports ---- ------ show ip igmp snooping interface The show ip igmp snooping interface User EXEC mode command shows IGMP snooping configuration. Syntax •...
Page 202: Show Ip Igmp Snooping Groups
Example The example displays IGMP snooping information. Console # show ip igmp snooping interface 1000 IGMP Snooping is globally enabled IGMP Snooping admin: Enabled Hosts and routers IGMP version: 2 IGMP snooping oper mode: Enabled IGMP snooping querier admin: Enabled IGMP snooping querier oper: Enabled IGMP snooping querier address admin: IGMP snooping querier address oper: 172.16.1.1...
Page 203 User Guidelines • To see the full Multicast address table (including static addresses) use the show bridge address-table command. Example The example shows IGMP snooping information. Console # show ip igmp snooping groups Vlan IP Address Querier Ports ----- ------------------ -------- ------------ 224-239.130|2.2.3...
Page 204 IGMP Snooping Commands...
Page 205: Ip Addressing Commands
IP Addressing Commands clear host dhcp The clear host dhcp Privileged EXEC mode command deletes entries from the host name-to-address mapping received from Dynamic Host Configuration Protocol (DHCP). Syntax • clear host dhcp {name | *} • name — Particular host entry to remove. (Range: 1 - 158 characters.) •...
Page 206: Ip Address Dhcp
Syntax • ip address ip-address {mask | prefix-length} • no ip address [ip-address] • ip-address — IP address • mask — Specifies the network mask of the IP address. (Range: Valid Subnet mask) • prefix-length — The number of bits that comprise the IP address prefix. The prefix length must be preceded by a forward slash (/).
Page 207: Ip Default-Gateway
Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet, VLAN, port-channel). User Guidelines • The ip address dhcp command allows any interface to dynamically learn its IP address by using the DHCP protocol. • Some DHCP Servers require that the DHCPDISCOVER message have a specific host name. The most typical usage of the ip address dhcp hostname host-name command is when host-name is the host name provided by the system administrator.
Page 208: Show Ip Interface
Command Mode Global Configuration mode. User Guidelines • There are no User Guidelines for this command. Example The following example defines an ip default gateway. Console(config)# ip default-gateway 192.168.1.1 show ip interface The show ip interface User EXEC mode command displays the usability status of interfaces configured for IP .
Page 209: Arp
Console# show ip interface Gateway IP Address Type Activity Status --------------------- ----------- --------------- 10.7.1.1 Static Active IP address Interface Type ------------------- ------------ ------------ 10.7.1.192/24 VLAN 1 Static 10.7.2.192/24 VLAN 2 DHCP The arp Global Configuration mode command adds a permanent entry in the Address Resolution Protocol (ARP) cache.
Page 210: Arp Timeout
Example The following example adds the IP address 198.133.219.232 and MAC address 00:00:0c:40:0f:bc to the ARP table. Console (config)# arp 198.133.219.232 00:00:0c:40:0f:bc ethernet arp timeout The arp timeout Global Configuration mode command configures how long an entry remains in the ARP cache.
Page 211: Show Arp
Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example deletes all dynamic entries from the ARP cache. Console# clear arp-cache show arp The show arp Privileged EXEC mode command displays entries in the ARP table. Syntax show arp [ip-address ip-address] [mac-address mac-address] [ethernet interface | port-channel port- •...
Page 212: Ip Domain-Lookup
Example The following example displays entries in the ARP table. Console# show arp ARP timeout: 60000 Seconds Interface IP address HW address status ---------- -------------- ---------------- -------- 10.7.1.102 00:10:B5:04:DB:4B Dynamic 10.7.1.135 00:50:22:00:2A:A4 Static ip domain-lookup The ip domain-lookup Global Configuration mode command enables the IP Domain Naming System (DNS)-based host name-to-address translation.
Page 213: Ip Domain-Name
• There are no user guidelines for this command. Examples The following example defines a default domain name of www.dell.com. Console (config)# ip domain-name www.dell.com ip name-server The ip name-server Global Configuration mode command sets the available name servers. Use the no form of this command to remove a name server.
Page 214: Ip Host
No host is defined. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Examples The following example defines a static host name-to-address mapping in the host cache. Console (config)# ip host accounting.dell.com 176.10.23.1 IP Addressing Commands...
Page 215: Clear Host
clear host The clear host Privileged EXEC mode command deletes entries from the host name-to-address cache. Syntax • clear host {name | *} • name — Particular host entry to remove. (Range: 1 - 158 characters • * — Removes all entries. Default Configuration This command has no default configuration.
Page 216 Default domain is GM.COM Name/address lookup is enabled Name servers: 176.16.1.18 176.16.1.19 Static host name-to-address mapping: Host Addresses ---- --------- www.dell.com 176.16.8.8 176.16.8.9 Cache: TTL(Hours) Host Total Elapsed Type Addresses ---- ----- --------- ------ --------- www.dell.com 72 171.64.14.203 IP Addressing Commands...
Page 217: Ipv6 Addressing
IPv6 Addressing ipv6 enable The ipv6 enable Interface Configuration mode command enables IPv6 processing on an interface. Use the no form of this command to disable IPv6 processing on an interface. Syntax • ipv6 enable [no-autoconfig] • no ipv6 enable –...
Page 218: Ipv6 Address Autoconfig
ipv6 address autoconfig The ipv6 address autoconfig Interface Configuration mode command enables automatic configuration of IPv6 addresses using stateless autoconfiguration on an interface. Addresses are configured depending on the prefixes received in Router Advertisement messages. , Use the no form of this command to disable address autoconfiguration on the interface.
Page 219: Show Ipv6 Icmp Error-Interval
milliseconds — The time interval between tokens being placed in the bucket, each token • represents a single ICMP error message. (Range: 0 - 2147483647) • bucketsize — The maximum number of tokens stored in the bucket. (Range: 1 - 200) Default Configuration The default interval is 100ms and the default bucketsize is 10 tokens.
Page 220: Ipv6 Address
Example The following example displays the IPv6 ICMP error interval setting.. Console> show ipv6 icmp error-interval Rate limit interval: 100 ms Bucket size: 10 tokens ipv6 address The ipv6 address Interface Configuration mode command configures an IPv6 address for an interface. use the no form of this command to remove the address from the interface.
Page 221: Ipv6 Address Link-Local
Example The following example configures an IPv6 address FE80::260:3EFF:FE11:6770 for interface g1. Console# Console (config)# interface g1 Console (config-if)# ipv6 address FE80::260:3EFF:FE11:6770 ipv6 address link-local The ipv6 address link-local Interface Configuration mode command configures an IPv6 link-local address for an interface. Use the no form of this command to return to the default link local address on the interface.
Page 222: Ipv6 Unreachables
Example The following example assigns FE80::260:3EFF:FE11:6770 as the link-local address. Console# Console (config)# interface g1 Console (config-if)# ipv6 address FE80::260:3EFF:FE11:6770 link- local ipv6 unreachables The ipv6 unreachables Interface Configuration mode command enables the generation of Internet Control Message Protocol for IPv6 (ICMPv6) unreachable messages for any packets arriving on a specified interface.
Page 223: Ipv6 Mld Join-Group
Syntax • ipv6 default-gateway ipv6-address • no ipv6 default-gateway • ipv6-address — IPv6 address of the next hop that can be used to reach that network. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified.
Page 224: Ipv6 Mld Version
Syntax • ipv6 mld join-group group-address • no ipv6 mld join-group group-address • group-address — The multicast group IPv6 address. Default Configuration This command has no default setting. Command Mode Interface configuration (Ethernet, VLAN, Port-channel). User Guidelines • The ipv6 mld join-group command configures MLD reporting for a specified group. The packets that are addressed to a specified group address will be passed up to the client process in the device.
Page 225: Show Ipv6 Interface
Example The following example defines an IPv6 default gateway. Console(config-if)# ipv6 mld version 1 show ipv6 interface The show ipv6 interface Privileged EXEC mode command displays the usability status of interfaces configured for IPv6. Syntax • show ipv6 interface [ethernet interface-number | vlan vlan-id | port-channel number] •...
Page 226 ff02::1:ff00:22 manual ff02::1:ff00:1234 manual ff02::1:ff00:5668 manual VLAN 1 2002:1:1:1:200:b0ff:fe00:: other VLAN 1 3001::1/64 manual VLAN 1 4004::55/64 [ANY] manual VLAN 1 fe80::200:b0ff:fe00:0 linklayer VLAN 1 ff02::1 linklayer VLAN 1 ff02::77 manual VLAN 1 ff02::1:ff00:0 manual VLAN 1 ff02::1:ff00:1 manual VLAN 1 ff02::1:ff00:55 manual Default Gateway IP...
Page 227: Show Ipv6 Route
IP addresses Type DAD State ---------------- ------ --------- 2002:1:1:1:200:b0ff:fe00 other Active 3001::1/64 manual Active 4004::55/64 [ANY] manual Active fe80::200:b0ff:fe00:0 linklayer Active ff02::1 linklayer Active ff02::77 manual ------ ff02::1:ff00:0 manual ------ ff02::1:ff00:1 manual ------ ff02::1:ff00:55 manual ------ show ipv6 route The show ipv6 route Privileged EXEC mode command displays the current state of the IPv6 routing table.
Page 228: Ipv6 Nd Dad Attempts
Example The following example displays the current state of the IPv6 routing table. Console> show ipv6 route Codes: L - Local, S - Static, I - ICMP, ND - Router Advertisment The number in the brackets is the metric. ::/0 via fe80::77 [0] VLAN 1 Lifetime Infinite ND ::/0 via fe80::200:cff:fe4a:dfa8 [0] VLAN 1 Lifetime 1784 sec 2001::/64 is directly connected, g2 Lifetime Infinite 2002:1:1:1::/64 is directly connected, VLAN 1 Lifetime 2147467...
Page 229: Ipv6 Host
User Guidelines • Duplicate address detection verifies the uniqueness of new unicast IPv6 addresses before the addresses are assigned to interfaces (the new addresses remain in a tentative state while duplicate address detection is performed). Duplicate address detection uses neighbor solicitation messages to verify the uniqueness of unicast IPv6 addresses.
Page 230: Ipv6 Neighbor
Syntax • ipv6 host name ipv6-address1 [ipv6-address2...ipv6-address4] • no ipv6 host name • name — Name of the host. (Range: 1 - 158 characters) • ipv6-address1 — Associated IPv6 address. The address is specified in hexadecimal using 16-bit values between colons. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified.
Page 231: Ipv6 Set Mtu
Syntax • ipv6 neighbor ipv6_addr hw_addr {ethernet interface-number | vlan vlan-id | port-channel number } • no ipv6 neighbor ipv6_addr {ethernet interface-number | vlan vlan-id | port-channel number} – ipv6_addr — IPv6 address to map to the specified MAC address. –...
Page 232: Show Ipv6 Neighbors
Syntax • ipv6 set mtu {ethernet interface | vlan vlan-id | port-channel port-channel-number} { bytes | default} • ethernet interface — Valid interface number. • vlan vlan-id — VLAN number. • port-channel port-channel-number — Valid Port Channel index. • bytes — MTU in bytes with a minimum is 1280 bytes. •...
Page 233 User Guidelines • The associated interface of a MAC address can be aged out from the FDB table, so the Interface field can be empty. • When an ARP entry is associated with an IP interface that is defined on a port or port-channel, the VLAN field is empty.
Page 234: Clear Ipv6 Neighbors
clear ipv6 neighbors The clear ipv6 neighbors Privileged EXEC mode command deletes all entries in the IPv6 neighbor discovery cache, except static entries. Syntax • clear ipv6 neighbors Default Configuration This command has no default setting. Command Mode Privileged EXEC mode. User Guidelines •...
Page 235: Iscsi Commands
iSCSI Commands iscsi enable The iscsi enable Global Configuration mode command globally enables iSCSI awareness. Use the no form of this command to disable iSCSI awareness. Syntax • iscsi enable • no iscsi enable Default Configuration This command has no default configuration. Command Mode Global Configuration mode.
Page 236 Syntax • iscsi target port tcp-port-1 [tcp-port-2.… tcp-port-8] [address ip-address] [name targetname] • no iscsi target port tcp-port-1 [tcp-port-2.… tcp-port-8] [address ip-address] • tcp-port — TCP port number or list of TCP port numbers on which iSCSI target/s listen to requests.
Page 237: Iscsi Cos
iscsi cos The iscsi cos Global Configuration mode command sets the quality of service profile that will be applied to iSCSI flows. Use the no form of this command to return to default. Syntax • iscsi cos {vpt vpt | dscp dscp} [remark] •...
Page 238: Iscsi Max Connections
Syntax • iscsi aging-time time • no iscsi aging-time • time — The number in minutes a session is not active prior to its removal. (Range: 1- 43,200) Default Configuration 5 minutes. Command Mode Global Configuration mode. User Guidelines • All connections are measured in groups of 32.
Page 239: Show Iscsi
Default Configuration 256 connections. Command Mode Global Configuration mode. User Guidelines • The new setting takes affect after reset. • The amount of iSCSI connections affects other system features: iSCSI aware, DHCP snooping and ACL rules use the same system resource. When increasing the number of iSCSI connections the other application rules (DHCP snooping or ACL) can be removed after reset.
Page 240: Show Iscsi Sessions
Example The following example displays the iSCSI settings. Console # show iscsi iSCSI enabled iSCSI vpt is 5, remark Session aging time: 60 min Maximum number of connections is 256 -------------------------------------------------- iSCSI targets and TCP ports: --------------------------- TCP Port Target IP Address Name 3260 5000...
Page 241 User Guidelines • The aging mechanism checks session activity in a group of N TCP iSCSI connections. In the worst case, when all 256 sessions are monitored and are not terminated gracefully, the existing mechanism causes inaccuracy: the last group of monitored iSCSI sessions ages out after (256/N)*aging-time. •...
Page 242 Initiator: iqn.1992-04.com.os- vendor.plan9:cdrom.12.storage:sys1.xyz -------------------------------------------------------------- Time started: 23-Jul-2002 10:04:50 Time for aging out: 10 min ISID: 11 Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.3 49154 172.16.1.20 30001 172.16.1.4 49155 172.16.1.21 30001 172.16.1.5 49156 172.16.1.22 30001 Session 2: --------------------------------------------------------------- Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10...
Page 243: Lacp Commands
LACP Commands lacp system-priority The lacp system-priority Global Configuration mode command configures the system priority. Use the no form of this command to reset to default. Syntax • lacp system-priority value • no lacp system-priority • value — Value of the priority. (Range: 1 - 65535) Default Configuration The default system priority value is 1.
Page 244: Lacp Timeout
Default Configuration The default port priority value is 1. Command Mode Interface Configuration (Ethernet) mode. User Guidelines • There are no user guidelines for this command. Example The following example configures the priority value for port g8 to 247. Console (config)# interface ethernet g8 Console (config-if)# lacp port-priority 247 lacp timeout The lacp timeout Interface Configuration mode command assigns an administrative LACP timeout.
Page 245: Show Lacp Ethernet
show lacp ethernet The show lacp ethernet Privilege EXEC mode command displays LACP information for Ethernet ports. Syntax • show lacp ethernet interface [parameters | statistics | protocol-state] • Interface — Ethernet interface. Default Configuration This command has no default configuration. Command Mode Privilege EXEC mode.
Page 246 Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example shows how to display LACP port-channel information. Console# show lacp port-channel 1 Port-Channel 1:Port Type 1000 Ethernet Actor System Priority:1 MAC Address: 00:02:85:0E:1C:00 Admin Key: Oper Key:...
Page 247: Line Commands
Line Commands line The line Global Configuration mode command identifies a specific line for configuration and enters the Line Syntax • line {console | telnet | ssh} • console — Console terminal line. • telnet — Virtual terminal for remote console access (Telnet). •...
Page 248: Autobaud
Syntax • speed bps • bps — Baud rate in bits per second (bps). The options are 2400, 4800, 9600, 19200 and 38400. Default Configuration This default speed is 9600. Command Mode Line Configuration (console) mode. User Guidelines • The configured speed would be applied when Autobaud is disabled. •...
Page 249: Exec-Timeout
Examples The following example sets the line for automatic baud rate detection. Console (config)# line console Console(config-line)# autobaud exec-timeout The exec-timeout Line Configuration mode command sets the interval that the system waits until user input is detected. Use the no form of this command to restore the default setting. Syntax •...
Page 250: Show Line
show line The show line User EXEC mode command displays line parameters. Syntax • show line [console | telnet | ssh] • console — Console terminal line. • telnet — Virtual terminal for remote console access (Telnet). • ssh — Virtual terminal for secured remote console access (SSH). Default Configuration Default value is console.
Page 251: Terminal History Size
Command Mode User EXEC mode. User Guidelines The command enables the command history for the current session. The default would be determined by the history Line Configuration command. Examples The following example disables the command history function for the current terminal session. console# show line console Interactive timeout: 10 minutes History: 10...
Page 252 Line Commands...
Page 253: Lldp Commands
LLDP Commands lldp enable (global) The lldp enable Global Configuration mode command enables Link Layer Discovery Protocol (LLDP). Use the no form of this command to disable LLD. Syntax • lldp enable • no lldp enable Default Configuration LLDP is enabled. Command Mode Global Configuration mode.
Page 254: Lldp Timer
Syntax • lldp enable [rx | tx | both] • no lldp enable • rx — Receive only LLDP packets. • tx —Transmit only LLDP packets. • both — Receive and transmit LLDP packets (default) Default Configuration Enabled in both modes. Command Modes Interface Configuration (Ethernet) mode.
Page 255: Lldp Hold-Multiplier
Default Configuration Default — 30 seconds. Command Modes Global Configuration mode. User Guidelines There are no user guidelines for this command. Examples The following example specifies the system to send Link Layer Discovery Protocol (LLDP) updates every 50 seconds. Console (config) # lldp timer 50 lldp hold-multiplier The lldp hold-multiplier Global Configuration mode command specifies the amount of time the receiving device should hold a Link Layer Discovery Protocol (LLDP) packet before discarding it.
Page 256: Lldp Reinit-Delay
Examples The following example specifies the amount of time the receiving device should hold a Link Layer Discovery Protocol (LLDP) packet to 10 before discarding it. Console (config) # lldp hold-multiplier 10 lldp reinit-delay The lldp reinit-delay Global Configuration mode command specifies the minimum time an LLDP port waits before reinitializing LLDP transmissions.
Page 257: Lldp Optional-Tlv
Syntax • lldp tx-delay seconds • no lldp tx-delay Parameters • seconds — Specifies the delay in seconds between successive LLDP frame transmissions initiated by value/status changes in the LLDP local systems MIB. (Range 1 - 8192 seconds) Default Configuration The default value is 2 seconds.
Page 258: Lldp Management-Address
User Guidelines There are no user guidelines for this command. Example The following example specifies which optional TLV (2)s from the basic set should be transmitted. Console(config)# interface ethernet g5 Console(config-if)# lldp optional-tlv sys-name lldp management-address The lldp management-address Interface Configuration mode command specifies the management address that would be advertised from an interface.
Page 259: Lldp Med Enable
lldp med enable The lldp med enable Interface Configuration mode command enables Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) on an interface. Use the no form of this command to disable LLDP MED on an interface. Syntax • lldp med enable [tlv1 …...
Page 260: Lldp Med Network-Policy (Interface)
Syntax • lldp med network-policy number application [vlan id] [vlan-type {tagged | untagged}] [up priority] [dscp value] • no lldp med network-policy number • number — Network policy sequential number. • application — The name or the number of the primary function of the application defined for this network policy.
Page 261: Lldp Med Location
Command Mode Interface Configuration (Ethernet) mode. User Guidelines There are no guidelines for this command. lldp med location The lldp med location Interface Configuration mode command configures location information for the Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) for an interface. Use the no form of this command to delete location information for an interface.
Page 262: Clear Lldp Rx
clear lldp rx The clear lldp rx Privileged EXEC mode command restarts the LLDP RX state machine and clears the neighbors table. Syntax • clear lldp rx [ethernet interface] interface — Ethernet port • Command Modes Privileged EXEC mode. User Guidelines •...
Page 263: Show Lldp Local
Example The following example displays the Link Layer Discovery Protocol (LLDP) configuration. Console# show lldp configuration LLDP state: Enabled Timer: 30 Seconds Hold multiplier: 4 Reinit delay: 2 Seconds Tx delay: 2 Seconds Port State Optional TLVs Addres ---- ----- ------------- ------- Rx and Tx...
Page 264 Example The following example displays the Link Layer Discovery Protocol (LLDP) information that is advertised from port g1. Switch# show lldp local ethernet g1 Device ID: 0060.704C.73FF Port ID: 1 Capabilities: Bridge System Name: ts-7800-1 System description: Port description: Management address: 172.16.1.8 802.3 MAC/PHY Configuration/Status Auto-negotiation support: Supported Auto-negotiation status: Enabled...
Page 265: Show Lldp Neighbors
show lldp neighbors The show lldp neighbors Privileged EXEC mode command displays information about neighboring devices discovered using Link Layer Discovery Protocol (LLDP). Syntax • show lldp neighbors [ethernet interface] interface — Ethernet interface • Command Modes Privileged EXEC mode. User Guidelines There are no user guidelines for this command.
Page 266: Show Lldp Med Configuration
LLDP-MED Inventory Hardware revision: 2.1 Firmware revision: 2.3 Software revision: 2.7.1 Serial number: LM759846587 Manufacturer name: VP Model name: TR12 Asset ID: 9 show lldp med configuration The show lldp med configuration Privileged EXEC mode command displays the Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) configuration.
Page 267 Example The following example displays the Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) configuration. Switch# show lldp med configuration Network policy 1 ------------------- Application type: Voice VLAN ID: 2 tagged Layer 2 priority: 0 DSCP: 0 Port Capabilities Network Policy Location ----------...
Page 268 LLDP Commands...
Page 269: Management Acl
Management ACL management access-list The management access-list Global Configuration mode command defines an Access-List for management, and enters the Access-List for configuration. Once in the Access-List Configuration mode, the denied or permitted access conditions are configured with the deny and permit commands.
Page 270 Examples The following example shows how to create an Access-List called ’mlist’, configure two management interfaces ethernet g1 and ethernet g9, and make the Access-List the active list. Console (config)# management access-list mlist Console (config-macl)# permit ethernet g1 Console (config-macl)# permit ethernet g9 Console (config-macl)# exit Console (config)# management access-class mlist The following example shows how to create an Access-List called ’mlist’, configure all interfaces to be...
Page 271: Permit (Management)
permit (management) The permit Management Access-List Configuration mode command defines a permit rule. Syntax • permit [ethernet interface-number | vlan vlan-id | port-channel number] [service service] • permit ip-source {ipv4-address | ipv6-address/prefix-length} [mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel number] [service service] •...
Page 272: Deny (Management)
deny (management) The deny Management Access-List Configuration mode command defines a deny rule. Syntax • deny [ethernet interface-number | vlan vlan-id | port-channel number] [service service] • deny ip-source {ipv4-address | ipv6-address/prefix-length}[mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel number] [service service] •...
Page 273: Management Access-Class
management access-class The management access-class Global Configuration mode command defines which management Access-List is used. Use the no form of this command to disable restriction. Syntax • management access-class {console-only | name} • no management access-class • name — Name of the Access List. If unspecified, defaults to an empty Access-List. (Range: 1 - 32 characters) •...
Page 274: Show Management Access-Class
User Guidelines • There are no user guidelines for this command. Example The following example displays the active management Access-List. Console# show management access-list mlist ----- permit ethernet g1 permit ethernet g9 ! (Note: all other access implicitly denied) show management access-class The show management access-class Privileged EXEC mode command displays the active management Access-List.
Page 275: Phy Diagnostics Commands
PHY Diagnostics Commands test copper-port tdr The test copper-port tdr Privileged EXEC mode command diagnoses with TDR (Time Domain Reflectometry) technology the quality and characteristics of a copper cable attached to a port. Syntax • test copper-port tdr interface • interface —...
Page 276: Show Copper-Ports Cable-Length
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the last TDR (Time Domain Reflectometry) tests on all ports. Console# show copper-ports tdr Port Result Length...
Page 277: Show Fiber-Ports Optical-Transceiver
— Detailed diagnostics. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • To test optical transceivers, ensure a fiber link is up. The test is only supported on Dell supported SFP modules. PHY Diagnostics Commands...
Page 278 Examples The following example displays the optical transceiver diagnostics. console# show fiber-ports optical-transceiver Port Temp Voltage Current Output Input Power Power Power ---- ----- ------- ------ ------ ------ Copper Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage. Current –...
Page 279 The following example displays detailed optical transceiver diagnostics. console# show fiber-ports optical-transceiver detailed Port Temp Voltage Current Output Input [Volt] [mA] Power Power [mWatt] [mWatt] ----- ------ ------ ------ ---- 7.27 0.79 3.30 2.50 7.24 0.78 2.20 2.49 Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage.
Page 280 PHY Diagnostics Commands...
Page 281: Port Channel Commands
Port Channel Commands interface port-channel The interface port-channel Global Configuration mode command enters the Interface Configuration mode of a specific port-channel. Syntax • interface port-channel port-channel-number • port-channel-number — A valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode Global Configuration mode.
Page 282: Channel-Group
Syntax • interface range port-channel {port-channel-range | all} • port-channel-range — List of port-channels to configure. Separate non-consecutive port-channels with a comma and no spaces. A hyphen designates a range of port-channels. • all — All the channel-ports. Default Configuration This command has no default configuration.
Page 283: Port-Channel Load-Balance
Command Mode Interface Configuration (Ethernet) mode. User Guidelines • There are no user guidelines for this command. Example The following example shows how port g5 is configured to port-channel number 1 without LACP . Console (config)# interface ethernet g5 Console (config-if)# channel-group 1 mode on port-channel load-balance The port-channel load-balance Global Configuration mode command configures the load balancing policy of the port channeling.
Page 284: Show Interfaces Port-Channel
show interfaces port-channel The show interfaces port-channel Privileged EXEC mode command shows Port channel information. Syntax • show interfaces port-channel [port-channel-number] • port_channel_number — Number of the Port channel to display. (Range: Valid port channel) Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode.
Page 285: Port Monitor Commands
Port Monitor Commands port monitor The port monitor Interface Configuration mode command starts a port monitoring session. Use the no form of this command to stop a port monitoring session. Syntax • port monitor src-interface [rx | tx] • no port monitor src-interface •...
Page 286: Show Ports Monitor
• The following restrictions apply to ports configured to be destination ports: • The port cannot be already configured as a source port. • The port cannot be a member in a port-channel. • An IP interface is not configured on the port. •...
Page 287 User Guidelines • There are no user guidelines for this command. Example The following example shows how the port copy status is displayed. Console# show ports monitor Source Port Destination Port Type Status ---------- ---------------- ------------ ------- RX, TX Active RX, TX Active Active...
Page 288 Port Monitor Commands...
Page 289: Qos Commands
QoS Commands The qos Global Configuration mode command enables quality of service (QoS) on the device and enters QoS basic mode. Use the no form of this command to disable the QoS features on the device. Syntax • • no qos Default Configuration There is no default configuration for this command.
Page 290: Wrr-Queue Cos-Map
Command Mode User EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays a QoS mode. Console#show qos Qos: disabled Trust: dscp wrr-queue cos-map The wrr-queue cos-map Global Configuration mode command maps assigned CoS values to select one of the egress queues.
Page 291: Wrr-Queue Bandwidth
User Guidelines • You can use this command to distribute traffic into different queues, where each queue is configured with different weighted round robin (WRR) parameters. • To enable the expedite queues, use the priority-queue out Interface Configuration mode command wrr-queue cos-map.
Page 292: Priority-Queue Out Num-Of-Queues
Example The following example assigns WRR weights to egress queues. Console(config)# priority-queue num-of-queues 1 Console(config)# interface ethernet g1 Console(config-if)# wrr-queue bandwidth 20 30 50 Console(config)# priority-queue num-of-queues 0 Console(config)# interface ethernet g3 Console(config-if)# wrr-queue bandwidth 20 30 50 10 priority-queue out num-of-queues The priority-queue out num-of-queues Global Configuration mode command enables the egress queues to be expedite queues.
Page 293: Traffic-Shape
Example The following example sets queue 8, 7 to be expedite queues. Console (config)# priority-queue out num-of-queues 2 traffic-shape The traffic-shape Interface Configuration (Ethernet, Port-Channel) mode command sets the shaper on an egress port. Use the no form of this command to disable the shaper. Syntax •...
Page 294: Show Qos Interface
Syntax • rate-limit rate • no rate-limit • rate — Specifies the maximum of kilobits per second of ingress traffic on a port. (Range: 3.5M – 1G ) Default Configuration The default configuration is disabled. Command Mode Interface Configuration (Ethernet) mode. User Guidelines •...
Page 295 Default Configuration There is no default configuration for this command. Command Mode User EXEC mode. User Guidelines If no keyword is specified with the show qos interface command, the port QoS mode (DSCP trusted, CoS trusted, untrusted), default CoS value, attached to the port, attached to the interface are displayed.
Page 296: Qos Map Dscp-Queue
qos map dscp-queue The qos map dscp-queue Global Configuration mode command modifies the DSCP to queue map. Use the no form of this command to return to the default map. Syntax • qos map dscp-queue dscp-list to queue-id • no qos map dscp-queue [dscp-list ] •...
Page 297: Qos Trust (Interface)
Default Configuration CoS is the default trust mode. Command Mode Global Configuration mode. User Guidelines • Packets entering a quality of service (QoS) domain are classified at the edge of the QoS domain. When the packets are classified at the edge, the switch port within the QoS domain can be configured to one of the trusted states because there is no need to classify the packets at every switch within the domain.
Page 298: Qos Cos
Example The following example configures port g5 to default trust state (CoS). Console (config)# interface ethernet g5 Console (config-if) qos trust qos cos The qos cos Interface Configuration mode command configures the default port CoS value. Use the no form of this command to return to the default setting. Syntax qos cos default-cos •...
Page 299 Default Configuration This command has no default configuration. Command Mode User EXEC mode . User Guidelines • There are no user guidelines for this command. Example The following example displays the DSCP port-queue map. console# show qos map Dscp-queue map: d1 : d2 0 --------------------------------------- 01 01 01 01 01 01 01 01 01 01...
Page 300 QoS Commands...
Page 301: Radius Commands
Radius Commands radius-server host The radius-server host Global Configuration mode command specifies a RADIUS server host. Use the no form of this command to delete the specified RADIUS host. Syntax • radius-server host {ip-address | hostname} [auth-port auth-port-number] [timeout timeout] [retransmit retransmit] [deadtime deadtime] [key key] [source source] [priority priority] [usage type] no radius-server host ip-address...
Page 302: Radius-Server Key
Default Configuration By default, no RADIUS host is specified. Command Mode Global Configuration mode. User Guidelines • To specify multiple hosts, multiple radius-server host commands can be used. • If no host-specific timeout, retransmit, deadtime or key values are specified, the global values apply to each host.
Page 303: Radius-Server Retransmit
There are no user guidelines for this command. Example The following example sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon to "dell-server". Console (config)# radius-server key dell-server radius-server retransmit The radius-server retransmit Global Configuration mode command specifies the number of times the software searches the list of RADIUS server hosts.
Page 304: Radius-Server Source-Ip
radius-server source-ip The radius-server source-ip Global Configuration mode command specifies the source IP address used for communication with RADIUS servers. Use the no form of this command to return to the default. Syntax • radius-server source-ip source no radius source-server-ip source •...
Page 305: Radius-Server Timeout
User Guidelines • There are no user guidelines for this command. Example The following example configures the source IPv6 address used for communication with RADIUS servers. Console (config)# radius-server source-ipv6 3156::98 radius-server timeout The radius-server timeout Global Configuration mode command sets the interval for which a device waits for a server host to reply.
Page 306: Radius-Server Deadtime
radius-server deadtime The radius-server deadtime Global Configuration mode command improves RADIUS response times when servers are unavailable. The command is used to cause the unavailable servers to be skipped. Use the no form of this command to reset the default value. Syntax •...
Page 307 User Guidelines • There are no user guidelines for this command. Examples The following example displays the RADIUS server settings. Console# show radius-servers IP address Port Time Retransmit Dead Source Priority Usage Auth time --------- ---- ----- ---------- ------ ----- ------- ----- 172.16.1.1...
Page 308 Radius Commands...
Page 309: Rmon Commands
RMON Commands show rmon statistics The show rmon statistics User EXEC mode command displays RMON Ethernet Statistics. Syntax • show rmon statistics {ethernet interface number | port-channel port-channel-number} • interface — Valid Ethernet port. • port-channel-number — Valid port-channel trunk index. Default Configuration This command has no default configuration.
Page 310 Example The following example displays RMON Ethernet Statistics for port g1. Console# show rmon statistics ethernet g1 Port g1 Dropped: 8 Octets: 878128 Packets: 978 Broadcast: 7 Multicast: 1 CRC Align Errors: 0 Collisions: 0 Undersize Pkts: 0 Oversize Pkts: 0 Fragments: 0 Jabbers: 0 64 Octets: 98 65 to 127 Octets: 0 128 to 255 Octets: 0 256 to 511 Octets: 0...
Page 311: Rmon Collection History
Oversize Pkts The total number of packets received longer than 1518 octets (excluding framing bits, but including FCS octets) and otherwise well formed. Fragments The total number of packets received less than 64 octets in length (excluding framing bits but including FCS octets) and either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
Page 312: Show Rmon Collection History
Syntax • rmon collection history index [owner ownername] [buckets bucket-number] [interval seconds] • no rmon collection history index • index — The requested statistics index group. (Range: 1 - 65535) • owner ownername — Records the RMON statistics group owner name. If unspecified, the name is an empty string.
Page 313 Command Mode User EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays all RMON group statistics. Console# show rmon collection history Index Interface Interval Requested Granted Owner Samples Samples ------ ---------- -------- --------- ---------- ---- 1000 The following table describes the significant fields shown in the display:...
Page 314: Show Rmon History
show rmon history The show rmon history User EXEC mode command displays RMON Ethernet Statistics history. Syntax • show rmon history index {throughput | errors | other} [period seconds] • index — The requested set of samples. (Range: 1 - 65535) •...
Page 315 The following example displays RMON Ethernet Statistics history for "errors" on index number 5. Console# show rmon history 5 errors Sample Set: 1 Owner: CLI Interface: g1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 500 Time CRC Align Undersize Oversize Fragments Jabbers...
Page 316 The following table describes the significant fields shown in the display: Field Description Time Date and Time the entry is recorded. Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). Packets The number of packets (including bad packets) received during this sampling interval.
Page 317: Rmon Alarm
rmon alarm The rmon alarm Global Configuration mode command configures alarm conditions. Use the no form of this command to remove an alarm. Syntax • rmon alarm index variable interval rthreshold fthreshold revent fevent [type type] [startup direction] [owner name] •...
Page 318: Show Rmon Alarm-Table
Rising threshold event index — 10 • Falling threshold event index — 20 Console (config)# rmon alarm 1000 dell 360000 1000000 1000000 10 20 show rmon alarm-table The show rmon alarm-table User EXEC mode command displays the alarms summary table.
Page 319: Show Rmon Alarm
Example The following example displays the alarms summary table. Console# show rmon alarm-table Index Owner ----- ------------------- -------------- 1.3.6.1.2.1.2.2.1.10.1 1.3.6.1.2.1.2.2.1.10.1 Manager 1.3.6.1.2.1.2.2.1.10.9 The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the entry. Monitored variable OID.
Page 320 Example The following example displays RMON 1 alarms. Console# show rmon alarm 1 Alarm 1 ------- OID: 1.3.6.1.2.1.2.2.1.10.1 Last sample Value: 878128 Interval: 30 Sample Type: delta Startup Alarm: rising Rising Threshold: 8700000 Falling Threshold: 78 Rising Event: 1 Falling Event: 1 Owner: CLI The following table describes the significant fields shown in the display: Field...
Page 321: Rmon Event
Startup Alarm The alarm that may be sent when this entry is first set. If the first sample is greater than or equal to the rising threshold, and startup alarm is equal to rising or rising and falling, then a single rising alarm is generated. If the first sample is less than or equal to the falling threshold, and startup alarm is equal falling or rising and falling, then a single falling alarm is generated.
Page 322: Show Rmon Events
User Guidelines • There are no user guidelines for this command. Example The following example configures an event with the trap index of 10. Console (config)# rmon event 10 log show rmon events The show rmon events User EXEC mode command displays the RMON event table. Syntax •...
Page 323: Show Rmon Log
The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the event. Description A comment describing this event. Type The type of notification that the device generates about this event. Can have the following values: none, log, trap, log-trap.
Page 324 Example The following example displays the RMON logging table. Console# show rmon log Maximum table size: 500 Event Description Time ------- -------------- --------- Errors Jan 18 2002 23:48:19 Errors Jan 18 2002 23:58:17 High Broadcast Jan 18 2002 23:59:48 Console# show rmon log Maximum table size: 500 (800 after reset) Event Description...
Page 325: Rmon Table-Size
rmon table-size The rmon table-size Global Configuration mode command configures the maximum RMON tables sizes. Use the no form of this command to return to the default configuration. Syntax • rmon table-size {history en.tries | log entries} • no rmon table-size {history | log} •...
Page 326 RMON Commands...
Page 327: Snmp Commands
SNMP Commands snmp-server community The snmp-server community command sets up the community access string to permit access to the Simple Network Management Protocol command. Use the no form of this command removes the specified community string. Syntax • snmp-server community community [ro | rw | su] [ipv4-address | ipv6-address] [view view-name] •...
Page 328: Snmp-Server View
User Guidelines • The view-name parameter cannot be specified for su, which has access to the whole MIB. • The view-name parameter can be used to restrict the access rights of a community string. When it is specified: – An internal security name is generated. –...
Page 329: Snmp-Server Filter
Default Setting ’Default’ and ’DefaultSuper’ views exists. Command Mode Global Configuration mode. User Guidelines • You can enter this command multiple times for the same view record. • The number of views is limited to 64. • "Default" and "DefaultSuper" views exist. Those views are used by the software internally and can't be deleted or modified.
Page 330: Snmp-Server Contact
Command Modes Global Configuration mode. User Guidelines • You can enter this command multiple times for the same filter record. Later lines take precedence when an object identifier is included in two or more lines. . Example The following example creates a filter that includes all objects in the MIB-II system group except for sysServices (System 7) and all objects for interface 1 in the MIB-II interfaces group: Console (config)# snmp-server view user-view system included Console (config)# snmp-server view user-view system.7 excluded...
Page 331: Snmp-Server Location
snmp-server location The snmp-server location Global Configuration mode command sets up information on where the device is located. To remove the location string use, the no form of this command. Syntax • snmp-server location text no snmp-server location • text — Character string, up to 160 characters, describing the system location. Default Configuration This command has no default configuration.
Page 332: Snmp-Server Trap Authentication
Examples The following example displays the command to enable SNMP traps. Console (config)# snmp-server enable traps snmp-server trap authentication The snmp-server trap authentication Global Configuration mode command enables the switch to send Simple Network Management Protocol traps when authentication fails. Use the no form of this command to disable SNMP authentication failed traps.
Page 333 Syntax • snmp-server host {ip4-address | ip6-address | hostname} community-string [traps | informs] [1 | 2] [udp-port port] [filter filtername] [timeout seconds] [retries retries] • no snmp-server host {ip4-address | ip6-address | hostname} [traps | informs] • ip4-address — The host IPv4 address (the targeted recipient). •...
Page 334: Snmp-Server Set
• If a trap and inform are defined on the same target, and an inform was sent, the trap is not sent. • The IPv6Z address format: % – interface-name — vlan | ch | isatap | | 0 –...
Page 335: Snmp-Server Group
Examples The following example sets the scalar MIB "sysName" to have the value "dell". Console (config)# snmp-server set sysName sysname dell The following example sets the entry MIB "rndCommunityTable" with keys 0.0.0.0 and "public". The field rndCommunityAccess gets the value "super" and the rest of the fields get their default values.
Page 336: Snmp-Server User
Default Configuration No group entry exists. Command Mode Global Configuration mode. User Guidelines • The Router context is translated to "" context in the MIB. Example The following example configures a new Simple Network Management Protocol (SNMP) group or a table that maps SNMP users to SNMP views Console (config)# snmp-server group user-group v3 priv read user-view snmp-server user...
Page 337: Snmp-Server V3-Host
md5-des-keys — Concatenated hexadecimal string of the MD5 key (MSB) and the privacy key • (LSB). If authentication is only required you should enter 16 bytes, if authentication and privacy are required you should enter 32 bytes. Each byte in hexadecimal character strings is two hexadecimal digits.
Page 338 Syntax • snmp-server v3-host {ip4-address | ip6-address | hostname} | hostname} username [traps | informs] {noauth | auth | priv} [udp-port port] [filter filtername] [timeout seconds] [retries retries] • no snmp-server v3-host {ip4-address | ip6-address | hostname} username [traps | informs] •...
Page 339: Snmp-Server Engineid Local
User Guidelines • The command logical key is the pair (ip-address/hostname, traps/informs). • A user and notification view are not automatically created. Use the snmp-server user, snmp-server group and snmp-server view Global Configuration mode commands to generate a user, group and notify group, respectively.
Page 340 Default Setting The engine ID is not configured. If SNMPv3 is enabled using this command, and the default is specified, the default engine ID is defined per standard as: • First 4 octets — first bit = 1, the rest is IANA Enterprise number. •...
Page 341: Show Snmp Engineid
Example The following example specifies the Simple Network Management Protocol (SNMP) engineID on the local device. Console(config) # snmp-server engineID local default show snmp engineid The show snmp engineID Privileged EXEC mode command displays the ID of the local Simple Network Management Protocol (SNMP) engine.
Page 342: Show Snmp Views
User Guidelines • There are no user guidelines for this command. Example The following example displays the SNMP communications status. console# sh snmp Traps are enabled. Authentication trap is enabled. Version 1,2 notifications Target Type Community Version UDP Port Filter TO sec Retries Address...
Page 343: Show Snmp Groups
Command Modes Privileged EXEC mode. User Guidelines • There are no user guidelines for this command Example The following example displays the configuration of views use the show snmp views Privileged EXEC command. Console # show snmp views Name OID Tree Type user-view 1.3.6.1.2.1.1...
Page 344: Show Snmp Filters
Example The following example displays the configuration of views use the show snmp views Privileged EXEC command. Console # show snmp groups Name Security Views Model Level Context Read Write Notify user-group priv Default managers-group priv Default Default managers-group priv Default Console # show snmp groups user-group Name: user-group...
Page 345: Show Snmp Users
Default Configuration There is no default configuration for this command. Command Modes Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the configuration of filters use the show snmp filters Privileged EXEC command.
Page 346 Example The following example displays the configuration of groups use the show snmp users Privileged EXEC command. Console # show snmp users Name group name Auto Method Remote John 1.3.6.1.2.1.1 John 1.3.6.1.2.1.1.7 08009009020C0B099 C075879 Console # show snmp users John Name: John Group name: user-group Auth Method: md5...
Page 347: Spanning-Tree Commands
Spanning-Tree Commands spanning-tree The spanning-tree Global Configuration mode command enables spanning-tree functionality. Use the no form of this command to disable spanning-tree functionality. Syntax • spanning-tree • no spanning-tree Default Configuration Spanning-tree is enabled. Command Modes Global Configuration mode. User Guidelines •...
Page 348: Spanning-Tree Forward-Time
Syntax • spanning-tree mode {stp | rstp| mstp} • no spanning-tree mode • stp — STP is the Spanning Tree operative mode. • rstp — RSTP is the Spanning Tree operative mode. • mstp — MSTP is enabled Default Configuration STP configured.
Page 349: Spanning-Tree Hello-Time
User Guidelines • When configuring the Forward-Time the following relationship should be kept: – 2*(Forward-Time - 1) >= Max-Age Example The following example configures spanning-tree bridge forward time to 25 seconds. Console(config)# spanning-tree forward-time 25 spanning-tree hello-time The spanning-tree hello-time Global Configuration mode command configures the spanning-tree bridge hello time, which is how often the switch Broadcasts hello messages to other switches.
Page 350: Spanning-Tree Max-Age
spanning-tree max-age The spanning-tree max-age Global Configuration mode command configures the spanning-tree bridge maximum age. Use the no form of this command to reset the default maximum age. Syntax • spanning-tree max-age seconds • no spanning-tree max-age • seconds -Time in seconds. (Range: 6 - 40) Default Configuration The default max-age for IEEE STP is 20 seconds.
Page 351: Spanning-Tree Disable
Command Modes Global Configuration mode. User Guidelines • The priority value must be a multiple of 4096. • The bridge with the lowest priority is elected to be the Root Bridge. Example The following example configures spanning-tree priority to 12288. Console(config)# spanning-tree priority 12288 spanning-tree disable The spanning-tree disable Interface Configuration mode command disables spanning-tree on a specific...
Page 352: Spanning-Tree Cost
spanning-tree cost The spanning-tree cost Interface Configuration mode command configures the spanning-tree path cost for a port. Use the no form of this command to reset the default port path cost. Syntax • spanning-tree cost cost • no spanning-tree cost •...
Page 353: Spanning-Tree Portfast
User Guidelines • There are no user guidelines for this command. Example The following example configures the spanning priority on g5 to 96. Console(config)# interface ethernet g5 Console(config-if)# spanning-tree port-priority 96 spanning-tree portfast The spanning-tree portfast Interface Configuration mode command enables PortFast mode. In PortFast mode, the interface is immediately put into the forwarding state upon linkup, without waiting for the timer to expire.
Page 354: Spanning-Tree Link-Type
spanning-tree link-type The spanning-tree link-type Interface Configuration mode command overrides the default link-type setting. Use the no form of this command to reset the default. Syntax • spanning-tree link-type {point-to-point | shared} • no spanning-tree link-type • point-to-point — Specifies the port link type as point-to-point. •...
Page 355: Spanning-Tree Mst Max-Hops
Default Setting The default bridge priority for IEEE Spanning Tree Protocol (STP) is 32768. Command Mode Global Configuration mode. User Guidelines • The device with the lowest priority is selected as the root of the spanning tree. Example The following example configures the spanning tree priority of instance 1 to 4096. Console (config) # spanning-tree mst 1 priority 4096 spanning-tree mst max-hops The spanning-tree mst priority Global Configuration mode command configures the number of hops in...
Page 356: Spanning-Tree Mst Port-Priority
spanning-tree mst port-priority The spanning-tree mst port-priority Interface Configuration mode command configures port priority for the specified MST instance. Use the no form of this command to return to the default configuration. Syntax • spanning-tree mst instance-id port-priority priority no spanning-tree mst instance-id port-priority •...
Page 357: Spanning-Tree Mst Configuration
Default Setting Default path cost is determined by port speed and path cost method (long or short) as shown below: Interface Long Short Port-channel 20,000 Gigabit Ethernet (1000 Mbps) 20,000 Fast Ethernet (100 Mbps) 200,000 Ethernet (10 Mbps) 2,000,000 Command Modes Interface Configuration (Ethernet, port-channel) mode.
Page 358: Instance (Mst)
Example The following example configures an MST region. Console(config)# spanning-tree mst configuration Console(config-mst) # instance 1 add vlan 10-20 Console(config-mst) # name region1 Console(config-mst) # revision 1 instance (mst) The instance Configuration mode command maps VLANS to an MST instance. Syntax •...
Page 359: Name (Mst)
name (mst) The name Configuration mode command defines the configuration name. Use the no form of this command to return to the default setting. Syntax • name string • no name • string — MST configuration name and is case-sensitive. (Range: 1 - 32 characters) Default Setting The default name is a bridge ID.
Page 360: Show (Mst)
User Guidelines • There are no user guidelines for this command. Example The following example sets the configuration revision to 1. Console(config) # spanning-tree mst configuration Console(config-mst) # revision 1 show (mst) The show Configuration mode command displays the current or pending MST region configuration. Syntax •...
Page 361: Exit (Mst)
exit (mst) The exit Configuration mode command exits the MST Configuration mode and applies all configuration changes. Syntax • exit Default Setting This command has no default configuration. Command Mode MST Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example exits the MST Configuration mode and saves changes.
Page 362: Spanning-Tree Pathcost Method
Example The following example exits the MST Configuration mode without saving changes. Console(config) # spanning-tree mst configuration Console(config-mst) # abort spanning-tree pathcost method The spanning-tree pathcost method Global Configuration mode command sets the default path cost method. Use the no form of this command to revert to the default setting. Syntax •...
Page 363: Clear Spanning-Tree Detected-Protocols
Syntax • spanning-tree bpdu {filtering | flooding} • no spanning-tree bpdu • filtering — Filter BPDU packets when spanning-tree is disabled on an interface. • flooding — Flood BPDU packets when spanning-tree is disabled on an interface. Default Configuration The default definition is flooding. Command Modes Global Configuration mode.
Page 364: Show Spanning-Tree
Example The following example restarts the protocol migration process (forces the renegotiation with neighboring switches) on g1. Console# clear spanning-tree detected-protocols ethernet g1 show spanning-tree The show spanning-tree Privileged EXEC mode command displays spanning-tree configuration. Syntax • show spanning-tree [ ethernet interface-number | port-channel port-channel-number ] [instance instance-id] •...
Page 365 Examples The following example displays spanning-tree information. Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 2000 Root Port 1(g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864...
Page 366 Root ID Priority 36864 Address 00:02:4b:29:7a:00 This switch is the Root. Hello Time 2 Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.Nbr Cost Role PortFast Type Enabled 128.1 20000 FWD Desg P2p (RSTP) Enabled 128.2 20000 FWD Desg Shared (STP) Disabled...
Page 367 Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time Max Age 20 sec Forward 2 sec Delay 15 sec Interfaces Name State Prio.Nbr Cost Role PortFast Type Enabled 128.1 20000 Enabled 128.2 20000 Disabled 128.3 20000 Enabled 128.4 20000 Enabled 128.5 20000 Console# show spanning-tree active Spanning tree enabled mode RSTP...
Page 368 Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.Nbr Cost Sts Role PortFast Type Enabled 128.1 20000 FWD Root No P2p (RSTP) Enabled 128.2 20000 FWD Desg Shared (STP) Enabled 128.4 20000 BLK...
Page 369 Interfaces Name State Prio.Nbr Cost Role PortFast Type Enabled 128.4 Altn Shared (STP) Console# show spanning-tree detail Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (g1) Hello Time Max Age 20 sec Forward Delay...
Page 370 State: Forwarding Role: Root Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto) RSTP Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:01:42:97:e0:00 Designated port id: 128.25 Designated path cost: 0 Guard root: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 2 (1/2) enabled...
Page 371 Port 4 (1/4) enabled State: Blocking Role: Alternate Port Identifier: 128.4 Port cost: 20000 Type: Shared (configured: auto) STP Port Fast: No (configured:no) Designated bridge Priority: 28672 Address: 00:30:94:41:62:c8 Designated port id: 128.25 Designated path cost: 20000 Guard root:Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 5 (1/5) enabled...
Page 372 Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9 CST Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID...
Page 373 Bridge ID Priority 32768 Address 00:02:4b:29:7a:00 Number of topology changes 2 last change occurred 1d9h ago Times: hold 1, topology change 2, notification 2 hello 2, max age 20, forward delay 15 Port 1 (g1) enabled State: Forwarding Role: Boundary Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto) Boundary...
Page 374 Port 3 (1/3) disabled State: Blocking Role: Alternate Port id: 128.3 Port cost: 20000 Type: Shared (configured: auto) Internal Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:1a:19 Designated port id: 128.78 Designated path cost: 20000 Guard root: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 4 (1/4) enabled...
Page 375 Path Cost 20000 Root Port 1 (g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID Priority 32768 Address 00:02:4b:19:7a:00 Path Cost 10000 Rem hops Bridge ID Priority 32768 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops...
Page 376: Spanning-Tree Guard Root
Spanning-tree guard root The spanning-tree guard root Interface Configuration mode command enables root guard on all spanning tree instances on the interface. Root guard restricts the interface to be the switch root port. Use the no form of this command to disable root guard on the interface. Syntax •...
Page 377: Ssh Commands
SSH Commands ip ssh port The ip ssh port Global Configuration mode command specifies the port to be used by the SSH server. Use the no form of this command to use the default port. Syntax • ip ssh port port-number •...
Page 378: Crypto Key Generate Dsa
Default Configuration SSH is enabled. Command Mode Global Configuration mode. User Guidelines • If encryption keys are not generated, the SSH server is in standby until the keys are generated. To generate SSH server keys, use the commands crypto key generate rsa, and crypto key generate dsa. Example The following example enables the device to be configured from a SSH server.
Page 379: Crypto Key Generate Rsa
crypto key generate rsa The crypto key generate rsa Global Configuration mode command generates RSA key pairs. Syntax • crypto key generate rsa Default Configuration RSA key pairs do not exist. Command Mode Global Configuration mode. User Guidelines • RSA keys are generated in pairs: one public RSA key and one private RSA key. If the device already has RSA keys, a warning and prompt to replace the existing keys with new keys is displayed.
Page 380: Crypto Key Pubkey-Chain Ssh
User Guidelines • There are no user guidelines for this command. Example The following example enables public key authentication for incoming SSH sessions. Console (config)# ip ssh pubkey-auth crypto key pubkey-chain ssh The crypto key pubkey-chain ssh Global Configuration mode command enters SSH Public Key-chain Configuration mode.
Page 381: Key-String
Syntax • user-key username {rsa | dsa} • no user-key username • username — Specifies the remote SSH client username, which can be up to 48 characters long. • rsa — RSA key. • dsa — DSA key. Default Configuration By default, there are no keys.
Page 382: Show Ip Ssh
Command Mode SSH Public Key-string Configuration mode. User Guidelines • Use the key-string row command to specify the SSH public key row by row. Each row must begin with the key-string row command. This command is useful for configuration files. •...
Page 383 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the SSH server configuration. Console# show ip ssh SSH server enabled. Port: 22 RSA key was generated.
Page 384: Show Crypto Key Mypubkey
show crypto key mypubkey The show crypto key mypubkey Privileged EXEC mode command displays the SSH public keys on the device. Syntax • show crypto key mypubkey [rsa | dsa] • rsa — RSA key. • dsa — DSA key. Default Configuration This command has no default configuration.
Page 385: Show Crypto Key Pubkey-Chain Ssh
show crypto key pubkey-chain ssh The show crypto key pubkey-chain ssh Privileged EXEC mode command displays SSH public keys stored on the device. Syntax • show crypto key pubkey-chain ssh [username username] [fingerprint bubble-babble | hex] username — Specifies the remote SSH client username. •...
Page 386 SSH Commands...
Page 387: Syslog Commands
Syslog Commands logging on The logging on Global Configuration mode command controls error messages logging. This command sends debug or error messages to a logging process, which logs messages to designated locations asynchronously to the process that generated the messages. Use the no form of this command to disable the logging process.
Page 388 Syntax • logging {ip4-address | ip6-address |hostname} [port port] [severity level] [facility facility] [description text] • no logging {ip4-address | ip6-address | hostname} • ip4-address — Host IPv4 address to be used as a syslog server. • ip6-address — Host IPv6 address to be used as a syslog server. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified.
Page 389: Logging Console
Example The following example limits logged messages sent to the syslog server with IP address 10.1.1.1 to severity level critical. Console (config)# logging 10.1.1.1 severity critical logging console The logging console Global Configuration mode command limits messages logged to the console based on severity.
Page 390: Logging Buffered Size
Default Configuration The default level is informational. Command Mode Global Configuration mode. User Guidelines • All the syslog messages are logged to the internal buffer. This command limits the commands displayed to the user. Example The following example limits syslog messages displayed from an internal buffer based on the severity level "debugging".
Page 391: Clear Logging
clear logging The clear logging Privileged EXEC mode command clears messages from the internal logging buffer. Syntax • clear logging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example clears messages from the internal syslog message logging buffer.
Page 392: Clear Logging File
Example The following example limits syslog messages sent to the logging file based on the severity level ’alerts’. Console (config)# logging file alerts clear logging file The clear logging file Privileged EXEC mode command clears messages from the logging file. Syntax •...
Page 393: File-System Logging
Command Mode Global Configuration mode. User Guidelines • Other types of AAA events are not subject to this command. Example The following examplee nables logging messages related to AAA login events. Console(config)# aaa logging login file-system logging The file-system logging Global Configuration mode command controls logging file system events. To disable logging use the no form of the command.
Page 394: Management Logging
management logging The management logging Global Configuration mode command controls logging of management access lists events. To disable logging use the no form of the command. Syntax • management logging deny • no management logging deny • deny — Log messages related to management ACLs deny actions. Default Configuration Logging of management access lists events enabled.
Page 395 Example The following example displays the show logging settings. Console# show logging Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max. File logging: level notifications. File Messages: 0 Dropped (severity). Syslog server 192.180.2.27 logging: errors.
Page 396: Show Logging File
Buffer log: 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernetg/0, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernetg/1, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernet1/2, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernetg/3, changed state to up 11-Aug-2002 15:41:43: %SYS-5-CONFIG_I: Configured from memory by console 11-Aug-2002 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface...
Page 397 User Guidelines • There are no user guidelines for this command. Example The following example displays the show logging file settings. Console# show logging file Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max. File logging: level notifications.
Page 398: Show Syslog-Servers
File log: 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernetg/0, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernetg/1, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernetg/2, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernetg/3, changed state to up 11-Aug-2002 15:41:43: %SYS-5-CONFIG_I: Configured from memory by console 11-Aug-2002 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface...
Page 399 User Guidelines • There are no user guidelines for this command. Example The following example displays the syslog server settings. Console# show syslog-servers IP address Port Severity Facility Description ------------- ---- -------- -------- ----------- 192.180.2.275 Informational local 192.180.2.285 Warning local Syslog Commands...
Page 400 Syslog Commands...
Page 401: System Management
System Management ping The ping User EXEC mode command sends ICMP echo request packets to another node on the network. Syntax • ping ip-address | hostname [size packet_size] [count packet_count] [timeout time_out] • ping ipv6 {ipv6-address | hostname} [size packet_size] [count packet_count] [timeout time_out] •...
Page 402 User Guidelines Press Esc to stop pinging. Following are sample results of the ping command: • Destination (host/network) unreachable — The gateway for this destination indicates an unreachable destination. • Destination does not respond — If the host does not respond, a “no answer from host” appears in ten seconds.
Page 403: Traceroute
The following example displays an address 180.50.1.1 which does not have connectivity. Console# ping 180.50.1.1 Pinging 180.50.1.1 with 56 bytes of data: PING: net-unreachable PING: net-unreachable PING: net-unreachable traceroute The traceroute User EXEC mode command discovers the routes that packets will actually take when traveling to their destination.
Page 404 count packet_count — The default count is 3. timeout time_out — The default is 6 seconds. Command Mode User EXEC mode. User Guidelines • The traceroute command works by taking advantage of the error messages generated by a device when a datagram exceeds its time-to-live (TTL) value.
Page 405: Telnet
The following table describes the significant fields shown in the display Field Description Indicates the sequence number of the router in the path to the host. i2-gateway.stanford.edu Host name of this device. 192.68.191.83 IP address of this device. 1 msec 1 msec 1 msec Round-trip time for each of the probes that are sent.
Page 406 User Guidelines • The Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating system-specific functions. To issue a special Telnet command, enter Esc and then a command character. Special Telnet Command characters Escape Sequence Purpose Ctrl-shift-6 b...
Page 407 Keywords Table Options Description /echo Enables local echo /quiet Prevents onscreen display of all messages from the software. /source-interface Specifies the source interface. /stream Turns on stream processing, which enables a raw TCP stream with no Telnet control sequences. A stream connection does not process Telnet options and can be appropriate for connections to ports running UNIX-to-UNIX Copy Program (UUCP) and other...
Page 408: Resume
Printer service nntp Network News Transport Protocol 119 pim-auto-rp PIM Auto-RP pop2 Post Office Protocol v2 pop3 Post Office Protocol v3 smtp Simple Mail Transport Protocol sunrpc Sun Remote Procedure Call syslog Syslog tacacs TAC Access Control System talk Talk telnet Telnet time...
Page 409: Reload
User Guidelines • There are no user guidelines for this command. Examples The following command switches to another open Telnet session. Console> resume 176.213.10.50 reload The reload Privileged EXEC mode command reloads the operating system. Syntax • reload Default Configuration This command has no default configuration.
Page 410: Service Cpu-Utilization
There are no user guidelines for this command. Example The following example specifies the device host name. Console (config)# hostname Dell service cpu-utilization The service cpu-utilization Global Configuration mode command allows the software to measure CPU utilization. Use the no form of this command to disable measuring.
Page 411: Show Cpu Utilization
show cpu utilization The show cpu utilization privileged EXEC mode command displays information about CPU utilization. Syntax • show cpu utilization Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • Use the service cpu-utilization Global Configuration mode command to enable measuring CPU utilization.
Page 412: Show Sessions
User Guidelines • There are no user guidelines for this command. Example Console> show users Username Protocol Location Serial John 172.16.0.1 Robert HTTP 172.16.0.8 Betty Telnet 172.16.1.7 show sessions The show sessions User EXEC mode command lists the open Telnet sessions. Syntax •...
Page 413: Show System
Examples The following table describes the significant fields shown in the display: Console> show sessions Connecti Host Address Port Byte -------- -------------- -------- ----- ---- Remote device 172.16.1.1 172.16.1.2 172.16.1.2 Field Description Connection Connection number Host Remote host to which the device is connected through a Telnet session. Address IP address of the remote host.
Page 414: Set System
Example The following example displays the system information. console> show system System Description: Kenan 24 System Up Time (days,hour:min:sec): 00,05:19:48 System Contact: System Name: System location: System MAC Address: 00:00:b0:00:00:00 Sys Object ID: 1.3.6.1.4.1.674.10895.3020 PowerConnect 5400 Type: Main Power Supply Status Redundant Power Supply Status:...
Page 415: Show System Mode
User Guidelines • Only after reboot is the command implemented. During reboot the startup-config is deleted. It is highly recommended to backup the startup-config before executing this command. Example The following example enables support for ACLs and DVA. Console# set system dva show system mode The show system mode User EXEC mode command displays information on features control.
Page 416: Asset-Tag
Syntax • show version Default Configuration This command has no default configuration. Command Mode User EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays a system version (this version number is only for demonstration purposes).
Page 417: Show System Id
User Guidelines • There are no user guidelines for this command. Example The following example specifies the device asset tag as "1qwepot". Console (config)# asset-tag 1qwepot show system id The show system id User EXEC mode command displays the ID information. Syntax •...
Page 418 System Management...
Page 419: Tacacs Commands
TACACS Commands tacacs-server host The tacacs-server host Global Configuration mode command specifies a TACACS+ host. Use the no form of this command to delete the specified name or address. Syntax • tacacs-server host {ip-address | hostname} [single-connection] [port port-number] [timeout timeout] [key key-string] [source source] [priority priority] •...
Page 420: Tacacs-Server Key
There are no user guidelines for this command. Examples The following example sets the authentication encryption key. Console (config)# tacacs-server key dell-s tacacs-server timeout The tacacs-server timeout Global Configuration mode command sets the timeout value. Use the no form of this command to restore the default.
Page 421: Tacacs-Server Source-Ip
Syntax • tacacs-server timeout timeout • no tacacs-server timeout • timeout — Specifies the timeout value in seconds. (Range: 1 - 30) Default Configuration 5 seconds. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Examples The following example sets the timeout value as 30.
Page 422: Show Tacacs
Examples The following example specifies the source IP address. Console (config)# tacacs-server source-ip 172.16.8.1 show tacacs The show tacacs Privileged EXEC mode command displays configuration and statistics for a TACACS+ server. Syntax • show tacacs [ip-address] • ip-address — Host name or IP address of the host. Default Configuration This command has no default configuration.
Page 423: Tic Commands
TIC Commands passwords min-length The passwords min-length Global Configuration mode command configures the minimal length required for passwords in the local database. Use the no form of this command to remove a requirement. Syntax • passwords min-length length • no passwords min-length •...
Page 424: Password-Aging
password-aging The password-aging Line Configuration mode command configures the aging time of line passwords. To disable password expiration time use the no form of this command. Syntax password-aging days • • no password-aging • days — The number of days before a password change is forced. (Range: 1-365) Default Configuration Password aging is disabled.
Page 425: Passwords History
Default Configuration Password aging is disabled. Command Mode Global Configuration mode. User Guidelines • The aging time is calculated from the day the password was defined, and not from the day the aging was defined. • After a password expires a user can login for another 3 times. •...
Page 426: Passwords History Hold-Time
Example The following example configures the required number of password changes before a password can be reused to 3. Console (config)#passwords history 3 passwords history hold-time The passwords history hold-time Global Configuration mode command configures the duration that a password is relevant for tracking passwords history. To return to default use the no form of this command.
Page 427: Aaa Login-History File
Syntax • passwords lockout number • no passwords lockout • number — The number of authentication failures before the user account is locked-out. (Range: 1-5). Default Configuration Lockout is disabled. Command Mode Global Configuration mode. User Guidelines • The setting is relevant to local users passwords, line passwords and enable passwords. •...
Page 428: Set Username Active
User Guidelines • The login history is still kept in the device internal buffer. Example The following example enables writing to login history file. Console (config)# aaa login-history file set username active The set username active Privileged EXEC mode command reactivates a locked out user account. Syntax •...
Page 429: Set Enable-Password Active
Command Mode Privileged EXEC mode. Example The following example reactivates a locked out telnet line. Console# set line telnet active set enable-password active The set enable-password active Privileged EXEC mode command reactivates a locked out local password. Syntax • set enable-password level active •...
Page 430 Example The following example displays information about password management in the local database. Console# show passwords configuration Minimal length: 8 History: 10 History hold time: 365 days Lock-out: Disabled Enable Passwords Level Aging Expiry date Lockout ----- ----- ----------- ------- Jan 18 2005 Jan 18 2005 Line Passwords...
Page 431: Show Users Login-History
Lockout If lockout control is enabled, it specifies how many times a user has failed to enter the correct password since the last successful login. If the password is locked out it specifies “LOCKOUT”. Line Configuration and status for specific line password. show users login-history The show users login-history Privileged EXEC mode command displays information about the login history of users.
Page 432 TIC Commands...
Page 433: Tunnel
Tunnel interface tunnel The interface tunnel Global Configuration mode command enters tunnel interface configuration mode. Syntax • interface tunnel number • number — Tunnel index. (Range: 1) Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines •...
Page 434: Tunnel Isatap Router
Syntax • tunnel mode ipv6ip {isatap} • no tunnel mode ipv6ip • isatap — Automatic IPv6 over IPv4 ISATAP tunnel is enabled. Default Configuration Disabled. Command Mode Interface Tunnel Configuration mode. User Guidelines • The system can be enabled to an ISATAP tunnel. When enabled, an automatic tunnel interface is created on each interface that is assigned with IPv4 address.
Page 435: Tunnel Source
User Guidelines • The ipv6 tunnel routers-dns command determines the string that the host uses for automatic tunnel router lookup in IPv4 DNS procedure. By default, the string ‘ISATAP’ is used for the corresponding automatic tunnel types. • Per tunnel only one string can represent the automatic tunnel router name. Using this command overwrites the existing entry.
Page 436: Tunnel Isatap Query-Interval
Example The following example sets the local (source) tunnel interface IPv4 address. Console (config)# interface tunnel 1 Console (config-tunnel)# tunnel source auto tunnel isatap query-interval The tunnel isatap query-interval Global Configuration mode command configures the interval between DNS Queries (before the IP address of the ISATAP router is known) for the automatic tunnel router domain name.
Page 437: Tunnel Isatap Robustness
Syntax • tunnel isatap solicitation-interval seconds • no tunnel isatap solicitation-interval • seconds — Specify the number of seconds between ISATAP router solicitations messages. (Range: 10 – 3600) Default Configuration 10 seconds. Command Mode Global Configuration mode. User Guidelines • This command determines the interval of Router Solicitation messages when there is no active ISATAP router.
Page 438: Show Ipv6 Tunnel
User Guidelines • The DNS query interval (after the IP address of the ISATAP router is known) is the TTL that is received from the DNS divided by (Robustness + 1). • The router solicitation interval (when there is an active ISATAP router) is the minimum-router- lifetime that is received from the ISATAP router divided by (Robustness + 1).
Page 439 Example The following example displays information on the ISATAP tunnel. Console> show ipv6 tunnel Router DNS name: ISATAP Router IPv4 address: 172.16.1.1 DNS Query interval: 10 seconds Min DNS Query interval: 0 seconds Router Solicitation interval: 10 seconds Min Router Solicitation interval: 0 seconds Robustness: 3 Tunnel...
Page 440 Tunnel...
Page 441: User Interface
User Interface enable The enable User EXEC mode command enters the privileged EXEC mode. Syntax • enable [privilege-level] • privilege-level — Privilege level to enter the system. (Range: 1 - 15) Default Configuration The default privilege level is 15. Command Mode User EXEC mode.
Page 442: Login
Default Configuration The default privilege level is 1. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example shows how to return to normal mode. Console# disable Console> login The login User EXEC mode command changes a login username. Syntax •...
Page 443: Configure
configure The configure Privileged EXEC mode command enters the Global Configuration mode. Syntax • configure This command has no keywords or arguments. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example In the following example, because no keyword is entered, a prompt is displayed.
Page 444: Exit(Exec)
Example The following example changes the configuration mode from Interface Configuration mode to User EXEC mode. Console(config-if)# exit Console(config)# exit Console# exit(EXEC) The exit User EXEC mode command closes an active terminal session by logging off the device. Syntax • exit Default Configuration This command has no default configuration.
Page 445: Help
Command Mode All Command modes. User Guidelines • There are no user guidelines for this command. Example The following example ends the current configuration session and returns to the previous command mode. Console (config)# end Console # help The help command displays a brief description of the help system. Syntax •...
Page 446: Terminal Datadump
Command Mode Line Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example enables the command history function for telnet. Console (config)# line telnet Console (config-line)# history terminal datadump The terminal datadump EXEC mode command enables dumping of all the output from the show command without ’prompting’.
Page 447: History Size
history size The history size Line Configuration mode command changes the command history buffer size for a particular line. Use the no form of this command to reset the command history buffer size to the default. Syntax • history size number-of-commands •...
Page 448: Show History
Example The following example enables the debug command interface. console(config)# console# debug >debug Enter DEBUG Password: ***** DEBUG> show history The show history User EXEC mode command lists the commands entered in the current session. Syntax • show history Default Configuration This command has no default configuration.
Page 449: Show Privilege
show privilege The show privilege User EXEC mode command displays the current privilege level. Syntax • show privilege Default Configuration This command has no default configuration. Command Mode User EXEC command mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the current privilege level.
Page 450 Example The following example displays VLAN information. Console (Config)# do show vlan VLAN Name Ports Type Authorization -------- --------- --------- --------- ------------- default g1-2 Other Required g1-4 VLAN0010 g3-4 dynamic Required VLAN0011 g1-2 static Required VLAN0020 g3-4 static Required VLAN0021 static Required VLAN0030...
Page 451: Vlan Commands
VLAN Commands vlan database The vlan database Global Configuration mode command enters the VLAN Database Configuration mode. Syntax • vlan database Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example enters the VLAN database mode.
Page 452: Interface Vlan
Default Configuration This command has no default configuration. Command Mode VLAN Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example VLAN number 1972 is created. Console (config)# vlan database Console (config-vlan)# vlan 1972 interface vlan The interface vlan Global Configuration mode command enters the Interface Configuration (VLAN) mode.
Page 453: Interface Range Vlan
interface range vlan The interface range vlan Global Configuration mode command enters the Interface Configuration mode to configure multiple VLANs. Syntax • interface range vlan {vlan-range | all} vlan-range — A list of valid VLAN IDs to add. Separate non consecutive VLAN IDs with a comma •...
Page 454: Switchport Access Vlan
Command Mode Interface Configuration (VLAN) mode. User Guidelines • The VLAN name should be unique. Example The following example names VLAN number 19 with the name "Marketing". Console (config)# interface vlan 19 Console (config-if)# name Marketing switchport access vlan The switchport access vlan Interface Configuration mode command configures the VLAN ID when the interface is in access mode.
Page 455: Switchport Trunk Allowed Vlan
switchport trunk allowed vlan The switchport trunk allowed vlan Interface Configuration mode command adds or removes VLANs, to or from a trunk port. Syntax • switchport trunk allowed vlan {add vlan-list | remove vlan-list} add vlan-list — List of VLAN IDs to add. Separate non consecutive VLAN IDs with a comma and •...
Page 456: Switchport General Allowed Vlan
Command Mode Interface Configuration (Ethernet, port-channel) mode. User Guidelines • This command has the following consequences: incoming untagged frames are assigned to this VLAN and outgoing traffic in this VLAN on this port is sent untagged (despite the normal situation where traffic sent from a trunk-mode port is all tagged).
Page 457: Switchport General Pvid
User Guidelines • You can use this command to change the egress rule (e.g. from tagged to untagged), without first removing the VLAN from the list. Example The following example shows how to add VLANs 2, 5, and 6 to the allowed list. Console (config)# interface ethernet g8 Console (config-if)# switchport general allowed vlan add 2,5,6 tagged...
Page 458: Switchport General Ingress-Filtering Disable
switchport general ingress-filtering disable The switchport general ingress-filtering disable Interface Configuration mode command disables port ingress filtering. Use the no form of this command to enable ingress filtering on a port. Syntax • switchport general ingress-filtering disable • no switchport general ingress-filtering disable Default Configuration Ingress filtering is enabled.
Page 459: Switchport Forbidden Vlan
User Guidelines • There are no user guidelines for this command. Example The following example configures g8 to discard untagged frames at ingress. Console (config)# interface ethernet g8 Console (config-if)# switchport general acceptable-frame-type tagged-only switchport forbidden vlan The switchport forbidden vlan Interface Configuration mode command forbids adding specific VLANs to a port.
Page 460: Switchport Mode
switchport mode Use the switchport mode Interface Configuration command to configure the VLAN membership mode of a port. Use the no form of this command to reset the mode to the appropriate default for the device. Syntax • switchport mode { access | trunk | general | customer } •...
Page 461: Map Protocol Protocols-Group
Default Configuration No VLAN is configured. Command Modes Interface Configuration (Ethernet, port-channel) mode. User Guidelines • There are no user guidelines for this command. Example The following example sets the port's VLAN when the interface is in customer mode. Console(config)# switchport customer vlan vlan-id map protocol protocols-group The map protocol protocols-group VLAN Configuration mode command maps a protocol to a protocol group.
Page 462: Switchport General Map Protocols-Group Vlan
Example The following example maps protocol ip-arp to the group named "213". Console (config)# vlan database Console (config-vlan)# map protocol ip-arp protocols-group 213 switchport general map protocols-group vlan The switchport general map protocols-group vlan Interface Configuration mode command sets a protocol-based classification rule.
Page 463: Switchport Protected
switchport protected The switchport protected Interface Configuration mode command overrides the FDB decision, and sends all the Unicast, Multicast and Broadcast traffic to an uplink port. Use the no form of this command to disable overriding the FDB decision. Syntax switchport protected {ethernet port | port-channel port-channel-number } •...
Page 464: Show Vlan
Command Mode Interface Configuration (Ethernet, Port Channel) mode. User Guidelines • An internal usage VLAN is required when an IP interface is defined on Ethernet port or Port Channel. • Using this command the user can define the internal usage VLAN of a port. •...
Page 465: Show Vlan Internal Usage
Example The following example displays all VLAN information. Console# show vlan Name Ports Type Authorization Vlan ---------------- --------------- -------------------- ------------------- ------------- default g1-2 other Required VLAN0010 g1-4 dynamic Required VLAN0011 g3-4 static Required VLAN0020 g1-2 static Required VLAN0021 g3-4 static Required VLAN0030 static...
Page 466: Show Vlan Protocols-Groups
Example The following example displays all VLAN information. Console# show vlan internal usage Usage VLAN Reserved IP Address --------- --------- ---------- ---------- 1007 Active 1008 Inactive 1009 Active show vlan protocols-groups The show vlan protocols-groups Privileged EXEC mode command displays protocols-groups information.
Page 467: Show Interfaces Switchport
Example The following example displays protocols-groups information. Console# show vlan protocols-groups Encapsulation Protocol Group Id ------------- -------- -------- ethernet 08 00 ethernet 08 06 ethernet 81 37 ethernet 81 38 rfc1042 08 00 rfc1042 08 06 show interfaces switchport The show interfaces switchport Privileged EXEC mode command displays switchport configuration. Syntax •...
Page 468 Example The following example displays switchport configuration individually for g1. Console# show interface switchport ethernet g1 Port g1: Port mode: General GVRP Status: disabled Ingress Filtering: true Acceptable Frame Type: admitAll Ingress Untagged VLAN (NATIVE) : 1 Port is member in: Vlan Name Egress rule...
Page 469: Voice Vlan
Voice VLAN voice vlan id The voice vlan id Global Configuration mode command enables the Voice VLAN, and configures the Voice VALN id. Use the no form of this command to disable the Voice VALN. Syntax • voice vlan id vlan-id •...
Page 470 Syntax • voice vlan oui-table {add mac-address-prefix [description text] | remove mac-address-prefix} • no voice vlan oui-table • mac-address-prefix — Specify the MAC address prefix to be entered to the list. • description text — An optional text that describes the OUI. Default Configuration Description 0001e3...
Page 471: Voice Vlan Cos
voice vlan cos The voice vlan cos Global Configuration mode command sets the Voice VLAN Class Of Service. Use the no form of this command to return to default. Syntax • voice vlan cos cos [remark] • no voice vlan cos •...
Page 472: Voice Vlan Enable
Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example configures Voice vlan aging-timeout. Console (config)# voice vlan aging-timeout minutes voice vlan enable The voice vlan enable Interface Configuration mode command enables automatic Voice VLAN configuration for a port.
Page 473: Voice Vlan Secure
voice vlan secure Use the voice vlan secure Interface Configuration command to configure the secure mode for the Voice VLAN. Use the no form of this command to disable the secure mode. Syntax • voice vlan secure • no voice vlan secure Default Configuration Not secured.
Page 474 Default Configuration Description 0001e3 Siemens_AG_phone 00036b Cisco_phone 000fe2 H3C_Aolynk 0060b9 Philips_and_NEC_AG_ph 00d01e Pingtel_phone 00e075 Polycom/Veritel_phone 00e0bb 3Com_phone Command Mode EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the Voice VLAN configuration. Console # show voice vlan Aging timeout: 1440 minutes OUI table...
Page 475 Voice VLAN VLAN ID: 8 CoS: 6 Remark: Yes Interface Enabled Secure Activated Voice VLAN...
Page 476 Voice VLAN...
Page 477: Web Server
Web Server ip http server The ip http server Global Configuration mode command enables the device to be configured from a browser. Use the no form of this command to disable this function. Syntax • ip http server • no ip http server Default Configuration HTTP server is disabled by default.
Page 478: Ip Http Exec-Timeout
Default Configuration This default port number is 80. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. However, specifying 0 as the port number will effectively disable HTTP access to the device. Example The following example shows how the http port number is configured to 100.
Page 479: Ip Https Server
Example The following example the interval the system waits for user input before automatically loging off to 3 minutes 30 seconds. Console (config)# ip http exec-timeout 3 30 ip https server The ip https server Global Configuration mode command enables the device to be configured from a secured browser.
Page 480: Ip Https Exec-Timeout
Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example configures the https port number to 100. Console (config)# ip https port 100 ip https exec-timeout The ip https exec-timeout Global Configuration mode command sets the interval the system waits for user input before automatically loging off.
Page 481: Crypto Certificate Generate
crypto certificate generate The crypto certificate generate Global Configuration mode command generates a HTTPS certificate. Syntax • crypto certificate [number] generate [key-generate [length]] [passphrase string] [cn common-name] [or organization] [loc location] [st state] [cu country] [duration days] number — Specifies the certificate number. If unspecified, defaults to 1. (Range: 1 - 2) •...
Page 482: Crypto Certificate Request
Example The following example regenerates a HTTPS certificate. Console(config)# crypto certificate generate key-generate crypto certificate request The crypto certificate request Privileged EXEC mode command generates and displays certificate requests for HTTPS. Syntax • crypto certificate number request common- name [or organization] [loc location] [st state] [cu country] •...
Page 483: Crypto Certificate Import
Examples The following example generates and displays a certificate request for HTTPS. Console# crypto certificate 1 request -----BEGIN CERTIFICATE REQUEST----- MIwTCCASoCAQAwYjELMAkGA1UEBhMCUFAxCzAJBgNVBAgTAkNDMQswCQYDVQQH EwRDEMMAoGA1UEChMDZGxkMQwwCgYDVQQLEwNkbGQxCzAJBgNVBAMTAmxkMRAw DgKoZIhvcNAQkBFgFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ecwQ HdML0831i0fh/F0MV/Kib6Sz5p+3nUUenbfHp/igVPmFM+1nbqTDekb2ymCu6K aKvEbVLF9F2LmM7VPjDBb9bb4jnxkvwW/wzDLvW2rsy5NPmH1QVl+8Ubx3GyCm /oW93BSOFwxwEsP58kf+sPYPy+/8wwmoNtDwIDAQABoB8wHQYJKoZIhvcNAQkH MRDjEyMwgICCAgICAICAgIMA0GCSqGSIb3DQEBBAUAA4GBAGb8UgIx7rB05m+2 m5ZZPhIwl8ARSPXwhVdJexFjbnmvcacqjPG8pIiRV6LkxryGF2bVU3jKEipcZa g+uNpyTkDt3ZVU72pjz/fa8TF0n3 -----END CERTIFICATE REQUEST----- CN= router.gm.com 0= General Motors C= US crypto certificate import The crypto certificate import Global Configuration mode command imports a certificate signed by Certification Authority for HTTPS.
Page 484 User Guidelines • Use this command to enter an external certificate (signed by Certification Authority) to the device. To end the session, enter a new line, enter "." (period) and add another new line. • The imported certificate must be based on a certificate request created by the crypto certificate request Privileged EXEC mode command.
Page 485: Ip Https Certificate
ip https certificate The ip https certificate Global Configuration mode command configures the active certificate for HTTPS. Use the no form of this command to return to default. Syntax • ip https certificate number • no ip https certificate • number —...
Page 486 Example The following example imports the certificate and RSA keys. Console (config)# crypto certificate 1 import pkcs12 passphrase Bag Attributes localKeyID: 0C 75 81 77 5A 31 53 D1 FF 4E 26 BE 8D 4A FD 8B 22 9F 45 D4 subject=/C=us/ST= /L= /CN= /O= /OU= issuer= /C=us/ST= /L= /CN= /O= /OU= -----BEGIN CERTIFICATE-----...
Page 487: Show Crypto Certificate Mycertificate
show crypto certificate mycertificate The show crypto certificate mycertificate Privileged EXEC mode command allows you to view the SSL certificates of your device. Syntax • show crypto certificate mycertificate [number] • number — Specifies the certificate number. (Range: 1- 2) Default Configuration This command has no default configuration.
Page 488: Show Ip Http
show ip http The show ip http Privileged EXEC mode command displays the HTTP server configuration. Syntax • show ip http Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the HTTP server configuration.
Page 489 Example The following example displays the HTTP server configuration. Console# show ip https HTTPS server enabled. Port: 443 Certificate 1 is active Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by: self-signed Valid from: 8/9/2003 to 8/9/2004...
Page 490 Web Server...
Page 491: 802.1X Commands
802.1x Commands aaa authentication dot1x The aaa authentication dot1x Global Configuration mode command specifies one or more authentication, authorization, and accounting (AAA) methods for use to authenticate interfaces running IEEE 802.1X. Use the no form of this command to return to default. Syntax aaa authentication dot1x default method1 [method2...] •...
Page 492: Dot1X System-Auth-Control
Examples The following example uses the aaa authentication dot1x default command with no authentication. Console (config)# aaa authentication dot1x default none dot1x system-auth-control The dot1x system-auth-control Global Configuration mode command enables 802.1x globally. Use the no form of this command to disable 802.1x globally. Syntax •...
Page 493: Dot1X Re-Authentication
Syntax • dot1x port-control {auto | force-authorized | force-unauthorized} • no dot1x port-control • auto — Enable 802.1X authentication on the interface and cause the port to transition to the authorized or unauthorized state based on the 802.1X authentication exchange between the switch and the client.
Page 494: Dot1X Timeout Re-Authperiod
Default Configuration Periodic re-authentication is disabled. Command Mode Interface Configuration (Ethernet) mode. User Guidelines • It is recommended to use re-authentication because if re-authentication is not defined, once a port is authenticated, it will remain in this state until the port is down or a log-off message is sent by client. Examples The following example enables periodic re-authentication of the client.
Page 495: Dot1X Re-Authenticate
dot1x re-authenticate The dot1x re-authenticate Privileged EXEC mode command manually initiates a re-authentication of all 802.1X-enabled ports or the specified 802.1X-enabled port. Syntax • dot1x re-authenticate [ethernet interface] • interface — Valid Ethernet port. (Full syntax: unit/port) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
Page 496: Dot1X Timeout Tx-Period
User Guidelines • During the quiet period, the switch does not accept or initiate any authentication requests. • The default value of this command should only be changed to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. •...
Page 497: Dot1X Max-Req
Examples The following command sets the number of seconds that the switch waits for a response to an EAP - request/identity frame, to 3600 seconds. Console (config)# interface ethernet g8 Console (config-if)# dot1x timeout tx-period 3600 dot1x max-req The dot1x max-req Interface Configuration mode command sets the maximum number of times that the switch sends an Extensible Authentication Protocol (EAP) - request/identity frame (assuming that no response is received) to the client, before restarting the authentication process.
Page 498: Dot1X Timeout Supp-Timeout
dot1x timeout supp-timeout The dot1x timeout supp-timeout Interface Configuration mode command sets the time for the retransmission of an Extensible Authentication Protocol (EAP)-request frame to the client. Use the no form of this command to return to the default setting. Syntax •...
Page 499: Dot1X Send-Async-Request-Id
Default Configuration 30 seconds for the retransmission of packets to authentication server. Command Mode Interface Configuration (Ethernet) mode. User Guidelines • There are no user guidelines for this command. Examples The following example sets the time for the retransmission of packets to the authentication server., to 3600 seconds.
Page 500: Show Dot1X
Examples Console(config-if)# dot1x send-async-request-id Console(config-if)# show dot1x The show dot1x Privileged EXEC mode command displays 802.1X status for the switch or for the specified interface. Syntax • show dot1x [ethernet interface] • interface — The full syntax is: port. Default Configuration This command has no default configuration.
Page 501 Console# show dot1x ethernet g3 Interface Admin Mode Oper Mode Reauth Reauth Period Username Control Auto Unauthorized 3600 Clark State: held Quiet period: 60 Tx period: 30 Max req: 2 Login Time: n/a Last Authentication: n/a MAC Address: 00:08:78:32:98:78 Authentication Method: Remote Termination Cause: Supplicant logoff The following table describes the significant fields shown in the display: Field...
Page 502: Show Dot1X Users
Login Time How long the user is logged in. Last Authentication Time since last authentication. Mac address The supplicant MAC address. Authentication Method The authentication method used to establish the session. Termination Cause The reason for the session termination. show dot1x users The show dot1x users Privileged EXEC mode command displays 802.1X users for the switch.
Page 503: Show Dot1X Statistics
The following table describes the significant fields shown in the display. Field Description Username The User-Name representing the identity of the Supplicant. Login Time How long the user is logged in. Last Authentication Time since last authentication. Authentication Method The authentication method used to establish the session. Mac address The supplicant MAC address.
Page 504 Examples The following example displays 802.1X statistics for the specified interface. Switch# show dot1x statistics ethernet g1 EapolFramesRx: 11 EapolFramesTx: 12 EapolStartFramesRx: 1 EapolLogoffFramesRx: 1 EapolRespIdFramesRx: 3 EapolRespFramesRx: 6 EapolReqIdFramesTx: 3 EapolReqFramesTx: 6 InvalidEapolFramesRx: 0 EapLengthErrorFramesRx: 0 LastEapolFrameVersion: 1 LastEapolFrameSource: 0008.3b79.8787 The following table describes the significant fields shown in the display: Field Description...
Page 505: Advanced Features
EapLengthErrorFramesRx The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid. LastEapolFrameVersion The protocol version number carried in the most recently received EAPOL frame. LastEapolFrameSource The source MAC address carried carried in the most recently received EAPOL frame. ADVANCED FEATURES dot1x auth-not-req The dot1x auth-not-req VLAN Configuration mode command enables unauthorized users access to that...
Page 506: Dot1X Multiple-Hosts
dot1x multiple-hosts The dot1x multiple-hosts Interface Configuration mode command allows multiple hosts (clients) on an 802.1X-authorized port with the dot1x port-control Interface Configuration mode command set to auto. Use the no form of this command to return to the default setting. Syntax •...
Page 507: Dot1X Guest-Vlan
Syntax • dot1x single-host-violation {forward | discard | discard-shutdown} [trap seconds] • no port dot1x single-host-violation • forward — Forward frames with source addresses not the supplicant address, but do not learn the address. • discard — Discard frames with source addresses not the supplicant address. •...
Page 508: Dot1X Guest-Vlan Enable
Command Mode Interface Configuration (VLAN) mode. User Guidelines • Use the dot1x guest-vlan enable Interface Configuration command to enable unauthorized users on an interface an access to the Guest VLAN. If the Guest VLAN is defined and enabled, the port automatically joins the Guest VLAN when the port is unauthorized, and leaves the Guest VLAN when the port becomes authorized.
Page 509: Dot1X Mac-Authentication
dot1x mac-authentication The dot1x mac-authentication Interface Configuration mode command enables authentication based on the station’s MAC address. Use the no form of this command to disable MAC authentication. Syntax • dot1x mac-authentication {mac-only | mac-and-802.1x} • no dot1x mac-authentication • mac-only —...
Page 510: Dot1X Radius-Attributes Vlan
Default Configuration This command has no default configuration. Command Mode Global configuration mode. User Guidelines • There are no user guidelines for this command. Example The following command enables sending traps when a MAC address was failed in authentication of the 802.1X MAC authentication access control.
Page 511: Show Dot1X Advanced
• After successful authentication the port remains member in the unauthenticated VLANs and in the Guest VLAN. Other static VLAN configuration is not applied on the port. • If the supplicant VLAN does not exist on the switch, the supplicant is rejected. Examples The following command enables user-based VLAN assignment.
Page 512 Examples The following example displays 802.1X advanced features for the switch. Console# show dot1x advanced Guest VLAN: 100 Guest VLAN timeout Unauthenticated VLANs: Interface Multiple Guest Assignment Async-reqId Hosts VLAN Authentication ----- ------- ---- --------------- --------- ---------- Authenticate Enabled Disabled Enabled True Authenticate Disabled Disabled...

This manual is also suitable for:

Powerconnect 5448

Dell PowerConnect 5424 Command Line Interface Manual

1 Using the CLI

2 Command Groups

3 Command Modes

4 ACL Commands

5 AAA Commands

6 Address Table Commands

7 Login Banner

8 Clock

9 Configuration and Image Files

10 Ethernet Configuration Commands

11 DHCP Snooping

12 GVRP Commands

13 IGMP Snooping Commands

14 IP Addressing Commands

15 Ipv6 Addressing

16 Iscsi Commands

17 LACP Commands

18 Line Commands

19 LLDP Commands

20 Management ACL

21 PHY Diagnostics Commands

22 Port Channel Commands

23 Port Monitor Commands

Quick Links

CLI Reference Guide

Related Manuals for Dell PowerConnect 5424

Summary of Contents for Dell PowerConnect 5424