Using the CLI This chapter describes how to start using the CLI and describes implemented command editing features to assist in using the CLI. CLI Command Modes Introduction To assist in configuring devices, the CLI (Command Line Interface) is divided into different command modes.
When starting a session, the initial mode is the User EXEC mode. Only a limited subset of commands are available in User EXEC Mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required. The Privileged mode gives access to commands that are restricted on EXEC mode and provides access to the device Configuration mode.
The following example illustrates how to access Privileged Exec mode and return back to the User EXEC mode: console>enable Enter Password: ****** console# console#disable console> The Exit command is used to return from any mode to the previous mode except when returning to User EXEC mode from the Privileged EXEC mode.
Interface Configuration Mode and Specific Configuration Modes Interface Configuration mode commands are to modify specific interface operations. The following are the Interface Configuration modes: • Line Interface — Contains commands to configure the management connections. These include commands such as line speed, timeout settings, etc. The Global Configuration mode command line is used to enter the Line Configuration command mode.
To start using the CLI, perform the following steps: 1 Start the device and wait until the startup procedure is complete. The User Exec mode is entered, and the prompt "Console>" is displayed. 2 Configure the device and enter the necessary commands to complete the required tasks. 3 When finished, exit the session with the quit or exit command.
Setup Wizard The CLI supports a Setup Wizard. This is an easy-to-use user interface which quickly guides the user in setting up basic device information, so that the device can be easily managed from a Web Based Interface. Refer to the Getting Started Guide and User Guide for more information on the Setup Wizard.
Command Completion If the command entered is incomplete, invalid, or has missing or invalid parameters, then the appropriate error message is displayed. This assists in entering the correct command. By pressing the <Tab> button, an incomplete command is entered. If the characters already entered are not enough for the system to identify a single matching command, press "?"...
CLI Command Conventions When entering commands there are certain command entry standards that apply to all commands. The following table describes the command conventions. Convention Description In a command line, square brackets indicates an optional entry. In a command line, curly brackets indicate a selection of compulsory parameters separated by the | character.
This guide describes how the Command Line Interface (CLI) is structured, describes the command syntax, and describes the command functionality. This guide also provides information for configuring the Dell™ PowerConnect™ switch, details the procedures and provides configuration examples. Basic installation configuration is described in the User’s Guide and must be completed before using this document.
Page 34
Ethernet Configuration Configures all port configuration options for example ports, storm control, port speed and auto-negotiation. GVRP Commands Configures and displays GVRP configuration and information. IGMP Snooping Commands Configures IGMP snooping and displays IGMP configuration and IGMP information. IP Addressing Commands Configures and manages IP addresses on the device.
ACL Commands Command Group Description Access Mode ip access-list Defines an IPv4 Access List and places the device in Global IPv4 Access List Configuration mode. Configuration mac access-list Enables the MAC-Access List Configuration mode and Global creates Layer 2 ACLs. Configuration permit (ip) Permits traffic if the conditions defined in the permit...
password Specifies a password on a line. Line Configuration enable password Sets a local password to control access to normal and Global privilege levels. Configuration username Establishes a username-based authentication system. Global Configuration show users accounts Displays information about the local user database. Privileged User EXEC Address Table Commands...
show bridge address-table Displays the number of addresses present in all or at a Privileged User count specific VLAN. EXEC show bridge multicast Displays statically created entries in the bridge- Privileged User address-table forwarding database. EXEC show bridge multicast Displays the Multicast filtering configuration. Privileged User filtering EXEC...
sntp unicast client enable Enables the device to use the SNTP to request and Global Configuration accept NTP traffic from servers. sntp unicast client poll Enables polling for the SNTP predefined Unicast Global Configuration clients. sntp server Specifies SNTP UDP port of the SNTP server Global Configuration show clock...
DHCP Snooping Commands Command Group Description Access Mode ip dhcp snooping Globally enables Dynamic Host Configuration Global Protocol (DHCP) snooping Configuration ip dhcp snooping vlan Enables DHCP snooping on a VLAN. Global Configuration ip dhcp snooping trust Configures a port as trusted for DHCP snooping Interface purposes.
Page 40
description Adds a description to an interface. Interface Configuration speed Configures the speed of a given Ethernet interface Interface when not using auto-negotiation. Configuration duplex Configures the full/half duplex operation of a given Interface Ethernet interface when not using auto-negotiation. Configuration negotiation Enables auto-negotiation operation for the speed and...
IP Addressing Commands Command Group Description Access Mode clear host dhcp Sets an IP address on the device. Interface Configuration ip address Sets an IP address Interface Configuration ip address dhcp Acquires an IP address on an interface from the DHCP Interface server.
IPv6 Addressing Commands Command Group Description Access Mode ipv6 enable Enables IPv6 processing on an interface. Interface Configuration ipv6 address autoconfig Enables automatic configuration of IPv6 addresses Interface Configuration using stateless autoconfiguration on an interface. ipv6 icmp error-interval Configures the rate limit interval and bucket size Global Configuration parameters for IPv6 ICMP error messages.
iSCSI Commands Command Group Description Access Mode Globally enables iSCSI awareness. iscsi enable Global Configuration iscsi target port Configures iSCSI port(s), target address and name. Global Configuration iscsi cos Sets the quality of service profile applied to iSCSI Global flows. Configuration iscsi aging time Sets aging time for iSCSI sessions.
exec-timeout Configures the interval that the system waits until Line Configuration user input is detected. show line Displays line parameters. User EXEC terminal history Enables the command history function for the current User EXEC terminal session. terminal history size Cand history buffer size for the current terminal User EXEC session.
lldp med network-policy Attaches a LLDP MED network policy to a port. Interface (interface) Configuration (Ethernet) lldp med location Configures location information for the LLDP MED for an Interface interface. Configuration (Ethernet) clear lldp rx Restarts the LLDP RX state machine and clearing the Privileged EXEC neighbors table.
deny (management) Defines a deny rule. Management Access-level management access-class Defines which management access-list is used. Global Configuration show management Displays management access-lists. Privileged User access-list EXEC show management Displays the active management access-list. Privileged User access-class EXEC PHY Diagnostics Commands Command Group Description Access Mode...
Port Monitor Commands Command Group Description Access Mode port monitor Starts a port monitoring session. Interface Configuration show ports monitor Displays the port monitoring status. User EXEC QoS Commands Command Group Description Access Mode Enables quality of service (QoS) on the device Global Configuration and enters QoS basic or advance mode.
RADIUS Commands Command Group Description Access Mode radius-server host Specifies a RADIUS server host. Global Configuration radius-server key Sets the authentication and encryption key for all RADIUS Global communications between the router and the RADIUS Configuration daemon. radius-server retransmit Specifies the number of times the software searches the list Global of RADIUS server hosts.
show rmon events Displays the RMON event table. User EXEC show rmon log Displays the RMON logging table. User EXEC rmon table-size Configures the maximum RMON tables sizes. Global Configuration SNMP Commands Command Group Description Access Mode snmp-server community the community access string to permit access to SNMP Global protocol.
show snmp views Displays the configuration of views. Privileged EXEC show snmp groups Displays the configuration of groups. Privileged EXEC show snmp filters Displays the configuration of filters Privileged EXEC show snmp users Displays the configuration of groups. Privileged EXEC Spanning Tree Commands Command Group Description...
Page 52
spanning-tree mst priority Configures port priority for the specified MST instance Interface Configuration sspanning-tree mst cost Configures the path cost for multiple spanning tree Interface (MST) calculations. Configuration spanning-tree mst Enables configuring an MST region by entering the Global configuration Multiple Spanning Tree (MST) mode.
SSH Commands Command Group Description Access Mode ip ssh port Specifies the port to be used by the SSH server. Global Configuration ip ssh server Enables the device to be configured from a SSH Global server. Configuration crypto key generate dsa Generates DSA key pairs.
logging buffered size Changes the number of syslog messages stored in Global the internal buffer. Configuration clear logging Clears messages from the internal logging buffer. Privileged User EXEC logging file Limits syslog messages sent to the logging file based Global on severity.
show users Lists the open Telnet sessions. User EXEC show sessions Lists the open Telnet sessions User EXEC show system Displays system information. User EXEC set system Activates/deactivates specified features. Priviledged EXEC show system mode Displays information on features control User EXEC show version Displays the system version information.
passwords history hold-time Configures the duration of time a password is relevant Global for tracking passwords history. Configuration passwords lockout Enables lockout of a user account after a series of Global authentication failures. Configuration aaa login-history file Enables writing to login history file. Global Configuration set username active...
User Interface Commands Command Group Description Access Mode enable Enters the privileged EXEC mode. disable Returns to User EXEC mode. login Changes a login username. configure Enables the Global Configuration mode exit(configuration) Exits any configuration mode to the next highest mode in the CLI mode hierarchy.
Page 58
switchport access vlan Configures the VLAN membership mode of a port. Interface Configuration switchport access vlan Configures the VLAN ID when the interface is in access Interface mode. Configuration switchport trunk allowed Adds or removes VLANs from a port in general mode. Interface vlan Configuration...
Voice VLAN Commands Command Group Description Access Mode voice vlan id Enters the VLAN Configuration mode. Global Configuration voice vlan oui-table Configure the Voice OUI table. Global Configuration voice vlan cos Sets the Voice VLAN Class Of Service. Global Configuration voice vlan aging-timeout Sets the Voice VLAN aging timeout.
crypto certificate import Imports a certificate signed by Certification Authority for Global HTTPS. Configuration ip https certificate Configures the active certificate for HTTPS. Global Configuration ip https port Configures a TCP port for use by a secure web browser to Global configure the device.
Page 61
Sets the number of seconds between re-authentica- dot1x timeout re- Interface tion attempts authperiod Configuration dot1x re-authenticate Manually initiates a re-authentication of all 802.1X-enabled Privileged User ports or the specified 802.1X-enabled port. EXEC Sets the number of seconds that the switch remains dot1x timeout quiet- Interface in the quiet state following a failed authentication...
802.1x Advanced Commands dot1x auth-not-req Enables unauthorized users access to that VLAN. VLAN Configuration dot1x multiple-hosts Allows multiple hosts (clients) on an 802.1X-authorized Interface Config- port with the dot1x port-control Interface Configuration uration mode command set to auto. (Ethernet) dot1x single-host- Configures the action to be taken when a station of which Interface Config- violation...
Command Modes GC (Global Configuration) Mode Command Description aaa authentication enable Defines authentication method lists for accessing higher privilege levels. aaa authentication login Defines login authentication. aaa authentication dot1x Specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1X. Adds a permanent entry in the ARP cache.
Page 64
dot1x system-auth-control Enables 802.1x globally. enable password Sets a local password to control access to normal and privilege levels. Ends the current configuration session and returns to the previous command mode. gvrp enable (global) Enables GVRP globally. hostname Specifies or modifies the device host name. interface ethernet Enters the Interface Configuration mode to configure an Ethernet type interface.
Page 65
ip ssh server Enables the device to be configured from a SSH server. ipv6 default-gateway Defines an IPv6 default gateway. ipv6 host Defines a static host name-to-address mapping in the host name cache. ipv6 icmp error-interval Configures the rate limit interval and bucket size parameters for IPv6 ICMP error messages.
Page 66
radius-server retransmit Specifies the number of times the software searches the list of RADIUS server hosts. radius-server source-ip Specifies the source IP address used for communication with RADIUS servers. radius-server source-ipv6 Specifies the source IPv6 address used for the IPv6 communication with RADIUS servers.
tacacs-server source-ip Specifies the source IP address that will be used for the communication with TACACS servers. tacacs-server timeout Sets the timeout value. tacacs-server host Specifies a TACACS+ host. tunnel isatap query-interval Configures the interval between DNS Queries (before the IP address of the ISATAP router is known) for the automatic tunnel router domain name.
Page 68
dot1x single-host-violation Configures the action to be taken, when a station whose MAC address is not the supplicant MAC address, attempts to access the interface. dot1x timeout quiet-period Sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange.
Page 69
mdix Enables automatic crossover on a given interface. name Configures a name to a VLAN. negotiation Enables auto-negotiation operation for the speed and duplex parameters of a given interface. port monitor Starts a port monitoring session. port security Disables new address learning on an interface. port security routed secure- Adds MAC-layer secure addresses to a routed port.
LC (Line Configuration) Mode Command Description enable authentication Specifies the authentication method list when accessing a higher privilege level from a remote telnet or console. exec-banner Enables the display of exec banners. exec-timeout Configures the interval that the system waits until user input is detected. history Enables the command history function.
Page 71
clear logging file Clears messages from the logging file clear spanning-tree detected- Restarts the protocol migration process on all interfaces or on the specified protocols interface. clock set Manually sets the system clock. configure Enters the global configuration mode. copy Copies files from a source to a destination.
show fiber-ports optical- Displays the optical transceiver diagnostics. transceiver show ip ssh Displays the SSH server configuration. show ipv6 icmp error-interval Displays the IPv6 ICMP error interval setting show ipv6 interface Displays the usability status of interfaces configured for IPv6. show ipv6 neighbors Displays IPv6 neighbor discovery cache information.
UE (User EXEC) Mode Command Description clear counters Clears statistics on an interface. enable Enters the privileged EXEC mode. exit(EXEC) Closes an active terminal session by logging off the device. login Changes a login username. ping Sends ICMP echo request packets to another node on the network. show clock Displays the time and date from the system clock.
show rmon alarm-table Displays the alarms summary table. show rmon collection history Displays the requested history group configuration. show rmon events Displays the RMON event table. show rmon history Displays RMON Ethernet Statistics history. show rmon log Displays the RMON logging table. show rmon statistics Displays RMON Ethernet Statistics.
IPv4 ACLs are defined by a unique name. An IPv4 ACL and MAC ACL cannot share the same name. Example The following example shows how to define an IPv4 Access List called dell-access-1 and to place the device in IPv4 Access List Configuration mode. Console(config)# ip access-list dell-access-1...
Syntax • mac access-list name • no mac access-list name • access-list-name — Name of the MAC Access List. Default Configuration No MAC Access List is defined. Command Mode Global Configuration mode. User Guidelines • MAC ACLs are defined by a unique name. An IPv4 ACL, IPv6 ACL and MAC ACL cannot share the same name.
Default Configuration No IPv4 ACL is defined. Command Mode IP-Access List Configuration mode. User Guidelines • Use the ip access-list Global Configuration mode command to enable the IP-Access List Configuration mode. • Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied.
Page 79
• disable-port — Specifies that the Ethernet interface is disabled if the condition is matched. • source — Specifies the Source IP address of the packet. • source-wildcard — Specifies wildcard bits to be applied to the source IP address by placing 1s in bit positions to be ignored.
User Guidelines • Use the ip access-list Global Configuration mode command to enable the IP-Access List Configuration mode. • Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the defined conditions are denied.
Default Configuration No MAC ACL is defined. Command Mode MAC-Access List Configuration mode. User Guidelines • Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied.
cos — Specifies the packets’s Class of Service (CoS). (Range: 0 - 7) • • cos-wildcard — Specifies wildcard bits to be applied to the CoS. • eth-type — Specifies the packet’s Ethernet type in hexadecimal format. (Range: 0 - 05dd-ffff) •...
User Guidelines There are no user guidelines for this command. Example The following example binds (services) an ACL to VLAN 2. Console(config)# interface eth g1 Console(config-if)# service-acl input macl1 show access-lists The show access-lists Privileged EXEC mode command displays access control lists (ACLs) defined on the device.
AAA Commands aaa authentication login The aaa authentication login Global Configuration mode commands defines login authentication. Use the no form of this command to return to the default configuration. Syntax • aaa authentication login {default | list-name} method1 [method2...] • no aaa authentication login {default | list-name} •...
User Guidelines • The default and optional list names created with the aaa authentication login command are used with the login authentication command. • Create a list by entering the aaa authentication login list-name method command for a particular protocol, where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.
Default Configuration If the default list is not set, only the enable password is checked. This has the same effect as the command aaa authentication enable default enable. On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has the same effect as using the command aaa authentication enable default enable none.
Command Mode Line Configuration mode. User Guidelines • Changing login authentication from default to another value may disconnect the telnet session. Example The following example specifies the default authentication method for a console. Console (config)# line console Console (config-line)# login authentication default enable authentication The enable authentication Line Configuration mode command specifies the authentication method list when accessing a higher privilege level from a remote telnet, SSH or console.
ip http authentication The ip http authentication Global Configuration mode command specifies authentication methods for http. Use the no form of this command to return to the default. Syntax • ip http authentication method1 [method2...] • no ip http authentication •...
Syntax • ip https authentication method1 [method2...] • no ip https authentication • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication.
Page 91
Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the authentication configuration. Console# show authentication methods Login Authentication Method Lists ----------------------------------- Console_Default: None Network_Default: Local Enable Authentication Method Lists ----------------------------------- Console_Default: Enable None Network_Default: Enable...
password The password Line Configuration mode command specifies a password on a line. Use the no form of this command to remove the password. Syntax • password password [encrypted] • no password • password — Password for this level, from 1 to 159 characters in length. •...
Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example sets a local level 15 password "secret" to control access to user and privilege levels. Console (config)# enable password level 15 secret username The username Global Configuration mode command establishes a username-based authentication system.
show users accounts The show users accounts Privileged EXEC mode command displays information about the local user database. Syntax • show users accounts Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the local users configured with access to the system.
Address Table Commands bridge address The bridge address VLAN Interface Configuration mode command adds a static MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of the bridge address command (using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN).
Example The following example adds a permanent static MAC-layer station source address 3aa2.64b3.a245 on port g8 to the bridge table. Console (config)# interface vlan 2 Console (config-vlan)# bridge address 3a:a2:64:b3:a2:45 ethernet g8 permanent bridge multicast filtering The bridge multicast filtering Global Configuration mode command enables filtering of Multicast addresses.
bridge multicast address The bridge multicast address Interface Configuration mode command registers MAC-layer Multicast addresses to the bridge table, and adds static ports to the group. To unregister the MAC address, use the no form of the bridge multicast address command. Syntax •...
The following example registers the MAC address and adds ports statically. Console (config)# interface vlan 8 Console (config-if)# bridge multicast address 01:00:5e:02:02:03 add ethernet g1-9 bridge multicast forbidden address The bridge multicast forbidden address Interface Configuration mode command forbids adding a specific Multicast address to specific ports.
Examples In this example the MAC address 01:00:5e:02:02:03 is forbidden on port g9 within VLAN 8. Console (config)# interface vlan 8 Console (config-if)# bridge multicast address 01:00:5e:02:02:03 Console (config-if)# bridge multicast forbidden address 01:00:5e:02:02:03 add ethernet g9 bridge multicast unregistered The bridge multicast unregistered Interface Configuration mode command configures the forwarding state of unregistered multicast addresses.
bridge multicast forward-all The bridge multicast forward-all Interface Configuration mode command enables forwarding of all Multicast packets on a port. To restore the default, use the no form of the bridge multicast forward-all command. Syntax • bridge multicast forward-all {add | remove} {ethernet interface-list | port-channel port-channel- number-list} •...
Syntax • bridge multicast forbidden forward-all {add | remove} {ethernet interface-list | port-channel port- channel-number-list} • no bridge multicast forward-all • add — Forbids forwarding all Multicast packets. • remove — Does not forbid forwarding all Multicast packets. • interface-list — Separates non consecutive valid Ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports.
Default Configuration 300 seconds Command Mode Global Configuration mode. User Guidelines There are no user guidelines for this command. Example In this example the bridge aging time is set to 250. Console (config)# bridge aging-time 250 clear bridge The clear bridge Privileged EXEC mode command removes any learned entries from the forwarding database.
port security The port security Interface Configuration mode command locks the port. By locking the port, new addresses are not learned on the port. To enable new address learning, use the no form of the port security command. Syntax • port security [forward | discard | discard-shutdown] [trap seconds] •...
Syntax • port security mode {lock | max-addresses} • no port security mode • lock — Saves the current dynamic MAC addresses associated with the port and disables learning, relearning and aging. • max-addresses — Deletes the current dynamic MAC addresses associated with the port and learns up to the maximum number addresses allowed on the port.
User Guidelines • The command is relevant only in port security max-addresses mode. Example In this example, port security mode is set to dynamic for Ethernet interface g7. Console(config)# interface ethernet g7 Console(config-if)# port security mode mac-addresses port security routed secure-address The port security routed secure-address Interface Configuration mode command adds MAC-layer secure addresses to a routed port.
show bridge address-table The show bridge address-table Privileged EXEC mode command displays all entries in the bridge- forwarding database. Syntax • show bridge address-table [vlan vlan] [ethernet interface | port-channel port-channel-number] vlan — Specific valid VLAN, such as VLAN 1. •...
show bridge address-table static The show bridge address-table static Privileged EXEC mode command displays statically created entries in the bridge-forwarding database. Syntax • show bridge address-table static [vlan vlan] [ethernet interface | port-channel port-channel-number] Parameters • vlan — Specifies a valid VLAN, such as VLAN 1. •...
show bridge address-table count The show bridge address-table count Privileged EXEC mode command displays the number of addresses present in all VLANs or in a specific VLAN. Syntax • show bridge address-table count [vlan vlan] [ethernet interface-number | port-channel port-channel- number] Parameters •...
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example In this example, the Multicast configuration for VLAN 1 is displayed. Console # show bridge multicast filtering 1 Filtering: Enabled VLAN: 1 Port...
Page 112
User Guidelines • There are no user guidelines for this command. Example In this example, all classes of entries in the port-lock status are displayed. Console # show ports security Port Status Learning Action Maximum Trap Frequency ----- ------- ------- ------- -------- --------...
Frequency: Minimum time in seconds between consecutive traps Counter: Number of actions since last trap show ports security addresses The show ports security addresses Privileged EXEC mode command displays the current dynamic addresses in locked ports. Syntax • show ports security addresses [ethernet interface | port-channel port-channel-number] •...
Login Banner banner exec The banner exec Global Configuration mode command specifies and enables a message to be displayed when an EXEC process is created (The user has successfully logged in). Use the no form of this command to delete the existing EXEC banner. Syntax •...
• To customize the banner, use tokens in the form $(token) in the message text. The following table displays the tokens. Token Information displayed in the banner $(hostname) Displays the host name for the device. $(domain) Displays the domain name for the device. $(bold) Indicates that the next text is a bold text.
Page 117
Syntax • banner login d message d • no banner login • d — Delimiting character, for example a pound sign (#). A delimiting character cannot be used in the banner message. • message — Message text. The message must start in a new line and can be a multi-line message. Tokens in the form $(token) in the message text can be included.
Example The following example sets a Login banner that uses tokens. The percent sign (%) is used as a delimiting character. Notice that the $(token) syntax is replaced by the corresponding configuration variable. Console (config)# banner login % Enter TEXT message. End with the character '%'. You have entered $(hostname).$(domain) When the login banner is executed, the user will see the following banner: You have entered host123.ourdomain.com...
• To customize the banner, use tokens in the form $(token) in the message text. The following table displays the tokens. Token Information displayed in the banner $(hostname) Displays the host name for the device. $(domain) Displays the domain name for the device. $(bold) Indicates that the next text is a bold text.
Default Configuration Enabled Command Mode Line Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example enables the display of exec banners. Console (config)# line console Console(config-line)# exec-banner login-banner The login-banner Line Configuration mode command enables the display of login banners. Use the no form of this command to disable the display of login banners.
motd-banner The motd-banner Line Configuration mode command enables the display of message-of-the-day banners. Use the no form of this command to disable the display of motd banners. Syntax • motd-banner • no motd-banner Default Configuration Enabled Command Mode Line Configuration mode. User Guidelines •...
Page 122
User Guidelines • There are no user guidelines for this command. Example The following example displays the banners configuration. Device> show motd Console: Enabled Telnet: Enabled SSH: Enabled MOTD Message $(bold)Upgrade$(bold) to all devices begins at March 12 Login Banner...
Clock clock set The clock set Privileged EXEC mode command manually sets the system clock. Syntax • clock set hh:mm:ss day month year • clock set hh:mm:ss month day year hh:mm:ss — Current time in hours (military format), minutes, and seconds. (0 - 23, mm: 0 - •...
Syntax • clock source {sntp} • no clock source • sntp — SNTP servers Default Configuration No external clock source. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Examples The following example configures an external time source for the system clock. Console# clock source sntp clock timezone The clock timezone Global Configuration mode command sets the time zone for display purposes.
Examples The following example sets the timezone to 6 hours difference from UTC. Console# (config) clock timezone -6 zone CST clock summer-time The clock summer-time Global Configuration mode command configures the system to automatically switch to summer time (daylight saving time). Use the no form of this command to configure the software to not automatically switch to summer time.
Default Configuration Summer time is disabled. offset offset — default is 60 zone acronym — If unspecified default to the timezone acronym. If the timezone has not been defined, the default will be UTC. Command Mode Global Configuration mode. User Guidelines •...
Syntax • sntp authentication-key number md5 value • no sntp authentication-key number • number — Key number. (Range: 1 - 4294967295) • value — Key value. (Range: Up to 8 characters) Default Configuration No authentication key is defined. Command Mode Global Configuration mode.
User Guidelines • The command is relevant for both Unicast and Broadcast. Examples The following example defines the authentication key for SNTP and grants authentication. Console(config)# sntp authentication-key 8 md5 ClkKey Console(config)# sntp trusted-key 8 Console(config)# sntp authenticate sntp trusted-key The sntp trusted-key Global Configuration mode command authenticates the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize.
sntp client poll timer The sntp client poll timer Global Configuration mode command sets the polling time for the Simple Network Time Protocol (SNTP) client. Use the no form of this command to return to default. Syntax • sntp client poll timer seconds •...
User Guidelines • The sntp Broadcast client enable Interface Configuration mode command enables the device to receive Broadcast transmissions globally and on ALL interfaces. • Use the sntp client enable Interface Configuration mode command to enable the SNTP client on a specific interface.
sntp client enable The sntp client enable Global Configuration mode command enables the Simple Network Time Protocol (SNTP) Broadcast and Anycast client on an interface. Use the no form of this command to disable the SNTP client. Syntax • sntp client enable {ethernet interface-number | vlan vlan-id | port-channel number} •...
Default Configuration Disabled. Command Mode Interface Configuration (Ethernet, Port-Channel, VLAN) mode. User Guidelines • Use the sntp client enable Global Configuration mode command to enable Broadcast clients globally. • Use the sntp anycast client enable Global Configuration mode command to enable Anycast clients globally.
Examples The following example enables the device to use the Simple Network Time Protocol (SNTP) to request and accept Network Time Protocol (NTP) traffic from servers. Console (config)# sntp unicast client enable sntp unicast client poll The sntp unicast client poll Global Configuration mode command enables polling for the Simple Network Time Protocol (SNTP) predefined Unicast clients.
Page 134
Syntax • sntp server {ip4-address | ip6-address | hostname}[poll] [key keyid] • no sntp server {ip4-address | ip6-address | hostname} • ip4-address — IPv4 server address. • ipv6-address — IPv6 server address. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified.
Example The following example configures the device to accept SNTP traffic from the server on 192.1.1.1. Console(config)# sntp server 192.1.1.1 show clock The show clock User EXEC mode command displays the time and date from the system clock. Syntax • show clock [detail] •...
Example The following example displays the time and date from the system clock. Console# show clock 15:29:03 PDT(UTC-7) Jun 17 2002 Time source is SNTP Device> show clock detail 15:29:03 PDT(UTC-7) Jun 17 2002 Time source is SNTP Time zone: Acronym is PST Offset is UTC-8 Summertime:...
Page 137
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Examples Console# show sntp configuration Polling interval: 7200 seconds MD5 Authentication keys: 8, 9 Authentication is required for synchronization. Trusted Keys: 8,9 Unicast Clients Polling: Enabled.
show sntp status The show sntp status Privileged EXEC mode command shows the status of the Simple Network Time Protocol (SNTP). Syntax • show sntp status This command has no keywords or arguments. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
Configuration and Image Files To display list of files on a flash file system, use the dir Privileged EXEC command. Syntax • This command has no arguments or keywords. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines •...
syslog1.sys 262144 07-Feb-2005 10:16:02 syslog2.sys 262144 07-Feb-2005 10:16:02 directry.prv 262144 07-Feb-2005 10:15:56 startup-config rw 400000 13-Feb-2005 18:46:34 Total size of flash: 33292288 bytes Free size of flash: 20708893 bytes more To display a file, use the more Privileged EXEC command. Syntax more url •...
Examples Console# more version 12.1 interface FastEthernetg1 ip address 176.242.100.100 255. ip pim dense-mode duplex auto speed auto rename To rename a file, use the rename Privileged EXEC command Syntax • rename url new-url • url — The location URL. new-url —...
The following table shows keywords and URL prefixes: Keyword Source Destination flash Source or destination URL for Flash memory. It's the default in case a URL is specified without a prefix. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
copy The copy Privileged EXEC command copies any file from a source to a destination. Syntax • copy source-url destination-url [snmp] • source-url — The location URL or reserved keyword of the source file to be copied. (Range: 1 - 160 characters) •...
Page 144
User Guidelines • The location of a file system dictates the format of the source or destination URL. • The entire copying process may take several minutes and differs from protocol to protocol and from network to network. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified.
Page 145
Use the copy source-url running-config command to load a "configuration file" from a network server to the device "running configuration". The configuration is added to the "running configuration" as if the commands were typed in the command-line interface (CLI). The resulting configuration file is a combination of the previous "running configuration"...
delete The delete Privileged EXEC mode command deletes a file from a Flash memory device. Syntax • delete url • url — The location URL or reserved keyword of the source file to be copied. The following table shows keywords and URL prefixes: Keyword Source or Destination flash...
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • Use the show bootvar command to find out which image is the active image. Examples The following example loads system image 1 for the next device startup. Console# boot system image-1 show running-config The show running-config Privileged EXEC mode command displays the contents of the currently...
Examples The following example displays the contents of the running-config file. Console# show running-config no spanning-tree vlan database vlan 2 exit interface range ethernet g(1-2) switchport access vlan 2 exit interface vlan 2 bridge address 00:00:00:00:00:01 ethernet g1 exit interface ethernet g1 gvrp enable exit gvrp enable...
Page 149
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Examples The following example displays the contents of the startup-config file. Console# show startup-config no spanning-tree vlan database vlan 2 exit...
show bootvar The show bootvar Privileged EXEC mode command displays the active system image file that the device loads at startup. Syntax • show bootvar Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines •...
Ethernet Configuration Commands interface ethernet The interface ethernet Global Configuration mode command enters the Interface Configuration mode to configure an Ethernet type interface. Syntax • interface ethernet interface • interface — Valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Global Configuration mode.
Syntax • interface range ethernet {port-range | all} • port-range — List of valid ports to add. Separate non consecutive ports with a comma and no spaces; a hyphen is used to designate a range of ports. • all — All Ethernet ports. Default Configuration This command has no default configuration.
User Guidelines • There are no user guidelines for this command. Examples The following example disables port g5. Console(config)# interface ethernet g5 Console(config-if)# shutdown The following example re-enables port g5. Console(config)# interface ethernet g5 Console(config-if)# no shutdown description The description Interface Configuration mode command adds a description to an interface. Use the no form of this command to remove the description.
speed The speed Interface Configuration mode command configures the speed of a given Ethernet interface when not using auto-negotiation. Use the no form of this command to restore the default. Syntax • speed {10| 100 | 1000}. • no speed •...
Default Configuration The interface is set to full duplex. Command Mode Interface Configuration (Ethernet) mode. User Guidelines • Before attempting to force a particular duplex mode on the port operating at 10/100/1000 Mbps, disable the auto-negotiation on that port. • Half duplex mode can be set only for ports operating at 10 Mbps or 100 Mbps.
Example The following example enables auto negotiation of Ethernet port 5. (config)# interface ethernet g5 (config-if)# negotiation (config-if)# flowcontrol The flowcontrol Interface Configuration mode command configures the Flow Control on a given interface. Use the no form of this command to restore the default. Syntax •...
system flowcontrol The system flowcontrol Interface Configuration mode command enables flow control on cascade ports. To disable flow control, use the no form of this command. Syntax system flowcontrol no system flowcontrol Default Configuration System flowcontrol is disabled. Command Mode Interface Configuration mode.
User Guidelines • Mdix Auto: All possibilities to connect a PC with cross OR normal cables are supported and are automatically detected. • Mdix ON: It is possible to connect to a PC only with a normal cable and to connect to another switch ONLY with a cross cable.
port jumbo-frame The port jumbo-frame Global Configuration mode command enables jumbo frames for the device. The size of the port jumbo frame is 10K. Use the no form of this command to disable jumbo frames. Syntax • port jumbo-frame • no port jumbo-frame Default Configuration Jumbo Frames are not enabled.
Example In the following example, the counters for interface g1 are cleared. Console# clear counters ethernet g1 set interface active The set interface active Privileged EXEC mode command reactivates an interface that was suspended by the system. Syntax • set interface active {ethernet interface | port-channel port-channel-number} •...
Page 161
Default Configuration This command has no default configuration. Command Modes Privilege EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the configuration for all configured interfaces: Console# show interfaces configuration Port Type Duplex Speed Flow Control Admin State MdixMode ---- ---- ------ ------ ----...
The displayed port configuration information includes the following: • Port — The port number. • Port Type — The port designated IEEE shorthand identifier. For example 1000Base-T refers to 1000 Mbps baseband signaling. • Duplex — Displays the port Duplex status. •...
Page 163
Console# show interfaces status Port Type Duplex Speed Neg Flow Link State Back MDIX Control Pressure Mode ---- --------- ------ ---- ---- ------ ----- ----- ---- 1G Copper half Enabled off Disable 1G Copper half Enabled off Disable 1G-Copper half Enabled off Disable 1G-Copper...
Page 164
Type Duplex Speed Neg Flow Link State Control ---- ----- ----- ------- Not Present Not Present Not Present Not Present Not Present Not Present Not Present Not Present console# The displayed port status information includes the following: • Port — The port number. •...
show interfaces advertise The show interfaces advertise Privileged EXEC mode command displays auto-negotiation data. Syntax show interfaces advertise [ ethernet interface | port-channel port-channel-number ] • interface — A valid Ethernet port. • port-channel-number — Port channel index. A valid port channel. Default Configuration This command has no default configuration.
Type: 1G-Copper Link state: Up Auto Negotiation: enabled 1000f 1000h 100f 100h Admin Local Link Advertisement Oper Local Link Advertisement Remote Link Advertisement Priority Resolution Link State: Up Auto Negotiation: disabled. show interfaces description The show interfaces description User EXEC mode command displays the description for all configured interfaces.
Example The following example displays the description for the interface g1. Console# show interfaces description ethernet g1 Port Description ---- ------------------ Management_port R&D_port Finance_port Description ---- ------------------ Ch 1 Output show interfaces counters The show interfaces counters User EXEC mode command displays traffic seen by the physical interface. Syntax show interfaces counters [ethernet interface | port-channel port-channel-number] •...
Page 169
Examples The following example displays traffic seen by the physical interface. Console# show interfaces counters Port InUcastPkts InMcastPkts InBcastPkts InOctets ------ ---------- ----------- ----------- -------- 1289 183892 1788 123899 Port OutUcastPkt OutMcastPkts OutBcastPkts OutOctets ------ --------- ------------ --------- --------- 9188 8789 InUcastPkts InMcastPkts...
Page 170
The following example displays counters for port g1. Console# show interfaces counters ethernet g1 Port InOctets InUcastPkts InMcastPkts InBcastPkts ------ ----------- -------------- -------------- ----------- 183892 1289 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts ------ ----------- -------------- -------------- ----------- 9188 FCS Errors: 8 Single Collision Frames: 0 Multiple Collision Frames: 0 SQE Test Errors: 0...
Page 171
The following table describes the fields shown in the display: Field Description InOctets Counted received octets. InUcastPkts Counted received Unicast packets. InMcastPkts Counted received Multicast packets. InBcastPkts Counted received Broadcast packets. OutOctets Counted transmitted octets. OutUcastPkts Counted transmitted Unicast packets. OutMcastPkts Counted transmitted Multicast packets.
Symbol Errors For an interface operating at 100 Mb/s, the number of times there was an invalid data symbol when a valid carrier was present.For an interface operating in half-duplex mode at 1000 Mb/s, the number of times the receiving media is non-idle (a carrier event) for a period of time equal to or greater than slotTime, and during which there was at least one occurrence of an event that causes the PHY to indicate 'Data reception error' or 'carrier extend error' on the GMII.For an interface operating in full-duplex mode at...
port storm-control include-multicast The port storm-control include-multicast Interface Configuration (Ethernet) mode command enables counting Multicast packets in the port storm-control broadcast rate command. Use the no form of this command to disable counting Multicast packets. Syntax • port storm-control include-multicast [unknown-unicast] •...
User Guidelines • Use the port storm-control Broadcast rate Interface Configuration command to the set the maximum rate. • Use the port storm-control include-multicast Interface Configuration command to count also Multicast packets and optionally unknown Unicast packets in the storm control calculation. •...
Example The following example configures the maximum Broadcast rate 10 kilobytes per second. console(config)# interface ethernet g2 console(config-if)# port storm-control broadcast rate 10 show ports storm-control The show ports storm-control Privileged EXEC mode command displays the storm control configuration. Syntax show ports storm-control [interface] •...
Page 177
User Guidelines • There are no user guidelines for this command. Example The following example displays the flow control state on cascade ports.. console(config)# show system flowcontrol Flow control for internal cascade ports: Enabled Ethernet Configuration Commands...
DHCP Snooping ip dhcp snooping The ip dhcp snooping Global Configuration mode command globally enables DHCP snooping. Use the no form of this command to return to the default setting. Syntax • ip dhcp snooping • no ip dhcp snooping Default Configuration DHCP snooping disabled.
Default Configuration DHCP snooping on VLAN disabled. Command Mode Global Configuration mode. User Guidelines • Prior to enabling DHCP snooping on a VLAN, globally enable DHCP snooping. Example The following example enables DHCP snooping on a VLAN. console (config)#ip dhcp snooping vlan vlan-id ip dhcp snooping trust The ip dhcp snooping trust Interface Configuration mode command configures a port as trusted for DHCP snooping purposes.
Syntax • ip dhcp snooping information option allowed-untrusted • no ip dhcp snooping information option allowed-untrusted Default Configuration Discard DHCP packets with option-82 information from an untrusted port. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example configures a switch to accept DHCP packets with option-82 information from an untrusted port.
Example The following example configures the switch to verify on an untrusted port that the source MAC address in a DHCP packet matches the client hardware address. console (config)#ip dhcp snooping verify ip dhcp snooping database The ip dhcp snooping database Global Configuration mode command configures the DHCP snooping binding file.
Default Configuration 1200. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example configures the update frequency ofthe DHCP snooping binding file. console (config)# ip dhcp snooping database update-freq seconds ip dhcp snooping binding The ip dhcp snooping binding Privileged EXEC mode command configures the DHCP snooping binding database and adds binding entries to the database.
User Guidelines • After entering this command, an entry is added to the DHCP snooping database. If DHCP snooping binding file exists, the entry is also added to that file. • The entries are displayed in the show commands as a ’DHCP Snooping entry’. Example The following example configures the DHCP snooping binding database and adds binding entries to the database.
Default Configuration This command has no default configuration. Command Mode EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the DHCP snooping configuration. Console # show ip dhcp snooping DHCP snooping is enabled DHCP snooping is configured on following VLANs: 2, 7-18 DHCP snooping database: enabled Verification of hwaddr field is enabled...
Page 186
Command Mode EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the DHCP snooping binding database and configuration information for all interfaces on a switch. Console# show ip dhcp snooping binding Update frequency: 1200 Total number of binding: 2 Mac Address...
GVRP Commands gvrp enable (global) GVRP , or GARP VLAN Registration Protocol, is an industry-standard protocol designed to propagate VLAN information from device to device. With GVRP , a single switch is manually configured with all desired VLANs for the network, and all other switches on the network learn these VLANs dynamically.
Syntax • gvrp enable • no gvrp enable Default Configuration GVRP is disabled on all interfaces by default. Command Mode Interface Configuration (Ethernet, port-channel) mode. User Guidelines • An access port would not dynamically join a VLAN because it is always a member in only one VLAN. •...
Default Configuration The default timer values are as follows: • Join timer — 200 milliseconds • Leave timer — 600 milliseconds • Leavall timer — 10000 milliseconds Command Mode Interface Configuration (Ethernet, port-channel) mode. User Guidelines • The timer_value value must be a multiple of 10. •...
User Guidelines • This command forbids dynamic VLAN creation from the interface. The creation or modification of dynamic VLAN registration entries as a result of the GVRP exchanges on an interface are restricted only to those VLANs for which static VLAN registration exists. Example The following example disables dynamic VLAN creation on port g8.
User Guidelines • There are no user guidelines for this command. Example The following example shows how to display GVRP configuration information: Console# show gvrp configuration GVRP Feature is currently enabled on the switch. Maximum VLANs: 255 Port(s) GVRP- Registration Dynamic Timers Leave Leave All...
Page 193
Example The following example shows GVRP statistics information: Console# show gvrp statistics GVRP statistics: ---------------- : Join Empty Received rJIn : Join In Received rEmp : Empty Receiaved rLIn : Leave In Received : Leave Empty Received : Leave All Received : Join Empty Sent sJIn : Join In Sent sEmp : Empty Sent...
IGMP Snooping Commands ip igmp snooping (Global) The ip igmp snooping Global Configuration mode command enables Internet Group Management Protocol (IGMP) snooping. Use the no form of this command to disable IGMP snooping. Syntax • ip igmp snooping • no ip igmp snooping Default Configuration IGMP snooping is disabled.
Default Configuration IGMP snooping is disabled. Command Mode Interface Configuration (VLAN) mode. User Guidelines • IGMP snooping can only be enabled on static VLANs. Example The following example enables IGMP snooping on VLAN 2. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping ip igmp snooping mrouter The ip igmp snooping mrouter Interface Configuration mode command enables automatic learning of Multicast router ports of a specific VLAN.
ip igmp snooping host-time-out The ip igmp snooping host-time-out Interface Configuration mode command configures the host-time- out. If an IGMP report for a Multicast group was not received for a host-time-out period from a specific port, this port is deleted from the member list of that Multicast group. Use the no form of this command to reset to default host-time-out.
Default Configuration The default value is 300 seconds. Command Mode Interface Configuration (VLAN) mode. User Guidelines • There are no user guidelines for this command. Example The following example configures the mrouter timeout to 200 seconds. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping mrouter-time-out 200 ip igmp snooping leave-time-out The ip igmp snooping leave-time-out VLAN Interface Configuration mode command configures the...
Example The following example configures the host leave-time-out to 60 seconds. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping leave-time-out 60 ip igmp snooping querier enable The ip igmp snooping querier enable Interface Configuration mode command enables Internet Group Management Protocol (IGMP) querier on a specific VLAN.
ip igmp snooping querier address The ip igmp snooping querier address Interface Configuration mode command defines the source IP address that the IGMP Snooping querier uses. Use the no form of this command to return to default. Syntax • ip igmp snooping querier address ip-address •...
User Guidelines • There are no user guidelines for this command. Example The following example shows IGMP snooping mrouter information. Console # show ip igmp snooping mrouter VLAN Ports ---- ------ show ip igmp snooping interface The show ip igmp snooping interface User EXEC mode command shows IGMP snooping configuration. Syntax •...
Example The example displays IGMP snooping information. Console # show ip igmp snooping interface 1000 IGMP Snooping is globally enabled IGMP Snooping admin: Enabled Hosts and routers IGMP version: 2 IGMP snooping oper mode: Enabled IGMP snooping querier admin: Enabled IGMP snooping querier oper: Enabled IGMP snooping querier address admin: IGMP snooping querier address oper: 172.16.1.1...
Page 203
User Guidelines • To see the full Multicast address table (including static addresses) use the show bridge address-table command. Example The example shows IGMP snooping information. Console # show ip igmp snooping groups Vlan IP Address Querier Ports ----- ------------------ -------- ------------ 224-239.130|2.2.3...
Syntax • ip address ip-address {mask | prefix-length} • no ip address [ip-address] • ip-address — IP address • mask — Specifies the network mask of the IP address. (Range: Valid Subnet mask) • prefix-length — The number of bits that comprise the IP address prefix. The prefix length must be preceded by a forward slash (/).
Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet, VLAN, port-channel). User Guidelines • The ip address dhcp command allows any interface to dynamically learn its IP address by using the DHCP protocol. • Some DHCP Servers require that the DHCPDISCOVER message have a specific host name. The most typical usage of the ip address dhcp hostname host-name command is when host-name is the host name provided by the system administrator.
Command Mode Global Configuration mode. User Guidelines • There are no User Guidelines for this command. Example The following example defines an ip default gateway. Console(config)# ip default-gateway 192.168.1.1 show ip interface The show ip interface User EXEC mode command displays the usability status of interfaces configured for IP .
Console# show ip interface Gateway IP Address Type Activity Status --------------------- ----------- --------------- 10.7.1.1 Static Active IP address Interface Type ------------------- ------------ ------------ 10.7.1.192/24 VLAN 1 Static 10.7.2.192/24 VLAN 2 DHCP The arp Global Configuration mode command adds a permanent entry in the Address Resolution Protocol (ARP) cache.
Example The following example adds the IP address 198.133.219.232 and MAC address 00:00:0c:40:0f:bc to the ARP table. Console (config)# arp 198.133.219.232 00:00:0c:40:0f:bc ethernet arp timeout The arp timeout Global Configuration mode command configures how long an entry remains in the ARP cache.
Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example deletes all dynamic entries from the ARP cache. Console# clear arp-cache show arp The show arp Privileged EXEC mode command displays entries in the ARP table. Syntax show arp [ip-address ip-address] [mac-address mac-address] [ethernet interface | port-channel port- •...
Example The following example displays entries in the ARP table. Console# show arp ARP timeout: 60000 Seconds Interface IP address HW address status ---------- -------------- ---------------- -------- 10.7.1.102 00:10:B5:04:DB:4B Dynamic 10.7.1.135 00:50:22:00:2A:A4 Static ip domain-lookup The ip domain-lookup Global Configuration mode command enables the IP Domain Naming System (DNS)-based host name-to-address translation.
• There are no user guidelines for this command. Examples The following example defines a default domain name of www.dell.com. Console (config)# ip domain-name www.dell.com ip name-server The ip name-server Global Configuration mode command sets the available name servers. Use the no form of this command to remove a name server.
No host is defined. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Examples The following example defines a static host name-to-address mapping in the host cache. Console (config)# ip host accounting.dell.com 176.10.23.1 IP Addressing Commands...
IPv6 Addressing ipv6 enable The ipv6 enable Interface Configuration mode command enables IPv6 processing on an interface. Use the no form of this command to disable IPv6 processing on an interface. Syntax • ipv6 enable [no-autoconfig] • no ipv6 enable –...
ipv6 address autoconfig The ipv6 address autoconfig Interface Configuration mode command enables automatic configuration of IPv6 addresses using stateless autoconfiguration on an interface. Addresses are configured depending on the prefixes received in Router Advertisement messages. , Use the no form of this command to disable address autoconfiguration on the interface.
milliseconds — The time interval between tokens being placed in the bucket, each token • represents a single ICMP error message. (Range: 0 - 2147483647) • bucketsize — The maximum number of tokens stored in the bucket. (Range: 1 - 200) Default Configuration The default interval is 100ms and the default bucketsize is 10 tokens.
Example The following example displays the IPv6 ICMP error interval setting.. Console> show ipv6 icmp error-interval Rate limit interval: 100 ms Bucket size: 10 tokens ipv6 address The ipv6 address Interface Configuration mode command configures an IPv6 address for an interface. use the no form of this command to remove the address from the interface.
Example The following example configures an IPv6 address FE80::260:3EFF:FE11:6770 for interface g1. Console# Console (config)# interface g1 Console (config-if)# ipv6 address FE80::260:3EFF:FE11:6770 ipv6 address link-local The ipv6 address link-local Interface Configuration mode command configures an IPv6 link-local address for an interface. Use the no form of this command to return to the default link local address on the interface.
Example The following example assigns FE80::260:3EFF:FE11:6770 as the link-local address. Console# Console (config)# interface g1 Console (config-if)# ipv6 address FE80::260:3EFF:FE11:6770 link- local ipv6 unreachables The ipv6 unreachables Interface Configuration mode command enables the generation of Internet Control Message Protocol for IPv6 (ICMPv6) unreachable messages for any packets arriving on a specified interface.
Syntax • ipv6 default-gateway ipv6-address • no ipv6 default-gateway • ipv6-address — IPv6 address of the next hop that can be used to reach that network. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified.
Syntax • ipv6 mld join-group group-address • no ipv6 mld join-group group-address • group-address — The multicast group IPv6 address. Default Configuration This command has no default setting. Command Mode Interface configuration (Ethernet, VLAN, Port-channel). User Guidelines • The ipv6 mld join-group command configures MLD reporting for a specified group. The packets that are addressed to a specified group address will be passed up to the client process in the device.
Example The following example defines an IPv6 default gateway. Console(config-if)# ipv6 mld version 1 show ipv6 interface The show ipv6 interface Privileged EXEC mode command displays the usability status of interfaces configured for IPv6. Syntax • show ipv6 interface [ethernet interface-number | vlan vlan-id | port-channel number] •...
IP addresses Type DAD State ---------------- ------ --------- 2002:1:1:1:200:b0ff:fe00 other Active 3001::1/64 manual Active 4004::55/64 [ANY] manual Active fe80::200:b0ff:fe00:0 linklayer Active ff02::1 linklayer Active ff02::77 manual ------ ff02::1:ff00:0 manual ------ ff02::1:ff00:1 manual ------ ff02::1:ff00:55 manual ------ show ipv6 route The show ipv6 route Privileged EXEC mode command displays the current state of the IPv6 routing table.
Example The following example displays the current state of the IPv6 routing table. Console> show ipv6 route Codes: L - Local, S - Static, I - ICMP, ND - Router Advertisment The number in the brackets is the metric. ::/0 via fe80::77 [0] VLAN 1 Lifetime Infinite ND ::/0 via fe80::200:cff:fe4a:dfa8 [0] VLAN 1 Lifetime 1784 sec 2001::/64 is directly connected, g2 Lifetime Infinite 2002:1:1:1::/64 is directly connected, VLAN 1 Lifetime 2147467...
User Guidelines • Duplicate address detection verifies the uniqueness of new unicast IPv6 addresses before the addresses are assigned to interfaces (the new addresses remain in a tentative state while duplicate address detection is performed). Duplicate address detection uses neighbor solicitation messages to verify the uniqueness of unicast IPv6 addresses.
Syntax • ipv6 host name ipv6-address1 [ipv6-address2...ipv6-address4] • no ipv6 host name • name — Name of the host. (Range: 1 - 158 characters) • ipv6-address1 — Associated IPv6 address. The address is specified in hexadecimal using 16-bit values between colons. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified.
Syntax • ipv6 set mtu {ethernet interface | vlan vlan-id | port-channel port-channel-number} { bytes | default} • ethernet interface — Valid interface number. • vlan vlan-id — VLAN number. • port-channel port-channel-number — Valid Port Channel index. • bytes — MTU in bytes with a minimum is 1280 bytes. •...
Page 233
User Guidelines • The associated interface of a MAC address can be aged out from the FDB table, so the Interface field can be empty. • When an ARP entry is associated with an IP interface that is defined on a port or port-channel, the VLAN field is empty.
iSCSI Commands iscsi enable The iscsi enable Global Configuration mode command globally enables iSCSI awareness. Use the no form of this command to disable iSCSI awareness. Syntax • iscsi enable • no iscsi enable Default Configuration This command has no default configuration. Command Mode Global Configuration mode.
Page 236
Syntax • iscsi target port tcp-port-1 [tcp-port-2.… tcp-port-8] [address ip-address] [name targetname] • no iscsi target port tcp-port-1 [tcp-port-2.… tcp-port-8] [address ip-address] • tcp-port — TCP port number or list of TCP port numbers on which iSCSI target/s listen to requests.
iscsi cos The iscsi cos Global Configuration mode command sets the quality of service profile that will be applied to iSCSI flows. Use the no form of this command to return to default. Syntax • iscsi cos {vpt vpt | dscp dscp} [remark] •...
Syntax • iscsi aging-time time • no iscsi aging-time • time — The number in minutes a session is not active prior to its removal. (Range: 1- 43,200) Default Configuration 5 minutes. Command Mode Global Configuration mode. User Guidelines • All connections are measured in groups of 32.
Default Configuration 256 connections. Command Mode Global Configuration mode. User Guidelines • The new setting takes affect after reset. • The amount of iSCSI connections affects other system features: iSCSI aware, DHCP snooping and ACL rules use the same system resource. When increasing the number of iSCSI connections the other application rules (DHCP snooping or ACL) can be removed after reset.
Example The following example displays the iSCSI settings. Console # show iscsi iSCSI enabled iSCSI vpt is 5, remark Session aging time: 60 min Maximum number of connections is 256 -------------------------------------------------- iSCSI targets and TCP ports: --------------------------- TCP Port Target IP Address Name 3260 5000...
Page 241
User Guidelines • The aging mechanism checks session activity in a group of N TCP iSCSI connections. In the worst case, when all 256 sessions are monitored and are not terminated gracefully, the existing mechanism causes inaccuracy: the last group of monitored iSCSI sessions ages out after (256/N)*aging-time. •...
Page 242
Initiator: iqn.1992-04.com.os- vendor.plan9:cdrom.12.storage:sys1.xyz -------------------------------------------------------------- Time started: 23-Jul-2002 10:04:50 Time for aging out: 10 min ISID: 11 Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.3 49154 172.16.1.20 30001 172.16.1.4 49155 172.16.1.21 30001 172.16.1.5 49156 172.16.1.22 30001 Session 2: --------------------------------------------------------------- Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10...
LACP Commands lacp system-priority The lacp system-priority Global Configuration mode command configures the system priority. Use the no form of this command to reset to default. Syntax • lacp system-priority value • no lacp system-priority • value — Value of the priority. (Range: 1 - 65535) Default Configuration The default system priority value is 1.
Default Configuration The default port priority value is 1. Command Mode Interface Configuration (Ethernet) mode. User Guidelines • There are no user guidelines for this command. Example The following example configures the priority value for port g8 to 247. Console (config)# interface ethernet g8 Console (config-if)# lacp port-priority 247 lacp timeout The lacp timeout Interface Configuration mode command assigns an administrative LACP timeout.
show lacp ethernet The show lacp ethernet Privilege EXEC mode command displays LACP information for Ethernet ports. Syntax • show lacp ethernet interface [parameters | statistics | protocol-state] • Interface — Ethernet interface. Default Configuration This command has no default configuration. Command Mode Privilege EXEC mode.
Page 246
Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example shows how to display LACP port-channel information. Console# show lacp port-channel 1 Port-Channel 1:Port Type 1000 Ethernet Actor System Priority:1 MAC Address: 00:02:85:0E:1C:00 Admin Key: Oper Key:...
Line Commands line The line Global Configuration mode command identifies a specific line for configuration and enters the Line Syntax • line {console | telnet | ssh} • console — Console terminal line. • telnet — Virtual terminal for remote console access (Telnet). •...
Syntax • speed bps • bps — Baud rate in bits per second (bps). The options are 2400, 4800, 9600, 19200 and 38400. Default Configuration This default speed is 9600. Command Mode Line Configuration (console) mode. User Guidelines • The configured speed would be applied when Autobaud is disabled. •...
Examples The following example sets the line for automatic baud rate detection. Console (config)# line console Console(config-line)# autobaud exec-timeout The exec-timeout Line Configuration mode command sets the interval that the system waits until user input is detected. Use the no form of this command to restore the default setting. Syntax •...
show line The show line User EXEC mode command displays line parameters. Syntax • show line [console | telnet | ssh] • console — Console terminal line. • telnet — Virtual terminal for remote console access (Telnet). • ssh — Virtual terminal for secured remote console access (SSH). Default Configuration Default value is console.
Command Mode User EXEC mode. User Guidelines The command enables the command history for the current session. The default would be determined by the history Line Configuration command. Examples The following example disables the command history function for the current terminal session. console# show line console Interactive timeout: 10 minutes History: 10...
LLDP Commands lldp enable (global) The lldp enable Global Configuration mode command enables Link Layer Discovery Protocol (LLDP). Use the no form of this command to disable LLD. Syntax • lldp enable • no lldp enable Default Configuration LLDP is enabled. Command Mode Global Configuration mode.
Default Configuration Default — 30 seconds. Command Modes Global Configuration mode. User Guidelines There are no user guidelines for this command. Examples The following example specifies the system to send Link Layer Discovery Protocol (LLDP) updates every 50 seconds. Console (config) # lldp timer 50 lldp hold-multiplier The lldp hold-multiplier Global Configuration mode command specifies the amount of time the receiving device should hold a Link Layer Discovery Protocol (LLDP) packet before discarding it.
Examples The following example specifies the amount of time the receiving device should hold a Link Layer Discovery Protocol (LLDP) packet to 10 before discarding it. Console (config) # lldp hold-multiplier 10 lldp reinit-delay The lldp reinit-delay Global Configuration mode command specifies the minimum time an LLDP port waits before reinitializing LLDP transmissions.
Syntax • lldp tx-delay seconds • no lldp tx-delay Parameters • seconds — Specifies the delay in seconds between successive LLDP frame transmissions initiated by value/status changes in the LLDP local systems MIB. (Range 1 - 8192 seconds) Default Configuration The default value is 2 seconds.
User Guidelines There are no user guidelines for this command. Example The following example specifies which optional TLV (2)s from the basic set should be transmitted. Console(config)# interface ethernet g5 Console(config-if)# lldp optional-tlv sys-name lldp management-address The lldp management-address Interface Configuration mode command specifies the management address that would be advertised from an interface.
lldp med enable The lldp med enable Interface Configuration mode command enables Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) on an interface. Use the no form of this command to disable LLDP MED on an interface. Syntax • lldp med enable [tlv1 …...
Syntax • lldp med network-policy number application [vlan id] [vlan-type {tagged | untagged}] [up priority] [dscp value] • no lldp med network-policy number • number — Network policy sequential number. • application — The name or the number of the primary function of the application defined for this network policy.
Command Mode Interface Configuration (Ethernet) mode. User Guidelines There are no guidelines for this command. lldp med location The lldp med location Interface Configuration mode command configures location information for the Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) for an interface. Use the no form of this command to delete location information for an interface.
Example The following example displays the Link Layer Discovery Protocol (LLDP) configuration. Console# show lldp configuration LLDP state: Enabled Timer: 30 Seconds Hold multiplier: 4 Reinit delay: 2 Seconds Tx delay: 2 Seconds Port State Optional TLVs Addres ---- ----- ------------- ------- Rx and Tx...
Page 264
Example The following example displays the Link Layer Discovery Protocol (LLDP) information that is advertised from port g1. Switch# show lldp local ethernet g1 Device ID: 0060.704C.73FF Port ID: 1 Capabilities: Bridge System Name: ts-7800-1 System description: Port description: Management address: 172.16.1.8 802.3 MAC/PHY Configuration/Status Auto-negotiation support: Supported Auto-negotiation status: Enabled...
show lldp neighbors The show lldp neighbors Privileged EXEC mode command displays information about neighboring devices discovered using Link Layer Discovery Protocol (LLDP). Syntax • show lldp neighbors [ethernet interface] interface — Ethernet interface • Command Modes Privileged EXEC mode. User Guidelines There are no user guidelines for this command.
LLDP-MED Inventory Hardware revision: 2.1 Firmware revision: 2.3 Software revision: 2.7.1 Serial number: LM759846587 Manufacturer name: VP Model name: TR12 Asset ID: 9 show lldp med configuration The show lldp med configuration Privileged EXEC mode command displays the Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) configuration.
Page 267
Example The following example displays the Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) configuration. Switch# show lldp med configuration Network policy 1 ------------------- Application type: Voice VLAN ID: 2 tagged Layer 2 priority: 0 DSCP: 0 Port Capabilities Network Policy Location ----------...
Management ACL management access-list The management access-list Global Configuration mode command defines an Access-List for management, and enters the Access-List for configuration. Once in the Access-List Configuration mode, the denied or permitted access conditions are configured with the deny and permit commands.
Page 270
Examples The following example shows how to create an Access-List called ’mlist’, configure two management interfaces ethernet g1 and ethernet g9, and make the Access-List the active list. Console (config)# management access-list mlist Console (config-macl)# permit ethernet g1 Console (config-macl)# permit ethernet g9 Console (config-macl)# exit Console (config)# management access-class mlist The following example shows how to create an Access-List called ’mlist’, configure all interfaces to be...
management access-class The management access-class Global Configuration mode command defines which management Access-List is used. Use the no form of this command to disable restriction. Syntax • management access-class {console-only | name} • no management access-class • name — Name of the Access List. If unspecified, defaults to an empty Access-List. (Range: 1 - 32 characters) •...
User Guidelines • There are no user guidelines for this command. Example The following example displays the active management Access-List. Console# show management access-list mlist ----- permit ethernet g1 permit ethernet g9 ! (Note: all other access implicitly denied) show management access-class The show management access-class Privileged EXEC mode command displays the active management Access-List.
PHY Diagnostics Commands test copper-port tdr The test copper-port tdr Privileged EXEC mode command diagnoses with TDR (Time Domain Reflectometry) technology the quality and characteristics of a copper cable attached to a port. Syntax • test copper-port tdr interface • interface —...
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the last TDR (Time Domain Reflectometry) tests on all ports. Console# show copper-ports tdr Port Result Length...
— Detailed diagnostics. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • To test optical transceivers, ensure a fiber link is up. The test is only supported on Dell supported SFP modules. PHY Diagnostics Commands...
Page 278
Examples The following example displays the optical transceiver diagnostics. console# show fiber-ports optical-transceiver Port Temp Voltage Current Output Input Power Power Power ---- ----- ------- ------ ------ ------ Copper Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage. Current –...
Page 279
The following example displays detailed optical transceiver diagnostics. console# show fiber-ports optical-transceiver detailed Port Temp Voltage Current Output Input [Volt] [mA] Power Power [mWatt] [mWatt] ----- ------ ------ ------ ---- 7.27 0.79 3.30 2.50 7.24 0.78 2.20 2.49 Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage.
Port Channel Commands interface port-channel The interface port-channel Global Configuration mode command enters the Interface Configuration mode of a specific port-channel. Syntax • interface port-channel port-channel-number • port-channel-number — A valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode Global Configuration mode.
Syntax • interface range port-channel {port-channel-range | all} • port-channel-range — List of port-channels to configure. Separate non-consecutive port-channels with a comma and no spaces. A hyphen designates a range of port-channels. • all — All the channel-ports. Default Configuration This command has no default configuration.
Command Mode Interface Configuration (Ethernet) mode. User Guidelines • There are no user guidelines for this command. Example The following example shows how port g5 is configured to port-channel number 1 without LACP . Console (config)# interface ethernet g5 Console (config-if)# channel-group 1 mode on port-channel load-balance The port-channel load-balance Global Configuration mode command configures the load balancing policy of the port channeling.
show interfaces port-channel The show interfaces port-channel Privileged EXEC mode command shows Port channel information. Syntax • show interfaces port-channel [port-channel-number] • port_channel_number — Number of the Port channel to display. (Range: Valid port channel) Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode.
Port Monitor Commands port monitor The port monitor Interface Configuration mode command starts a port monitoring session. Use the no form of this command to stop a port monitoring session. Syntax • port monitor src-interface [rx | tx] • no port monitor src-interface •...
• The following restrictions apply to ports configured to be destination ports: • The port cannot be already configured as a source port. • The port cannot be a member in a port-channel. • An IP interface is not configured on the port. •...
Page 287
User Guidelines • There are no user guidelines for this command. Example The following example shows how the port copy status is displayed. Console# show ports monitor Source Port Destination Port Type Status ---------- ---------------- ------------ ------- RX, TX Active RX, TX Active Active...
QoS Commands The qos Global Configuration mode command enables quality of service (QoS) on the device and enters QoS basic mode. Use the no form of this command to disable the QoS features on the device. Syntax • • no qos Default Configuration There is no default configuration for this command.
Command Mode User EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays a QoS mode. Console#show qos Qos: disabled Trust: dscp wrr-queue cos-map The wrr-queue cos-map Global Configuration mode command maps assigned CoS values to select one of the egress queues.
User Guidelines • You can use this command to distribute traffic into different queues, where each queue is configured with different weighted round robin (WRR) parameters. • To enable the expedite queues, use the priority-queue out Interface Configuration mode command wrr-queue cos-map.
Example The following example assigns WRR weights to egress queues. Console(config)# priority-queue num-of-queues 1 Console(config)# interface ethernet g1 Console(config-if)# wrr-queue bandwidth 20 30 50 Console(config)# priority-queue num-of-queues 0 Console(config)# interface ethernet g3 Console(config-if)# wrr-queue bandwidth 20 30 50 10 priority-queue out num-of-queues The priority-queue out num-of-queues Global Configuration mode command enables the egress queues to be expedite queues.
Example The following example sets queue 8, 7 to be expedite queues. Console (config)# priority-queue out num-of-queues 2 traffic-shape The traffic-shape Interface Configuration (Ethernet, Port-Channel) mode command sets the shaper on an egress port. Use the no form of this command to disable the shaper. Syntax •...
Syntax • rate-limit rate • no rate-limit • rate — Specifies the maximum of kilobits per second of ingress traffic on a port. (Range: 3.5M – 1G ) Default Configuration The default configuration is disabled. Command Mode Interface Configuration (Ethernet) mode. User Guidelines •...
Page 295
Default Configuration There is no default configuration for this command. Command Mode User EXEC mode. User Guidelines If no keyword is specified with the show qos interface command, the port QoS mode (DSCP trusted, CoS trusted, untrusted), default CoS value, attached to the port, attached to the interface are displayed.
qos map dscp-queue The qos map dscp-queue Global Configuration mode command modifies the DSCP to queue map. Use the no form of this command to return to the default map. Syntax • qos map dscp-queue dscp-list to queue-id • no qos map dscp-queue [dscp-list ] •...
Default Configuration CoS is the default trust mode. Command Mode Global Configuration mode. User Guidelines • Packets entering a quality of service (QoS) domain are classified at the edge of the QoS domain. When the packets are classified at the edge, the switch port within the QoS domain can be configured to one of the trusted states because there is no need to classify the packets at every switch within the domain.
Example The following example configures port g5 to default trust state (CoS). Console (config)# interface ethernet g5 Console (config-if) qos trust qos cos The qos cos Interface Configuration mode command configures the default port CoS value. Use the no form of this command to return to the default setting. Syntax qos cos default-cos •...
Page 299
Default Configuration This command has no default configuration. Command Mode User EXEC mode . User Guidelines • There are no user guidelines for this command. Example The following example displays the DSCP port-queue map. console# show qos map Dscp-queue map: d1 : d2 0 --------------------------------------- 01 01 01 01 01 01 01 01 01 01...
Radius Commands radius-server host The radius-server host Global Configuration mode command specifies a RADIUS server host. Use the no form of this command to delete the specified RADIUS host. Syntax • radius-server host {ip-address | hostname} [auth-port auth-port-number] [timeout timeout] [retransmit retransmit] [deadtime deadtime] [key key] [source source] [priority priority] [usage type] no radius-server host ip-address...
Default Configuration By default, no RADIUS host is specified. Command Mode Global Configuration mode. User Guidelines • To specify multiple hosts, multiple radius-server host commands can be used. • If no host-specific timeout, retransmit, deadtime or key values are specified, the global values apply to each host.
There are no user guidelines for this command. Example The following example sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon to "dell-server". Console (config)# radius-server key dell-server radius-server retransmit The radius-server retransmit Global Configuration mode command specifies the number of times the software searches the list of RADIUS server hosts.
radius-server source-ip The radius-server source-ip Global Configuration mode command specifies the source IP address used for communication with RADIUS servers. Use the no form of this command to return to the default. Syntax • radius-server source-ip source no radius source-server-ip source •...
User Guidelines • There are no user guidelines for this command. Example The following example configures the source IPv6 address used for communication with RADIUS servers. Console (config)# radius-server source-ipv6 3156::98 radius-server timeout The radius-server timeout Global Configuration mode command sets the interval for which a device waits for a server host to reply.
radius-server deadtime The radius-server deadtime Global Configuration mode command improves RADIUS response times when servers are unavailable. The command is used to cause the unavailable servers to be skipped. Use the no form of this command to reset the default value. Syntax •...
Page 307
User Guidelines • There are no user guidelines for this command. Examples The following example displays the RADIUS server settings. Console# show radius-servers IP address Port Time Retransmit Dead Source Priority Usage Auth time --------- ---- ----- ---------- ------ ----- ------- ----- 172.16.1.1...
Oversize Pkts The total number of packets received longer than 1518 octets (excluding framing bits, but including FCS octets) and otherwise well formed. Fragments The total number of packets received less than 64 octets in length (excluding framing bits but including FCS octets) and either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
Syntax • rmon collection history index [owner ownername] [buckets bucket-number] [interval seconds] • no rmon collection history index • index — The requested statistics index group. (Range: 1 - 65535) • owner ownername — Records the RMON statistics group owner name. If unspecified, the name is an empty string.
Page 313
Command Mode User EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays all RMON group statistics. Console# show rmon collection history Index Interface Interval Requested Granted Owner Samples Samples ------ ---------- -------- --------- ---------- ---- 1000 The following table describes the significant fields shown in the display:...
show rmon history The show rmon history User EXEC mode command displays RMON Ethernet Statistics history. Syntax • show rmon history index {throughput | errors | other} [period seconds] • index — The requested set of samples. (Range: 1 - 65535) •...
Page 315
The following example displays RMON Ethernet Statistics history for "errors" on index number 5. Console# show rmon history 5 errors Sample Set: 1 Owner: CLI Interface: g1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 500 Time CRC Align Undersize Oversize Fragments Jabbers...
Page 316
The following table describes the significant fields shown in the display: Field Description Time Date and Time the entry is recorded. Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). Packets The number of packets (including bad packets) received during this sampling interval.
rmon alarm The rmon alarm Global Configuration mode command configures alarm conditions. Use the no form of this command to remove an alarm. Syntax • rmon alarm index variable interval rthreshold fthreshold revent fevent [type type] [startup direction] [owner name] •...
Example The following example displays the alarms summary table. Console# show rmon alarm-table Index Owner ----- ------------------- -------------- 1.3.6.1.2.1.2.2.1.10.1 1.3.6.1.2.1.2.2.1.10.1 Manager 1.3.6.1.2.1.2.2.1.10.9 The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the entry. Monitored variable OID.
Page 320
Example The following example displays RMON 1 alarms. Console# show rmon alarm 1 Alarm 1 ------- OID: 1.3.6.1.2.1.2.2.1.10.1 Last sample Value: 878128 Interval: 30 Sample Type: delta Startup Alarm: rising Rising Threshold: 8700000 Falling Threshold: 78 Rising Event: 1 Falling Event: 1 Owner: CLI The following table describes the significant fields shown in the display: Field...
Startup Alarm The alarm that may be sent when this entry is first set. If the first sample is greater than or equal to the rising threshold, and startup alarm is equal to rising or rising and falling, then a single rising alarm is generated. If the first sample is less than or equal to the falling threshold, and startup alarm is equal falling or rising and falling, then a single falling alarm is generated.
User Guidelines • There are no user guidelines for this command. Example The following example configures an event with the trap index of 10. Console (config)# rmon event 10 log show rmon events The show rmon events User EXEC mode command displays the RMON event table. Syntax •...
The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the event. Description A comment describing this event. Type The type of notification that the device generates about this event. Can have the following values: none, log, trap, log-trap.
Page 324
Example The following example displays the RMON logging table. Console# show rmon log Maximum table size: 500 Event Description Time ------- -------------- --------- Errors Jan 18 2002 23:48:19 Errors Jan 18 2002 23:58:17 High Broadcast Jan 18 2002 23:59:48 Console# show rmon log Maximum table size: 500 (800 after reset) Event Description...
rmon table-size The rmon table-size Global Configuration mode command configures the maximum RMON tables sizes. Use the no form of this command to return to the default configuration. Syntax • rmon table-size {history en.tries | log entries} • no rmon table-size {history | log} •...
SNMP Commands snmp-server community The snmp-server community command sets up the community access string to permit access to the Simple Network Management Protocol command. Use the no form of this command removes the specified community string. Syntax • snmp-server community community [ro | rw | su] [ipv4-address | ipv6-address] [view view-name] •...
User Guidelines • The view-name parameter cannot be specified for su, which has access to the whole MIB. • The view-name parameter can be used to restrict the access rights of a community string. When it is specified: – An internal security name is generated. –...
Default Setting ’Default’ and ’DefaultSuper’ views exists. Command Mode Global Configuration mode. User Guidelines • You can enter this command multiple times for the same view record. • The number of views is limited to 64. • "Default" and "DefaultSuper" views exist. Those views are used by the software internally and can't be deleted or modified.
Command Modes Global Configuration mode. User Guidelines • You can enter this command multiple times for the same filter record. Later lines take precedence when an object identifier is included in two or more lines. . Example The following example creates a filter that includes all objects in the MIB-II system group except for sysServices (System 7) and all objects for interface 1 in the MIB-II interfaces group: Console (config)# snmp-server view user-view system included Console (config)# snmp-server view user-view system.7 excluded...
snmp-server location The snmp-server location Global Configuration mode command sets up information on where the device is located. To remove the location string use, the no form of this command. Syntax • snmp-server location text no snmp-server location • text — Character string, up to 160 characters, describing the system location. Default Configuration This command has no default configuration.
Examples The following example displays the command to enable SNMP traps. Console (config)# snmp-server enable traps snmp-server trap authentication The snmp-server trap authentication Global Configuration mode command enables the switch to send Simple Network Management Protocol traps when authentication fails. Use the no form of this command to disable SNMP authentication failed traps.
• If a trap and inform are defined on the same target, and an inform was sent, the trap is not sent. • The IPv6Z address format: <ipv6-link-local-address>%<interface-name> – interface-name — vlan<integer> | ch<integer> | isatap<integer> | <physical-port-name> | 0 –...
Examples The following example sets the scalar MIB "sysName" to have the value "dell". Console (config)# snmp-server set sysName sysname dell The following example sets the entry MIB "rndCommunityTable" with keys 0.0.0.0 and "public". The field rndCommunityAccess gets the value "super" and the rest of the fields get their default values.
Default Configuration No group entry exists. Command Mode Global Configuration mode. User Guidelines • The Router context is translated to "" context in the MIB. Example The following example configures a new Simple Network Management Protocol (SNMP) group or a table that maps SNMP users to SNMP views Console (config)# snmp-server group user-group v3 priv read user-view snmp-server user...
md5-des-keys — Concatenated hexadecimal string of the MD5 key (MSB) and the privacy key • (LSB). If authentication is only required you should enter 16 bytes, if authentication and privacy are required you should enter 32 bytes. Each byte in hexadecimal character strings is two hexadecimal digits.
User Guidelines • The command logical key is the pair (ip-address/hostname, traps/informs). • A user and notification view are not automatically created. Use the snmp-server user, snmp-server group and snmp-server view Global Configuration mode commands to generate a user, group and notify group, respectively.
Page 340
Default Setting The engine ID is not configured. If SNMPv3 is enabled using this command, and the default is specified, the default engine ID is defined per standard as: • First 4 octets — first bit = 1, the rest is IANA Enterprise number. •...
Example The following example specifies the Simple Network Management Protocol (SNMP) engineID on the local device. Console(config) # snmp-server engineID local default show snmp engineid The show snmp engineID Privileged EXEC mode command displays the ID of the local Simple Network Management Protocol (SNMP) engine.
User Guidelines • There are no user guidelines for this command. Example The following example displays the SNMP communications status. console# sh snmp Traps are enabled. Authentication trap is enabled. Version 1,2 notifications Target Type Community Version UDP Port Filter TO sec Retries Address...
Command Modes Privileged EXEC mode. User Guidelines • There are no user guidelines for this command Example The following example displays the configuration of views use the show snmp views Privileged EXEC command. Console # show snmp views Name OID Tree Type user-view 1.3.6.1.2.1.1...
Example The following example displays the configuration of views use the show snmp views Privileged EXEC command. Console # show snmp groups Name Security Views Model Level Context Read Write Notify user-group priv Default managers-group priv Default Default managers-group priv Default Console # show snmp groups user-group Name: user-group...
Default Configuration There is no default configuration for this command. Command Modes Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the configuration of filters use the show snmp filters Privileged EXEC command.
Page 346
Example The following example displays the configuration of groups use the show snmp users Privileged EXEC command. Console # show snmp users Name group name Auto Method Remote John 1.3.6.1.2.1.1 John 1.3.6.1.2.1.1.7 08009009020C0B099 C075879 Console # show snmp users John Name: John Group name: user-group Auth Method: md5...
Spanning-Tree Commands spanning-tree The spanning-tree Global Configuration mode command enables spanning-tree functionality. Use the no form of this command to disable spanning-tree functionality. Syntax • spanning-tree • no spanning-tree Default Configuration Spanning-tree is enabled. Command Modes Global Configuration mode. User Guidelines •...
User Guidelines • When configuring the Forward-Time the following relationship should be kept: – 2*(Forward-Time - 1) >= Max-Age Example The following example configures spanning-tree bridge forward time to 25 seconds. Console(config)# spanning-tree forward-time 25 spanning-tree hello-time The spanning-tree hello-time Global Configuration mode command configures the spanning-tree bridge hello time, which is how often the switch Broadcasts hello messages to other switches.
spanning-tree max-age The spanning-tree max-age Global Configuration mode command configures the spanning-tree bridge maximum age. Use the no form of this command to reset the default maximum age. Syntax • spanning-tree max-age seconds • no spanning-tree max-age • seconds -Time in seconds. (Range: 6 - 40) Default Configuration The default max-age for IEEE STP is 20 seconds.
Command Modes Global Configuration mode. User Guidelines • The priority value must be a multiple of 4096. • The bridge with the lowest priority is elected to be the Root Bridge. Example The following example configures spanning-tree priority to 12288. Console(config)# spanning-tree priority 12288 spanning-tree disable The spanning-tree disable Interface Configuration mode command disables spanning-tree on a specific...
spanning-tree cost The spanning-tree cost Interface Configuration mode command configures the spanning-tree path cost for a port. Use the no form of this command to reset the default port path cost. Syntax • spanning-tree cost cost • no spanning-tree cost •...
User Guidelines • There are no user guidelines for this command. Example The following example configures the spanning priority on g5 to 96. Console(config)# interface ethernet g5 Console(config-if)# spanning-tree port-priority 96 spanning-tree portfast The spanning-tree portfast Interface Configuration mode command enables PortFast mode. In PortFast mode, the interface is immediately put into the forwarding state upon linkup, without waiting for the timer to expire.
spanning-tree link-type The spanning-tree link-type Interface Configuration mode command overrides the default link-type setting. Use the no form of this command to reset the default. Syntax • spanning-tree link-type {point-to-point | shared} • no spanning-tree link-type • point-to-point — Specifies the port link type as point-to-point. •...
Default Setting The default bridge priority for IEEE Spanning Tree Protocol (STP) is 32768. Command Mode Global Configuration mode. User Guidelines • The device with the lowest priority is selected as the root of the spanning tree. Example The following example configures the spanning tree priority of instance 1 to 4096. Console (config) # spanning-tree mst 1 priority 4096 spanning-tree mst max-hops The spanning-tree mst priority Global Configuration mode command configures the number of hops in...
spanning-tree mst port-priority The spanning-tree mst port-priority Interface Configuration mode command configures port priority for the specified MST instance. Use the no form of this command to return to the default configuration. Syntax • spanning-tree mst instance-id port-priority priority no spanning-tree mst instance-id port-priority •...
Example The following example configures an MST region. Console(config)# spanning-tree mst configuration Console(config-mst) # instance 1 add vlan 10-20 Console(config-mst) # name region1 Console(config-mst) # revision 1 instance (mst) The instance Configuration mode command maps VLANS to an MST instance. Syntax •...
name (mst) The name Configuration mode command defines the configuration name. Use the no form of this command to return to the default setting. Syntax • name string • no name • string — MST configuration name and is case-sensitive. (Range: 1 - 32 characters) Default Setting The default name is a bridge ID.
User Guidelines • There are no user guidelines for this command. Example The following example sets the configuration revision to 1. Console(config) # spanning-tree mst configuration Console(config-mst) # revision 1 show (mst) The show Configuration mode command displays the current or pending MST region configuration. Syntax •...
exit (mst) The exit Configuration mode command exits the MST Configuration mode and applies all configuration changes. Syntax • exit Default Setting This command has no default configuration. Command Mode MST Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example exits the MST Configuration mode and saves changes.
Example The following example exits the MST Configuration mode without saving changes. Console(config) # spanning-tree mst configuration Console(config-mst) # abort spanning-tree pathcost method The spanning-tree pathcost method Global Configuration mode command sets the default path cost method. Use the no form of this command to revert to the default setting. Syntax •...
Syntax • spanning-tree bpdu {filtering | flooding} • no spanning-tree bpdu • filtering — Filter BPDU packets when spanning-tree is disabled on an interface. • flooding — Flood BPDU packets when spanning-tree is disabled on an interface. Default Configuration The default definition is flooding. Command Modes Global Configuration mode.
Example The following example restarts the protocol migration process (forces the renegotiation with neighboring switches) on g1. Console# clear spanning-tree detected-protocols ethernet g1 show spanning-tree The show spanning-tree Privileged EXEC mode command displays spanning-tree configuration. Syntax • show spanning-tree [ ethernet interface-number | port-channel port-channel-number ] [instance instance-id] •...
Page 365
Examples The following example displays spanning-tree information. Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 2000 Root Port 1(g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864...
Page 366
Root ID Priority 36864 Address 00:02:4b:29:7a:00 This switch is the Root. Hello Time 2 Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.Nbr Cost Role PortFast Type Enabled 128.1 20000 FWD Desg P2p (RSTP) Enabled 128.2 20000 FWD Desg Shared (STP) Disabled...
Page 367
Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time Max Age 20 sec Forward 2 sec Delay 15 sec Interfaces Name State Prio.Nbr Cost Role PortFast Type Enabled 128.1 20000 Enabled 128.2 20000 Disabled 128.3 20000 Enabled 128.4 20000 Enabled 128.5 20000 Console# show spanning-tree active Spanning tree enabled mode RSTP...
Page 368
Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.Nbr Cost Sts Role PortFast Type Enabled 128.1 20000 FWD Root No P2p (RSTP) Enabled 128.2 20000 FWD Desg Shared (STP) Enabled 128.4 20000 BLK...
Page 369
Interfaces Name State Prio.Nbr Cost Role PortFast Type Enabled 128.4 Altn Shared (STP) Console# show spanning-tree detail Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (g1) Hello Time Max Age 20 sec Forward Delay...
Page 370
State: Forwarding Role: Root Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto) RSTP Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:01:42:97:e0:00 Designated port id: 128.25 Designated path cost: 0 Guard root: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 2 (1/2) enabled...
Page 371
Port 4 (1/4) enabled State: Blocking Role: Alternate Port Identifier: 128.4 Port cost: 20000 Type: Shared (configured: auto) STP Port Fast: No (configured:no) Designated bridge Priority: 28672 Address: 00:30:94:41:62:c8 Designated port id: 128.25 Designated path cost: 20000 Guard root:Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 5 (1/5) enabled...
Page 372
Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9 CST Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID...
Page 373
Bridge ID Priority 32768 Address 00:02:4b:29:7a:00 Number of topology changes 2 last change occurred 1d9h ago Times: hold 1, topology change 2, notification 2 hello 2, max age 20, forward delay 15 Port 1 (g1) enabled State: Forwarding Role: Boundary Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto) Boundary...
Page 374
Port 3 (1/3) disabled State: Blocking Role: Alternate Port id: 128.3 Port cost: 20000 Type: Shared (configured: auto) Internal Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:1a:19 Designated port id: 128.78 Designated path cost: 20000 Guard root: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 4 (1/4) enabled...
Page 375
Path Cost 20000 Root Port 1 (g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID Priority 32768 Address 00:02:4b:19:7a:00 Path Cost 10000 Rem hops Bridge ID Priority 32768 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops...
Spanning-tree guard root The spanning-tree guard root Interface Configuration mode command enables root guard on all spanning tree instances on the interface. Root guard restricts the interface to be the switch root port. Use the no form of this command to disable root guard on the interface. Syntax •...
SSH Commands ip ssh port The ip ssh port Global Configuration mode command specifies the port to be used by the SSH server. Use the no form of this command to use the default port. Syntax • ip ssh port port-number •...
Default Configuration SSH is enabled. Command Mode Global Configuration mode. User Guidelines • If encryption keys are not generated, the SSH server is in standby until the keys are generated. To generate SSH server keys, use the commands crypto key generate rsa, and crypto key generate dsa. Example The following example enables the device to be configured from a SSH server.
crypto key generate rsa The crypto key generate rsa Global Configuration mode command generates RSA key pairs. Syntax • crypto key generate rsa Default Configuration RSA key pairs do not exist. Command Mode Global Configuration mode. User Guidelines • RSA keys are generated in pairs: one public RSA key and one private RSA key. If the device already has RSA keys, a warning and prompt to replace the existing keys with new keys is displayed.
User Guidelines • There are no user guidelines for this command. Example The following example enables public key authentication for incoming SSH sessions. Console (config)# ip ssh pubkey-auth crypto key pubkey-chain ssh The crypto key pubkey-chain ssh Global Configuration mode command enters SSH Public Key-chain Configuration mode.
Syntax • user-key username {rsa | dsa} • no user-key username • username — Specifies the remote SSH client username, which can be up to 48 characters long. • rsa — RSA key. • dsa — DSA key. Default Configuration By default, there are no keys.
Command Mode SSH Public Key-string Configuration mode. User Guidelines • Use the key-string row command to specify the SSH public key row by row. Each row must begin with the key-string row command. This command is useful for configuration files. •...
Page 383
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the SSH server configuration. Console# show ip ssh SSH server enabled. Port: 22 RSA key was generated.
show crypto key mypubkey The show crypto key mypubkey Privileged EXEC mode command displays the SSH public keys on the device. Syntax • show crypto key mypubkey [rsa | dsa] • rsa — RSA key. • dsa — DSA key. Default Configuration This command has no default configuration.
Syslog Commands logging on The logging on Global Configuration mode command controls error messages logging. This command sends debug or error messages to a logging process, which logs messages to designated locations asynchronously to the process that generated the messages. Use the no form of this command to disable the logging process.
Page 388
Syntax • logging {ip4-address | ip6-address |hostname} [port port] [severity level] [facility facility] [description text] • no logging {ip4-address | ip6-address | hostname} • ip4-address — Host IPv4 address to be used as a syslog server. • ip6-address — Host IPv6 address to be used as a syslog server. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified.
Example The following example limits logged messages sent to the syslog server with IP address 10.1.1.1 to severity level critical. Console (config)# logging 10.1.1.1 severity critical logging console The logging console Global Configuration mode command limits messages logged to the console based on severity.
Default Configuration The default level is informational. Command Mode Global Configuration mode. User Guidelines • All the syslog messages are logged to the internal buffer. This command limits the commands displayed to the user. Example The following example limits syslog messages displayed from an internal buffer based on the severity level "debugging".
clear logging The clear logging Privileged EXEC mode command clears messages from the internal logging buffer. Syntax • clear logging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example clears messages from the internal syslog message logging buffer.
Example The following example limits syslog messages sent to the logging file based on the severity level ’alerts’. Console (config)# logging file alerts clear logging file The clear logging file Privileged EXEC mode command clears messages from the logging file. Syntax •...
Command Mode Global Configuration mode. User Guidelines • Other types of AAA events are not subject to this command. Example The following examplee nables logging messages related to AAA login events. Console(config)# aaa logging login file-system logging The file-system logging Global Configuration mode command controls logging file system events. To disable logging use the no form of the command.
management logging The management logging Global Configuration mode command controls logging of management access lists events. To disable logging use the no form of the command. Syntax • management logging deny • no management logging deny • deny — Log messages related to management ACLs deny actions. Default Configuration Logging of management access lists events enabled.
Page 395
Example The following example displays the show logging settings. Console# show logging Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max. File logging: level notifications. File Messages: 0 Dropped (severity). Syslog server 192.180.2.27 logging: errors.
Buffer log: 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernetg/0, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernetg/1, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernet1/2, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernetg/3, changed state to up 11-Aug-2002 15:41:43: %SYS-5-CONFIG_I: Configured from memory by console 11-Aug-2002 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface...
Page 397
User Guidelines • There are no user guidelines for this command. Example The following example displays the show logging file settings. Console# show logging file Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max. File logging: level notifications.
File log: 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernetg/0, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernetg/1, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernetg/2, changed state to up 11-Aug-2002 15:41:43: %LINK-3-UPDOWN: Interface Ethernetg/3, changed state to up 11-Aug-2002 15:41:43: %SYS-5-CONFIG_I: Configured from memory by console 11-Aug-2002 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface...
Page 399
User Guidelines • There are no user guidelines for this command. Example The following example displays the syslog server settings. Console# show syslog-servers IP address Port Severity Facility Description ------------- ---- -------- -------- ----------- 192.180.2.275 Informational local 192.180.2.285 Warning local Syslog Commands...
System Management ping The ping User EXEC mode command sends ICMP echo request packets to another node on the network. Syntax • ping ip-address | hostname [size packet_size] [count packet_count] [timeout time_out] • ping ipv6 {ipv6-address | hostname} [size packet_size] [count packet_count] [timeout time_out] •...
Page 402
User Guidelines Press Esc to stop pinging. Following are sample results of the ping command: • Destination (host/network) unreachable — The gateway for this destination indicates an unreachable destination. • Destination does not respond — If the host does not respond, a “no answer from host” appears in ten seconds.
The following example displays an address 180.50.1.1 which does not have connectivity. Console# ping 180.50.1.1 Pinging 180.50.1.1 with 56 bytes of data: PING: net-unreachable PING: net-unreachable PING: net-unreachable traceroute The traceroute User EXEC mode command discovers the routes that packets will actually take when traveling to their destination.
Page 404
count packet_count — The default count is 3. timeout time_out — The default is 6 seconds. Command Mode User EXEC mode. User Guidelines • The traceroute command works by taking advantage of the error messages generated by a device when a datagram exceeds its time-to-live (TTL) value.
The following table describes the significant fields shown in the display Field Description Indicates the sequence number of the router in the path to the host. i2-gateway.stanford.edu Host name of this device. 192.68.191.83 IP address of this device. 1 msec 1 msec 1 msec Round-trip time for each of the probes that are sent.
Page 406
User Guidelines • The Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating system-specific functions. To issue a special Telnet command, enter Esc and then a command character. Special Telnet Command characters Escape Sequence Purpose Ctrl-shift-6 b...
Page 407
Keywords Table Options Description /echo Enables local echo /quiet Prevents onscreen display of all messages from the software. /source-interface Specifies the source interface. /stream Turns on stream processing, which enables a raw TCP stream with no Telnet control sequences. A stream connection does not process Telnet options and can be appropriate for connections to ports running UNIX-to-UNIX Copy Program (UUCP) and other...
Printer service nntp Network News Transport Protocol 119 pim-auto-rp PIM Auto-RP pop2 Post Office Protocol v2 pop3 Post Office Protocol v3 smtp Simple Mail Transport Protocol sunrpc Sun Remote Procedure Call syslog Syslog tacacs TAC Access Control System talk Talk telnet Telnet time...
User Guidelines • There are no user guidelines for this command. Examples The following command switches to another open Telnet session. Console> resume 176.213.10.50 reload The reload Privileged EXEC mode command reloads the operating system. Syntax • reload Default Configuration This command has no default configuration.
There are no user guidelines for this command. Example The following example specifies the device host name. Console (config)# hostname Dell service cpu-utilization The service cpu-utilization Global Configuration mode command allows the software to measure CPU utilization. Use the no form of this command to disable measuring.
show cpu utilization The show cpu utilization privileged EXEC mode command displays information about CPU utilization. Syntax • show cpu utilization Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • Use the service cpu-utilization Global Configuration mode command to enable measuring CPU utilization.
User Guidelines • There are no user guidelines for this command. Example Console> show users Username Protocol Location Serial John 172.16.0.1 Robert HTTP 172.16.0.8 Betty Telnet 172.16.1.7 show sessions The show sessions User EXEC mode command lists the open Telnet sessions. Syntax •...
Examples The following table describes the significant fields shown in the display: Console> show sessions Connecti Host Address Port Byte -------- -------------- -------- ----- ---- Remote device 172.16.1.1 172.16.1.2 172.16.1.2 Field Description Connection Connection number Host Remote host to which the device is connected through a Telnet session. Address IP address of the remote host.
Example The following example displays the system information. console> show system System Description: Kenan 24 System Up Time (days,hour:min:sec): 00,05:19:48 System Contact: System Name: System location: System MAC Address: 00:00:b0:00:00:00 Sys Object ID: 1.3.6.1.4.1.674.10895.3020 PowerConnect 5400 Type: Main Power Supply Status Redundant Power Supply Status:...
User Guidelines • Only after reboot is the command implemented. During reboot the startup-config is deleted. It is highly recommended to backup the startup-config before executing this command. Example The following example enables support for ACLs and DVA. Console# set system dva show system mode The show system mode User EXEC mode command displays information on features control.
Syntax • show version Default Configuration This command has no default configuration. Command Mode User EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays a system version (this version number is only for demonstration purposes).
User Guidelines • There are no user guidelines for this command. Example The following example specifies the device asset tag as "1qwepot". Console (config)# asset-tag 1qwepot show system id The show system id User EXEC mode command displays the ID information. Syntax •...
TACACS Commands tacacs-server host The tacacs-server host Global Configuration mode command specifies a TACACS+ host. Use the no form of this command to delete the specified name or address. Syntax • tacacs-server host {ip-address | hostname} [single-connection] [port port-number] [timeout timeout] [key key-string] [source source] [priority priority] •...
There are no user guidelines for this command. Examples The following example sets the authentication encryption key. Console (config)# tacacs-server key dell-s tacacs-server timeout The tacacs-server timeout Global Configuration mode command sets the timeout value. Use the no form of this command to restore the default.
Syntax • tacacs-server timeout timeout • no tacacs-server timeout • timeout — Specifies the timeout value in seconds. (Range: 1 - 30) Default Configuration 5 seconds. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Examples The following example sets the timeout value as 30.
Examples The following example specifies the source IP address. Console (config)# tacacs-server source-ip 172.16.8.1 show tacacs The show tacacs Privileged EXEC mode command displays configuration and statistics for a TACACS+ server. Syntax • show tacacs [ip-address] • ip-address — Host name or IP address of the host. Default Configuration This command has no default configuration.
TIC Commands passwords min-length The passwords min-length Global Configuration mode command configures the minimal length required for passwords in the local database. Use the no form of this command to remove a requirement. Syntax • passwords min-length length • no passwords min-length •...
password-aging The password-aging Line Configuration mode command configures the aging time of line passwords. To disable password expiration time use the no form of this command. Syntax password-aging days • • no password-aging • days — The number of days before a password change is forced. (Range: 1-365) Default Configuration Password aging is disabled.
Default Configuration Password aging is disabled. Command Mode Global Configuration mode. User Guidelines • The aging time is calculated from the day the password was defined, and not from the day the aging was defined. • After a password expires a user can login for another 3 times. •...
Example The following example configures the required number of password changes before a password can be reused to 3. Console (config)#passwords history 3 passwords history hold-time The passwords history hold-time Global Configuration mode command configures the duration that a password is relevant for tracking passwords history. To return to default use the no form of this command.
Syntax • passwords lockout number • no passwords lockout • number — The number of authentication failures before the user account is locked-out. (Range: 1-5). Default Configuration Lockout is disabled. Command Mode Global Configuration mode. User Guidelines • The setting is relevant to local users passwords, line passwords and enable passwords. •...
User Guidelines • The login history is still kept in the device internal buffer. Example The following example enables writing to login history file. Console (config)# aaa login-history file set username active The set username active Privileged EXEC mode command reactivates a locked out user account. Syntax •...
Command Mode Privileged EXEC mode. Example The following example reactivates a locked out telnet line. Console# set line telnet active set enable-password active The set enable-password active Privileged EXEC mode command reactivates a locked out local password. Syntax • set enable-password level active •...
Page 430
Example The following example displays information about password management in the local database. Console# show passwords configuration Minimal length: 8 History: 10 History hold time: 365 days Lock-out: Disabled Enable Passwords Level Aging Expiry date Lockout ----- ----- ----------- ------- Jan 18 2005 Jan 18 2005 Line Passwords...
Lockout If lockout control is enabled, it specifies how many times a user has failed to enter the correct password since the last successful login. If the password is locked out it specifies “LOCKOUT”. Line Configuration and status for specific line password. show users login-history The show users login-history Privileged EXEC mode command displays information about the login history of users.
Tunnel interface tunnel The interface tunnel Global Configuration mode command enters tunnel interface configuration mode. Syntax • interface tunnel number • number — Tunnel index. (Range: 1) Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines •...
Syntax • tunnel mode ipv6ip {isatap} • no tunnel mode ipv6ip • isatap — Automatic IPv6 over IPv4 ISATAP tunnel is enabled. Default Configuration Disabled. Command Mode Interface Tunnel Configuration mode. User Guidelines • The system can be enabled to an ISATAP tunnel. When enabled, an automatic tunnel interface is created on each interface that is assigned with IPv4 address.
User Guidelines • The ipv6 tunnel routers-dns command determines the string that the host uses for automatic tunnel router lookup in IPv4 DNS procedure. By default, the string ‘ISATAP’ is used for the corresponding automatic tunnel types. • Per tunnel only one string can represent the automatic tunnel router name. Using this command overwrites the existing entry.
Example The following example sets the local (source) tunnel interface IPv4 address. Console (config)# interface tunnel 1 Console (config-tunnel)# tunnel source auto tunnel isatap query-interval The tunnel isatap query-interval Global Configuration mode command configures the interval between DNS Queries (before the IP address of the ISATAP router is known) for the automatic tunnel router domain name.
Syntax • tunnel isatap solicitation-interval seconds • no tunnel isatap solicitation-interval • seconds — Specify the number of seconds between ISATAP router solicitations messages. (Range: 10 – 3600) Default Configuration 10 seconds. Command Mode Global Configuration mode. User Guidelines • This command determines the interval of Router Solicitation messages when there is no active ISATAP router.
User Guidelines • The DNS query interval (after the IP address of the ISATAP router is known) is the TTL that is received from the DNS divided by (Robustness + 1). • The router solicitation interval (when there is an active ISATAP router) is the minimum-router- lifetime that is received from the ISATAP router divided by (Robustness + 1).
Page 439
Example The following example displays information on the ISATAP tunnel. Console> show ipv6 tunnel Router DNS name: ISATAP Router IPv4 address: 172.16.1.1 DNS Query interval: 10 seconds Min DNS Query interval: 0 seconds Router Solicitation interval: 10 seconds Min Router Solicitation interval: 0 seconds Robustness: 3 Tunnel...
User Interface enable The enable User EXEC mode command enters the privileged EXEC mode. Syntax • enable [privilege-level] • privilege-level — Privilege level to enter the system. (Range: 1 - 15) Default Configuration The default privilege level is 15. Command Mode User EXEC mode.
Default Configuration The default privilege level is 1. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example shows how to return to normal mode. Console# disable Console> login The login User EXEC mode command changes a login username. Syntax •...
configure The configure Privileged EXEC mode command enters the Global Configuration mode. Syntax • configure This command has no keywords or arguments. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example In the following example, because no keyword is entered, a prompt is displayed.
Example The following example changes the configuration mode from Interface Configuration mode to User EXEC mode. Console(config-if)# exit Console(config)# exit Console# exit(EXEC) The exit User EXEC mode command closes an active terminal session by logging off the device. Syntax • exit Default Configuration This command has no default configuration.
Command Mode All Command modes. User Guidelines • There are no user guidelines for this command. Example The following example ends the current configuration session and returns to the previous command mode. Console (config)# end Console # help The help command displays a brief description of the help system. Syntax •...
Command Mode Line Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example enables the command history function for telnet. Console (config)# line telnet Console (config-line)# history terminal datadump The terminal datadump EXEC mode command enables dumping of all the output from the show command without ’prompting’.
history size The history size Line Configuration mode command changes the command history buffer size for a particular line. Use the no form of this command to reset the command history buffer size to the default. Syntax • history size number-of-commands •...
Example The following example enables the debug command interface. console(config)# console# debug >debug Enter DEBUG Password: ***** DEBUG> show history The show history User EXEC mode command lists the commands entered in the current session. Syntax • show history Default Configuration This command has no default configuration.
show privilege The show privilege User EXEC mode command displays the current privilege level. Syntax • show privilege Default Configuration This command has no default configuration. Command Mode User EXEC command mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the current privilege level.
Page 450
Example The following example displays VLAN information. Console (Config)# do show vlan VLAN Name Ports Type Authorization -------- --------- --------- --------- ------------- default g1-2 Other Required g1-4 VLAN0010 g3-4 dynamic Required VLAN0011 g1-2 static Required VLAN0020 g3-4 static Required VLAN0021 static Required VLAN0030...
VLAN Commands vlan database The vlan database Global Configuration mode command enters the VLAN Database Configuration mode. Syntax • vlan database Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example enters the VLAN database mode.
Default Configuration This command has no default configuration. Command Mode VLAN Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example VLAN number 1972 is created. Console (config)# vlan database Console (config-vlan)# vlan 1972 interface vlan The interface vlan Global Configuration mode command enters the Interface Configuration (VLAN) mode.
interface range vlan The interface range vlan Global Configuration mode command enters the Interface Configuration mode to configure multiple VLANs. Syntax • interface range vlan {vlan-range | all} vlan-range — A list of valid VLAN IDs to add. Separate non consecutive VLAN IDs with a comma •...
Command Mode Interface Configuration (VLAN) mode. User Guidelines • The VLAN name should be unique. Example The following example names VLAN number 19 with the name "Marketing". Console (config)# interface vlan 19 Console (config-if)# name Marketing switchport access vlan The switchport access vlan Interface Configuration mode command configures the VLAN ID when the interface is in access mode.
switchport trunk allowed vlan The switchport trunk allowed vlan Interface Configuration mode command adds or removes VLANs, to or from a trunk port. Syntax • switchport trunk allowed vlan {add vlan-list | remove vlan-list} add vlan-list — List of VLAN IDs to add. Separate non consecutive VLAN IDs with a comma and •...
Command Mode Interface Configuration (Ethernet, port-channel) mode. User Guidelines • This command has the following consequences: incoming untagged frames are assigned to this VLAN and outgoing traffic in this VLAN on this port is sent untagged (despite the normal situation where traffic sent from a trunk-mode port is all tagged).
User Guidelines • You can use this command to change the egress rule (e.g. from tagged to untagged), without first removing the VLAN from the list. Example The following example shows how to add VLANs 2, 5, and 6 to the allowed list. Console (config)# interface ethernet g8 Console (config-if)# switchport general allowed vlan add 2,5,6 tagged...
switchport general ingress-filtering disable The switchport general ingress-filtering disable Interface Configuration mode command disables port ingress filtering. Use the no form of this command to enable ingress filtering on a port. Syntax • switchport general ingress-filtering disable • no switchport general ingress-filtering disable Default Configuration Ingress filtering is enabled.
User Guidelines • There are no user guidelines for this command. Example The following example configures g8 to discard untagged frames at ingress. Console (config)# interface ethernet g8 Console (config-if)# switchport general acceptable-frame-type tagged-only switchport forbidden vlan The switchport forbidden vlan Interface Configuration mode command forbids adding specific VLANs to a port.
switchport mode Use the switchport mode Interface Configuration command to configure the VLAN membership mode of a port. Use the no form of this command to reset the mode to the appropriate default for the device. Syntax • switchport mode { access | trunk | general | customer } •...
Default Configuration No VLAN is configured. Command Modes Interface Configuration (Ethernet, port-channel) mode. User Guidelines • There are no user guidelines for this command. Example The following example sets the port's VLAN when the interface is in customer mode. Console(config)# switchport customer vlan vlan-id map protocol protocols-group The map protocol protocols-group VLAN Configuration mode command maps a protocol to a protocol group.
Example The following example maps protocol ip-arp to the group named "213". Console (config)# vlan database Console (config-vlan)# map protocol ip-arp protocols-group 213 switchport general map protocols-group vlan The switchport general map protocols-group vlan Interface Configuration mode command sets a protocol-based classification rule.
switchport protected The switchport protected Interface Configuration mode command overrides the FDB decision, and sends all the Unicast, Multicast and Broadcast traffic to an uplink port. Use the no form of this command to disable overriding the FDB decision. Syntax switchport protected {ethernet port | port-channel port-channel-number } •...
Command Mode Interface Configuration (Ethernet, Port Channel) mode. User Guidelines • An internal usage VLAN is required when an IP interface is defined on Ethernet port or Port Channel. • Using this command the user can define the internal usage VLAN of a port. •...
Example The following example displays all VLAN information. Console# show vlan Name Ports Type Authorization Vlan ---------------- --------------- -------------------- ------------------- ------------- default g1-2 other Required VLAN0010 g1-4 dynamic Required VLAN0011 g3-4 static Required VLAN0020 g1-2 static Required VLAN0021 g3-4 static Required VLAN0030 static...
Example The following example displays all VLAN information. Console# show vlan internal usage Usage VLAN Reserved IP Address --------- --------- ---------- ---------- 1007 Active 1008 Inactive 1009 Active show vlan protocols-groups The show vlan protocols-groups Privileged EXEC mode command displays protocols-groups information.
Example The following example displays protocols-groups information. Console# show vlan protocols-groups Encapsulation Protocol Group Id ------------- -------- -------- ethernet 08 00 ethernet 08 06 ethernet 81 37 ethernet 81 38 rfc1042 08 00 rfc1042 08 06 show interfaces switchport The show interfaces switchport Privileged EXEC mode command displays switchport configuration. Syntax •...
Page 468
Example The following example displays switchport configuration individually for g1. Console# show interface switchport ethernet g1 Port g1: Port mode: General GVRP Status: disabled Ingress Filtering: true Acceptable Frame Type: admitAll Ingress Untagged VLAN (NATIVE) : 1 Port is member in: Vlan Name Egress rule...
Voice VLAN voice vlan id The voice vlan id Global Configuration mode command enables the Voice VLAN, and configures the Voice VALN id. Use the no form of this command to disable the Voice VALN. Syntax • voice vlan id vlan-id •...
Page 470
Syntax • voice vlan oui-table {add mac-address-prefix [description text] | remove mac-address-prefix} • no voice vlan oui-table • mac-address-prefix — Specify the MAC address prefix to be entered to the list. • description text — An optional text that describes the OUI. Default Configuration Description 0001e3...
voice vlan cos The voice vlan cos Global Configuration mode command sets the Voice VLAN Class Of Service. Use the no form of this command to return to default. Syntax • voice vlan cos cos [remark] • no voice vlan cos •...
Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example configures Voice vlan aging-timeout. Console (config)# voice vlan aging-timeout minutes voice vlan enable The voice vlan enable Interface Configuration mode command enables automatic Voice VLAN configuration for a port.
voice vlan secure Use the voice vlan secure Interface Configuration command to configure the secure mode for the Voice VLAN. Use the no form of this command to disable the secure mode. Syntax • voice vlan secure • no voice vlan secure Default Configuration Not secured.
Page 474
Default Configuration Description 0001e3 Siemens_AG_phone 00036b Cisco_phone 000fe2 H3C_Aolynk 0060b9 Philips_and_NEC_AG_ph 00d01e Pingtel_phone 00e075 Polycom/Veritel_phone 00e0bb 3Com_phone Command Mode EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the Voice VLAN configuration. Console # show voice vlan Aging timeout: 1440 minutes OUI table...
Web Server ip http server The ip http server Global Configuration mode command enables the device to be configured from a browser. Use the no form of this command to disable this function. Syntax • ip http server • no ip http server Default Configuration HTTP server is disabled by default.
Default Configuration This default port number is 80. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. However, specifying 0 as the port number will effectively disable HTTP access to the device. Example The following example shows how the http port number is configured to 100.
Example The following example the interval the system waits for user input before automatically loging off to 3 minutes 30 seconds. Console (config)# ip http exec-timeout 3 30 ip https server The ip https server Global Configuration mode command enables the device to be configured from a secured browser.
Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example configures the https port number to 100. Console (config)# ip https port 100 ip https exec-timeout The ip https exec-timeout Global Configuration mode command sets the interval the system waits for user input before automatically loging off.
Example The following example regenerates a HTTPS certificate. Console(config)# crypto certificate generate key-generate crypto certificate request The crypto certificate request Privileged EXEC mode command generates and displays certificate requests for HTTPS. Syntax • crypto certificate number request common- name [or organization] [loc location] [st state] [cu country] •...
Examples The following example generates and displays a certificate request for HTTPS. Console# crypto certificate 1 request -----BEGIN CERTIFICATE REQUEST----- MIwTCCASoCAQAwYjELMAkGA1UEBhMCUFAxCzAJBgNVBAgTAkNDMQswCQYDVQQH EwRDEMMAoGA1UEChMDZGxkMQwwCgYDVQQLEwNkbGQxCzAJBgNVBAMTAmxkMRAw DgKoZIhvcNAQkBFgFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ecwQ HdML0831i0fh/F0MV/Kib6Sz5p+3nUUenbfHp/igVPmFM+1nbqTDekb2ymCu6K aKvEbVLF9F2LmM7VPjDBb9bb4jnxkvwW/wzDLvW2rsy5NPmH1QVl+8Ubx3GyCm /oW93BSOFwxwEsP58kf+sPYPy+/8wwmoNtDwIDAQABoB8wHQYJKoZIhvcNAQkH MRDjEyMwgICCAgICAICAgIMA0GCSqGSIb3DQEBBAUAA4GBAGb8UgIx7rB05m+2 m5ZZPhIwl8ARSPXwhVdJexFjbnmvcacqjPG8pIiRV6LkxryGF2bVU3jKEipcZa g+uNpyTkDt3ZVU72pjz/fa8TF0n3 -----END CERTIFICATE REQUEST----- CN= router.gm.com 0= General Motors C= US crypto certificate import The crypto certificate import Global Configuration mode command imports a certificate signed by Certification Authority for HTTPS.
Page 484
User Guidelines • Use this command to enter an external certificate (signed by Certification Authority) to the device. To end the session, enter a new line, enter "." (period) and add another new line. • The imported certificate must be based on a certificate request created by the crypto certificate request Privileged EXEC mode command.
ip https certificate The ip https certificate Global Configuration mode command configures the active certificate for HTTPS. Use the no form of this command to return to default. Syntax • ip https certificate number • no ip https certificate • number —...
Page 486
Example The following example imports the certificate and RSA keys. Console (config)# crypto certificate 1 import pkcs12 passphrase Bag Attributes localKeyID: 0C 75 81 77 5A 31 53 D1 FF 4E 26 BE 8D 4A FD 8B 22 9F 45 D4 subject=/C=us/ST= /L= /CN= /O= /OU= issuer= /C=us/ST= /L= /CN= /O= /OU= -----BEGIN CERTIFICATE-----...
show crypto certificate mycertificate The show crypto certificate mycertificate Privileged EXEC mode command allows you to view the SSL certificates of your device. Syntax • show crypto certificate mycertificate [number] • number — Specifies the certificate number. (Range: 1- 2) Default Configuration This command has no default configuration.
show ip http The show ip http Privileged EXEC mode command displays the HTTP server configuration. Syntax • show ip http Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the HTTP server configuration.
Page 489
Example The following example displays the HTTP server configuration. Console# show ip https HTTPS server enabled. Port: 443 Certificate 1 is active Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by: self-signed Valid from: 8/9/2003 to 8/9/2004...
802.1x Commands aaa authentication dot1x The aaa authentication dot1x Global Configuration mode command specifies one or more authentication, authorization, and accounting (AAA) methods for use to authenticate interfaces running IEEE 802.1X. Use the no form of this command to return to default. Syntax aaa authentication dot1x default method1 [method2...] •...
Examples The following example uses the aaa authentication dot1x default command with no authentication. Console (config)# aaa authentication dot1x default none dot1x system-auth-control The dot1x system-auth-control Global Configuration mode command enables 802.1x globally. Use the no form of this command to disable 802.1x globally. Syntax •...
Syntax • dot1x port-control {auto | force-authorized | force-unauthorized} • no dot1x port-control • auto — Enable 802.1X authentication on the interface and cause the port to transition to the authorized or unauthorized state based on the 802.1X authentication exchange between the switch and the client.
Default Configuration Periodic re-authentication is disabled. Command Mode Interface Configuration (Ethernet) mode. User Guidelines • It is recommended to use re-authentication because if re-authentication is not defined, once a port is authenticated, it will remain in this state until the port is down or a log-off message is sent by client. Examples The following example enables periodic re-authentication of the client.
User Guidelines • During the quiet period, the switch does not accept or initiate any authentication requests. • The default value of this command should only be changed to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. •...
Examples The following command sets the number of seconds that the switch waits for a response to an EAP - request/identity frame, to 3600 seconds. Console (config)# interface ethernet g8 Console (config-if)# dot1x timeout tx-period 3600 dot1x max-req The dot1x max-req Interface Configuration mode command sets the maximum number of times that the switch sends an Extensible Authentication Protocol (EAP) - request/identity frame (assuming that no response is received) to the client, before restarting the authentication process.
dot1x timeout supp-timeout The dot1x timeout supp-timeout Interface Configuration mode command sets the time for the retransmission of an Extensible Authentication Protocol (EAP)-request frame to the client. Use the no form of this command to return to the default setting. Syntax •...
Default Configuration 30 seconds for the retransmission of packets to authentication server. Command Mode Interface Configuration (Ethernet) mode. User Guidelines • There are no user guidelines for this command. Examples The following example sets the time for the retransmission of packets to the authentication server., to 3600 seconds.
Examples Console(config-if)# dot1x send-async-request-id Console(config-if)# show dot1x The show dot1x Privileged EXEC mode command displays 802.1X status for the switch or for the specified interface. Syntax • show dot1x [ethernet interface] • interface — The full syntax is: port. Default Configuration This command has no default configuration.
Page 501
Console# show dot1x ethernet g3 Interface Admin Mode Oper Mode Reauth Reauth Period Username Control Auto Unauthorized 3600 Clark State: held Quiet period: 60 Tx period: 30 Max req: 2 Login Time: n/a Last Authentication: n/a MAC Address: 00:08:78:32:98:78 Authentication Method: Remote Termination Cause: Supplicant logoff The following table describes the significant fields shown in the display: Field...
Login Time How long the user is logged in. Last Authentication Time since last authentication. Mac address The supplicant MAC address. Authentication Method The authentication method used to establish the session. Termination Cause The reason for the session termination. show dot1x users The show dot1x users Privileged EXEC mode command displays 802.1X users for the switch.
The following table describes the significant fields shown in the display. Field Description Username The User-Name representing the identity of the Supplicant. Login Time How long the user is logged in. Last Authentication Time since last authentication. Authentication Method The authentication method used to establish the session. Mac address The supplicant MAC address.
Page 504
Examples The following example displays 802.1X statistics for the specified interface. Switch# show dot1x statistics ethernet g1 EapolFramesRx: 11 EapolFramesTx: 12 EapolStartFramesRx: 1 EapolLogoffFramesRx: 1 EapolRespIdFramesRx: 3 EapolRespFramesRx: 6 EapolReqIdFramesTx: 3 EapolReqFramesTx: 6 InvalidEapolFramesRx: 0 EapLengthErrorFramesRx: 0 LastEapolFrameVersion: 1 LastEapolFrameSource: 0008.3b79.8787 The following table describes the significant fields shown in the display: Field Description...
EapLengthErrorFramesRx The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid. LastEapolFrameVersion The protocol version number carried in the most recently received EAPOL frame. LastEapolFrameSource The source MAC address carried carried in the most recently received EAPOL frame. ADVANCED FEATURES dot1x auth-not-req The dot1x auth-not-req VLAN Configuration mode command enables unauthorized users access to that...
dot1x multiple-hosts The dot1x multiple-hosts Interface Configuration mode command allows multiple hosts (clients) on an 802.1X-authorized port with the dot1x port-control Interface Configuration mode command set to auto. Use the no form of this command to return to the default setting. Syntax •...
Syntax • dot1x single-host-violation {forward | discard | discard-shutdown} [trap seconds] • no port dot1x single-host-violation • forward — Forward frames with source addresses not the supplicant address, but do not learn the address. • discard — Discard frames with source addresses not the supplicant address. •...
Command Mode Interface Configuration (VLAN) mode. User Guidelines • Use the dot1x guest-vlan enable Interface Configuration command to enable unauthorized users on an interface an access to the Guest VLAN. If the Guest VLAN is defined and enabled, the port automatically joins the Guest VLAN when the port is unauthorized, and leaves the Guest VLAN when the port becomes authorized.
dot1x mac-authentication The dot1x mac-authentication Interface Configuration mode command enables authentication based on the station’s MAC address. Use the no form of this command to disable MAC authentication. Syntax • dot1x mac-authentication {mac-only | mac-and-802.1x} • no dot1x mac-authentication • mac-only —...
Default Configuration This command has no default configuration. Command Mode Global configuration mode. User Guidelines • There are no user guidelines for this command. Example The following command enables sending traps when a MAC address was failed in authentication of the 802.1X MAC authentication access control.
• After successful authentication the port remains member in the unauthenticated VLANs and in the Guest VLAN. Other static VLAN configuration is not applied on the port. • If the supplicant VLAN does not exist on the switch, the supplicant is rejected. Examples The following command enables user-based VLAN assignment.
Page 512
Examples The following example displays 802.1X advanced features for the switch. Console# show dot1x advanced Guest VLAN: 100 Guest VLAN timeout Unauthenticated VLANs: Interface Multiple Guest Assignment Async-reqId Hosts VLAN Authentication ----- ------- ---- --------------- --------- ---------- Authenticate Enabled Disabled Enabled True Authenticate Disabled Disabled...