Page 1: Command Reference Guide
® 3Com Unified Gigabit Wireless PoE Switch 24 Command Reference Guide 3CRUS2475 www.3Com.com Part No. 10015248 Rev. AA Published October 2006...
Page 2 All other company and product names may be trademarks of the respective companies with which they are associated. ENVIRONMENTAL STATEMENT It is the policy of 3Com Corporation to be environmentally friendly in all operations. To uphold our policy, we are committed to: Establishing environmental performance standards that comply with national legislation and regulations.
Page 3: Table Of Contents
ONTENTS SING THE Overview CLI Command Modes Introduction User EXEC Mode Privileged EXEC Global Configuration Mode Interface Configuration and Specific Configuration Modes Starting the CLI Editing Features Entering Commands Terminal Command Buffer Negating the Effect of Commands Command Completion Nomenclature Keyboard Shortcuts CLI Command Conventions Copying and Pasting Text...
Page 4 ACL C OMMANDS ip access-list permit (ip) deny (IP) mac access-list permit (MAC) deny (MAC) service-acl show access-lists show interfaces access-lists DDRESS ABLE OMMANDS bridge address bridge multicast filtering bridge multicast address bridge multicast forbidden address bridge multicast forward-all bridge multicast forbidden forward-all bridge aging-time clear bridge port security...
Page 5 description speed duplex negotiation flowcontrol mdix clear counters set interface active show interfaces advertise show interfaces configuration show interfaces status show interfaces description show interfaces counters port storm-control include-multicast (GC) port storm-control include-multicast (IC) port storm-control broadcast enable port storm-control broadcast rate show ports storm-control OMMANDS line...
Page 6 HANNEL OMMANDS interface port-channel interface range port-channel channel-group show interfaces port-channel OMMANDS show qos class-map show class-map match policy-map class show policy-map trust cos-dscp police service-policy qos aggregate-policer show qos aggregate-policer police aggregate wrr-queue cos-map wrr-queue bandwidth priority-queue out num-of-queues traffic-shape rate-limit interface configuration show qos interface...
Page 7 security-suite dos protect security-suite deny martian-addresses LOCK OMMANDS clock set clock source clock timezone clock summer-time sntp authentication-key sntp authenticate sntp trusted-key sntp client poll timer sntp anycast client enable sntp client enable (Interface) sntp unicast client enable sntp unicast client poll sntp server show clock show sntp configuration...
Page 8 IGMP S NOOPING OMMANDS ip igmp snooping (Global) ip igmp snooping (Interface) ip igmp snooping mrouter learn-pim-dvmrp ip igmp snooping host-time-out ip igmp snooping mrouter-time-out ip igmp snooping leave-time-out show ip igmp snooping mrouter show ip igmp snooping interface show ip igmp snooping groups LACP C OMMANDS lacp system-priority...
Page 9 spanning-tree cost spanning-tree port-priority spanning-tree portfast spanning-tree link-type spanning-tree pathcost method spanning-tree bpdu clear spanning-tree detected-protocols spanning-tree mst priority spanning-tree mst max-hops spanning-tree mst port-priority spanning-tree mst cost spanning-tree mst configuration instance (mst) name (mst) revision (mst) show (mst) exit (mst) abort (mst) spanning-tree guard root show spanning-tree...
Page 10 show radius-servers ONITOR OMMANDS port monitor show ports monitor SNMP C OMMANDS snmp-server community snmp-server view snmp-server group snmp-server user snmp-server engineID local snmp-server enable traps snmp-server filter snmp-server host snmp-server v3-host snmp-server trap authentication snmp-server contact snmp-server location snmp-server set show snmp show snmp engineid show snmp views...
Page 11 show arp ip domain-name ip name-server ACL C ANAGEMENT OMMANDS management access-list permit (Management) deny (Management) management access-class show management access-list show management access-class AP C IRELESS OGUE OMMANDS rogue-detect enable (Radio) rogue-detect rogue-scan-interval wlan rogue-detect rogue-ap clear wlan rogue-ap show wlan rogue-aps configuration show wlan rogue-aps list show wlan rogue-aps neighborhood...
Page 12 wpa2 pre-authentication show wlan ess show wlan ess mac-filtering lists show wlan ess counters AP G IRELESS ENERAL clear wlan ap wlan ap active wlan ap key wlan ap config name tunnel priority wan enable interface ethernet vlan allowed vlan native wlan template ap configure set wlan copy show wlan aps...
Page 13 show crypto key pubkey-chain ssh ERVER OMMANDS ip http server ip http port ip http exec-timeout ip https server ip https port crypto certificate generate crypto certificate request crypto certificate import ip https certificate show crypto certificate mycertificate show ip http show ip https TACACS+ C OMMANDS...
Page 14 show logging show logging file show syslog-servers AP BSS C IRELESS OMMANDS bss enable advertise-ssid data-rates YSTEM ANAGEMENT ping traceroute telnet resume reload hostname show users show sessions show system show version service cpu-utilization show cpu utilization NTERFACE OMMANDS enable disable login configure...
Page 15 show history show privilege GVRP C OMMANDS gvrp enable (Global) gvrp enable (Interface) garp timer gvrp vlan-creation-forbid gvrp registration-forbid clear gvrp statistics show gvrp configuration show gvrp statistics show gvrp error-statistics VLAN C OMMANDS vlan database vlan interface vlan interface range vlan name switchport access vlan switchport trunk allowed vlan...
Page 16 dot1x port-control dot1x re-authentication dot1x timeout re-authperiod dot1x re-authenticate dot1x timeout quiet-period dot1x timeout tx-period dot1x max-req dot1x timeout supp-timeout dot1x timeout server-timeout show dot1x show dot1x users show dot1x statistics dot1x auth-not-req dot1x multiple-hosts dot1x single-host-violation dot1x guest-vlan dot1x guest-vlan enable show dot1x advanced AP R IRELESS...
Page 17 wlan tx-power auto signal-loss wlan station idle-timeout clear wlan station show wlan show wlan auto-tx-power show wlan logging configuration show wlan stations show wlan stations counters ROUBLESHOOTING Problem Management Troubleshooting Solutions...
Page 19: Using The Cli
Overview This document describes the Command Line Interface (CLI) used to manage the 3Com Unified Gigabit Wireless PoE switch. Most of the CLI commands are applicable to all devices. This chapter describes how to start using the CLI and the CLI command editing features.
Page 20: User Exec Mode
1: U HAPTER SING THE User EXEC Mode After logging into the device, the user is automatically in User EXEC command mode unless the user is defined as a privileged user. In general, the User EXEC commands allow the user to perform basic tests, and list system information.
Page 21: Global Configuration Mode
Global Configuration Global Configuration mode commands apply to features that affect the Mode system as a whole, rather than just a specific interface. The configure Privileged EXEC mode command is used to enter the Global Configuration mode. To enter the Global Configuration mode perform the following steps: 1 At the Privileged EXEC mode prompt, enter the configure command and press <Enter>.
Page 22: Starting The Cli
1: U HAPTER SING THE ■ ■ ■ ■ ■ Starting the CLI The device can be managed over a direct connection to the device console port or via a Telnet connection. The device is managed by entering command keywords and parameters at the prompt. Using the device command-line interface (CLI) is very similar to entering commands on a UNIX system.
Page 23: Editing Features
To start using the CLI, perform the following steps: 1 Connect the DB9 null-modem or cross over cable to the RS-232 serial port of the device to the RS-232 serial port of the terminal or computer running the terminal emulation application. a Set the data format to 8 data bits, 1 stop bit, and no parity.
Page 24: Terminal Command Buffer
1: U HAPTER SING THE To enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter: Console(config)# username admin password alansmith When working with the CLI, the command options are not displayed. The command is not selected from a menu, but is manually entered.
Page 25: Negating The Effect Of Commands
Up-arrow key Ctrl+P Down-arrow key By default, the history buffer system is enabled, but it can be disabled at any time. For information about the command syntax to enable or disable the history buffer, see history. There is a standard default number of commands that are stored in the buffer.
Page 26: Keyboard Shortcuts
1: U HAPTER SING THE The ports may be described on an individual basis or within a range. Use format port number-port number to specify a set of consecutive ports and port number, port number to indicates a set of non-consecutive ports.
Page 27: Cli Command Conventions
CLI Command Conventions When entering commands there are certain command entry standards that apply to all commands. The following table describes the command conventions. Copying and Pasting Up to 1000 lines of text (or commands) can be copied and pasted into Text the device.
Page 28 1: U HAPTER SING THE ■ ■ A device Configuration mode has been accessed. The commands contain no encrypted data, like encrypted passwords or keys. Encrypted data cannot be copied and pasted into the device.
Page 29: Aaa C
AAA C aaa authentication The aaa authentication login Global Configuration mode command login defines login authentication. To restore defaults, use the no form of this command. Syntax aaa authentication login {default | list-name} method1 [method2...] no aaa authentication login {default | list-name} Parameters ■...
Page 30: Aaa Authentication Enable
2: AAA C HAPTER OMMANDS On the console, login succeeds without any authentication check if the authentication method is not defined. Command Mode Global Configuration mode User Guidelines The default and optional list names created with the aaa authentication login command are used with the login authentication command. Create a list by entering the aaa authentication login list-name method command for a particular protocol, where list-name is any character string used to name this list.
Page 31 list-name — Character string used to name the list of authentication ■ methods activated, when using access higher privilege levels. (Range: 1-12 characters) method1 [method2...] — Specify at least one method from the ■ following list: Keyword Description enableT Uses the enable password for authentication. line Uses the line password for authentication.
Page 32: Login Authentication
2: AAA C HAPTER OMMANDS The following example sets the enable password for authentication when accessing higher privilege levels. login The login authentication Line Configuration mode command specifies authentication the login authentication method list for a remote telnet or console. To restore the default configuration specified by the aaa authentication login command, use the no form of this command.
Page 33: Enable Authentication
enable The enable authentication Line Configuration mode command authentication specifies the authentication method list when accessing a higher privilege level from a remote Telnet or console. To restore the default configuration specified by the aaa authentication enable command, use the no form of this command.
Page 34: Ip Https Authentication
2: AAA C HAPTER OMMANDS Syntax ip http authentication method1 [method2...] no ip http authentication Parameters ■ Default Configuration The local user database is checked. This has the same effect as the command ip http authentication local. Command Mode Global Configuration mode User Guidelines The additional methods of authentication are used only if the previous method returns an error, not if it fails.
Page 35: Show Authentication Methods
Syntax ip https authentication method1 [method2...] no ip https authentication Parameters ■ Default Configuration The local user database is checked. This has the same effect as the command ip https authentication local. Command Mode Global Configuration mode User Guidelines The additional methods of authentication are used only if the previous method returns an error, not if it fails.
Page 36: Default Configuration
2: AAA C HAPTER OMMANDS Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the authentication configuration. Console# show authentication methods Login Authentication Method Lists --------------------------------- Default: Local...
Page 37: Password
password The password Line Configuration mode command specifies a password on a line. To remove the password, use the no form of this command. Syntax password password [encrypted] no password Parameters ■ ■ Default Configuration No password is defined. Command Mode Line Configuration mode User Guidelines If a password is defined as encrypted, the required password length is 32...
Page 38: Username
2: AAA C HAPTER OMMANDS Parameters ■ ■ ■ Default Configuration No enable password is defined. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example sets a local level 15 password called ‘secret’ to control access to user and privilege levels.
Page 39 encrypted — Encrypted password entered, copied from another ■ device configuration. Default Configuration No user is defined. Command Mode Global Configuration mode User Guidelines User account can be created without a password. Example The following example configures user called bob with password ‘lee’ and user level 15 to the system.
Page 40 2: AAA C HAPTER OMMANDS...
Page 41: Ip Access-List
ACL C ip access-list The ip access-list Global Configuration mode command enables the IP-Access Configuration mode and creates Layer 3 ACLs. To delete an ACL, use the no form of this command. Syntax ip access-list name no ip access-list name Parameters ■...
Page 42 3: ACL C HAPTER OMMANDS Syntax permit {any | protocol} {any | {source source-wildcard}} {any | {destination destination-wildcard}} [dscp dscp number | ip-precedence ip-precedence] permit-icmp {any | {source source-wildcard}} {any | {destination destination-wildcard}} {any | icmp-type} {any | icmp-code} [dscp number | ip-precedence number] permit-igmp {any | {source source-wildcard}} {any | {destination destination-wildcard}} {any | igmp-type} [dscp number | ip-precedence...
Page 43 The following table lists the protocols that can be specified: IP Protocol Internet Control Message Protocol Internet Group Management Protocol IP in IP (encapsulation) Protocol Transmission Control Protocol Exterior Gateway Protocol Interior Gateway Protocol User Datagram Protocol Host Monitoring Protocol Reliable Data Protocol Inter-Domain Policy Routing Protocol Ipv6 protocol...
Page 44 3: ACL C HAPTER OMMANDS ■ ■ ■ ■ ■ Default Configuration No IPv4 ACL is defined. Command Mode IP-Access List Configuration mode User Guidelines Use the ip access-list Global Configuration mode command to enable the IP-Access List Configuration mode. Before an Access Control Element (ACE) is added to an ACL, all packets are permitted.
Page 45: Deny (Ip)
Example The following example shows how to define a permit statement for an IP ACL. deny (IP) The deny IP-Access List Configuration mode command denies traffic if the conditions defined in the deny statement match. Syntax deny [disable-port] {any | protocol} {any | {source source-wildcard}} {any | {destination destination-wildcard}} [dscp dscp number | ip-precedence ip-precedence] deny-icmp...
Page 46 3: ACL C HAPTER OMMANDS ■ ■ IP Protocol Internet Control Message Protocol Internet Group Management Protocol IP in IP (encapsulation) Protocol Transmission Control Protocol Exterior Gateway Protocol Interior Gateway Protocol User Datagram Protocol Host Monitoring Protocol Reliable Data Protocol Inter-Domain Policy Routing Protocol Ipv6 protocol Routing Header for IPv6...
Page 47: Mac Access-List
Default Configuration This command has no default configuration Command Mode IP-Access List Configuration mode User Guidelines Use the ip access-list Global Configuration mode command to enable the IP-Access List Configuration mode. Before an Access Control Element (ACE) is added to an ACL, all packets are permitted.
Page 48: Permit (Mac)
3: ACL C HAPTER OMMANDS User Guidelines There are no user guidelines for this command. Example The following example shows how to create a MAC ACL. permit (MAC) The permit MAC-Access List Configuration mode command defines permit conditions of an MAC ACL. Syntax permit {any | {host source source-wildcard} any | {destination destination-wildcard}} [vlan vlan-id] [cos cos cos-wildcard] [ethtype...
Page 49: Deny (Mac)
User Guidelines Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied.
Page 50: Service-Acl
3: ACL C HAPTER OMMANDS ■ ■ Default Configuration This command has no default configuration. Command Mode MAC-Access List Configuration mode User Guidelines MAC BPDU packets cannot be denied. This command defines an Access Control Element (ACE). An ACE can only be removed by deleting the ACL, using the no mac access-list Global Configuration mode command.
Page 51: Show Access-Lists
Parameters ■ Default Configuration This command has no default configuration. Command Mode Interface (Ethernet, port-channel) Configuration mode. User Guidelines In advanced mode, when an ACL is bound to an interface, the port trust mode is set to trust 12-13 and not to 12. Example The following example binds (services) an ACL to VLAN 2.
Page 52: Show Interfaces Access-Lists
3: ACL C HAPTER OMMANDS Example The following example displays access lists defined on a device. show interfaces The show interfaces access-lists Privileged EXEC mode command access-lists displays access lists applied on interfaces. Syntax show interfaces access-lists [ethernet interface | port-channel port-channel-number] Parameters ■...
Page 53 Example The following example displays ACLs applied to the interfaces of a device: Console# show interfaces access-lists Interface --------- show interfaces access-lists Input ACL --------- ACL1 ACL3...
Page 54 3: ACL C HAPTER OMMANDS...
Page 55: Address Table
bridge address The bridge address Interface Configuration (VLAN) mode command adds a MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of this command. Syntax bridge address mac-address {ethernet interface | port-channel port-channel-number} [permanent | delete-on-reset | delete-on-timeout | secure] no bridge address [mac-address]...
Page 56: Bridge Multicast Filtering
4: A HAPTER DDRESS ABLE Command Mode Interface Configuration (VLAN) mode User Guidelines Using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN). Example The following example adds a permanent static MAC-layer station source address 3aa2.64b3.a245 on port 1 to the bridge table.
Page 57: Bridge Multicast Address
If multicast devices exist on the VLAN and IGMP-snooping is not enabled, the bridge multicast forward-all command should be used to enable forwarding all multicast packets to the multicast switches. Example In the folowing example, bridge multicast filtering is enabled. bridge multicast The bridge multicast address Interface Configuration (VLAN) mode address...
Page 58: Bridge Multicast Forbidden Address
4: A HAPTER DDRESS ABLE Default Configuration No multicast addresses are defined. Command Mode Interface Configuration (VLAN) mode User Guidelines If the command is executed without add or remove, the command only registers the group in the bridge database. Static multicast addresses can only be defined on static VLANs. Example The following example registers the MAC address: The following example registers the MAC address and adds ports...
Page 59: Bridge Multicast Forward-All
Parameters ■ ■ ■ ■ ■ ■ Default Configuration No forbidden addresses are defined. Command Modes Interface Configuration (VLAN) mode User Guidelines Before defining forbidden ports, the multicast group should be registered. Example In this example, MAC address 0100.5e02.0203 is forbidden on port g9 within VLAN 8.
Page 60: Bridge Multicast Forbidden Forward-All
4: A HAPTER DDRESS ABLE Syntax bridge multicast forward-all {add | remove} {ethernet interface-list | port-channel port-channel-number-list} no bridge multicast forward-all Parameters ■ ■ ■ ■ Default Configuration This setting is disabled. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command.
Page 61 Syntax bridge multicast forbidden forward-all {add | remove} {ethernet interface-list | port-channel port-channel-number-list} no bridge multicast forbidden forward-all Parameters add — Forbids forwarding all multicast packets. ■ remove — Does not forbid forwarding all multicast packets. ■ interface-list — Separates nonconsecutive Ethernet ports with a ■...
Page 62: Bridge Aging-Time
4: A HAPTER DDRESS ABLE bridge aging-time The bridge aging-time Global Configuration mode command sets the address table aging time. To restore the default configuration, use the no form of this command. Syntax bridge aging-time seconds no bridge aging-time Parameters ■...
Page 63: Port Security
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example In the following example, the bridge tables are cleared. port security The port security Interface Configuration mode command locks the port to block unknown traffic and prevent the port from learning new addresses.
Page 64: Port Security Mode
4: A HAPTER DDRESS ABLE Default Configuration This setting is disabled. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example In this example, port g1 forwards all packets without learning addresses of packets from unknown sources and sends traps every 100 seconds if a packet with an unknown source address is received.
Page 65: Port Security Routed Secure-Address
Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example In this example, port security mode is set to dynamic for Ethernet interface g7. port security routed The port security routed secure-address Interface Configuration secure-address (Ethernet, port-channel) mode command adds a MAC-layer secure address to a routed port.
Page 66: Show Bridge Address-Table
4: A HAPTER DDRESS ABLE The command enables adding secure MAC addresses to a routed port in port security mode. The command is available when the port is a routed port and in port security mode. The address is deleted if the port exits the security mode or is not a routed port.
Page 67: Show Bridge Address-Table Static
User Guidelines Internal usage VLANs (VLANs that are automatically allocated on ports with a defined Layer 3 interface) are presented in the VLAN column by a port number and not by a VLAN ID. "Special" MAC addresses that were not statically defined or dynamically learned are displayed in the MAC address table.
Page 68: Show Bridge Address-Table Count
4: A HAPTER DDRESS ABLE Parameters \ ■ ■ ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example In this example, all static entries in the bridge-forwarding database are displayed.
Page 69 Syntax show bridge address-table count [vlan vlan] [ethernet interface-number | port-channel port-channel-number] Parameters vlan — Specifies a valid VLAN, such as VLAN 1. ■ interface — A valid Ethernet port. ■ port-channel-number — A valid port-channel number. ■ Default Configuration This command has no default configuration.
Page 70: Show Bridge Multicast Address-Table
4: A HAPTER DDRESS ABLE show bridge The show bridge multicast address-table Privileged EXEC mode multicast command displays multicast MAC address or IP address table address-table information. Syntax show bridge multicast address-table [vlan vlan-id] [address mac-multicast-address | ip-multicast-address] [format ip | format mac] Parameters ■...
Page 71 01:00:5e:02:02 00:00:5e:02:02 Forbidden ports for multicast addresses: Vlan MAC Address ---- -------------- 01:00:5e:02:02 01:00:5e:02:02 Console# show bridge multicast address-table format ip Vlan IP/MAC Address ---- -------------- 224-239.130|2. 224-239.130|2. 224-239.130|2. Forbidden ports for multicast addresses: Vlan IP/MAC Address ---- -------------- 224-239.130|2. 224-239.130|2.
Page 72: Show Bridge Multicast Filtering
4: A HAPTER DDRESS ABLE show bridge The show bridge multicast filtering Privileged EXEC mode command multicast filtering displays the multicast filtering configuration. Syntax show bridge multicast filtering vlan-id Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 73: Show Ports Security
show ports security The show ports security Privileged EXEC mode command displays the port-lock status. Syntax show ports security [ethernet interface | port-channel port-channel-number] Parameters ■ ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 74: Show Ports Security Addresses
4: A HAPTER DDRESS ABLE The following table describes the fields shown above. Field Port Status Learning Action Maximum Trap Frequency show ports security The show ports security addresses Privileged EXEC mode command addresses displays the current dynamic addresses in locked ports. Syntax show ports security addresses [ethernet interface | port-channel port-channel-number]...
Page 75: User Guidelines
User Guidelines There are no user guidelines for this command. Example This example displays dynamic addresses in all currently locked ports. Console# show ports security addresses Port Status ---- -------- Disabled Disabled Enabled Port is a member in port-channel ch1 Disabled Enabled Enabled...
Page 76 4: A HAPTER DDRESS ABLE OMMANDS...
Page 77: Ethernet Configuration Commands
interface ethernet The interface ethernet Global Configuration mode command enters the interface configuration mode to configure an Ethernet type interface. Syntax interface ethernet interface Parameters ■ Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Page 78: Shutdown
5: E HAPTER THERNET Parameters ■ ■ Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces.
Page 79: Description
Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example disables Ethernet port g5 operations. The following example restarts the disabled Ethernet port. description The description Interface Configuration (Ethernet, port-channel) mode command adds a description to an interface.
Page 80: Speed
5: E HAPTER THERNET Example The following example adds a description to Ethernet port g5. speed The speed Interface Configuration (Ethernet, port-channel) mode command configures the speed of a given Ethernet interface when not using auto-negotiation. To restore the default configuration, use the no form of this command.
Page 81: Duplex
duplex The duplex Interface Configuration (Ethernet) mode command configures the full/half duplex operation of a given Ethernet interface when not using auto-negotiation. To restore the default configuration, use the no form of this command. Syntax duplex {half | full} Parameters ■...
Page 82: Flowcontrol
5: E HAPTER THERNET Syntax negotiation [capability1 [capability2…capability5]] no negotiation Parameters ■ Default Configuration Auto-negotiation is enabled. If unspecified, the default setting is to enable all capabilities of the port. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines If capabilities were specified when auto-negotiation was previously entered, not specifying capabilities when currently entering auto-negotiation overrides the previous configuration and enables all capabilities.
Page 83: Mdix
Parameters ■ ■ ■ Default Configuration Flow control is off. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines Negotiation should be enabled for flow control auto. Example In the following example, flow control is enabled on port 1. mdix The mdix Interface Configuration (Ethernet) mode command enables cable crossover on a given interface.
Page 84: Clear Counters
5: E HAPTER THERNET User Guidelines Auto: All possibilities to connect a PC with cross or normal cables are supported and are automatically detected. On: It is possible to connect to a PC only with a normal cable and to connect to another device only with a cross cable.
Page 85: Set Interface Active
Example In the following example, the counters for interface 1 are cleared. set interface active The set interface active Privileged EXEC mode command reactivates an interface that was shutdown. Syntax set interface active {ethernet interface | port-channel port-channel-number} Parameters ■ ■...
Page 86 5: E HAPTER THERNET ONFIGURATION Syntax show interfaces advertise [ethernet interface | port-channel port-channel-number] Parameters ■ ■ Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays auto-negotiation information.
Page 87: Show Interfaces Configuration
show interfaces The show interfaces configuration Privileged EXEC mode command configuration displays the configuration for all configured interfaces. Syntax show interfaces configuration [ethernet interface | port-channel port-channel-number] Parameters ■ ■ Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 88: Show Interfaces Status
5: E HAPTER THERNET show interfaces The show interfaces status Privileged EXEC mode command displays status the status of all configured interfaces. ONFIGURATION OMMANDS ---- ---- ---- ---- ---- 100M Full -Cop 100M Full -Cop 100M Full -Cop 100M Full -Cop 100M Full...
Page 89 Syntax show interfaces status [ethernet interface| port-channel port-channel-number |] Parameters interface — A valid Ethernet port. Elana ■ port-channel-number — A valid port-channel number. ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 90: Show Interfaces Description
5: E HAPTER THERNET show interfaces The show interfaces description Privileged EXEC mode command description displays the description for all configured interfaces. Syntax show interfaces description [ethernet interface | port-channel port-channel-number] Parameters ■ ■ ONFIGURATION OMMANDS 100M -Cop 100M Full -Cop 100M -Cop...
Page 91: Show Interfaces Counters
Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays descriptions of configured interfaces. show interfaces The show interfaces counters Privileged EXEC mode command displays counters traffic seen by the physical interface.
Page 92: Command Modes
5: E HAPTER THERNET ONFIGURATION Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays traffic seen by the physical interface. Console# show interfaces counters Port ---- Port...
Page 93 OutOctets --------- 23739 The following table describes the fields shown in the display. Console# show interfaces counters ethernet 1 Port InOctets ------ ----------- 183892 Port OutOctets ------ ----------- 9188 FCS Errors: 0 Single Collision Frames: 0 Late Collisions: 0 Excessive Collisions: 0 Oversize Packets: 0 Internal MAC Rx Errors: 0 Received Pause Frames: 0...
Page 94: Port Storm-Control Include-Multicast (Gc)
5: E HAPTER THERNET port storm-control The port storm-control include-multicast Interface Configuration include-multicast mode command enables counting multicast packets in the port (GC) storm-control broadcast rate command. To disable counting multicast packets, use the no form of this command. Syntax port storm-control include-multicast no port storm-control include-multicast Default Configuration...
Page 95: Port Storm-Control Include-Multicast (Ic)
User Guidelines To control multicasts storms, use the port storm-control broadcast enable and port storm-control broadcast rate commands. Example The following example enables counting multicast packets. port storm-control The port storm-control include-multicast Interface Configuration include-multicast (Ethernet) mode command counts multicast packets in broadcast storm (IC) control.
Page 96: Port Storm-Control Broadcast Enable
5: E HAPTER THERNET Example The following example enables counting broadcast and multicast packets on Ethernet port 2. port storm-control The port storm-control broadcast enable Interface Configuration broadcast enable (Ethernet) mode command enables broadcast storm control. To disable broadcast storm control, use the no form of this command. Syntax port storm-control broadcast enable no port storm-control broadcast enable...
Page 97: Port Storm-Control Broadcast Rate
port storm-control The port storm-control broadcast rate Interface Configuration broadcast rate (Ethernet) mode command configures the maximum broadcast rate. To restore the default configuration, use the no form of this command. Syntax port storm-control broadcast rate rate no port storm-control broadcast rate Parameters ■...
Page 98 5: E HAPTER THERNET ONFIGURATION Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the storm control configuration. Console# show ports storm-control Port ---- OMMANDS...
Page 99: Line
line The line Global Configuration mode command identifies a specific line for configuration and enters the Line Configuration command mode. Syntax line {console | telnet | ssh} Parameters ■ ■ ■ Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Page 100: Autobaud
6: L HAPTER OMMANDS Syntax speed bps Parameters ■ Default Configuration The default speed is 19200 bps. Command Mode Line Configuration (console) mode User Guidelines This command is available only on the line console. The configured speed is applied when Autobaud is disabled. This configuration applies only to the current session.
Page 101: Exec-Timeout
User Guidelines This command is available only on the line console. To start communication using Autobaud , press <Enter> twice. This configuration applies only to the current session. Example The following example enables autobaud.l exec-timeout The exec-timeout Line Configuration mode command sets the interval that the system waits until user input is detected.
Page 102: History
6: L HAPTER OMMANDS Example The following example configures the interval that the system waits until user input is detected to 20 minutes. history The history Line Configuration mode command enables the command history function. To disable the command history function, use the no form of this command.
Page 103: Terminal History
Syntax history size number-of-commands no history size Parameters ■ Default Configuration The default history buffer size is 10. Command Mode Line Configuration mode User Guidelines This command configures the command history buffer size for a particular line. To configure the command history buffer size for the current terminal session, use the terminal history size User EXEC mode command.
Page 104: Terminal History Size
6: L HAPTER OMMANDS Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example disables the command history function for the current terminal session. terminal history The terminal history size User EXEC mode command configures the size command history buffer size for the current terminal session.
Page 105: Show Line
Example The following example configures the command history buffer size to 20 commands for the current terminal session. show line The show line Privileged EXEC mode command displays line parameters. Syntax show line [console | telnet | ssh] Parameters ■ ■...
Page 106 6: L HAPTER OMMANDS Telnet configuration: SSH configuration: Parity: none Stopbits: 1 Interactive timeout: 10 minutes 10 seconds History: 10 Interactive timeout: 10 minutes 10 seconds History: 10...
Page 107: Phy Diagnostics
PHY D IAGNOSTICS OMMANDS test copper-port tdr The test copper-port tdr Privileged EXEC mode command uses Time Domain Reflectometry (TDR) technology to diagnose the quality and characteristics of a copper cable attached to a port. Syntax test copper-port tdr interface Parameters interface —...
Page 108: Show Copper-Ports Tdr
7: PHY D HAPTER IAGNOSTICS Example The following example results in a report on the cable attached to port show copper-ports The show copper-ports tdr Privileged EXEC mode command displays information on the last Time Domain Reflectometry (TDR) test performed on copper ports.
Page 109: Show Copper-Ports Cable-Length
show copper-ports The show copper-ports cable-length Privileged EXEC mode command cable-length displays the estimated copper cable length attached to a port. Syntax show copper-ports cable-length [interface] Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines The port must be active and working in 1000M mode.
Page 110: Show Fiber-Ports Optical-Transceiver
7: PHY D HAPTER IAGNOSTICS Example The following example displays the estimated copper cable length attached to all ports. show fiber-ports The show fiber-ports optical-transceiver Privileged EXEC mode optical-transceiver command displays the optical transceiver diagnostics. Syntax show fiber-ports optical-transceiver [interface] [detailed] Parameters ■...
Page 111 Example The following example displays the optical transceiver diagnostics results. Console# show fiber-ports optical-transceiver 21 Port Temp Volta ---- ---- ----- Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage. Current – Measured TX bias current. Output Power – Measured TX output power in milliWatts. Input Power –...
Page 112 7: PHY D HAPTER IAGNOSTICS OMMANDS Console# show fiber-ports optical-transceiver 21 detailed Port Temp Voltage [Volt] ---- ---- ------- 3.35 Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage. Current – Measured TX bias current. Output Power – Measured TX output power in milliWatts. Input Power –...
Page 113: Interface Port-Channel
interface The interface port-channel Global Configuration mode command port-channel enters the Global Configuration mode to configure a specific port-channel. Syntax interface port-channel port-channel-number Parameters ■ Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Eight aggregated links can be defined with up to eight member ports per port-channel.
Page 114: Channel-Group
8: P HAPTER HANNEL Syntax interface range port-channel {port-channel-range | all} Parameters ■ ■ Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each interface in the range. Example The following example groups port-channels 1, 2 and 6 to receive the same command.
Page 115: Show Interfaces Port-Channel
■ Default Configuration The port is not assigned to a port-channel. Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example forces port 1 to join port-channel 1 without an LACP operation.
Page 116 8: P HAPTER HANNEL The following example displays information on all port-channels. OMMANDS Console# show interfaces port-channel Channel ------- Ports ------------------------------- Active: g1, g2 Active: g2, g7 Inactive: g1 Active: g3, g8...
Page 117: Qos
The qos Global Configuration mode command enables quality of service (QoS) on the device. To disable QoS on the device, use the no form of this command. Syntax qos [basic | advanced ] no qos Parameters ■ ■ Default Configuration The QoS basic mode is enabled.
Page 118: Show Qos
9: Q HAPTER OMMANDS show qos The show qos Privileged EXEC mode command displays the quality of service (QoS) mode for the device. Syntax show qos Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines Trust mode is displayed if QoS is enabled in basic mode.
Page 119 match-any — Checks that the packet matches one or more ■ classification criteria in the class map match statement. Default Configuration By default, the match-all parameter is selected. Command Mode Global Configuration mode User Guidelines The class-map Global Configuration mode command is used to define packet classification, marking and aggregate policing as part of a globally named service policy applied on a per-interface basis.
Page 120: Show Class-Map
9: Q HAPTER OMMANDS show class-map The show class-map Privileged EXEC mode command displays all class maps. Syntax show class-map [class-map-name] Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows the class map for class1.
Page 121: Policy-Map
Default Configuration No match criterion is supported. Command Mode Class-map Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example defines the match criterion for classifying traffic as an access group called ‘enterprise’ in a class map called ‘class1’. policy-map The policy-map Global Configuration mode command creates a policy map and enters the Policy-map Configuration mode.
Page 122: Class
9: Q HAPTER OMMANDS Configuration and match Class-map Configuration commands to define the match criteria of a class. Only one policy map per interface per direction is supported. A policy map can be applied to multiple interfaces and directions. Example The following example creates a policy map called ‘policy1’...
Page 123: Show Policy-Map
Use the service-policy (Ethernet, Port-channel) Interface Configuration mode command to attach a policy map to an interface. Use an existing class map to attach classification criteria to the specified policy map and use the access-group parameter to modify the classification criteria of the class map.
Page 124: Trust Cos-Dscp
9: Q HAPTER OMMANDS Example The following example displays all policy maps. trust cos-dscp The trust cos-dscp Policy-map Class Configuration mode command configures the trust state. The trust state determines the source of the internal DSCP value used by Quality of Service (QoS). To restore the default configuration, use the no form of this command.
Page 125: Set
Example The following example configures the trust state for a class called ‘class1’ in a policy map called ‘policy1’. The set Policy-map Class Configuration mode command sets new values in the IP packet. Syntax set {dscp new-dscp | queue queue-id | cos new-cos} no set Parameters ■...
Page 126: Police
9: Q HAPTER OMMANDS To return to the Policy-map Configuration mode, use the exit command. To return to the Privileged EXEC mode, use the end command. Example The following example sets the DSCP value in the packet to 56 for classes in policy map called ‘policy1’.
Page 127: Service-Policy
User Guidelines Policing uses a token bucket algorithm. CIR represents the speed with which the token is removed from the bucket. CBS represents the depth of the bucket. Example The following example defines a policer for classified traffic. When the traffic rate exceeds 124,000 bps or the normal burst size exceeds 96000 bps, the packet is dropped.
Page 128: Qos Aggregate-Policer
9: Q HAPTER OMMANDS Example The following example attaches a policy map called ‘policy1’ to the input interface. The qos aggregate-policer Global Configuration mode command aggregate-policer defines the policer parameters that can be applied to multiple traffic classes within the same policy map. To remove an existing aggregate policer, use the no form of this command.
Page 129: Show Qos Aggregate-Policer
Define an aggregate policer if the policer is shared with multiple classes. Policers in one port cannot be shared with other policers in another device; traffic from two different ports can be aggregated for policing purposes. An aggregate policer can be applied to multiple classes in the same policy map;...
Page 130: Police Aggregate
9: Q HAPTER OMMANDS User Guidelines There are no user guidelines. Example The following example displays the parameters of the aggregate policer called ‘policer1’. police aggregate The police aggregate Policy-map Class Configuration mode command applies an aggregate policer to multiple classes within the same policy map.
Page 131: Wrr-Queue Cos-Map
Example The following example applies the aggregate policer called ‘policer’1 to a class called ‘class1’ in policy map called ‘policy1’. wrr-queue cos-map The wrr-queue cos-map Global Configuration mode command maps Class of Service (CoS) values to a specific egress queue. To restore the default configuration, use the no form of this command.
Page 132: Wrr-Queue Bandwidth
9: Q HAPTER OMMANDS User Guidelines This command can be used to distribute traffic into different queues, where each queue is configured with different Weighted Round Robin (WRR) and Weighted Random Early Detection (WRED) parameters. It is recommended to specifically map a single VPT to a queue, rather than mapping multiple VPTs to a single queue.
Page 133: Priority-Queue Out Num-Of-Queues
User Guidelines Use the priority-queue out num-of-queues Global Configuration mode command to configure a queue as WRR or Strict Priority. Use this command to define a WRR weight per interface. The weight ratio for each queue is defined by the queue weight divided by the sum of all queue weights (i.e., the normalized weight).
Page 134: Traffic-Shape
9: Q HAPTER OMMANDS Command Mode Global Configuration mode User Guidelines Configuring the number of expedite queues affects the Weighted Round Robin (WRR) weight ratio because fewer queues participate in the WRR. Example The following example configures the number of expedite queues as 0. traffic-shape The traffic-shape Interface Configuration (Ethernet, port-channel) mode command configures the shaper of the egress port/queue.
Page 135: Rate-Limit Interface Configuration
To activate the shaper on an egress port, enter the Interface Configuration mode and specify the port number. The CIR and the CBS will be applied to the specified port. Example The following example sets a shaper on Ethernet port g5 when the average traffic rate exceeds 124 kbps or the normal burst size exceeds 10,000 bytes.
Page 136: Show Qos Interface
9: Q HAPTER OMMANDS Examples The following example limits the rate of the incoming traffic to 62. show qos interface The show qos interface Privileged EXEC mode command displays Quality of Service (QoS) information on the interface. Syntax show qos interface [ethernet interface-number | port-channel number | port-channel number] [queueing | policers | shapers] Parameters ■...
Page 137 Example The following example displays the buffer settings for queues on Ethernet port 1. Console# show qos interface ether- net g1 buffers Ethernet g1 Notify Q depth show qos interface Threshold...
Page 138: Qos Map Policed-Dscp
9: Q HAPTER OMMANDS qos map The qos map policed-dscp Global Configuration mode command policed-dscp modifies the policed-DSCP map for remarking purposes. To restore the default map, use the no form of this command. Syntax qos map policed-dscp dscp-list to dscp-mark-down no qos map policed-dscp Prob Weight...
Page 139: Qos Map Dscp-Queue
Parameters ■ ■ Default Configuration The default map is the Null map, which means that each incoming DSCP value is mapped to the same DSCP value. Command Mode Global Configuration mode. User Guidelines DSCP values 3,11,19… cannot be remapped to other values. Example The following example marks down incoming DSCP value 3 as DSCP value 43 on the policed-DSCP map.
Page 140: Qos Trust (Global)
9: Q HAPTER OMMANDS Default Configuration The following table describes the default map. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example maps DSCP values 33, 40 and 41 to queue 1. qos trust (Global) The qos trust Global Configuration mode command configures the system to the basic mode and trust state.
Page 141: Qos Trust (Interface)
qos trust (Interface) Command Mode Global Configuration mode User Guidelines Packets entering a quality of service (QoS) domain are classified at the edge of the QoS domain. When packets are classified at the edge, the switch port within the QoS domain can be configured to one of the trusted states because there is no need to classify the packets at every device in the domain.
Page 142: Qos Cos
9: Q HAPTER OMMANDS User Guidelines There are no user guidelines for this command. Example The following example configures Ethernet port 15 to the default trust state. qos cos The qos cos Interface Configuration (Ethernet, port-channel) mode command defines the default CoS value of a port. To restore the default configuration, use the no form of this command.
Page 143: Qos Dscp-Mutation
qos dscp-mutation The qos dscp-mutation Global Configuration mode command applies the DSCP Mutation map to a system DSCP trusted port. To restore the trust state with no DSCP mutation, use the no form of this command. Syntax qos dscp-mutation no qos dscp-mutation Default Configuration This command has no default configuration.
Page 144: Security-Suite Enable
9: Q HAPTER OMMANDS Syntax qos map dscp-mutation in-dscp to out-dscp no qos map dscp-mutation Parameters ■ ■ Default Configuration The default map is the Null map, which means that each incoming DSCP value is mapped to the same DSCP value. Command Mode Global Configuration mode.
Page 145: Security-Suite Dos Protect
Parameters ■ Default Configuration No protection is configured. Command Mode Global Configuration mode User Guidelines MAC ACLs should be removed before the security-suite is enabled. The rules can be reentered after the security-suite is enabled. If ACLs or policy maps are assigned on ports, per interface security-suite rules cannot be enabled.
Page 146: Security-Suite Deny Martian-Addresses
9: Q HAPTER OMMANDS Command Mode Global Configuration mode User Guidelines The following table describes a list of DoS attacks and the protection type: Example The following example protects the system from the Invasor Trojan. security-suite deny The security-suite deny martian-addresses Global Configuration martian-addresses mode command denies packets containing reserved IP addresses.
Page 147 reserved — Specify to discard packets with source address or ■ destination address in the block of the reserved IP addresses. See the usage guidelines for a list of reserved addresses. Default Configuration Martian addresses are allowed. Command Mode Global Configuration mode User Guidelines The following table describes the reserved addresses: Address block...
Page 148 9: Q HAPTER OMMANDS Example The following example discard all packets with a source address or a destination address in the block of the reserved IP addresses. Address block 192.168.0.0/16 198.18.0.0/15 Console(config)# security-suite deny martian-addresses reserved add 127.0.0.0/8 Present use Private-Use Networks.
Page 149: Clock
clock set The clock set Privileged EXEC mode command manually sets the system clock. Syntax clock set hh:mm:ss day month year clock set hh:mm:ss month day year Parameters ■ ■ ■ ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 150: Clock Source
10: C HAPTER LOCK OMMANDS Example The following example sets the system time to 13:32:00 on March 7th, 2005. clock source The clock source Global Configuration mode command configures an external time source for the system clock. Use no form of this command to disable external time source.
Page 151: Clock Summer-Time
Syntax clock timezone hours-offset [minutes minutes-offset] [zone acronym] no clock timezone Parameters ■ ■ ■ Default Configuration Clock set to UTC. Command Mode Global Configuration mode User Guidelines The system internally keeps time in UTC, so this command is used only for display purposes and when the time is manually set.
Page 152 10: C HAPTER LOCK OMMANDS clock summer-time date month date year hh:mm month date year hh:mm [offset offset] [zone acronym] no clock summer-time recurring Parameters ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ Default Configuration Summer time is disabled. offset —...
Page 153: Sntp Authentication-Key
User Guidelines In both the date and recurring forms of the command, the first part of the command specifies when summer time begins, and the second part specifies when it ends. All times are relative to the local time zone. The start time is relative to standard time.
Page 154: Sntp Authenticate
10: C HAPTER LOCK OMMANDS value — Key value (Range: 1-8 characters) ■ Default Configuration No authentication key is defined. Command Mode Global Configuration mode User Guidelines Multiple keys can be generated. Example The following example defines the authentication key for SNTP. Console(config)# sntp authentication-key 8 md5 ClkKey sntp authenticate The sntp authenticate Global Configuration mode command grants...
Page 155: Sntp Trusted-Key
Example The following example defines the authentication key for SNTP and grants authentication. sntp trusted-key The sntp trusted-key Global Configuration mode command authenticates the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize. To disable authentication of the identity of the system, use the no form of this command.
Page 156: Sntp Client Poll Timer
10: C HAPTER LOCK OMMANDS Example The following example authenticates key 8. sntp client poll The sntp client poll timer Global Configuration mode command sets timer the polling time for the Simple Network Time Protocol (SNTP) client. To restoreTo restoreTo restore default configuration, use the no form of this command.
Page 157: Sntp Anycast Client Enable
sntp anycast client The sntp anycast client enable Global Configuration mode command enable enables SNTP anycast client. To disable the SNTP anycast client, use the no form of this command. Syntax sntp anycast client enable no sntp anycast client enable Default Configuration The SNTP anycast client is disabled.
Page 158: Sntp Unicast Client Enable
10: C HAPTER LOCK OMMANDS Default Configuration The SNTP client is disabled on an interface. Command Mode Interface Configuration (Ethernet, port-channel, VLAN) mode User Guidelines Use the sntp anycast client enable Global Configuration mode command to enable anycast clients globally. Example The following example enables the SNTP client on Ethernet port g3.
Page 159: Sntp Unicast Client Poll
Example The following example enables the device to use the Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from servers. sntp unicast client The sntp unicast client poll Global Configuration mode command poll enables polling for the Simple Network Time Protocol (SNTP) predefined unicast servers.
Page 160: Show Clock
10: C HAPTER LOCK OMMANDS Syntax sntp server {ip-address | hostname}[poll] [key keyid] no sntp server host Parameters ■ ■ ■ ■ Default Configuration No servers are defined. Command Mode Global Configuration mode User Guidelines Up to 8 SNTP servers can be defined. Use the sntp unicast client enable Global Configuration mode command to enable predefined unicast clients globally.
Page 161 Syntax show clock [detail] Parameters detail — Shows timezone and summertime configuration. ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines The symbol that precedes the show clock display indicates the following: Symbol Description Time is not authoritative.
Page 162: Show Sntp Configuration
10: C HAPTER LOCK OMMANDS show sntp The show sntp configuration Privileged EXEC mode command shows configuration the configuration of the Simple Network Time Protocol (SNTP). Syntax show sntp configuration Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 163: Show Sntp Status
show sntp status The show sntp status Privileged EXEC mode command shows the status of the Simple Network Time Protocol (SNTP). Syntax show sntp status Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 164 10: C HAPTER LOCK OMMANDS Example The following example shows the status of the SNTP. Console# show sntp status Clock is synchronized, stratum 4, reference is 176.1.1.8, unicast Reference time is AFE2525E.70597B34 (00:10:22.438 PDT Jul 5 1993) Unicast servers: Server Status Last response --------...
Page 165 0.0.0.0 vlan 1 16.1.1.2 show sntp status 00:00:00.0 Feb 19 2005 15:15:16 .0 LLBG Feb 19 2006...
Page 166 10: C HAPTER LOCK OMMANDS...
Page 167: Show Rmon Statistics
RMON C show rmon The show rmon statistics Privileged EXEC mode command displays statistics RMON Ethernet statistics. Syntax show rmon statistics {ethernet interface number | port-channel port-channel-number} Parameters ■ ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 168 11: RMON C HAPTER OMMANDS The following table describes the significant fields shown in the display. Console# show rmon statistics ethernet 1 Port: 1 Octets: 878128 Broadcast: 7 CRC Align Errors: 0 Undersize Pkts: 0 Fragments: 0 64 Octets: 98 128 to 255 Octets: 0 512 to 1023 Octets: 491 Field...
Page 169: Rmon Collection History
rmon collection The rmon collection history Interface Configuration (Ethernet, history port-channel) mode command enables a Remote Monitoring (RMON) MIB history statistics group on an interface. To remove a specified RMON history statistics group, use the no form of this command. Syntax rmon collection history index [owner ownername] [buckets bucket-number] [interval seconds]...
Page 170: Show Rmon Collection History
11: RMON C HAPTER OMMANDS Parameters ■ ■ ■ ■ Default Configuration RMON statistics group owner name is an empty string. Number of buckets specified for the RMON collection history statistics group is 50. Number of seconds in each polling cycle is 1800. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines...
Page 171 Parameters interface — Valid Ethernet port. Elana ■ port-channel-number — Valid port-channel number. ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays all RMON history group statistics. Console# show rmon collection history Index Interfac...
Page 172: Show Rmon History
11: RMON C HAPTER OMMANDS show rmon history The show rmon history Privileged EXEC mode command displays RMON Ethernet history statistics. Syntax show rmon history index {throughput | errors | other} [period seconds] Parameters ■ ■ ■ ■ ■ Default Configuration This command has no default configuration.
Page 173 Time Octets Packets -------- -------- ------- -------- ---- Jan 18 30359596 357568 2005 21:57:00 Jan 18 28769630 275686 2005 21:57:30 Console# show rmon history 1 errors Sample Set: 1 Owner: Me Interface: g1 Interval: 1800 Requested samples: Granted samples: 50 Maximum table size: 500 (800 after reset) Time Undersiz...
Page 174 11: RMON C HAPTER OMMANDS The following table describes significant fields shown in the example: Sample Set: 1 Owner: Me Interface: g1 Interval: 1800 Requested samples: Granted samples: 50 Maximum table size: 500 Time Dropped ------------------- -------- Jan 18 2005 21:57:00 Jan 18 2005 21:57:30...
Page 175: Rmon Alarm
rmon alarm The rmon alarm Global Configuration mode command configures alarm conditions. To remove an alarm, use the no form of this command. Syntax rmon alarm index variable interval rthreshold fthreshold revent fevent [type type] [startup direction] [owner name] no rmon alarm index Parameters ■...
Page 176 — Specifies the name of the person who configured this alarm. If unspecified, the name is an empty string. Alarm index — 1000 Variable identifier — 3Com...
Page 177: Show Rmon Alarm-Table
Sample interval — 360000 seconds Rising threshold — 1000000 Falling threshold — 1000000 Rising threshold event index — 10 Falling threshold event index — 20 Console(config)# rmon alarm 1000 3Com 360000 1000000 1000000 10 Console# show rmon alarm-table Index ----- -------------------- 1.3.6.1.2.1.2.2.1.10...
Page 178: Show Rmon Alarm
11: RMON C HAPTER OMMANDS The following table describes significant fields shown in the example: Field Index Owner show rmon alarm The show rmon alarm Privileged EXEC mode command displays alarm configuration. Syntax show rmon alarm number Parameters number — Specifies the alarm index. (Range: 1-65535) ■...
Page 179 Console# show rmon alarm 1 Alarm 1 ------- OID: 1.3.6.1.2.1.2.2.1.10.1 Last sample Value: 878128 Interval: 30 Sample Type: delta Startup Alarm: rising Rising Threshold: 8700000 Falling Threshold: 78 Rising Event: 1 Falling Event: 1 Owner: CLI The following table describes the significant fields shown in the display: Field Description Alarm...
Page 180: Rmon Event
11: RMON C HAPTER OMMANDS rmon event The rmon event Global Configuration mode command configures an event. To remove an event, use the no form of this command. Syntax rmon event index type [community text] [description text] [owner name] no rmon event index Parameters ■...
Page 181: Show Rmon Events
User Guidelines If log is specified as the notification type, an entry is made in the log table for each event. If trap is specified, an SNMP trap is sent to one or more management stations. Example The following example configures an event identified as index 10 and for which the device generates a notification in the log table.
Page 182: Show Rmon Log
11: RMON C HAPTER OMMANDS The following table describes significant fields shown in the example: show rmon log The show rmon log Privileged EXEC mode command displays the RMON log table. Syntax show rmon log [event] Parameters ■ Default Configuration This command has no default configuration.
Page 183: Rmon Table-Size
Example The following example displays the RMON log table. Console# show rmon log Maximum table size: 500 Event ------- Console# show rmon log Maximum table size: 500 (800 after reset) Event ------- The following table describes the significant fields shown in the display: Field Event Description...
Page 184 11: RMON C HAPTER OMMANDS ■ ■ Default Configuration History table size is 270. Log table size is 200. Command Mode Global Configuration mode User Guidelines The configured table size taskes effect after the device is rebooted. Example The following example configures the maximum RMON history table sizes to 100 entries.
Page 185: Igmp Snooping
IGMP S ip igmp snooping The ip igmp snooping Global Configuration mode command enables (Global) Internet Group Management Protocol (IGMP) snooping. To disable IGMP snooping, use the no form of this command. Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled.
Page 186: Ip Igmp Snooping Mrouter Learn-Pim-Dvmrp
12: IGMP S HAPTER NOOPING specific VLAN. To disable IGMP snooping on a VLAN interface, use the no form of this command. Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled . Command Mode Interface Configuration (VLAN) mode User Guidelines IGMP snooping can only be enabled on static VLANs.
Page 187: Ip Igmp Snooping Host-Time-Out
User Guidelines Multicast device ports can be configured statically using the bridge multicast forward-all Interface Configuration (VLAN) mode command. Example The following example enables automatic learning of multicast device ports on VLAN 2. ip igmp snooping The ip igmp snooping host-time-out Interface Configuration (VLAN) host-time-out mode command configures the host-time-out.
Page 188: Ip Igmp Snooping Mrouter-Time-Out
12: IGMP S HAPTER NOOPING Example The following example configures the host timeout to 300 seconds. ip igmp snooping The ip igmp snooping mrouter-time-out Interface Configuration mrouter-time-out (VLAN) mode command configures the mrouter-time-out. The ip igmp snooping mrouter-time-out Interface Configuration (VLAN) mode command is used for setting the aging-out time after multicast device ports are automatically learned.
Page 189: Ip Igmp Snooping Leave-Time-Out
ip igmp snooping The ip igmp snooping leave-time-out Interface Configuration (VLAN) leave-time-out mode command configures the leave-time-out. If an IGMP report for a multicast group was not received for a leave-time-out period after an IGMP Leave was received from a specific port, this port is deleted from the member list of that multicast group.To restore the default configuration, use the no form of this command.
Page 190: Show Ip Igmp Snooping Interface
12: IGMP S HAPTER NOOPING Syntax show ip igmp snooping mrouter [interface vlan-id] Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays multicast device interfaces in VLAN 1000. show ip igmp The show ip igmp snooping interface Privileged EXEC mode snooping interface...
Page 191: Show Ip Igmp Snooping Groups
Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays IGMP snooping information on VLAN 1000. show ip igmp The show ip igmp snooping groups Privileged EXEC mode command snooping groups displays multicast groups learned by IGMP snooping.
Page 192 12: IGMP S HAPTER NOOPING Command Mode Privileged EXEC mode User Guidelines To see the full multicast address table (including static addresses) use the show bridge multicast address-table Privileged EXEC command. Example The following example shows IGMP snooping information on multicast groups.
Page 193: Lacp System-Priority
LACP C lacp system-priority The lacp system-priority Global Configuration mode command configures the system priority. To restore the default configuration, use the no form of this command. Syntax lacp system-priority value no lacp system-priority Parameters ■ Default Configuration The default system priority is 1. Command Mode Global Configuration mode User Guidelines...
Page 194: Lacp Timeout
13: LACP C HAPTER OMMANDS Syntax lacp port-priority value no lacp port-priority Parameters ■ Default Configuration The default port priority is 1. Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example defines the priority of Ethernet port g6 as 247. lacp timeout The lacp timeout Interface Configuration (Ethernet) mode command assigns an administrative LACP timeout.
Page 195: Show Lacp Ethernet
Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example assigns a long administrative LACP timeout to Ethernet port g6. show lacp ethernet The show lacp ethernet Privileged EXEC mode command displays LACP information for Ethernet ports.
Page 196 13: LACP C HAPTER OMMANDS Console# show lacp ethernet g1 1 LACP parameters: Actor Partner system priority: system mac 00:00:12:34:56 addr: port Admin key: port Oper key: port Oper number: port Admin priority: port Oper priority: port Admin LONG timeout: port Oper LONG timeout:...
Page 197 g1 LACP Statistics: LACP PDUs sent: LACP PDUs received: g1 LACP Protocol State: LACP State Machines: Control Variables: show lacp ethernet port Oper key: port Oper number: port Admin priority: port Oper priority: port Oper LONG timeout: LACP Activity: PASSIVE Aggregation: AGGREGATABLE synchronizatio...
Page 198: Show Lacp Port-Channel
13: LACP C HAPTER OMMANDS show lacp The show lacp port-channel Privileged EXEC mode command displays port-channel LACP information for a port-channel. Syntax show lacp port-channel [port_channel_number] Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 199 show lacp port-channel Port Type Gigabit Ethernet Attached Lag id: Actor System Priority: MAC Address: Admin Key: Oper Key: Partner System Priority: MAC Address: Oper Key: 00:02:85:0E:1C 1000 1000 00:00:00:00:00...
Page 200 13: LACP C HAPTER OMMANDS...
Page 201: Power Over Ethernet Commands
COMMANDS power inline The power inline Interface Configuration mode command configures the administrative mode of the inline power on an interface. Syntax power inline {auto | never} Parameters ■ ■ Default Configuration Auto Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command.
Page 202: Power Inline Powered-Device
14: P HAPTER OWER OVER power inline The power inline powered-device Interface Configuration mode powered-device command adds a description of the powered device type. Use the no form of this command to remove the description. Syntax power inline powered-device pd-type no power inline powered-device Parameters ■...
Page 203: Power Inline Usage-Threshold
Parameters ■ ■ ■ Default Configuration Low priority Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example sets the priority of port 4 from the point of view of inline power management to ‘high’. power inline The power inline usage-threshold Global Configuration mode usage-threshold...
Page 204: Power Inline Traps Enable
14: P HAPTER OWER OVER Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the threshold for initiating inline power usage alarms to 90 percent. power inline traps The power inline traps enable Global Configuration mode command enable enable inline power traps.
Page 205 Syntax show power inline [ethernet interface ] Parameters interface — Valid Ethernet port. Elana ■ Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays information about the inline power.
Page 206 14: P HAPTER OWER OVER The following table describes the fields shown in the display: THERNET COMMANDS Auto Auto Auto Console# show power inline ethernet Admin Port Powere State Device ---- ------ ------ ------ ------ Auto Phone Model Overload Counter: 1 Short Counter: 0 Denied Counter: 0 Absent Counter: 0...
Page 207 Field Description Usage The usage threshold expressed in percents for comparing the Threshold measured power and initiating an alarm if threshold is exceeded. Traps Indicates if inline power traps are enabled. Port The Ethernet port number. Powered device A description of the powered device type. Admin State Indicates if the port is enabled to provide power.
Page 208 14: P HAPTER OWER OVER THERNET COMMANDS...
Page 209: Spanning -Tree Commands
spanning-tree The spanning-tree Global Configuration mode command enables spanning-tree functionality. To disable the spanning-tree functionality, use the no form of this command. Syntax spanning-tree no spanning-tree Default Configuration Spanning-tree is enabled. Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree functionality.
Page 210: Spanning-Tree Forward-Time
15: S HAPTER PANNING no spanning-tree mode Parameters ■ ■ ■ Default Configuration STP is enabled. Command Modes Global Configuration mode User Guidelines In RSTP mode, the device uses STP when the neighbor device uses STP. In MSTP mode, the device uses RSTP when the neighbor device uses RSTP and uses STP when the neighbor device uses STP.
Page 211: Spanning-Tree Hello-Time
Default Configuration The default forwarding time for the IEEE Spanning Tree Protocol (STP) is 15 seconds. Command Modes Global Configuration mode User Guidelines When configuring the forwarding time, the following relationship should be kept: 2*(Forward-Time - 1) >= Max-Age Example The following example configures the spanning tree bridge forwarding time to 25 seconds.
Page 212: Spanning-Tree Max-Age
15: S HAPTER PANNING When configuring the hello time, the following relationship should be kept: Max-Age >= 2*(Hello-Time + 1) Example The following example configures spanning tree bridge hello time to 5 seconds. spanning-tree The spanning-tree max-age Global Configuration mode command max-age configures the spanning tree bridge maximum age.
Page 213: Spanning-Tree Priority
Example The following example configures the spanning tree bridge maximum-age to 10 seconds. spanning-tree The spanning-tree priority Global Configuration mode command priority configures the spanning tree priority of the device. The priority value is used to determine which bridge is elected as the root bridge. To restore the default configuration, use the no form of this command.
Page 214: Spanning-Tree Cost
15: S HAPTER PANNING Syntax spanning-tree disable no spanning-tree disable Default Configuration Spanning tree is enabled on all ports. Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example disables spanning-tree on Ethernet port g5. spanning-tree cost The spanning-tree cost Interface Configuration mode command configures the spanning tree path cost for a port.
Page 215: Spanning-Tree Port-Priority
Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines The path cost method is configured using the spanning-tree pathcost method Global Configuration mode command. Example The following example configures the spanning-tree cost on Ethernet port g15 to 35000. spanning-tree The spanning-tree port-priority Interface Configuration mode port-priority command configures port priority.
Page 216: Spanning-Tree Portfast
15: S HAPTER PANNING Example The following example configures the spanning priority on Ethernet port g15 to 96. spanning-tree The spanning-tree portfast Interface Configuration mode command portfast enables PortFast mode. In PortFast mode, the interface is immediately put into the forwarding state upon linkup without waiting for the standard forward time delay.
Page 217: Spanning-Tree Link-Type
spanning-tree The spanning-tree link-type Interface Configuration mode command link-type overrides the default link-type setting determined by the duplex mode of the port and enables Rapid Spanning Tree Protocol (RSTP) transitions to the forwarding state. To restore the default configuration, use the no form of this command.
Page 218: Spanning-Tree Bpdu
15: S HAPTER PANNING Syntax spanning-tree pathcost method {long | short} no spanning-tree pathcost method Parameters ■ ■ Default Configuration Short path cost method. Command Mode Global Configuration mode User Guidelines This command is only operational with the device in Interface mode. This command applies to all spanning tree instances on the device.
Page 219: Clear Spanning-Tree Detected-Protocols
■ Default Configuration The default setting is flooding. Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example defines BPDU packet flooding when the spanning-tree is disabled on an interface. clear spanning-tree The clear spanning-tree detected-protocols Privileged EXEC mode detected-protocols command restarts the protocol migration process (forces renegotiation...
Page 220: Spanning-Tree Mst Priority
15: S HAPTER PANNING Example The following example restarts the protocol migration process on Ethernet port g11. spanning-tree mst The spanning-tree mst priority Global Configuration mode command priority configures the device priority for the specified spanning-tree instance. To restore the default configuration, use the no form of this command. Syntax spanning-tree mst instance-id priority priority no spanning-tree mst instance-id priority...
Page 221: Spanning-Tree Mst Port-Priority
discarded and the port information is aged out. To restore the default configuration, use the no form of this command. Syntax spanning-tree mst max-hops hop-count no spanning-tree mst max-hops Parameters ■ Default Configuration The default number of hops is 20. Command Mode Global Configuration mode User Guidelines...
Page 222: Spanning-Tree Mst Cost
15: S HAPTER PANNING Default Configuration The default port priority for IEEE Multiple Spanning Tree Protocol (MSTP) is 128. Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures the port priority of port g1 to 144. spanning-tree mst The spanning-tree mst cost Interface Configuration mode command cost...
Page 223: Spanning-Tree Mst Configuration
Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures the MSTP instance 1 path cost for Ethernet port 9 to 4. spanning-tree mst The spanning-tree mst configuration Global Configuration mode configuration command enables configuring an MST region by entering the Multiple Spanning Tree (MST) mode.
Page 224: Instance (Mst)
15: S HAPTER PANNING instance (mst) The instance MST Configuration mode command maps VLANS to an MST instance. Syntax instance instance-id {add | remove} vlan vlan-range Parameters ■ ■ Default Configuration VLANs are mapped to the common and internal spanning tree (CIST) instance (instance 0).
Page 225: Revision (Mst)
Syntax name string Parameters ■ Default Configuration The default name is the MAC address. Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command. Example The following example defines the configuration name as region1. revision (mst) The revision MST Configuration mode command defines the configuration revision number.
Page 226: Show (Mst)
15: S HAPTER PANNING User Guidelines There are no user guidelines for this command. Example The following example sets the configuration revision to 1. show (mst) The show MST Configuration mode command displays the current or pending MST region configuration. Syntax show {current | pending} Parameters...
Page 227: Exit (Mst)
exit (mst) The exit MST Configuration mode command exits the MST Configuration mode, and applies all configuration changes. Syntax exit Default Configuration This command has no default configuration. Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command. Example The following example exits the MST Configuration mode and saves changes.
Page 228: Spanning-Tree Guard Root
15: S HAPTER PANNING Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command. Example The following example exits the MST Configuration mode without saving changes. spanning-tree The spanning-tree guard root Interface Configuration (Ethernet, guard root port-channel) mode command enables root guard on all spanning tree instances on the interface.
Page 229: Show Spanning-Tree
Example The following example prevents Ethernet port g1 from being the root port of the device. show spanning-tree The show spanning-tree Privileged EXEC mode command displays spanning-tree configuration. Syntax show spanning-tree [ethernet interface -number| port-channel port-channel-number] [instance instance-id] show spanning-tree [detail] [active | blockedports] [instance instance-id] show spanning-tree mst-configuration Parameters...
Page 230 15: S HAPTER PANNING Example The following example displays spanning-tree information. OMMANDS Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: short Prior Root Addre Path Cost Root Port Bridg Prior e ID Addre Hello Time 2 hops Interfaces Name...
Page 231 Enabl 128.2 20000 Disab 128.3 20000 Enabl 128.4 20000 Enabl 128.5 20000 Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root Prior 36864 Addre 00:02:4b:29:7a:00 This switch is the root. Hello Time 2 Max Age 20 sec Interfaces Name State...
Page 232 15: S HAPTER PANNING OMMANDS Disab 128.3 Enabl 128.4 Enabl 128.5 Console# show spanning-tree Spanning tree disabled (BPDU filtering) mode RSTP Default port cost method: long Root Prior Addre Path Cost Root Port Hello Time N/A Bridg Prior e ID Addre Hello Time 2 Interfaces...
Page 233 Enabl 128.1 20000 Enabl 128.2 20000 Disab 128.3 20000 Enabl 128.4 20000 Enabl 128.5 20000 Console# show spanning-tree active Spanning tree enabled mode RSTP Default port cost method: long Root Prior 32768 Addre 00:01:42:97:e0:00 Path 20000 Cost Root 1 (1) Port Hello Time 2 Max Age 20 sec...
Page 234 15: S HAPTER PANNING OMMANDS Name State Prio. ---- ----- ----- Enabl 128.1 Enabl 128.2 Enabl 128.4 Console# show spanning-tree blockedports Spanning tree enabled mode RSTP Default port cost method: long Root Prior Addre Path Cost Root Port Hello Time 2 Bridg Prior e ID...
Page 235 Interfaces Name State Prio. Cost ---- ----- ----- ----- Enabl 128.4 20000 Console# show spanning-tree detail Spanning tree enabled mode RSTP Default port cost method: long Root Prior 32768 Addre 00:01:42:97:e0:00 Path 20000 Cost Root 1 (1) Port Hello Time 2 Max Age 20 sec Bridg Prior...
Page 236 15: S HAPTER PANNING OMMANDS Times hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Port 1 (1) enabled State: Forwarding Port id: 128.1 Type: P2p (configured: auto) RSTP Designated bridge Priority: 32768 Designated port id: 128.25 Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 2 (2) enabled...
Page 237 Number of transitions to forwarding state: N/A BPDU: sent N/A, received N/A Port 4 (4) enabled State: Blocking Port id: 128.4 Type: Shared (configured:auto) Designated bridge Priority: 28672 Designated port id: 128.25 Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 5 (5) enabled State: Disabled Port id: 128.5...
Page 238 15: S HAPTER PANNING OMMANDS Console# show spanning-tree ethernet 1 Port 1 (1) enabled State: Forwarding Port id: 128.1 Type: P2p (configured: auto) RSTP Designated bridge Priority: 32768 Designated port id: 128.25 Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Console# show spanning-tree mst-configuration Name: Region1 Revision: 1...
Page 239 Addre 00:01:42:97:e0:00 Path 20000 Cost Root 1 (1) Port Hello Time 2 Interfaces Name State Prio. Cost ---- ----- ----- ----- Enabl 128.1 20000 Enabl 128.2 20000 Enabl 128.3 20000 Enabl 128.4 20000 ###### MST 1 Vlans Mapped: 10-20 CST Root ID Prior 24576 Addre...
Page 240 15: S HAPTER PANNING OMMANDS hops Bridge ID Prior Addre Interfaces Name State Prio. ---- ----- ----- Enabl 128.1 Enabl 128.2 Enabl 128.3 Enabl 128.4 Console# show spanning-tree detail Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Prior Addre...
Page 241 Path 20000 Cost Root 1 (g1) Port Hello Time 2 Port 1 (g1) enabled State: Forwarding Port id: 128.1 Type: P2p (configured: auto) Boundary RSTP Designated bridge Priority: 32768 Designated port id: 128.25 Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 2 (g2) enabled State: Forwarding...
Page 242 15: S HAPTER PANNING Port 3 (g3) enabled State: Forwarding Port id: 128.3 Type: Shared (configured: auto) Internal Designated bridge Priority: 32768 Designated port id: 128.3 Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 4 (g4) enabled State: Forwarding Port id: 128.4 Type: Shared (configured: auto) Internal...
Page 243 Bridge ID Prior 32768 Addre 00:02:4b:29:7a:00 Number of topology changes 2 last change occurred 1d9h ago Times: hold 1, topology change 2, notification 2 hello 2, max age 20, forward delay 15 Port 1 (g1) enabled State: Forwarding Port id: 128.1 Type: P2p (configured: auto) Boundary RSTP Designated bridge Priority:...
Page 244 15: S HAPTER PANNING Port 3 (g3) disabled State: Blocking Port id: 128.3 Type: Shared (configured: auto) Internal Designated bridge Priority: 32768 Designated port id: 128.78 Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 4 (g4) enabled State: Forwarding Port id: 128.4 Type: Shared (configured: auto) Internal...
Page 245 Path 20000 Cost Root 1 (g1) Port Hello Time 2 Bridg Prior 32768 e ID Addre 00:02:4b:29:7a Hello Time 2 hops Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Prior 32768...
Page 246 15: S HAPTER PANNING OMMANDS Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: short Prior Root Addre Path Cost Root Port Bridg Prior e ID Addre Hello Time 2 hops Interfaces Name State Prio. ---- ----- ----- Enabl 128.1...
Page 247 Enabl 128.4 20000 Enabl 128.5 20000 Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root Prior 36864 Addre 00:02:4b:29:7a:00 This switch is the root. Hello Time 2 Max Age 20 sec Interfaces Name State Prio. Cost ---- -----...
Page 248 15: S HAPTER PANNING OMMANDS Enabl 128.5 Console# show spanning-tree Spanning tree disabled (BPDU filtering) mode RSTP Default port cost method: long Root Prior Addre Path Cost Root Port Hello Time N/A Bridg Prior e ID Addre Hello Time 2 Interfaces Name State...
Page 249 Disab 128.3 20000 Enabl 128.4 20000 Enabl 128.5 20000 Console# show spanning-tree active Spanning tree enabled mode RSTP Default port cost method: long Root Prior 32768 Addre 00:01:42:97:e0:00 Path 20000 Cost Root 1 (g1) Port Hello Time 2 Max Age 20 sec Bridg Prior 36864...
Page 250 15: S HAPTER PANNING OMMANDS Enabl 128.1 Enabl 128.2 Enabl 128.4 Console# show spanning-tree blockedports Spanning tree enabled mode RSTP Default port cost method: long Root Prior Addre Path Cost Root Port Hello Time 2 Bridg Prior e ID Addre Hello Time 2 Interfaces Name...
Page 251 ---- ----- ----- ----- Enabl 128.4 20000 Console# show spanning-tree detail Spanning tree enabled mode RSTP Default port cost method: long Root Prior 32768 Addre 00:01:42:97:e0:00 Path 20000 Cost Root 1 (g1) Port Hello Time 2 Max Age 20 sec Bridg Prior 36864...
Page 252 15: S HAPTER PANNING OMMANDS State: Forwarding Port id: 128.1 Type: P2p (configured: auto) RSTP Designated bridge Priority: 32768 Designated port id: 128.25 Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 2 (g2) enabled State: Forwarding Port id: 128.2 Type: Shared (configured: auto) Designated bridge Priority:...
Page 253 Port id: 128.4 Type: Shared (configured:auto) Designated bridge Priority: 28672 Designated port id: 128.25 Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 5 (g5) enabled State: Disabled Port id: 128.5 Type: N/A (configured: auto) Designated bridge Priority: N/A Designated port id: N/A Number of transitions to forwarding state: N/A BPDU: sent N/A, received N/A...
Page 254 15: S HAPTER PANNING OMMANDS Console# show spanning-tree mst-configuration Name: Region1 Revision: 1 Instance Vlans mapped -------- ------------ 1-9, 21-4094 10-20 Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Prior Addre...
Page 255 Enabl 128.1 20000 Enabl 128.2 20000 Enabl 128.3 20000 Enabl 128.4 20000 ###### MST 1 Vlans Mapped: 10-20 CST Root ID Prior 24576 Addre 00:02:4b:29:89:76 Path 20000 Cost Root 4 (g4) Port hops Bridge ID Prior 32768 Addre 00:02:4b:29:7a Interfaces Name State Prio.
Page 256 15: S HAPTER PANNING OMMANDS Enabl 128.1 Enabl 128.2 Enabl 128.3 Enabl 128.4 Console# show spanning-tree detail Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Prior Addre Path Cost Root Port...
Page 257 Designated bridge Priority: 32768 Designated port id: 128.25 Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 2 (g2) enabled State: Forwarding Port id: 128.2 Type: Shared (configured: auto) Boundary Designated bridge Priority: 32768 Designated port id: 128.2 Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 3 (g3) enabled...
Page 258 15: S HAPTER PANNING OMMANDS Type: Shared (configured: auto) Internal Designated bridge Priority: 32768 Designated port id: 128.2 Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 ###### MST 1 Vlans Mapped: 10-20 Root ID Prior Addre Path Cost Port...
Page 259 Designated bridge Priority: 32768 Designated port id: 128.1 Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 2 (g2) enabled State: Forwarding Port id: 128.2 Type: Shared (configured: auto) Boundary Designated bridge Priority: 32768 Designated port id: 128.2 Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 3 (g3) disabled...
Page 260 15: S HAPTER PANNING OMMANDS Type: Shared (configured: auto) Internal Designated bridge Priority: 32768 Designated port id: 128.2 Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Prior...
Page 261 Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Prior 32768 Addre 00:01:42:97:e0:00 show spanning-tree...
Page 262 15: S HAPTER PANNING OMMANDS...
Page 263: Onfiguration And Image File
copy The copy Privileged EXEC mode command copies files from a source to a destination. Syntax copy source-url destination-url Parameters ■ ■ The following table displays keywords and URL prefixes. ONFIGURATION AND OMMANDS source-url — The source file location URL or reserved keyword of the source file to be copied.
Page 264 16: C HAPTER ONFIGURATION AND Keyword xmodem: null: Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines The location of a file system dictates the format of the source or destination URL. The entire copying process may take several minutes and differs from protocol to protocol and from network to network.
Page 265 copy Copying an Image File from a Server to Flash Memory To copy an image file from a server to flash memory, use the copy source-url image command. Copying a Boot File from a Server to Flash Memory To copy a boot file from a server to flash memory, enter the copy source-url boot command.
Page 266: Delete
16: C HAPTER ONFIGURATION AND Example The following example copies system image file1 from the TFTP server 172.16.101.101 to a non-active image file. delete The delete Privileged EXEC mode command deletes a file from a flash memory device. Syntax delete url Parameters ■...
Page 267: Boot System
User Guidelines *.sys, *.prv, image-1 and image-2 files cannot be deleted. Example The following example deletes the file called ‘test’ from the flash memory. boot system The boot system Privileged EXEC mode command specifies the system image that the device loads at startup. Syntax boot system {image-1 | image-2} Parameters...
Page 268: Show Running-Config
16: C HAPTER ONFIGURATION AND show The show running-config Privileged EXEC mode command displays the running-config contents of the currently running configuration file. Syntax show running-config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 269: Show Bootvar
Syntax show startup-config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the contents of the running configuration file. show bootvar The show bootvar Privileged EXEC mode command displays the active system image file that is loaded by the device at startup.
Page 270 16: C HAPTER ONFIGURATION AND Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the active system image file that is loaded by the device at startup.
Page 271: Radius Command
RADIUS C radius-server host The radius-server host Global Configuration mode command specifies a RADIUS server host. To delete the specified RADIUS host, use the no form of this command. Syntax radius-server host {ip-address | hostname} [auth-port auth-port-number] [timeout timeout] [retransmit retries] [deadtime deadtime] [key key-string] [source source] [priority priority] [usage type] no radius-server host {ip-address | hostname}...
Page 272: Radius-Server Key
17: RADIUS C HAPTER ■ ■ ■ Default Configuration No RADIUS server host is specified. The port number for authentication requests is 1812. The usage type is all. Command Mode Global Configuration mode User Guidelines To specify multiple hosts, multiple radius-server host commands can be used.
Page 273: Radius-Server Retransmit
Syntax radius-server key [key-string] no radius-server key Parameters ■ Default Configuration The key-string is an empty string. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example defines the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon.
Page 274: Radius-Server Source-Ip
17: RADIUS C HAPTER Default Configuration The software searches the list of RADIUS server hosts 3 times. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the number of times the software searches all RADIUS server hosts to 5 times.
Page 275: Radius-Server Timeout
Example The following example configures the source IP address used for communication with all RADIUS servers to 10.1.1.1. radius-server The radius-server timeout Global Configuration mode command sets timeout the interval during which the device waits for a server host to reply. To restore the default configuration, use the no form of this command.
Page 276: Show Radius-Servers
17: RADIUS C HAPTER Syntax radius-server deadtime deadtime no radius-server deadtime Parameters ■ Default Configuration The deadtime setting is 0. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example sets all RADIUS server deadtimes to 10 minutes. show radius-servers The show radius-servers Privileged EXEC mode command displays the RADIUS server settings.
Page 277 Example The following example displays RADIUS server settings. Console# show radius-servers Port TimeO addre Auth ----- ---- ----- ---- 172.1 1645 Globa 6.1.1 172.1 1645 6.1.2 Global values ------------- TimeOut: 3 Retransmit: 3 Deadtime: 0 Source IP: 172.16.8.1 show radius-servers Retra DeadT Sourc...
Page 278 17: RADIUS C HAPTER OMMAND...
Page 279: Port Monitor
port monitor The port monitor Interface Configuration mode command starts a port monitoring session. To stop a port monitoring session, use the no form of this command. Syntax port monitor src-interface [rx | tx] no port monitor src-interface Parameters ■ ■...
Page 280: Show Ports Monitor
18: P HAPTER ONITOR GVRP is not enabled on the port. The port is not a member of a VLAN, except for the default VLAN (will automatically be removed from the default VLAN). The following restrictions apply to ports configured to be source ports: The port cannot be already configured as a destination port.
Page 281 ---------- ---------- ------ show ports monitor ----- ------- RX,TX Active RX,TX Active Active...
Page 282 18: P HAPTER ONITOR OMMANDS...
Page 283: Snmp-Server Community
SNMP C snmp-server The snmp-server community Global Configuration mode command community configures the community access string to permit access to the SNMP protocol. To remove the specified community string, use the no form of this command. Syntax snmp-server community community [ro | rw | su] [ip-address] [view view-name] snmp-server community-group community group-name [ip-address] no snmp-server community community [ip-address]...
Page 284: Snmp-Server View
19: SNMP C HAPTER OMMANDS Default Configuration No communities are defined. Command Mode Global Configuration mode User Guidelines The view-name parameter cannot be specified for su, which has access to the whole MIB. The view-name parameter can be used to restrict the access rights of a community string.
Page 285 Syntax snmp-server view view-name oid-tree {included | excluded} no snmp-server view view-name [oid-tree] Parameters view-name — Specifies the label for the view record that is being ■ created or updated. The name is used to reference the record. (Range: 1-30 characters) oid-tree —...
Page 286: Snmp-Server Group
19: SNMP C HAPTER OMMANDS snmp-server group The snmp-server group Global Configuration mode command configures a new Simple Management Protocol (SNMP) group or a table that maps SNMP users to SNMP views. To remove a specified SNMP group, use the no form of this command. Syntax snmp-server group groupname {v1 | v2 | v3 {noauth | auth | priv} [notify notifyview]} [read readview] [write writeview]...
Page 287: Snmp-Server User
Default Configuration No group entry exists. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example attaches a group called user-group to SNMPv3 and assigns to the group the privacy security level and read access rights to a view called user-view.
Page 288 19: SNMP C HAPTER OMMANDS ■ ■ ■ ■ Default Configuration No group entry exists. Command Mode Global Configuration mode User Guidelines If auth-md5 or auth-sha is specified, both authentication and privacy are enabled for the user. When a show running-config Privileged EXEC mode command is entered, a line for this user will not be displayed.
Page 289: Snmp-Server Engineid Local
The remote engineid designates the remote management station and should be defined to enable the device to receive informs. Example The following example configures an SNMPv3 user John in a group called user-group. snmp-server The snmp-server engineID local Global Configuration mode command engineID local specifies the Simple Network Management Protocol (SNMP) engineID on the local device.
Page 290 19: SNMP C HAPTER OMMANDS User Guidelines To use SNMPv3, you have to specify an engine ID for the device. You can specify your own ID or use a default string that is generated using the MAC address of the device. If the SNMPv3 engine ID is deleted or the configuration file is erased, SNMPv3 cannot be used.
Page 291: Snmp-Server Enable Traps
snmp-server enable The snmp-server enable traps Global Configuration mode command traps enables the device to send SNMP traps. To disable SNMP traps, use the no form of the command. Syntax snmp-server enable traps no snmp-server enable traps Default Configuration SNMP traps are enabled. Command Mode Global Configuration mode User Guidelines...
Page 292: Snmp-Server Host
19: SNMP C HAPTER OMMANDS ■ ■ Default Configuration No filter entry exists. Command Mode Global Configuration mode User Guidelines This command can be entered multiple times for the same filter record. Later lines take precedence when an object identifier is included in two or more lines.
Page 293 Parameters ip-address — Specifies the IP address of the host (targeted recipient). ■ hostname — Specifies the name of the host. (Range:1-158 characters) ■ community-string — Specifies a password-like community string sent ■ with the notification operation. (Range: 1-20) ■ traps —...
Page 294: Snmp-Server V3-Host
19: SNMP C HAPTER OMMANDS User Guidelines When configuring an SNMPv1 or SNMPv2 notification recipient, a notification view for that recipient is automatically generated for all the MIB. When configuring an SNMPv1 notification recipient, the Inform option cannot be selected. If a trap and inform are defined on the same target, and an inform was sent, the trap is not sent.
Page 295: Snmp-Server Trap Authentication
■ ■ ■ ■ ■ Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines A user and notification view are not automatically created. Use the snmp-server user, snmp-server group and snmp-server view Global Configuration mode commands to generate a user, group and notify group, respectively.
Page 296: Snmp-Server Contact
19: SNMP C HAPTER OMMANDS Default Configuration SNMP failed authentication traps are enabled. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables SNMP failed authentication traps. snmp-server The snmp-server contact Global Configuration mode command contact configures the system contact (sysContact) string.
Page 297: Snmp-Server Location
The following example configures the system contact point called 3Com_Technical_Support. snmp-server The snmp-server location Global Configuration mode command location configures the system location string. To remove the location string, use the no form of this command. Syntax snmp-server location text no snmp-server location Parameters ■...
Page 298: Show Snmp
— List of name and value pairs. In the case of scalar MIBs, only a single pair of name values. In the case of an entry in a table, at least one pair of name and value followed by one or more fields (Range 1-160 characters). Console(config)# snmp-server set sysName sysname 3Com...
Page 299 User Guidelines There are no user guidelines for this command. Example The following example displays the SNMP communications status. Console# show snmp Commu Community-Ac View nity- cess name Stri ----- ---------- ----- ----- ---- publi read only user- view priva read write Defau priva...
Page 300: Show Snmp Engineid
19: SNMP C HAPTER OMMANDS Version 1,2 notifications Target Address ------------ 192.122.173. 192.122.173. Version 3 notifications Target Address ------------ 192.122.173. System Contact: Robert System Location: Marketing The following table describes the significant fields shown in the display. Field Community-string Community-access IP Address Trap-Rec-Address Trap-Rec-Community...
Page 301: Show Snmp Views
Syntax show snmp engineID Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the SNMP engine ID. show snmp views The show snmp views Privileged EXEC mode command displays the configuration of views.
Page 302: Show Snmp Groups
19: SNMP C HAPTER OMMANDS Example The following example displays the configuration of views. show snmp groups The show snmp groups Privileged EXEC mode command displays the configuration of groups. Syntax show snmp groups [groupname] Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 303: Show Snmp Filters
The following table describes significant fields shown above. show snmp filters The show snmp filters Privileged EXEC mode command displays the configuration of filters. Syntax show snmp filters [filtername] Parameters ■ Default Configuration This command has no default configuration. Model Level ------- -----...
Page 304: Show Snmp Users
19: SNMP C HAPTER OMMANDS Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the configuration of filters. show snmp users The show snmp users Privileged EXEC mode command displays the configuration of users.
Page 305 Example The following example displays the configuration of users. Console# show snmp users Name Group name ------ ------------ John user-group John user-group show snmp users Auth Method Remote --------- -------------- ----------- 08009009020C0B 099C075879...
Page 306 19: SNMP C HAPTER OMMANDS...
Page 307: Ip Address
IP A ip address The ip address Interface Configuration (default VLAN) mode command sets an IP address. To remove an IP address, use the no form of this command. Syntax ip address ip-address {mask | prefix-length} no ip address ip-address Parameters ■...
Page 308: Ip Address Dhcp
20: IP A HAPTER DDRESS Example The following example configures VLAN 1 with IP address 131.108.1.27 and subnet mask 255.255.255.0. ip address dhcp The ip address dhcp Interface Configuration (default VLAN) mode command acquires an IP address for an Ethernet interface from the Dynamic Host Configuration Protocol (DHCP) server.
Page 309: Ip Default-Gateway
If the device is configured to obtain its IP address from a DHCP server, it sends a DHCPDISCOVER message to provide information about itself to the DHCP server on the network. If the ip address dhcp command is used with or without the optional keyword, the DHCP option 12 field (host name option) is included in the DISCOVER message.
Page 310: Show Ip Interface
20: IP A HAPTER DDRESS This command is only operational in Switch mode. Example The following example defines default gateway 192.168.1.1. show ip interface The show ip interface Privileged EXEC mode command displays the usability status of configured IP interfaces. Syntax show ip interface [ethernet interface-number | vlan vlan-id | port-channel port-channel number |]...
Page 311 The arp Global Configuration mode command adds a permanent entry in the Address Resolution Protocol (ARP) cache. To remove an entry from the ARP cache, use the no form of this command. Syntax arp ip_addr hw_addr {ethernet interface-number | vlan vlan-id | port-channel port-channel number.} no arp ip_addr {ethernet interface-number | vlan vlan-id | port-channel port-channel number.}...
Page 312: Arp Timeout
20: IP A HAPTER DDRESS Example The following example adds IP address 198.133.219.232 and MAC address 00:00:0c:40:0f:bc to the ARP table. arp timeout The arp timeout Global Configuration mode command configures how long an entry remains in the ARP cache. To restore the default configuration, use the no form of this command.
Page 313: Show Arp
clear arp-cache Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example deletes all dynamic entries from the ARP cache. show arp The show arp Privileged EXEC mode command displays entries in the ARP table.
Page 314: Ip Domain-Name
Default Configuration A default domain name is not defined. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example defines default domain name www.3Com.com. OMMANDS Interface IP address --------- ---------- 10.7.1.102 10.7.1.135...
Page 315: Ip Name-Server
ip name-server ip name-server The ip name-server Global Configuration mode command defines the available name servers. To remove a name server, use the no form of this command. Syntax ip name-server server-address [server-address2 … server-address8] no ip name-server [server-address1 … server-address8] Parameters server-address —...
Page 316 20: IP A HAPTER DDRESS OMMANDS...
Page 317: Management Access-List
management The management access-list Global Configuration mode command access-list configures a management access list and enters the Management Access-list Configuration command mode. To delete an access list, use the no form of this command. Syntax management access-list name no management access-list name Parameters ■...
Page 318: Permit (Management)
21: M HAPTER ANAGEMENT Management ACL requires a valid management interface, which is a port, VLAN, or port-channnel with an IP address or console interface. Management ACL only restricts access to the device for management configuration or viewing. Example The following example creates a management access list called ‘mlist’, configures management Ethernet interfaces g1 and g9 and makes the new access list the active list.
Page 319: Deny (Management)
■ ■ ■ ■ ■ ■ Default Configuration If no permit rule is defined, the default is set to deny. Command Mode Management Access-list Configuration mode User Guidelines Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is defined on the appropriate interface. The system supports up to 128 management access rules.
Page 320: Management Access-Class
21: M HAPTER ANAGEMENT Parameters ■ ■ ■ ■ ■ ■ ■ Default Configuration This command has no default configuration. Command Mode Management Access-list Configuration mode User Guidelines Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is defined on the appropriate interface. The system supports up to 128 management access rules.
Page 321: Show Management Access-List
Parameters ■ ■ Default Configuration If no access list is specified, an empty access list is used. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures an access list called ‘mlist’ as the management access list.
Page 322: Show Management Access-Class
21: M HAPTER ANAGEMENT There are no user guidelines for this command. Example The following example displays the ‘mlist’ management access list. show management The show management access-class Privileged EXEC mode command access-class displays the active management access list. Syntax show management access-class Default Configuration This command has no default configuration.
Page 323: Rogue-Detect Enable (Radio)
rogue-detect The rogue-detect enable AP Interface Radio Configuration mode enable (Radio) command enables detection of rogue APs. To disable rouge APs detection, use the no form of this command. Syntax rogue-detect enable no rogue-detect enable Parameters This command has no keywords or arguments. Default Configuration Rogue detection is disabled.
Page 324: Rogue-Detect Rogue-Scan-Interval
22: W HAPTER IRELESS Example The following example enables the detection of rogue APs. rogue-detect The rogue-detect rogue-scan-interval AP Interface Radio rogue-scan-interval Configuration mode command defines the scanning interval for rogue APs. To restore defaults, use the no form of this command. Syntax rogue-detect rogue-scan-interval {long | medium | short} no rogue-detect rogue-scan-interval...
Page 325: Wlan Rogue-Detect Rogue-Ap
The following example defines the scanning interval for rogue APs at 150 seconds. wlan rogue-detect The wlan rogue-detect rogue-ap Global Configuration mode rogue-ap command sets the status of rouge APs. To restore defaults, use the no form of this command. Syntax wlan rogue-detect rogue-ap mac-address state {known | mitigate} no wlan rogue-detect rogue-ap mac-address state...
Page 326: Clear Wlan Rogue-Ap
22: W HAPTER IRELESS clear wlan rogue-ap The clear wlan rogue-ap Privileged EXEC mode command deletes a rogue AP from the rogue APs list. Syntax clear wlan rogue-ap mac-address Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines Deleting a rogue AP from the list does not mitigate or suppress the rogue.
Page 327: Show Wlan Rogue-Aps List
■ ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays information about rogue APs detection configuration. show wlan The show wlan rogue-aps list Privileged EXEC mode command displays rogue-aps list information about potential rogue APs.
Page 328: Show Wlan Rogue-Aps Neighborhood
22: W HAPTER IRELESS Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines The show wlan rogue-aps list command displays each rogue at one entry, even if it was discovered by more than one Radio. Example The following example displays information about potential rogue APs.
Page 329 Parameters mac-address — The AP MAC address detecting rogue APs. ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays a list of APs that has detected a rogue AP with the MAC address: 00-9E-93-82-73-FC.
Page 330 22: W AP C HAPTER IRELESS OGUE OMMANDS...
Page 331: Wlan Ess Create
wlan ess create The wlan ess create Global Configuration mode command creates an ESS. To remove the ESS, use the no form of this command. Syntax wlan ess create index ssid no wlan ess create index Parameters ■ ■ Default Configuration ESS number 1 always exists.
Page 332: Ssid
23: W ESS C HAPTER IRELESS Syntax wlan ess configure {id index | ssid ssid} Parameters ■ ■ Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enters the ESS ‘enterprise’...
Page 333: Open Vlan
User Guidelines The SSID string must be a unique string in the system. The command fails if there already exists an SSID with the same name. Example The following example configures the SSID name of an ESS as ‘enterprise’. open vlan The open vlan ESS Configuration mode command configures the ESS VLAN when there is no security suite for the ESS.
Page 334: Load-Balancing
23: W ESS C HAPTER IRELESS The qos ESS Configuration mode command enables QoS in an ESS. To disable QoS, use the no form of this command. Syntax qos {wmm | svp} no qos Parameters ■ ■ Default Configuration QoS in an ESS is disabled. Command Mode ESS Configuration mode User Guidelines...
Page 335: Mac-Filtering Action
no load-balancing Parameters ■ ■ ■ Default Configuration Disabled. Command Mode ESS Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables load balancing in an ESS where a station attempts to associate with an AP in the ESS. mac-filtering action The mac-filtering action ESS Configuration mode command enables source MAC address filtering in an ESS.
Page 336: Mac-Filtering List
23: W ESS C HAPTER IRELESS ■ ■ Default Configuration Disabled. Command Mode ESS Configuration mode User Guidelines ■ ■ Example The following example denies source MAC-address filtering in an ESS. mac-filtering list The mac-filtering list ESS Configuration mode command adds and removes MAC addresses from the MAC address filtering list in an ESS.
Page 337: Security Suite Create
Default Configuration Empty list. Command Mode ESS Configuration mode User Guidelines Use the mac-filtering action ESS configuration command to enable the MAC-address-filtering list and to define the MAC-address-filtering list type. Example The following example adds the MAC address 00-9E-92-4C-73-FC to the MAC address filtering list in an ESS.
Page 338 23: W ESS C HAPTER IRELESS ■ ■ ■ Default Configuration WPA security suite exists. Command Mode ESS Configuration mode User Guidelines ■ ■ OMMANDS 802.1x — 802.1x authentication with WEP. ■ wpa — Wi-Fi Protected Access (WPA and WPA2) are systems to ■...
Page 339: Security Suite Configure
■ ■ ■ ■ ■ Example The following example creates a security suite for an ESS. security suite The security suite configure ESS Configuration mode command enters configure the Security-Suite Configuration mode. Syntax security suite configure type Parameters ■ WPA2 security suite and WPA2-PSK security suite cannot exist simultaneously.
Page 340: Vlan (Security-Suite Ess)
23: W ESS C HAPTER IRELESS Default Configuration WPA security suite exists. Command Mode ESS Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enters the Security-Suite Configuration mode. vlan (Security-Suite The vlan Security-Suite ESS Configuration mode command configures ESS) the policy VLAN for a security-suite.
Page 341: Timer (Security-Suite Ess)
Default Configuration VLAN #1 Command Mode Security-Suite ESS Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the policy VLAN for a security-suite to VLAN ID 5. timer The timer Security-Suite ESS Configuration mode command configures (Security-Suite ESS) the key exchange timers for a Security-Suite.
Page 342: Update-Gkey-On-Leave (Security-Suite Ess)
23: W ESS C HAPTER IRELESS ■ ■ ■ Default Configuration ■ ■ ■ ■ Command Mode Security-Suite ESS Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the key exchange timers for a security-suite as an unlimited rekeying timeout period.
Page 343: Wpa2 Pre-Authentication
No key is defined. Command Mode Security-Suite ESS Configuration mode User Guidelines There are no user guidelines for this command. Example The following example defines that a group key should be updated after a station leaves the AP. wpa2 The wpa2 pre-authentication ESS Configuration mode command pre-authentication enables WPA2 pre-authentication in an ESS.
Page 344: Show Wlan Ess
23: W ESS C HAPTER IRELESS Example The following example enables WPA2 pre-authentication in an ESS. show wlan ess The show wlan Privileged EXEC mode command displays information on the ESS configuration. Syntax show wlan ess configuration [id 1-65535 | ssid 1-32] show wlan ess vlans [id 1-65535 | ssid 1-32] show wlan ess radios [id 1-65535 | ssid 1-32] Parameters...
Page 345 Example The following example configures the display of the WLAN ESS configuration. console # show wlan ess configuration Index SSID Securit y Suite ----- ---- ------- Enterpr WPA, WPA2 Guest Open The following example configures the display of the defined ESS configurations.
Page 346 23: W ESS C HAPTER IRELESS OMMANDS Console # show wlan ess configuration 1 Index: 1 SSID: Enterprise Load Balancing: Association QoS: WMM Mac Filter: Disabled WPA2 Preauthentication: Enabled Open VLAN: 1 Security Suite: VLAN: 8 Unicast Rekeying Timeout: Never Multicast Rekeying Timeout: Never Update Group Key On Leave: Enabled Security Suite:...
Page 347: Show Wlan Ess Mac-Filtering Lists
The following example configures the display of WLAN ESS radios’ configuration. show wlan ess The show wlan Privileged EXEC mode command displays the ESS MAC mac-filtering lists filtering lists. Syntax show wlan ess mac-filtering lists {id index | ssid ssid} Parameters ■...
Page 348: Show Wlan Ess Counters
23: W ESS C HAPTER IRELESS show wlan ess The show wlan ess counters Privileged EXEC mode command displays counters the number of stations at each ESS. Syntax show wlan ess counters [index | ssid] Parameters ■ ■ Default Configuration This command has no default configuration.
Page 349 Console# show wlan ess counters Index SSID ----- ---- Enterprise Guest The following example displays station numbers at ESS ‘enterprise’. Console# show wlan ess counters ssid enterprise Radio ---- show wlan ess counters Stations ------- Stations --------...
Page 350 23: W ESS C HAPTER IRELESS OMMANDS...
Page 351: Clear Wlan Ap
clear wlan ap The clear wlan ap Privileged EXEC mode command deactivates an AP. Syntax clear wlan ap {name | mac-address} Parameters ■ ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines ■ ■...
Page 352: Wlan Ap Active
24: W AP G HAPTER IRELESS wlan ap active The wlan ap active Global Configuration mode command activates an Syntax wlan ap active mac-address [template template-name] Parameters ■ ■ Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Page 353: Wlan Ap Config
■ ■ ■ Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines If the secure key is not set before activation at the AP, that key would be transferred to the AP on activation. A key cannot be removed in an active AP.
Page 354: Name
24: W AP G HAPTER IRELESS Command Mode Global Configuration mode User Guidelines Only active APs can be placed in AP Configuration mode. Example The following example sets the device in AP Configuration mode. name The name AP Configuration mode command configures a wireless AP name.
Page 355: Tunnel Priority
tunnel priority The tunnel priority AP Configuration mode command configures a wireless AP priority for VLAN tunneling. To restore default settings, use the no form of this command. Syntax tunnel priority priority no priority Parameters ■ Default Configuration The default wireless AP priority for VLAN tunneling is 20. Command Mode AP Configuration mode User Guidelines...
Page 356: Interface Ethernet
24: W AP G HAPTER IRELESS Syntax wan enable no wan enable Parameters This command has no keywords or arguments. Default Configuration Disabled Command Mode AP Configuration mode User Guidelines There are no user guidelines for this command. Example The following example accommodates certain timing constrains in the communication to a remotely connected wireless AP separated by a WAN link or the Internet.
Page 357: Vlan Allowed
User Guidelines There are no user guidelines for this command. Example The following example enters the Interface Configuration mode. vlan allowed The vlan allowed AP interface Ethernet Configuration mode command adds or removes VLANs to the Ethernet port of a wireless AP. To restore the default configuration, use the no form of this command.
Page 358: Vlan Native
24: W AP G HAPTER IRELESS The following example adds VLANs 1,2,3 and 4 to the Ethernet port of a wireless AP. vlan native The vlan native AP interface Ethernet Configuration mode command sets the native VLAN of the Ethernet port of a wireless AP. To restore the default configuration, use the no form of this command.
Page 359: Set Wlan Copy
Syntax wlan template ap configure name Parameters ■ Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines All AP configuration commands are relevant to template APs, except for the name AP configuration command and wlan ap key Global Configuration commands.
Page 360: Show Wlan Aps
24: W AP G HAPTER IRELESS Default Configuration This command has no default configuration. Command Mode Wireless AP template configuration mode User Guidelines Copying the template to an AP overrides the entire AP configuration with the template configuration. Example The following example copies a wirless AP configuration parameters from a template AP “enterprise”...
Page 361 name ■ ssid ■ Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays information on active APs. Console # show wlan aps Name MAC Address ------ ----------------- 00-9E-92-4C-73- 00-9E-92-4C-73- show wlan aps Type State...
Page 362 24: W AP G HAPTER IRELESS The following example displays detailed information on a specific active The following example displays important radio information on all the active APs. ENERAL OMMANDS Console # show wlan aps AP1 Name: AP1 MAC Address: 00-9E-92-4C-73-FC Type: a, g State: Enabled Status: Disabled...
Page 363 The following example displays the SSIDs that are associated with each active AP. Console # show wlan aps ess Name Radio ------ -------- The following example displays: 1) Station VLANs: List all the VLANs required for the stations that are associated with that AP.
Page 364: Show Wlan Ap Interface Radio
24: W AP G HAPTER IRELESS The following example displays the AP model, serial number and software versions. show wlan ap The show wlan ap interface radio Privileged EXEC mode command interface radio displays information on an AP radio interface. Syntax show wlan ap {name | mac-address} interface radio {a | g} [ess ssid] Parameters...
Page 365: Show Wlan Ap Interface Ethernet
Example The following example displays information on an AP radio interface. SSID BSSID ------ -------- Enterprise Enabled Guest Enabled show wlan ap The show wlan ap interface ethernet Privileged EXEC mode command interface ethernet displays information on an AP radio interface. Syntax show wlan ap {name | mac-address} interface ethernet Parameters...
Page 366: Show Wlan Aps Counters
24: W AP G HAPTER IRELESS Example The following example displays information on an AP radio interface. show wlan aps The show wlan aps counters Privileged EXEC mode command displays counters information on the AP traffic. Syntax show wlan aps counters [radio a | g] [ap name] Parameters ■...
Page 367 The following example displays information on the AP traffic. Console# show wlan aps counters Name Stations ------ ----------- InUcastPk Name ------ ----------- 756857 846584 InUcastPk Name ------ ----------- 756857 846584 OutUcastP Name ------ --------- 87398238 846584 show wlan aps counters Name Stations ------...
Page 368: Show Wlan Aps Discovered
24: W AP G HAPTER IRELESS show wlan aps The show wlan aps discovered Privileged EXEC mode command discovered displays wireless APs that were discovered but not activated. Syntax show wlan aps discovered [mac-address] Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 369: Show Wlan Template Aps
The following example displays wireless APs that were discovered but were not activated. show wlan The show wlan template aps Privileged EXEC mode command displays template aps the template AP configuration. Syntax show wlan template aps [name] Parameters ■ Default Configuration This command has no default configuration.
Page 370 24: W AP G HAPTER IRELESS ENERAL OMMANDS Console # show wlan template aps Name Radio a ------- -------- default Enabled indoor Enabled outdoor Enabled Console # show wlan aps indoor NAME: vivi MAC Address: 00:f0:00:00:06:25 802.11a Radio: Enabled 802.11g Radio: Enabled Type: a, g State: Enabled VLANs Allowed: 2, 3...
Page 371: Ssh C Ommands
SSH C ip ssh port The ip ssh port Global Configuration mode command specifies the port to be used by the SSH server. To restore the default configuration, use the no form of this command. Syntax ip ssh port port-number no ip ssh port Parameters ■...
Page 372: Ip Ssh Server
25: SSH C HAPTER OMMANDS ip ssh server The ip ssh server Global Configuration mode command enables the device to be configured from a SSH server. To disable this function, use the no form of this command. Syntax ip ssh server no ip ssh server Default Configuration Device configuration from a SSH server is disabled.
Page 373: Crypto Key Generate Rsa
User Guidelines DSA keys are generated in pairs: one public DSA key and one private DSA key. If the device already has DSA keys, a warning and prompt to replace the existing keys with new keys are displayed. This command is not saved in the device configuration; however, the keys generated by this command are saved in the private configuration, which is never displayed to the user or backed up on another device.
Page 374: Ip Ssh Pubkey-Auth
25: SSH C HAPTER OMMANDS Example The following example generates RSA key pairs. ip ssh pubkey-auth The ip ssh pubkey-auth Global Configuration mode command enables public key authentication for incoming SSH sessions. To disable this function, use the no form of this command. Syntax ip ssh pubkey-auth no ip ssh pubkey-auth...
Page 375: User-Key
Default Configuration No keys are specified. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enters the SSH Public Key-chain Configuration mode and manually configures the RSA key pair for SSH public key-chain bob.
Page 376: Key-String
25: SSH C HAPTER OMMANDS Parameters ■ ■ ■ Default Configuration No SSH public keys exist. Command Mode SSH Public Key-string Configuration mode User Guidelines Follow this command with the key-string SSH Public Key-String Configuration mode command to specify the key. Example The following example enables manually configuring an SSH public key for SSH public key-chain bob.
Page 377 Default Configuration No keys exist. Command Mode SSH Public Key-string Configuration mode User Guidelines Use the key-string SSH Public Key-string Configuration mode command to specify which SSH public key is to be interactively configured next. To complete the command, you must enter a row with no characters. Use the key-string row SSH Public Key-string Configuration mode command to specify the SSH public key row by row.
Page 378 25: SSH C HAPTER OMMANDS show ip ssh The show ip ssh Privileged EXEC mode command displays the SSH server configuration. Syntax show ip ssh Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 379: Show Crypto Key Mypubkey
show crypto key The show crypto key mypubkey Privileged EXEC mode command mypubkey displays the SSH public keys on the device. Syntax show crypto key mypubkey [rsa | dsa] Parameters ■ ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 380: Show Crypto Key Pubkey-Chain Ssh
25: SSH C HAPTER OMMANDS show crypto key The show crypto key pubkey-chain ssh Privileged EXEC mode pubkey-chain ssh command displays SSH public keys stored on the device. Syntax show crypto key pubkey-chain ssh [username username] [fingerprint {bubble-babble | hex}] Parameters ■...
Page 381 show crypto key pubkey-chain ssh Key: 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 Fingerprint: 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86...
Page 382 25: SSH C HAPTER OMMANDS...
Page 383: Ip Http Server
ip http server The ip http server Global Configuration mode command enables configuring the device from a browser. To disable this function, use the no form of this command. Syntax ip http server no ip http server Default Configuration HTTP server is enabled. Command Mode Global Configuration mode User Guidelines...
Page 384: Ip Http Exec-Timeout
26: W HAPTER ERVER no ip http port Parameters ■ Default Configuration The default port number is 80. Command Mode Global Configuration mode User Guidelines Specifying 0 as the port number effectively disables HTTP access to the device. Example The following example configures the http port number to 100. ip http The ip http exec-timeout Global Configuration mode command sets exec-timeout...
Page 385: Ip Https Server
Command Mode Global Configuration mode User Guidelines This command also configures the exec-timeout for HTTPS in case the HTTPS timeout was not set. To specify no timeout, enter the ip https exec-timeout 0 0 command. ip https server The ip https server Global Configuration mode command enables configuring the device from a secured browser.
Page 386: Crypto Certificate Generate
26: W HAPTER ERVER Syntax ip https port port-number no ip https port Parameters ■ Default Configuration The default port number is 443. Command Mode Global Configuration mode User Guidelines Specifying 0 as the port number effectively disables HTTP access to the device.
Page 387 common- name — Specifies the fully qualified URL or IP address of the ■ device. (Range: 1-64) organization — Specifies the organization name. (Range: 1-64) ■ organization-unit — Specifies the organization-unit or department ■ name.(Range: 1-64) location — Specifies the location or city name. (Range: 1-64) ■...
Page 388: Crypto Certificate Request
26: W HAPTER ERVER crypto certificate The crypto certificate request Privileged EXEC mode command request generates and displays certificate requests for HTTPS. Syntax crypto certificate number request [cn common- name][ou organization-unit] [or organization] [loc location] [st state] [cu country] Parameters ■...
Page 389: Crypto Certificate Import
Example The following example generates and displays a certificate request for HTTPS. crypto certificate The crypto certificate import Global Configuration mode command import imports a certificate signed by the Certification Authority for HTTPS. Syntax crypto certificate number import Parameters ■ Default Configuration This command has no default configuration.
Page 390: Ip Https Certificate
26: W HAPTER ERVER The imported certificate must be based on a certificate request created by the crypto certificate request Privileged EXEC mode command. If the public key found in the certificate does not match the device's SSL RSA key, the command fails. This command is not saved in the device configuration;...
Page 391: Show Crypto Certificate Mycertificate
Parameters ■ Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines The crypto certificate generate command should be used to generate HTTPS certificates. Example The following example configures the active certificate for HTTPS. show crypto The show crypto certificate mycertificate Privileged EXEC mode certificate...
Page 392: Show Ip Http
26: W HAPTER ERVER The following example displays the certificate. show ip http The show ip http Privileged EXEC mode command displays the HTTP server configuration. Syntax show ip http Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 393: Show Ip Https
Example The following example displays the HTTP server configuration. show ip https The show ip https Privileged EXEC mode command displays the HTTPS server configuration. Syntax show ip https Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 394 26: W HAPTER ERVER OMMANDS Console# show ip https HTTPS server enabled. Port: 443 Certificate 1 is not active. Issued by : C= , ST= , L= , CN=10.6.41.138, O= , OU= Valid From: Apr 30 20:51:54 2003 GMT Valid to: Apr 29 20:51:54 2004 GMT Subject: C= , ST= , L= , CN=10.6.41.138, O= , OU= SHA1 Fingerprint: B3536E86 9487B229 C0A44199 DAB98046 7861F705...
Page 395: Tacacs-Server Host
TACACS+ C tacacs-server host The tacacs-server host Global Configuration mode command specifies a TACACS+ host. To delete the specified name or address, use the no form of this command. Syntax tacacs-server host {ip-address | hostname} [single-connection] [port port-number] [timeout timeout] [key key-string] [source source] [priority priority] no tacacs-server host {ip-address | hostname} Parameters...
Page 396: Tacacs-Server Key
27: TACACS+ C HAPTER ■ ■ Default Configuration No TACACS+ host is specified. If no port number is specified, default port number 49 is used. If no host-specific timeout, key-string or source value is specified, the global value is used. If no TACACS+ server priority is specified, default priority 0 is used.
Page 397: Tacacs-Server Timeout
Default Configuration Empty string. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example sets the authentication encryption key for all TACACS+ servers. tacacs-server The tacacs-server timeout Global Configuration mode command sets timeout the interval during which the device waits for a TACACS+ server to reply.
Page 398: Tacacs-Server Source-Ip
27: TACACS+ C HAPTER Example The following example sets the timeout value to 30 for all TACACS+ servers. tacacs-server The tacacs-server source-ip Global Configuration mode command source-ip configures the source IP address to be used for communication with TACACS+ servers. To restore the default configuration, use the no form of this command.
Page 399: Show Tacacs
show tacacs The show tacacs Privileged EXEC mode command displays configuration and statistical information about a TACACS+ server. Syntax show tacacs [ip-address] Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays configuration and statistical information about a TACACS+ server.
Page 400 27: TACACS+ C HAPTER OMMANDS Global values ------------- TimeOut: 3...
Page 401: Logging On
YSLOG OMMANDS logging on The logging on Global Configuration mode command controls error message logging. This command sends debug or error messages to a logging process, which logs messages to designated locations asynchronously to the process that generated the messages. To disable the logging process, use the no form of this command.
Page 402: Logging
28: S HAPTER YSLOG OMMANDS logging The logging Global Configuration mode command logs messages to a syslog server. To delete the syslog server with the specified address from the list of syslogs, use the no form of this command. Syntax logging {ip-address | hostname} [port port] [severity level] [facility facility] [description text] no logging {ip-address | hostname}...
Page 403: Logging Console
Example The following example limits logged messages sent to the syslog server with IP address 10.1.1.1 to severity level critical. logging console The logging console Global Configuration mode command limits messages logged to the console based on severity. To disable logging to the console, use the no form of this command.
Page 404: Logging Buffered Size
28: S HAPTER YSLOG OMMANDS Syntax logging buffered level no logging buffered Parameters ■ Default Configuration The default severity level is informational. Command Mode Global Configuration mode User Guidelines All the syslog messages are logged to the internal buffer. This command limits the messages displayed to the user.
Page 405: Clear Logging
Default Configuration The default number of messages is 200. Command Mode Global Configuration mode User Guidelines This command takes effect only after Reset. Example The following example changes the number of syslog messages stored in the internal buffer to 300. clear logging The clear logging Privileged EXEC mode command clears messages from the internal logging buffer.
Page 406: Logging File
28: S HAPTER YSLOG OMMANDS logging file The logging file Global Configuration mode command limits syslog messages sent to the logging file based on severity. To cancel using the buffer, use the no form of this command. Syntax logging file level no logging file Parameters ■...
Page 407: Aaa Logging
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example clears messages from the logging file. aaa logging The aaa logging Global Configuration mode command enables logging AAA login events. To disable logging AAA login events, use the no form of this command.
Page 408: File-System Logging
28: S HAPTER YSLOG OMMANDS file-system logging The file-system logging Global Configuration mode command enables logging file system events. To disable logging file system events, use the no form of this command. Syntax file-system logging copy no file-system logging copy file-system logging delete-rename no file-system logging delete-rename Parameters...
Page 409: Show Logging
no management logging deny Parameters ■ Default Configuration Logging management ACL events is enabled. Command Mode Global Configuration mode User Guidelines Other types of management ACL events are not subject to this command. Example The following example enables logging messages related to deny actions of management ACLs.
Page 410 28: S HAPTER YSLOG OMMANDS The following example displays the state of logging and the syslog messages stored in the internal buffer. Console# show logging Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max.
Page 411: Show Logging File
show logging file The show logging file Privileged EXEC mode command displays the state of logging and the syslog messages stored in the logging file. Syntax show logging file Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 412 28: S HAPTER YSLOG OMMANDS Example The following example displays the logging state and the syslog messages stored in the logging file. Console# show logging file Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max.
Page 413: Show Syslog-Servers
show The show syslog-servers Privileged EXEC mode command displays the syslog-servers settings of the syslog servers. Syntax show syslog-servers Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the settings of the syslog servers.
Page 414 28: S HAPTER YSLOG OMMANDS IP address Port ----------- ---- 192.180.2.2 192.180.2.2 Severity Facility ----------- -------- Information local7 Warning local7 Description -----------...
Page 415: Bss Enable
The bss Interface Radio Configuration mode command adds or removes ESS to/from a radio interface. Syntax bss {add {ess-index | ssid} | remove {ess-index | ssid}} Parameters ■ ■ Default Configuration The default ESS is automatically added to the radio interface. Command Mode AP Interface Radio Configuration mode User Guidelines...
Page 416: Advertise-Ssid
29: W AP BSS C HAPTER IRELESS Syntax bss enable {index | ssid} Parameters ■ ■ Default Configuration This command has no default configuration. Command Mode AP Interface Radio Configuration mode User Guidelines There are no user guidelines for this command. Example The following example places SSID device called ‘enterprise’...
Page 417: Data-Rates
Command Mode BSS Configuration mode User Guidelines There are no user guidelines for this command. Example The following example advertises the BSS SSID. data-rates The data-rates BSS Configuration mode command configures the data rates used in a BSS. To restore defaults, use the no form of this command.
Page 418 29: W AP BSS C HAPTER IRELESS User Guidelines There are no user guidelines for this command. Example The following example configures the data rates used in a BSS to 2 while complying with 802.11g. OMMANDS Console (Config-ap-radio)# bss configure enterprise Console (Config-wlan-ap-radio-bss-if)# data-rates mandatory add...
Page 419: Ping
ping The ping User EXEC mode command sends ICMP echo request packets to another node on the network. Syntax ping {ip-address | hostname}[size packet_size] [count packet_count] [timeout time_out] Parameters ■ ■ ■ ■ ■ Default Configuration Default packet size is 56 bytes. Default number of packets to send is 4.
Page 420 30: S HAPTER YSTEM ANAGEMENT Following are examples of unsuccessful pinging: Destination does not respond. If the host does not respond, a “no answer from host” appears in ten seconds. Destination unreachable. The gateway for this destination indicates that the destination is unreachable. Network or host unreachable.
Page 421: Traceroute
traceroute The traceroute User EXEC mode command discovers routes that packets actually take when traveling to their destination. Syntax traceroute {ip-address |hostname}[size packet_size] [ttl max-ttl] [count packet_count] [timeout time_out] [source ip-address] [tos tos] Parameters ■ ■ ■ ■ ■ ■ ■...
Page 422 30: S HAPTER YSTEM ANAGEMENT OMMANDS User Guidelines The traceroute command takesadvantage of the error messages generated by the devices when a datagram exceeds its time-to-live (TTL) value. The traceroute command starts by sending probe datagrams with a TTL value of one. This causes the first device to discard the probe datagram and send back an error message.
Page 423 Example The following example discovers the routes that packets will actually take when traveling to their destination. Console> traceroute umaxp1.physics.lsa.umich.edu Type Esc to abort. Tracing the route to umaxp1.physics.lsa.umich.edu (141.211.101.64) 1 i2-gateway.stanford.edu (192.68.191.83) 2 STAN.POS.calren2.NET (171.64.1.213) 0 msec 0 msec 0 msec 3 SUNV--STAN.POS.calren2.net (198.32.249.73) 1 msec 1 msec 1 msec 4 Abilene--QSV.POS.calren2.net (198.32.249.162) msec...
Page 424: Telnet
30: S HAPTER YSTEM ANAGEMENT The following table describes characters that may appear in the traceroute command output. telnet The telnet User EXEC mode command enables logging on to a host that supports Telnet. Syntax telnet {ip-address | hostname} [port] [keyword1...] Parameters ■...
Page 425 User Guidelines Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating system-specific functions. To enter a Telnet sequence, press the escape sequence keys (Ctrl-shift-6) followed by a Telnet command character. Special Telnet Sequences Telnet Sequence Ctrl-shift-6-b...
Page 426 30: S HAPTER YSTEM ANAGEMENT Keywords Table Ports Table OMMANDS Options Description /echo Enables local echo. /quiet Prevents onscreen display of all messages from the software. /source-interface Specifies the source interface. /stream Turns on stream processing, which enables a raw TCP stream with no Telnet control sequences.
Page 427: Resume
This command lists concurrent telnet connections to remote hosts that were opened by the current telnet session to the local device. It does not list telnet connections to remote hosts that were opened by other telnet sessions. Example The following example displays connecting to 176.213.10.50 via Telnet. resume The resume User EXEC mode command enables switching to another open Telnet session.
Page 428: Reload
30: S HAPTER YSTEM ANAGEMENT Default Configuration The default connection number is that of the most recent connection. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following command switches to open Telnet session number 1. reload The reload Privileged EXEC mode command reloads the operating system.
Page 429: Hostname
hostname The hostname Global Configuration mode command specifies or modifies the device host name. To remove the existing host name, use the no form of the command. Syntax hostname name no hostname Parameters ■ Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines...
Page 430: Show Sessions
30: S HAPTER YSTEM ANAGEMENT User Guidelines There are no user guidelines for this command. Example The following example displays information about the active users. show sessions The show sessions Privileged EXEC mode command lists open Telnet sessions. Syntax show sessions Default Configuration There is no default configuration for this command.
Page 431: Show System
The following table describes significant fields shown above. show system The show system Privileged EXEC mode command displays system information. Syntax show system Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the system information.
Page 432: Show Version
30: S HAPTER YSTEM ANAGEMENT show version The show version Privileged EXEC mode command displays system version information. Syntax show version [unit unit] Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 433: Service Cpu-Utilization
Example The following example displays system version information (only for demonstration purposes). service The service cpu-utilization Global Configuration mode command cpu-utilization enables measuring CPU utilization. To restore the default configuration, use the no form of this command. Syntax service cpu-utilization no service cpu-utilization Default Configuration Disabled.
Page 434: Show Cpu Utilization
30: S HAPTER YSTEM ANAGEMENT show cpu The show cpu utilization Privileged EXEC mode command displays utilization information about CPU utilization. Syntax show cpu utilization Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines Use the service cpu-utilization Global Configuration mode command to enable measuring CPU utilization.
Page 435: Enable
enable The enable Privileged EXEC mode command enters the Privileged EXEC mode. Syntax enable [privilege-level] Parameters ■ Default Configuration The default privilege level is 15. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example enters Privileged EXEC mode: NTERFACE...
Page 436: Disable
31: U HAPTER NTERFACE disable The disable Privileged EXEC mode command returns to the User EXEC mode. Syntax disable [privilege-level] Parameters ■ Default Configuration The default privilege level is 1. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example return to Users EXEC mode.
Page 437: Configure
User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example enters Privileged EXEC mode and logs in with username admin. configure The configure Privileged EXEC mode command enters the Global Configuration mode. Syntax configure Default Configuration This command has no default configuration.
Page 438: Exit
31: U HAPTER NTERFACE exit (Configuration) The exit command exits any configuration mode to the next highest mode in the CLI mode hierarchy. Syntax exit Default Configuration This command has no default configuration. Command Mode All configuration modes User Guidelines There are no user guidelines for this command.
Page 439: Help
User Guidelines There are no user guidelines for this command. Example The following example closes an active terminal session. The end command ends the current configuration session and returns to the Privileged EXEC mode. Syntax Default Configuration This command has no default configuration. Command Mode All configuration modes.
Page 440: Terminal Data-Dump
31: U HAPTER NTERFACE Syntax help Default Configuration This command has no default configuration. Command Mode All command modes User Guidelines There are no user guidelines for this command. Example The following example describes the help system. terminal data-dump The terminal data-dump User EXEC mode command enables dumping all the output of a show command without prompting.
Page 441: Debug-Mode
debug-mode no terminal data-dump Default Configuration Dumping is disabled. Command Mode User EXEC mode User Guidelines By default, a More prompt is displayed when the output contains more lines than can be displayed on the screen. Pressing the Enter key displays the next line;...
Page 442: Show History
31: U HAPTER NTERFACE User Guidelines There are no user guidelines for this command. show history The show history Privileged EXEC mode command lists the commands entered in the current session. Syntax show history Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 443: Show Privilege
show privilege The show privilege Privileged/User EXEC mode command displays the current privilege level. Syntax show privilege Default Configuration This command has no default configuration. Command Mode Privileged and User EXEC modes User Guidelines There are no user guidelines for this command. Example The following example displays the current privilege level for the Privileged EXEC mode.
Page 444 31: U HAPTER NTERFACE OMMANDS...
Page 445: Gvrp Enable (Global)
GVRP C gvrp enable GARP VLAN Registration Protocol (GVRP) is an industry-standard protocol (Global) designed to propagate VLAN information from device to device. With GVRP, a single device is manually configured with all desired VLANs for the network, and all other devices on the network learn these VLANs dynamically.
Page 446: Gvrp Enable (Interface)
32: GVRP C HAPTER OMMANDS gvrp enable The gvrp enable Interface Configuration (Ethernet, port-channel) mode (Interface) command enables GVRP on an interface. To disable GVRP on an interface, use the no form of this command. Syntax gvrp enable no gvrp enable Default Configuration GVRP is disabled on all interfaces.
Page 447 Syntax garp timer {join | leave | leaveall} timer_value no garp timer Parameters {join | leave | leaveall} — Indicates the type of timer. ■ timer_value — Timer values in milliseconds in multiples of 10. (Range: ■ 10-2147483640) Default Configuration Following are the default timer values: Join timer —...
Page 448: Gvrp Vlan-Creation-Forbid
32: GVRP C HAPTER OMMANDS gvrp The gvrp vlan-creation-forbid Interface Configuration (Ethernet, vlan-creation-forbid port-channel) mode command disables dynamic VLAN creation or modification. To enable dynamic VLAN creation or modification, use the no form of this command. Syntax gvrp vlan-creation-forbid no gvrp vlan-creation-forbid Default Configuration Dynamic VLAN creation or modification is enabled.
Page 449: Clear Gvrp Statistics
Default Configuration Dynamic registration of VLANs on the port is allowed. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example forbids dynamic registration of VLANs on Ethernet port g1. clear gvrp statistics The clear gvrp statistics Privileged EXEC mode command clears all GVRP statistical information.
Page 450: Show Gvrp Configuration
32: GVRP C HAPTER OMMANDS Example The following example clears all GVRP statistical information on Ethernet port g1. show gvrp The show gvrp configuration Privieged EXEC mode command displays configuration GVRP configuration information, including timer values, whether GVRP and dynamic VLAN creation is enabled, and which ports are running GVRP.
Page 451: Show Gvrp Statistics
show gvrp statistics The show gvrp statistics Privieged EXEC mode command displays GVRP statistics. Syntax show gvrp statistics [ethernet interface | port-channel port-channel-number] Parameters ■ ■ Default Configuration This command has no default configuration. Command Mode Privieged EXEC mode User Guidelines There are no user guidelines for this command.
Page 452: Show Gvrp Error-Statistics
32: GVRP C HAPTER OMMANDS show gvrp The show gvrp error-statistics Privieged EXEC mode command displays error-statistics GVRP error statistics. Syntax show gvrp error-statistics [ethernet interface | port-channel port-channel-number] Parameters ■ ■ Default Configuration This command has no default configuration. Command Mode Privieged EXEC mode User Guidelines...
Page 453 Example The following example displays GVRP statistical information. Console# show gvrp error-statistics GVRP Error Statistics: Legend: INVPROT : Invalid Protocol Id INVATYP : Invalid Attribute Type INVAVAL : Invalid Attribute Value Port INVPROT INVATYP INVAVAL INVALEN INVEVENT show gvrp error-statistics INVALEN : Invalid Attribute...
Page 454 32: GVRP C HAPTER OMMANDS...
Page 455: Vlan Database
VLAN C vlan database The vlan database Global Configuration mode command enters the VLAN Configuration mode. Syntax vlan database Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enters the VLAN database mode.
Page 456: Interface Vlan
33: VLAN C HAPTER OMMANDS Parameters ■ Default Configuration This command has no default configuration. Command Mode VLAN Database mode User Guidelines There are no user guidelines for this command. Example The following example VLAN number 1972 is created. interface vlan The interface vlan Global Configuration mode command enters the Interface Configuration (VLAN) mode.
Page 457: Interface Range Vlan
Example The following example configures VLAN 1 with IP address 131.108.1.27. interface range vlan The interface range vlan Global Configuration mode command enables simultaneously configuring multiple VLANs. Syntax interface range vlan {vlan-range | all} Parameters ■ ■ Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines...
Page 458: Switchport Access Vlan
33: VLAN C HAPTER OMMANDS name The name Interface Configuration mode command adds a name to a VLAN. To remove the VLAN name, use the no form of this command. Syntax name string no name Parameters ■ Default Configuration No name is defined. Command Mode Interface Configuration (VLAN) mode.
Page 459: Switchport Trunk Allowed Vlan
Parameters ■ Default Configuration All ports belong to VLAN 1. Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines The command automatically removes the port from the previous VLAN and adds it to the new VLAN. Example The following example configures a VLAN ID of 23 to the untagged layer 2 VLAN Ethernet port 1.
Page 460: Switchport Trunk Native Vlan
33: VLAN C HAPTER OMMANDS Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example adds VLANs 1, 2, 5 to 6 to the allowed list of the 1 Ethernet port 1.
Page 461: Switchport General Allowed Vlan
The command adds the port as a member in native VLAN 2. If the port is already configured as a native VLAN 3 it will automatically change the last entry (VLAN 2). Only one native VLAN can be configured to the port. Example The following example configures VLAN number 123 as the native VLAN when Ethernet port 1 is in trunk mode.
Page 462: Switchport General Pvid
33: VLAN C HAPTER OMMANDS User Guidelines This command enables changing the egress rule (for example from tagged to untagged) without first removing the VLAN from the list. Example The following example adds VLANs 2, 5, and 6 to the allowed list of Ethernet port 1.
Page 463: Switchport General Ingress-Filtering Disable
Example The following example configures the PVID for Ethernet port 1, when the interface is in general mode. switchport general The switchport general ingress-filtering disable Interface ingress-filtering Configuration mode command disables port ingress filtering. To restore disable the default configuration, use the no form of this command. Syntax switchport general ingress-filtering disable no switchport general ingress-filtering disable...
Page 464: Switchport Forbidden Vlan
33: VLAN C HAPTER OMMANDS Syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures Ethernet port 1 to discard untagged frames at ingress.
Page 465: Show Vlan
All VLANs are allowed. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines This command can be used to prevent GVRP from automatically making the specified VLANs active on the selected ports. Example The following example forbids adding VLAN IDs 234 to 256 to Ethernet port 1.
Page 466: Show Vlan Internal Usage
33: VLAN C HAPTER OMMANDS Example The following example displays all VLAN information. show vlan internal The show vlan internal usage Privileged EXEC mode command displays usage a list of VLANs used internally by the device. Syntax show vlan internal usage Default Configuration This command has no default configuration.
Page 467: Show Interfaces Switchport
Example The following example displays VLANs used internally by the device. show interfaces The show interfaces switchport Privileged EXEC mode command switchport displays the switchport configuration. Syntax show interfaces switchport {ethernet interface | port-channel port-channel-number} Parameters ■ ■ Default Configuration This command has no default configuration.
Page 468 33: VLAN C HAPTER OMMANDS Example The following example displays the switchport configuration for Ethernet port. Console# show interfaces switchport ethernet g5 Port: g5 Port Mode: General Gvrp Status: enabled Ingress Filtering: true Acceptable Frame Type: admitAll Ingress UnTagged VLAN < NATIVE >: 1 Port is member in: Vlan Name...
Page 469: Aaa Authentication Dot1X
802.1 aaa authentication The aaa authentication dot1x Global Configuration mode command dot1x specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1x. To restore the default configuration, use the no form of this command. Syntax aaa authentication dot1x default method1 [method2...] no aaa authentication dot1x default...
Page 470: Dot1X System-Auth-Control
34: 802.1 HAPTER OMMANDS Example The following example uses the aaa authentication dot1x default command with no authentication. dot1x The dot1x system-auth-control Global Configuration mode command system-auth-contro enables 802.1x globally. To restore the default configuration, use the no form of this command. Syntax dot1x system-auth-control no dot1x system-auth-control...
Page 471: Dot1X Re-Authentication
Parameters ■ ■ ■ Default Configuration Port is in the force-authorized state Command Mode Interface Configuration (Ethernet) mode User Guidelines It is recommended to disable spanning tree or to enable spanning-tree PortFast mode on 802.1x edge ports (ports in auto state that are connected to end stations), in order to get immediately to the forwarding state after successful authentication.
Page 472: Dot1X Timeout Re-Authperiod
34: 802.1 HAPTER OMMANDS Syntax dot1x re-authentication no dot1x re-authentication Default Configuration Periodic re-authentication is disabled. Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example enables periodic re-authentication of the client. dot1x timeout The dot1x timeout re-authperiod Interface Configuration mode re-authperiod...
Page 473: Dot1X Re-Authenticate
User Guidelines There are no user guidelines for this command. Example The following example sets the number of seconds between re-authentication attempts, to 300. dot1x The dot1x re-authenticate Privileged EXEC mode command manually re-authenticate initiates a re-authentication of all 802.1x-enabled ports or the specified 802.1x-enabled port.
Page 474 34: 802.1 HAPTER OMMANDS quiet state following a failed authentication exchange (for example, the client provided an invalid password). To restore the default configuration, use the no form of this command. Syntax dot1x timeout quiet-period seconds no dot1x timeout quiet-period Parameters ■...
Page 475: Dot1X Timeout Tx-Period
dot1x timeout The dot1x timeout tx-period Interface Configuration mode command tx-period sets the number of seconds that the device waits for a response to an Extensible Authentication Protocol (EAP)-request/identity frame from the client before resending the request. To restore the default configuration, use the no form of this command.
Page 476: Dot1X Timeout Supp-Timeout
34: 802.1 HAPTER OMMANDS process. To restore the default configuration, use the no form of this command. Syntax dot1x max-req count no dot1x max-req Parameters ■ Default Configuration The default number of times is 2. Command Mode Interface Configuration (Ethernet) mode User Guidelines The default value of this command should be changed only to adjust for unusual circumstances, such as unreliable links or specific behavioral...
Page 477: Dot1X Timeout Server-Timeout
Parameters ■ Default Configuration Default timeout period is 30 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines The default value of this command should be changed only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients.
Page 478: Show Dot1X
34: 802.1 HAPTER OMMANDS The timeout period is 30 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines The actual timeout can be determined by comparing the dot1x timeout server-timeout value and the result of multiplying the radius-server retransmit value with the radius-server timeout value and selecting the lower of the two values.
Page 479 The following example displays the status of 802.1x-enabled Ethernet ports. Console# show dot1x 802.1x is enabled Port Admin Oper Mode Mode ---- -------- -------- Auto Authoriz Auto Authoriz Auto Unauthor ized Force-au Authoriz Force-au Unauthor ized* * Port is down or not present. Console# show dot1x ethernet 3 802.1x is enabled.
Page 480 34: 802.1 HAPTER OMMANDS fThe following table describes the significant fields shown in the display. Quiet period: 60 Seconds Tx period:30 Seconds Max req: 2 Supplicant timeout: 30 Seconds Server timeout: 30 Seconds Session Time (HH:MM:SS): 08:19:17 MAC Address: 00:08:78:32:98:78 Authentication Method: Remote Termination Cause: Supplicant logoff Authenticator State Machine...
Page 481: Show Dot1X Users
show dot1x users The show dot1x users Privileged EXEC mode command displays active 802.1x authenticated users for the device. Syntax Field Quiet period Tx period Max req Supplicant timeout Server timeout Session Time MAC address Authentication Method Termination Cause State Authentication success Authentication fails show dot1x users...
Page 482 34: 802.1 HAPTER OMMANDS show dot1x users [username username] Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays 802.1x users. username —...
Page 483: Show Dot1X Statistics
The following table describes the significant fields shown in the display. show dot1x The show dot1x statistics Privileged EXEC mode command displays statistics 802.1x statistics for the specified interface. Syntax show dot1x statistics ethernet interface Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 484 34: 802.1 HAPTER OMMANDS The following table describes the significant fields shown in the display. Console# show dot1x statistics ethernet 1 EapolFramesRx: 11 EapolFramesTx: 12 EapolStartFramesRx: 12 EapolLogoffFramesRx: 1 EapolRespIdFramesRx: 3 EapolRespFramesRx: 6 EapolReqIdFramesTx: 3 EapolReqFramesTx: 6 InvalidEapolFramesRx: 0 EapLengthErrorFramesRx: 0 LastEapolFrameVersion: 1 LastEapolFrameSource: 00:08:78:32:98:78 Field...
Page 485: Dot1X Auth-Not-Req
dot1x auth-not-req The dot1x auth-not-req Interface Configuration (VLAN) mode command enables unauthorized devices access to the VLAN. To disable access to the VLAN, use the no form of this command. Syntax dot1x auth-not-req no dot1x auth-not-req Default Configuration Access is enabled. Command Mode Interface Configuration (VLAN) mode User Guidelines...
Page 486: Dot1X Multiple-Hosts
34: 802.1 HAPTER OMMANDS Example The following example enables access to the VLAN to unauthorized devices. dot1x The dot1x multiple-hosts Interface Configuration mode command multiple-hosts enables multiple hosts (clients) on an 802.1x-authorized port, where the authorization state of the port is set to auto. To restore the default configuration, use the no form of this command.
Page 487: Dot1X Single-Host-Violation
dot1x The dot1x single-host-violation Interface Configuration mode single-host-violatio command configures the action to be taken, when a station whose MAC address is not the supplicant MAC address, attempts to access the interface. Use the no form of this command to restore defaults. Syntax dot1x single-host-violation {forward | discard | discard-shutdown} [trap seconds]...
Page 488: Dot1X Guest-Vlan
34: 802.1 HAPTER OMMANDS Example The following example forwards frames with source addresses that are not the supplicant address and sends consecutive traps at intervals of 100 seconds. dot1x guest-vlan The dot1x guest-vlan Interface Configuration (VLAN) mode command defines a guest VLAN. To restore the default configuration, use the no form of this command.
Page 489: Dot1X Guest-Vlan Enable
Example The following example defines VLAN 2 as a guest VLAN. dot1x guest-vlan The dot1x vlans guest-vlan enable Interface Configuration mode enable command enables unauthorized users on the interface access to the Guest VLAN. To disable access, use the no form of this command Syntax dot1x guest-vlan enable no dot1x guest-vlan enable...
Page 490: Show Dot1X Advanced
34: 802.1 HAPTER OMMANDS show dot1x The show dot1x advanced Privileged EXEC mode command displays advanced 802.1x advanced features for the device or specified interface. Syntax show dot1x advanced [ethernet interface] Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 491 Interface Multiple Hosts --------- -------------- Disabled Single host parameters Violation action: Discard Trap: Enabled Trap frequency: 100 Status: Single-host locked Violations since last trap: 9 show dot1x advanced Guest VLAN ---------- Enabled...
Page 492 34: 802.1 HAPTER OMMANDS...
Page 493: Interface Radio
interface radio The interface radio AP Configuration mode command places the device in Radio Configuration mode. Syntax interface radio {802.11a | 802.11g} Parameters ■ ■ Default Configuration This command has no default configuration. Command Mode AP Configuration mode User Guidelines There are no user guidelines for this command.
Page 494: Enable (Ap Radio)
35: W AP R HAPTER IRELESS enable (ap radio) The enable AP Interface Radio Configuration mode command administratively enables the radio. To administratively disable the radio, use the no form of this command. Syntax enable no enable Parameters This command has no keywords or arguments. Default Configuration Enable.
Page 495 Syntax channel {number | frequency | least-congested} no channel Parameters number — Specifies a channel number. The ranges are as follows: ■ 802.11g — 1 – 14. ■ 802.11a — 34, 36, 38, 40, 42, 44, 46, 48, 52, 56, 60, 64, 149, 153, 157, ■...
Page 496: Power
35: W AP R HAPTER IRELESS power The power AP Interface Radio Configuration mode command configures the power level. To restore the default configuration, use the no form of this command. Syntax power {max | half | quarter | eighth | min} no power Parameters ■...
Page 497: Allow Traffic
allow traffic The allow traffic AP Interface Radio Configuration mode command allows users traffic. To disallow users traffic, use the no form of this command. Syntax allow traffic no allow traffic Parameters This command has no keywords or arguments. Default Configuration Users traffic is allowed.
Page 498: Rts Threshold
35: W AP R HAPTER IRELESS Parameters ■ ■ Command Mode AP Interface Radio configuration mode User Guidelines This command is only relevant for 802.11g transceivers. Example The following example configures the preamble support for 802.11g transceivers to long. rts threshold The rts threshold AP Interface Radio Configuration mode command configures the Request-To-Send (RTS) threshold.
Page 499: Antenna
Command Mode AP Interface Radio Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the RTS threshold to 2300 bytes. antenna The antenna AP Interface Radio Configuration mode command configures an antenna for the transceiver. To restore defaults, use the no form of this command.
Page 500: Beacon Period
35: W AP R HAPTER IRELESS Example The following example configures antenna 1 for the transceiver. beacon period The beacon period AP Interface Radio Configuration mode command configures the beacon period. To restore defaults, use the no form of this command.
Page 501: Wlan Tx-Power Off
WLAN C IRELESS OMMANDS wlan tx-power off The wlan tx-power off Global Configuration mode command turns off all APs transmitters. To enable transmit Power, use the no form of this command. Syntax wlan tx-power off no wlan tx-power off Parameters This command has no keywords or arguments.
Page 502: Wlan Country-Code
36: W WLAN C HAPTER IRELESS wlan country-code The wlan country-code Global Configuration mode command configures the country code in which the device is located and the physical location of AP connected to the device. To restore defaults, use the no form of this command. Syntax wlan country-code code no wlan country-code...
Page 503 Country Code Country Belarus Iran Belgium Ireland Belize Israel Bolivia Italy Bosnia and Japan Herzogovi Brazil Jordan Brunei Kazakhsta Darussala Bulgaria North Korea Canada South Korea Chile Kuwait China Latvia Colombia Lebanon Costa Rica Liechtenst Croatia Lithuania Cyprus Luxembou Czech Macau Republic Denmark...
Page 504: Wlan Tx-Power Auto Enable
36: W WLAN C HAPTER IRELESS Example The following example configures the country code in which the device is located, as the US. wlan tx-power auto The wlan tx-power auto enable Global Configuration mode command enable enables Auto Transmit Power. To disable Auto Transmit Power, use the no form of this command.
Page 505: Wlan Tx-Power Auto Interval
User Guidelines The Auto Transmit Power algorithm adjusts the transmit power of APs, so the signal strength heard at the second-closest access point is as close as possible to the target signal-strength configured by the wlan tx-power auto signal-strength Global Configuration command. Example The following example enables Auto Transmit Power.
Page 506: Wlan Tx-Power Auto Signal-Strength
36: W WLAN C HAPTER IRELESS wlan tx-power auto The wlan tx-power auto signal-strength Global Configuration mode signal-strength command configures the target signal strength heard at the second-closest AP. To restore defaults, use the no form of this command. Syntax wlan tx-power auto signal-strength dbm no wlan tx-power auto signal-strength Parameters...
Page 507: Wlan Station Idle-Timeout
Parameters ■ Default Configuration The default minimum signal loss difference is 60 dB. Command Mode Global Configuration mode User Guidelines The Auto Transmit Power algorithm adjusts AP power due to another AP which is very close, because it is impossible to avoid interference in that case and the APs will have essentially the same coverage zone.
Page 508: Clear Wlan Station
36: W WLAN C HAPTER IRELESS Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the length of time before an idle station is removed from the system and required to login, to 10 minutes. clear wlan station The clear wlan station Privileged EXEC mode command disassociates a station.
Page 509: Show Wlan
show wlan show wlan The show wlan Privileged EXEC mode displays information on the WLAN configuration. Syntax show wlan Parameters This command has no arguments or keywords. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 510: Show Wlan Auto-Tx-Power
36: W WLAN C HAPTER IRELESS Example The following example specifies the WLAN information for user called ‘Device’. show wlan The show wlan auto-tx-power Privileged EXEC mode command auto-tx-power displays information on the WLAN automatic power transmission configuration. Syntax show wlan auto-tx-power Parameters This command has no arguments or keywords.
Page 511: Show Wlan Logging Configuration
User Guidelines There are no user guidelines for this command. Example The following example displays information on the WLAN automatic power transmission configuration. show wlan logging The show wlan logging configuration Privileged EXEC mode configuration command displays information on the WLAN logging configuration. Syntax show wlan logging configuration Parameters...
Page 512: Show Wlan Stations
36: W WLAN C HAPTER IRELESS Example The following example displays information on the WLAN logging configuration. show wlan stations The show wlan stations Privileged EXEC mode command displays information on WLAN stations. Syntax show wlan stations [mac mac-address | ap name] Parameters ■...
Page 513: Show Wlan Stations Counters
Example The following example displays information on WLANs. show wlan stations The show wlan stations counters Privileged EXEC mode command counters displays information on WLAN stations traffic. Syntax show wlan stations counters [mac mac-address] Parameters ■ Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 514 36: W WLAN C HAPTER IRELESS Example The following example displays information on WLAN stations. OMMANDS Console# show wlan stations counters Number of stations: 2 MAC Address InPkts ---------- ------ 00-9E-93-82-83-91 183892 00-9E-93-82-83-92 128977 console# show wlan stations counters mac 00:0e:35:63:5c:a7 MAC Address InPkts -----------------...
Page 515: Problem Management
This section describes problems that may arise when installing the device and how to resolve these issues. This section includes the following topics: ■ ■ Problem Problem management includes isolating and quantifying problems, and Management applying solutions. When a problem is detected, the exact nature of the problem must be determined.
Page 516 37: T HAPTER ROUBLESHOOTING ■ ■ ■ No connection and the port LED is off Add and Edit pages do not open. Lost password Problem Possible Cause Cannot connect to management using RS-232 serial connection Cannot connect to switch management using Telnet, HTTP, SNMP, etc.
Page 517 Problem Possible Cause Software settings Response from the Faulty serial cable terminal emulations Software settings software is not readable. Self-test exceeds 15 The device may not be seconds. correctly installed. No connection is Wrong network address established and the port in the workstation.
Page 518 37: T HAPTER ROUBLESHOOTING Problem Possible Cause No connection and the Incorrect ethernet cable, port LED is off e.g., crossed rather than straight cable, or vice versa, split pair (incorrect twisting of pairs). Fiber optical cable connection is reversed. Bad cable. Wrong cable type.
Page 519 Problem Possible Cause Add and Edit pages do A pop-up blocker is not open. enabled. Troubleshooting Solutions Solution Disable pop-up blockers.
Page 520 37: T HAPTER ROUBLESHOOTING Problem Lost password Possible Cause Solution The Password Recovery Procedure enables the user to override the current password configuration, and disables the need for a password to access the console. The password recovery is effective until the device is reset.
Page 521 Troubleshooting Solutions...
Page 522 37: T HAPTER ROUBLESHOOTING...

3Com 3CRUS2475 Command Reference Manual

Using the Cli

Aaa C

Acl Commands

Address Table

Ethernet Configuration Commands

Line

Phy Diagnostics

Port Channel Commands

Qos Commands

Clock

Rmon Commands

Igmp Snooping

Lacp Commands

Power over Ethernet Commands

Spanning -Tree Commands

Onfiguration and Image File

Radius Command

Port Monitor Commands

Snmp Commands

Ip Addresscommands

Management Acl Commands

Wireless Rogue Ap Commands

Wireless Ess Commands

Wireless Ap General Commands

Quick Links

Command Reference Guide

Related Manuals for 3Com 3CRUS2475

Summary of Contents for 3Com 3CRUS2475