Page 1: Cli Reference Guide
Dell™ PowerConnect™ 6024/6024F Systems CLI Reference Guide w w w . d e l l . c o m | s u p p o r t . d e l l . c o m...
Page 2 Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3: Table Of Contents
Contents Command Groups Introduction ........Command Groups .
Page 4 RMON Commands ....... SNMP Commands ....... Spanning Tree Commands .
Page 5 username ........passwords min-length ......password-aging .
Page 6 Address Table Commands bridge address ....... . bridge multicast filtering .
Page 7 sntp client enable ......sntp unicast client enable ......sntp unicast client poll .
Page 8 shutdown ........description ....... . . speed .
Page 9 gvrp registration-forbid ......clear gvrp statistics ......show gvrp configuration .
Page 10 show hosts ....... . . 12 IGMP Snooping Commands ip igmp snooping (Global) .
Page 11 14 LACP Commands lacp system-priority ......lacp port-priority ......lacp timeout .
Page 12 ip igmp ........ip igmp query-interval .
Page 13 authentication ....... . router ospf router-id ......router ospf area stub .
Page 14 20 Port Channel Commands interface port-channel ......interface range port-channel ......channel-group .
Page 15 qos cos ........qos dscp-mutation ......qos map dscp-mutation .
Page 16 24 RIP Commands router rip enable ......router rip redistribute ospf .
Page 17 26 SNMP Commands SNMP General Commands ......SNMPv1/v2 Commands ......SNMPv3 Commands .
Page 18 spanning-tree mst configuration ..... . . instance (mst) ....... . name (mst) .
Page 19 clear logging ....... . logging file ....... . . clear logging file .
Page 20 tacacs-server key ......tacacs-server source-ip ......tacacs-server timeout .
Page 21 switchport trunk allowed vlan ......switchport trunk native vlan ......switchport general allowed vlan .
Page 22 36 Web Server ip http port ....... . . ip http server .
Page 23 dot1x auth-not-req ......dot1x multiple-hosts ......dot1x single-host-violation .
Page 24: Contents
Contents...
Page 25: Command Groups
Command Groups Introduction The Command Language Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, the user has greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
Page 26 Line Configures the console and remote Telnet connection. Management ACL Configures and displays management access-list information. Multicast Routing Configures Multicast routing. OSPF Configures and manages OSPF on the device. PHY Diagnostics Diagnoses and displays the interface status. Port Channel Configures and displays Port channel information. Port Monitor Monitors activity on specific target ports.
Page 27: Aaa Commands
AAA Commands Command Group Description Mode aaa authentication login Defines login authentication. aaa authentication enable Defines authentication method lists for accessing higher privilege levels. GC login authentication Specifies the login authentication method list for a remote telnet or console. enable authentication Specifies the authentication method list when accessing a higher privilege level from a remote telnet or console.
Page 28: Acl Commands
ACL Commands Command Group Description Mode ip access-list Creates IP ACLs, and enters to IP- Access list configuration mode. permit (IP) Allows traffic if the conditions defined in the permit statement are matched. deny (IP) Denies traffic if the conditions define in the deny statement are matched mac access-list...
Page 29: Clock Commands
bridge multicast forbidden Enables forbidding forwarding of all Multicast packets to a port. forward-all bridge aging-time Sets the address table aging time. clear bridge Removes any learned entries from the forwarding database. port security Disables new address learning on an interface. port security routed secure- Adds MAC-layer secure addresses to a routed port.
Page 30: Configuration And Image Files Commands
show sntp configuration Displays the SNTP configuration show sntp status Displays the SNTP status Configuration and Image Files Commands Command Group Description Mode configure Enters the global configuration mode. copy Copies files from a source to a destination. delete startup-config Deletes the startup-config file.
Page 31: Gvrp Commands
speed Configures the speed of a given Ethernet interface when not using auto-negotiation. duplex Configures the full/half duplex operation of a given Ethernet interface when not using auto-negotiation. negotiation Enables auto-negotiation operation for the speed and duplex parameters of a given interface. flowcontrol Configures the Flow Control on a given interface.
Page 32 gvrp registration-forbid De-registers all VLANs, and prevents dynamic VLAN registration on the port. clear gvrp statistics Clears all the GVRP statistics information. show gvrp configuration Displays GVRP configuration information. show gvrp statistics Displays GVRP statistics. show gvrp error-statistics Displays GVRP error statistics. Command Groups...
Page 33: Igmp Snooping Commands
IGMP Snooping Commands Command Group Description Mode ip igmp snooping (Global) Enables Internet Group Management Protocol (IGMP) snooping. ip igmp snooping (Interface) Enables Internet Group Management Protocol (IGMP) snooping on a specific VLAN. ip igmp snooping mrouter Enables automatic learning of multicast router ports in the context of a specific VLAN.
Page 34: Ip Routing
ip domain-name Defines a default domain name to complete unqualified host names. ip name-server Configures available name servers ip host Configures static host name-to-address mapping in the host cache clear host Deletes entries from the host name-to-address cache clear host dhcp Deletes entries from the DHCP host name-to-address mapping cache show hosts Displays the default domain name, a list of name server hosts, static...
Page 35: Lacp Commands
LACP Commands Command Group Description Mode lacp system-priority Configures the system LACP priority. lacp port-priority Configures the priority value for physical ports. lacp timeout Assigns an administrative LACP timeout. show lacp ethernet Displays LACP information for Ethernet ports. show lacp port-channel Displays LACP information for a port-channel.
Page 36: Multicast Routing
Multicast Routing Command Group Description Mode ip multicast-routing Enables IP Multicast routing on the device. ip dvmrp Enables DVMRP on an interface. ip dvmrp metric Configures the interface metric for DVMRP reports. ip igmp Enables IGMP on an interface. ip igmp query-interval Configures the frequency at which the software sends IGMP host query messages.
Page 37 router ospf redistribute Enables advertisements of directly connected networks routes, running connected OSPF. router ospf area virtual-link Defines an OSPF virtual link and enters the OSPF Virtual-link Configuration mode. hello-interval Specifies the interval between hello packets that the software sends on the OSPF virtual link interface.
Page 38: Phy Diagnostics Commands
show ip ospf database Displays information lists related to the OSPF database. show ip ospf interface Displays OSPF-related interface information. show ip ospf neighbor Displays OSPF-neighbor information on a per-interface basis. PHY Diagnostics Commands Command Group Description Mode test copper-port tdr Diagnoses with TDR (Time Domain Reflectometry) technology the quality and characteristics of a copper cable attached to a port.
Page 39: Qos Commands
QoS Commands Command Group Description Mode Enables quality of service (QoS) on the device and enters QoS basic or advance mode. show qos Displays the QoS status. priority-queue out num-of- Enables the egress queues to be expedite queues. queues traffic-shape Sets a shaper on an egress port/queue.
Page 40: Radius Commands
class Defines the traffic classification and enters the policy-map class configuration mode. police Defines a policer for the classified traffic. police aggregate Applies an aggregate policer to multiple classes within the same policy map. trust Configures the trust state. Sets new values in the IP packet. service-policy Applies a policy map to the interface input.
Page 41: Rmon Commands
rip offset Adds an offset to a metric learned via RIP before adding them to the interface table. rip default-route offset Generates a default route into RIP . rip authentication Enables authentication for RIP Version 2 packets and specifies the authentication type.
Page 42: Spanning Tree Commands
snmp-server user Creates or updates an SNMP server view entry. snmp-server group Configures a new SNMP group or a table that maps SNMP users to SNMP views. snmp-server user Configures a new SNMP Version 3 user. snmp-server v3-host Specifies the SNMP engine ID on the local device. snmp-server filter Creates or updates an SNMP server filter entry.
Page 43: Ssh Commands
spanning-tree mst priority Configures the switch priority for the specified spanning tree instance. spanning-tree mst max-hops Configures the number of hops in an MST region before the BDPU is discarded and port information is aged out. spanning-tree mst port-priority Configures port priority. spanning-tree mst cost configures the path cost for multiple spanning tree (MST) calculations spanning-tree mst configuration...
Page 44: Syslog Commands
Syslog Commands Command Group Description Mode logging on Controls error messages logging. logging Logs messages to a syslog server. logging console Limits messages logged to the console based on severity. logging buffered Limits syslog messages displayed from an internal buffer based on severity.
Page 45: Tacacs+ Commands
traceroute Discovers the IP routes that packets actually take when travelling to their destinations. telnet Logs into a host that supports Telnet. resume Switches to another open Telnet session. TACACS+ Commands Command Group Description Mode tacacs-server host Specifies a TACACS+ server host. tacacs-server key Sets the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon.
Page 46: Vlan Commands
VLAN Commands Command Group Description Mode vlan database Enters the VLAN database configuration mode. vlan Creates a VLAN. interface vlan Enters the interface configuration (VLAN) mode. interface range vlan Enters the interface configuration mode to configure multiple VLANs. name Configures a name to a VLAN. switchport mode Configures the VLAN membership mode of a port.
Page 47: Vrrp Commands
VRRP Commands Command Group Description Mode vrrp ip Defines VRRP for an interface. vrrp up Activates VRRP on an interface. vrrp timer Configures the time between sending advertisements messages. vrrp priority Configures VRRP priority on an interface. vrrp source-ip Defines the source IP address used for VRRP messages on an interface. vrrp authentication Enables authentication for the VRRP on an interface.
Page 48: 802.1X Commands
802.1x Commands Command Group Description Mode aaa authentication dot1x Specifies one or more authentication, authorization and accounting (AAA) methods for use on interfaces running IEEE802.1X. dot1x system-auth-control Enables 802.1x globally. dot1x port-control Enables manual control of the authorization state of the port. dot1x re-authentication Enables periodic re-authentication of the client.
Page 49: Using The Cli
Using the CLI This chapter describes how to start using the CLI and describes implemented command editing features to assist in using the CLI. CLI Command Modes Introduction To assist in configuring devices, the CLI command-line interface is divided into different command modes.
Page 50 When starting a session, the initial mode is the User EXEC mode. Only a limited subset of commands are available in this mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required. The Privileged EXEC mode provides access to commands that are restricted on the User EXEC mode level and permits access to the device Configuration mode.
Page 51 To return from the Privileged EXEC mode to the User EXEC mode, use the disable command. The following example illustrates how to access the Privileged EXEC mode and return to the User EXEC mode: Console>enable Enter Password: ****** Console # Console # disable Console>...
Page 52 Interface Configuration Mode and Specific Configuration Modes Interface configuration modes are used to modify specific interface operations. The following are the Interface Configuration modes: • Line Interface—Contains commands to configure the management connections. These include commands such as line speed, timeout settings, etc. The Global Configuration mode command line is used to enter the line configuration command mode.
Page 53: Starting The Cli
• Key-Chain—Identifies a group of keys. The Global Configuration mode command key-chain is used to enter the key-chain configuration mode. • Global Configuration mode command interface ip is used to enter the Interface IP Configuration mode. Starting the CLI The switch can be managed over a direct connection to the switch console port, or via a Telnet connection.
Page 54 To enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter: Console(config)# username admin password smith When working with the CLI, the command options are not displayed. The command is not selected by a menu but is manually entered.
Page 55 Negating the Effect of Commands For many configuration commands, the prefix keyword no can be entered to cancel the effect of a command or reset the configuration to the default value. This guide describes the negation effect for all applicable commands. Command Completion If a command is entered and it is not complete, if the command is invalid, or if some parameters of the command are invalid or missing, the appropriate error message is displayed.
Page 56 CLI Command Conventions When entering commands there are certain command entry standards which apply to all commands. The following table describes the command conventions. Convention Description In a command line, square brackets indicates an optional entry. In a command line, curly brackets indicates a selection of compulsory parameters separated by the \ character.
Page 57: Aaa Commands
AAA Commands aaa authentication login The aaa authentication login global configuration command defines login authentication. To return to the default configuration, use the no form of this command. Syntax aaa authentication login {default | list-name} method1 [method2...] no aaa authentication login {default | list-name} •...
Page 58: Aaa Authentication Enable
Create a list by entering the aaa authentication login list-name method command for a particular protocol, where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.
Page 59: Login Authentication
radius Uses the list of all RADIUS servers for authentication. Uses username "$enabx$." where x is the privilege level. Default Configuration If the default list is not set, only the enable password is checked. This has the same effect as the command aaa authentication enable default enable.
Page 60: Enable Authentication
Syntax login authentication {default | list-name} no login authentication • default—Uses the default list created with the authentication login command. • list-name—Uses the indicated list created with the authentication login command. Default Configuration Uses the default set with the command authentication login. Command Mode Line Configuration mode User Guidelines...
Page 61: Ip Http Authentication
User Guidelines There are no user guidelines for this command. Example The following example specifies the default authentication method when accessing a higher privilege level from a remote Telnet or console. Console (config)# line console Console (config-line)# enable authentication default ip http authentication The ip http authentication global configuration mode command specifies authentication methods for http.
Page 62: Ip Https Authentication
Example The following example configures the http authentication. Console (config)# ip http authentication radius local ip https authentication The ip https authentication global configuration command specifies authentication methods for https servers. To return to the default configuration, use the no form of this command. Syntax ip https authentication method1 [method2...] no ip https authentication...
Page 63: Password
User Guidelines If an encrypted password is specified on a line, the required password length is 32 characters. Example The following example specifies a password "dell" on a line. Console (config-line)# password dell enable password The enable password global configuration command sets a local password to control access to normal and privilege levels.
Page 64: Username
If an encrypted password is specified on a line, the range of the password length changes to 1- 32 characters. Example The following example defines local level 15 password "dell" to control access to user and privilege levels. Console (config)# enable password level 15 dell username The username global configuration command establishes a username-based authentication system.
Page 65: Passwords Min-Length
The password age out time begins from the first time the password is entered. For example, to change a privilege level for a user, the network administrator redefines the same password. Passwords are aged out based on the initial time definitions for the original username/password.
Page 66: Password-Aging
password-aging The password-aging line configuration command configures the expiration time of line passwords in the local database. To return to the default configuration, use the no form of this command. Syntax password-aging days no password-aging • days—The number of days before a password expires (Range: 1-365). Default Configuration No password expiration time.
Page 67: Passwords History
no passwords aging enable-password level • name—The name of the user (Range: 1-20 characters). • level—The user level (Range: 1 -15). • days—The number of days before a password expires (Range: 1-365). · Default Configuration No password expiration time. Command Mode Global Configuration mode User Guidelines The password expiration date is calculated from the day the password is defined, and not from...
Page 68: Passwords History Hold-Time
Command Mode Global Configuration mode User Guidelines Relevant to local user passwords, line passwords and enable passwords. Password history is not checked during the configuration download. Password history is saved even if the the feature is disabled. A user’s password history is saved as long as the user is defined. The password age out time begins from the first time the password is entered.
Page 69: Aaa Login-History File
User Guidelines Relevant to local user passwords, line passwords and enable passwords. Passwords are not deleted from the history database when they are no longer relevant for tracking purposes. Increasing the number of days a password is relevant for tracking purposes, may make a password that was no longer relevant for tracking purposes relevant again.
Page 70: Set Line Active
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example reactivates a suspended user with username "bob". Console # set username bob active set line active The set line active privileged EXEC command reactivates a locked line.
Page 71: Set Enable-Password Active
set enable-password active The set enable-password active privileged EXEC command reactivates a locked local password. Syntax set enable-password level active • level—The user level (Range: 1 -15). Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 72: Show Users Accounts
Example The following example displays the authentication configuration. Console# show authentication methods Login Authentication Method Lists ---------------------------------- Console_Default : None Network_Default : Local Enable Authentication Method Lists ---------------------------------- Default : Enable admin : Enable Line Login Method List Enable Method List ------- ----------------- -------------------...
Page 73: Show Passwords Configuration
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the local users configured with access to the system. Console# show users accounts Username Privilege Password Aging Password Expiry Lockout date...
Page 74 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays information about password management in the local database. Console # show passwords configuration Minimal length: 8 History: 10 History hold time: 365 days...
Page 75: Show Users Login-History
The following table describes significant fields shown above. Field Description Minimal length Minimum length required for passwords in the local database. History Number of required passwords changes before a password in the local database can be reused. History hold time Period of time that a password is relevant for tracking password history.
Page 76 Example The following example displays the login history of users. Console # show users login-history Login Time Username Protocol Location -------------- -------- -------- -------- Jan 18 2005 23:58:17 Robert HTTP 172.16.1.8 Jan 19 2005 07:59:23 Robert HTTP 172.16.0.8 Jan 19 2005 08:23:48 Serial Jan 19 2005 08:29:29 Robert...
Page 77: Acl Commands
ACLs cannot be removed when they are assigned to an interface (using service-acl command). The ip access-list command enters the IP-access list configuration mode. Example The following example creates an ACL with the name "Dell". Console (config)# ip access-list Dell Console (config-ip-al)# permit (IP) The permit ip access-list configuration mode command allows traffic if the conditions defined in the permit statement are matched.
Page 78 Syntax permit {any | protocol-ip} {any | source source-wildcard } {any | destination destination- wildcard } [dscp dscp-number | ip-precedence ip-precedence] permit-tcp {any | source source-wildcard } {any | source-port} {any | destination destination-wildcard } {any | destination-port} [dscp dscp-number | ip-precedence ip- precedence] permit-udp {any | source source-wildcard } {any | source-port} {any | destination destination-wildcard } {any | destination-port} [dscp dscp-number | ip-precedence ip-...
Page 79: Deny (Ip)
IP (e.g., TCP, UDP, etc.) are "permitted" . Example The following example configures an ACE called "Dell" to allow RSVP protocol traffic from IP address 12.1.1.1, mask 0.0.0.0 and DSCP 56. Console (config)# ip access-list Dell Console (config-ip-al)# permit rsvp 12.1.1.1 0.0.0.0 any dscp 56...
Page 80: Mac Access-List
Using "any" specifies that all IP protocols are denied. The deny "any" does not imply that other protocols running over IP (for example, TCP, UDP, etc.) are "denied". Example The following example configures an ACL called "Dell" to deny any IP traffic to address 192.1.1.10 and mask 0.0.0.255. Console (config)# ip access-list Dell Console (config-ip-al)# deny any 192.1.1.10 0.0.0.255 any...
Page 81: Permit (Mac)
MAC named lists are used with VLAN maps and class maps. Entering the mac access-list command enables the MAC-access list configuration mode. Example The following example creates a MAC ACL with the name "dell". Console (config)# mac access-list dell Console (config-mac-al)#...
Page 82: Deny (Mac)
User Guidelines When an access control entry (ACE) is added to an access control list, an implied deny-any- any condition exists at the end of the list. If there are no matches, the packets are denied. However, before the first ACE is added, the list permits all packets. If vlan id is used as a classifier element then it cannot connect a policy map to a VLAN interface.
Page 83: Service-Acl
ACL Y is bound, then the ACL Y bound to the VLAN overrides the ACL X bound to the port. Example The following example attaches the ACL "dell" to the interface input. Console (config-if)# service-acl input dell ACL Commands...
Page 84: Show Access-Lists
show access-lists The show access-lists privileged EXEC command displays access control lists (ACLs) defined on the switch. Syntax show access-lists [name] • name—The ACL name. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 85 Syntax show interfaces access-lists [ethernet interface | vlan vlan-id | port-channel port-channel- number] • interface—Port number. • vlan-id—VLAN number. • port-channel-number—port-channel index. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays an ACL configured on the device.
Page 86 ACL Commands...
Page 87: Address Table Commands
Address Table Commands bridge address The bridge address VLAN interface configuration command adds a static MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of the bridge address command (using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN).
Page 88: Bridge Multicast Filtering
Example The following example adds a permanent static MAC-layer station source address 3aa2.64b3.a245 on port g8 to the bridge table. Console (config)# interface vlan 2 Console (config-vlan)# bridge address 3aa2.64b3.a245 ethernet g8 permanent bridge multicast filtering The bridge multicast filtering global configuration command enables filtering of Multicast addresses.
Page 89: Bridge Multicast Forbidden Address
bridge multicast address {mac-multicast-address | ip-multicast-address} [add | remove] {ethernet interface-list | port-channel port-channel-number-list} no bridge multicast address {mac-multicast-address | ip-multicast-address} • add—Adds ports to the group. If no option is specified, this is the default option. • remove—Removes ports from the group. •...
Page 90: Bridge Multicast Forward-All
Syntax bridge multicast forbidden address {mac-multicast-address | ip-multicast-address} {add | remove} {ethernet interface-list | port-channel port-channel-number-list} no bridge multicast forbidden address {mac-multicast-address | ip-multicast-address} • add—Adds ports to the group. • remove—Removes ports from the group. • mac-multicast-address—MAC Multicast address. •...
Page 91: Bridge Multicast Forbidden Forward-All
no bridge multicast forward-all • add—Adds ports to the group. • remove—Removes ports from the group. • interface-list—Separate non consecutive valid Ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports. • port-channel-number-list—Separate non consecutive valid port-channels with a comma and no spaces;...
Page 92: Bridge Aging-Time
Default Configuration By default, this setting is disabled (for example, forwarding to the port is not forbidden). Command Mode Interface Configuration (VLAN) mode User Guidelines IGMP snooping dynamically discovers Multicast router ports. When a Multicast router port is discovered, all the Multicast packets are forwarded to it unconditionally. This command prevents a port to be a Multicast router port.
Page 93: Clear Bridge
clear bridge The clear bridge privileged EXEC command removes any learned entries from the forwarding database. Syntax clear bridge • This command has no keywords or arguments. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 94: Port Security Routed Secure-Address
Default Configuration Disabled - No port security Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example In this example, frame forwarding is enabled without learning, and with traps sent every 100 seconds on port g1.
Page 95: Show Bridge Address-Table
Example In this example, the MAC-layer address 66:66:66:66:66:66 is added to port g1. Console (config)# interface ethernet g1 Console (config-if)# port security routed secure-address 66:66:66:66:66:66 show bridge address-table The show bridge address-table privileged EXEC command displays all entries in the bridge- forwarding database.
Page 96: Show Bridge Address-Table Static
Example In this example, all classes of entries in the bridge-forwarding database are displayed. Console# show bridge address-table Aging time is 300 sec vlan mac address port type ---- -------------- ----- ----- 1 0060.704C.73FF g8 dynamic 1 0060.708C.73FF g8 dynamic 0010.0D48.37FF g8 static show bridge address-table static The show bridge address-table static privileged EXEC command displays statically created entries...
Page 97: Show Bridge Multicast Address-Table
Example In this example, all static entries in the bridge-forwarding database are displayed. Console# show bridge address-table static Aging time is 300 sec vlan mac address port type ---- -------------- ----- ----- 00.60.70.4C.73.FF g8 permanent 00.60.70.8C.73.FF g8 delete-on-timeout 00.10.0D.48.37.FF g9 delete-on-reset show bridge multicast address-table The show bridge multicast address-table privileged EXEC command displays Multicast MAC...
Page 98: Show Bridge Multicast Filtering
Example In this example, Multicast MAC address table information is displayed. Console # show bridge multicast address-table Vlan MAC address Type Ports ------ ----------------------- -------- ------------- 01.00.5e.02.02.03 staticg1 01.00.5e.02.02.08 static g1-8 01.00.5e.02.02.08 dynamicg 9-11 Forbidden ports for multicast addresses: Vlan MAC address Ports ------...
Page 99: Show Ports Security
Example In this example, the Multicast configuration for VLAN 1 is displayed. Console # show bridge multicast filtering 1 Filtering: Enabled VLAN: 1 Port Forward-All Static Status ---- ------ ------ Forbidden Filter Forward Forward(s) Forward(s) show ports security The show ports security privileged EXEC command displays the port-lock status. Syntax show ports security [ethernet interface | port-channel port-channel-number] •...
Page 100 Example In this example, all classes of entries in the port-lock status are displayed. Console # show ports security Port Status Action Trap Frequency Counter ---- ------ ------ ---- --------- ------- Unlocked Unlocked Unlocked Unlocked Unlocked Unlocked Unlocked Unlocked Unlocked Unlocked Unlocked Unlocked...
Page 101: Clock
Clock clock source The clock source global configuration command configures the external time source for the system clock. To disable the external time source and use the hardware internal clock, use the no form of this command. Syntax clock source sntp no clock source Default Configuration No external clock source.
Page 102: Clock Summer-Time
Command Mode Global Configuration mode User Guidelines The system internally keeps time in UTC, so this command is used only for display purposes and when the time is manually set. Examples The following example sets the timezone to 6 hours difference from UTC. Console(config) clock timezone -6 zone CST clock summer-time...
Page 103: Sntp Authentication-Key
• offset — Number of minutes to add during summer time (Range: 1 - 1440). • acronym — The acronym of the time zone to be displayed when summer time is in effect. If unspecified default to the timezone acronym. (Range: Up to 4 characters) Default Configuration Summer time is disabled.
Page 104: Sntp Authenticate
Syntax sntp authentication-key number md5 value no sntp authentication-key number • number — Key number (Range: 1 - 4294967295) • value — Key value (Range: 1-8 characters) Default Configuration No authentication key is defined. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Page 105: Sntp Trusted-Key
Examples The following example defines the authentication key for SNTP and grants authentication. Console(config)# sntp authentication-key 8 md5 ClkKey Console(config)# sntp trusted-key 8 Console(config)# sntp authenticate sntp trusted-key The sntp trusted-key global configuration command authenticates the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize.
Page 106: Sntp Client Poll Timer
sntp client poll timer The sntp client poll timer global configuration command sets the polling time for the Simple Network Time Protocol (SNTP) client. To return to default, use the no form of this command. Syntax sntp client poll timer seconds no sntp client poll timer •...
Page 107: Sntp Anycast Client Enable
User Guidelines Use the sntp client enable interface configuration command to enable SNTP clients on a specific interface. Examples The following example enables Broadcast clients. Console(config)# sntp broadcast client enable sntp anycast client enable The sntp anycast client enable global configuration command enables Simple Network Time Protocol (SNTP) Anycast clients.
Page 108: Sntp Unicast Client Enable
Syntax sntp client enable no sntp client enable Default Configuration Client is disabled on an interface. Command Mode Interface Configuration (Ethernet, port-channel, VLAN) mode User Guidelines Use the sntp broadcast client enable global configuration command to enable Broadcast clients globally. Use the sntp anycast client enable global configuration command to enable Anycast clients globally.
Page 109: Sntp Unicast Client Poll
Examples The following example enables the device to use Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from servers. Console(config)# sntp unicast client enable sntp unicast client poll The sntp unicast client poll global configuration command enables polling for Simple Network Time Protocol (SNTP) predefined Unicast servers.
Page 110: Show Clock
• hostname — Hostname of the server. (Range: 1-158 characters) • poll — Enable polling. • keyid — Authentication key to use when sending packets to this peer. (Range:1-4294967295) Default Configuration No servers are defined. Command Mode Global Configuration mode User Guidelines Up to 8 SNTP servers can be defined.
Page 111 User Guidelines The symbol that precedes the show clock display indicates the following: Symbol Description Time is not authoritative. (blank) Time is authoritative. Time is authoritative, but SNTP is not synchronized. Example The following example displays the time and date from the system clock. Console>...
Page 112: Show Sntp Configuration
show sntp configuration The show sntp configuration privileged EXEC command shows the configuration of the Simple Network Time Protocol (SNTP). Syntax show sntp configuration Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays the current SNTP configuration of the device.
Page 113: Show Sntp Status
Server Polling Encryption Key ---------- -------- ----------------- 10.1.1.91 Enabled Broadcast Clients: Enabled Anycast Clients: Enabled Broadcast and Anycast Interfaces: g1, g3 show sntp status The show sntp status privileged EXEC command shows the status of the Simple Network Time Protocol (SNTP). Syntax show sntp status Default Configuration...
Page 114 OOB unicast servers: Server Status Last response Offset Delay [mSec] [mSec] --------- ------ --------------- ----- ------ 176.1.1.8 Unknown 19:19:51.198 PDT Feb 19 2005 2.98 129.19 Anycast server: Server Interface Status Last response Offset Delay [mSec] [mSec] --------- ------- ----- ------------- ------ ----- 176.1.11.8...
Page 115: Dhcp Relay Commands
DHCP Relay Commands ip dhcp relay enable The ip dhcp relay enable global configuration command enables Dynamic Host Configuration Protocol (DHCP) relay agent features on the router. To disable the relay agent features, use the no form of this command. Syntax ip dhcp relay enable no ip dhcp relay enable...
Page 116: Show Ip Dhcp Relay
Command Mode Global Configuration mode User Guidelines If no IP address is specified when using the no form of the command, all configured servers are removed. Example The following example defines the DHCP server with the address 172.16.1.1 to be available for DHCP address.
Page 117: Configuration And Image Files
Configuration and Image Files configure The configure privileged EXEC command enters the global configuration mode. Syntax configure Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no default configuration. Example In the following example, because no keyword is entered, a prompt is displayed. After the keyword is selected, a message confirming the command entry method is displayed.
Page 118 The following table displays keywords aliases to URL: Keyword Source or destination running-config Represents the current running configuration file. startup-config Represents the startup configuration file. backup-config Represents the backup configuration file. image The image is executable code which is decompressed during system startup, into the switching and routing software that manages the device.
Page 119 Understanding Invalid Combinations of Source and Destination Some invalid combinations of source and destination exist. Specifically, the following cannot be copied: • If the source file and destination file are the same file. • xmodem cannot be a destination. Can only be copied to image, boot and null. •...
Page 120 Saving the Running Configuration to the Startup Configuration Use the copy running-config startup-config command to copy the "running configuration" to the "startup configuration". Backup the Running Configuration or Startup Configuration to the Backup Configuration Use the copy running-config backup-config command to backup the "running configuration" to the "backup configuration"...
Page 121: Delete Startup-Config
Example The following example copies a configuration file named configfile from a TFTP server on the out- of-band port with an IP address of 172.16.1.1 to the startup-config file. Router# copy tftp://oob/172.16.1.1/file1 startup-config Accessing file 'configfile' on oob/172.16.1.1... Loading file1 from oob/172.16.1.1: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Page 122: Show Running-Config
Syntax boot system {image-1 | image-2} • image-1—Specifies image 1 as the system startup image. • image-2—Specifies image 2 as the system startup image. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines Use the show bootvar command to find out which image is the active image. Examples The following example loads system image 1 for the next device startup.
Page 123: Show Startup-Config
Examples The following example displays the contents of the running-config file. Console# show running-config Router Configuration --------------------- no spanning-tree interface ethernet g1 ip address 16.1.1.3 255.0.0.0 exit radius-server host 16.1.1.200 auth-port 1812 key da aaa authentication enable 12 radius aaa authentication login 123 radius line telnet login authentication 123 enable authentication 12...
Page 124 Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays the contents of the startup-config file. Console# show startup-config Router Configuration ----------------------------- Empty configuration OOB host Configuration ----------------------------- Empty configuration _____________________________ Default settings: _____________________________...
Page 125 Gigabit Ethernet Ports ----------------------------- no shutdown speed 1000 duplex full negotiation flow-control off mdix auto no back-pressure interface vlan 1 interface port-channel 1 - 7 no router RIP no router OSPF enable spanning-tree spanning-tree mode STP qos basic Configuration and Image Files...
Page 126: Show Backup-Config
OOB host Configuration ------------------------- interface out-of-band-eth no shutdown speed 100 duplex full negotiation flow-control off mdix auto no back-pressure exit show backup-config The show backup-config privileged EXEC command displays the backup configuration file contents. Syntax show backup-config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 127: Show Bootvar
Examples The following example displays the contents of the backup-config file. Console# show backup-config no spanning-tree interface ethernet g12 ip address 12.1.1.1 255.0.0.0 exit show bootvar The show bootvar privileged EXEC command displays the active system image file that the device loads at startup.
Page 128 Configuration and Image Files...
Page 129: Ethernet Configuration Commands
Ethernet Configuration Commands interface ethernet The interface ethernet global configuration command enters the interface configuration mode to configure an Ethernet type interface. Syntax interface ethernet interface • interface—Valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Page 130: Interface Out-Of-Band-Eth
Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces. Example The following example shows how ports g18 to g20 and ports g22 to g24 are grouped to receive the same command.
Page 131: Shutdown
shutdown The shutdown interface configuration command disables interfaces. To restart a disabled interface, use the no form of this command. Syntax shutdown no shutdown Default Configuration The interface is enabled. Command Mode Interface Configuration (Ethernet, port-channel, Out-of-Band Ethernet) mode User Guidelines There are no user guidelines for this command.
Page 132: Speed
Command Mode Interface Configuration (Ethernet, port-channel, Out-of-Band Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example adds a description to the Ethernet g5. Console(config)# interface ethernet g5 Console(config-if)# description RD_SW#3 speed The speed interface configuration command configures the speed of a given Ethernet interface when not using auto-negotiation.
Page 133: Duplex
Example The following example configures the speed operation of Ethernet g5 to force 100-Mbps operation. Console(config)# interface ethernet g5 Console(config-if)# speed 100 duplex The duplex interface configuration command configures the full/half duplex operation of a given Ethernet interface when not using auto-negotiation. To restore the default, use the no form of this command.
Page 134: Negotiation
negotiation The negotiation interface configuration command enables auto-negotiation operation for the speed and duplex parameters of a given interface. To disable negotiation, use the no form of this command. Syntax negotiation [capability1 [capability2…capability5]] no negotiation • capabilities—Port capabilities to be advertised. (Possible values: 10h, 10f, 100h, 100f and 1000f) Default Configuration auto-negotiation with all capabilities...
Page 135: Mdix
• off—Disables Flow Control. Default Configuration Flow Control is off. Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines Flow Control will operate only if duplex mode is set to FULL. Back Pressure will operate only if duplex mode is set to HALF. When Flow Control is ON, the head-of-line-blocking mechanism of this port is disabled.
Page 136: Back-Pressure
Example In the following example, automatic crossover is enabled on g5. Console(config)# interface ethernet g5 Console(config-if)# mdix auto back-pressure The back-pressure interface configuration command enables Back Pressure on a given interface. To disable Back Pressure, use the no form of this command. Syntax back-pressure no back-pressure...
Page 137: Port Jumbo-Frame
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example In the following example, Jumbo Frames are enabled on the device. Console(config)# port jumbo-frame clear counters The clear counters user EXEC mode command clears statistics on an interface. Syntax clear counters [ethernet interface | port-channel port-channel-number] •...
Page 138: Show Interfaces Configuration
• port-channel-number—Valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode Privilege EXEC mode User Guidelines There are no user guidelines for this command. Example The following example activates interface g9, which is disabled. Console# set interface active ethernet g9 show interfaces configuration The show interfaces configuration Privilege EXEC mode command displays the configuration for all configured interfaces.
Page 139 Example The following example displays the configuration for all configured interfaces: Console# show interfaces configuration Flow Admin Back Mdix Port Type Duplex Speed Neg control State Pressure Mode ........................1G-Copper Full 1000 Enabled Off Disabled Auto 1G-Copper Full 1000 Enabled Off Disabled Auto...
Page 140: Show Interfaces Status
The displayed port configuration information includes the following: • Port—The port number. • Port Type—The port designated IEEE shorthand identifier. For example 1000Base-T refers to 1000 Mbps baseband signaling inluding both Tx and Rx transmissions. • Duplex—Displays the port Duplex status. •...
Page 141 Console# show interfaces status Flow Link Back Mdix Port Type Duplex Speed Neg control State Pressure Mode 1G-Copper Down 1G-Copper Down 1G-Copper Down 1G-Copper Down 1G-Copper Down 1G-Copper Down 1G-Copper Down 1G-Copper Down 1G-Combo-C Down 1G-Combo-C Down 1G-Combo-C Down Flow Link Back Type...
Page 142: Show Interfaces Description
The displayed port status information includes the following: • Port—The port number. • Description—If the port has a description, the description is displayed. • Port Type—The port designated IEEE shorthand identifier. For example, 1000Base-T refers to 1000 Mbps baseband signaling inluding both Tx and Rx transmissions. •...
Page 143: Show Interfaces Counters
Example The following example displays the description for the interface g1. Console# show interfaces description ethernet g1 Port Description ....connect_to_server show interfaces counters The show interfaces counters user EXEC command displays traffic seen by the physical interface. Syntax show interfaces counters [ethernet interface | port-channel port-channel-number] •...
Page 144 Examples The following example displays traffic seen by the physical interface: Console# show interfaces counters Port InOctets InUcastPkts InMcastPkts InBcastPkts ----------- ---------- ----------- ----------- ------------ Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts ----------- ---------- ------------ ------------ ------------ InOctets InUcastPkts InMcastPkts InBcastPkts ----------- --------- ----------- ----------- ----------- OutOctets OutUcastPkts OutMcastPkts OutBcastPkts ---------- ---------- ------------ ------------ ------------...
Page 145 The following example displays counters for port g1. Console# show interfaces counters ethernet g1 Port InOctets InUcastPkts InMcastPkts InBcastPkts -------- ---------- ----------- ----------- ----------- Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts -------- ---------- ------------ ------------ ------------ FCS Errors: 0 Single Collision Frames: 0 Late Collisions: 0 Excessive Collisions: 0 Internal MAC Tx Errors: 0...
Page 146: Show Ports Jumbo-Frame
Single Collision Frames Counted frames that are involved in a single collision, and are subsequently transmitted successfully. Late Collisions Counted times that a collision is detected later than one slotTime into the transmission of a packet. Excessive Collisions Counted frames for which transmission fails due to excessive collisions. Internal MAC Tx Errors Counted frames for which transmission fails due to an internal MAC sublayer transmit error.
Page 147: Port Storm-Control Include-Multicast
port storm-control include-multicast The port storm-control include-multicast global configuration command enables the device to count Multicast packets together with Broadcast packets. To disable counting of Multicast packets, use the no form of this command. Syntax port storm-control include-multicast no port storm-control include-multicast Default Configuration Multicast packets are not counted.
Page 148: Port Storm-Control Broadcast Rate
User Guidelines Use the port storm-control broadcast rate interface configuration command, to set the maximum allowable Broadcast rate. Multicast can be counted as part of the "storm" frames if the port storm-control include- multicast global configuration command is already executed. Example The following example enables Broadcast storm control on port g5.
Page 149: Show Ports Storm-Control
show ports storm-control The show ports storm-control privileged EXEC command displays the storm control configuration. Syntax show ports storm-control [interface] • interface—A valid Ethernet port. Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 150 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays information about auto negoiation advertisement. Console# show interfaces advertise Port Type Operational Link Advertisement ---- -------- ------- ------------------------------...
Page 151: Gvrp Commands
GVRP Commands gvrp enable (global) GVRP, or GARP VLAN Registration Protocol, is an industry-standard protocol designed to propagate VLAN information from device to device. With GVRP, a single switch is manually configured with all desired VLANs for the network, and all other switches on the network learn these VLANs dynamically.
Page 152: Garp Timer
Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines An access port would not dynamically join a VLAN because it is always a member in only one VLAN. Example The following example enables GVRP on ethernet g8. Console (config)# interface ethernet g8 Console (config-if)# gvrp enable garp timer The garp timer interface configuration command adjusts the GARP application join, leave, and...
Page 153: Gvrp Vlan-Creation-Forbid
User Guidelines The following relationship for the various timer values must be maintained: • Leave time must be greater than or equal to three times the join time. • Leaveall time must be greater than the leave time. Set the same GARP timer values on all Layer 2-connected devices. If the GARP timers are set differently on Layer 2-connected devices, GARP application will not operate successfully.
Page 154: Gvrp Registration-Forbid
Example The following example disables dynamic VLAN creation on port g8. Console (config)# interface ethernet g8 Console (config-if)# gvrp vlan-creation-forbid gvrp registration-forbid The gvrp registration-forbid interface configuration command de-registers all dynamic VLANs, and prevents dynamic VLAN registration on the port. To allow dynamic registering for VLANs on a port, use the no form of this command.
Page 155: Show Gvrp Configuration
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example clears all the GVRP statistics information on port g8. Console# clear gvrp statistics ethernet g8 show gvrp configuration The show gvrp configuration User EXEC command displays GVRP configuration information, including timer values, whether GVRP and dynamic VLAN creation is enabled, and which ports are...
Page 156 Console# show gvrp statistics GVRP statistics: ---------------- Legend: : Join Empty Received rJIn : Join In Received rEmp : Empty Received rLIn : Leave In Received : Leave Empty Received : Leave All Received : Join Empty Sent sJIn : Join In Sent sEmp : Empty Sent sLIn : Leave In Sent : Leave Empty Sent...
Page 157: Show Gvrp Statistics
Console# show gvrp configuration GVRP Feature is currently enabled on the switch. Maximum VLANs: 256, Maximum VLANs after reset: 256. Port GVRP- Regist- Dynamic Timers Crea- Join Leave Leave- Status ration VLAN (milli- tion seconds) ---- ------ ------ ------- -------- ----- ---- ----- -----...
Page 158 Syntax show gvrp error-statistics [ethernet interface | port-channel port-channel-number] • interface—Valid Ethernet interface. • port-channel-number—A valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays GVRP statistics information.
Page 159: Ip Addressing Commands
IP Addressing Commands ip address The ip address interface configuration command sets an IP address. To remove an IP address, use the no form of this command. Syntax ip address ip-address {mask | prefix-length} no ip address [ip-address] • ip-address—IP address mask—The IP address network mask •...
Page 160: Ip Address Dhcp
ip address dhcp The ip address dhcp interface configuration command acquires an IP address on an interface from the Dynamic Host Configuration Protocol (DHCP) server. To deconfigure any acquired address, use the no form of this command. The no ip address dhcp command deconfigures any IP address that was acquired, thus sending a DHCPRELEASE message.
Page 161: Ip Default-Gateway
Example The following example acquires an IP address on an Ethernet interface from DHCP. Console (config)# interface ethernet g8 Console (config-if)# ip address dhcp ip default-gateway The ip default-gateway global configuration command defines a default gateway (router). To remove the default gateway use the no form of this command. Syntax ip default-gateway ip-address no ip default-gateway...
Page 162: Arp
Syntax show ip interface [ethernet interface-number | vlan vlan-id | port-channel number | out-of- band-eth oob-interface]] • ethernet interface-number—Ethernet port number. • vlan vlan-id—VLAN number. • port-channel number—Port-channel number. • out-of-band-eth oob-interface—Out-of-band Ethernet port number. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines...
Page 163: Arp Timeout
Command Mode Global Configuration mode User Guidelines The software uses ARP cache entries to translate 32-bit IP addresses into 48-bit hardware addresses. Because most hosts support dynamic resolution, static ARP cache entries do not need to be specified. Example The following example adds the IP address 198.133.219.232 and MAC address 00-00-0c-40-0f-bc to the ARP table.
Page 164: Ip Proxy-Arp
ip proxy-arp The ip proxy-arp global configuration command enables ARP proxy. To disable ARP, use the no form of this command. Syntax ip proxy-arp no ip proxy-arp Default Configuration By default ARP proxy is disabled. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Page 165: Show Arp
show arp The show arp privileged EXEC command displays entries in the ARP table. Syntax show arp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines To enter an out-of-band IP interface, use the out-of-band IP address format — oob/ip- address.
Page 166: Broadcast-Address
Command Mode IP Interface Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables the translation of directed broadcasts to physical broadcasts on IP interface 1.0.0.1. Console(config)# interface ip 1.0.0.1 Console(config-ip)# directed-broadcast broadcast-address The broadcast-address interface configuration command defines an interface Broadcast address.
Page 167: Ip Helper-Address
ip helper-address Use the Global Configuration ip helper-address command to have the device forward User Datagram Protocol (UDP) broadcasts received on an interface. To disable the forwarding of broadcast packets to specific addresses, use the no form of this command. ip helper-address ip-interface address [udp-port-list] no ip helper-address ip-interface address Syntax Description...
Page 168: Helper-Address
Example Console(config)#ip helper address 100.10.1.1 helper-address The helper-address interface configuration command enables forwarding User Datagram Protocol (UDP) Broadcast packets received on an interface. To disable forwarding Broadcast packets to specific addresses, use the no form of this command. Syntax helper-address address [udp-port-list] no helper-address address •...
Page 169: Show Ip Helper-Address
The helper-address interface configuration command does not enable forwarding packets using BOOTP/DHCP. To forward packets using BOOTP/DHCP, use the ip dhcp relay enable and ip dhcp relay address global configuration commands and the show ip dhcp relay privileged EXEC command. Example The following example enables the software to forward UDP broadcasts on interface 1.100.100.0 to IP address 172.16.9.9 to ports 49 and 53.
Page 170: Ip Domain-Lookup
ip domain-lookup The ip domain-lookup global configuration command enables IP Domain Naming System (DNS)- based host name-to-address translation. To disable the DNS, use the no form of this command. Syntax ip domain-lookup no ip domain-lookup Default Configuration The DNS is enabled. Command Mode Global Configuraton mode User Guidelines...
Page 171: Ip Name-Server
User Guidelines There are no user guidelines for this command. Example The following example defines a default domain name of dell.com: Console(config)# ip domain-name dell.com ip name-server The ip name-server global configuration command defines available name servers. To delete a name server, use the no form of this command.
Page 172: Clear Host
To define an Out-of-Band IP address, use the following format: oob/ip-address. Example The following example defines a static host name-to-address mapping in the host cache: Console(config)# ip host accounting.dell.com 176.10.23.1 clear host The clear host privileged EXEC command deletes entries from the host name-to-address cache.
Page 173: Clear Host Dhcp
Example The following example deletes all entries from the host name-to-address cache: Console# clear host * clear host dhcp The clear host dhcp privileged EXEC command deletes entries from the DHCP host name-to- address mapping cache. Syntax clear host dhcp {name address |*} •...
Page 174 Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays information about IP hosts. Console> show hosts Host name: Device Default domain: gm.com, sales.gm.COM, usa.sales.gm.com(DHCP) Name/address lookup is enabled Name servers (Preference order): 176.16.1.18 176.16.1.19 Configured host name-to-address mapping: Host Addresses...
Page 175: Igmp Snooping Commands
IGMP Snooping Commands ip igmp snooping (Global) The ip igmp snooping global configuration command enables Internet Group Management Protocol (IGMP) snooping. To disable IGMP snooping use the no form of this command. Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled.
Page 176: Ip Igmp Snooping Mrouter
User Guidelines IGMP snooping can only be enabled on static VLANs. Example The following example enables IGMP snooping on VLAN 2. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping ip igmp snooping mrouter The ip igmp snooping mrouter interface configuration command enables automatic learning of Multicast router ports in the context of a specific VLAN.
Page 177: Ip Igmp Snooping Mrouter-Time-Out
Syntax ip igmp snooping host-time-out time-out no ip igmp snooping host-time-out time-out—Host timeout in seconds. (Range: 1 - 2147483647) • Default Configuration The default host-time-out is 260 seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines The timeout should be at least greater than 2*query_interval+max_response_time of the IGMP router.
Page 178: Ip Igmp Snooping Leave-Time-Out
Example The following example configures the mrouter timeout to 200 seconds. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping mrouter-time-out 200 ip igmp snooping leave-time-out The ip igmp snooping leave-time-out command configures the leave-time-out. If an IGMP report for a Multicast group is not received within the leave-time-out period after an IGMP leave was received from a specific port, the current port is deleted from the member list of that Multicast group.
Page 179: Show Ip Igmp Snooping Interface
Syntax show ip igmp snooping mrouter [interface vlan-id] • vlan_id—VLAN ID value. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows IGMP snooping mrouter information. Console # show igmp snooping mrouter VLAN Ports...
Page 180: Show Ip Igmp Snooping Groups
Example The example displays IGMP snooping information. Console # show ip igmp snooping interface 1 IGMP Snooping is globaly disabled IGMP Snooping is disabled on VLAN 1 IGMP host timeout is 260 sec IGMP Immediate leave is disabled. IGMP leave timeout is 10 sec IGMP mrouter timeout is 300 sec Automatic learning of multicast router ports is enabled show ip igmp snooping groups...
Page 181 Example The example shows IGMP snooping information on VLAN 1000. Console # show ip igmp snooping groups Vlan IP Address Querier Ports ---- ------------------ ------- ------------------- 1 224-239.130|2.2.3 Yes g1, g2 19 224-239.130|2.2.8 Yes g9-11 IGMP Snooping Commands...
Page 182 IGMP Snooping Commands...
Page 183: Ip Routing Protocol-Independent Commands
IP Routing Protocol-Independent Commands interface ip The interface ip global configuration command enters the IP interface configuration mode. Syntax interface ip ip-address • ip-address—One of the device IP addresses. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Page 184: Key-Chain
• reject-route—Discard all packets matching this route per RFC-2096, and handle them as reject-route. These routes are treated as unreachable networks, and an ICMP unreachable route is returned. Default Configuration The metric default distance is 1. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Page 185: Key (Key Chain)
Example The following example identifies an authentication keygroup called "M". Console (config)# key-chain M key (key chain) The key key chain configuration command defines an authentication key on a key chain. To remove the key from the key chain, use the no form of this command. Syntax key key-id no key key-id...
Page 186: Key (Global)
key (global) The key global configuration command creates an authentication key. To remove the key, use the no form of this command. Syntax key key-id no key key-id • key-id—An authentication key identification number on a key chain. (Range: 1 - 255) Default Configuration No key exists on the key chain.
Page 187 Default Configuration No key exists. Command Mode SSH public key configuration User Guidelines Use the key-string command to specify which SSH public key to interactively configure next. To complete the interactive command, enter row with no characters. Use the key-string row command to specify SSH public key row by row. Each row must begin with key-string row command.
Page 188: Accept-Lifetime
accept-lifetime The accept-lifetime key chain key configuration command sets the time period during which the authentication key is valid for authenticating incoming packets. To reset to the default value, use the no form of this command. Syntax accept-lifetime infinite start-time accept-lifetime duration start-time seconds accept-lifetime start-time end-time no accept-lifetime [duration | infinite]...
Page 189: Send-Lifetime
Example The following example specifies for key 1, an accept-lifetime range from 13:30:00 Jan 25 2005 for 7200 seconds, and for key 2 an accept-lifetime range from 14:30:00 Jan 25 2005 for 7200 seconds. Console (config)# key 1 Console (config-key)# key-string mountain Console (config-key)# accept-lifetime duration 13:30:00 Jan 25 2005 7200...
Page 190: Ip Maximum-Paths
• seconds—Length of time (in seconds) that the key is valid to be sent. (Range: 1 - 4294967295) Default Configuration There is no time limit, the key is always valid to be sent. Command Mode Key configuration User Guidelines If the last key expires, authentication stops and an error message is generated. Example The following example specifies for key 1, a send-lifetime range from 14:00:00 Jan 25 2005 for 3600 seconds, and for key 2 a send-lifetime range from 15:00:00 Jan 25 2005 for 3600 seconds.
Page 191: Show Ip Route
Command Mode Global Configuration mode User Guidelines The change to IP maximum-paths takes effect after resetting the device. Example The following example defines the maximum number of parallel routes to 2. Console (config)# ip maximum-paths 2 show ip route The show ip route user EXEC command displays the routing table current state. Syntax show ip route [protocol] show ip route address address [mask | prefix-length] [longer-prefixes]...
Page 192 Examples The following example displays the whole routing table state. Console> show ip route Maximum Parallel Paths: 2 (4 after reset) Codes: C - connected, S - static, R - RIP, O - OSPF, E - OSPF external R 10.0.0.0/8 is rejected C 10.0.1.1/32 is directly connected, Loopback0 C 10.0.1.0/24 is directly connected, Ethernet g1 C 10.0.2.0/24 is directly connected, Ethernet g2...
Page 193: Show Ip Protocols
The following example displays the routing table for IP address 192.168.1.0 with the address mask 255.255.255.0 and matching the prefix created from the IP address and address mask. Console> show ip route address 192.168.1.0 255.255.255.0 longer- prefixes Codes: C - connected, S - static, R - RIP, O - OSPF, E - OSPF external S 192.168.1.0/24 [5/3] via 10.0.2.1, 17:12:19, Ethernet g1 S 192.168.1.1/32 [5/3] via 10.0.3.1, 19:51:18, Ethernet g1...
Page 194 Example The following example displays the parameters and current state of the active routing protocol process. Console# show ip protocols Routing Protocol is "rip" Sending updates every 30 seconds Invalid after 180 seconds, hold down 120, flushed after 300 Redistributing: RIP, Static, OSPF Default version control: send version 1, receive version 1 Interfaces: Interface Send Receive Key-chain...
Page 195: Show Key-Chains
show key-chains The show key-chains privileged EXEC command displays key-chain information. Syntax show key-chains [name-of-chain] • name-of-chain—Name of a key chain. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays key-chain information.
Page 196: Show Keys
show keys The show keys privileged EXEC command displays key information. Syntax show keys [key-id] • key-id—Identification number of an authentication key on a key chain. (Range: 1 - 255) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 197: Lacp Commands
LACP Commands lacp system-priority The lacp system-priority global configuration command configures the system priority. To reset to default, use the no form of this command. Syntax lacp system-priority value no lacp system-priority • value—Value of the priority. (Range: 1 - 65535) Default Configuration The default system priority value is 1.
Page 198: Lacp Timeout
Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example configures the priority value for port g8 to 247. Console (config)# interface ethernet g8 Console (config-if)# lacp port-priority 247 lacp timeout The lacp timeout interface configuration command assigns an administrative LACP timeout.
Page 199: Show Lacp Port-Channel
Syntax show lacp ethernet interface [parameters | statistics | protocol-state] • Interface—Ethernet interface. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows how to display LACP statistics information. Console# show lacp ethernet g1 statistics Port 1 LACP Statistics: LACP PDUs sent:2...
Page 200 Example The following example shows how to display LACP port-channel information. Console# show lacp port-channel 1 Port-Channel ch1 Port Type Unknown Attached Lag id: Actor System Priority:1 MAC Address: 0a:d0:0f:f0:eb:ee Admin Key: Oper Key: Partner System Priority:0 MAC Address: 00:00:00:00:00:00 Oper Key: LACP Commands...
Page 201: Line Commands
Line Commands line The line global configuration command identifies a specific line for configuration and enters the line configuration command mode. Syntax line {console | telnet | ssh} • console—Console terminal line. • telnet—Virtual terminal for remote console access (Telnet). •...
Page 202: Exec-Timeout
Command Mode Line Configuration (console) mode User Guidelines This command is available only on the console line. Although not saved to the configuration file, the line baud rate setting is permanently saved until it is explicitly modified. Examples The following example configures the line baud rate to 115200. Console (config)# line console Console(config-line)# speed 115200 exec-timeout...
Page 203: Show Line
show line The show line user EXEC command displays line parameters. Syntax show line [console | telnet | ssh] • console—Console terminal line. • telnet—Virtual terminal for remote console access (Telnet). • ssh—Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration.
Page 204: Terminal History
terminal history The terminal history user EXEC command enables the command history function for the current terminal session. To disable the command history function, use the no form of this command.. Syntax terminal history no terminal history Default Configuration The default configuration for all terminal sessions is defined by the history line configuration command.
Page 205 Command Mode User EXEC mode User Guidelines The terminal history size user EXEC command configures the size of the command history buffer for the current terminal session. To change the default size of the command history buffer, use the history size line configuration command. The maximum number of commands in all buffers is 256.
Page 206 Line Commands...
Page 207: Management Acl
Management ACL management access-list The management access-list configuration command defines an access-list for management, and enters the access-list for configuration. Once in the access-list configuration mode, the denied or permitted access conditions are configured with the deny and permit commands. To remove an access list, use the no form of this command.
Page 208: Permit (Management)
The following example shows how to create an access-list called "mlist", configure all interfaces to be management interfaces except interfaces ethernet g1 and ethernet g9, and make the access-list the active list. Console (config)# management access-list mlist Console (config-macl)# deny ethernet g1 Console (config-macl)# deny ethernet g9 Console (config-macl)# permit Console (config-macl)# exit...
Page 209: Deny (Management)
User Guidelines Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is defined on the appropriate interface.The system supports up to 256 management access rules. Example The following example shows how all ports are permitted in the access-list called "mlist". Console (config)# management access-list mlist Console (config-macl)# permit deny (management)
Page 210: Management Access-Class
User Guidelines Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is defined on the appropriate interface.The system supports up to 256 management access rules. Example The following example shows how all ports are denied in the access-list called "mlist". Console (config)# management access-list mlist Console (config-macl)# deny management access-class...
Page 211: Show Management Access-List
show management access-list The show management access-list privileged EXEC command displays management access-lists. Syntax show management access-list [name] • name—A valid access list name. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the active management access-list.
Page 212 User Guidelines There are no user guidelines for this command. Example The following example displays the management access-list information. Console# show management access-class Management access-class is enabled, using access list mlist Management ACL...
Page 213: Multicast Routing Commands
Multicast Routing Commands ip multicast-routing The ip multicast-routing command in global configuration mode enables IP Multicast routing and DVMRP. To disable IP Multicast routing, use the no form of this command. Syntax ip multicast-routing [dvmrp] no ip multicast-routing [dvmrp] Default Configuration IP Multicast routing is disabled.
Page 214: Ip Dvmrp Metric
User Guidelines If DVMRP is disabled on an interface, the DVMRP parameters on the interface return to the default values. Example The following example enables DVMRP on port g5. Console (config)# interface ethernet g5 Console (config-if)# ip dvmrp ip dvmrp metric The ip dvmrp metric interface configuration mode configures the interface metric for Distance Vector Multicast Routing Protocol (DVMRP) reports.
Page 215: Ip Igmp Query-Interval
Syntax ip igmp no ip igmp Default Configuration IGMP is by default disabled on interfaces. Command Mode Interface configuration (Ethernet, VLAN, port-channel) User Guidelines If IGMP is disabled on an interface, the IGMP parameters on the interface return to the default values.
Page 216: Ip Igmp Last-Member-Query-Interval
If IGMP is disabled on an interface, the IGMP parameters on the interface return to the default values. Example The following example configures the frequency at which the software sends IGMP host query messages on port g5 to 600 seconds. Console (config)# interface ethernet g5 Console (config-if)# ip igmp query-interval 600 ip igmp last-member-query-interval...
Page 217: Ip Igmp Query-Max-Response-Time
Example The following example configures the frequency at which the software sends IGMP group-specific query messages on port g5 to 20 seconds. Console (config)# interface ethernet g5 Console (config-if)# ip igmp last-member-query-interval 20 ip igmp query-max-response-time The ip igmp query-max-response-time interface configuration command configures the maximum response time advertised in Internet Group Management Protocol (IGMP) queries.
Page 218: Ip Igmp Version
Example The following example configures the maximum response time advertised in IGMP queries on port g5 to 20 seconds. Console (config)# interface ethernet g5 Console (config-if)# ip igmp query-max-response-time 20 ip igmp version The ip igmp version global configuration command configures which version of Internet Group Management Protocol (IGMP) the router uses.
Page 219: Ip Igmp Static-Group
ip igmp static-group The ip igmp static-group interface configuration command configures the router to be a statically connected member of the specified group on the interface. To remove the router as a member of the group, use the no form of this command. Syntax ip igmp static-group group-address no ip igmp static-group group-address...
Page 220 Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays all ip mroutes. Console# show ip mroute Group Source Upstream Interface Up Time Owner ----------- ----------------- ------------ -----------...
Page 221 The following example displays all ip mroutes for port g1. Console# show ip mroute ethernet g1 Group Source Upstream Interface Up Time Owner ----------- ------------------ ------------ --------- -------- ------ 224.0.255.1 198.92.37.100/32 10.20.37.33 eth g1 20:20:00 dvmrp 224.0.255.1 199.92.37.100/32 10.20.37.33 eth g1 1d:4h:20m dvmrp 224.1.255.1 198.92.37.100/32...
Page 222: Show Ip Mroute-Next-Hop
show ip mroute-next-hop The show ip mroute-next-hop user EXEC command displays IP Multicast routing next hop information. Syntax show ip mroute-next-hop [group group-address] [source source-address] group group-address—Multicast group IP address. • source source-address—The source IP address. • Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines...
Page 223: Show Ip Dvmrp Interface
The following table describes the fields shown in the display: Field Description Group IP Multicast group address. Source The network address that identifies the sources. Interface The outgoing interface. Up time The time since the Multicast routing information was learned by the router. Expiry time The minimum amount of time remaining before this entry is aged out.
Page 224: Show Ip Dvmrp Neighbor
Example The following example displays DVMRP interfaces. Console# show ip dvmrp interface Interface IP address Metric RCV Bad RCV Bad Sent Packets Routes Routes --------- ----------- ------- ------- ------ ------ eth g1 172.16.1.1 The following table describes the fields shown in the display: Field Description Interface...
Page 225 Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays DVMRP neighbor information for port g1. Console# show ip dvmrp neighbor ethernet g1 Inter- Neighbor Up Time...
Page 226: Show Ip Dvmrp Next-Hop
The following table describes the fields shown in the display: Field Description Interface Interface type, number. Neighbor The DVMRP neighbor IP address. Up Time The time since this DVMRP neighbor became a neighbor of the local router. Expiry Time The minimum time remaining before this DVMRP neighbor is aged out. Version The neighboring router DVMRP version number.
Page 227: Show Ip Dvmrp Route
Example The following example displays DVMRP-next-hop information. Console# show ip dvmrp next-hop Source Interface Hop Type --------------- --------- -------- 198.92.37.100/32 eth g2 Leaf The following table describes the fields shown in the display: Field Description Source The network address identifying the sources. Interface The outgoing interface.
Page 228: Show Ip Dvmrp Prune
Example The following example displays the DVMRP routing table contents. Console# show ip dvmrp route Source Neighbor Interface Metric Expiry Time Time ------------- ---------------------- ------- -------- -------- 171.68.0.0/16 192.168.1.28 eth g1 00:02:52 07:55:50 The following table describes the fields shown in the display: Field Description Source...
Page 229: Show Ip Igmp Interface
User Guidelines There are no user guidelines for this command. Example The following example displays the DVMRP upstream prune state. Console# show ip dvmrp prune Group Source Expiry Time ------------- ------------ -------- 224.192.78.88 171.68.0.0/16 00:02:52 224.192.78.89 171.68.0.0/16 00:08:52 The following table describes the fields shown in the display: Field Description Group...
Page 230: Show Ip Igmp Groups
Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays IGMP related information about an interface. Console# show ip igmp interface Interface Version Query Last Querier Interval Member response router [sec] [mSec] [Sec]...
Page 231 Syntax show ip igmp groups [group ip-address] [ethernet interface-number | vlan vlan-id | port- channel number] • group ip-address—Multicast group address. • ethernet interface-number—Ethernet port number. • vlan vlan-id—VLAN number. • port-channel number—Port-channel number. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines...
Page 232 The following table describes the fields shown in the display: Field Description Group Address Multicast group address. Interface Interface through which the group is reachable. Uptime How long (in weeks, days, hours, minutes, and seconds) this Multicast group is known. Expires How long (in hours, minutes, and seconds) until the entry expires.
Page 233: Ospf Commands
OSPF Commands router ospf enable The router ospf enable global configuration command enables the OSPF routing process. To disable the OSPF routing process, use the no form of this command. Syntax router ospf enable no router ospf enable Default Configuration The OSPF routing process is disabled.
Page 234: Router Ospf Redistribute Rip
User Guidelines Auto-creation of OSPF areas is supported, so an OSPF area does not have to be defined before assigning it to an interface. To manually define an OSPF area, use the router ospf area command. If the auto-creation option is used, the area definition does not appear in the running configuration file.
Page 235: Router Ospf Redistribute Static
User Guidelines If your network contains other routers that do not run OSPF, but do run RIP routing protocols, the OSPF process can incorporate those routes learned via RIP. When redistribution is enabled, the router becomes an “AS Boundary Router” (ASBR). OSPF is more robust and converges more rapidly than RIP.
Page 236: Router Ospf Redistribute Connected
router ospf redistribute connected The router ospf redistribute connected global configuration command enables advertising of directly connected networks routes, in the OSPF routing process. To disable advertising, use the no form of this command. Syntax router ospf redistribute connected no router ospf redistribute connected Default Configuration Advertising of directly connected network routes is disabled.
Page 237: Hello-Interval
User Guidelines There are no user guidelines for this command. Example The following example defines an OSPF virtual link on neighbor with the address 1.1.1.1. Console (config)# router ospf area 1.1.1.1 virtual-link 1.1.1.1 hello-interval The hello-interval ospf virtual link interface configuration command specifies the interval between hello packets that the software sends on the OSPF virtual link interface.
Page 238: Dead-Interval
dead-interval The dead-interval ospf virtual link interface configuration command sets the interval at which hello packets must not be seen before its neighbors declare the router down. To return to the default time, use the no form of this command. Syntax dead-interval seconds no dead-interval...
Page 239: Transmit-Delay
Default Configuration The default value is 5 seconds. Command Mode OSPF virtual link configuration User Guidelines When a router sends an LSA to its neighbor, it keeps the LSA until it receives back the acknowledgment message. If the router receives no acknowledgment, it resends the LSA. The setting of this parameter should be conservative to prevent unnecessary retransmissions.
Page 240: Authentication
If the delay is not added before transmission over a link, the time in which the LSA propagates over the link is not considered. This setting has more significance on very low- speed links. Example The following example sets the estimated time required to send a link-state update packet on the OSPF virtual link interface to 10 seconds.
Page 241: Router Ospf Router-Id
router ospf router-id The router ospf router-id global configuration command configures an OSPF router ID. To return to default, use the no form of this command. Syntax router ospf router-id ip-address no router ospf router-id • ip-address—Specifies the OSPF router ID as an IP address. Default Configuration The default is the first interface IP address.
Page 242: Router Ospf Area Default-Cost
User Guidelines The router ospf area stub command must be configured on all routers and access servers in the stub area. Use the area router configuration command with the default-cost option to specify the default internal router cost sent into a stub area by an ABR. There are two stub area router configuration commands: the stub and default-cost options of the area router configuration command.
Page 243: Ospf
A default cost can be defined only for a stub area. To define a stub area, use the ospf area stub command. Example The following example specifies a cost of 10000 for the default summary route sent into a stub area number 192.168.3.1.
Page 244: Ospf Enable
Example The following example enables OSPF on IP interface 1.100.100.100. Console(config)# interface ip 1.100.100.100 Console(config-ip)# ospf ospf enable The ospf enable interface configuration command activates OSPF on an interface. To deactivate OSPF on an interface, use the no form of this command. Syntax ospf enable no ospf enable...
Page 245: Ospf Cost
Default Configuration The default is the first area (backbone area - 0.0.0.0). Command Mode IP Interface Configuration mode User Guidelines An OSPF area must be defined before it can be assigned to an interface. To define an OSPF area, use the router ospf area command. OSPF area auto-creation is supported, so an OSPF area does not have to be defined before assigning it to an interface.
Page 246: Ospf Priority
User Guidelines There are no user guidelines for this command. Example The following example defines a path cost 0f 250 on IP interface 1.100.100.100. Console(config)# interface ip 1.100.100.100 Console(config-ip)# ospf cost 250 ospf priority The ospf priority interface configuration command sets the router priority, which is used in electing the designated router for the network.
Page 247: Ospf Hello-Interval
ospf hello-interval The ospf hello-interval interface configuration command specifies the interval between hello packets the software sends on an interface. To return to the default time, use the no form of this command. Syntax ospf hello-interval seconds no ospf hello-interval •...
Page 248: Ospf Retransmit-Interval
Default Configuration The default IP Interface dead-interval time is 40 seconds. Command Mode IP Interface Configuration User Guidelines The interval is advertised in router hello packets. This value must be the same for all routers and access servers on a specific network. Example The following example defines the OSPF dead-interval time of 100 seconds on interface 1.100.100.100.
Page 249: Ospf Transmit-Delay
Example The following example specifies 60 seconds between link-state advertisement (LSA) retransmissions for IP interface 1.100.100.100 adjacencies. Console(config)# interface ip 1.100.100.100 Console(config-if)# ospf re-transmit-interval 60 ospf transmit-delay The ospf transmit-delay interface configuration command sets the estimated time required to send a link-state update packet on an interface. To return to the default value, use the no form of this command.
Page 250: Router Ospf Compatible Rfc1583
router ospf compatible rfc1583 To restore the method used to calculate summary route costs per RFC 1583, use the router ospf compatible rfc1583 command in global configuration mode. To disable RFC 1583 compatibility, use the no form of this command. Syntax router ospf compatible rfc1583 no router ospf compatible rfc1583...
Page 251: Clear Ip Ospf Process
Default Configuration No authentication is provided for OSPF packets. Command Mode IP Interface Configuration User Guidelines There are no user guidelines for this command. Example The following example OSPF authentication on IP interface 1.100.100.100 is enabled for MD5 authentication named "mychain". Console(config)# interface ip 1.100.100.100 Console(config-ip)# ospf authentication md5 mychain clear ip ospf process...
Page 252: Show Ip Ospf
show ip ospf The show ip ospf user EXEC command displays general OSPF routing information. Syntax show ip ospf Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example configures authentication login.
Page 253: Show Ip Ospf Virtual-Links
It is... Possible types are internal, area border, or autonomous system boundary. Redistributing External Lists redistributed routes, by protocol. Routes from Number of areas Number of areas in router, area addresses, etc. show ip ospf virtual-links The show ip ospf virtual-links user EXEC command displays parameters and the current state of OSPF virtual links.
Page 254: Show Ip Ospf Database
Example The following example displays parameters and the current state of OSPF virtual links. Console# show ip ospf virtual-links Virtual Link to router 192.168.101.2 is up Transit area 0.0.0.1 Virtual link has simple password authentication Transmit Delay is 1 sec, State POINT_TO_POINT Timer intervals configured, Hello 10, Dead 40, Retransmit 5 Adjacency State FULL The following table describes the fields the display:...
Page 255 show ip ospf [area-id] database [asbr-summary] [link-state-id] [self-originate] [link-state-id] show ip ospf [area-id] database [database-summary] show ip ospf [area-id] database [external] [link-state-id] show ip ospf [area-id] database [external] [link-state-id] [adv-router [ip-address]] show ip ospf [area-id] database [external] [link-state-id] [self-originate] [link-state-id] show ip ospf [area-id] database [network][link-state-id] show ip ospf [area-id] database [network] [link-state-id] [adv-router [ip-address]] show ip ospf [area-id] database [network] [link-state-id] [self-originate]...
Page 256 • link-state-id—Portion of the Internet environment that is being described by the advertisement. The value entered depends on the type of the LSA. The value must be entered in the form of an IP address. When the LSA is describing a network, the link-state-id argument can take one of two forms: •...
Page 257 Examples The following example displays OSPF database information. Console# show ip ospf database OSPF Router with ID 200.1.1.11 Router Link States(Area 0) Link ID ADV Router Seq# Checksum Link count 200.1.1.8 200.1.1.8 1381 0x8000010D 0xEF60 200.1.1.11 200.1.1.11 1460 0x800002FE 0xEB3D 200.1.1.12 200.1.1.12 2027...
Page 258 The following table describes the fields shown in the display: Field Description Link ID Router ID number. ADV Router Advertising router ID. Link-state age. Seq# Link-state sequence number (detects old or duplicate LSAs). Checksum Fletcher checksum of the complete the LSA contents. Link count Number of interfaces detected for router.
Page 259 The following table describes fields shown in the display: Field Description OSPF Router with id Router ID number. LS age Link-state age. Options Type of service options (Type 0 only). LS Type Link-state type. Link State ID Link-state ID (ASBR). Advertising Router Advertising router ID.
Page 260 The following example displays external OSPF database information. Console# show ip ospf database external OSPF Router with id 190.20.239.66 Displaying AS External Link States LS age: 280 Options: (No TOS-capability) LS Type: AS External Link Link State ID: 143.105.0.0 (External Network Number) Advertising Router: 155.187.70.6 LS Seq Number: 80000AFD Checksum: 0xC3A...
Page 261 The following table describes fields shown in the display: Field Description OSPF Router with id Router ID number. LS age Link-state age. Options Type of service options (Type 0 only). LS Type Link-state type. Link State ID Link-state ID (External Network Number). Advertising Router Advertising router ID.
Page 262 The following example displays OSPF database network information. Console# show ip ospf database network OSPF Router with id 190.20.239.66 Displaying Net Link States(Area 0.0.0.0) LS age: 1367 Options: (No TOS-capability) LS Type: Network Links Link State ID: 155.187.1.3 (address of Designated Router) Advertising Router: 190.20.239.66 LS Seq Number: 800000E7 Checksum: 0x1229...
Page 263 The following table describes fields shown in the display: Field Description OSPF Router with id Router ID number. LS age Link-state age. Options Type of service options (Type 0 only). LS Type Link-state type. Link State ID Link-state ID of designated router. Advertising Router Advertising router ID.
Page 264 The following example displays OSPF database router information. Console# show ip ospf database router OSPF Router with id 190.20.239.66 Displaying Router Link States(Area 0.0.0.0) LS age: 1176 Options: (No TOS-capability) LS Type: Router Links Link State ID: 155.187.21.6 Advertising Router: 155.187.21.6 LS Seq Number: 80002CF6 Checksum: 0x73B7 Length: 120...
Page 265 The following table describes fields shown in the display: Field Description OSPF Router with id Router ID number. LS age Link-state age. Options Type of service options (Type 0 only). LS Type Link-state type. Link State ID Link-state ID. Advertising Router Advertising router ID.
Page 266 The following example displays OSPF database router information. Console# show ip ospf database summary OSPF Router with id 190.20.239.66 Displaying Summary Net Link States(Area 0.0.0.0) LS age: 1401 Options: (No TOS-capability) LS Type: Summary Links(Network) Link State ID: 155.187.240.0 (summary Network Number) Advertising Router: 155.187.241.5 LS Seq Number: 80000072 Checksum: 0x84FF...
Page 267: Show Ip Ospf Interface
The following example displays OSPF database summary information. Console# show ip ospf database-summary OSPF Router with ID (172.19.65.21) (Process ID 1) Area ID Router Network Sum-Net Sum-ASBR Subtotal 1.1.1.1 AS External Total The following table describes fields shown in the display: Field Description Area ID...
Page 268: Show Ip Ospf Neighbor
Example The following example displays OSPF-related IP interface 192.168.1.1 information. Console# show ip ospf interface 192.168.1.1 IP interface 192.168.1.1/16 is up, OSPF is enabled Area 0.0.0.0, Router ID 192.77.99.1, Network Type BROADCAST, Cost: Interface has simple password authentication Transmit Delay is 1 sec, State OTHER, Priority 1 Designated Router id 192.168.1.11, Interface address 192.168.1.11 Backup Designated router id 192.168.1.28, Interface addr 192.168.1.28...
Page 269 Command Mode User EXEC mode User Guidelines For OSPF routers to become neighbors, they must be directly connected and agree on the following parameters. • IP prefix and subnet mask • Area ID • Authentication (none, text, MD5) • Options (stub, nssa) •...
Page 270 The following table describes fields shown in the display: Field Description Neighbor Neighbor router ID. Address IP address of the interface. In the area Area and interface through which the OSPF neighbor is known. Neighbor priority Router priority of the neighbor, neighbor state. State OSPF neighbor state (init, two-way, loading, full).
Page 271: Phy Diagnostics Commands
PHY Diagnostics Commands test copper-port tdr The test copper-port tdr privileged EXEC command diagnoses with TDR (Time Domain Reflectometry) technology the quality and characteristics of a copper cable attached to a port. The device reports only shorts across the cable pairs. The Virtual Cable Test (VCT) analyzes each of the MDI pairs in the cable being tested.
Page 272: Show Copper-Ports Tdr
The following example results in a failure to report on the cable attached to port g4. Console# test copper-port tdr g4 Can’t perform the test on fiber ports show copper-ports tdr The show copper-ports tdr privileged EXEC command display the last TDR (Time Domain Reflectometry) tests on specified ports.
Page 273: Show Fiber-Ports Optical-Transceiver
Syntax show copper-ports cable-length [interface] • interface—A valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This feature works only on 1-Gbps ports. Example The following example displays the estimated copper cable length attached to all ports. Console# show copper-ports cable-length Port Length [meters]...
Page 274 Command Mode Privileged EXEC mode User Guidelines To test optical transceivers ensure a fiber link is present. PHY Diagnostics Commands...
Page 275 Examples The following example displays the optical transceiver diagnostics. console# show fiber-ports optical-transceiver Port Temp Voltage Current Output Input Data Power Power Fault Ready ----------- ------ ------- ------- ------ ----- ----- ----- Temp - Internally measured transceiver temperature Voltage - Internally measured supply voltage Current - Measured TX bias current Output Power - Measured TX output power in milliWatts Input Power - Measured RX received power in milliWatts...
Page 276 The following example displays detailed optical transceiver diagnostics. Console# show fiber-ports transceiver detailed Power Port Temp Voltage Current Output Input Data [Volt] [mA] [dBm] [dBm] Fault Ready ---- ----- ------- ------- ------ ------ ----- ----- 5.15 5.15 Copper Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage.
Page 277: Port Channel Commands
Port Channel Commands interface port-channel The interface port-channel global configuration command enters the interface configuration mode of a specific port-channel. Syntax interface port-channel port-channel-number • port-channel-number—A valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Seven supported aggregated links are defined, and per port-channel, up to 7 member ports.
Page 278: Channel-Group
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, it stops the execution of the command on subsequent interfaces.
Page 279: Show Interfaces Port-Channel
members of the aggregated link to half-duplex operation, and may, as per the standard, set them all to Inactive. Example The following example shows how port g5 is configured to port-channel number 1 without LACP. Console (config)# interface ethernet g5 Console (config-if)# channel-group 1 mode on show interfaces port-channel The show interfaces port-channel user EXEC command displays port-channel information (which...
Page 280 Port Channel Commands...
Page 281: Port Monitor Commands
Port Monitor Commands port monitor The port monitor interface configuration command starts a port monitoring session. To stop a port monitoring session, use the no form of this command. Syntax port monitor src-interface [rx | tx] no port monitor src-interface •...
Page 282: Port Monitor Vlan-Tagging
• All the frames are transmitted already tagged from the destination port. General Restrictions: • Ports cannot be configured as a group using the interface range ethernet command. NOTE: The Port Mirroring target must be a member of the Ingress VLAN of all Mirroring source ports. Therefore, Multicast and Broadcast frames in these VLANs are seen more than once.
Page 283: Show Ports Monitor
show ports monitor The show ports monitor user EXEC command displays the port monitoring status. Syntax show ports monitor Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows how the port monitoring status is displayed.
Page 284 Port Monitor Commands...
Page 285: Qos Commands
QoS Commands The qos global configuration command enables quality of service (QoS) on the device and enters QoS basic or advanced mode. Use the no form of this command to disable the QoS features on the device. Syntax qos [advanced] no qos advanced—Enable QoS advanced mode.
Page 286: Priority-Queue Out Num-Of-Queues
User Guidelines There are no user guidelines for this command. Example The following example displays a device where basic mode is supported. Console# show qos Qos: basic Basic trust: dscp priority-queue out num-of-queues The priority-queue out num-of-queues global configuration command enables the egress queues to be expedite queues.
Page 287: Traffic-Shape
traffic-shape The traffic-shape interface configuration command sets a shaper on an egress port/queue. To disable the shaper on an interface, use the no form of this command. Syntax traffic-shape {committed-rate committed-burst} [queue-id] no traffic-shape [queue-id] • committed-rate—The average traffic rate (CIR) in bits per second (bps). •...
Page 288: Wrr-Queue Bandwidth
• threshold-percentage—Specifies the tail-drop threshold percentage value. (Range: 1 - 100) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The packet refers to a certain threshold by the conformance level. If threshold 0 is exceeded, packets with the corresponding DP are dropped until the threshold is no longer exceeded.
Page 289: Wrr-Queue
User Guidelines The packet refers to a threshold by the conformance level. Weighted round robin queues should be defined on the interface. A weight between 6 and 255 may be specified. A weight of 0 may also be specified for all queues except queue 8.
Page 290: Show Qos Interface
Example The following example defines the wrr-queue mechanism on an egress queue to tail-drop. Console (config)# interface ethernet g5 Console (config-if)# wrr-queue tail-drop show qos interface The show qos interface user EXEC command displays interface QoS data. Syntax show qos interface [ethernet interface-number | vlan vlan-id | port-channel number] [buffers | queuing | policers | shapers] •...
Page 291 Examples The following example displays output from the show qos interface ethernet g1 buffers command. Console# show qos interface ethernet g1 buffers Ethernet g1 Notify Q depth: qid-size 1 - 125 2 - 125 3 - 125 4 - 125 5 - 125 6 - 125 7 - 125...
Page 292 The following example displays output from the show qos interface ethernet g1 queueing command. Console# show qos interface ethernet g1 queueing Ethernet g1 wrr bandwidth weights and EF priority: qid-weights Ef - Priority 1 - 125 dis- N/A 2 - 125 dis- N/A 3 - 125 dis- N/A 4 - 125 dis- N/A 5 - N/A ena- 5...
Page 293 The following example displays output from the show qos interface g1 shapers command. Console# show qos interface g1 shapers Ethernet g1 Port shaper: enable Committed rate: 192000 bps Committed burst: 9600 bytes Target Target Status Committed Committed Rate [bps] Burst [bytes] Enable 100000 17000...
Page 294: Qos Map Dscp-Queue
The following example displays output from the show qos interface g1 policers command. Console# show qos interface ethernet g1 policers Ethernet g1 Class map: A Policer type: aggregate Committed rate: 192000 bps Committed burst: 9600 bytes Exceed-action: policed-dscp-transmit Class map: B Policer type: single Committed rate: 192000 bps Committed burst: 9600 bytes...
Page 295: Qos Map Tcp-Port-Queue
Default Configuration The following table describes the default map. DSCP value 8-15 16-23 24-31 32-39 40-47 48-56 57-63 Queue-ID Command Mode Global Configuration mode User Guidelines Queue settings for 3, 11, 19, ... cannot be modified. Example The following example maps DSCP values 33, 40 and 41 to queue 1. Console (config)# qos map dscp-queue 33 40 41 to 1 qos map tcp-port-queue The qos map tcp-port-queue global configuration command modifies the TCP-Port to Queue...
Page 296: Qos Map Udp-Port-Queue
Example The following example shows how the mapped TCP ports 2000 and 80 are modified to queue 2. Console (config)# qos map tcp-port-queue 2000 80 to 2 qos map udp-port-queue The qos map udp-port-queue global configuration command modifies the UDP-Port to DSCP table.
Page 297: Show Qos Map
• queue-id—The queue number to which the following CoS values are mapped. • cos1...cosn—Map to specific queues up to eight CoS values from 0 to 7. Default Configuration The map default values are as follows: • CoS value 1 select queue 1 •...
Page 298 • policed-dscp—Displays the DSCP to DSCP remark table. • dscp-mutation—Displays the DSCP-DSCP mutation table. Default Configuration This command has no default configuration. Command Mode User EXEC command User Guidelines There are no user guidelines for this command. Example The following example displays the DSCP port-queue map. Console# show qos map dscp-queue Dscp-queue map: d1 : d2 0...
Page 299 The following example displays the TCP port-queue map. Tcp port-queue map: Port ----- ------ 6000 6001 6002 The following example displays the UDP port-queue map. Udp port-queue map: Port ----- ----- 8000 8001 The following example displays the policed-DSCP map. Policed-dscp map: d1 : d2 0 --------------------------------------------------------...
Page 300: Qos Trust (Global)
The following example displays the DSCP-mutation map. Dscp-dscp mutation map: d1 : d2 0 ------------------------------------------------------- qos trust (Global) The qos trust global configuration command can be used in basic mode to configure the system to "trust" state. To return to the default state, use the no form of this command. Syntax qos trust {cos | dscp |tcp-udp-port} no qos trust...
Page 301: Qos Trust (Interface)
can be configured to one of the trusted states because there is no need to classify the packets at every switch within the domain. Use this command to specify whether the port is trusted and which fields of the packet to use to classify traffic.
Page 302: Qos Cos
qos cos The qos cos interface configuration command configures the default port CoS value. To return to the default setting, use the no form of this command. Syntax qos cos default-cos no qos cos • default-cos—Specifies the default CoS value being assigned to the port. If the port is trusted and the packet is untagged then the default CoS value becomes the CoS value.
Page 303: Qos Map Dscp-Mutation
User Guidelines The DSCP-to-DSCP-mutation map is applied to a port at the boundary of a quality of service (QoS) administrative domain. If two QoS domains have different DSCP definitions between them, the DSCP-to-DSCP-mutation map is used to translate a set of DSCP values to match the definition of another domain.
Page 304: Qos Aggregate-Policer
qos aggregate-policer The qos aggregate-policer global configuration command defines the policer parameters that can be applied to multiple traffic classes within the same policy map. To remove an existing aggregate policer use the no form of this command. Syntax qos aggregate-policer aggregate-policer-name committed-rate-kbps excess-burst-byte [exceed- action {drop | policed-dscp-transmit}] no qos aggregate-policer •...
Page 305: Qos Map Policed-Dscp
• aggregate-policer-name—The aggregate policer name being displayed. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the aggregate policer called "policer1". Console# show qos aggregate-policer policer1 aggregate-policer policer1 96000 4800 exceed-action drop not used by any policy map...
Page 306: Class-Map
Example The following example maps DSCP values 12 and 58 to value 56 while out of profile. Console (config)# qos map policed-dscp 12 58 to 56 class-map The class-map global configuration command creates class maps and enters the class-map configuration mode. To delete a class, use the no form of this command. Syntax class-map class-map-name [match-all | match-any] no class-map class-map-name...
Page 307: Show Class-Map
Example The following example creates a class-map named "class1" which requires all ACE’s to be matched. Console (config)# class-map class1 match-all Console (config-cmap)# show class-map The show class-map user EXEC command displays all the class-maps configured on the device. Syntax show class-map [class-map-name] •...
Page 308: Policy-Map
User Guidelines There are no user guidelines for this command. Example The following example defines the match criterion as the access-group named "dell". The access- group is in a class map called "class1". Console (config)# class-map class1 Console (config-cmap)# match access-group dell...
Page 309: Show Policy-Map
The service-policy interface configuration command cannot be used to attach policy maps that contain set or trust policy-map class configuration commands or that have access control list (ACL) classification to an egress interface. The only match criterion supported is match ip dscp dscp-list.
Page 310: Class
Example The following example displays all policy-maps. Console> show policy-map Policy Map policy1 class class1 set dscp 7 Policy Map policy2 class class2 police 96000 4800 exceed-action drop class class3 police 124000 96000 exceed-action policed-dscp-transmit class The class policy-map configuration command defines the traffic classification and enters the policy-map class configuration mode.
Page 311: Police
If a new class-map name is used, it is automatically created, but then the access-group must be created. Example The following example defines a traffic classification named "class1" with an access-group called "dell". The class is in a policy map called "policy1". Console (config)# policy-map policy1 Console (config-pmap)# class class1 access-group dell police The police policy-map class configuration command defines a policer for classified traffic.
Page 312: Police Aggregate
Example The following example defines a policer for classified traffic. When the average traffic rate exceeds 124000 bps or the normal burst size exceeds 96000 bps, the packet is dropped. The class is in a policy map called "policy1". Console (config)# policy-map policy1 Console (config-pmap)# class class1 Console (config-pmap-c)# police 124000 9600 exceed-action drop police aggregate...
Page 313: Trust
trust The trust policy-map class configuration command configures the trust state. The trust state selects the value QoS uses as the source of the internal DSCP value from the packet. To return to the default trust state, use the no form of this command. Syntax trust [cos | dscp | tcp-udp-port] no trust...
Page 314: Set
Example The following example configures the trust state to CoS. The class is in a policy map called "policy1". Console (config)# policy-map policy1 Console (config-pmap)# class class1 Console (config-pmap-c)# trust cos The set policy-map class configuration command sets new values in the IP packet. To remove the value, use the no form of this command.
Page 315 Syntax service-policy input policy-map-name no service-policy input policy-map-name input policy-map-name—Specifies the policy-map being applied to an input interface. • Default Configuration This command has no default configuration. Command Mode Interface Configuration mode User Guidelines The service-policy interface configuration command cannot be used to attach policy maps that contain set or trust policy-map class configuration commands or that have access control list (ACL) classification to an egress interface.
Page 316 QoS Commands...
Page 317: Radius Commands
Radius Commands radius-server host The radius-server host global configuration command specifies a RADIUS server host. To delete the specified RADIUS host, use the no form of this command. Syntax radius-server host ip-address [auth-port auth-port-number] [timeout timeout] [retransmit retransmit] [deadtime deadtime] [key key] [source source] [priority priority] [usage type] no radius-server host ip-address •...
Page 318: Radius-Server Key
User Guidelines There are no user guidelines for this command. Example The following example sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon to "dell-server". Console (config)# radius-server key dell-server Radius Commands...
Page 319: Radius-Server Retransmit
radius-server retransmit The radius-server retransmit global configuration command specifies the number of times the software searches the list of RADIUS server hosts. To reset the default configuration, use the no form of this command. Syntax radius-server retransmit retries no radius-server retransmit •...
Page 320: Radius-Server Timeout
User Guidelines To define an out-of-band IP address, use the out-of-band IP address format —oob/ip-address. Example The following example configures the source IP address used for communication with RADIUS servers to 10.1.1.1. Console (config)# radius-server source-ip 10.1.1.1 radius-server timeout The radius-server timeout global configuration command sets the interval for which a router waits for a server host to reply.
Page 321: Show Radius-Servers
• deadtime—Length of time in minutes, for which a RADIUS server is skipped over by transaction requests. (Range: 0 - 2000) Default Configuration The default dead time is 0 minutes. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example sets a dead time where a RADIUS server is skipped over by transaction requests for this period, to 10 minutes.
Page 322 Examples The following example displays the RADIUS server settings. Console# show radius-servers IP address Auth Acct TimeOut Retransmit deadtime source IP Priority -------------- ---- ------- --------- ----------- -------- -------- ------- 172.16.1.1 1645 1646 172.16.8.1 172.16.1.2 1645 1646 172.16.8.1 Global values -------------- TimeOut: 3 Retransmit: 3...
Page 323: Rip Commands
RIP Commands router rip enable The router rip global configuration command enables the Routing Information Protocol (RIP) on the device. To disable the RIP routing process, use the no form of this command. Syntax router rip enable no router rip enable Default Configuration RIP is disabled on the device.
Page 324: Router Rip Redistribute Static
Example The following example enables routes learned by OSPF in the RIP process to be advertised. Console (config)# router rip redistribute ospf router rip redistribute static The router rip redistribute static global configuration command enables statically configured routes to advertise in the RIP process. To disable advertisements, use the no form of this command.
Page 325: Rip Passive-Interface
User Guidelines There are no user guidelines for this command. Example The following example enables RIP on IP address 100.1.1.1. Console(config)# interface ip 100.1.1.1 Console(config-ip)# rip rip passive-interface The rip passive-interface interface configuration command disables the sending of routing updates on an interface.
Page 326: Rip Version
Default Configuration RIP auto-send is enabled. Command Mode IP Interface Configuration mode User Guidelines If auto-send is enabled on an interface, the router only advertises the default route on the interface, until a RIP message is received. When a RIP message is received, the complete RIP information is sent.
Page 327: Rip Offset
Example The following example specifies a RIP version 1 on IP address 100.1.1.1. Console(config)# interface ip 100.1.1.1 Console(config-ip)# rip version 1 rip offset The rip offset interface configuration command adds an offset to a metric learned via Routing Information Protocol (RIP) before adding it to the interface table. To return to the default, use the no form of this command.
Page 328: Rip Default-Route Offset
Syntax rip default-route originate metric no rip default-route originate • metric—Metric for a default route. (Range: 1- 15) Default Configuration By default, the feature is enabled. Command Mode IP Interface Configuration mode User Guidelines This command is equivalent to rip default-route offset. Note that this is an origination of a default route with the given metric.
Page 329: Rip Authentication
User Guidelines This command is equivalent to rip default-route originate. Note that this is an origination of a default route with the given metric. Setting the value of the metric to 0 is the same as negating the command. An interface on which this command has been configured does not accept default route advertisement, in order to prevent a possible loop on the default route.
Page 330: Show Ip Rip
Example The following example enables RIP clear text authentication with the password "dell" on the IP address 100.1.1.1. Console(config)# interface ip 100.1.1.1 Console(config-ip)# rip authetication text dell show ip rip The show ip rip privileged EXEC command displays RIP routing information.
Page 331 Examples The following example displays IP RIP information. Console# show ip rip RIP is enabled. OSPF leaking is enabled. Static leaking is enabled. InterfaceVerOffsetDefaultPassiveAutoAuth RouteSend -------------------------------------------------- 176.16.0.0/1621DisabledNoYesMD5 192.168.0.0/1621DisabledNoNoText The following example displays IP RIP MD5 information. Console# show ip rip md5 Interface MD5 Authentication key chain ---------...
Page 332 The following table describes the fields shown in the display: Field Description Interface The interface IP Address. Received Bad Packets The number of RIP response packets received by the RIP process which were subsequently discarded for any reason (for example, a version 0 packet, or an unknown command type).
Page 333: Rmon Commands
RMON Commands show rmon statistics The show rmon statistics user EXEC command displays RMON Ethernet Statistics. Syntax show rmon statistics {ethernet interface number | port-channel port-channel-number} • interface—Valid Ethernet port. • port-channel-number—Valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines...
Page 334 The following table describes the significant fields shown in the display: Field Description Dropped The total number of events in which packets are dropped by the probe due to lack of resources. This number is not always the number of packets dropped; it is the number of times this condition has been detected.
Page 335: Rmon Collection History
256 to 511 Octets The total number of packets (including bad packets) received that are between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets). 512 to 1023 Octets The total number of packets (including bad packets) received that are between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets).
Page 336: Show Rmon Collection History
Example The following example enables a Remote Monitoring (RMON) MIB history statistics group on port g8 with the index number "1" and a polling interval period of 2400 seconds. Console (config)# interface ethernet g8 Console (config-if)# rmon collection history 1 interval 2400 show rmon collection history The show rmon collection history user EXEC command displays the requested history group configuration.
Page 337: Show Rmon History
The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the entry. Interface The sampled Ethernet interface Interval The interval in seconds between samples. Requested Samples The requested number of samples to be saved. Granted Samples The granted number of samples to be saved.
Page 338 Examples The following example displays RMON Ethernet Statistics history for "throughput" on index number 5. Console# show rmon history 5 throughput Sample Set: 5 Owner: cli Interface: interval: 10 Requested samples: 50 Granted samples: 50 Maximum table size: 270 Time Octets Packets Broadcast...
Page 339 The following example displays RMON Ethernet Statistics history for "other" on index number 1. Console# show rmon history 1 other Sample Set: 1 Owner: CLI Interface: interval: 10 Requested samples: 50 Granted samples: 50 Maximum table size: 270 Time Dropped Collisions -------------------- ----------- ----------- 10-Mar-2005...
Page 340: Rmon Alarm
Fragments The total number of packets received during this sampling interval that were less than 64 octets in length (excluding framing bits but including FCS octets) had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error), or a bad FCS with a non-integral number of octets (AlignmentError).
Page 341: Show Rmon Alarm-Table
Falling threshold—1000000 • Rising threshold event index—10 • Falling threshold event index—20 Console (config)# rmon alarm 1000 dell 360000 1000000 1000000 10 show rmon alarm-table The show rmon alarm-table user EXEC command displays the alarms summary table. Syntax show rmon alarm-table...
Page 342: Show Rmon Alarm
Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the alarms summary table. Console# show rmon alarm-table Index Owner ----- ----------------------- ------- 1.3.6.1.2.1.2.2.1.10.1 1.3.6.1.2.1.2.2.1.10.1 Manager...
Page 343 User Guidelines There are no user guidelines for this command. Example The following example displays RMON 1 alarms. Console# show rmon alarm 1 Alarm 1 ------- OID: 1.3.6.1.2.1.2.2.1.10.1 Last sample Value: 878128 Interval: 30 Sample Type: delta Startup Alarm: rising Rising Threshold: 8700000 Falling Threshold: 78 Rising Event: 1...
Page 344: Rmon Event
Startup Alarm The alarm that may be sent when this entry is first set. If the first sample is greater than or equal to the rising threshold, and startup alarm is equal to rising or rising and falling, then a single rising alarm is generated. If the first sample is less than or equal to the falling threshold, and startup alarm is equal falling or rising and falling, then a single falling alarm is generated.
Page 345: Show Rmon Events
Example The following example configures an event with the trap index of 10. Console (config)# rmon event 10 log show rmon events The show rmon events user EXEC command displays the RMON event table. Syntax show rmon events Default Configuration This command has no default configuration.
Page 346: Show Rmon Log
The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the event. Description A comment describing this event. Type The type of notification that the device generates about this event. Can have the following values: none, log, trap, log-trap.
Page 347: Rmon Table-Size
Console# show rmon log Maximum table size: 500 Event Description Time ----- ----------- -------------------- Errors Jan 18 2005 23:48:19 Errors Jan 18 2005 23:58:17 High Broadcast Jan 18 2005 23:59:48 Console# show rmon log Maximum table size: 500 (800 after reset) Event Description Time ----- -----------...
Page 348 Command Mode Global Configuration mode User Guidelines The configured table size is effective after the device is rebooted. Example The following example configures the maximum RMON history table sizes to 1000 entries. Console (config)# rmon table-size history 1000 RMON Commands...
Page 349: Snmp Commands
SNMP Commands SNMP General Commands snmp-server contact The snmp-server contact global configuration command sets up a system contact. To remove the system contact information, use the no form of the command. Syntax snmp-server contact text no snmp-server contact • text—Character string, up to 160 characters, describing the system contact information. Default Configuration This command has no default configuration.
Page 350 Command Mode Global Configuration mode User Guidelines Do not include spaces in the text string. Example The following example sets the device location as "New_York". Console (config)# snmp-server location New_York snmp-server enable traps The snmp-server enable traps global configuration command enables the switch to send SNMP traps.
Page 351 no snmp-server trap authentication Default Configuration Traps are enabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Examples The following example displays the command to enable authentication failed SNMP traps. Console (config)# snmp-server trap authentication snmp-server set The snmp-server set global configuration command sets SNMP MIB value by the CLI.
Page 352 Examples The following example sets the scalar MIB "sysName" to have the value "dell". Console (config)# snmp-server set sysName sysname dell The following example sets the entry MIB "rndCommunityTable" with keys 0.0.0.0 and "public". The field rndCommunityAccess gets the value "super" and the rest of the fields get their default values.
Page 353 Until the first wildcard, no attempt is made to verify that the MIB node corresponds to the starting portion of the OID. Examples The following example creates a view that includes all objects in the MIB-II system group except for sysServices (System 7) and all objects for interface 1 in the MIB-II interface group. Console (config)# snmp-server view user-view system included Console (config)# snmp-server view user-view system.7 excluded Console (config)# snmp-server view user-view ifEntry.*.1 included...
Page 354 • writeview—Specifies a string that is the name of the view that enables entering data and configuring the contents of the agent. If unspecified, nothing is defined for the write view. (Range: 1-30 characters) • notifyview—Specifies a string that is the name of the view that enables specifying an inform or a trap.
Page 355 • oid-tree—Specifies the object identifier of the ASN.1 subtree to be included or excluded from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system. Replace a single subidentifier with the asterisk (*) wildcard to specify a subtree family;...
Page 356 Example The following example displays the SNMP communications status. Console # show snmp Community-String Community-Access View name IP address type ---------------- ---------------- --------- ---------- ---- public read only user-view Router private read write Default 172.16.1.1 Router private-oob read write Default 172.16.1.1 private DefaultSuper 172.17.1.1...
Page 357: Show Snmp Views
OOB trap receivers Target Address Type Community Version UDP Port Filter Name To Sec Retries ------------- ---- --------- ------- -------- ----------- ------ ------- 176.16.8.9 Trap public Version 3 notifications Target Address Type Username Security UDP Port Filter Name To Sec Retries Level ------------- ----...
Page 358 User Guidelines There are no user guidelines for this command. Example The following example displays the configuration of views. Console # show snmp views Name OID Tree Type ----------- ----------------------- --------- user-view 1.3.6.1.2.1.1 Included user-view 1.3.6.1.2.1.1.7 Excluded user-view 1.3.6.1.2.1.2.2.1.*.1 Included show snmp groups The show snmp groups privileged EXEC command displays the configuration of groups.
Page 359 -------------- ----- ----- ------- ------- ------- ------- user-group priv Default "" "" managers-group priv "" Default Default "" managers-group priv Default "" "" Console # show snmp groups user-group Name Security Views Model Level Context Read Write Notify -------------- ----- ----- ------- ------- ------- -------...
Page 360: Snmpv1/V2 Commands
Example The following example displays the configuration of filters. Console # show snmp filters Name OID Tree Type ----------- ----------------------- --------- user-filter 1.3.6.1.2.1.1 Included user-filter 1.3.6.1.2.1.1.7 Excluded user-filter 1.3.6.1.2.1.2.2.1.*.1 Included SNMPv1/v2 Commands snmp-server community The snmp-server community global configuration command sets up the community access string to permit access to the SNMP protocol.
Page 361 • type router—Indicates that a community is used for SNMP access to the device only (not to the Out-of-Band port). • type oob—Indicates that a community is used for SNMP access to the Out-of-Band port only. Default Configuration No community is defined. Command Mode Global Configuration mode User Guidelines...
Page 362 The following example configures community access string public to permit SNMP read-write access for the Out-of-Band port only. Console (config)# snmp-server community public rw 192.175.1.10 type oob snmp-server host The snmp-server host global configuration command specifies the recipient of Simple Network Management Protocol Version 1 or Version 2 notifications.
Page 363: Snmpv3 Commands
The default maximum number of times to resend an inform request is 3. Command Mode Global Configuration mode User Guidelines When configuring an SNMPv1 or SNMPv2 notification recipient, a notification view for that recipient is automatically generated for all the MIB. When configuring an SNMPv1 notification recipient, the Inform option cannot be selected.
Page 364 • auth-md5 password—Indicates the HMAC-MD5-96 authentication level. The user should enter a password for authentication and generation of a DES key for privacy. (Range: 1-32 characters) • auth-sha password—Indicates the HMAC-SHA-96 authentication level. The user should enter a password for authentication and generation of a DES key for privacy. (Range: 1-32 characters) •...
Page 365 snmp-server v3-host The snmp-server v3-host global configuration command specifies the recipient of Simple Network Management Protocol Version 3 notifications. To remove the specified host, use the no form of this command. Syntax snmp-server v3-host {ip-address | hostname} username [traps | informs] {noauth | auth | priv} [udp-port port] [filter filtername] [timeout seconds] [retries retries] no snmp-server v3-host {ip-address | hostname} username [traps | informs] •...
Page 366 User Guidelines A user and notification view are not automatically created. Use the snmp-server user, snmp- server group and snmp-server user global configuration commands to generate a user, group and notify group, respectively. To define an SNMP recipient on the out-of-band port, use the out-of-band IP address format oob/ip-address.
Page 367 show snmp users The show snmp users privileged EXEC command displays the configuration of users. Syntax show snmp users [username] username—Specifies the name of the user. (Range: 1-30) • Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 369: Spanning-Tree Commands
Spanning-Tree Commands spanning-tree The spanning-tree global configuration command enables spanning-tree functionality. To disable spanning-tree functionality, use the no form of this command. Syntax spanning-tree no spanning-tree Default Configuration Spanning-tree is enabled. Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree functionality.
Page 370: Spanning-Tree Forward-Time
User Guidelines There are no user guidelines for this command. Example The following example configures the spanning-tree protocol to RSTP. Console(config)# spanning-tree mode rstp spanning-tree forward-time The spanning-tree forward-time global configuration command configures the spanning-tree bridge forward time, which is the amount of time a port remains in the listening and learning states before entering the forwarding state.
Page 371: Spanning-Tree Max-Age
Syntax spanning-tree hello-time seconds no spanning-tree hello-time seconds—Time in seconds. (Range: 1 - 10) • Default Configuration The default hello time for IEEE Spanning-Tree Protocol (STP) is 2 seconds. Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures spanning-tree bridge hello time to 5 seconds.
Page 372: Spanning-Tree Priority
spanning-tree priority The spanning-tree priority global configuration command configures the spanning-tree priority. The priority value is used to determine which bridge is elected as the root bridge. To reset the default spanning-tree priority use the no form of this command. Syntax spanning-tree priority priority no spanning-tree priority...
Page 373: Spanning-Tree Cost
Example The following example disables spanning-tree on g5. Console (config)# interface ethernet g5 Console (config-if)# spanning-tree disable spanning-tree cost The spanning-tree cost interface configuration command configures the spanning-tree path cost for a port. To return to the default port path cost, use the no form of this command. Syntax spanning-tree cost cost no spanning-tree cost...
Page 374: Spanning-Tree Portfast
Syntax spanning-tree port-priority priority no spanning-tree port-priority • priority—The port priority. (Range: 0 - 240 in multiples of 16) Default Configuration The default port-priority for IEEE STP is 128. Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures the spanning priority on g5 to 96.
Page 375: Spanning-Tree Link-Type
Example The following example enables PortFast on g5 Console(config)# interface ethernet g5 Console(config-if)# spanning-tree portfast spanning-tree link-type The spanning-tree link-type interface configuration command overrides the default link-type setting. To reset the default, use the no form of this command. Syntax spanning-tree link-type {point-to-point | shared} no spanning-tree spanning-tree link-type •...
Page 376: Clear Spanning-Tree Detected-Protocols
• flooding—Flood BPDU packets when spanning-tree is disabled on an interface. Default Configuration The default definition is flooding. Command Modes Global Configuration mode User Guidelines Use this command when STP is disabled on the PowerConnect 6024/6024F. Example The following example defines BPDU packet flooding when spanning-tree is disabled on an interface Console(config)# spanning-tree bpdu flooding clear spanning-tree detected-protocols...
Page 377: Show Spanning-Tree
show spanning-tree The show spanning-tree privileged EXEC command displays the spanning-tree configuration. Syntax show spanning-tree [ ethernet interface-number | port-channel port-channel-number ] [instance instance-id] show spanning-tree [detail] [active | blockedports] [instance instance-id] show spanning-tree mst-configuration • detail—Displays detailed information. • active—Displays active ports only.
Page 378 Examples The following examples display spanning-tree information. Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864...
Page 379 Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 36864 Address 00:02:4b:29:7a:00 This switch is the root. Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.Nbr Cost Role PortFast...
Page 380 Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.Nbr Cost Role PortFast Type ---- ------- -------- ----- ---- -------- ---------- Enabled 128.1 20000 Enabled 128.2 20000 Disabled 128.3 20000 Enabled...
Page 381 Interfaces Name State Prio.Nbr Cost Role PortFast Type ---- ------- -------- ----- ---- -------- ---------- Enabled 128.1 20000 Root P2p (RSTP) Enabled 128.2 20000 Desg Shared (STP) Enabled 128.4 20000 ALTN Shared (STP) Console# show spanning-tree blocked ports Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority...
Page 382 Console# show spanning-tree detail Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00:02:4b:29:7a:00...
Page 383 Port 2 (g2) enabled State: Forwarding Role: Designated Port id: 128.2 Port cost: 20000 Type: Shared (configured: auto) STP Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.2 Designated path cost: 20000 Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 3 (g3) disabled State: N/A...
Page 384 Port id: 128.5 Port cost: 20000 Type: N/A (configured: auto) Port Fast: N/A (configured:no) Designated bridge Priority: N/A Address: N/A Designated port id: N/A Designated path cost: N/A Number of transitions to forwarding state: N/A BPDU: sent N/A, received N/A Console# show spanning-tree ethernet g1 Port 1 (g1) enabled State: Forwarding...
Page 385 Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID Priority...
Page 386 ###### MST 1 Vlans Mapped: 10-20 CST Root ID Priority 24576 Address 00:02:4b:29:89:76 Path Cost 20000 Root Port 4 (g4) Rem hops Bridge ID Priority 32768 Address 00:02:4b:29:7a:00 Interfaces Name State Prio.Nbr Cost Role PortFast Type ---- ------- -------- ----- ---- -------- ----------...
Page 387 Root Port 1 (g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID Priority 32768 Address 00:02:4b:29:7a:00 This switch is the IST master. Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops Number of topology changes 2 last change occurred 2d18h ago Times:...
Page 388 Port 3 (g3) enabled State: Forwarding Role: Designated Port id: 128.3 Port cost: 20000 Type: Shared (configured: auto) Internal Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.3 Designated path cost: 20000 Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 4 (g4) enabled State: Forwarding...
Page 389 Times: hold 1, topology change 2, notification 2 hello 2, max age 20, forward delay 15 Port 1 (g1) enabled State: Forwarding Role: Boundary Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto) Boundary RSTP Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.1...
Page 390 Port 4 (g4) enabled State: Forwarding Role: Designated Port id: 128.4 Port cost: 20000 Type: Shared (configured: auto) Internal Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.2 Designated path cost: 20000 Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Console# show spanning-tree Spanning tree enabled mode MSTP...
Page 391: Spanning-Tree Pathcost Method
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Priority 32768 Address 00:01:42:97:e0:00 This switch is root for CST and IST master.
Page 392: Spanning-Tree Mst Priority
If the pathcost method is long, the default configuration is: • Ethernet (10 Mbps) - 2,000,000 • Fast Ethernet (100 Mbps) - 200,000 • Gigabit Ethernet (1000 Mbps) - 20,000 • Port-Channel - 20,000 Command Mode Global Configuration mode User Guidelines This command applies to all spanning tree instances on the switch.
Page 393: Spanning-Tree Mst Max-Hops
User Guidelines The priority value must be a multiple of 4096. The device with the lowest priority is selected as the root of the spanning tree. Example The following example configures the spanning tree priority of instance 1 to 4096. Console (config) # spanning-tree mst 1 priority 4096 spanning-tree mst max-hops The spanning-tree mst priority global configuration command configures the number of hops in...
Page 394: Spanning-Tree Mst Cost
no spanning-tree mst instance-id port-priority • instance-ID—ID of the spanning -tree instance. (Range: 0-15) • priority—The port priority. (Range: 0 - 240 in multiples of 16) Default Configuration The default port-priority for IEEE MSTP is 128. Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command.
Page 395: Spanning-Tree Mst Configuration
If the pathcost method is long, the default configuration is: • Ethernet (10 Mbps) - 2,000,000 • Fast Ethernet (100 Mbps) - 200,000 • Gigabit Ethernet (1000 Mbps) - 20,000 • Port-Channel - 20,000 Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command.
Page 396: Instance (Mst)
Example The following example configures an MST region. Console(config)# spanning-tree mst configuration Console(config-mst) # instance 1 add vlan 10-20 Console(config-mst) # name region1 Console(config-mst) # revision 1 instance (mst) The instance MST configuration command maps VLANS to an MST instance. Syntax instance instance-id {add | remove} vlan vlan-range •...
Page 397: Revision (Mst)
Syntax name string • string—MST configuration name. Case-sensitive (Range: 1-32). Default Configuration Device address. Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures sets the configuration name to region1. Console (config) # spanning-tree mst configuration Console (config-mst) # name "region 1"...
Page 398: Show (Mst)
Example The following example sets the configuration revision to 1. Console (config) # spanning-tree mst configuration Console (config-mst) # revision 1 show (mst) The show MST configuration command displays the current or pending MST region configuration. Syntax show {current | pending} Default Configuration This command has no default configuration.
Page 399: Exit (Mst)
exit (mst) The exit MST configuration command exits the MST configuration mode and applies all configuration changes. Syntax exit Default Configuration This command has no default configuration. Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command. Example The following example shows how to exit the MST configuration mode and save changes.
Page 400 Example The following example shows how to exit the MST configuration mode without saving changes. Console (config) # spanning-tree mst configuration Console (config-mst) # abort Spanning-Tree Commands...
Page 401: Ssh Commands
SSH Commands ip ssh port The ip ssh port global configuration command specifies the port to be used by the SSH server. To use the default port, use the no form of this command. Syntax ip ssh port port-number no ip ssh port •...
Page 402: Crypto Key Generate Dsa
User Guidelines If encryption keys are not generated, the SSH server is in standby until the keys are generated. To generate SSH server keys, use the commands crypto key generate rsa, and crypto key generate dsa. Example The following example enables the device to be configured from a SSH server. Console (config)# ip ssh server crypto key generate dsa The ip ssh server global configuration command generates DSA key pairs.
Page 403: Ip Ssh Pubkey-Auth
Syntax crypto key generate rsa Default Configuration RSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines RSA keys are generated in pairs: one public RSA key and one private RSA key. If the device already has RSA keys, a warning and prompt to replace the existing keys with new keys is displayed.
Page 404: Crypto Key Pubkey-Chain Ssh
Example The following example enables public key authentication for incoming SSH sessions. Console (config)# ip ssh pubkey-auth crypto key pubkey-chain ssh The crypto key pubkey-chain ssh global configuration command enters SSH Public Key-chain configuration mode. The mode is used to manually specify other device public keys such as SSH client public keys.
Page 405: Key-String
Default Configuration By default, there are no keys. Command Mode SSH Public Key Chain Configuration mode User Guidelines Follow this command with the key-string command to specify the key. Example The following example enables a SSH public key to be manually configured for the SSH public key chain called "bob".
Page 406: Show Ip Ssh
Example The following example enters public key strings for SSH public key clients called "bob". Console(config)# crypto key pubkey-chain ssh Console(config-pubkey-chain)# user-key bob rsa Console(config-pubkey-key)# key-string rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ+ ZNXfZSkvHG+QusIZ/76ILmFT34v7u7ChFAE+ Vu4GRfpSwoQUvV35LqJJk67IOU/zfwOl1g kTwml75QR9gHujS6KwGN2QWXgh3ub8gDjTSq muSn/Wd05iDX2IExQWu08licglk02LYciz +Z4TrEU/9FJxwPiVQOjc+KBXuR0juNg5nFYsY 0ZCk0N/W9a/tnkm1shRE7Di71+w3fNiOA 6w9o44t6+AINEICBCCA4YcF6zMzaT1wefWwX6f+ Rmt5nhhqdAtN/4oJfce166DqVX1gWmN zNR4DYDvSzg0lDnwCAC8Qh Fingerprint: a4:16:46:23:5a:8d:1d:b5:37:59:eb:44:13:b9:33:e9 show ip ssh The show ip ssh privileged EXEC command displays the SSH server configuration.
Page 407: Show Crypto Key Mypubkey
Example The following example displays the SSH server configuration. Console# show ip ssh SSH server enabled. Port: 22 RSA key was generated. DSA (DSS) key was generated. SSH Public Key Authentication is enabled. Active incoming sessions: IP address SSH username Version Cipher Auth Code ---------- ------------ ------- ------ --------- 172.16.0.1 John Brown 2.0 3...
Page 408: Show Crypto Key Pubkey-Chain Ssh
User Guidelines There are no user guidelines for this command. Example The following example displays the SSH public keys on the device. Console# show crypto key mypubkey rsa RSA key data: 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 64CAB820 847EDAD9 DF0B4E4C 73A05DD2 BD62A8A9 FA603DD2 E2A8A6F8 98F76E28 D58AD221 B583D7A4 71020301 87685768...
Page 409: Show Crypto Key Pubkey-Chain Ssh
Examples The following example displays all SSH public keys stored on the device. Console# show crypto key pubkey-chain ssh Username Fingerprint -------- ---------------------------------------------------- 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 john 98:F7:6E:28:F2:79:87:C8:18:F8:88:CC:F8:89:87:C8 The following example displays the SSH public called "bob". Console# show crypto key pubkey-chain ssh username bob Username: bob Key: 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4...
Page 410 SSH Commands...
Page 411: Syslog Commands
Syslog Commands logging on The logging on global configuration command controls error messages logging. This command sends debug or error messages to a logging process, which logs messages to designated locations asynchronously to the process that generated the messages. To disable the logging process, use the no form of this command.
Page 412: Logging Console
• severity level—Limits the logging of messages to the syslog servers to a specified level: emergencies, alerts, critical, errors, warnings, notifications, informational and debugging. If unspecified, the default level is errors. • facility—The facility that is indicated in the message. Can be one of the following values: local0, local1, local2, local3, local4, local5, local 6, local7.
Page 413: Logging Buffered
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example limits messages logged to the console based on severity level "errors". Console (config)# logging console errors logging buffered The logging buffered global configuration command limits syslog messages displayed from an internal buffer based on severity.
Page 414: Clear Logging
Syntax logging buffered size number no logging buffered size • number—Numeric value indicating the maximum number of messages stored in the history table. (Range: 20 - 400) Default Configuration The default number of messages is 200. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Page 415: Logging File
logging file The logging file global configuration command limits syslog messages sent to the logging file based on severity. To cancel the buffer, use the no form of this command. Syntax logging file level no logging file • level—Limits the logging of messages to the buffer to a specified level: emergencies, alerts, critical, errors, warnings, notifications, informational and debugging.
Page 416: Aaa Logging
Example The following example clears messages from the logging file. Console# clear logging file Clear Logging File [y/n]y aaa logging The aaa logging global configuration command enables logging AAA login events. To disable logging AAA login events, use the no form of this command. Syntax aaa logging login no aaa logging login...
Page 417: Management Logging
Default Configuration Logging file system events is enabled. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables logging messages related to file copy operations. Console(config)# file-system logging copy management logging The management logging global configuration command enables logging management access list (ACL) events.
Page 418: Show Logging
show logging The show logging privileged EXEC command displays the state of logging and the syslog messages stored in the internal buffer. Syntax show logging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 419 Application filtering control ----------------------------- Application Event Status ----------- ----- ------ Login Enabled File system Copy Enabled Management ACL Deny Enabled Buffer log: 11-Aug-2005 15:41:43: %LINK-3-UPDOWN: Interface FastEthernet g1, changed state to up 11-Aug-2005 15:41:43: %LINK-3-UPDOWN: Interface Ethernet g1, changed state to up 11-Aug-2005 15:41:43: %LINK-3-UPDOWN: Interface Ethernet g1, changed state to up...
Page 420: Show Logging File
show logging file The show logging file privileged EXEC command displays the state of logging and the syslog messages stored in the logging file. Syntax show logging file Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 421 Application filtering control ----------------------------- Application Event Status ----------- ----- ------ Login Enabled File system Copy Enabled Management ACL Deny Enabled File log: 11-Aug-2005 15:41:43: %LINK-3-UPDOWN: Interface FastEthernet g1, changed state to up 11-Aug-2005 15:41:43: %LINK-3-UPDOWN: Interface Ethernet g1, changed state to up 11-Aug-2005 15:41:43: %LINK-3-UPDOWN: Interface Ethernet g1, changed state to up...
Page 422: Show Syslog-Servers
show syslog-servers The show syslog-servers privileged EXEC command displays the syslog servers settings. Syntax show syslog-servers Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the syslog server settings.
Page 423: System Management
System Management ping The ping user EXEC command sends ICMP echo request packets to another node on the network. Syntax ping host [size packet_size] [count packet_count] [timeout time_out] st • host—IP address being contacted. • packet_size—Number of bytes in a packet, from 56 to 1,472 bytes. The actual packet size is eight bytes larger than the size specified because the switch adds header information.
Page 424: Reload
Examples The following example displays a ping to IP address 10.1.1.1. Console# ping 10.1.1.1 64 bytes from 10.1.1.1: icmp_seq=0. time=11 ms 64 bytes from 10.1.1.1: icmp_seq=1. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=2. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=3. time=7 ms ----10.1.1.1 PING Statistics---- 4 packets transmitted, 4 packets received, 0% packet loss round-trip (ms) min/avg/max = 7/8/11...
Page 425: Clock Set
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example reloads the operating system. Console# reload clock set The clock set privileged EXEC command manually sets the system clock. Syntax clock set hh:mm:ss day month year clock set hh:mm:ss month day year •...
Page 426: Hostname
There are no user guidelines for this command. Example The following example specifies the device host name. Console (config)# hostname Dell asset-tag The asset-tag global configuration command specifies the device asset tag. To remove the existing asset tag, use the no form of the command.
Page 427: Show Users
Example The following example specifies the device asset tag as "1qwepot". Console (config)# asset-tag 1qwepot show users The show users user EXEC command displays information about the active users. Syntax show users Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines...
Page 428: Show System
Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the time and date from the system clock. Console# show clock 15:29:03 Jun 17 2005 show system The show system user EXEC command displays system information. Syntax show system Default Configuration...
Page 429 Example The following example displays the system information. Console> show system System Description: Ethernet Switch System Up Time (days,hour:min:sec): 0,00:00:17 System Contact: System Name: System Location: System MAC Address: 00:00:b0:00:00:00 Sys Object ID: 1.3.6.1.4.1.674.10895.3006 Type: PowerConnect 3424 Status --------------------- --------------------- Fan 1 Fan 2 Power supply...
Page 430: Show Version
show version The show version user EXEC command displays the system version information. Syntax show version Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays a system version (this version number is only for demonstration purposes).
Page 431: Traceroute
Example The following example displays the system service tag information. Console> show system id Service Tag: 89788978 Serial number: 8936589782 Asset tag: 7843678957 traceroute The traceroute user EXEC command discovers the IP routes that packets actually take when traveling to their destinations. Syntax traceroute {ip-address |hostname }[size packet_size] [ttl max-ttl] [count packet_count] [timeout time_out] [source ip-address] [tos tos]...
Page 432 Command Mode User EXEC mode User Guidelines The traceroute command takes advantage of the error messages generated by a router when a datagram exceeds its time-to-live (TTL) value. The traceroute user EXEC command starts by sending probe datagrams with a TTL value of one.
Page 433 Examples The following example discovers the routes that packets will actually take when traveling to their destination. Console> traceroute umaxp1.physics.lsa.umich.edu Type Esc to abort. Tracing the route to umaxp1.physics.lsa.umich.edu (141.211.101.64) 1 i2-gateway.stanford.edu (192.68.191.83) 0 msec 0 msec 0 msec 2 STAN.POS.calren2.NET (171.64.1.213) 0 msec 0 msec 0 msec 3 SUNV--STAN.POS.calren2.net (198.32.249.73) 1 msec 1 msec 1 msec 4 Abilene--QSV.POS.calren2.net (198.32.249.162) 1 msec 1 msec 1 msec...
Page 434: Telnet
The following table describes the characters that can appear in the traceroute user EXEC command output. Field Description The probe timed out. Unknown packet type. Administratively unreachable. Usually, this output indicates that an access list is blocking traffic. Fragmentation is required, and DF is set. Host unreachable.
Page 435 The command shows the telnet sessions to remote hosts that were opened by the present telnet session to the local device. It would not show telnet sessions to remote hosts that were opened by other telnet sessions to the local device. Special Telnet Command Characters Escape Sequence Purpose...
Page 436 Keywords Table Options Description /echo Enables local echo /quiet Prevents onscreen display of all messages from the software. /source-interface Specifies the source interface. /stream Turns on stream processing, which enables a raw TCP stream with no Telnet control sequences. A stream connection does not process Telnet options and can be appropriate for connections to ports running UNIX-to-UNIX Copy Program (UUCP) and other non-Telnet protocols.
Page 437: Resume
pim-auto-rp PIM Auto-RP pop2 Post Office Protocol v2 pop3 Post Office Protocol v3 smtp Simple Mail Transport Protocol sunrpc Sun Remote Procedure Call syslog Syslog tacacs TAC Access Control System talk Talk telnet Telnet time Time uucp Unix-to-Unix Copy Program whois Nickname World Wide Web...
Page 438 Examples The following command switches to another open Telnet session number 1. console> resume 1 System Management...
Page 439: Tacacs+ Commands
TACACS+ Commands tacacs-server host The tacacs-server host global configuration command specifies a TACACS+ server host. To delete the specified hostname or IP address, use the no form of this command. Syntax tacacs-server host {ip-address | hostname} [single-connection] [port port-number] [timeout timeout] [key key-string] [source source] [priority priority] no tacacs-server host {ip-address | hostname} •...
Page 440: Tacacs-Server Key
There are no user guidelines for this command. Example The following example sets the authentication encryption key: Console(config)# tacacs-server key dell-s tacacs-server source-ip The tacacs-server source-ip global configuration command specifies the source IP address used for communication with TACACS+ servers. To return to the default, use the no form of this command.
Page 441: Tacacs-Server Timeout
Syntax tacacs-server source-ip source no tacacs-server-ip source source—The source IP address. • Default Configuration The default IP address is the outgoing IP interface. Command Mode Global Configuration mode User Guidelines To define an out-of-band IP address, use the out-of-band IP address format: oob/ip-address. Example The following example specifies the source IP address: Console(config)# tacacs-server source-ip 172.16.8.1...
Page 442: Show Tacacs
show tacacs The show tacacs privileged EXEC command displays the configuration and statistics of a TACACS+ server. Syntax show tacacs [ip-address] • ip-address—The IP address of the TACACS+ server. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 443 Global values ------------- TimeOut: 3 Source IP: 172.16.8.1 OOB Source IP: 172.16.8.1 TACACS+ Commands...
Page 444 TACACS+ Commands...
Page 445: User Interface
User Interface enable The enable user EXEC command enters the privileged EXEC mode. Syntax enable [privilege-level] • privilege-level—Privilege level to enter the system. (Range: 1 - 15) Default Configuration The default privilege level is 15. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command.
Page 446: Login
User Guidelines There are no user guidelines for this command. Example The following example shows how to return to normal mode. Console# disable Console> login The login user EXEC command changes a login username. Syntax login Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines...
Page 447: Exit(Exec)
Default Configuration This command has no default configuration. Command Mode All command modes User Guidelines There are no user guidelines for this command. Example The following example changes the configuration mode from Interface Configuration mode to User EXEC mode. Console(config-if)# exit Console(config)# exit Console# exit(EXEC)
Page 448: Help
Syntax Default Configuration This command has no default configuration. Command Mode All Command modes User Guidelines There are no user guidelines for this command. Example The following example ends the current configuration session and returns to the previous command mode. Console (config)# end Console # help...
Page 449: History Size
Default Configuration The history function is enabled. Command Mode Line Configuration mode User Guidelines This command enables the command history function for a specified line. To enable or disable the command history function for the current terminal session, use the terminal history user EXEC command.
Page 450: Debug-Mode
Example The following example changes the command history buffer size to 100 entries for a particular line. Console (config-line)# history size 100 debug-mode The debug-mode privilege EXEC command switches the mode to debug. Syntax debug-mode Default Configuration This command has no default configuration. Command Mode Privilege EXEC command mode User Guidelines...
Page 451: Show Privilege
User Guidelines The commands are listed from the first to the latest command. The buffer is kept unchanged when entering to configuration mode and returning back. Example The following example displays all the commands entered while in the current privileged EXEC mode.
Page 452 User Interface...
Page 453: Vlan Commands
VLAN Commands vlan database The vlan database global configuration command enters the VLAN database configuration mode. Syntax vlan database Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enters the VLAN database mode.
Page 454: Interface Vlan
User Guidelines There are no user guidelines for this command. Example The following example VLAN number 1972 is created. Console (config)# vlan database Console (config-vlan)# vlan 1972 interface vlan The interface vlan global configuration command enters the interface configuration (VLAN) mode.
Page 455: Name
Syntax interface range vlan {vlan-range | all} • vlan-range—A list of valid VLAN IDs to add. Separate non consecutive VLAN IDs with a comma and no spaces; a hyphen designates a range of IDs. • all—All existing static VLANs. Default Configuration This command has no default configuration.
Page 456: Switchport Mode
Example The following example names VLAN number 19 with the name "Marketing". Console (config)# interface vlan 19 Console (config-if)# name Marketing switchport mode The switchport mode interface configuration command configures the VLAN membership mode of a port. To reset the mode to the appropriate default for the device, use the no form of this command.
Page 457: Switchport Trunk Allowed Vlan
Syntax switchport access vlan vlan-id no switchport access vlan vlan-id—VLAN ID of the VLAN to which the port is configured. • Default Configuration VLAN ID=1 Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines The command automatically removes the port from the previous VLAN, and adds it to the new VLAN.
Page 458: Switchport Trunk Native Vlan
Example The following example shows how to add VLANs 2 and 5 to 8 to the allowed list of g8. Console (config)# interface ethernet g8 Console (config-if)# switchport trunk allowed vlan add 2,5-8 switchport trunk native vlan The switchport trunk native vlan interface configuration command defines the port as a member of the specified VLAN, and the VLAN ID as the "port default VLAN ID (PVID)".
Page 459: Switchport General Pvid
Syntax switchport general allowed vlan add vlan-list [ tagged | untagged ] switchport general allowed vlan remove vlan-list • add vlan-list—List of VLAN IDs to add. Separate non consecutive VLAN IDs with a comma and no spaces. A hyphen designates a range of IDs. •...
Page 460: Switchport General Ingress-Filtering Disable
Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example shows how to configure the PVID for g8, when the interface is in general mode. Console (config)# interface ethernet g8 Console (config-if)# switchport general pvid 234 switchport general ingress-filtering disable The switchport general ingress-filtering disable interface configuration command disables port...
Page 461: Switchport Forbidden Vlan
Syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures g8 to discard untagged frames at ingress. Console (config)# interface ethernet g8 Console (config-if)# switchport general acceptable-frame-type tagged-only...
Page 462: Switchport Protected
Example The following example forbids adding VLANs number 234 till 256, to g8. Console (config)# interface ethernet g8 Console (config-if)# switchport forbidden vlan add 234-256 switchport protected The switchport protected interface configuration command overrides the FDB decision and sends all Unicast, Multicast and Broadcast traffic to an uplink port. To disable overriding the FDB decision, use the no form of this command.
Page 463: Map Protocol Protocols-Group
map protocol protocols-group The map protocol protocols-group VLAN database command adds a special protocol to a named group of protocols, which may be used for protocol-based VLAN assignment. To delete a protocol from a group, use the no form of this command. Syntax map protocol protocol [encapsulation] protocols-group group no map protocol protocol encapsulation...
Page 464: Show Vlan
• group—Group number as defined in the map protocol protocols-group command. (Range: 1 - 2147483647) • vlan-id—Define the VLAN ID in the classifying rule. Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command.
Page 465: Show Vlan Internal Usage
Console# show vlan Vlan Name Ports Type ---- ------------ -------------------- --------------------------- g(1-22),ch(1-7) other g(1-4) permanent g(2-3,5,8-9) permanent show vlan internal usage The show vlan internal usage privileged EXEC command displays a list of VLANs being used internally by the switch. Syntax show vlan internal usage Default Configuration...
Page 466: Show Vlan Protocols-Groups
Example The following example displays all VLAN information. Console# show vlan internal usage VLAN Usage -------- --------------- 1008 Eth g21 1009 Eth g22 show vlan protocols-groups The show vlan protocols-groups privileged EXEC command displays protocols-groups information. Syntax show vlan protocols-groups Default Configuration This command has no default configuration.
Page 467: Show Interfaces Switchport
show interfaces switchport The show interfaces switchport privileged EXEC command displays switchport configuration. Syntax show interfaces switchport {ethernet interface | port-channel port-channel-number} Interface—Specific interface, such as ethernet g8. • • port-channel-number—Valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 468 Forbidden VLANS: Vlan Name ---- -------------------------------- vlan4 Classification rules: Group ID Vlan ID -------- ------- VLAN Commands...
Page 469: Vrrp Commands
VRRP Commands vrrp ip The vrrp ip interface configuration command defines Virtual Router Redundancy Protocol (VRRP) for an interface. To delete the definition, use the no form of this command. Syntax vrrp virtual-router ip ip-address [ip-address2…ip-address8] no vrrp virtual-router ip •...
Page 470: Vrrp Timer
Default Configuration VRRP is disabled Command Mode Interface configuration (Ethernet, VLAN, port-channel) User Guidelines This command cannot be used with a range of ports. Example The following example enables VRRP number 45 on port g8. Console(config)# interface ethernet g8 Console(config-if)# vrrp 45 up vrrp timer The vrrp timer interface configuration command configures the time between sending advertisements messages.
Page 471: Vrrp Priority
Example The following example configures the time between sending advertisements messages for VRRP as a number from 45 to 100 seconds on g8. Console(config)# interface ethernet g8 Console(config-if)# vrrp 45 timer 100 vrrp priority The vrrp priority interface configuration command configures Virtual Router Redundancy Protocol (VRRP) priority on an interface.
Page 472: Vrrp Source-Ip
vrrp source-ip The vrrp source-ip interface configuration command defines the source IP address used for Virtual Router Redundancy Protocol (VRRP) messages on an interface. To return to default IP address, use the no form of this command. Syntax vrrp virtual-router source-ip ip-address no vrrp virtual-router source-ip •...
Page 473: Vrrp Preempt
Interface configuration (Ethernet, VLAN, port-channel) User Guidelines This command cannot be used with a range of ports. Example The following example enables authentication for the VRRP number 45 with the password "Dell" on g8. Console(config)# interface ethernet g8 Console(config-if)# vrrp 45 authentication Dell...
Page 474 Syntax show vrrp configuration [ethernet interface-number | vlan vlan-id | port-channel number] • ethernet interface-number—Ethernet port number. • vlan vlan-id—VLAN number. • port-channel number—Port-channel number. Default Configuration There are no user guidelines for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 475: Show Vrrp Status
show vrrp status The show vrrp status privileged EXEC command displays Virtual Router Redundancy Protocol (VRRP) status. Syntax show vrrp status [ethernet interface-number | vlan vlan-id | port-channel number] • ethernet interface-number—Ethernet port number. • vlan vlan-id—VLAN number. port-channel number—Port-channel number. •...
Page 476 VRRP Commands...
Page 477: Web Server
Web Server ip http port The ip http port global configuration command specifies the TCP port for use by a web browser to configure the device. To use the default TCP port, use the no form of this command. Syntax ip http port port-number no ip http port •...
Page 478: Ip Https Port
User Guidelines There are no user guidelines for this command. Example The following example enables the device to be configured from a browser. Console (config)# ip http server ip https port The ip https port global configuration command configures a TCP port for use by a secure web browser to configure the device.
Page 479: Crypto Certificate Generate
Command Mode Global Configuration mode User Guidelines You must use the crypto certificate generate command to generate the HTTPS certificate. Example The following example enables the device to be configured from a browser. Console (config)# ip https server crypto certificate generate The crypto certificate generate global configuration command generates a self-signed HTTPS certificate.
Page 480: Crypto Certificate Request
common- name—The default value is the lowest IP address of the device when the certificate is generated. days—The default value is 365 days. Command Mode Global Configuration mode User Guidelines The command is not saved in the router configuration; however, the certificate and keys generated by this command are saved in the private configuration, which is never displayed to the user or backed up to another device.
Page 481 User Guidelines Use this command to export a certificate request to a Certification Authority. The certificate request is generated in Base64-encoded X.509 format. Before generating a certificate request, you must first generate a self-signed certificate using the crypto certificate generate global configuration command. Make sure to re-enter values in the certificate fields.
Page 482: Crypto Certificate Import
crypto certificate import The crypto certificate import global configuration command imports a certificate signed by the Certification Authority for HTTPS. Syntax crypto certificate number import • number—Specifies the certificate number. (Range: 2 characters) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines...
Page 483: Ip Https Certificate
Examples The following example imports a certificate sighed by the Certification Authority for HTTPS. Console(config)# crypto certificate 1 import -----BEGIN CERTIFICATE----- dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH/xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw CwR0PBAQDAgFGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAf4MT9BRD47 ZvKBAEL9Ggp+6MIIBNgYDVR0fBIIBLTCCASkwgdKggc+ggcyGgclsZGFwOi8v L0VByb3h5JTIwU29mdHdhcmUlMjBSb290JTIwQ2VydGlmaWVyLENOPXNlcnZl -----END CERTIFICATE----- Certificate imported successfully. Issued to: router.gm.com Issued by: www.verisign.com Valid from: 8/9/2005 to 8/9/2005 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788...
Page 484: Show Ip Http
User Guidelines The HTTPS certificate is generated using the crypto certificate generate global configuration command. Examples The following example configures the active certificate for HTTPS: Console(config)# ip https certificate 1 show ip http The show ip http privileged EXEC command displays the HTTP server configuration. Syntax show ip http Default Configuration...
Page 485 User Guidelines There are no user guidelines for this command. Example The following example displays the HTTP server configuration. Console# show ip https HTTPS server enabled. Port: 443 Certificate 1 is active Issued by: www.verisign.com Valid from: 8/9/2005 to 8/9/2005 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive...
Page 486 Web Server...
Page 487: Aaa Authentication Dot1X
802.1x Commands aaa authentication dot1x The aaa authentication dot1x global configuration command specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1x. To return to the default setting, use the no form of this command. Syntax aaa authentication dot1x default method1 [method2...] no aaa authentication dot1x default...
Page 488: Dot1X Port-Control
Default Configuration dot1x is disabled. Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command. Examples The following example enables 802.1x globally: Console(config)# dot1x system-auth-control dot1x port-control The dot1x port-control interface configuration command enables manual control of the authorization state of the port.
Page 489: Dot1X Re-Authentication
User Guidelines It is recommended to disable the spanning tree or to enable spanning-tree PortFast mode on 802.1x edge ports (ports in auto state that are connected to end stations), in order to go immediately to the forwarding state after successful authentication. Examples The following example enables 802.1x authentication on the interface: Console(config)# interface ethernet g16...
Page 490: Dot1X Re-Authenticate
Syntax dot1x timeout re-authperiod seconds no dot1x timeout re-authperiod • seconds — Number of seconds between re-authentication attempts. (Range: 300 - 4294967295) Default Configuration Re-authentication period is 3600 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Examples The following example sets the number of seconds between re-authentication attempts, to 300: Console(config)# interface ethernet g16...
Page 491: Dot1X Timeout Quiet-Period
dot1x timeout quiet-period The dot1x timeout quiet-period interface configuration command sets the number of seconds that the device remains in the quiet state following a failed authentication exchange (for example, the client provided an invalid password). To return to the default setting, use the no form of this command.
Page 492: Dot1X Max-Req
Syntax dot1x timeout tx-period seconds no dot1x timeout tx-period • seconds — Time in seconds that the device should wait for a response to an EAP - request/identity frame from the client before resending the request. (Range: 1 - 65535) Default Configuration The period of time is set to 30 seconds.
Page 493: Dot1X Timeout Supp-Timeout
Command Mode Interface Configuration (Ethernet) mode User Guidelines The default value of this command should only be changed to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. Examples The following example sets the number of times that the device sends an EAP-request/identity frame to 6:.
Page 494: Dot1X Timeout Server-Timeout
Examples The following example sets the time for the retransmission of an EAP-request frame to the client to 3600 seconds: Console(config-if)# dot1x timeout supp-timeout 3600 dot1x timeout server-timeout The dot1x timeout server-timeout interface configuration mode command sets the time that the device waits for a response from the authentication server before retransmitting packets.
Page 495 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays 802.1x port g11 status. Console# show dot1x 802.1x is enabled Port Admin Mode Oper Mode Reauth Reauth...
Page 496 Tx period: 30 Seconds Max req: Supplicant timeout: 30 Seconds Server timeout: 30 Seconds Session Time (HH:MM:SS): 08:19:17 MAC Address: 00:08:78:32:98:78 Authentication Method: Remote Termination Cause: Supplicant logoff Authenticator State Machine State: HELD Backend State Machine State: IDLE Authentication success: Authentication fails: The following table describes the significant fields shown in the display: Field...
Page 497: Show Dot1X Users
Max req The maximum number of times that the device sends an Extensible Authentication Protocol (EAP)-request frame (assuming that no response is received) to the client before restarting the authentication process. Supplicant timeout Time in seconds the device waits for a response to an EAP-request frame from the client before resending the request.
Page 498: Show Dot1X Statistics
Example The following example displays 802.1x users. Console# show dot1x users Port Username Session Time Auth Method MAC Address ----- -------- ------------ ----------- ------------- 1d:03:08:58 Remote 0008:3b79:8787 John 08:19:17 Remote 0008:3b89:3127 Console# show dot1x users username Bob Port Username Session Time Auth Method MAC Address -----...
Page 499 User Guidelines There are no user guidelines for this command. Examples The following example displays 802.1x statistics for the specified interface. Console# show dot1x statistics ethernet g1 EapolFramesRx: 11 EapolFramesTx: 12 EapolStartFramesRx: 1 EapolLogoffFramesRx: 1 EapolRespIdFramesRx: 3 EapolRespFramesRx: 6 EapolReqIdFramesTx: 3 EapolReqFramesTx: 6 InvalidEapolFramesRx: 0 EapLengthErrorFramesRx: 0...
Page 500: Advanced Features
EapolReqIdFramesTx The number of EAP Req/Id frames that have been transmitted by this Authenticator. EapolReqFramesTx The number of EAP Request frames (other than Rq/Id frames) that have been transmitted by this Authenticator. InvalidEapolFramesRx The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized.
Page 501 dot1x multiple-hosts The dot1x multiple-hosts interface configuration command allows multiple hosts (clients) on an 802.1x-authorized port where the dot1x port-control interface configuration command is set to auto. To return to the default setting, use the no form of this command. Syntax dot1x multiple-hosts no dot1x multiple-hosts...
Page 502: Dot1X Single-Host-Violation
• discard-shutdown — Discard frames with source addresses that are not the supplicant address, and shut down the port. • trap — Send SNMP traps • seconds — Minimum time in seconds between consecutive traps. (Range: 1- 1000000 Default Configuration Discard frames with source addresses that are not the supplicant address.
Page 503 Examples The following example displays 802.1x advanced features for the device. Console# show dot1x advanced Unauthenticated VLANs: 91,92 Port Multiple Hosts ---- -------------- Disabled Enabled Console# show dot1x advanced ethernet g1 Port Multiple Hosts ---- -------------- Disabled Single host parameters Violation action: Discard Trap: Enabled Trap frequency: 100...
Page 504 802.1x Commands...

This manual is also suitable for:

Powerconnect 6024

Dell PowerConnect 6024F Command Line Interface Reference Manual

1 Command Groups

2 Using the CLI

3 AAA Commands

4 ACL Commands

5 Address Table Commands

6 Clock

7 DHCP Relay Commands

8 Configuration and Image Files

9 Ethernet Configuration Commands

10 GVRP Commands

11 IP Addressing Commands

12 IGMP Snooping Commands

13 IP Routing Protocol-Independent Commands

14 LACP Commands

15 Line Commands

16 Management ACL

17 Multicast Routing Commands

18 OSPF Commands

19 PHY Diagnostics Commands

20 Port Channel Commands

21 Port Monitor Commands

22 Qos Commands

Quick Links

CLI Reference Guide

Related Manuals for Dell PowerConnect 6024F

Summary of Contents for Dell PowerConnect 6024F