Dell PowerConnect 5324 Command Line Interface Reference Manual
  1. Manuals
  2. Brands
  3. Dell Manuals
  4. Switch
  5. 5324 - PowerConnect Switch
  6. Command line interface reference manual

Dell PowerConnect 5324 Command Line Interface Reference Manual

Command line interface guide
Hide thumbs Also See for PowerConnect 5324:
Table of Contents

Advertisement

Quick Links

See also: User Manual
Dell™ PowerConnect™ 5324 Systems

CLI Reference Guide

w w w . d e l l . c o m | s u p p o r t . d e l l . c o m

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the PowerConnect 5324 and is the answer not in the manual?

Questions and answers

Related Manuals for Dell PowerConnect 5324

Summary of Contents for Dell PowerConnect 5324

  • Page 1: Cli Reference Guide

    Dell™ PowerConnect™ 5324 Systems CLI Reference Guide w w w . d e l l . c o m | s u p p o r t . d e l l . c o m...
  • Page 2 Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.

  • Page 3: Table Of Contents

    Contents Command Groups ....... . Introduction ......Command Groups .
  • Page 4 SSH Commands ............Syslog Commands .
  • Page 5 login authentication ............enable authentication .
  • Page 6 Clock ....... . . clock set ....... clock source .
  • Page 7 Ethernet Configuration Commands ......interface ethernet ......interface range ethernet .
  • Page 8 garp timer ............gvrp vlan-creation-forbid .
  • Page 9 clear arp-cache ............. show arp .
  • Page 10 Syntax ............lldp enable (interface) .
  • Page 11 17 Port Channel Commands ......interface port-channel ..... . . interface range port-channel .
  • Page 12 radius-server retransmit ..........radius-server source-ip .
  • Page 13 snmp-server host ............snmp-server set .
  • Page 14 spanning-tree mst port-priority ..........spanning-tree mst cost .
  • Page 15 show crypto key pubkey-chain ssh ....25 Syslog Commands ....... . logging on .
  • Page 16 show version ............. . asset-tag .
  • Page 17 30 VLAN Commands ......vlan database ........vlan .
  • Page 18 ip http port ............. . ip https server .
  • Page 19 show dot1x statistics ........... . ADVANCED FEATURES .
  • Page 20 D E L L C O N F I D E N T I A L – P R E L I M I N A R Y 9 / 1 2 / 0 6 – F O R P R O O F O N LY...

  • Page 21: Command Groups

    Command Groups Introduction The Command Language Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, you have greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
  • Page 22 PHY Diagnostics Diagnoses and displays the interface status. Port Channel Configures and displays Port channel information. Port Monitor Monitors activity on specific target ports. Configures and displays QoS information. RADIUS Configures and displays RADIUS information. RMON Displays RMON statistics. SNMP Configures SNMP communities, traps and displays SNMP information.

  • Page 23: Aaa Commands

    AAA Commands Command Group Description Access Mode aaa authentication login Defines login authentication. Global Configuration aaa authentication enable Defines authentication method lists for accessing higher Global privilege levels. Configuration login authentication Specifies the login authentication method list for a Global remote telnet or console.

  • Page 24: Clock Commands

    bridge multicast forward- Enables forwarding of all multicast frames on a port. VLAN Configuration bridge multicast Enables forbidding forwarding of all multicast frames VLAN forbidden forward-all to a port. Configuration bridge aging-time Sets the address table aging time. Global Configuration clear bridge Removes any learned entries from the forwarding Privileged User...

  • Page 25: Configuration And Image Files Commands

    Grants authentication for received Network sntp authenticate Global Time Protocol (NTP) traffic from servers. Configuration Authenticates the identity of a system to which sntp trusted-key Global Simple Network Time Protocol (SNTP) will Configuration synchronize. Sets the polling time for the Simple Network sntp client poll timer Global Time Protocol (SNTP) client.

  • Page 26: Ethernet Configuration Commands

    show running-config Displays the contents of the currently running Privileged User configuration file. EXEC show startup-config Displays the startup configuration file contents. Privileged User EXEC Displays the backup configuration file contents. show backup-config Privileged User EXEC show bootvar Displays the active system image file that the device Privileged User loads at startup.

  • Page 27: Gvrp Commands

    set interface active Reactivates an interface that was suspended by the Privileged User system. EXEC show interfaces Displays the configuration for all configured User EXEC configuration interfaces. show interfaces status Displays the status for all configured interfaces. User EXEC show interfaces Displays the description for all configured interfaces.

  • Page 28: Igmp Snooping Commands

    IGMP Snooping Commands Command Group Description Access Mode ip igmp snooping Enables Internet Group Management Protocol Global (Global) (IGMP) snooping. Configuration ip igmp snooping Enables Internet Group Management Protocol VLAN (Interface) (IGMP) snooping on a specific VLAN. Configuration ip igmp snooping Enables automatic learning of multicast router ports VLAN mrouter...

  • Page 29: Lacp Commands

    arp timeout Configures how long an entry remains in the ARP Global cache Configuration clear arp-cache Deletes all dynamic entries from the ARP cache. Privileged User EXEC show arp Displays entries in the ARP table. Privileged User EXEC ip domain-lookup Enables the IP Domain Naming System (DNS)-based Global host name-to-address translation.

  • Page 30: Lldp Commands

    speed Sets the line baud rate. Line Configuration Sets the line for automatic baud rate detection autobaud Line Configuration exec-timeout Configures the interval that the system waits until Line user input is detected. Configuration show line Displays line parameters. User EXEC LLDP Commands Command Group Description...

  • Page 31: Management Acl Commands

    show lldp neighbors Displays information about discovered neighboring Privileged devices using Link Layer Discovery Protocol (LLDP). EXEC Management ACL Commands Command Group Description Access Mode management access- Defines a management access-list, and enters the access- Global list list for configuration. Configuration permit (management) Defines a permit rule.

  • Page 32: Port Channel Commands

    Port Channel Commands Command Group Description Access Mode interface port-channel Enters the interface configuration mode of a specific Global port-channel. Configuration interface range port- Enters the interface configuration mode to configure Global channel multiple port-channels. Configuration channel-group Associates a port with a port-channel. Interface Configuration port channel load...

  • Page 33: Radius Commands

    qos trust (Global) Configures the system to basic mode and the "trust" Global state. Configuration Enables each port trust state qos trust (Interface) Interface Configuration qos cos Configures the default port CoS value. Interface Configuration show qos map Displays all the maps for QoS. User EXEC Radius Commands Command Group...

  • Page 34: Rmon Commands

    RMON Commands Command Group Description Mode show rmon statistics Displays RMON Ethernet Statistics. User EXEC rmon collection history Enables a Remote Monitoring (RMON) MIB history Interface statistics group on an interface. Configuration show rmon collection Displays the requested history group configuration. User EXEC history show rmon history...

  • Page 35: Spanning Tree Commands

    snmp-server host Specifies the recipient of Simple Network Global Management Protocol notification operation, Configuration snmp-server set Sets SNMP MIB value by the CLI. Global Configuration snmp-server group Configures a new Simple Network Management Global Protocol (SNMP) group, or a table that maps SNMP Configuration users to SNMP views.
  • Page 36 spanning-tree priority Configures the spanning tree priority. Global Configuration spanning-tree disable Disables spanning tree on a specific port. Interface Configuration spanning-tree cost Configures the spanning tree path cost for a port. Interface Configuration spanning-tree port- Configures port priority. Interface priority Configuration spanning-tree portfast Enables PortFast mode.

  • Page 37: Ssh Commands

    Overrides the default link-type setting spanning-tree link-type Interface Configuration Sets the default path cost method. spanning-tree pathcost Global method Configuration spanning-tree bpdu Defines BPDU handling when spanning tree is Global disabled on an interface. Configuration clear spanning-tree Restarts the protocol migration process on all Privileged User detected-protocols interfaces or on the specified interface.

  • Page 38: Syslog Commands

    show crypto key pubkey-chain Displays SSH public keys stored on the device. Privileged User EXEC Syslog Commands Command Group Description Access Mode logging on Controls error messages logging. Global Configuration logging Logs messages to a syslog server. Global Configuration logging console Limits messages logged to the console based on Global severity.

  • Page 39: System Management Commands

    System Management Commands Command Group Description Access Mode ping Sends ICMP echo request packets to another User EXEC node on the network. traceroute Discovers the routes that packets will actually take User EXEC when traveling to their destination. telnet Logs in to a host that supports Telnet. User EXEC resume Switches to another open Telnet session...

  • Page 40: User Interface Commands

    User Interface Commands Command Group Description Access Mode enable Enters the privileged EXEC mode. disable Returns to User EXEC mode. login Changes a login username. configure Enables the global configuration mode exit(configuration) Exits any configuration mode to the next highest mode in the CLI mode hierarchy.
  • Page 41 switchport access vlan Configures the VLAN membership mode of a port. Interface Configuration switchport access vlan Configures the VLAN ID when the interface is in access Interface mode. Configuration switchport trunk Adds or removes VLANs from a port in general mode. Interface allowed vlan Configuration...

  • Page 42: Web Server Commands

    switchport customer Sets the port's VLAN when Interface vlan configuration the interface is in customer mode. (Ethernet, port- channel) Web Server Commands Command Group Description Access Mode ip http server Enables the device to be configured from a browser. Global Configuration ip http port Specifies the TCP port for use by a web browser to...

  • Page 43: 802.1X Commands

    802.1x Commands Command Description Access Mode aaa authentication Specifies one or more authentication, authorization, and Global dot1x accounting (AAA) methods for use on interfaces running Configuration IEEE 802.1X. dot1x system-auto- Enables 802.1x globally. Global control Configuration dot1x port-control Enables manual control of the authorization state of the Interface port Configuration...
  • Page 44 Command Groups...

  • Page 45: Command Modes

    Command Modes GC (Global Configuration) Mode Command Description aaa authentication enable Defines authentication method lists for accessing higher privilege levels. aaa authentication login Defines login authentication. aaa authentication dot1x Specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1X. Adds a permanent entry in the ARP cache.
  • Page 46 interface range ethernet Enters the interface configuration mode to configure multiple ethernet type interfaces. interface range port-channel Enters the interface configuration mode to configure multiple port- channels. interface range vlan Enters the interface configuration mode to configure multiple VLANs. interface vlan Enters the interface configuration (VLAN) mode.
  • Page 47 logging file Limits syslog messages sent to the logging file based on severity. logging on Controls error messages logging. login authentication Specifies the login authentication method list for a remote telnet or console. management access-class Defines which management access-list is used. management access-list Defines a management access-list, and enters the access-list for configuration.

  • Page 48: Ic (Interface Configuration) Mode

    snmp-server set Sets SNMP MIB value by the CLI. snmp-server trap Enables the switch to send Simple Network Management Protocol traps authentication when authentication failed. sntp authenticate Grants authentication for received Network Time Protocol (NTP) traffic from servers. sntp authentication-key Defines an authentication key for Simple Network Time Protocol (SNTP).
  • Page 49 dot1x max-req Sets the maximum number of times that the switch sends an EAP - request/identity frame to the client, before restarting the authentication process. show dot1x Allows multiple hosts on an 802.1X-authorized port, that has the dot1x port-control interface configuration command set to auto. dot1x port-control Enables manual control of the authorization state of the port dot1x re-authentication...

  • Page 50: Lc (Line Configuration) Mode

    name Configures a name to a VLAN. negotiation Enables auto-negotiation operation for the speed and duplex parameters of a given interface. port monitor Starts a port monitoring session. port security Disables new address learning on an interface. port security routed secure- Adds MAC-layer secure addresses to a routed port.

  • Page 51: Ma (Management Access-Level) Mode

    history size Changes the command history buffer size for a particular line. password Specifies a password on a line. Sets the line for automatic baud rate detection autobaud speed Sets the line baud rate. MA (Management Access-level) Mode Command Description deny (management) Defines a deny rule.
  • Page 52 set interface active Reactivates an interface that was suspended by the system. show arp Displays entries in the ARP table. show authentication methods Displays information about the authentication methods. show bootvar Displays the active system image file that the device loads at startup show bridge address-table Displays dynamically created entries in the bridge-forwarding database.

  • Page 53: Sp (Ssh Public Key) Mode

    show ports storm-control Displays the storm control configuration. show radius-servers Displays the RADIUS server settings. show running-config Displays the contents of the currently running configuration file. show snmp Displays the SNMP status. show spanning-tree Displays spanning tree configuration. show startup-config Displays the startup configuration file contents.
  • Page 54 show hosts Displays the default domain name, a list of name server hosts, the static and the cached list of host names and addresses. show interfaces configuration Displays the configuration for all configured interfaces. show interfaces counters Displays traffic seen by the physical interface. show interfaces description Displays the description for all configured interfaces.

  • Page 55: Vc (Vlan Configuration) Mode

    VC (VLAN Configuration) Mode Command Description bridge address Adds a static MAC-layer station source address to the bridge table. bridge multicast address Registers MAC-layer multicast addresses to the bridge table, and adds static ports to the group. bridge multicast forbidden Forbids adding a specific multicast address to specific ports.
  • Page 56 Command Modes...

  • Page 57: Using The Cli

    Using the CLI This chapter describes how to start using the CLI and describes implemented command editing features to assist in using the CLI. CLI Command Modes Introduction To assist in configuring devices, the CLI [Command Line Interface] is divided into different command modes.
  • Page 58 When starting a session, the initial mode is the User EXEC mode. Only a limited subset of commands are available in User EXEC Mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required. The Privileged mode gives access to commands that are restricted on EXEC mode and provides access to the device Configuration mode.
  • Page 59 The following example illustrates how to access Privileged Exec mode and return back to the User EXEC mode: console>enable Enter Password: ****** console# console#disable console> The Exit command is used to return from any mode to the previous mode except when returning to User EXEC mode from the Privileged EXEC mode.

  • Page 60: Starting The Cli

    Interface Configuration Mode and Specific Configuration Modes Interface Configuration mode commands are to modify specific interface operations. The following are the Interface Configuration modes: • Line Interface—Contains commands to configure the management connections. These include commands such as line speed, timeout settings, etc. The Global Configuration mode command line is used to enter the Line Configuration command mode.

  • Page 61: Editing Features

    Start the device and wait until the startup procedure is complete. The User Exec mode is entered, and the prompt "Console>" is displayed. Configure the device and enter the necessary commands to complete the required tasks. When finished, exit the session with the quit or exit command. When a different user is required to log onto the system, in the Privileged EXEC mode command mode the login command is entered.
  • Page 62 Terminal Command Buffer Every time a command is entered in the CLI, it is recorded on an internally managed Command History buffer. Commands stored in the buffer are maintained on a First In First Out (FIFO) basis.These commands can be recalled, reviewed, modified, and reissued. This buffer is not preserved across device resets.
  • Page 63 Keyboard Shortcuts The CLI has a range of keyboard shortcuts to assist in editing the CLI commands. The following table describes the CLI shortcuts. Keyboard Key Description Up-arrow key Recalls commands from the history buffer, beginning with the most recent command.
  • Page 64 Using the CLI...

  • Page 65: Aaa Commands

    AAA Commands aaa authentication login The aaa authentication login Global Configuration mode commands defines login authentication. To return to the default configuration, use the no form of this command. Syntax aaa authentication login {default | list-name} method1 [method2...] no aaa authentication login {default | list-name} •...

  • Page 66: Aaa Authentication Enable

    • Create a list by entering the aaa authentication login list-name method command for a particular protocol, where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.

  • Page 67: Login Authentication

    Default Configuration If the default list is not set, only the enable password is checked. This has the same effect as the command aaa authentication enable default enable. On the console, the enable password is used if it exists. If no password is set, the process still succeeds.

  • Page 68: Enable Authentication

    Default Configuration Uses the default set with the command authentication login. Command Mode Line Configuration mode User Guidelines • Changing login authentication from default to another value may disconnect the telnet session. Example The following example specifies the default authentication method for a console. Console (config)# line console Console (config-line)# login authentication default enable authentication...

  • Page 69: Ip Http Authentication

    Console (config)# line console Console (config-line)# enable authentication default ip http authentication The ip http authentication Global Configuration mode command specifies authentication methods for http. To return to the default, use the no form of this command. Syntax ip http authentication method1 [method2...] no ip http authentication •...

  • Page 70: Ip Https Authentication

    ip https authentication The ip https authentication Global Configuration mode command specifies authentication methods for https servers. To return to the default, use the no form of this command. Syntax ip https authentication method1 [method2...] no ip https authentication method1 [method2...]—Specify at least one from the following table: •...
  • Page 71 Syntax show authentication methods Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the authentication configuration. AAA Commands...

  • Page 72: Password

    Console# show authentication methods Login Authentication Method Lists ----------------------------------- Console_Default: None Network_Default: Local Enable Authentication Method Lists ----------------------------------- Console_Default: Enable None Network_Default: Enable Line Login Method List Enable Method List -------------- ----------------- ------------------ Console Default Default Telnet Default Default Default Default http : Tacacs...

  • Page 73: Enable Password

    Default Configuration No password is required. Command Mode Line Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example specifies a password "secret" on a line. Console (config-line)# password secret enable password The enable password Global Configuration mode command sets a local password to control access to normal and privilege levels.

  • Page 74: Username

    Example The following example sets a local level 15 password "secret" to control access to user and privilege levels. Console (config)# enable password level 15 secret username The username Global Configuration mode command establishes a username-based authentication system. To remove a user name use the no form of this command. Syntax username name [password password] [level level] [encrypted] no username name...
  • Page 75 Syntax show users accounts Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the local users configured with access to the system. Console# show users accounts Username Privilege...
  • Page 76 AAA Commands...

  • Page 77: Address Table Commands

    Address Table Commands bridge address The bridge address VLAN Interface Configuration mode command adds a static MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of the bridge address command (using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN).

  • Page 78: Bridge Multicast Filtering

    Console (config)# interface vlan 2 Console (config-vlan)# bridge address 3a:a2:64:b3:a2:45 ethernet g8 permanent bridge multicast filtering The bridge multicast filtering Global Configuration mode command enables filtering of multicast addresses. To disable filtering of multicast addresses, use the no form of the bridge multicast filtering command.
  • Page 79 bridge multicast address {mac-multicast-address | ip-multicast-address} [add | remove] {ethernet interface-list | port-channel port-channel-number-list} no bridge multicast address {mac-multicast-address | ip-multicast-address} • add—Adds ports to the group. If no option is specified, this is the default option. • remove—Removes ports from the group. •...

  • Page 80: Bridge Multicast Forbidden Address

    bridge multicast forbidden address The bridge multicast forbidden address Interface Configuration mode command forbids adding a specific multicast address to specific ports. Use the no form of this command to return to default. Syntax bridge multicast forbidden address {mac-multicast-address | ip-multicast-address} {add | remove} {ethernet interface-list | port-channel port-channel-number-list} no bridge multicast forbidden address {mac-multicast-address | ip-multicast-address} •...

  • Page 81: Bridge Multicast Forward-All

    bridge multicast forward-all The bridge multicast forward-all Interface Configuration mode command enables forwarding of all multicast packets on a port. To restore the default, use the no form of the bridge multicast forward-all command. Syntax bridge multicast forward-all {add | remove} {ethernet interface-list | port-channel port- channel-number-list} no bridge multicast forward-all •...

  • Page 82: Bridge Aging-Time

    Syntax bridge multicast forbidden forward-all {add | remove} {ethernet interface-list | port-channel port-channel-number-list} no bridge multicast forward-all • add—Forbids forwarding all multicast packets. • remove—Does not forbid forwarding all multicast packets. • interface-list—Separates non consecutive valid Ethernet ports with a comma and no spaces;...

  • Page 83: Clear Bridge

    • seconds—Time is number of seconds. (Range: 10 - 630 seconds) Default Configuration 300 seconds Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example In this example the bridge aging time is set to 250. Console (config)# bridge aging-time 250 clear bridge The clear bridge Privileged EXEC mode command removes any learned entries from the...

  • Page 84: Port Security

    port security The port security Interface Configuration mode command locks the port. By locking the port, new addresses are not learned on the port. To enable new address learning, use the no form of the port security command. Syntax port security [forward | discard | discard-shutdown] [trap seconds] no port security •...

  • Page 85: Port Security Routed Secure-Address

    port security routed secure-address The port security routed secure-address Interface Configuration mode command adds MAC-layer secure addresses to a routed port. Use the no form of this command to delete the MAC addresses. Syntax port security routed secure-address mac-address no port security routed secure-address mac-address •...
  • Page 86 • port-channel-number—A valid port-channel number. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • Internal usage VLANs (VLANs that are automatically allocated on routed ports) would be presented in the VLAN column by a port number and not by a VLAN ID. Example In this example, all classes of entries in the bridge-forwarding database are displayed.

  • Page 87: Show Bridge Address-Table Static

    Console# show bridge address-table Aging time is 300 sec vlan mac address port type ---- ----------- ---- ---- 00:60:70:4C:73:FF dynamic 00:60:70:8C:73:FF dynamic 00:10:0D:48:37:FF static 00:10:0D:48:37:FF dynamic show bridge address-table static The show bridge address-table static Privileged EXEC mode command displays statically created entries in the bridge-forwarding database.

  • Page 88: Show Bridge Address-Table Count

    Console# show bridge address-table static Aging time is 300 sec vlan mac address port type ---- ----------- ---- ---- 00:60:70:4C:73:FF permanent 00:60:70:8C:73:FF delete-on-timeout 00:10:0D:48:37:FF delete-on-reset show bridge address-table count The show bridge address-table count Privileged EXEC mode command displays the number of addresses present in all VLANs or in a specific VLAN.

  • Page 89: Show Bridge Multicast Address-Table

    Console# show bridge address-table count Capacity: 8192 Free: 8084 Used: 108 Static addresses: 2 Dynamic addresses: 97 Internal addresses: 9 show bridge multicast address-table The show bridge multicast address-table Privileged EXEC mode command displays multicast MAC address table information. Syntax show bridge multicast address-table [vlan vlan-id] [address mac-multicast-address | ip- multicast-address] [format ip | mac] vlan_id—A VLAN ID value.
  • Page 90 Console # show bridge multicast address-table Vlan MAC Address Type Ports ---- ----------- ----- ---------- 01:00:5e:02:02:03 static g1, g2 01:00:5e:02:02:08 static g1-8 01:00:5e:02:02:08 dynamic g9-11 Forbidden ports for multicast addresses: Vlan MAC Address Ports ---- ----------- ---------- 01:00:5e:02:02:03 01:00:5e:02:02:08 Console # show bridge multicast address-table format ip Vlan IP Address Type...

  • Page 91: Show Bridge Multicast Filtering

    show bridge multicast filtering The show bridge multicast filtering Privileged EXEC mode command displays the multicast filtering configuration. Syntax show bridge multicast filtering vlan-id • vlan_id—A valid VLAN ID value. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines •...
  • Page 92 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example In this example, all classes of entries in the port-lock status are displayed. Console # show ports security Port Status Action...

  • Page 93: Clock

    Clock clock set The clock set Privileged EXEC mode command manually sets the system clock. Syntax clock set hh:mm:ss day month year clock set hh:mm:ss month day year • hh:mm:ss—Current time in hours (military format), minutes, and seconds (0 - 23, mm: 0 - 59, ss: 0 - 59).

  • Page 94: Clock Timezone

    Default Configuration No external clock source Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Examples The following example configures an external time source for the system clock. Console# clock source sntp clock timezone The clock timezone Global Configuration mode command sets the time zone for display purposes.

  • Page 95: Clock Summer-Time

    clock summer-time The clock summer-time Global Configuration mode command configures the system to automatically switch to summer time (daylight saving time). To configure the software to not automatically switch to summer time, use the no form of this command. Syntax clock summer-time recurring {usa | eu | {week day month hh:mm week day month hh:mm}} [offset offset] [zone acronym] clock summer-time date date month year hh:mm date month year hh:mm [offset offset] [zone...

  • Page 96: Sntp Authentication-Key

    Command Mode Global Configuration mode User Guidelines • In both the date and recurring forms of the command, the first part of the command specifies when summer time begins, and the second part specifies when it ends. All times are relative to the local time zone.

  • Page 97: Sntp Authenticate

    Command Mode Global Configuration mode User Guidelines • Multiple keys can be generated. Examples The following example defines the authentication key for SNTP. Console(config)# sntp authentication-key 8 md5 ClkKey Console(config)# sntp trusted-key 8 Console(config)# sntp authenticate sntp authenticate The sntp authenticate Global Configuration mode command grants authentication for received Network Time Protocol (NTP) traffic from servers.

  • Page 98: Sntp Trusted-Key

    sntp trusted-key The sntp trusted-key Global Configuration mode command authenticates the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize. To disable authentication of the identity of the system, use the no form of this command. Syntax sntp trusted-key key-number no sntp trusted-key key-number...

  • Page 99: Sntp Broadcast Client Enable

    Default Configuration 1024 Command Mode Global configuration mode User Guidelines • There are no user guidelines for this command. Examples The following example sets the polling time for the Simple Network Time Protocol (SNTP) client to 120 seconds. Console (config)# sntp client poll timer 120 sntp broadcast client enable The sntp broadcast client enable Global Configuration mode command enables the Simple Network Time Protocol (SNTP) broadcast clients.

  • Page 100: Sntp Anycast Client Enable

    sntp anycast client enable The sntp anycast client enable Global Configuration mode command enables anycast client. To disable the polling for SNTP broadcast client, use the no form of this command. Syntax sntp anycast client enable no sntp anycast client enable This command has no arguments or keywords.

  • Page 101: Sntp Unicast Client Enable

    Command Mode Interface configuration (Ethernet, Port-Channel, VLAN) mode User Guidelines • Use the sntp client enable Global Configuration mode command to enable broadcast clients globally. • Use the sntp anycast client enable Global Configuration mode command to enable anycast clients globally. Examples The following example enables the SNTP client on the interface.

  • Page 102: Sntp Unicast Client Poll

    sntp unicast client poll The sntp unicast client poll Global Configuration mode command enables polling for the Simple Network Time Protocol (SNTP) predefined unicast clients. To disable the polling for SNTP client, use the no form of this command. Syntax sntp unicast client poll no sntp unicast client poll This command has no arguments or keywords.

  • Page 103: Show Clock

    Default Configuration No servers are defined. Command Mode Global Configuration mode User Guidelines • Up to 8 SNTP servers can be defined. • Use the sntp unicast client enable Global Configuration mode command to enable predefined unicast clients globally. • To enable polling you should also use the sntp unicast client poll Global Configuration mode command for global enabling.
  • Page 104 User Guidelines • The symbol that precedes the show clock display indicates the following: Symbol Description Time is not authoritative. (blank) Time is authoritative. Time is authoritative, but SNTP is not synchronized. Example The following example displays the time and date from the system clock. Console# show clock 15:29:03 PDT(UTC-7) Jun 17 2002 Time source is SNTP...

  • Page 105: Show Sntp Configuration

    show sntp configuration The show sntp configuration Privileged EXEC mode command shows the configuration of the Simple Network Time Protocol (SNTP). Syntax show sntp configuration This command has no keywords or arguments. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...

  • Page 106: Show Sntp Status

    ----------- -------- ----------------- 176.1.1.8 Enabled 176.1.8.179 Disabled Disabled Broadcast Clients: Enabled Broadcast Clients Poll: Enabled Broadcast Interfaces: g1, g3 show sntp status The show sntp status Privileged EXEC mode command shows the status of the Simple Network Time Protocol (SNTP). Syntax show sntp status •...
  • Page 107 176.1.8.179 Secondary Unknown AFE21789.643287C9 8.98 189.19 Broadcast: Interface IP address Last response --------- ---------- ------------------------ 176.1.1.8 Primary AFE252C1.6DBDDFF2 176.1.8.179 Secondary AFE21789.643287C9 Clock...
  • Page 108 Clock...

  • Page 109: Configuration And Image Files

    Configuration and Image Files delete startup-config The delete startup-config Privileged EXEC mode command deletes the startup-config file. Syntax delete startup-config This command has no arguments or keywords. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines •...
  • Page 110 Keyword Source or destination flash Source or destination URL for Flash memory. It’s the default in case a URL is specified without a prefix running-config Represents the current running configuration file. startup-config Represents the startup configuration file. backup-config Represents the backup configuration file. image If source file, represent the active image file.
  • Page 111 Copy Character Descriptions: Character Description For network transfers, an exclamation point indicates that the copy process is taking place. Each exclamation point indicates the successful transfer of ten packets (512 bytes each). For network transfers, a period indicates that the copy process timed out. Many periods in a row typically mean that the copy process may fail.

  • Page 112: Boot System

    Example The following example copies a system image named file1 from the TFTP server with an IP address of 172.16.101.101 to non active image file. Console# copy tftp://172.16.101.101/file1 image Accessing file 'file1' on 172.16.101.101... Loading file1 from 172.16.101.101: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!! [OK] Copy took 0:01:11 [hh:mm:ss]...

  • Page 113: Show Running-Config

    show running-config The show running-config Privileged EXEC mode command displays the contents of the currently running configuration file. Syntax show running-config [sort type] • sort type —Specifies the sorting type of the file. Can be one of the following values: interface, feature.

  • Page 114: Show Startup-Config

    Examples The following example displays the contents of the running-config file. Console# show running-config no spanning-tree vlan database vlan 2 exit interface range ethernet g(1-2) switchport access vlan 2 exit interface vlan 2 bridge address 00:00:00:00:00:01 ethernet g1 exit interface ethernet g1 gvrp enable exit gvrp enable...
  • Page 115 • sort type —Specifies the sorting type of the file. Can be one of the following values: interface, feature. Default Configuration Sort type defaults to interface if unspecified. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Configuration and Image Files...

  • Page 116: Show Backup-Config

    Examples The following example displays the contents of the startup-config file. Console# show startup-config no spanning-tree vlan database vlan 2 exit interface range ethernet g(1-2) switchport access vlan 2 exit interface vlan 2 bridge address 00:00:00:00:00:01 ethernet g1 exit interface ethernet g1 gvrp enable exit gvrp enable...
  • Page 117 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Examples Console# show backup-config software version 1.1 hostname device interface ethernet g1 ip address 176.242.100.100 255.255.255.0 duplex full speed 1000 interface ethernet g2...

  • Page 118: Show Bootvar

    show bootvar The show bootvar Privileged EXEC mode command displays the active system image file that the device loads at startup. Syntax show bootvar Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command.

  • Page 119: Ethernet Configuration Commands

    Ethernet Configuration Commands interface ethernet The interface ethernet Global Configuration mode command enters the interface configuration mode to configure an Ethernet type interface. Syntax interface ethernet interface • interface—Valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines •...

  • Page 120: Shutdown

    Command Mode Global Configuration mode User Guidelines • Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces. Example The following example shows how ports g18 to g20 and ports g22 to g24 are grouped to receive the same command.

  • Page 121: Description

    The following example re-enables port g5. Console(config)# interface ethernet g5 Console(config-if)# no shutdown description The description Interface Configuration mode command adds a description to an interface. To remove the description use the no form of this command. Syntax description string no description •...

  • Page 122: Duplex

    • 1000—Force 1000 Mbps operation. • 10000—Force 10000 Mbps operation. Default Configuration Maximum port capability. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines • The command "no speed" in port-channel context returns each port in the port-channel to its maximum capability.

  • Page 123: Negotiation

    • Half duplex mode can be set only for ports operating at 10 Mbps or 100 Mbps. Example The following example configures the duplex operation of Ethernet g5 to force full duplex operation. Console(config)# interface ethernet g5 Console(config-if)# duplex full negotiation The negotiation Interface Configuration mode command enables auto-negotiation operation for the speed and duplex parameters of a given interface.

  • Page 124: Mdix

    Syntax flowcontrol {auto | on | off} no flowcontrol • auto—Enables auto-negotiation of Flow Control. • on—Enables Flow Control. • off—Disables Flow Control. Default Configuration Flow Control is off. Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines • Flow Control will operate only if duplex mode is set to FULL. Back Pressure will operate only if duplex mode is set to HALF.

  • Page 125: Back-Pressure

    Default Configuration Automatic crossover is enabled Command Mode Interface Configuration (Ethernet) mode User Guidelines • Mdix Auto: All possibilities to connect a PC with cross OR normal cables are supported and are automatically detected. • Mdix ON: It is possible to connect to a PC only with a normal cable and to connect to another switch ONLY with a cross cable.

  • Page 126: Port Jumbo-Frame

    Example In the following example Back Pressure is enabled on g5. Console(config)# interface ethernet g5 Console(config-if)# back-pressure port jumbo-frame The port jumbo-frame Global Configuration mode command enables jumbo frames for the device. The size of the port jumbo frame is 10K. To disable jumbo frames, use the no form of this command.

  • Page 127: Set Interface Active

    Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example In the following example, the counters for interface g1 are cleared. Console# clear counters ethernet g1 set interface active The set interface active Privileged EXEC mode command reactivates an interface that was suspended by the system.

  • Page 128: Show Interfaces Configuration

    Syntax show interfaces configuration [ethernet interface | port-channel port-channel-number | • interface—Valid Ethernet port. • port-channel-number—Valid port-channel trunk index. Default Configuration This command has no default configuration. Command Modes Privilege EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the configuration for all configured interfaces: Console# show interfaces configuration...

  • Page 129: Show Interfaces Status

    The displayed port configuration information includes the following: • Port—The port number. • Port Type—The port designated IEEE shorthand identifier. For example 1000Base-T refers to 1000 Mbps baseband signaling. • Duplex—Displays the port Duplex status. • Speed—Refers to the port speed. •...
  • Page 130 Console# show interfaces status Port Type Duplex Speed Flow Back MDIX Link Control Pressur Mode State ---- ----- ------ ---- ---- ------ ----- ------ ---- 1G Copper Full Auto Enable 1G Copper Full Disable Down * 1G Fiber Full 1000 Disable Type Duplex...

  • Page 131: Show Interfaces Description

    The displayed port status information includes the following: • Port—The port number. • Description—If the port has a description, the description is displayed. • Port Type—The port designated IEEE shorthand identifier. For example, 1000Base-T refers to 1000 Mbps baseband signaling. •...

  • Page 132: Show Interfaces Counters

    Console# show interfaces description ethernet g1 Port Description ---- ------------------ Management_port R&D_port Finance_port Description ---- ------------------ Ch 1 Output show interfaces counters The show interfaces counters User EXEC mode command displays traffic seen by the physical interface. Syntax show interfaces counters [ethernet interface | port-channel port-channel-number] interface—A valid Ethernet port.
  • Page 133 Console# show interfaces counters Port InOctets InUcastPkts InMcastPkts InBcastPkts ------- ------------- ---------------- ---------------- ------------ 183892 1289 123899 1788 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts ------- ------------- ---------------- ---------------- ------------ 9188 8789 InOctets InUcastPkts InMcastPkts InBcastPkts ------- ------------- ---------------- ---------------- ------------ 27889 OutOctets OutUcastPkts OutMcastPkts...
  • Page 134 The following example displays counters for port g1. Console# show interfaces counters ethernet g1 Port InOctets InUcastPkts InMcastPkts InBcastPkts ------ ----------- -------------- -------------- ----------- 183892 1289 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts ------ ----------- -------------- -------------- ----------- 9188 FCS Errors: 8 Single Collision Frames: 0 Multiple Collision Frames: 0 SQE Test Errors: 0...
  • Page 135 InMcastPkts Counted received multicast packets. InBcastPkts Counted received broadcast packets. OutOctets Counted transmitted octets. OutUcastPkts Counted transmitted unicast packets. OutMcastPkts Counted transmitted multicast packets. OutBcastPkts Counted transmitted broadcast packets. Alignment Errors A count of frames received that are not an integral number of octets in length and do not pass the FCS check.

  • Page 136: Show Ports Jumbo-Frame

    Symbol Errors For an interface operating at 100 Mb/s, the number of times there was an invalid data symbol when a valid carrier was present.For an interface operating in half-duplex mode at 1000 Mb/s, the number of times the receiving media is non-idle (a carrier event) for a period of time equal to or greater than slotTime, and during which there was at least one occurrence of an event that causes the PHY to indicate 'Data reception error' or 'carrier extend error' on the GMII.For an interface operating in full-duplex mode at...

  • Page 137: Port Storm-Control Include-Multicast

    Example The following example displays the jumbo frames configuration. Console# show ports jumbo-frame Jumbo frames are disabled Jumbo frames will be enabled after reset port storm-control include-multicast The port storm-control include-multicast Global Configuration mode command enables the device to count multicast packets together with broadcast packets. To disable counting of multicast packets, use the no form of this command.

  • Page 138: Port Storm-Control Broadcast Rate

    no port storm-control broadcast enable Default Configuration Broadcast storm control is disabled. Command Modes Interface Configuration (Ethernet) mode User Guidelines • Use the port storm-control broadcast rate Interface Configuration mode command, to set the maximum allowable broadcast rate. • Multicast can be counted as part of the "storm" frames if the port storm-control include- multicast Global Configuration mode command is already executed.

  • Page 139: Show Ports Storm-Control

    Example The following example configures the maximum broadcast rate 10 kilobytes per second. console(config)# interface ethernet g2 console(config-if)# port storm-control broadcast rate 10 show ports storm-control The show ports storm-control Privileged EXEC mode command displays the storm control configuration. Syntax show ports storm-control [interface] •...
  • Page 140 Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Ethernet Configuration Commands...

  • Page 141: Gvrp Commands

    GVRP Commands gvrp enable (global) GVRP, or GARP VLAN Registration Protocol, is an industry-standard protocol designed to propagate VLAN information from device to device. With GVRP, a single switch is manually configured with all desired VLANs for the network, and all other switches on the network learn these VLANs dynamically.

  • Page 142: Garp Timer

    Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines • An access port would not dynamically join a VLAN because it is always a member in only one VLAN. • Membership in an untagged VLAN would be propagated in a same way as a tagged VLAN. i.e. in such a case it’s the administrator’s responsibility to set the PVID to be the untagged VLAN VID.

  • Page 143: Gvrp Vlan-Creation-Forbid

    Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines • The timer_value value must be a multiple of 10. • You must maintain the following relationship for the various timer values: – ·Leave time must be greater than or equal to three times the join time. –...

  • Page 144: Gvrp Registration-Forbid

    Example The following example disables dynamic VLAN creation on port g8. Console (config)# interface ethernet g8 Console (config-if)# gvrp vlan-creation-forbid gvrp registration-forbid The gvrp registration-forbid Interface Configuration mode command de-registers all dynamic VLANs, and prevents dynamic VLAN registration on the port. To allow dynamic registering for VLANs on a port, use the no form of this command.

  • Page 145: Show Gvrp Configuration

    Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example clears all the GVRP statistics information on port g8. Console# clear gvrp statistics ethernet g8 show gvrp configuration The show gvrp configuration User EXEC mode command displays GVRP configuration information, including timer values, whether GVRP and dynamic VLAN creation is enabled, and...

  • Page 146: Show Gvrp Statistics

    Console# show gvrp configuration GVRP Feature is currently enabled on the switch. Maximum VLANs: 256 Port(s) GVRP- Registration Dynamic Timers Leave Leave Status VLAN (milliseconds) Creation Join ------- ------ ------------ -------- ------------- ----- ----- Enabled Normal Enabled 10000 Enabled Normal Enabled 10000 show gvrp statistics...

  • Page 147: Show Gvrp Error-Statistics

    Example The following example shows GVRP statistics information: Console# show gvrp statistics GVRP statistics: ---------------- : Join Empty Received rJIn : Join In Received rEmp : Empty Received rLIn : Leave In Received : Leave Empty Received : Leave All Received : Join Empty Sent sJIn : Join In Sent sEmp : Empty Sent...
  • Page 148 Syntax show gvrp error-statistics [ethernet interface | port-channel port-channel-number] • interface—port. • port-channel-number—A valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays GVRP statistics information.

  • Page 149: Igmp Snooping Commands

    IGMP Snooping Commands ip igmp snooping (Global) The ip igmp snooping Global Configuration mode command enables Internet Group Management Protocol (IGMP) snooping. To disable IGMP snooping use the no form of this command. Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled.

  • Page 150: Ip Igmp Snooping Mrouter

    User Guidelines • IGMP snooping can only be enabled on static VLANs. Example The following example enables IGMP snooping on VLAN 2. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping ip igmp snooping mrouter The ip igmp snooping mrouter Interface Configuration mode command enables automatic learning of multicast router ports in the context of a specific VLAN.

  • Page 151: Ip Igmp Snooping Mrouter-Time-Out

    Syntax ip igmp snooping host-time-out time-out no ip igmp snooping host-time-out time-out—Host timeout in seconds. (Range: 1 - 2147483647) • Default Configuration The default host-time-out is 260 seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines • The timeout should be at least greater than 2*query_interval+max_response_time of the IGMP router.

  • Page 152: Ip Igmp Snooping Leave-Time-Out

    User Guidelines • There are no user guidelines for this command. Example The following example configures the mrouter timeout to 200 seconds. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping mrouter-time-out 200 ip igmp snooping leave-time-out The ip igmp snooping leave-time-out VLAN Interface Configuration mode command configures the leave-time-out.

  • Page 153: Show Ip Igmp Snooping Mrouter

    show ip igmp snooping mrouter The show ip igmp snooping mrouter User EXEC mode command displays information on dynamically learned multicast router interfaces. Syntax show ip igmp snooping mrouter [interface vlan-id] • vlan_id—VLAN ID value. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines...

  • Page 154: Show Ip Igmp Snooping Groups

    Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example The example displays IGMP snooping information. Console # show ip igmp snooping interface 1 IGMP Snooping is globaly disabled IGMP Snooping is disabled on VLAN 1 IGMP host timeout is 260 sec IGMP Immediate leave is disabled.
  • Page 155 Example The example shows IGMP snooping information. Console # show ip igmp snooping groups Vlan IP Address Querier Ports ----- ------------------ -------- ------------ 224-239.130|2.2.3 g1, g2 224-239.130|2.2.8 g9-11 IGMP Snooping Commands...
  • Page 156 IGMP Snooping Commands...

  • Page 157: Ip Addressing Commands

    IP Addressing Commands clear host dhcp The clear host dhcp Privileged EXEC mode command deletes entries from the host name-to- address mapping received from Dynamic Host Configuration Protocol (DHCP). Syntax clear host dhcp {name | *} • name—Particular host entry to remove. (Range: 1 - 158 characters.) •...

  • Page 158: Ip Address Dhcp

    • prefix-length—The number of bits that comprise the IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 8 -30) Default Configuration No IP address is defined for interfaces. Command Mode Interface configuration (Ethernet, VLAN, port-channel) User Guidelines •...

  • Page 159: Ip Default-Gateway

    User Guidelines • The ip address dhcp command allows any interface to dynamically learn its IP address by using the DHCP protocol. • Some DHCP Servers require that the DHCPDISCOVER message have a specific host name. The most typical usage of the ip address dhcp hostname host-name command is when host- name is the host name provided by the system administrator.

  • Page 160: Show Ip Interface

    User Guidelines • There are no User Guidelines for this command. Example The following example defines an ip default gateway. Console(config)# ip default-gateway 192.168.1.1 show ip interface The show ip interface User EXEC mode command displays the usability status of interfaces configured for IP.

  • Page 161: Arp

    Console# show ip interface Gateway IP Address Type Activity Status --------------------- ----------- --------------- 10.7.1.1 Static Active IP address Interface Type ------------------- ------------ ------------ 10.7.1.192/24 VLAN 1 Static 10.7.2.192/24 VLAN 2 DHCP The arp Global Configuration mode command adds a permanent entry in the Address Resolution Protocol (ARP) cache.

  • Page 162: Arp Timeout

    Example The following example adds the IP address 198.133.219.232 and MAC address 00:00:0c:40:0f:bc to the ARP table. Console (config)# arp 198.133.219.232 00:00:0c:40:0f:bc ethernet arp timeout The arp timeout Global Configuration mode command configures how long an entry remains in the ARP cache. To restore the default value, use the no form of this command. Syntax arp timeout seconds no arp timeout...

  • Page 163: Show Arp

    Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example deletes all dynamic entries from the ARP cache. Console# clear arp-cache show arp The show arp Privileged EXEC mode command displays entries in the ARP table. Syntax show arp Default Configuration...

  • Page 164: Ip Domain-Lookup

    ip domain-lookup The ip domain-lookup Global Configuration mode command enables the IP Domain Naming System (DNS)-based host name-to-address translation. To disable the DNS, use the no form of this command. Syntax ip domain-lookup no ip domain-lookup This command has no arguments or keywords. Default Configuration Enabled Command Mode...

  • Page 165: Ip Name-Server

    • There are no user guidelines for this command. Examples The following example defines a default domain name of www.dell.com. Console (config)# ip domain-name www.dell.com ip name-server The ip name-server Global Configuration mode command sets the available name servers. To remove a name server, use the no form of this command.

  • Page 166: Clear Host

    There are no user guidelines for this command. Examples The following example defines a static host name-to-address mapping in the host cache. Console (config)# ip host accounting.dell.com 176.10.23.1 clear host The clear host Privileged EXEC mode command deletes entries from the host name-to-address cache.

  • Page 167: Show Hosts

    Examples The following example deletes entries from the host name-to-address cache. Console (config)# clear host * show hosts The show hosts User EXEC mode command displays the default domain name, a list of name server hosts, the static and the cached list of host names and addresses. Syntax show hosts [name] •...
  • Page 168 Default domain is GM.COM Name/address lookup is enabled Name servers: 176.16.1.18 176.16.1.19 Static host name-to-address mapping: Host Addresses ---- --------- www.dell.com 176.16.8.8 176.16.8.9 Cache: TTL(Hours) Host Total Elapsed Type Addresses ---- ----- --------- ------ --------- www.dell.com 171.64.14.203...

  • Page 169: Lacp Commands

    LACP Commands lacp system-priority The lacp system-priority Global Configuration mode command configures the system priority. To reset to default, use the no form of this command. Syntax lacp system-priority value no lacp system-priority • value—Value of the priority. (Range: 1 - 65535) Default Configuration The default system priority value is 1.

  • Page 170: Lacp Timeout

    Command Mode Interface Configuration (Ethernet) mode User Guidelines • There are no user guidelines for this command. Example The following example configures the priority value for port g8 to 247. Console (config)# interface ethernet g8 Console (config-if)# lacp port-priority 247 lacp timeout The lacp timeout Interface Configuration mode command assigns an administrative LACP timeout.

  • Page 171: Show Lacp Ethernet

    show lacp ethernet The show lacp ethernet Privilege EXEC mode command displays LACP information for Ethernet ports. Syntax show lacp ethernet interface [parameters | statistics | protocol-state] • Interface—Ethernet interface. Default Configuration This command has no default configuration. Command Mode Privilege EXEC mode User Guidelines •...
  • Page 172 Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example shows how to display LACP port-channel information. Console# show lacp port-channel 1 Port-Channel 1:Port Type 1000 Ethernet Actor System Priority:1 MAC Address: 00:02:85:0E:1C:00 Admin Key: Oper Key:...

  • Page 173: Line Commands

    Line Commands line The line Global Configuration mode command identifies a specific line for configuration and enters the line configuration command mode. Syntax line {console | telnet | ssh} • console—Console terminal line. • telnet—Virtual terminal for remote console access (Telnet). •...

  • Page 174: Autobaud

    Command Mode Line Configuration (console) mode User Guidelines • The configured speed would be applied when Autobaud is disabled. • If Autobaud is disabled, the new speed is implemented immediately. Examples The following example sets the baud rate to 9600. Console (config)# line console Console(config-line)# speed 9600 autobaud...

  • Page 175: Show Line

    Syntax exec-timeout minutes [seconds] no exec-timeout minutes—Integer that specifies the number of minutes. (Range: 0 - 65535) • • seconds—Additional time intervals in seconds. (Range: 0 - 59) Default Configuration The default configuration is 10 minutes. Command Mode Line Configuration mode User Guidelines •...

  • Page 176: Terminal History

    Examples The following example displays the line configuration. console# show line console Interactive timeout: 10 minutes History: terminal history The terminal history EXEC mode command enables the command history function for the current terminal session. To disable the command history function, use the no form of this command.
  • Page 177 Default Configuration The default is determined by the history size line configuration command. Command Mode User EXEC mode User Guidelines The maximum for the sum of all buffers is 256. Line Commands...
  • Page 178 Line Commands...

  • Page 179: Lldp Commands

    LLDP Commands lldp enable (global) To enable Link Layer Discovery Protocol (LLDP), use the lldp enable command in global configuration mode. To disable LLDP, use the no form of this command. Syntax lldp enable no lldp enable Default Configuration The command is enabled. Command Mode Global configuration User Guidlines...

  • Page 180: Lldp Timer

    Command Modes Interface configuration (Ethernet) User Guidelines • LLDP manages LAG ports individually. LLDP sends separate advertisements on each port in a LAG. LLDP data received through LAG ports is stored individually per port. • LLDP operation on a port is not dependent on STP state of a port. I.e. LLDP frames are sent and received on blocked ports.

  • Page 181: Lldp Reinit-Delay

    Examples The following example specifies how often the software sends Link Layer Discovery Protocol (LLDP) updates. Console (config) # lldp timer lldp hold-multiplier To specify the amount of time the receiving device should hold a Link Layer Discovery Protocol (LLDP) packet before discarding it, use the lldp hold-multiplier command in global configuration mode.

  • Page 182: Lldp Tx-Delay

    Syntax lldp reinit-delay seconds no lldp reinit-delay • seconds — Specifies the minimum time in seconds an LLDP port will wait before reinitializing LLDP transmission. (Range 1-10 seconds). Default Configuraiton 2 seconds Command Modes Global configuration User Guidelines There are no user guidelines for this command. Examples The following example specifies the minimum time an LLDP port will wait before reinitializing LLDP transmission.

  • Page 183: Lldp Optional-Tlv

    Usage Guidelines • It is recommended that the TxDelay would be less than 0.25 of the LLDP timer interval. Examples The following example specifies the delay between successive LLDP frame transmissions initiated by value/status changes in the LLDP local systems MIB. Console (config) # lldp tx-delay 7 lldp optional-tlv To specify which optional TLVs from the basic set should be transmitted, use the lldp optional-tlv...

  • Page 184: Clear Lldp Rx

    Syntax lldp management-address ip-address no management-address ip • ip-address — Specifies the management address to advertise. Default Configuration No IP address is advertised. Command Modes Interface configuration (Ethernet) User Guidelines • Each port can advertise one IP address. • Only static IP addresses can be advertised. Example The following example specifies management address that would be advertised from an interface.

  • Page 185: Show Lldp Configuration

    show lldp configuration To display the Link Layer Discovery Protocol (LLDP) configuration, use the show lldp configuration command in privileged EXEC mode. Syntax show lldp configuration [ethernet interface] • Interface — Ethernet port Command Modes Privileged EXEC User Guidelines • There are no user guidelines for this command.

  • Page 186: Show Lldp Neighbors

    Command Modes Privileged EXEC User Guidelines • There are no user guidelines for this command. Example The following example displays the Link Layer Discovery Protocol (LLDP) information that is advertised from a specific port. Switch# show lldp local ethernet g1 Device ID: 0060.704C.73FF Port ID: 1 Capabilities: Bridge...
  • Page 187 Switch# show lldp neighbors Port Device ID Port Hold System Time Capabilities Name 0060.704C.73FE ts-7800-2 0060.704C.73FD ts-7800-2 0060.704C.73F C B, R ts-7900-1 ts-7900-2 0060.704C.73FB Switch# show lldp neighbors ethernet g1 Device ID: 0060.704C.73FE Port ID: 1 Hold Time: 117 Capabilities: B System Name: ts-7800-2 System description: Port description:...
  • Page 188 LLDP Commands...

  • Page 189: Management Acl

    Management ACL management access-list The management access-list Global Configuration mode command defines an access-list for management, and enters the access-list for configuration. Once in the access-list configuration mode, the denied or permitted access conditions are configured with the deny and permit commands.

  • Page 190: Permit (Management)

    Examples The following example shows how to create an access-list called "mlist", configure two management interfaces ethernet g1 and ethernet g9, and make the access-list the active list. Console (config)# management access-list mlist Console (config-macl)# permit ethernet g1 Console (config-macl)# permit ethernet g9 Console (config-macl)# exit Console (config)# management access-class mlist The following example shows how to create an access-list called "mlist", configure all interfaces to...

  • Page 191: Deny (Management)

    • mask prefix-length—Specifies the number of bits that comprise the source IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 0 - 32) • service service—Indicates service type. Can be one of the following: telnet, ssh, http, https or snmp.

  • Page 192: Management Access-Class

    • service service—Indicates service type. Can be one of the following: telnet, ssh, http, https or snmp. Default Configuration This command has no default configuration. Command Mode Management Access-list Configuration mode User Guidelines • Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is defined on the appropriate interface.The system supports up to 256 management access rules.

  • Page 193: Show Management Access-List

    Example The following example configures an access-list called "mlist" as the management access-list. Console (config)# management access-class mlist show management access-list The show management access-list Privileged EXEC mode command displays management access- lists. Syntax show management access-list [name] • name—Name of the access list. If unspecified, defaults to an empty access-list.(Range: 1 - 32 characters) Default Configuration This command has no default configuration.
  • Page 194 Syntax show management access-class Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the management access-list information. Console# show management access-class Management access-class is enabled, using access list mlist Management ACL...

  • Page 195: Phy Diagnostics Commands

    PHY Diagnostics Commands test copper-port tdr The test copper-port tdr Privileged EXEC mode command diagnoses with TDR (Time Domain Reflectometry) technology the quality and characteristics of a copper cable attached to a port. Syntax test copper-port tdr interface • interface—A valid Ethernet port. Default Configuration This command has no default configuration.

  • Page 196: Show Copper-Ports Cable-Length

    Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the last TDR (Time Domain Reflectometry) tests on all ports. Console# show copper-ports tdr Port Result Length Date [meters] ---- ------- --------...

  • Page 197: Show Fiber-Ports Optical-Transceiver

    Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • To test optical transceivers, ensure a fiber link is up. The test is only supported on Dell supported SFP modules. PHY Diagnostics Commands...
  • Page 198 Examples The following example displays the optical transceiver diagnostics. console# show fiber-ports optical-transceiver Port Temp Voltage Current Output Input Power Power Power ---- ----- ------- ------ ------ ------ Copper Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage. Current –...
  • Page 199 The following example displays detailed optical transceiver diagnostics. console# show fiber-ports optical-transceiver detailed Port Temp Voltage Current Output Input [Volt] [mA] Power Power [mWatt [mWatt] ---- ----- ------- ------ ------ ------ 7.27 0.79 3.30 2.50 7.24 0.78 2.20 2.49 Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage.
  • Page 200 PHY Diagnostics Commands...

  • Page 201: Port Channel Commands

    Port Channel Commands interface port-channel The interface port-channel Global Configuration mode command enters the interface configuration mode of a specific port-channel. Syntax interface port-channel port-channel-number • port-channel-number—A valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines •...

  • Page 202: Channel-Group

    Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines • Commands under the interface range context are executed independently on each interface in the range: If the command returns an error on one of the interfaces, it will not stop the execution of the command on other interfaces.

  • Page 203: Port Channel Load Balance

    Example The following example shows how port g5 is configured to port-channel number 1 without LACP. Console (config)# interface ethernet g5 Console (config-if)# channel-group 1 mode on port channel load balance Use the port-channel load-balance global configuration command to configure the load balancing policy of the port channeling.
  • Page 204 • port_channel_number — Number of the Port channel to display. (Range: Valid port channel) Default Configuration This command has no default configuration. Command Modes EXEC User Guidelines • There are no user guidelines for this command. Example The following example shows how all port channel information is displayed. Console# show interfaces port-channel Load balancing: Layer2 and Layer 3.

  • Page 205: Port Monitor Commands

    Port Monitor Commands port monitor The port monitor Interface Configuration mode command starts a port monitoring session. To stop a port monitoring session, use the no form of this command. Syntax port monitor src-interface [rx | tx] no port monitor src-interface •...

  • Page 206: Show Ports Monitor

    General Restrictions: • Ports cannot be configured as a group using the interface range ethernet command. NOTE: The Port Mirroring target must be a member of the Ingress VLAN of all Mirroring source ports. Therefore, multicast and broadcast frames in these VLANs are seen more than once. (Actually N, where N is the number of mirroring source ports).
  • Page 207 Console# show ports monitor Source Destination Port Type Status Port ---------- ---------------- ------------ ------- RX, TX Active RX, TX Active Active Port Monitor Commands...
  • Page 208 Port Monitor Commands...

  • Page 209: Qos Commands

    QoS Commands The qos Global Configuration mode command enables quality of service (QoS) on the device and enters QoS basic mode. Use the no form of this command to disable the QoS features on the device. Syntax no qos Default Configuration There is no default configuration for this command.

  • Page 210: Wrr-Queue Cos-Map

    User Guidelines • There are no user guidelines for this command. Example The following example displays a QoS mode. Console# show qos Trust: dscp Console# show qos Qos: disabled Trust: dscp wrr-queue cos-map The wrr-queue cos-map Global Configuration mode command maps assigned CoS values to select one of the egress queues.

  • Page 211: Wrr-Queue Bandwidth

    User Guidelines • You can use this command to distribute traffic into different queues, where each queue is configured with different weighted round robin (WRR) parameters. • To enable the expedite queues, use the priority-queue out Interface Configuration mode command wrr-queue cos-map. Example The following example maps CoS 3 to queue 4.

  • Page 212: Priority-Queue Out Num-Of-Queues

    Example The following example assigns WRR weights to egress queues. Console(config)# priority-queue num-of-queues 1 Console(config)# interface ethernet g1 Console(config-if)# wrr-queue bandwidth 20 30 50 Console(config)# priority-queue num-of-queues 0 Console(config)# interface ethernet g3 Console(config-if)# wrr-queue bandwidth 20 30 50 10 priority-queue out num-of-queues The priority-queue out num-of-queues Global Configuration mode command enables the egress queues to be expedite queues.

  • Page 213: Show Qos Interface

    Example The following example sets queue 4, 3 to be expedite queues. Console (config)# priority-queue out num-of-queues 2 show qos interface The show qos interface User EXEC mode command displays interface QoS data. Syntax show qos interface [ethernet interface-number | queuing] •...

  • Page 214: Qos Map Dscp-Queue

    Console# show qos interface ethernet g1 queuing Ethernet wrr bandwidth weights and EF priority: weights Priority Cos-queue map: qos map dscp-queue The qos map dscp-queue Global Configuration mode command modifies the DSCP to queue map. To return to the default map, use the no form of this command. Syntax qos map dscp-queue dscp-list to queue-id no qos map dscp-queue...

  • Page 215: Qos Trust (Global)

    Default Configuration The following table describes the default map. DSCP value 0-15 16-31 32-47 48-63 Queue-ID Command Mode Global Configuration mode User Guidelines • Queue settings for 3, 11, 19, ... cannot be modified. Example The following example maps DSCP values 33, 40 and 41 to queue 1. Console (config)# qos map dscp-queue 33 40 41 to 1 qos trust (Global) The qos trust Global Configuration mode command can be used to configure the system to "trust"...

  • Page 216: Qos Trust (Interface)

    • Use this command to specify whether the port is trusted and which fields of the packet to use to classify traffic. • To return to the untrusted state, use the no qos command to apply best effort service. Example The following example configures the system to DSCP trust state.

  • Page 217: Show Qos Map

    • default-cos—Specifies the default CoS value being assigned to the port. If the port is trusted and the packet is untagged then the default CoS value becomes the CoS value. (Range: 0 - 7) Default Configuration Port CoS is 0. Command Mode Interface Configuration (Ethernet, port-channel) command User Guidelines...
  • Page 218 Example The following example displays the DSCP port-queue map. console# show qos map Dscp-queue map: d1 : d2 0 --------------------------------------- 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 04 04...

  • Page 219: Radius Commands

    Radius Commands radius-server host The radius-server host Global Configuration mode command specifies a RADIUS server host. To delete the specified RADIUS host, use the no form of this command. Syntax radius-server host {ip-address | hostname} [auth-port auth-port-number] [timeout timeout] [retransmit retransmit] [deadtime deadtime] [key key] [source source] [priority priority] [usage type] no radius-server host ip-address •...

  • Page 220: Radius-Server Key

    Command Mode Global Configuration mode User Guidelines • To specify multiple hosts, multiple radius-server host commands can be used. • If no host-specific timeout, retransmit, deadtime or key values are specified, the global values apply to each host. • The address type of the source parameter must be the same as the ip-address parameter. Example The following example specifies a RADIUS server host with the following characteristics: •...

  • Page 221: Radius-Server Retransmit

    Example The following example sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon to "dell-server". Console (config)# radius-server key dell-server radius-server retransmit The radius-server retransmit Global Configuration mode command specifies the number of times the software searches the list of RADIUS server hosts.

  • Page 222: Radius-Server Timeout

    Default Configuration The default IP address is the outgoing IP interface. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example configures the source IP address used for communication with RADIUS servers to 10.1.1.1.

  • Page 223: Radius-Server Deadtime

    radius-server deadtime The radius-server deadtime Global Configuration mode command improves RADIUS response times when servers are unavailable. The command is used to cause the unavailable servers to be skipped. To reset the default value, use the no form of this command. Syntax radius-server deadtime deadtime no radius-server deadtime...
  • Page 224 Examples The following example displays the RADIUS server settings. Console# show radius-servers IP address Port Time Retransmit Dead Source Priority Usage Auth time --------- ---- ----- ---------- ------ ----- ------- ----- 172.16.1.1 1645 Global Global Global Global 172.16.1.2 1645 Global Global Global values --------------...

  • Page 225: Rmon Commands

    RMON Commands show rmon statistics The show rmon statistics User EXEC mode command displays RMON Ethernet Statistics. Syntax show rmon statistics {ethernet interface number | port-channel port-channel-number} • interface—Valid Ethernet port. • port-channel-number—Valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines...
  • Page 226 The following table describes the significant fields shown in the display: Field Description Dropped The total number of events in which packets are dropped by the probe due to lack of resources. This number is not always the number of packets dropped; it is the number of times this condition has been detected.

  • Page 227: Rmon Collection History

    256 to 511 Octets The total number of packets (including bad packets) received that are between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets). 512 to 1023 Octets The total number of packets (including bad packets) received that are between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets).

  • Page 228: Show Rmon Collection History

    Example The following example enables a Remote Monitoring (RMON) MIB history statistics group on port g8 with the index number "1" and a polling interval period of 2400 seconds. Console (config)# interface ethernet g8 Console (config-if)# rmon collection history 1 interval 2400 show rmon collection history The show rmon collection history User EXEC mode command displays the requested history group configuration.

  • Page 229: Show Rmon History

    The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the entry. Interface The sampled Ethernet interface Interval The interval in seconds between samples. Requested Samples The requested number of samples to be saved. Granted Samples The granted number of samples to be saved.
  • Page 230 Examples The following example displays RMON Ethernet Statistics history for "throughput" on index number 5. Console# show rmon history 5 throughput Sample Set: 1 Owner: CLI Interface: g1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 500 Time Octets Packets...
  • Page 231 Console# show rmon history 5 other Sample Set: 1 Owner: CLI Interface: g1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 500 Time Dropped Collisions ------------------ -------- --------- Jan 18 2002 21:57:00 Jan 18 2002 21:57:30 The following table describes the significant fields shown in the display: Field Description Time...

  • Page 232: Rmon Alarm

    Oversize The number of packets received during this sampling interval that were longer than 1518 octets (excluding framing bits but including FCS octets) but were otherwise well formed. Fragments The total number of packets received during this sampling interval that were less than 64 octets in length (excluding framing bits but including FCS octets) had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error), or a bad FCS with a non-integral number of octets (AlignmentError).

  • Page 233: Show Rmon Alarm-Table

    Falling threshold—1000000 • Rising threshold event index—10 • Falling threshold event index—20 Console (config)# rmon alarm 1000 dell 360000 1000000 1000000 10 show rmon alarm-table The show rmon alarm-table User EXEC mode command displays the alarms summary table. RMON Commands...

  • Page 234: Show Rmon Alarm

    Syntax show rmon alarm-table Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the alarms summary table. Console# show rmon alarm-table Index Owner -----...
  • Page 235 Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays RMON 1 alarms. Console# show rmon alarm 1 Alarm 1 ------- OID: 1.3.6.1.2.1.2.2.1.10.1 Last sample Value: 878128 Interval: 30...

  • Page 236: Rmon Event

    Interval The interval in seconds over which the data is sampled and compared with the rising and falling thresholds. Sample Type The method of sampling the variable and calculating the value compared against the thresholds. If the value is absolute, the value of the variable is compared directly with the thresholds at the end of the sampling interval.

  • Page 237: Show Rmon Events

    Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example configures an event with the trap index of 10. Console (config)# rmon event 10 log show rmon events The show rmon events User EXEC mode command displays the RMON event table.

  • Page 238: Show Rmon Log

    Console# show rmon events Index Description Type Community Owner Last time sent ----- ----------- -------- --------- ------- -------------------- Errors Jan 18 2002 23:58:17 High Log-Trap device Manager Jan 18 2002 23:59:48 Broadcast The following table describes the significant fields shown in the display: Field Description Index...
  • Page 239 User Guidelines • There are no user guidelines for this command. Example The following example displays the RMON logging table. Console# show rmon log Maximum table size: 500 Event Description Time ------- -------------- --------- Errors Jan 18 2002 23:48:19 Errors Jan 18 2002 23:58:17 High Broadcast Jan 18 2002 23:59:48...

  • Page 240: Rmon Table-Size

    rmon table-size The rmon table-size Global Configuration mode command configures the maximum RMON tables sizes. To return to the default configuration, use the no form of this command. Syntax rmon table-size {history entries | log entries} no rmon table-size {history | log} •...

  • Page 241: Snmp Commands

    SNMP Commands snmp-server community Use the snmp-server community command to set up the community access string to permit access to the Simple Network Management Protocol command. Use the no form of this command removes the specified community string. Syntax snmp-server community community [ro | rw | su] [ip-address] [view view-name] snmp-server community-group community group-name [ip-address] no snmp-server community community [ip-address] •...

  • Page 242: Snmp-Server View

    Map the internal security-name for SNMPv1 and SNMPv2 security models to an internal group-name. Map the internal group-name for SNMPv1 and SNMPv2 security models to view-name (read-view and notify-view always, and for rw for write-view also) • You can use the group-name to restrict the access rights of a community string. By specifying the group-name parameter the software: Generates an internal security-name.

  • Page 243: Snmp-Server Filter

    User Guidelines • You can enter this command multiple times for the same view record. • The number of views is limited to 64. • "Default" and "DefaultSuper" views exist. Those views are used by the software internally and can't be deleted or modified. Example The following example creates a view that includes all objects in the MIB-II system group except for sysServices (System 7) and all objects for interface 1 in the MIB-II interfaces group:...

  • Page 244: Snmp-Server Contact

    User Guidelines • You can enter this command multiple times for the same filter record. Later lines take precedence when an object identifier is included in two or more lines. . Example The following example creates a filter that includes all objects in the MIB-II system group except for sysServices (System 7) and all objects for interface 1 in the MIB-II interfaces group: Console (config)# snmp-server view user-view system included Console (config)# snmp-server view user-view system.7 excluded...

  • Page 245: Snmp-Server Enable Traps

    Syntax snmp-server location text no snmp-server location text—Character string, up to 160 characters, describing the system location. • Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines • Do not include spaces in the text string. Example The following example sets the device location as "New_York".

  • Page 246: Snmp-Server Trap Authentication

    snmp-server trap authentication The snmp-server trap authentication Global Configuration mode command enables the switch to send Simple Network Management Protocol traps when authentication fails. To disable SNMP authentication failed traps, use the no form of this command. Syntax snmp-server trap authentication no snmp-server trap authentication Default Configuration This command has no default configuration.

  • Page 247: Snmp-Server Set

    • 1— SNMPv1 traps will be used. • 2— SNMPv2 traps will be used (Default). • udp-port port — UDP port of the host to use. The default is 162. (Range: 1 - 65535) filter filtername — A string that is the name of the filter that define the filter for this •...

  • Page 248: Snmp-Server Group

    • command is context sensitive. Examples The following example sets the scalar MIB "sysName" to have the value "dell". Console (config)# snmp-server set sysName sysname dell The following example sets the entry MIB "rndCommunityTable" with keys 0.0.0.0 and "public". The field rndCommunityAccess gets the value "super" and the rest of the fields get their default values.

  • Page 249: Snmp-Server User

    • priv —Specifies authentication of a packet with encryption. Applicable only to SNMP Version 3 security model. • context name — Specifies context of packet. • read readview — A string that is the name of the view that enables you only to view the contents of the agent.
  • Page 250 • groupname — The name of the group to which the user belongs.(Range: Up to 30 characters) • remote engineid-string — Specifies the engine ID of remote SNMP entity to which the user belongs. The engine ID is concatenated hexadecimal string. Each byte in hexadecimal character strings is two hexadecimal digits.

  • Page 251: Snmp-Server V3-Host

    Example The following example configures a new SNMP Version 3 user. Console (config)# snmp-server user snmp-server v3-host The snmp-server v3-host Global Configuration mode command specifies the recipient of Simple Network Management Protocol Version 3 notifications. To remove the specified host, use the no form of this command.

  • Page 252: Snmp-Server Engineid Local

    Command Mode Global Configuration mode User Guidelines • A user and notification view are not automatically created. Use the snmp-server user, snmp- server group and snmp-server view Global Configuration mode commands to generate a user, group and notify group, respectively. Example The following example configures an SNMPv3 host.

  • Page 253: Show Snmp Engineid

    If the SNMPv3 engine ID is deleted or the configuration file is erased, SNMPv3 cannot be used. By default, SNMPv1/v2 are enabled on the device. SNMPv3 is enabled only by defining the Local Engine ID. If you want to specify your own ID, you do not have to specify the entire 32-character engine ID if it contains trailing zeros.

  • Page 254: Show Snmp

    User Guidelines • There are no user guidelines for this command. Example The following example displays the SNMP engine ID. Console# show snmp engineID Local SNMP engineID: 08009009020C0B099C075878 show snmp The show snmp Privileged EXEC mode command displays the SNMP status. Syntax show snmp Default Configuration...

  • Page 255: Show Snmp Views

    Traps are enabled. Authentication trap is enabled. Version 1,2 notifications Target Type Communit Version UDP Port Filter TO sec Address name Retrie Version 3 notifications Target Type Username Secu- UDP Port Filter TO sec Retrie Address rity name Level System Contact: System Location: console# show snmp views...

  • Page 256: Show Snmp Groups

    Console # show snmp views Name OID Tree Type user-view 1.3.6.1.2.1.1 Included user-view 1.3.6.1.2.1.1.7 Excluded user-view 1.3.6.1.2.1.2.2.1.*.1 Included show snmp groups To display the configuration of groups use the show snmp groups Privileged EXEC command. Syntax show snmp groups [groupname] •...

  • Page 257: Show Snmp Filters

    Console # show snmp groups Name Security Views Model Level Context Read Write Notify user-group priv Default managers-group priv Default Default managers-group priv Default Console # show snmp groups user-group Name: user-group Security Model: V3 Security Level: priv Security Context: - Read View: Default Write View: ""...

  • Page 258: Show Snmp Users

    Command Modes Privileged EXEC User Guidelines • There are no user guidelines for this command Example The following example displays the configuration of filters use the show snmp filters Privileged EXEC command. Console # show snmp filters Name OID Tree Type user-filter 1.3.6.1.2.1.1...
  • Page 259 Console # show snmp users Name group name Auto Method Remote John 1.3.6.1.2.1.1 John 1.3.6.1.2.1.1.7 08009009020C0B09 9C075879 Console # show snmp users John Name: John Group name: user-group Auth Method: md5 Remote: Name: John Group name: user-group Auth Method: md5 Remote: 08009009020C0B099C075879 SNMP Commands...
  • Page 260 SNMP Commands...

  • Page 261: Spanning-Tree Commands

    Spanning-Tree Commands spanning-tree The spanning-tree Global Configuration mode command enables spanning-tree functionality. To disable spanning-tree functionality, use the no form of this command. Syntax spanning-tree no spanning-tree Default Configuration Spanning-tree is enabled. Command Modes Global Configuration mode User Guidelines • There are no user guidelines for this command.

  • Page 262: Spanning-Tree Forward-Time

    Command Modes Global Configuration mode User Guidelines • In RSTP mode, the switch would use STP when the neighbor switch is using STP. • In MSTP mode the switch would use RSTP when the neighbor switch is using RSTP, and would use STP when the neighbor switch is using STP Example The following example configures the spanning-tree protocol to RSTP.

  • Page 263: Spanning-Tree Hello-Time

    spanning-tree hello-time The spanning-tree hello-time Global Configuration mode command configures the spanning-tree bridge hello time, which is how often the switch broadcasts hello messages to other switches.To reset the default hello time, use the no form of this command. Spanning-Tree Commands...

  • Page 264: Spanning-Tree Max-Age

    Syntax spanning-tree hello-time seconds no spanning-tree hello-time • seconds—Time in seconds. (Range: 1 - 10) Default Configuration The default hello time for IEEE Spanning-Tree Protocol (STP) is 2 seconds. Command Modes Global Configuration mode User Guidelines • When configuring the Hello-Time the following relationship should be kept: –...

  • Page 265: Spanning-Tree Priority

    Example The following example configures the spanning-tree bridge maximum-age to 10 seconds. Console(config)# spanning-tree max-age 10 spanning-tree priority The spanning-tree priority Global Configuration mode command configures the spanning-tree priority. The priority value is used to determine which bridge is elected as the root bridge. To reset the default spanning-tree priority use the no form of this command.

  • Page 266: Spanning-Tree Cost

    Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines • When STP is disabled, the device will not forward STP BPDU's based on the Forward BPDU's setting. Example The following example disables spanning-tree on g5. Console (config)# interface ethernet g5 Console (config-if)# spanning-tree disable spanning-tree cost The spanning-tree cost Interface Configuration mode command configures the spanning-tree path...

  • Page 267: Spanning-Tree Port-Priority

    spanning-tree port-priority The spanning-tree port-priority Interface Configuration mode command configures port priority. To reset the default port priority, use the no form of this command. Syntax spanning-tree port-priority priority no spanning-tree port-priority • priority—The port priority. (Range: 0 - 240 in multiples of 16) Default Configuration The default port-priority for IEEE STP is 128.

  • Page 268: Spanning-Tree Link-Type

    User Guidelines • This feature should be used only with interfaces connected to end stations. Otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network operations. Example The following example enables PortFast on g5 Console(config)# interface ethernet g5 Console(config-if)# spanning-tree portfast spanning-tree link-type...

  • Page 269: Spanning-Tree Mst Priority

    spanning-tree mst priority The spanning-tree mst priority Global Configuration mode command configures the device priority for the specified spanning-tree instance. To return to the default configuration, use the no form of this command. Syntax spanning-tree mst instance-id priority priority no spanning-tree mst instance-id priority •...

  • Page 270: Spanning-Tree Mst Port-Priority

    Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example configures the maximum number of hops that a packet travels in an MST region before it is discarded to 10. Console (config) # spanning-tree mst max-hops 10 spanning-tree mst port-priority The spanning-tree mst port-priority Interface Configuration mode command configures port...

  • Page 271: Spanning-Tree Mst Cost

    spanning-tree mst cost The spanning-tree mst cost Interface Configuration mode command configures the path cost for multiple spanning tree (MST) calculations. If a loop occurs, the spanning tree considers path cost when selecting an interface to put in the forwarding state. To return to the default configuration, use the no form of this command.

  • Page 272: Instance (Mst)

    Syntax spanning-tree mst configuration Default Setting This command has no default configuration. Command Mode Global Configuration mode User Guidelines • All devices in an MST region must have the same VLAN mapping, configuration revision number, and name. Example The following example configures an MST region. Console(config)# spanning-tree mst configuration Console(config-mst) # instance 1 add vlan 10-20 Console(config-mst) # name region1...

  • Page 273: Name (Mst)

    For two or more devices to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number, and the same name. Example The following example maps VLANs 10-20 to MST instance 1. Console(config)# spanning-tree mst configuration Console(config-mst)# instance 1 add vlan 10-20 name (mst) The name...

  • Page 274: Show (Mst)

    Default Setting The default configuration revision number is 0. Command Mode MST Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example sets the configuration revision to 1. Console(config) # spanning-tree mst configuration Console(config-mst) # revision 1 show (mst) The show...

  • Page 275: Exit (Mst)

    Name: Region1 Revision: 1 Instance Vlans Mapped State -------- ------------ ------- 1-9,21-4094 Enabled 10-20 Enabled exit (mst) The exit Configuration mode command exits the MST configuration mode and applies all configuration changes. Syntax exit Default Setting This command has no default configuration. Command Mode MST Configuration mode User Guidelines...

  • Page 276: Spanning-Tree Pathcost Method

    Command Mode MST Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example exits the MST configuration mode without saving changes. Console(config) # spanning-tree mst configuration Console(config-mst) # abort spanning-tree pathcost method The spanning-tree pathcost method Global Configuration mode command sets the default path cost method.

  • Page 277: Clear Spanning-Tree Detected-Protocols

    Syntax spanning-tree bpdu {filtering | flooding} • filtering—Filter BPDU packets when spanning-tree is disabled on an interface. • flooding—Flood BPDU packets when spanning-tree is disabled on an interface. Default Configuration The default definition is flooding. Command Modes Global Configuration mode User Guidelines •...

  • Page 278: Show Spanning-Tree

    Example The following example restarts the protocol migration process (forces the renegotiation with neighboring switches) on g1. Console# clear spanning-tree detected-protocols ethernet g1 show spanning-tree The show spanning-tree Privileged EXEC mode command displays spanning-tree configuration. Syntax show spanning-tree [ ethernet interface-number | port-channel port-channel-number ] [instance instance-id] show spanning-tree [detail] [active | blockedports] [instance instance-id] show spanning-tree mst-configuration...
  • Page 279 Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 2000 Root Port 1(1/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec...
  • Page 280 console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 36864 Address 00:02:4b:29: 7a:00 This switch is the Root. Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.Nbr Cost Role...
  • Page 281 Path Cost Root Port Hello Time N/A Max Age N/A Forward Delay Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Name State Prio.Nbr Cost Role PortFast Type Enabled 128.1 20000 Enabled 128.2...
  • Page 282 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.Nbr Cost Role PortFast Type Enabled 128.1 20000 Root (RST Enabled 128.2 20000 Desg Shar (STP Enabled 128.4 20000 Altn Shar (STP onsole# show spanning-tree blockedports Spanning tree enabled mode RSTP Default port cost method: long Root ID...
  • Page 283 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.Nbr Cost Role PortFast Type Enabled 128.4 Altn Shar (STP Console# show spanning-tree detail Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768...
  • Page 284 Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto) RSTP Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:01:42:97:e0:00 Designated port id: 128.25 Designated path cost: 0 Guard root: Disabled BPDU guard: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 2 (1/2) enabled...
  • Page 285 Port 4 (1/4) enabled State: Blocking Role: Alternate Port Identifier: 128.4 Port cost: 20000 Type: Shared (configured: auto) STP Port Fast: No (configured:no) Designated bridge Priority: 28672 Address: 00:30:94:41:62:c8 Designated port id: 128.25 Designated path cost: 20000 Guard root:Disabled BPDU guard: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 5 (1/5) enabled...
  • Page 286 Designated port id: 128.25 Designated path cost: 0 Guard root:Disabled BPDU guard: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Console# show spanning-tree mst-configuration Name: Region1 Revision: 1 Instance Vlans Mapped State 1-9,21-4094 Enabled 10-20 Enabled Console# show spanning-tree Spanning tree enabled mode MSTP...
  • Page 287 Hello Time 2 sec This switch is the IST master. Max Age 20 sec Forward Delay 15 sec Max hops 20 Interfaces Cost Role PortFast Type State Prio.Nb 128.1 P2p Bound Enabled 20000 Root (RSTP) 128.2 Desg Shared Enabled 20000 Bound (STP) 128.3 Enabled...
  • Page 288 Number of topology changes 2 last change occurred 1d9h ago Times: hold 1, topology change 2, notification 2 hello 2, max age 20, forward delay 15 Port 1 (1/1) enabled State: Forwarding Role: Boundary Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto) Boundary RSTP Port Fast: No (configured:no) Designated bridge Priority: 32768...
  • Page 289 Guard root: Disabled BPDU guard: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 4 (1/4) enabled State: Forwarding Role: Designated Port id: 128.4 Port cost: 20000 Type: Shared (configured: auto) Internal Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.2...

  • Page 290: Spanning-Tree Mst Mstp-Rstp

    Address 00:02:4b:19:7a:00 Path Cost 10000 Rem hops Bridge ID Priority 32768 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9 CST Root ID Priority...

  • Page 291: Spanning-Tree Guard Root

    Default Configuration Disabled. Command Modes Global configuration User Guidelines • This command can be enabled when all the ports are Access ports. • This command is relevant in MSTP mode only. • When this feature is enabled incoming IEEE RSTP/STP packets would be mapped to the MSTP instance according to the port’s VLAN.
  • Page 292 Example The following example enable root guard on port g8. Console(config)# interface ethernet g8 Console(config-if)# spanning-tree guard root Spanning-Tree Commands...

  • Page 293: Ssh Commands

    SSH Commands ip ssh port The ip ssh port Global Configuration mode command specifies the port to be used by the SSH server. To use the default port, use the no form of this command. Syntax ip ssh port port-number no ip ssh port •...

  • Page 294: Crypto Key Generate Dsa

    User Guidelines • If encryption keys are not generated, the SSH server is in standby until the keys are generated. To generate SSH server keys, use the commands crypto key generate rsa, and crypto key generate dsa. Example The following example enables the device to be configured from a SSH server. Console (config)# ip ssh server crypto key generate dsa The ip ssh server Global Configuration mode command generates DSA key pairs.

  • Page 295: Ip Ssh Pubkey-Auth

    Syntax crypto key generate rsa Default Configuration RSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines • RSA keys are generated in pairs: one public RSA key and one private RSA key. If the device already has RSA keys, a warning and prompt to replace the existing keys with new keys is displayed.

  • Page 296: Crypto Key Pubkey-Chain Ssh

    Example The following example enables public key authentication for incoming SSH sessions. Console (config)# ip ssh pubkey-auth crypto key pubkey-chain ssh The crypto key pubkey-chain ssh Global Configuration mode command enters SSH Public Key- chain configuration mode. The mode is used to manually specify other device public keys such as SSH client public keys.

  • Page 297: Key-String

    • dsa—DSA key. Default Configuration By default, there are no keys. Command Mode SSH Public Key Chain Configuration mode User Guidelines • Follow this command with the key-string command to specify the key. Example The following example enables a SSH public key to be manually configured for the SSH public key chain called "bob".

  • Page 298: Show Ip Ssh

    Example The following example enters public key strings for SSH public key clients called "bob". Console(config)# crypto key pubkey-chain ssh Console(config-pubkey-chain)# user-key bob rsa Console(config-pubkey-key)# key-string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ+ ZNXfZSkvHG+QusIZ/76ILmFT34v7u7ChFAE+ Vu4GRfpSwoQUvV35LqJJk67IOU/zfwOl1g kTwml75QR9gHujS6KwGN2QWXgh3ub8gDjTSq muSn/Wd05iDX2IExQWu08licglk02LYciz +Z4TrEU/9FJxwPiVQOjc+KBXuR0juNg5nFYsY 0ZCk0N/W9a/tnkm1shRE7Di71+w3fNiOA 6w9o44t6+AINEICBCCA4YcF6zMzaT1wefWwX6f+ Rmt5nhhqdAtN/4oJfce166DqVX1gWmN zNR4DYDvSzg0lDnwCAC8Qh Fingerprint: a4:16:46:23:5a:8d:1d:b5:37:59:eb:44:13:b9:33:e9 show ip ssh The show ip ssh Privileged EXEC mode command displays the SSH server configuration.

  • Page 299: Show Crypto Key Mypubkey

    Example The following example displays the SSH server configuration. Console# show ip ssh SSH server enabled. Port: 22 RSA key was generated. DSA (DSS) key was generated. SSH Public Key Authentication is enabled. Active incoming sessions: IP address Version Cipher Auth Code username ----------...

  • Page 300: Show Crypto Key Pubkey-Chain Ssh

    User Guidelines • There are no user guidelines for this command. Example The following example displays the SSH public keys on the device. Console# show crypto key mypubkey rsa RSA key data: 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 64CAB820 847EDAD9 DF0B4E4C 73A05DD2 BD62A8A9 FA603DD2 E2A8A6F8 98F76E28 D58AD221 B583D7A4 71020301 87685768 Fingerprint(Hex): 77:C7:19:85:98:19:27:96:C9:CC:83:C5:78:89:F8:86...
  • Page 301 Console# show crypto key pubkey-chain ssh Username Fingerprint -------- ----------------------------------------------- 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 john 98:F7:6E:28:F2:79:87:C8:18:F8:88:CC:F8:89:87:C8 The following example displays the SSH public called "bob". Console# show crypto key pubkey-chain ssh username bob Username: bob Key: 005C300D 06092A86 SSH Commands...
  • Page 302 SSH Commands...

  • Page 303: Syslog Commands

    Syslog Commands logging on The logging on Global Configuration mode command controls error messages logging. This command sends debug or error messages to a logging process, which logs messages to designated locations asynchronously to the process that generated the messages. To disable the logging process, use the no form of this command.

  • Page 304: Logging Console

    • port—Port number for syslog messages. If unspecified, the port number defaults to 514. (Range: 1 - 65535) • severity level—Limits the logging of messages to the syslog servers to a specified level: emergencies, alerts, critical, errors, warnings, notifications, informational and debugging.

  • Page 305: Logging Buffered

    Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example limits messages logged to the console based on severity level "errors". Console (config)# logging console errors logging buffered The logging buffered Global Configuration mode command limits syslog messages displayed from an internal buffer based on severity.

  • Page 306: Clear Logging

    Syntax logging buffered size number no logging buffered size • number—Numeric value indicating the maximum number of messages stored in the history table. (Range: 20 - 400) Default Configuration The default number of messages is 200. Command Mode Global Configuration mode User Guidelines •...

  • Page 307: Logging File

    logging file The logging file Global Configuration mode command limits syslog messages sent to the logging file based on severity. To cancel the buffer, use the no form of this command. Syntax logging file level no logging file • level—Limits the logging of messages to the buffer to a specified level: emergencies, alerts, critical, errors, warnings, notifications, informational and debugging.

  • Page 308: Show Logging

    Example The following example clears messages from the logging file. Console# clear logging file Clear Logging File [y/n]y show logging The show logging Privileged EXEC mode command displays the state of logging and the syslog messages stored in the internal buffer. Syntax show logging Default Configuration...

  • Page 309: Show Logging File

    Example The following example displays the state of logging and the syslog messages stored in the internal buffer. Console# show logging Logging is enabled. Console Logging: Level debug. Console Messages: 5 Dropped. Buffer Logging: Level debug. Buffer Messages: 16 Logged, 16 Displayed, 200 Max.

  • Page 310: Show Syslog-Servers

    User Guidelines • There are no user guidelines for this command. Example The following example displays the state of logging and the syslog messages stored in the logging file. Console # show logging file console# show logging file Logging is enabled. Console Logging: Level debug.
  • Page 311 Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the syslog server settings. Console# show syslog-servers IP address Port Severity Facility Description ------------- ---- -------- -------- ----------- 192.180.2.275 Informational local 192.180.2.285...
  • Page 312 Syslog Commands...

  • Page 313: System Management

    System Management ping The ping User EXEC mode command sends ICMP echo request packets to another node on the network. Syntax ping ip-address | hostname [size packet_size] [count packet_count] [timeout time_out] • ip-address—IP address to ping. • hostname—hostname to ping. (Range: 1 - 158 characters) •...

  • Page 314: Traceroute

    Examples The following example displays a ping to IP address 10.1.1.1. Console> ping 10.1.1.1 Pinging 10.1.1.1 with 64 bytes of data: 64 bytes from 10.1.1.1: icmp_seq=0. time=11 ms 64 bytes from 10.1.1.1: icmp_seq=1. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=2. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=3.
  • Page 315 • source ip-address—One of the interface addresses of the device to use as a source address for the probes. The device will normally pick what it feels is the best source address to use. (Range: Valid IP Address) • tos tos—The Type-Of-Service byte in the IP Header of the packet. (Range: 0-255) Default Configuration size packet_size—The default is 40 bytes.
  • Page 316 Examples console> traceroute umaxp1.physics.lsa.umich.edu Type Esc to abort. Tracing the route to umaxp1.physics.lsa.umich.edu (141.211.101.64) 1 i2-gateway.stanford.edu (192.68.191.83) 0 msec 0 msec 0 msec 2 STAN.POS.calren2.NET (171.64.1.213) 0 msec 0 msec 0 msec 3 SUNV--STAN.POS.calren2.net (198.32.249.73) 1 msec 1 msec 1 msec 4 Abilene--QSV.POS.calren2.net (198.32.249.162) 1 msec 1 msec 1 msec 5 kscyng-snvang.abilene.ucaid.edu (198.32.8.103) 33 msec 35 msec 35 msec...

  • Page 317: Telnet

    Field Description The probe timed out. Unknown packet type. Administratively unreachable. Usually, this output indicates that an access list is blocking traffic. Host unreachable. Network unreachable. Protocol unreachable. Source quench. Port unreachable. telnet The telnet User EXEC mode command is used to log in to a host that supports Telnet. Syntax telnet ip-address | hostname [port] [keyword1..] •...
  • Page 318 Escape Sequence Purpose Ctrl-shift-6 b Break Ctrl-shift-6 c Interrupt Process (IP) Ctrl-shift-6 h Erase Character (EC) Ctrl-shift-6 o Abort Output (AO) Ctrl-shift-6 t Are You There? (AYT) Ctrl-shift-6 u Erase Line (EL) Ctrl-shift-6 x Suspends the Session At any time during an active Telnet session, the Telnet commands can be listed by pressing the Ctrl-shift-6 key, followed by a question mark at the system prompt: Ctrl-shift-6? A sample of this list follows.
  • Page 319 /stream Turns on stream processing, which enables a raw TCP stream with no Telnet control sequences. A stream connection does not process Telnet options and can be appropriate for connections to ports running UNIX-to- UNIX Copy Program (UUCP) and other non-Telnet protocols.

  • Page 320: Resume

    pop3 Post Office Protocol v3 smtp Simple Mail Transport Protocol sunrpc Sun Remote Procedure Call syslog Syslog tacacs TAC Access Control System talk Talk telnet Telnet time Time uucp Unix-to-Unix Copy Program whois Nickname World Wide Web Example Console> telnet 176.213.10.50 Esc U sends telnet EL resume The resume User EXEC mode command is used to switch to another open Telnet session.

  • Page 321: Reload

    reload The reload Privileged EXEC mode command reloads the operating system. Syntax reload Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • Caution should be exercised when resetting the device, to ensure that no other activity is being performed.

  • Page 322: Show Users

    Example The following example specifies the device host name. Console (config)# hostname Dell show users The show users User EXEC mode command displays information about the active users. Syntax show users Default Configuration This command has no default configuration. Command Mode...

  • Page 323: Show System

    Default Configuration There is no default configuration for this command. Command Mode EXEC mode User Guidelines Open telnet session from PC 5324 to other device. In the other device syntax, press Cntrl-shift-t-X Enter the command show session. The number of sessions opened from PC 5324 is displayed. Enter the command resume [number of session] to return to the relevant telnet session.

  • Page 324: Show Version

    System Description: Corporate System Up Time (days,hour:min:sec): 1,22:38:21 System Contact: System Name: System location: System MAC Address: 00:10:B5:F4:00:01 Sys Object ID: Type: PowerConnect 5324 Power Supply Status ------------ -------------------- Main Secondary Status ------------ -------------------- show version The show version User EXEC mode command displays the system version information.

  • Page 325: Asset-Tag

    Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays a system version (this version number is only for demonstration purposes). Router# show version SW version 3.131 date 23-Jul-2002...

  • Page 326: Show System Id

    Default Configuration This command has no default configuration. No asset tag is defined by default. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example specifies the device asset tag as "1qwepot". Console (config)# asset-tag 1qwepot show system id The show system id User EXEC mode command displays the ID information.

  • Page 327: Tacacs Commands

    TACACS Commands tacacs-server host The tacacs-server host Global Configuration mode command specifies a TACACS+ host. To delete the specified name or address, use the no form of this command. Syntax tacacs-server host {ip-address | hostname} [single-connection] [port port-number] [timeout timeout] [key key-string] [source source] [priority priority] no tacacs-server host {ip-address | hostname} •...

  • Page 328: Tacacs-Server Key

    There are no user guidelines for this command. Examples The following example sets the authentication encryption key. Console (config)# tacacs-server key dell-s tacacs-server timeout The tacacs-server timeout Global Configuration mode command sets the timeout value. To restore the default, use the no form of this command.

  • Page 329: Tacacs-Server Source-Ip

    • timeout—Specifies the timeout value in seconds. (Range: 1 - 30) Default Configuration 5 seconds Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Examples The following example sets the timeout value as 30. Console (config)# tacacs-server timeout 30 tacacs-server source-ip The tacacs-server source-ip Global Configuration mode command specifies the source IP address...

  • Page 330: Show Tacacs

    show tacacs The show tacacs Privileged EXEC mode command displays configuration and statistics for a TACACS+ server. Syntax show tacacs [ip-address] • ip-address—Name or IP address of the host. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines •...

  • Page 331: User Interface

    User Interface enable The enable User EXEC mode command enters the privileged EXEC mode. Syntax enable [privilege-level] • privilege-level—Privilege level to enter the system. (Range: 1 - 15) Default Configuration The default privilege level is 15. Command Mode User EXEC mode User Guidelines •...

  • Page 332: Login

    User Guidelines • There are no user guidelines for this command. Example The following example shows how to return to normal mode. Console# disable Console> login The login User EXEC mode command changes a login username. Syntax login Default Configuration This command has no default configuration.

  • Page 333: Exit(Configuration)

    Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example In the following example, because no keyword is entered, a prompt is displayed. After the keyword is selected, a message confirming the command entry method is displayed.

  • Page 334: Exit(Exec)

    exit(EXEC) The exit User EXEC mode command closes an active terminal session by logging off the device. Syntax exit Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example closes an active terminal session.

  • Page 335: Help

    Example The following example ends the current configuration session and returns to the previous command mode. Console (config)# end Console # help The help command displays a brief description of the help system. Syntax help Default Configuration This command has no default configuration. Command Mode All Command modes User Guidelines...

  • Page 336: History Size

    Example The following example enables the command history function for telnet. Console (config)# line telnet Console (config-line)# history history size The history size Line Configuration mode command changes the command history buffer size for a particular line. To reset the command history buffer size to the default, use the no form of this command.

  • Page 337: Show History

    Command Mode Privilege EXEC command mode User Guidelines • There are no user guidelines for this command. Example The following example enables the debug command interface. console(config)# console# debug >debug Enter DEBUG Password: ***** DEBUG> show history The show history User EXEC mode command lists the commands entered in the current session. Syntax show history Default Configuration...

  • Page 338: Show Privilege

    Example The following example displays all the commands entered while in the current privileged EXEC mode. Console# show history show version show clock show history show privilege The show privilege User EXEC mode command displays the current privilege level. Syntax show privilege Default Configuration This command has no default configuration.

  • Page 339: Vlan Commands

    VLAN Commands vlan database The vlan database Global Configuration mode command enters the VLAN configuration mode. Syntax vlan database Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example enters the VLAN database mode.

  • Page 340: Default-Vlan Disable

    User Guidelines • There are no user guidelines for this command. Example The following example VLAN number 1972 is created. Console (config)# vlan database Console (config-vlan)# vlan 1972 default-vlan disable The default-vlan disable VLAN Configuration mode command disables the default VLAN functionality.

  • Page 341: Interface Range Vlan

    Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example configures the VLAN 1 IP address of 131.108.1.27 and subnet mask 255.255.255.0. Console (config)# interface vlan 1 Console (config-if)# ip address 131.108.1.27 255.255.255.0 interface range vlan...

  • Page 342: Name

    Example The following example groups VLAN 221 until 228 and VLAN 889 to receive the same command. Console (config)# interface range vlan 221-228,889 Console (config-if)# name The name Interface Configuration mode command adds a name to a VLAN. To remove the VLAN name use the no form of this command.

  • Page 343: Switchport Trunk Allowed Vlan

    Default Configuration VID=1 Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines • The command automatically removes the port from the previous VLAN, and adds it to the new VLAN. Example The following example configures a VLAN ID of 23 to the untagged layer 2 VLAN interface number g8.

  • Page 344: Switchport Trunk Native Vlan

    Example The following example shows how to add VLANs 2 and 5 to 8 to the allowed list of g8. Console (config)# interface ethernet g8 Console (config-if)# switchport trunk allowed vlan add 2,5-8 switchport trunk native vlan The switchport trunk native vlan Interface Configuration mode command defines the port as a member of the specified VLAN, and the VLAN ID as the "port default VLAN ID (PVID)".

  • Page 345: Switchport General Pvid

    Syntax switchport general allowed vlan add vlan-list [tagged | untagged] switchport general allowed vlan remove vlan-list • add vlan-list—List of VLAN IDs to add. Separate non consecutive VLAN IDs with a comma and no spaces. A hyphen designates a range of IDs. •...

  • Page 346: Switchport General Ingress-Filtering Disable

    Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines • This command has the following consequences: incoming untagged frames are assigned to this VLAN and outgoing traffic in this VLAN on this port is sent untagged (despite the normal situation where traffic sent from a trunk-mode port is all tagged). Example The following example shows how to configure the PVID for g8, when the interface is in general mode.

  • Page 347: Switchport General Acceptable-Frame-Type Tagged-Only

    switchport general acceptable-frame-type tagged-only The switchport general acceptable-frame-type tagged-only Interface Configuration mode command discards untagged frames at ingress. To enable untagged frames at ingress, use the no form of this command. Syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress.

  • Page 348: Map Protocol Protocols-Group

    Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines • There are no user guidelines for this command. Example The following example forbids adding VLANs number 234 till 256, to g8. Console (config)# interface ethernet g8 Console (config-if)# switchport forbidden vlan add 234-256 map protocol protocols-group The map protocol protocols-group VLAN Configuration mode command maps a protocol to a protocol group.

  • Page 349: Switchport General Map Protocols-Group Vlan

    switchport general map protocols-group vlan The switchport general map protocols-group vlan Interface Configuration mode command sets a protocol-based classification rule. To delete a classification, use the no form of this command. Syntax switchport general map protocols-group group vlan vlan-id no switchport general map protocols-group group •...

  • Page 350: Show Vlan

    Command Mode Interface configuration (Ethernet, port-channel) User Guidelines • An internal usage VLAN is required when an IP interface is defined on Ethernet port or Port- channel. • Using this command the user can define the internal usage VLAN of a port. •...

  • Page 351: Show Vlan Internal Usage

    Console# show vlan Vlan Name Ports Type Authorization default g1-2 other Required g1-4 VLAN0010 g3-4 dynamic Required VLAN0011 g1-2 static Required VLAN0020 g3-4 static Required VLAN0021 static Required VLAN0030 static Required VLAN0031 static Not Required show vlan internal usage The show vlan internal usage Privileged EXEC mode command displays a list of VLANs being used internally by the switch.

  • Page 352: Show Vlan Protocols-Groups

    Example The following example displays all VLAN information. Console# show vlan internal usage VLAN Usage Reserved IP Address ---- --------- ---------- ---------- 1007 Active 1008 Inactive 1009 Active show vlan protocols-groups The show vlan protocols-groups Privileged EXEC mode command displays protocols-groups information.

  • Page 353: Show Interfaces Switchport

    Console# show vlan protocols-groups Encapsulation Protocol Group Id ------------- -------- -------- ethernet 08 00 ethernet 08 06 ethernet 81 37 ethernet 81 38 rfc1042 08 00 rfc1042 08 06 show interfaces switchport The show interfaces switchport Privileged EXEC mode command displays switchport configuration.

  • Page 354: Switchport Mode

    Console# show interface switchport ethernet g1 Port g1: Port mode: General GVRP Status: disabled Ingress Filtering: true Acceptable Frame Type: admitAll Ingress Untagged VLAN (NATIVE) : 1 Port is member in: Vlan Name Egress rule Type ---- ------- ----------- --------- default untagged System...

  • Page 355: Switchport Customer Vlan

    no switchport mode • customer — The port is connected to customer equipment. Used when the switch is in a provider network. • access — Untagged layer 2 VLAN interface • trunk — Trunking layer 2 VLAN interface • general — Full 802.1q support VLAN interface Default Configuration All ports are in access mode, and belong to the default VLAN (whose VID=1).
  • Page 356 User Guidelines • There are no user guidelines for this command. Example The following example sets the port's VLAN when the interface is in customer mode. Console(config)# interface ethernet g5 Console(config-if)# switchport customer vlan vlan-id VLAN Commands...

  • Page 357: Web Server

    Web Server ip http server The ip http server Global Configuration mode command enables the device to be configured from a browser. To disable this function use the no form of this command. Syntax ip http server no ip http server Default Configuration HTTP server is disabled by default.

  • Page 358: Ip Https Server

    User Guidelines • There are no user guidelines for this command. However, specifying 0 as the port number will effectively disable HTTP access to the device. Example The following example shows how the http port number is configured to 100. Console (config)# ip http port 100 ip https server The ip https server Global Configuration mode command enables the device to be configured...

  • Page 359: Crypto Certificate Generate

    Default Configuration This default port number is 443. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example configures the https port number to 100. Console (enable)# ip https port 100 crypto certificate generate The crypto certificate generate Global Configuration mode command generates a HTTPS certificate.

  • Page 360: Crypto Certificate Request

    Default Configuration The Certificate and the SSL RSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines • The command is not saved in the device configuration; however, the certificate and keys generated by this command are saved in the private configuration, which is never displayed to the user or backed up to another device.
  • Page 361 Command Mode Privileged EXEC mode User Guidelines • Use this command to export a certificate request to a Certification Authority. The certificate request is generated in Base64-encoded X.509 format. • Before generating a certificate request you must first generate a self-signed certificate using the crypto certificate generate Global Configuration mode command.

  • Page 362: Crypto Certificate Import

    crypto certificate import The crypto certificate import Global Configuration mode command imports a certificate signed by Certification Authority for HTTPS. Syntax crypto certificate number import • number—Specifies the certificate number. (Range: 1 - 2) Default Configuration There is no default configuration for this command. Command Mode Global configuration mode User Guidelines...

  • Page 363: Ip Https Certificate

    Examples The following example imports a certificate signed by Certification Authority for HTTPS. Console(config)# crypto certificate 1 import -----BEGIN CERTIFICATE----- dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH/xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw CwR0PBAQDAgFGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAf4MT9BRD47 ZvKBAEL9Ggp+6MIIBNgYDVR0fBIIBLTCCASkwgdKggc+ggcyGgclsZGFwOi8v L0VByb3h5JTIwU29mdHdhcmUlMjBSb290JTIwQ2VydGlmaWVyLENOPXNlcnZl -----END CERTIFICATE----- Certificate imported successfully. Issued to: router.gm.com Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 ip https certificate...

  • Page 364: Crypto Certificate Export Pkcs12

    Command Mode Global configuration mode User Guidelines • The crypto certificate generate command should be used in order to generate HTTPS certificates. Example The following example configures the active certificate for HTTPS. Console (config)# ip https certificate 1 crypto certificate export pkcs12 The crypto certificate export pkcs12 Privileged EXEC mode command, exports the certificate and the RSA keys within a PKCS12 file.
  • Page 365 Example The following example exports the certificate and RSA keys. Console# crypto certificate 1 export pkcs12 Bag Attributes localKeyID: 0C 75 81 77 5A 31 53 D1 FF 4E 26 BE 8D 4A FD 8B 22 9F 45 D4 subject=/C=us/ST= /L= /CN= /O= /OU= issuer= /C=us/ST= /L= /CN= /O= /OU= -----BEGIN CERTIFICATE----- MIIBfDCCASYCAQAwDQYJKoZIhvcNAQEEBQAwSTELMAkGA1UEBhMCdXMxCjAIBgNV...

  • Page 366: Crypto Certificate Import Pkcs12

    crypto certificate import pkcs12 The crypto certificate import pkcs12 Privileged EXEC mode command, imports the certificate and the RSA keys within a PKCS12 file. Syntax crypto certificate number import pkcs12 passphrase • number—Specifies the certificate number. (Range: 1 - 2) •...
  • Page 367 Console# crypto certificate 1 import pkcs12 passphrase Bag Attributes localKeyID: 0C 75 81 77 5A 31 53 D1 FF 4E 26 BE 8D 4A FD 8B 22 9F 45 D4 subject=/C=us/ST= /L= /CN= /O= /OU= issuer= /C=us/ST= /L= /CN= /O= /OU= -----BEGIN CERTIFICATE----- MIIBfDCCASYCAQAwDQYJKoZIhvcNAQEEBQAwSTELMAkGA1UEBhMCdXMxCjAIBgNV BAgTASAxCjAIBgNVBAcTASAxCjAIBgNVBAMTASAxCjAIBgNVBAoTASAxCjAIBgNV...

  • Page 368: Show Crypto Certificate Mycertificate

    show crypto certificate mycertificate The show crypto certificate mycertificate Privileged EXEC mode command allows you to view the SSL certificates of your device. Syntax show crypto certificate mycertificate [number] • number—Specifies the certificate number. (Range: 1- 2) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...

  • Page 369: Show Ip Http

    show ip http The show ip http Privileged EXEC mode command displays the HTTP server configuration. Syntax show ip http Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the HTTP server configuration.
  • Page 370 Example The following example displays the HTTP server configuration. Console# show ip https HTTPS server enabled. Port: 443 Certificate 1 is active Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by: self-signed Valid from: 8/9/2003 to 8/9/2004...

  • Page 371: Aaa Authentication Dot1X

    802.1x Commands aaa authentication dot1x The aaa authentication dot1x Global Configuration mode command specifies one or more authentication, authorization, and accounting (AAA) methods for use to authenticate interfaces running IEEE 802.1X. Use the no form of this command to return to default. Syntax aaa authentication dot1x default method1 [method2...] no aaa authentication dot1x default...

  • Page 372: 802.1X Commands

    dot1x system-auto-control The dot1x system-auto-control Global Configuration mode command enables 802.1x globally. Use the no form of this command to disable 802.1x globally. Syntax dot1x system-auto-control no dot1x system-auto-control • This command has no arguments or keywords. Default Configuration Disabled Command Modes Global configuration mode User Guidelines...

  • Page 373: Dot1X Re-Authentication

    Default Configuration force-authorized Command Mode Interface configuration (Ethernet) User Guidelines • It is recommended to disable spanning tree or to enable spanning-tree PortFast mode on 802.1x edge ports (ports in auto state that are connected to end stations), in order to get immediately to the forwarding state after successful authentication.

  • Page 374: Dot1X Timeout Re-Authperiod

    Examples The following example enables periodic re-authentication of the client. Console (config)# interface ethernet g8 Console (config-if)# dot1x re-authentication dot1x timeout re-authperiod The dot1x timeout re-authperiod Interface Configuration mode command sets the number of seconds between re-authentication attempts. Use the no form of this command to return to the default setting.

  • Page 375: Dot1X Timeout Quiet-Period

    Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples • The following command manually initiates a re-authentication of the 802.1X-enabled port. Console# dot1x re-authenticate ethernet g8 dot1x timeout quiet-period The dot1x timeout quiet-period Interface Configuration mode command sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange (for example, the client provided an invalid password).

  • Page 376: Dot1X Timeout Tx-Period

    Examples The following example sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange, to 3600. Console (config)# interface ethernet g8 Console (config-if)# dot1x timeout quiet-period 3600 dot1x timeout tx-period The dot1x timeout tx-period Interface Configuration mode command sets the number of seconds that the switch waits for a response to an Extensible Authentication Protocol (EAP) - request/identity frame, from the client, before resending the request.

  • Page 377: Dot1X Max-Req

    dot1x max-req The dot1x max-req Interface Configuration mode command sets the maximum number of times that the switch sends an Extensible Authentication Protocol (EAP) - request/identity frame (assuming that no response is received) to the client, before restarting the authentication process. Use the no form of this command to return to the default setting.

  • Page 378: Dot1X Timeout Server-Timeout

    Default Configuration Command Mode Interface configuration (Ethernet) mode User Guidelines • The default value of this command should be changed only to adjust to unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. Examples The following example sets the time for the retransmission of an EAP-request frame to the client, to 3600 seconds.

  • Page 379: Show Dot1X

    Examples The following example sets the time for the retransmission of packets to the authentication server., to 3600 seconds. Console (config)# dot1x timeout server-timeout 3600 show dot1x The show dot1x Privileged EXEC mode command displays 802.1X status for the switch or for the specified interface.
  • Page 380 Console# show dot1x ethernet g3 Interface Admin Mode Oper Mode Reauth Reauth Username Control Period Auto Unauthorize 3600 Clark State: held Quiet period: 60 Tx period: 30 Max req: 2 Login Time: n/a Last Authentication: n/a MAC Address: 00:08:78:32:98:78 Authentication Method: Remote Termination Cause: Supplicant logoff The following table describes the significant fields shown in the display: Field...

  • Page 381: Show Dot1X Users

    Max req The maximum number of times that the switch sends an Extensible Authentication Protocol (EAP)-request/identity frame (assuming that no response is received) to the client before restarting the authentication process. Login Time How long the user is logged in. Last Authentication Time since last authentication.

  • Page 382: Show Dot1X Statistics

    Field Description Username The User-Name representing the identity of the Supplicant. Login Time How long the user is logged in. Last Authentication Time since last authentication. Authentication Method The authentication method used to establish the session. Mac address The supplicant MAC address. Interface The interface that the user is using.
  • Page 383 Examples The following example displays 802.1X statistics for the specified interface. Switch# show dot1x statistics ethernet g1 EapolFramesRx: 11 EapolFramesTx: 12 EapolStartFramesRx: 1 EapolLogoffFramesRx: 1 EapolRespIdFramesRx: 3 EapolRespFramesRx: 6 EapolReqIdFramesTx: 3 EapolReqFramesTx: 6 InvalidEapolFramesRx: 0 EapLengthErrorFramesRx: 0 LastEapolFrameVersion: 1 LastEapolFrameSource: 0008.3b79.8787 The following table describes the significant fields shown in the display: Field Description...

  • Page 384: Advanced Features

    EapolReqFramesTx The number of EAP Request frames (other than Rq/Id frames) that have been transmitted by this Authenticator. InvalidEapolFramesRx The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized. EapLengthErrorFramesRx The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid.

  • Page 385: Dot1X Multiple-Hosts

    dot1x multiple-hosts The dot1x multiple-hosts Interface Configuration mode command allows multiple hosts (clients) on an 802.1X-authorized port, that has the dot1x port-control Interface Configuration mode command set to auto. Use the no form of this command to return to the default setting. Syntax dot1x multiple-hosts no dot1x multiple-hosts...

  • Page 386: Show Dot1X Advanced

    • forward—Forward frames with source addresses not the supplicant address, but do not learn the address. • discard—Discard frames with source addresses not the supplicant address. • discard-shutdown—Discard frames with source addresses not the supplicant address. The port is also shutdown. •...
  • Page 387 Examples The following example displays 802.1X advanced features for the switch. Switch# show dot1x advanced Unauthenticated VLANs: 91, 92 Port Multiple Hosts Disabled Enabled Switch# show dot1x advanced ethernet g1 Port Multiple Hosts Disabled Single host parameters Violation action: Discard Trap: Enabled Trap frequency: 100 Status: Single-host locked...
  • Page 388 console# show dot1x advanced ethernet g1 Guest VLAN: 3978 Unauthenticated VLANs: 91, 92 Use user attributes from Authentication Server: Enabled User VLAN not created: Create Interface Multiple Hosts Disabled Enabled Single Host Violation: Discard Trap: Enabled Frequency: 100 Status: Authorized (Locked) Counter: 9 802.1x Commands...

Table of Contents

Save PDF