Dell™ PowerConnect™ 5316M CLI Reference Guide w w w . d e l l . c o m | s u p p o r t . d e l l . c o m...
Page 2
Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
Command Groups Introduction The Command Language Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, you have greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
Page 22
Management ACL Configures and displays management access-list information. PHY Diagnostics Diagnoses and displays the interface status. Port Channel Configures and displays Port Channel information. Port Monitor Monitors activity on specific target ports. Configures and displays QoS information. RADIUS Configures and displays RADIUS information. RMON Displays RMON statistics.
Page 23
AAA Commands Command Group Description Access Mode aaa authentication login Defines login authentication. Global Configuration aaa authentication enable Defines authentication method lists for accessing higher Global privilege levels. Configuration login authentication Specifies the login authentication method list for a Line remote telnet or console.
Page 24
bridge multicast Enables forbidding forwarding of all multicast Interface (VLAN) forbidden forward-all frames to a port. Configuration bridge aging-time Sets the address table aging time. Global Configuration clear bridge Removes any learned entries from the forwarding Privileged EXEC database. port security Disables new address learning/forwarding on an Interface interface.
sntp trusted-key Authenticates the identity of a system to which Global Simple Network Time Protocol (SNTP) will Configuration synchronize. sntp client poll timer Sets the polling time for the Simple Network Time Global Protocol (SNTP) client. Configuration sntp broadcast client Enables the Simple Network Time Protocol (SNTP) Global enable...
Page 26
show bootvar Displays the active system image file that the Privileged EXEC Ethernet Switch Module loads at startup. Ethernet Configuration Commands Command Group Description Access Mode interface ethernet Enters the interface configuration mode to Global configure an Ethernet type interface. Configuration interface range ethernet Enters the interface configuration mode to...
Page 27
show interfaces Displays the description for all interfaces. User EXEC description show interfaces counters Displays traffic seen by the physical interface. User EXEC show ports jumbo-frame Displays the jumbo frames configuration. User EXEC port storm-control Enables the Ethernet Switch Module to count Global include-multicast multicast packets with broadcast packets.
Page 28
IGMP Snooping Commands Command Group Description Access Mode ip igmp snooping Enables Internet Group Management Protocol Global (Global) (IGMP) snooping. Configuration ip igmp snooping Enables Internet Group Management Protocol Interface (VLAN) (IGMP) snooping on a specific VLAN. ip igmp snooping Enables automatic learning of multicast switch ports Interface (VLAN) mrouter learn-pim-dvmrp...
Page 29
clear arp-cache Deletes all dynamic entries from the ARP cache. Privileged EXEC show arp Displays entries in the ARP table. Privileged EXEC ip domain-lookup Enables the IP Domain Naming System (DNS)-based Global host name-to-address translation. Configuration ip domain-name Defines a default domain name, that the software Global uses to complete unqualified host names.
Page 30
LLDP Commands Command Group Description Access Mode lldp enable (global) Enables Link Layer Discovery Protocol. Global Configuration lldp enable (interface) Enables Link Layer Discovery Protocol (LLDP) on an Interface interface. Configuration (Ethernet) lldp timer Specifies how often the software sends Link Layer Global Discovery Protocol (LLDP) updates.
Page 31
Management ACL Commands Command Group Description Access Mode management access- Defines a management access-list, and enters the access- Global list list for configuration. Configuration permit (management) Defines a permit rule. Management Access-level deny (management) Defines a deny rule. Management Access-level management access- Defines which management access-list is used.
Page 32
Port Channel Commands Command Group Description Access Mode interface port-channel Enters the interface configuration mode of a specific Global port-channel. Configuration interface range port- Enters the interface configuration mode to configure Global channel multiple port-channels. Configuration channel-group Associates a port with a port-channel. Interface Configuration port channel load...
Page 33
qos trust (Global) Configures the system to basic mode and the "trust" Global state. Configuration Enables each port trust state qos trust (Interface) Interface Configuration qos cos Configures the default port CoS value. Interface Configuration show qos map Displays all the maps for QoS. User EXEC Radius Commands Command Group...
Page 34
RMON Commands Command Group Description Mode show rmon statistics Displays RMON Ethernet Statistics. User EXEC rmon collection history Enables a Remote Monitoring (RMON) MIB history Interface statistics group on an interface. Configuration show rmon collection Displays the requested history group configuration. User EXEC history show rmon history...
Page 35
snmp-server host Specifies the recipient of Simple Network Global Management Protocol notification operation. Configuration snmp-server set Sets SNMP MIB value by the CLI. Global Configuration snmp-server group Configures a new Simple Network Management Global Protocol (SNMP) group. Configuration snmp-server user Configure a new SNMP Version 3 user.
Page 36
spanning-tree priority Configures the spanning tree priority. Global Configuration spanning-tree disable Disables spanning tree on a specific port. Interface Configuration spanning-tree cost Configures the spanning tree path cost for a port. Interface Configuration spanning-tree port- Configures port priority. Interface priority Configuration spanning-tree portfast Enables PortFast mode.
Page 37
revision (mst) Defines the configuration revision number. Configuration mode show (mst) Displays the current or pending MST region configuration. Configuration mode exit (mst) Exits the MST configuration mode and applies all configuration changes. Configuration mode abort (mst) Exits the MST configuration mode without applying the configuration changes Configuration mode...
Page 38
show crypto key mypubkey Displays the SSH public keys stored on the Privileged Ethernet Switch Module. EXEC show crypto key pubkey-chain Displays SSH public keys stored on the Ethernet Privileged Switch Module. EXEC Syslog Commands Command Group Description Access Mode logging on Controls error messages logging.
System Management Commands Command Group Description Access Mode ping Sends ICMP echo request packets to another User EXEC node on the network. traceroute Discovers the routes that packets will actually take User EXEC when traveling to their destination. telnet Logs in to a host that supports Telnet. User EXEC resume Switches to another open Telnet session...
User Interface Commands Command Group Description Access Mode enable Enters the privileged EXEC mode. User EXEC disable Returns to User EXEC mode. Privileged EXEC login Changes a login username. Priv/User EXEC configure Enables the global configuration mode Privileged EXEC exit(configuration) Exits any configuration mode to the next highest mode in the CLI mode hierarchy.
Page 41
interface vlan Enters the interface configuration (VLAN) mode Global Configuration interface range vlan Enters the interface configuration mode to configure Global multiple VLANs. Configuration name Configures a name to a VLAN. Interface (VLAN) Configuration switchport mode Configures the VLAN membership mode of a port. Interface Configuration switchport customer...
Web Server Commands Command Group Description Access Mode ip http server Enables the Ethernet Switch Module to be configured Global from a browser. Configuration ip http port Specifies the TCP port for use by a web browser to Global configure the Ethernet Switch Module. Configuration ip https port Configures a TCP port for use by a secure web browser to...
Page 43
dot1x re-authentication Enables periodic re-authentication of the client. Interface Configuration dot1x timeout re- Sets the number of seconds between re-authentication Interface authperiod attempts. Configuration dot1x re-authenticate Manually initiates a re-authentication of all 802.1X- Privileged enabled ports or the specified 802.1X-enabled port. EXEC dot1x timeout quiet- Sets the number of seconds that the Ethernet Switch...
Command Modes GC (Global Configuration) Mode Command Description aaa authentication enable Defines authentication method lists for accessing higher privilege levels. aaa authentication login Defines login authentication. aaa authentication dot1x Specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1X. Adds a permanent entry in the ARP cache.
Page 46
interface range ethernet Enters the interface configuration mode to configure multiple ethernet type interfaces. interface range port-channel Enters the interface configuration mode to configure multiple port- channels. interface range vlan Enters the interface configuration mode to configure multiple VLANs. interface vlan Enters the interface configuration (VLAN) mode.
Page 47
logging buffered size Changes the number of syslog messages stored in the internal buffer. logging console Limits messages logged to the console based on severity. logging file Limits syslog messages sent to the logging file based on severity. logging on Controls error messages logging.
snmp-server contact Sets up a system contact. snmp-server enable traps Enables the Ethernet Switch Module to send SNMP traps or SNMP notifications. snmp-server host Specifies the recipient of Simple Network Management Protocol notification operation. snmp-server location Sets up the information on where the Ethernet Switch Module is located.
Page 49
back-pressure Enables Back Pressure on a given interface. channel-group Associates a port with a Port-channel. description Adds a description to an interface. dot1x max-req Sets the maximum number of times that the Ethernet Switch Module sends an EAP - request/identity frame to the client, before restarting the authentication process.
mdix Enables automatic crossover on a given interface. name Configures a name to a VLAN. negotiation Enables auto-negotiation operation for the speed and duplex parameters of a given interface. port monitor Starts a port monitoring session. port security Disables new address learning/forwarding on an interface. port security routed secure- Adds MAC-layer secure addresses to a routed port.
password Specifies a password on a line. MA (Management Access-level) Mode Command Description deny (management) Defines a deny rule. permit (management) Defines a permit rule. PE (Privileged EXEC) Mode Command Description boot system Specifies the system image that the Ethernet Switch Module loads at startup.
Page 52
show bootvar Displays the active system image file that the Ethernet Switch Module loads at startup show bridge address-table Displays all entries in the bridge-forwarding database. show bridge address-table Displays the number of addresses present in all VLANs or at specific count VLAN.
show management access-list Displays management access-lists. show ports security Displays the port-lock status. show ports storm-control Displays the storm control configuration. show radius-servers Displays the RADIUS server settings. show running-config Displays the contents of the currently running configuration file. show snmp Displays the SNMP status.
clear gvrp statistics Displays GVRP statistics. show history Lists the commands entered in the current session. show ip igmp snooping Enables automatic learning of multicast switch ports in the context of a mrouter specific VLAN. show interfaces configuration Displays the configuration for all interfaces. show interfaces counters Displays traffic seen by the physical interface.
Page 55
VC (VLAN Configuration) Mode Command Description bridge address Adds a static MAC-layer station source address to the bridge table. bridge multicast address Registers MAC-layer multicast addresses to the bridge table, and adds static ports to the group. bridge multicast forbidden Forbids adding a specific multicast address to specific ports.
Using the CLI This chapter describes how to start using the CLI and describes implemented command editing features to assist in using the CLI. CLI Command Modes Introduction To assist in configuring Ethernet Switch Modules, the Command Line Interface (CLI) is divided into different command modes.
When starting a session, the initial mode is the User EXEC mode. Only a limited subset of commands are available in User EXEC Mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required. The Privileged mode gives access to commands that are restricted on EXEC mode and provides access to the Ethernet Switch Module Configuration mode.
The following example illustrates how to access Privileged Exec mode and return back to the User EXEC mode: console>enable Enter Password: ****** console# console#disable console> The Exit command is used to return from any mode to the previous mode except when returning to User EXEC mode from the Privileged EXEC mode.
The following steps are for use on the console line only. To start using the CLI, perform the following steps: Ensure the Ethernet Switch Module is installed in the Dell Modular Server Chassis, see Dell PowerConnect 5316M Ethernet Switch Module User’s Guide.
Page 61
Connect the DB9 null-modem or cross over cable to the RS-232 serial port of the Dell Remote Access Controller / Modular Chassis (DRAC/MC) in the Dell Modular Server Chassis to the RS-232 serial port of the terminal or computer running the terminal emulation application.
<Shift> key if the tilde character is located in the upper register of your keyboard) and then press period (dot) ".". For further details on configuring and using the DRAC/MC see Dell Remote Access Controller / Modular Chassis User's Guide.
When working with the CLI, the command options are not displayed. The command is not selected from a menu, but is manually entered. To see what commands are available in each mode or within an interface configuration, the CLI does provide a method of displaying the available commands, the command syntax requirements and in some instances parameters required to complete the command.
Negating the Effect of Commands For many configuration commands, the prefix keyword " " can be entered to cancel the effect of a command or reset the configuration to the default value. This guide describes the negation effect for all applicable commands. Command Completion If the command entered is incomplete, invalid or has missing or invalid parameters, then the appropriate error message is displayed.
Page 65
<Enter> Any individual key on the keyboard. For example press <Enter>. Ctrl+F4 Any combination keys pressed simultaneously on the keyboard. Indicates system messages and prompts appearing on the console. Screen Display When a parameter is required to define a range of ports or parameters and all is an option, the default for the command is all when no parameters are defined.
AAA Commands aaa authentication login The aaa authentication login Global Configuration mode commands define login authentication. To return to the default configuration, use the no form of this command. Syntax aaa authentication login {default | list-name} method1 [method2...] no aaa authentication login {default | list-name} •...
• Create a list by entering the aaa authentication login list-name method command for a particular protocol, where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.
Default Configuration If the default list is not set, only the enable password is checked. This has the same effect as the command aaa authentication enable default enable. On the console, the enable password is used if it exists. If no password is set, the process still succeeds.
Default Configuration Uses the default set with the command authentication login. Command Mode Line Configuration mode User Guidelines • Changing login authentication from default to another value may disconnect the telnet session. Example The following example specifies the default authentication method for a console. console(config)# line console console(config-line)# login authentication default enable authentication...
console(config)# line console console(config-line)# enable authentication default ip http authentication The ip http authentication Global Configuration mode command specifies authentication methods for http. To return to the default, use the no form of this command. Syntax ip http authentication method1 [method2...] no ip http authentication •...
Syntax ip https authentication method1 [method2...] no ip https authentication • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication.
User Guidelines There are no user guidelines for this command. Example The following example displays the authentication configuration. console# show authentication methods Login Authentication Method Lists --------------------- -------------- Console_Default: None Network_Default: Local Enable Authentication Method Lists ---------------------- ------------- Console_Default: Enable None Network_Default: Enable Line...
• encrypted — Encrypted password to be entered, copied from another Ethernet Switch Module configuration. Default Configuration No password is defined. Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command. Example The following example specifies a password "secret" on a line. console(config-line)# password secret enable password The enable password Global Configuration mode command sets a local password to control access...
Example The following example sets a local level 15 password "secret" to control access to user and privilege levels. console(config)# enable password level 15 secret username The username Global Configuration mode command creates a user account in the local database. To remove a user name, use the no form of this command.
Page 76
Syntax show users accounts Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the local users configured with access to the system. console# show users accounts Username Privilege...
Address Table Commands NOTE: Some of the commands included in this group may have implications on internal ports. bridge address The bridge address Interface Configuration (VLAN) mode command adds a static MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of the bridge address command (using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN).
console(config)# interface vlan 2 console(config-if)# bridge address 3a:a2:64:b3:a2:45 ethernet g16 permanent bridge multicast filtering The bridge multicast filtering Global Configuration mode command enables filtering of multicast addresses. To disable filtering of multicast addresses, use the no form of the bridge multicast filtering command.
Page 79
bridge multicast address {mac-multicast-address | ip-multicast-address} [add | remove] {ethernet interface-list | port-channel port-channel-number-list} no bridge multicast address {mac-multicast-address | ip-multicast-address} • add — Adds ports to the group. If no option is specified, this is the default option. • remove —...
bridge multicast forbidden address The bridge multicast forbidden address Interface Configuration (VLAN) mode command forbids adding a specific multicast address to specific ports. Use the no form of this command to return to default. Syntax bridge multicast forbidden address {mac-multicast-address | ip-multicast-address} {add | remove} {ethernet interface-list | port-channel port-channel-number-list} no bridge multicast forbidden address {mac-multicast-address | ip-multicast-address} •...
bridge multicast forward-all The bridge multicast forward-all Interface Configuration (VLAN) mode command enables forwarding of all multicast packets on a port. To restore the default, use the no form of the bridge multicast forward-all command. Syntax bridge multicast forward-all {add | remove} {ethernet interface-list | port-channel port- channel-number-list} no bridge multicast forward-all •...
Default Configuration 300 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example In this example the bridge aging time is set to 250. console(config)# bridge aging-time 250 clear bridge The clear bridge Privileged EXEC mode command removes any learned entries from the forwarding database.
Syntax port security [forward | discard | discard-shutdown] [trap seconds] no port security forward — Forwards frames with unlearned source addresses, but does not learn the • address. • discard — Discards frames with unlearned source addresses. This is the default if no option is indicated.
Default Configuration No addresses are defined. Command Mode Interface configuration (Ethernet, port-channel) mode. Cannot be configured for a range of interfaces (range context). User Guidelines • The command enables adding secure MAC addresses to a routed port in port security mode. The command is available when the port is a routed port and in port security mode.
Example In this example, all classes of entries in the bridge-forwarding database are displayed. console# show bridge address-table Aging time is 300 sec Vlan Mac address Port Type ---- ----------- ---- ---- 00:60:70:4C:73:FF dynamic 00:60:70:8C:73:FF dynamic 00:10:0D:48:37:FF static 00:10:0D:48:37:FF dynamic show bridge address-table static The show bridge address-table static Privileged EXEC mode command displays statically created entries in the bridge-forwarding database.
console# show bridge address-table static Aging time is 300 sec vlan mac address port type ---- ----------- ---- ---- 00:60:70:4C:73:FF permanent 00:60:70:8C:73:FF delete-on-timeout 00:10:0D:48:37:FF delete-on-reset show bridge address-table count The show bridge address-table count Privileged EXEC mode command displays the number of addresses present in the Forwarding Database.
show bridge multicast filtering The show bridge multicast filtering Privileged EXEC mode command displays the multicast filtering configuration. Syntax show bridge multicast filtering vlan-id • vlan-id — A valid VLAN ID value. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 91
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • If no parameters are entered, all entries are displayed. • The extra columns in the displayed port-lock status are as follows: – Frequency — Minimum time in seconds between consecutive traps Counter —...
Clock clock set The clock set Privileged EXEC mode command manually sets the system clock. Syntax clock set hh:mm:ss day month year clock set hh:mm:ss month day year • hh:mm:ss — Current time in hours (military format), minutes, and seconds (hh: 0 - 23, mm: 0 - 59, ss: 0 - 59).
Default Configuration No external clock source Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Examples The following example configures an external time source for the system clock. console(config)# clock source sntp clock timezone The clock timezone Global Configuration mode command sets the time zone for display purposes.
clock summer-time The clock summer-time Global Configuration mode command configures the system to automatically switch to summer time (daylight saving time). To configure the software not to automatically switch to summer time, use the no form of this command. Syntax clock summer-time recurring {usa | eu | {week day month hh:mm week day month hh:mm}} [offset offset] [zone acronym] clock summer-time date date month year hh:mm date month year hh:mm [offset offset] [zone...
Command Mode Global Configuration mode User Guidelines • In both the date and recurring forms of the command, the first part of the command specifies when summer time begins, and the second part specifies when it ends. All times are relative to the local time zone.
Syntax sntp authentication-key number md5 value no sntp authentication-key number number — Key number (Range: 1 - 4294967295) • • value — Key value (Range: 1-8 characters) Default Configuration No authentication key is defined. Command Mode Global Configuration mode User Guidelines •...
Examples The following example defines the authentication key for SNTP and grants authentication. console(config)# sntp authentication-key 8 md5 ClkKey console(config)# sntp trusted-key 8 console(config)# sntp authenticate sntp trusted-key The sntp trusted-key Global Configuration mode command authenticates the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize.
Syntax sntp client poll timer seconds no sntp client poll timer seconds — Polling interval in seconds (Range: 60-86400) • Default Configuration Polling interval is 1024 seconds. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Examples The following example sets the polling time for the Simple Network Time Protocol (SNTP) client to 120 seconds.
Examples The following example enables the SNTP broadcast clients. console(config)# sntp broadcast client enable sntp anycast client enable The sntp anycast client enable Global Configuration mode command enables anycast client. To disable the anycast client, use the no form of this command. Syntax sntp anycast client enable no sntp anycast client enable...
Default Configuration Client is disabled on an interface. Command Mode Interface configuration (Ethernet, port-channel, VLAN) mode User Guidelines • Use the sntp broadcast client enable Global Configuration mode command to enable broadcast clients globally. • Use the sntp anycast client enable Global Configuration mode command to enable anycast clients globally.
sntp unicast client poll The sntp unicast client poll Global Configuration mode command enables polling for the Simple Network Time Protocol (SNTP) predefined unicast servers. To disable the polling for SNTP client, use the no form of this command. Syntax sntp unicast client poll no sntp unicast client poll Default Configuration...
Default Configuration No servers are defined. Command Mode Global Configuration mode User Guidelines • Up to 8 SNTP servers can be defined. • Use the sntp unicast client enable Global Configuration mode command to enable predefined unicast clients globally. • To enable polling you should also use the sntp unicast client poll Global Configuration mode command for global enabling.
Page 104
User Guidelines • The symbol that precedes the show clock display indicates the following: Symbol Description Time is not authoritative. (blank) Time is authoritative. Time is authoritative, but SNTP is not synchronized. Example The following example displays the time and date from the system clock. console>...
show sntp configuration The show sntp configuration Privileged EXEC mode command shows the configuration of the Simple Network Time Protocol (SNTP). Syntax show sntp configuration • This command has no keywords or arguments. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
show sntp status The show sntp status Privileged EXEC mode command shows the status of the Simple Network Time Protocol (SNTP). Syntax show sntp status • This command has no keywords or arguments. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Configuration and Image Files delete startup-config The delete startup-config Privileged EXEC mode command deletes the startup-config file. Syntax delete startup-config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example deletes the startup-config file.
Page 110
Keyword Description flash Source or destination URL for Flash memory. It’s the default in case a URL is specified without a prefix. The syntax is flash://startup-config, “flash://image”. running-config Represents the current running configuration file. startup-config Represents the startup configuration file. backup-config Represents the backup configuration file.
Page 111
To terminate the binary mode connection to the Ethernet Switch Module serial console, disconnect (hang up) the current session of the terminal or terminal emulation application. For further details on configuring and using the DRAC/MC see Dell Remote Access Controller / Modular Chassis User's Guide.
Page 112
Use the copy source-url running-config command to load a "configuration file" from a network server to the Ethernet Switch Module "running configuration". The configuration is added to the "running configuration" as if the commands were typed in the command-line interface (CLI). The resulting configuration file is a combination of the previous "running configuration"...
Example The following example copies a system image named file1 from the TFTP server with an IP address of 172.16.101.101 to non active image file. console# copy tftp://172.16.101.101/file1 image Accessing file 'file1' on 172.16.101.101... Loading file1 from 172.16.101.101: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!! [OK] Copy took 0:01:11 [hh:mm:ss]...
show running-config The show running-config Privileged EXEC mode command displays the contents of the currently running configuration file. Syntax show running-config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines show running-config does not show all the port configurations under the port. Although the •...
Page 115
Examples The following example displays the contents of the running-config file. console# show running-config no spanning-tree vlan database vlan 2 exit interface range ethernet g(1-2) switchport access vlan 2 exit interface vlan 2 bridge address 00:00:00:00:00:01 ethernet g1 exit interface ethernet g1 gvrp enable exit gvrp enable...
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays the contents of the startup-config file. console# show startup-config no spanning-tree vlan database vlan 2 exit interface range ethernet g(1-2) switchport access vlan 2 exit interface vlan 2...
Syntax show backup-config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays the backup configuration file contents console# show backup-config hostname device interface ethernet g1 ip address 176.242.100.100 255.255.255.0 duplex full...
Page 118
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays the active system image file that the Ethernet Switch Module loads at startup. console# show bootvar Images currently available on the FLASH image-1 active (selected for next boot) image-2...
Ethernet Configuration Commands NOTE: Some of the commands included in this group may have implications on internal ports. interface ethernet The interface ethernet Global Configuration mode command enters the interface configuration mode to configure an Ethernet type interface. Syntax interface ethernet interface •...
Command Mode Global Configuration mode User Guidelines • Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces. Example The following example shows how ports g11 to g12 and ports g13 to g14 are grouped to receive the same command.
The following example re-enables port g15. console(config)# interface ethernet g15 console(config-if)# no shutdown description The description Interface Configuration (Ethernet, port-channel) mode command adds a description to an interface. To remove the description, use the no form of this command. Syntax description string no description •...
• 100 — Configure 100 Mbps operation. • 1000 — Configure 1000 Mbps operation. Default Configuration Maximum port capability (1000Mbps). Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines • The command "no speed" in port-channel context returns each port in the port-channel to its maximum capability.
• Half duplex mode can be set only for ports operating at 10 Mbps or 100 Mbps. Example The following example configures the duplex operation of port g15 to configure full duplex operation. console(config)# interface ethernet g15 console(config-if)# duplex full negotiation The negotiation Interface Configuration (Ethernet, port-channel) mode command enables auto- negotiation operation for the speed and duplex parameters of a given interface.
Syntax flowcontrol {auto | on | off} no flowcontrol auto — Enables auto-negotiation of Flow Control. • • on — Enables Flow Control. • off — Disables Flow Control. Default Configuration Flow Control is off. Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines •...
Default Configuration Automatic crossover is enabled Command Mode Interface Configuration (Ethernet) mode User Guidelines • Mdix Auto: All possibilities to connect a PC with cross OR normal cables are supported and are automatically detected. • Mdix ON: It is possible to connect to a PC only with a normal cable and to connect to another Ethernet Switch Module ONLY with a cross cable.
Example In the following example Back Pressure is enabled on port g15. console(config)# interface ethernet g15 console(config-if)# back-pressure port jumbo-frame The port jumbo-frame Global Configuration mode command enables jumbo frames for the Ethernet Switch Module. The size of the port jumbo frame is up to 10K. To disable jumbo frames, use the no form of this command.
Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example In the following example, the counters for interface g11 are cleared. console> clear counters ethernet g11 set interface active The set interface active Privileged EXEC mode command reactivates an interface that was suspended by the system.
Syntax show interfaces configuration [ethernet interface | port-channel port-channel-number ] • interface — Valid Ethernet port. port-channel-number — Valid port-channel index. • Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the configuration for all configured interfaces: console# show interfaces configuration...
The displayed port configuration information includes the following: • Port — The port number. • Port Type — The port designated IEEE shorthand identifier. For example 1000Base-T refers to 1000 Mbps baseband signaling. • Duplex — Displays the port Duplex status. •...
Page 130
Example The following example displays the status for all configured interfaces. console> show interfaces status Port Type Duplex Speed Neg Flow Back MDIX Link Control Pressure Mode State ---- ----- ------ ---- ---- ------ ----- ----- ---- Full Enabled On Enable Copper Full...
The displayed port status information includes the following: • Port — The port number. • Port Type — The port designated IEEE shorthand identifier. For example, 1000Base-T refers to 1000 Mbps baseband signaling. • Duplex — Displays the port Duplex status. •...
Example The following example displays the description for the interface g11. console> show interfaces description ethernet g11 Port Description ---- ------------------ Management_port show interfaces counters The show interfaces counters User EXEC mode command displays traffic seen by the physical interface. Syntax show interfaces counters [ethernet interface | port-channel port-channel-number] •...
Page 133
Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts ----- ---------- ------------ ------------ ----------- 9188 8789 InOctets InUcastPkts InMcastPkts InBcastPkts -------- ---------- ----------- ----------- 27889 OutOctets OutUcastPkts OutMcastPkts OutBcastPkts --------- ------------ ------------- ----------- 23739 The following example displays counters for port g11. Ethernet Configuration Commands...
Page 134
console> show interfaces counters ethernet g11 Port InOctets InUcastPkts InMcastPkts InBcastPkts ------ ----------- -------------- -------------- ----------- 183892 1289 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts ------ ----------- -------------- -------------- ----------- 9188 FCS Errors: 8 Single Collision Frames: 0 Multiple Collision Frames: 0 SQE Test Errors: 0 Deferred Transmissions: 0 Late Collisions: 0...
OutUcastPkts Counted transmitted unicast packets. OutMcastPkts Counted transmitted multicast packets. OutBcastPkts Counted transmitted broadcast packets. FCS Errors Counted frames received that are an integral number of octets in length but do not pass the FCS check. Single Collision Frames Counted frames that are involved in a single collision, and are subsequently transmitted successfully.
Command Modes User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the jumbo frames configuration. console> show ports jumbo-frame Jumbo frames are disabled Jumbo frames will be enabled after reset port storm-control include-multicast The port storm-control include-multicast Global Configuration mode command enables the Ethernet Switch Module to count multicast packets together with broadcast packets.
port storm-control broadcast enable The port storm-control broadcast enable Interface Configuration (Ethernet) mode command enables broadcast storm control. To disable broadcast storm control, use the no form of this command. Syntax port storm-control broadcast enable no port storm-control broadcast enable Default Configuration Broadcast storm control is disabled.
User Guidelines • Use the port storm-control broadcast enable Interface Configuration mode command to enable broadcast storm control. Example The following example configures the maximum broadcast rate 10 packets per second. console(config)# port storm-control broadcast rate 10 show ports storm-control The show ports storm-control Privileged EXEC mode command displays the storm control configuration.
nic-redundancy To enable the NIC redundancy feature, use the nic-redundancy global configuration command. Use no form to disable the nic-redundency feature. Syntax nic-redundancy no nic-redundancy Default Configuration Disabled. Command Modes Global configuration User Guidelines There are no user guidelines for this command. Example The following example enables NIC redundancy feature.
GVRP Commands gvrp enable (global) GVRP, or GARP VLAN Registration Protocol, is an industry-standard protocol designed to propagate VLAN information from switch to switch. With GVRP, a single Ethernet Switch Module is manually configured with all desired VLANs for the network, and all other Ethernet Switch Modules on the network learn these VLANs dynamically.
Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines • An access port would not dynamically join a VLAN because it is always a member in only one VLAN. • Membership in an untagged VLAN would be propagated in a same way as a tagged VLAN. In this case the PVID must be manually set to be the untagged VLAN VID.
Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines • The timer_value value must be a multiple of 10. • You must maintain the following relationship for the various timer values: – Leave time must be greater than or equal to three times the join time. –...
Example The following example disables dynamic VLAN creation on port g16. console(config)# interface ethernet g16 console(config-if)# gvrp vlan-creation-forbid gvrp registration-forbid The gvrp registration-forbid Interface Configuration (Ethernet, port-channel) mode command de- registers all dynamic VLANs, and prevents dynamic VLAN registration on the port. To allow dynamic registering for VLANs on a port, use the no form of this command.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example clears all the GVRP statistics information on port g16. console# clear gvrp statistics ethernet g16 show gvrp configuration The show gvrp configuration User EXEC mode command displays GVRP configuration information, including timer values, whether GVRP and dynamic VLAN creation is enabled, and...
Example The following example shows how to display GVRP configuration information: console> show gvrp configuration GVRP Feature is currently enabled on the device. Maximum VLANs: 256 Port(s) GVRP- Registration Dynamic Timers Leave Leave Status VLAN (milliseconds) Creation Join ------ ------ ------------ -------- ------------- ----- -----...
Example The following example shows GVRP statistics information: console> show gvrp statistics GVRP statistics: ---------------- : Join Empty Received rJIn : Join In Received rEmp : Empty Received rLIn : Leave In Received : Leave Empty Received : Leave All Received : Join Empty Sent sJIn : Join In Sent sEmp : Empty Sent...
Page 148
Syntax show gvrp error-statistics [ethernet interface | port-channel port-channel-number] • interface — A valid Ethernet interface. port-channel-number — A valid port-channel index. • Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays GVRP statistics information.
IGMP Snooping Commands ip igmp snooping (Global) The ip igmp snooping Global Configuration mode command enables Internet Group Management Protocol (IGMP) snooping. To disable IGMP snooping use the no form of this command. Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled.
User Guidelines IGMP snooping can only be enabled on static VLANs. Example The following example enables IGMP snooping on VLAN 2. console(config)# interface vlan 2 console(config-if)# ip igmp snooping ip igmp snooping mrouter learn-pim-dvmrp The ip igmp snooping mrouter learn-pim-dvmrp Interface Configuration (VLAN) mode command enables automatic learning of multicast router ports in the context of a specific VLAN.
Syntax ip igmp snooping host-time-out time-out no ip igmp snooping host-time-out time-out — Host timeout in seconds. (Range: 1 - 2147483647) • Default Configuration The default host-time-out is 260 seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines The timeout should be at least greater than 2*query_interval+max_response_time of the IGMP router.
Example The following example configures the multicast router timeout to 200 seconds. console(config)# interface vlan 2 console(config-if)# ip igmp snooping mrouter-time-out 200 ip igmp snooping leave-time-out The ip igmp snooping leave-time-out Interface Configuration (VLAN) mode command configures the leave-time-out. When a group-specific IGMPv2 leave message is received, IGMP snooping removes the interface after 10 sec from the Layer 2 forwarding table entry for that multicast group.
show ip igmp snooping mrouter The show ip igmp snooping mrouter User EXEC mode command displays information on dynamically learned multicast router interfaces. Syntax show ip igmp snooping mrouter [interface vlan-id] • vlan-id — VLAN ID value. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines...
User Guidelines There are no user guidelines for this command. Example The example displays IGMP snooping information. console> show ip igmp snooping interface 1 IGMP Snooping is globaly disabled IGMP Snooping is disabled on VLAN 1 IGMP host timeout is 260 sec IGMP Immediate leave is disabled.
Page 155
console> show ip igmp snooping groups Vlan IP Address Querier Ports ----- ------------------ -------- ------------ 224-239.130|2.2.3 g11, g12 224-239.130|2.2.8 g13-14 IGMP Snooping Commands...
• prefix-length — The number of bits that comprise the IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 8 -30) Default Configuration No IP address is defined for interfaces. Command Mode Interface configuration (Ethernet, VLAN, port-channel) User Guidelines •...
User Guidelines The ip address dhcp command allows any interface to dynamically learn its IP address by • using the DHCP protocol. • Some DHCP Servers require that the DHCPDISCOVER message have a specific host name. The most typical usage of the ip address dhcp hostname host-name command is when host- name is the host name provided by the system administrator.
User Guidelines There are no user guidelines for this command. Example The following example defines default gateway 192.168.1.1. console(config)# ip default-gateway 192.168.1.1 show ip interface The show ip interface Pivileged EXEC mode command displays configured IP interfaces and their types. Syntax show ip interface [ethernet interface-number | vlan vlan-id | port-channel port-channel number.]...
console# show ip interface Gateway IP Address Type Activity status --------------------- ------- --------------- 10.7.1.1 Static Active IP address Interface Type ------------------- ------------ ------- 10.7.1.192/24 VLAN 1 Static 10.7.2.192/24 VLAN 2 DHCP The "Type" field indicates the IP owner ( who created the IP interface and NOT what type of interface the IP is configured upon).
Command Mode Global Configuration mode User Guidelines • The software uses ARP cache entries to translate 32-bit IP addresses into 48-bit hardware addresses. Because most hosts support dynamic resolution, static ARP cache entries do not need to be specified. Example The following example adds the IP address 198.133.219.232 and MAC address 00:00:0c:40:0f:bc to the ARP table.
clear arp-cache The clear arp-cache Privileged EXEC mode command deletes all dynamic entries from the ARP cache. Syntax clear arp-cache Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example deletes all dynamic entries from the ARP cache.
Example The following example displays entries in the ARP table. console# show arp ARP timeout: 60000 Seconds Interface IP address HW address Status ---------- ---------------- ------------------ -------- 10.7.1.102 00:10:B5:04:DB:4B Dynamic 10.7.1.135 00:50:22:00:2A:A4 Static ip domain-lookup The ip domain-lookup Global Configuration mode command enables the IP Domain Naming System (DNS)-based host name-to-address translation.
User Guidelines There are no user guidelines for this command. Examples The following example defines a default domain name of www.dell.com. console(config)# ip domain-name www.dell.com ip name-server The ip name-server Global Configuration mode command sets the available name servers. To remove a name server, use the no form of this command.
There are no user guidelines for this command. Examples The following example defines a static host name-to-address mapping in the host cache. console(config)# ip host accounting.dell.com 176.10.23.1 clear host The clear host Privileged EXEC mode command deletes entries from the host name-to-address cache.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example deletes all entries from the host name-to-address cache. console# clear host * show hosts The show hosts Privileged EXEC mode command displays the default domain name, a list of name server hosts, the static and the cached list of host names and addresses.
Page 168
Default domain is GM.COM Name/address lookup is enabled Name servers: 176.16.1.18 176.16.1.19 Static host name-to-address mapping: Host Addresses ---- --------- www.dell.com 176.16.8.8 176.16.8.9 Cache: TTL(Hours) Host Total Elapsed Type Addresses ---- ----- --------- ------ --------- www.dell.com 72 171.64.14.203 IP Addressing Commands...
LACP Commands NOTE: LACP commands can be applied to external ports only. lacp system-priority The lacp system-priority Global Configuration mode command configures the system priority. To reset to default, use the no form of this command. Syntax lacp system-priority value no lacp system-priority •...
Command Mode Interface Configuration (Ethernet) mode User Guidelines This command is only functional on the external port g11-g16. Example The following example configures the priority value for port g16 to 247. console(config)# interface ethernet g16 console(config-if)# lacp port-priority 247 lacp timeout The lacp timeout Interface Configuration (Ethernet) mode command assigns an administrative LACP timeout.
show lacp ethernet The show lacp ethernet Privileged EXEC mode command displays LACP information for Ethernet ports. Syntax show lacp ethernet interface [parameters | statistics | protocol-state] • Interface — Ethernet interface. • parameters — Link aggregation parameter information. • statistics —...
Page 172
The following example shows how to display LACP information. console# show lacp ethernet g11 Port g11 LACP parameters: Actor system priority: 1 system mac addr: 00:00:12:34:56:78 port Admin key: 30 port Oper key: 30 port Oper number: 21 port Admin priority: 1 port Oper priority: 1 port Admin timeout: LONG port Oper timeout: LONG...
expired: FALSE Port g11 LACP Statistics: LACP PDUs sent: 2 LACP PDUs received: 2 Port g11 LACP Protocol State: LACP State Machines: Receive FSM: Port Disabled State Mux FSM: Detached State Periodic Tx FSM: No Periodic State Control Variables: BEGIN: FALSE LACP_Enabled: TRUE Ready_N: FALSE Selected: UNSELECTED...
Page 174
Syntax show lacp port-channel [port_channel_number] • port_channel_number — The port-channel number. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows how to display LACP port-channel information. console# show lacp port-channel Port-Channel 1:Port Type 1000 Ethernet Actor...
Line Commands line The line Global Configuration mode command identifies a specific line for configuration and enters the line configuration command mode. Syntax line {console | telnet | ssh} • console — Console terminal line. • telnet — Virtual terminal for remote console access (Telnet). •...
Default Configuration The default configuration is 10 minutes. Command Mode Line Configuration mode User Guidelines • To specify no timeout, enter the "exec-timeout 0" command. Examples The following example configures the interval that the system waits until user input is detected to 20 minutes.
Page 177
Examples The following example displays the line configuration. console> show line console Interactive timeout: 10 minutes History: Line Commands...
LLDP Commands lldp enable (global) To enable Link Layer Discovery Protocol (LLDP), use the lldp enable command in global configuration mode. To disable LLDP, use the no form of this command. Syntax lldp enable no lldp enable Default Configuration The command is enabled. Command Mode Global configuration User Guidlines...
Command Modes Interface configuration (Ethernet) User Guidelines • LLDP manages LAG ports individually. LLDP sends separate advertisements on each port in a LAG. LLDP data received through LAG ports is stored individually per port. • LLDP operation on a port is not dependent on STP state of a port. I.e. LLDP frames are sent and received on blocked ports.
Examples The following example specifies how often the software sends Link Layer Discovery Protocol (LLDP) updates. Console (config) # lldp timer lldp hold-multiplier To specify the amount of time the receiving device should hold a Link Layer Discovery Protocol (LLDP) packet before discarding it, use the lldp hold-multiplier command in global configuration mode.
lldp reinit-delay To specify the minimum time an LLDP port will wait before reinitializing LLDP transmission, use the lldp reinit-delay command in global configuration mode. To revert to the default setting, use the no form of this command. Syntax lldp reinit-delay seconds no lldp reinit-delay •...
Default Configuration The default value is 2 seconds Command Modes Global configuration Usage Guidelines • It is recommended that the TxDelay would be less than 0.25 of the LLDP timer interval. Examples The following example specifies the delay between successive LLDP frame transmissions initiated by value/status changes in the LLDP local systems MIB.
lldp management-address To specify the management address that would be advertised from an interface, use the lldp management-address command in interface configuration mode. To stop advertising management address information, use the no form of this command. Syntax lldp management-address ip-address no management-address ip •...
User Guidelines • There are no user guidelines for this command. Example The folowing example restarts the LLDP RX state machine and clearing the neighbors table. console (config)#clear lldp rx show lldp configuration To display the Link Layer Discovery Protocol (LLDP) configuration, use the show lldp configuration command in privileged EXEC mode.
show lldp local To display the Link Layer Discovery Protocol (LLDP) information that is advertised from a specific port, use the show lldp local command in privileged EXEC mode. Syntax show lldp local [ethernet interface] • Interface — Ethernet port Command Modes Privileged EXEC User Guidelines...
Page 187
User Guidelines • There are no user guidelines for this command. Example The following example displays information about neighboring devices discovered using Link Layer Discovery Protocol (LLDP). Switch# show lldp neighbors Port Device ID Port Hold System Time Capabilities Name 0060.704C.73FE ts-7800-2 0060.704C.73FD...
Management ACL management access-list The management access-list Global Configuration mode command defines an access-list for management, and enters the access-list for configuration. Once in the access-list configuration mode, the denied or permitted access conditions are configured with the deny and permit commands.
Examples The following example shows how to create an access-list called "mlist", configure two management ethernet interfaces g11 and g12, and make the access-list the active list. console(config)# management access-list mlist console(config-macl)# permit ethernet g11 console(config-macl)# permit ethernet g12 console(config-macl)# exit console(config)# management access-class mlist The following example shows how to create an access-list called "mlist", configure all interfaces to be management interfaces except ethernet interfaces g11 and g12, and make the access-list the...
• prefix-length — Specifies the number of bits that comprise the source IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 0 - 32) • service — Indicates service type. Can be one of the following: telnet, ssh, http, https or snmp.
• service — Indicates service type. Can be one of the following: telnet, ssh, http, https or snmp. Default Configuration This command has no default configuration. Command Mode Management Access-list Configuration mode User Guidelines • Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is defined on the appropriate interface.The system supports up to 128 management access rules.
Example The following example configures an access-list called "mlist" as the management access-list. console(config)# management access-class mlist show management access-list The show management access-list Privileged EXEC mode command displays management access- lists. Syntax show management access-list [name] • name — Name of the access list. If unspecified, defaults to an empty access-list.(Range: 1 - 32 characters) Default Configuration This command has no default configuration.
Page 194
Syntax show management access-class Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the management access-list information. console# show management access-class Management access-class is enabled, using access list mlist Management ACL...
PHY Diagnostics Commands NOTE: Some of the commands included in this group may have implications on internal ports. test copper-port tdr The test copper-port tdr Privileged EXEC mode command diagnoses with TDR (Time Domain Reflectometry) technology the quality and characteristics of a copper cable attached to a port. Syntax test copper-port tdr interface •...
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the last TDR (Time Domain Reflectometry) tests on all copper ports. console# show copper-ports tdr Port Result Length Date [meters] ---- ------- -------- -----...
Page 197
Example The following example displays the estimated copper cable length attached to all ports. console# show copper-ports cable-length Port Length [meters] ---- --------------------- < 50 Giga link not active 110-140 PHY Diagnostics Commands...
Port Channel Commands NOTE: Some of the commands included in this group may have implications on internal ports. interface port-channel The interface port-channel Global Configuration mode command enters the interface configuration mode of a specific port-channel. Syntax interface port-channel port-channel-number •...
• port-channel-range — List of port-channels to configure. Separate port-channels with a comma and no spaces. A hyphen designates a range of port-channels. • all — All port-channel. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines •...
User Guidelines There are no user guidelines for this command. Example The following example shows how port g11 is configured to port-channel number 1 without LACP. console(config)# interface ethernet g11 console(config-if)# channel-group 1 mode on port channel load balance Use the port-channel load-balance global configuration command to configure the load balancing policy of the port channeling.
Page 202
Syntax show interfaces port-channel [port-channel-number] • port-channel-number — Valid port-channel number information to display. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows how all port-channel information is displayed. console(config)# show interfaces port-channel Channel Ports...
Port Monitor Commands NOTE: Some of the commands included in this group may have implications on internal ports. port monitor The port monitor Interface Configuration mode command starts a port monitoring session. To stop a port monitoring session, use the no form of this command. Syntax port monitor src-interface [rx | tx] no port monitor src-interface...
• All the frames are transmitted as either always tagged or always untagged. • Maximum number of supported source ports is 4 (Rx and Tx). General Restrictions: • Ports cannot be configured as a group using the interface range ethernet command. NOTE: The Port Mirroring target must be a member of the Ingress VLAN of all Mirroring source ports.
Page 205
Example The following example shows how the port copy status is displayed. console> show ports monitor Source Port Destination Port Type Status ---------- ---------------- ------------ ------- RX, TX Active RX, TX Active Port Monitor Commands...
QoS Commands The qos Global Configuration mode command enables quality of service (QoS) on the Ethernet Switch Module and enters QoS basic mode. Use the no form of this command to disable the QoS features on the Ethernet Switch Module. Syntax no qos Default Configuration...
Example The following example displays QoS mode enabled. console# show qos Qos: basic Basic trust: vpt The following example displays QoS mode disabled. console# show qos Qos: disable wrr-queue cos-map The wrr-queue cos-map Global Configuration mode command maps assigned CoS values to select one of the egress queues.
User Guidelines There are no user guidelines for this command. Example The following example maps CoS 3 to queue 4. console(config)# wrr-queue cos-map 4 3 wrr-queue bandwidth The wrr-queue bandwidth Global Configuration mode command assigns Weighted Round Robin (WRR) weights to egress queues. The weights ratio determines the frequency in which the packet scheduler dequeues packets from each queue.
Example The following example assigns WRR weights to egress queues. console(config)# priority-queue out num-of-queues 1 console(config)# wrr-queue bandwidth 20 30 50 console(config)# priority-queue out num-of-queues 0 console(config)# wrr-queue bandwidth 20 30 50 10 priority-queue out num-of-queues The priority-queue out num-of-queues Global Configuration mode command enables the egress queues to be SP queues.
show qos interface The show qos interface User EXEC mode command displays interface QoS data. Syntax show qos interface [ethernet interface-number ][queuing] • interface-number — Ethernet port number. • queuing — Displays the queue strategy (WRR or EF), the weight for WRR queues, the CoS to queue map and the TBD (EF) priority.
qos map dscp-queue The qos map dscp-queue Global Configuration mode command modifies the DSCP to queue map. To return to the default map, use the no form of this command. Syntax qos map dscp-queue dscp-list to queue-id no qos map dscp-queue dscp-list —...
qos trust (Global) The qos trust Global Configuration mode command can be used to configure the system to "trust" state. To return to the default state, use the no form of this command. Syntax qos trust {cos | dscp} no qos trust •...
User Guidelines • Use no qos trust to disable the trust mode on each port. • Use qos trust to enable trust mode on each port. Example The following example configures port g15 to default trust state (CoS). console(config)# interface ethernet g15 console(config-if) qos trust qos cos The qos cos Interface Configuration mode command configures the default port CoS value.
Page 215
Syntax show qos map [dscp-queue] • dscp-queue — Displays the DSCP to queue map. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the DSCP port-queue map. console>...
Radius Commands radius-server host The radius-server host Global Configuration mode command specifies a RADIUS server host. To delete the specified RADIUS host, use the no form of this command. Syntax radius-server host {ip-address | hostname} [auth-port auth-port-number] [timeout timeout] [retransmit retransmit] [deadtime deadtime] [key key] [source source] [priority priority] [usage usage] no radius-server host ip-address •...
Command Mode Global Configuration mode User Guidelines • To specify multiple hosts, multiple radius-server host commands can be used. • If no host-specific timeout, retransmit, deadtime or key values are specified, the global values apply to each host. • The address type of the source parameter must be the same as the ip-address parameter. •...
There are no user guidelines for this command. Example The following example sets the authentication and encryption key for all RADIUS communications between the Ethernet Switch Module and the RADIUS daemon to "dell-server". console(config)# radius-server key dell-server radius-server retransmit The radius-server retransmit Global Configuration mode command specifies the number of times the software searches the list of RADIUS server hosts.
no radius-source-ip source • source — Specifies the source IP address. Default Configuration The default IP address is the outgoing IP interface. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the source IP address used for communication with RADIUS servers to 10.1.1.1.
Example The following example sets the interval for which the Ethernet Switch Module waits for a server host to reply to 5 seconds. console(config)# radius-server timeout 5 radius-server deadtime The radius-server deadtime Global Configuration mode command improves RADIUS response times when servers are unavailable. The command is used to cause the unavailable servers to be skipped.
Page 222
Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays the RADIUS server settings. console> show radius-servers Auth TimeOut Retran. DeadTime source Prio. Usage address --------- ---- ----- ------- ------ ----- ----- ----- 25.2.6.10 1812...
RMON Commands show rmon statistics The show rmon statistics User EXEC mode command displays RMON Ethernet Statistics. Syntax show rmon statistics {ethernet interface number | port-channel port-channel-number} • interface number — Valid Ethernet port. • port-channel-number — Valid port-channel index. Default Configuration This command has no default configuration.
The following table describes the significant fields shown in the display: Field Description Dropped The total number of events in which packets are dropped by the probe due to lack of resources. This number is not always the number of packets dropped; it is the number of times this condition has been detected.
256 to 511 Octets The total number of packets (including bad packets) received that are between 256 and 511 octets in length inclusive (excluding framing bits, but including FCS octets). 512 to 1023 Octets The total number of packets (including bad packets) received that are between 512 and 1023 octets in length inclusive (excluding framing bits, but including FCS octets).
Example The following example enables a Remote Monitoring (RMON) MIB history statistics group on port g16 with the index number "1" and a polling interval period of 2400 seconds. console(config)# interface ethernet g16 console(config-if)# rmon collection history 1 interval 2400 show rmon collection history The show rmon collection history User EXEC mode command displays the requested history group configuration.
Index An index that uniquely identifies the entry. Interface The sampled Ethernet interface Interval The interval in seconds between samples. Requested Samples The requested number of samples to be saved. Granted Samples The granted number of samples to be saved. Owner The entity that configured this entry.
Page 228
Examples The following example displays RMON Ethernet Statistics history for "throughput" on index number 5. console> show rmon history 5 throughput Sample Set: 1 Owner: CLI Interface: g11 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 500 Time Octets Packets...
Page 229
The following example displays RMON Ethernet Statistics history for "other" on index number 5. console> show rmon history 5 other Sample Set: 1 Owner: CLI Interface: g11 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 500 Time Dropped Collisions ------------------ -------- ---------...
Oversize The number of packets received during this sampling interval that were longer than 1518 octets (excluding framing bits, but including FCS octets) but were otherwise well formed. Fragments The total number of packets received during this sampling interval that were less than 64 octets in length (excluding framing bits, but including FCS octets) had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error), or a bad FCS with a non-integral number of octets (AlignmentError).
Syntax show rmon alarm-table Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the alarms summary table. console> show rmon alarm-table Index Owner -----...
Page 233
Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays RMON 1 alarms. console> show rmon alarm 1 Alarm 1 ------- OID: 1.3.6.1.2.1.2.2.1.10.1 Last sample Value: 878128 Interval: 30 Sample Type: delta Startup Alarm: rising Rising Threshold: 8700000 Falling Threshold: 78...
Sample Type The method of sampling the variable and calculating the value compared against the thresholds. If the value is absolute, the value of the variable is compared directly with the thresholds at the end of the sampling interval. If the value is delta, the value of the variable at the last sample is subtracted from the current value, and the difference compared with the thresholds.
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures an event with the log index of 10. console(config)# rmon event 10 log show rmon events The show rmon events User EXEC mode command displays the RMON event table. Syntax show rmon events Default Configuration...
Description A comment describing this event. Type The type of notification that the Ethernet Switch Module generates about this event. Can have the following values: none, log, trap, log-trap. In the case of log, an entry is made in the log table for each event. In the case of trap, an SNMP trap is sent to one or more management stations.
The following table describes the significant fields shown in the display: Field Description Event An index that uniquely identifies the event. Description A comment describing this event. Time The time this entry created. rmon table-size The rmon table-size Global Configuration mode command configures the maximum RMON tables sizes.
SNMP Commands snmp-server community Use the snmp-server community command to set up the community access string to permit access to the Simple Network Management Protocol command. Use the no form of this command to remove the specified community string. Syntax snmp-server community community [ro | rw | su] [ip-address] [view view-name] snmp-server community-group community group-name [ip-address] no snmp-server community community [ip-address]...
Maps the internal security-name for SNMPv1 and SNMPv2 security models to an internal group-name. Map sthe internal group-name for SNMPv1 and SNMPv2 security models to view- name (read-view and notify-view always, and for rw for write-view also) • You can use the group-name to restrict the access rights of a community string. By specifying the group-name parameter, the software: Generates an internal security-name.
• oid-tree — Object identifier of the ASN.1 subtree to be included or excluded from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system. Replace a single subidentifier with the asterisk (*) wildcard to specify a subtree family;...
• oid-tree — Object identifier of the ASN.1 subtree to be included or excluded from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system. Replace a single subidentifier with the asterisk (*) wildcard to specify a subtree family;...
User Guidelines • Do not include spaces in the text string. Example The following example displays setting up the system contact point as "Dell_Technical_Support". console(config)# snmp-server contact Dell_Technical_Support snmp-server location The snmp-server location Global Configuration mode command sets up information on where the Ethernet Switch Module is located.
Default Configuration SNMP traps is enabled. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Examples The following example displays the command to enable SNMP traps. console(config)# snmp-server enable traps snmp-server trap authentication The snmp-server trap authentication Global Configuration mode command enables the Ethernet Switch Module to send Simple Network Management Protocol traps when authentication fails.
Page 245
Syntax snmp-server host {ip-address | hostname} community-string [traps | informs] [1 | 2] [udp-port port] [filter filtername] [timeout seconds] [retries retries] no snmp-server host {ip-address | hostname} [traps | informs] • ip-address — Internet address of the host (the targeted recipient). An out-of-band IP address can be specified as described in the usage guidelines.
• command is context sensitive. Examples The following example sets the scalar MIB "sysName" to have the value "dell". console(config)# snmp-server set sysName sysname dell The following example sets the entry MIB "rndCommunityTable" with keys 0.0.0.0 and "public". The field rndCommunityAccess gets the value "super" and the rest of the fields get their default values.
Example The following example configures a new Simple Network Management Protocol (SNMP) group or a table that maps SNMP users to SNMP views Console (config)# snmp-server group user-group v3 priv read user-view snmp-server user To configure a new SNMP Version 3 user, use the snmp-server user global configuration command.
• sha-des-keys — Concatenated hexadecimal string of the SHA key (MSB) and the privacy key (LSB). If authentication is only required, you should enter 20 bytes, if authentication and privacy are required, you should enter 36 bytes. Each byte in hexadecimal character strings is two hexadecimal digits.
• informs — Indicates that SNMP informs are sent to this host. • noauth — Indicates no authentication of a packet. • auth — Indicates authentication of a packet without encrypting it. • priv — Indicates authentication of a packet with encryption. •...
Page 251
• engineid-string — Specifies a character string that identifies the engine ID. (Range: 5 - 32 characters) • default — The engine ID is created automatically based on the device MAC address. Default Setting The engine ID is not configured. If SNMPv3 is enabled using this command, and the default is specified, the default engine ID is defined per standard as: •...
The show running-config Privileged EXEC mode command does not display the SNMP engine ID configuration. To see the SNMP engine ID configuration, enter the snmp-server GlobalConfiguration mode command. engine ID local Example The following example specifies the Simple Network Management Protocol (SNMP) engineID on the local device.
Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the SNMP communications status. console# sh snmp Traps are enabled. Authentication trap is enabled. Version 1,2 notifications Target Type Communit Version UDP Port...
Default Configuration There is no default configuration for this command. Command Modes Privileged EXEC User Guidelines • There are no user guidelines for this command Example The following example displays the configuration of views use the show snmp views Privileged EXEC command.
Example The following example displays the configuration of views use the show snmp views Privileged EXEC command. Console # show snmp groups Name Security Views Model Level Context Read Write Notify user-group priv Default managers-group priv Default Default managers-group priv Default Console # show snmp groups user-group Name: user-group...
Default Configuration There is no default configuration for this command. Command Modes Privileged EXEC User Guidelines • There are no user guidelines for this command Example The following example displays the configuration of filters use the show snmp filters Privileged EXEC command.
Page 257
Example The following example displays the configuration of groups use the show snmp users Privileged EXEC command. Console # show snmp users Name group name Auto Method Remote John 1.3.6.1.2.1.1 John 1.3.6.1.2.1.1.7 08009009020C0B09 9C075879 Console # show snmp users John Name: John Group name: user-group Auth Method: md5...
Spanning-Tree Commands NOTE: Some of the commands included in this group may have implications on internal ports. spanning-tree The spanning-tree Global Configuration mode command enables spanning-tree functionality. To disable spanning-tree functionality, use the no form of this command. Syntax spanning-tree no spanning-tree Default Configuration Spanning-tree is enabled.
Command Modes Global Configuration mode User Guidelines • In RSTP mode, the switch would use STP when the neighbor switch is using STP. • In MSTP mode, the switch would use RSTP when the neighbor switch is using RSTP, and would use STP when the neighbor switch is using STP Example The following example configures the spanning-tree protocol to RSTP.
spanning-tree hello-time The spanning-tree hello-time Global Configuration mode command configures the spanning-tree bridge hello time, which is how often the Ethernet Switch Module broadcasts hello messages to other Ethernet Switch Modules.To reset the default hello time, use the no form of this command. Syntax spanning-tree hello-time seconds no spanning-tree hello-time...
User Guidelines • When configuring the Max-Age, the following relationships should be kept: – 2*(Forward-Time - 1) >= Max-Age – Max-Age >= 2*(Hello-Time + 1) Example The following example configures the spanning-tree bridge maximum-age to 10 seconds. console(config)# spanning-tree max-age 10 spanning-tree priority The spanning-tree priority Global Configuration (Ethernet, port-channel) mode command configures the spanning-tree priority.
Syntax spanning-tree disable no spanning-tree disable Default Configuration By default, all ports are enabled for spanning-tree. Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines • When STP is disabled, the Ethernet Switch Module will not forward STP BPDU's based on the Forward BPDU's setting.
Example The following example configures the spanning-tree cost on port g15 to 35000. console(config)# interface ethernet g15 console(config-if)# spanning-tree cost 35000 spanning-tree port-priority The spanning-tree port-priority Interface Configuration (Ethernet, port-channel) mode command configures port priority. To reset the default port priority, use the no form of this command. Syntax spanning-tree port-priority priority no spanning-tree port-priority...
Default Configuration PortFast mode is disabled for external ports and enabled for internal ports. Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines • This feature should be used only with interfaces connected to end stations. Otherwise, an accidental topology loop could cause a data packet loop and disrupt Ethernet Switch Module and network operations.
Example The following example enables shared spanning-tree on port g15 console(config)# interface ethernet g15 console(config-if)# spanning-tree link-type shared spanning-tree pathcost method The spanning-tree pathcost method Global Configuration mode command sets the default path cost method. To revert to the default setting, use the no form of this command. Syntax spanning-tree pathcost method {long | short} no spanning-tree pathcost method...
Default Configuration The default behavior is filtering. Command Modes Global Configuration mode User Guidelines • The command is relevant when spanning-tree is disabled globally or on a single interface. Example The following example defines BPDU packet flooding when spanning-tree is disabled on an interface console(config)# spanning-tree bpdu flooding clear spanning-tree detected-protocols...
show spanning-tree Use the show spanning-tree privileged EXEC command to show spanning tree configuration. Syntax show spanning-tree [ ethernet interface-number | port-channel port-channel-number ] [instance instance-id] show spanning-tree [detail] [active | blockedports] [instance instance-id] show spanning-tree mst-configuration • detail — Display detailed information. active —...
Page 269
Path Cost 20000 Root Port 1 (1/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 Interfaces Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root ID...
Page 270
Enabled 128.2 20000 Desg Shared (STP) Disabled 128.3 20000 Enabled 128.4 20000 Altn Shared (STP) Enabled 128.5 20000 Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 36864 Address 00:02:4b:29:7a:00 This switch is the Root. Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Name...
Page 271
Console# show spanning-tree Spanning tree disabled (BPDU filtering) mode RSTP Default port cost method: long Root ID Priority Address Path Cost Root Port Hello Time N/A Max Age N/A Forward Delay N/A Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Name State...
Page 272
Console# show spanning-tree active Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1(g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 This switch is the Root.
Page 273
Console# show spanning-tree blockedports Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1(g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec...
Page 274
Console# show spanning-tree detail Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1(g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec...
spanning-tree mst priority The spanning-tree mst priority global configuration mode command configures the device priority for the specified spanning-tree instance. To return to the default configuration, use the no form of this command. Syntax spanning-tree mst instance-id priority priority no spanning-tree instance-id priority instance - id —...
Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example configures the maximum number of hops that a packet travels in an MST region before it is discarded to 10. Console (config) # spanning-tree mst max-hops 10 spanning-tree mst port-priority The spanning-tree mst port-priority Interface Configuration mode command configures port...
spanning-tree mst cost The spanning-tree mst cost Interface Configuration mode command configures the path cost for multiple spanning tree (MST) calculations. If a loop occurs, the spanning tree considers path cost when selecting an interface to put in the forwarding state. To return to the default configuration, use the no form of this command.
Syntax spanning-tree mst configuration Default Setting This command has no default configuration. Command Mode Global Configuration mode User Guidelines • All devices in an MST region must have the same VLAN mapping, configuration revision number and name. Example The following example configures an MST region. Console(config)# spanning-tree mst configuration Console(config-mst) # instance 1 add vlan 10-20 Console(config-mst) # name region1...
For two or more devices to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number, and the same name. Example The following example maps VLANs 10-20 to MST instance 1. Console(config)# spanning-tree mst configuration Console(config-mst)# instance 1 add vlan 10-20 name (mst) The name...
Default Setting The default configuration revision number is 0. Command Mode MST Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example sets the configuration revision to 1. Console(config) # spanning-tree mst configuration Console(config-mst) # revision 1 show (mst) The show...
Command Mode MST Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example exits the MST configuration mode without saving changes. Console(config) # spanning-tree mst configuration Console(config-mst) # abort spanning-tree mst mstp-rstp Use the spanning-tree mst mstp-rstp global configuration command to configure the switch to convert STP/RSTP packets to MSTP instances.
spanning-tree guard root Use the spanning-tree guard root interface configuration command to enable root guard on all the spanning tree instances on that interface. Root guard restricts the interface to be the root port for the switch. Use the no form of this command to disable root guard on the interface. Syntax spanning-tree guard root no spanning-tree guard root...
SSH Commands ip ssh server The ip ssh server Global Configuration mode command enables the Ethernet Switch Module to be configured from a SSH server. To disable this function, use the no form of this command. Syntax ip ssh server no ip ssh server Default Configuration SSH is enabled.
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example specifies the port to be used by the SSH server as 8080. console(config)# ip ssh port 8080 crypto key generate dsa The crypto key generate dsa Global Configuration mode command generates DSA key pairs.
Syntax crypto key generate rsa Default Configuration RSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines • RSA keys are generated in pairs: one public RSA key and one private RSA key. If the Ethernet Switch Module already has RSA keys, a warning and prompt to replace the existing keys with new keys is displayed.
Example The following example enables public key authentication for incoming SSH sessions. console(config)# ip ssh pubkey-auth crypto key pubkey-chain ssh The crypto key pubkey-chain ssh Global Configuration mode command enters SSH Public Key- chain configuration mode. The mode is used to manually specify other Ethernet Switch Module public keys such as SSH client public keys.
• dsa — DSA key. Default Configuration By default, there are no keys. Command Mode SSH Public Key Chain Configuration mode User Guidelines • Follow this command with the key-string command to specify the key. Example The following example enables a SSH public key to be manually configured for the SSH public key chain called "bob".
Example The following example enters public key strings for SSH public key clients called "bob". console(config)# crypto key pubkey-chain ssh console(config-pubkey-chain)# user-key bob rsa console(config-pubkey-key)# key-string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ+ ZNXfZSkvHG+QusIZ/76ILmFT34v7u7ChFAE+ Vu4GRfpSwoQUvV35LqJJk67IOU/zfwOl1g kTwml75QR9gHujS6KwGN2QWXgh3ub8gDjTSq muSn/Wd05iDX2IExQWu08licglk02LYciz +Z4TrEU/9FJxwPiVQOjc+KBXuR0juNg5nFYsY 0ZCk0N/W9a/tnkm1shRE7Di71+w3fNiOA 6w9o44t6+AINEICBCCA4YcF6zMzaT1wefWwX6f+ Rmt5nhhqdAtN/4oJfce166DqVX1gWmN zNR4DYDvSzg0lDnwCAC8Qh Fingerprint: a4:16:46:23:5a:8d:1d:b5:37:59:eb:44:13:b9:33:e9 show ip ssh The show ip ssh Privileged EXEC mode command displays the SSH server configuration.
Example The following example displays the SSH server configuration. console# show ip ssh SSH server enabled. Port: 22 RSA key was generated. DSA (DSS) key was generated. SSH Public Key Authentication is enabled. Active incoming sessions: IP address Version Cipher Auth Code username ----------...
User Guidelines There are no user guidelines for this command. Example The following example displays the SSH public RSA keys on the Ethernet Switch Module. console# show crypto key mypubkey rsa rsa key data: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA17aQFtz/jPEO0bVnoLeaTXZR U9eOKONq2g6GIrCXfNPRGWSectPlOsSrDtKaFybYPHO+9BUjSqe3Unzw+zg8 FIR1Rej9PK4VtrAvsRi+Y4Cktqoke1aLqOQMgjhC+l/NE63Zii2rTki8Kw63 QumeeJiFlJ60MOZ4knMowqahW84WoLwBRia1+Gx8sviy3CMrdKmRbP7qMZxA GDgAJjmRVlf6YH4+qo5RZzPheoD+3RhJPG/2D7kFVFQ8h2zUh8bkkA8BynLn dud1kGHDRJ+odLqaGynMPbww88tzPs1rQ5COinwYcYkLqjZbLYH3qdl5+HaA ISEZusa01IsJ5VsEgw== Fingerprint(hex): 93:97:d2:e8:a3:67:e0:b6:6f:ef:6b:1a:c9:17:e4:ac...
Page 293
User Guidelines There are no user guidelines for this command. Examples The following example displays all SSH public keys stored on the Ethernet Switch Module. console# show crypto key pubkey-chain ssh Username Fingerprint -------- ----------------------------------------------- 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 john 98:F7:6E:28:F2:79:87:C8:18:F8:88:CC:F8:89:87:C8 The following example displays the SSH public called "bob". console# show crypto key pubkey-chain ssh username bob Username: bob Key: 005C300D 06092A86...
Syslog Commands logging on The logging on Global Configuration mode command controls error messages logging. This command sends debug or error messages to a logging process, which logs messages to designated locations asynchronously to the process that generated the messages. To disable the logging process, use the no form of this command.
• hostname — Hostname of the host to be used as a syslog server. (Range: 1 - 158 characters) • port — Port number for syslog messages. If unspecified, the port number defaults to 514. (Range: 1 - 65535) • level —...
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example limits messages logged to the console based on severity level "errors". console(config)# logging console errors logging buffered The logging buffered Global Configuration mode command limits syslog messages displayed from an internal buffer based on severity.
NOTE: After changing the default size, save and reload the Ethernet changes to Startup Configuration file Switch Module. Syntax logging buffered size number no logging buffered size • number — Numeric value indicating the maximum number of messages stored in the history table.
Example The following example clears messages from the internal syslog message logging buffer. console# clear logging Clear logging buffer [y/n]? y logging file The logging file Global Configuration mode command limits syslog messages sent to the logging file based on severity. To cancel the buffer, use the no form of this command. Syntax logging file level no logging file...
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example clears messages from the logging file. console# clear logging file Clear Logging File [y/n]? y show logging The show logging Privileged EXEC mode command displays the state of logging and the syslog messages stored in the internal buffer.
Example The following example displays the state of logging and the syslog messages stored in the internal buffer. console# show logging Logging is enabled. Console Logging: Level debug. Console Messages: 5 Dropped. Buffer Logging: Level debug. Buffer Messages: 16 Logged, 16 Displayed, 200 Max.
User Guidelines There are no user guidelines for this command. Example The following example displays the state of logging and the syslog messages stored in the logging file. console# show logging file Logging is enabled. Console Logging: Level debug. Console Messages: 5 Dropped. Buffer Logging: Level debug.
Page 303
User Guidelines There are no user guidelines for this command. Example The following example displays the syslog server settings. console# show syslog-servers IP address Port Severity Facility Description ------------- ---- -------- -------- ----------- 192.180.2.275 Informational local 192.180.2.285 Warning local Syslog Commands...
System Management ping The ping User EXEC mode command sends ICMP echo request packets to another node on the network. Syntax ping {ip-address | hostname }[size packet_size] [count packet_count] [timeout time_out] • ip-address — IP address to ping. • hostname — hostname to ping. (Range: 1 - 158 characters) •...
The following example displays a ping to IP address 10.1.1.1. console> ping 10.1.1.1 Pinging 10.1.1.1 with 64 bytes of data: 64 bytes from 10.1.1.1: icmp_seq=0. time=11 ms 64 bytes from 10.1.1.1: icmp_seq=1. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=2. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=3.
Page 307
Default Configuration • packet_size — The default is 40 bytes. • max-ttl — The default is 30. packet_count — The default count is 3. • • time_out — The default is 6 seconds. Command Mode User EXEC mode User Guidelines •...
Page 308
Examples The following example discovers the routes that packets will actually take when traveling to their destination. console> traceroute umaxp1.physics.lsa.umich.edu Type Esc to abort. Tracing the route to umaxp1.physics.lsa.umich.edu (141.211.101.64) 1 i2-gateway.stanford.edu (192.68.191.83) 0 msec 0 msec 0 msec 2 STAN.POS.calren2.NET (171.64.1.213) 0 msec 0 msec 0 msec 3 SUNV--STAN.POS.calren2.net (198.32.249.73) 1 msec 1 msec 1 msec 4 Abilene--QSV.POS.calren2.net (198.32.249.162) 1 msec 1 msec 1...
The following table describes the characters that can appear in the traceroute command output. Field Description The probe timed out. Unknown packet type. Administratively unreachable. Usually, this output indicates that an access list is blocking traffic. Host unreachable. Network unreachable. Protocol unreachable.
Page 310
Escape Sequence Purpose Ctrl-shift-6 b Break Ctrl-shift-6 c Interrupt Process (IP) Ctrl-shift-6 h Erase Character (EC) Ctrl-shift-6 o Abort Output (AO) Ctrl-shift-6 t Are You There? (AYT) Ctrl-shift-6 u Erase Line (EL) Ctrl-shift-6 x Suspends the Session At any time during an active Telnet session, the Telnet commands can be listed by pressing the Ctrl-shift-6 key, followed by a question mark at the system prompt: Ctrl-shift-6? A sample of this list follows.
Page 311
Keywords Table Options Description /echo Enables local echo /quiet Prevents onscreen display of all messages from the software. /source-interface Specifies the source interface. /stream Turns on stream processing, which enables a raw TCP stream with no Telnet control sequences. A stream connection does not process Telnet options and can be appropriate for connections to ports running UNIX-to-UNIX Copy Program (UUCP) and other non-Telnet protocols.
pim-auto-rp PIM Auto-RP pop2 Post Office Protocol v2 pop3 Post Office Protocol v3 smtp Simple Mail Transport Protocol sunrpc Sun Remote Procedure Call syslog Syslog tacacs TAC Access Control System talk Talk telnet Telnet time Time uucp Unix-to-Unix Copy Program whois Nickname World Wide Web...
Examples The following command switches to another open Telnet session number 1. console> resume 1 reload The reload Privileged EXEC mode command reloads the operating system. Syntax reload Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines •...
User Guidelines There are no user guidelines for this command. Example The following example specifies the Ethernet Switch Module host name. console(config)# hostname Dell Dell(config)# show users The show users User EXEC mode command displays information about the active users.
Page 315
User Guidelines • To list telnet users, perform the following procedure: Open telnet session from PowerConnect 5316M to other Ethernet Switch Module (now you are in the other Ethernet Switch Module syntax) Press "Cntrl-shift-t-X" Enter the command "show session". The number of sessions opened from PowerConnect 5316M is displayed.
System Name: System location: System MAC Address: 00:10:B5:F4:00:01 Sys Object ID: 1.3.6.1.4.1.674.10895.3005 Type: PowerConnect 5316M show version The show version User EXEC mode command displays the system version information. Syntax show version Default Configuration This command has no default configuration.
User Guidelines There are no user guidelines for this command. Example The following example displays a system version (this version number is only for demonstration purposes). console# show version SW version 3.131 ( date 23-Sep-2004 time 17:34:19 ) Boot version 1.0.0.11 ( date 11-Sep-2004 time 11:14:45 ) HW version 1.0.0 asset-tag The asset-tag Global Configuration mode command specifies the Ethernet Switch Module asset...
Page 318
Syntax show system id Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines • The tag information is on a Ethernet Switch Module by Ethernet Switch Module basis. Example The following example displays the system service tag information. console>...
TACACS Commands tacacs-server host The tacacs-server host Global Configuration mode command specifies a TACACS+ host. To delete the specified name or address, use the no form of this command. Syntax tacacs-server host {ip-address | hostname} [single-connection] [port port-number] [timeout timeout] [key key-string] [source source] [priority priority] no tacacs-server host {ip-address | hostname} •...
There are no user guidelines for this command. Examples The following example sets the authentication encryption key. console(config)# tacacs-server key dell-s tacacs-server timeout The tacacs-server timeout Global Configuration mode command sets the timeout value. To restore the default, use the no form of this command.
no tacacs-server timeout • timeout — Specifies the timeout value in seconds. (Range: 1 - 30) Default Configuration 5 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Examples The following example sets the timeout value as 30. console(config)# tacacs-server timeout 30 tacacs-server source-ip The tacacs-server source-ip Global Configuration mode command specifies the source IP address...
show tacacs The show tacacs Privileged EXEC mode command displays configuration and statistics for a TACACS+ server. Syntax show tacacs [ip-address] • ip-address — Name or IP address of the host. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
User Interface enable The enable User EXEC mode command enters the Privileged EXEC mode. Syntax enable [privilege-level] • privilege-level — Privilege level to enter the system. (Range: 1 - 15) Default Configuration The default privilege level is 15. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command.
User Guidelines There are no user guidelines for this command. Example The following example shows how to return to User EXEC mode. console# disable console> login The login User EXEC mode command is used to enter the system with a specified user name and password.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows how to enter Global Configuration mode. console# configure console(config)# exit(configuration) The exit command exits any configuration mode to the next highest mode in the CLI mode hierarchy.
exit(EXEC) The exit User EXEC mode command closes an active terminal session by logging off the Ethernet Switch Module. Syntax exit Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example closes an active terminal session.
Example The following example shows how to return from Global Configuration mode to Privileged EXEC mode console(config)# end console# help The help command displays a brief description of the help system. Syntax help Default Configuration This command has no default configuration. Command Mode All command modes User Guidelines...
Example The following example enables the command history function for telnet. console(config)# line telnet console(config-line)# history history size The history size Line Configuration mode command changes the command history buffer size for a particular line. The history size Line Configuration mode command changes the command history buffer size for a particular line, for example, telnet.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example enables the debug command interface. console# debug-mode >debug Enter DEBUG Password: ***** DEBUG> show history The show history User EXEC mode command lists the commands entered in the current session.
Example The following example displays all the commands entered while in the current User EXEC mode. console> show history show version show clock show history show privilege The show privilege User EXEC mode command displays the current privilege level. Syntax show privilege Default Configuration This command has no default configuration.
Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example enables the command history function for the current terminal session. console> terminal history terminal history size The terminal history size User EXEC mode command changes the command history buffer size for the current terminal session.
VLAN Commands NOTE: Some of the commands included in this group may have implications on internal ports. vlan database The vlan database Global Configuration mode command enters the VLAN Configuration mode. Syntax vlan database Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines...
Command Mode VLAN Configuration mode User Guidelines The maximum number of VLANs which can be created is 255. Example The following example creates VLAN number 1972. console(config)# vlan database console(config-vlan)# vlan 1972 interface vlan The interface vlan Global Configuration mode command enters the Interface Configuration (VLAN) mode.
• vlan-range — A list of valid VLAN IDs to add. Separate non-consecutive VLAN IDs with a comma and no spaces; a hyphen designates a range of IDs. • all — All existing static VLANs. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines...
Example The following example names VLAN number 19 with the name "Marketing". console(config)# interface vlan 19 console(config-if)# name Marketing switchport mode Use the switchport mode interface configuration command to configure the VLAN membership mode of a port. Use the no form of this command to reset the mode to the appropriate default for the device.
switchport access vlan The switchport access vlan Interface Configuration mode command configures the VLAN ID when the interface is in access mode. To reconfigure to default, use the no form of this command. Syntax switchport access vlan vlan-id no switchport access vlan •...
User Guidelines • There are no user guidelines for this command Example The following example sets the port's VLAN when the interface is in customer mode. Console(config)# interface ethernet g5 Console(config-if)# switchport customer vlan vlan-id switchport trunk allowed vlan The switchport trunk allowed vlan Interface Configuration mode command adds or removes VLANs, to or from a trunk port.
switchport trunk native vlan The switchport trunk native vlan Interface Configuration mode command defines the port as a member of the specified VLAN, and the VLAN ID as the "port default VLAN ID (PVID)". To configure the default VLAN ID, use the no form of this command. Syntax switchport trunk native vlan vlan-id no switchport trunk native vlan...
• remove vlan-list — List of VLAN IDs to remove. Separate non-consecutive VLAN IDs with a comma and no spaces. A hyphen designates a range of IDs. • tagged — Sets the port to transmit tagged packets for the VLANs. If the port is added to a VLAN without specifying tagged or untagged the default is tagged.
– Incoming untagged frames are assigned to this VLAN. – Outgoing traffic in this VLAN on this port is sent untagged or tagged, depending on the port tagged mode. Example The following example shows how to configure the PVID for g16, when the interface is in general mode.
Syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures g16 to discard untagged frames at ingress. console(config)# interface ethernet g16 console(config-if)# switchport general acceptable-frame-type tagged-only...
Example The following example forbids adding VLANs number 234 till 256, to g16. console(config)# interface ethernet g16 console(config-if)# switchport forbidden vlan add 234-256 map protocol protocols-group The map protocol protocols-group VLAN Configuration mode command maps a protocol to a protocol group. Protocol groups are used for protocol-based VLAN assignment. To delete a protocol from a group, use the no form of this command.
switchport general map protocols-group vlan The switchport general map protocols-group vlan Interface Configuration mode command sets a protocol-based classification rule. To delete a classification, use the no form of this command. Syntax switchport general map protocols-group group vlan vlan-id no switchport general map protocols-group group •...
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays all VLAN information. console# show vlan Vlan Name Ports Type Authorization ---- ---- ----------------------- ---- ------------- default g(1-16),ch(1-6) other Required The Type field indicates the VLAN owner (who created the VLAN).
Example The following example displays protocols-groups information. console# show vlan protocols-groups Encapsulation Protocol Group Id ------------- -------- -------- ethernet 08 00 ethernet 08 06 ethernet 81 37 ethernet 81 38 rfc1042 08 00 rfc1042 08 06 show interfaces switchport The show interfaces switchport Privileged EXEC mode command displays switchport configuration.
Page 347
Example The following example displays switchport configuration individually for g11. console# show interface switchport ethernet g11 Port g11: Port mode: General GVRP Status: disabled Ingress Filtering: true Acceptable Frame Type: admitAll Ingress Untagged VLAN (NATIVE): 1 Port is member in: Vlan Name Egress rule...
Web Server ip http server The ip http server Global Configuration mode command enables the Ethernet Switch Module to be configured from a browser. To disable this function use the no form of this command. Syntax ip http server no ip http server Default Configuration HTTP server is enabled by default.
User Guidelines There are no user guidelines for this command. However, specifying 0 as the port number will effectively disable HTTP access to the Ethernet Switch Module. Example The following example shows how the http port number is configured to 100. console(config)# ip http port 100 ip https server The ip https server Global Configuration mode command enables the Ethernet Switch Module to...
Default Configuration This default port number is 443. Command Mode Global Configuration mode User Guidelines Specifying 0 as the port number effectively disables HTTPS access to the Ethernet Switch Module. Example The following example configures the https port number to 100. console(config)# ip https port 100 crypto certificate generate The crypto certificate generate Global Configuration mode command generates a HTTPS...
Command Mode Global Configuration mode User Guidelines • The command is not saved in the Ethernet Switch Module configuration; however, the certificate and keys generated by this command are saved in the FLASH. • Use this command to generate a self-signed certificate for your Ethernet Switch Module. Example The following example regenerates a HTTPS certificate.
• Before generating a certificate request, you must first generate a self-signed certificate using the crypto certificate generate Global Configuration mode command. • After receiving the certificate from the Certification Authority, use the crypto certificate import Global Configuration mode command to import the certificate into the Ethernet Switch Module.
Page 354
Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines • Use this command to enter an external certificate (signed by Certification Authority) to the Ethernet Switch Module. To end the session, enter a new line, enter "." (period) and add another new line.
Examples The following example imports a certificate signed by Certification Authority for HTTPS. console(config)# crypto certificate 1 import -----BEGIN CERTIFICATE----- dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH/xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw CwR0PBAQDAgFGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAf4MT9BRD47 ZvKBAEL9Ggp+6MIIBNgYDVR0fBIIBLTCCASkwgdKggc+ggcyGgclsZGFwOi8v L0VByb3h5JTIwU29mdHdhcmUlMjBSb290JTIwQ2VydGlmaWVyLENOPXNlcnZl -----END CERTIFICATE----- Certificate imported successfully. Issued to: router.gm.com Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 ip https certificate...
User Guidelines • The crypto certificate generate command should be used in order to generate HTTPS certificates. Example The following example configures the active certificate for HTTPS. console(config)# ip https certificate 1 show crypto certificate mycertificate The show crypto certificate mycertificate Privileged EXEC mode command allows you to view the SSH certificates of your Ethernet Switch Module.
Example The following example displays the certificate. console# show crypto certificate mycertificate 1 -----BEGIN CERTIFICATE----- dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH/xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw CwR0PBAQDAgFGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAf4MT9BRD47 ZvKBAEL9Ggp+6MIIBNgYDVR0fBIIBLTCCASkwgdKggc+ggcyGgclsZGFwOi8v L0VByb3h5JTIwU29mdHdhcmUlMjBSb290JTIwQ2VydGlmaWVyLENOPXNlcnZl -----END CERTIFICATE----- Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 show ip http The show ip http Privileged EXEC mode command displays the HTTP server configuration.
Example The following example displays the HTTP server configuration. console# show ip http HTTP server enabled. Port: 80 show ip https The show ip http Privileged EXEC mode command displays the HTTPS server configuration. Syntax show ip https Default Configuration This command has no default configuration.
Page 359
Example The following example displays the HTTP server configuration. console# show ip https HTTPS server enabled. Port: 443 Certificate 1 is active Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by: self-signed Valid from: 8/9/2003 to 8/9/2004...
802.1x Commands NOTE: Some of the commands included in this group may have implications on internal ports. aaa authentication dot1x The aaa authentication dot1x Global Configuration mode command specifies one or more authentication, authorization, and accounting (AAA) methods for use to authenticate interfaces running IEEE 802.1X.
dot1x system-auth-control The dot1x system-auth-control Global Configuration mode command enables 802.1x globally. Use the no form of this command to disable 802.1x globally. Syntax dot1x system-auth-control no dot1x system-auth-control Default Configuration dot1x is disabled. Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command.
Default Configuration Port is in force-authorized mode Command Mode Interface Configuration (Ethernet) User Guidelines • It is recommended to disable spanning tree or to enable spanning-tree PortFast mode on 802.1x edge ports (ports in auto state that are connected to end stations), in order to get immediately to the forwarding state after successful authentication.
Examples The following example enables periodic re-authentication of the client. console(config)# interface ethernet g16 console(config-if)# dot1x re-authentication dot1x timeout re-authperiod The dot1x timeout re-authperiod Interface Configuration mode command sets the number of seconds between re-authentication attempts. Use the no form of this command to return to the default setting.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following command manually initiates a re-authentication of the 802.1X-enabled port. console# dot1x re-authenticate ethernet g16 dot1x timeout quiet-period The dot1x timeout quiet-period Interface Configuration mode command sets the number of seconds that the Ethernet Switch Module remains in the quiet state following a failed...
Examples The following example sets the number of seconds that the Ethernet Switch Module remains in the quiet state following a failed authentication exchange, to 3600. console(config)# interface ethernet g16 console(config-if)# dot1x timeout quiet-period 3600 dot1x timeout tx-period The dot1x timeout tx-period Interface Configuration mode command sets the number of seconds that the Ethernet Switch Module waits for a response to an Extensible Authentication Protocol (EAP) - request/identity frame, from the client, before resending the request.
dot1x max-req The dot1x max-req Interface Configuration mode command sets the maximum number of times that the Ethernet Switch Module sends an Extensible Authentication Protocol (EAP) - request frame (assuming that no response is received) to the client, before restarting the authentication process.
Default Configuration Period set to 30 seconds. Command Mode Interface configuration (Ethernet) mode User Guidelines • The default value of this command should be changed only to adjust to unusual circumstances, such as unreliable links or specific behavioral problems with certain clients. Examples The following example sets the time for the retransmission of an EAP-request frame to the client, to 3600 seconds.
Examples The following example sets the time for the retransmission of packets to the authentication server., to 3600 seconds. console(config-if)# dot1x timeout server-timeout 3600 show dot1x The show dot1x Privileged EXEC mode command displays 802.1X status for the Ethernet Switch Module or for the specified interface.
Page 370
Examples The following example displays 802.1X port g11 status. console# show dot1x ethernet g11 dot1x is enabled Port Admin Oper Mode Reauth Reauth Username Mode Control Period ------ -------- ----------- ------------- -------- -------- 3600 Clark Auto Unauthorized Ena Quiet period: 60 Seconds Tx period: 30 Seconds...
Admin mode The port admin mode. Possible values are: Force-auth, Force-unauth, Auto. Oper mode The port oper mode. Possible values are: Authorized, Unauthorized or Down. Reauth Control Reauthentication control. Reauth Period Reauthentication period. Username The username representing the identity of the Supplicant. This field shows the username in case the port control is auto.
Syntax show dot1x users [username username] • username — Supplicant username (Range: 1 - 160 characters) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays 802.1X users.
Page 373
• interface — Ethernet port name. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays 802.1X statistics for the specified interface. console# show dot1x statistics ethernet g11 EapolFramesRx: 11 EapolFramesTx: 12...
EapolStartFramesRx The number of EAPOL Start frames that have been received by this Authenticator. EapolLogoffFramesRx The number of EAPOL Logoff frames that have been received by this Authenticator. EapolRespIdFramesRx The number of EAP Resp/Id frames that have been received by this Authenticator.
User Guidelines • An access port cannot be a member in an unauthenticated VLAN. The native VLAN of a trunk port cannot be an unauthenticated VLAN. For a general port, the PVID can be the Unauthenticated VLAN (although only tagged packets would be accepted in Unauthorized state.) Examples The following example enables unauthorized users access to the VLAN.
Page 376
dot1x single-host-violation The dot1x single-host-violation Interface Configuration mode command configures the action to be taken, when a station whose MAC address is not the supplicant MAC address, attempts to access the interface. Use the no form of this command to return to default. Syntax dot1x single-host-violation {forward | discard | discard-shutdown} [trap seconds] no port dot1x single-host-violation...
Page 377
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays 802.1X advanced features for the Ethernet Switch Module. console# show dot1x advanced Interface Multiple Hosts -----...
Page 378
• Single-host locked — Port control is auto and a single client has been authenticated through this port. • No Single-host — Multiple Hosts is enabled. 802.1x Commands...