Dell™ PowerConnect™ 5324 Systems CLI Reference Guide www.dell.com | support.dell.
Notes, Notices, and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death. ____________________ Information in this document is subject to change without notice. © 2006 Dell Inc. All rights reserved.
Contents 1 Command Groups Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 . . . . . . . . . . . . . . . . . . . . . . . . . 23 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 . . . . . . . . . . . . . . . . . 25 . . . . . . . . . . . . . . . . . . . . . 26 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 . . .
SSH Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 . . . . . . . . . . . . . . . . . . . . . . 39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 . . . . . . . . . . . . . . . . . . . . . . . . . 40 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 . . . . . . . . . . . . . . . . . . . . . . . . . . 42 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 enable authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 ip http authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 login authentication ip https authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 . . . . . . . . . . . . . . . . . . . . . . . 70 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Clock clock set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 . . . . . . . . . . . . . . . . . . . . . . . . . . 96 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8 Ethernet Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 . . . . . . . . . . . . . . . . . . . . . . . . . 119 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . gvrp vlan-creation-forbid. . . . . . . . . . . . . . . . . . . . . . . . . 143 . . . . . . . . . . . . . . . . . . . . . . . . . 144 . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 gvrp registration-forbid clear gvrp statistics show gvrp configuration . show gvrp statistics 142 . . . . . . . . . . . . . . . . . . . . . . . . 145 . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 ip domain-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 ip name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 . . . . . . .
Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 . . . . . . . . . . . . . . . . . . . . . . . . . . 179 lldp enable (interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . lldp timer 180 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . lldp reinit-delay 181 lldp tx-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 .
17 Port Channel Commands interface port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . interface range port-channel . channel-group . 201 . . . . . . . . . . . . . . . . . . . . . . 201 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 . . . . . . . . . . . . . . . . . . . . . . . . 203 port channel load balance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .show interfaces port-channel 203 18 Port Monitor Commands port monitor . . .
radius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . . . 221 radius-server source-ip . . . . . . . . . . . . . . . . . . . . . . . . . 221 . . . . . . . . . . . . . . . . . . . . . . . . . . 222 . . . . . . . . . . . . . . . . . . . . . . . . . 223 . . . . . . . . . . . . . . . . . . . . . . . . . . 223 radius-server timeout radius-server deadtime show radius-servers . 21 RMON Commands show rmon statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 snmp-server host snmp-server set snmp-server group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 . . . . . . . . . . . . . . . . . . . . . . . 252 . . . . . . . . . . . . . . . . . . . . . . . . . . 253 . . . . . . . . . . . . . . . . . . . .
spanning-tree mst port-priority . . . . . . . . . . . . . . . . . . . . . . 270 . . . . . . . . . . . . . . . . . . . . . . . . . 271 . . . . . . . . . . . . . . . . . . . . . 271 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show crypto key pubkey-chain ssh . . . . . . . . . . . . . . . . . . . . 300 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304 25 Syslog Commands logging on . logging logging console logging buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . logging buffered size. . . . . . . . . . . . . . . . . . . . . . . . . . . 305 . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326 show version asset-tag show system id 28 TACACS Commands tacacs-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 . . . . . . . . . . . . . . . . . . . . . . . . . . 328 . . . . . . . . . . . . . . . . . . . . . . . . .
30 VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342 . . . . . . . . . . . . . . . . . . . . . . . . . 342 . . . . . . . . . . . . . . . . . . . .
ip http port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip https server . ip https port 357 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 crypto certificate generate . . . . . . . . . . . . . . . . . . . . . . . . 359 . . . . . . . . . . . . . . . . . . . . . . . . 360 . . . . . . . . . . . . . . . . . . . . . . . . . 362 . . . . . . . . . . . . . . . . . . . . . . . . . . .
show dot1x statistics . . . . . . . . . . . . . . . . . . . . . . . . . . ADVANCED FEATURES . dot1x auth-not-req . 382 . . . . . . . . . . . . . . . . . . . . . . . . . 384 . . . . . . . . . . . . . . . . . . . . . . . . . . . 384 dot1x multiple-hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . dot1x single-host-violation . show dot1x advanced 385 . . . . . . . . . . . . . . . . . . . . . . . 385 . . . . . . . . . . . . . . . . . . . . . . . . . .
D E L L C O N F I D E N T I A L – P R E L I M I N A R Y 9 / 1 2 / 0 6 – F O R P R O O F O N LY 20
Command Groups Introduction The Command Language Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, you have greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
www.dell.com | support.dell.com 22 PHY Diagnostics Diagnoses and displays the interface status. Port Channel Configures and displays Port channel information. Port Monitor Monitors activity on specific target ports. QoS Configures and displays QoS information. RADIUS Configures and displays RADIUS information. RMON Displays RMON statistics. SNMP Configures SNMP communities, traps and displays SNMP information.
AAA Commands Command Group Description Access Mode aaa authentication login Defines login authentication. Global Configuration aaa authentication enable Defines authentication method lists for accessing higher Global privilege levels. Configuration login authentication Specifies the login authentication method list for a remote telnet or console. enable authentication Specifies the authentication method list when accessing Line a higher privilege level from a remote telnet or console.
www.dell.com | support.dell.com bridge multicast forwardall Enables forwarding of all multicast frames on a port. VLAN Configuration bridge multicast forbidden forward-all Enables forbidding forwarding of all multicast frames to a port. VLAN Configuration bridge aging-time Sets the address table aging time. Global Configuration clear bridge Removes any learned entries from the forwarding database. Privileged User EXEC port security Disables new address learning on an interface.
sntp authenticate Grants authentication for received Network Time Protocol (NTP) traffic from servers. Global Configuration sntp trusted-key Authenticates the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize. Global Configuration sntp client poll timer Sets the polling time for the Simple Network Time Protocol (SNTP) client. Global Configuration sntp broadcast client enable Enables the Simple Network Time Protocol (SNTP) broadcast clients.
www.dell.com | support.dell.com show running-config Displays the contents of the currently running configuration file. Privileged User EXEC show startup-config Displays the startup configuration file contents. Privileged User EXEC show backup-config Displays the backup configuration file contents. Privileged User EXEC show bootvar Displays the active system image file that the device loads at startup.
set interface active Reactivates an interface that was suspended by the system. Privileged User EXEC show interfaces configuration Displays the configuration for all configured interfaces. User EXEC show interfaces status Displays the status for all configured interfaces. User EXEC show interfaces description Displays the description for all configured interfaces. User EXEC show interfaces counters Displays traffic seen by the physical interface.
www.dell.com | support.dell.com IGMP Snooping Commands Command Group Description Access Mode ip igmp snooping (Global) Enables Internet Group Management Protocol (IGMP) snooping. Global Configuration ip igmp snooping (Interface) Enables Internet Group Management Protocol (IGMP) snooping on a specific VLAN. VLAN Configuration ip igmp snooping mrouter Enables automatic learning of multicast router ports in the context of a specific VLAN.
arp timeout Configures how long an entry remains in the ARP cache Global Configuration clear arp-cache Deletes all dynamic entries from the ARP cache. Privileged User EXEC show arp Displays entries in the ARP table. Privileged User EXEC ip domain-lookup Enables the IP Domain Naming System (DNS)-based host name-to-address translation. Global Configuration ip domain-name Defines a default domain name, that the software uses to complete unqualified host names.
www.dell.com | support.dell.com speed Sets the line baud rate. Line Configuration autobaud Sets the line for automatic baud rate detection Line Configuration exec-timeout Configures the interval that the system waits until user input is detected. Line Configuration show line Displays line parameters. User EXEC LLDP Commands 30 Command Group Description Access Mode lldp enable (global) Enables Link Layer Discovery Protocol.
show lldp neighbors Displays information about discovered neighboring devices using Link Layer Discovery Protocol (LLDP). Privileged EXEC Management ACL Commands Command Group Description Access Mode management accesslist Defines a management access-list, and enters the accesslist for configuration. Global Configuration permit (management) Defines a permit rule. Management Access-level deny (management) Defines a deny rule.
www.dell.com | support.dell.com Port Channel Commands Command Group Description Access Mode interface port-channel Enters the interface configuration mode of a specific port-channel. Global Configuration interface range portchannel Enters the interface configuration mode to configure multiple port-channels. Global Configuration channel-group Associates a port with a port-channel.
qos trust (Global) Configures the system to basic mode and the "trust" state. Global Configuration qos trust (Interface) Enables each port trust state Interface Configuration qos cos Configures the default port CoS value. Interface Configuration show qos map Displays all the maps for QoS. User EXEC Radius Commands Command Group Description Access Mode radius-server host Specifies a RADIUS server host.
www.dell.com | support.dell.com RMON Commands Command Group Description Mode show rmon statistics Displays RMON Ethernet Statistics. User EXEC rmon collection history Enables a Remote Monitoring (RMON) MIB history statistics group on an interface. Interface Configuration show rmon collection history Displays the requested history group configuration. User EXEC show rmon history Displays RMON Ethernet Statistics history. User EXEC rmon alarm Configures alarm conditions.
snmp-server host Specifies the recipient of Simple Network Management Protocol notification operation, Global Configuration snmp-server set Sets SNMP MIB value by the CLI. Global Configuration snmp-server group Configures a new Simple Network Management Protocol (SNMP) group, or a table that maps SNMP users to SNMP views. Global Configuration snmp-server user Configure a new SNMP Version 3 user.
www.dell.com | support.dell.com spanning-tree priority Configures the spanning tree priority. Global Configuration spanning-tree disable Disables spanning tree on a specific port. Interface Configuration spanning-tree cost Configures the spanning tree path cost for a port. Interface Configuration spanning-tree portpriority Configures port priority. Interface Configuration spanning-tree portfast Enables PortFast mode.
spanning-tree link-type Overrides the default link-type setting. Interface Configuration spanning-tree pathcost method Sets the default path cost method. Global Configuration spanning-tree bpdu Defines BPDU handling when spanning tree is disabled on an interface. Global Configuration clear spanning-tree detected-protocols Restarts the protocol migration process on all interfaces or on the specified interface. Privileged User EXEC show spanning-tree Displays spanning tree configuration.
www.dell.com | support.dell.com show crypto key pubkey-chain ssh Displays SSH public keys stored on the device. Privileged User EXEC Command Group Description Access Mode logging on Controls error messages logging. Global Configuration logging Logs messages to a syslog server. Global Configuration logging console Limits messages logged to the console based on severity. Global Configuration logging buffered Limits syslog messages displayed from an internal buffer based on severity.
System Management Commands Command Group Description Access Mode ping Sends ICMP echo request packets to another node on the network. User EXEC traceroute Discovers the routes that packets will actually take when traveling to their destination. User EXEC telnet Logs in to a host that supports Telnet. User EXEC resume Switches to another open Telnet session User EXEC reload Reloads the operating system Privileged User EXEC hostname Specifies or modifies the device host name.
www.dell.com | support.dell.com User Interface Commands Command Group Description Access Mode enable Enters the privileged EXEC mode. All disable Returns to User EXEC mode. All login Changes a login username. All configure Enables the global configuration mode All exit(configuration) Exits any configuration mode to the next highest mode in the CLI mode hierarchy. All exit(EXEC) Closes an active terminal session by logging off the device.
switchport access vlan Configures the VLAN membership mode of a port. Interface Configuration switchport access vlan Configures the VLAN ID when the interface is in access mode. Interface Configuration switchport trunk allowed vlan Adds or removes VLANs from a port in general mode. Interface Configuration switchport trunk native vlan Defines the port as a member of the specified VLAN, and the VLAN ID is the "port default VLAN ID (PVID)".
www.dell.com | support.dell.com switchport customer vlan Sets the port's VLAN when the interface is in customer mode. Interface configuration (Ethernet, portchannel) Web Server Commands 42 Command Group Description Access Mode ip http server Enables the device to be configured from a browser. Global Configuration ip http port Specifies the TCP port for use by a web browser to configure the device.
802.1x Commands Command Description Access Mode aaa authentication dot1x Specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1X. Global Configuration dot1x system-autocontrol Enables 802.1x globally. Global Configuration dot1x port-control Enables manual control of the authorization state of the port Interface Configuration dot1x re-authentication Enables periodic re-authentication of the client.
Command Groups www.dell.com | support.dell.
Command Modes GC (Global Configuration) Mode Command Description aaa authentication enable Defines authentication method lists for accessing higher privilege levels. aaa authentication login Defines login authentication. aaa authentication dot1x Specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1X. arp Adds a permanent entry in the ARP cache.
www.dell.com | support.dell.com 46 interface range ethernet Enters the interface configuration mode to configure multiple ethernet type interfaces. interface range port-channel Enters the interface configuration mode to configure multiple portchannels. interface range vlan Enters the interface configuration mode to configure multiple VLANs. interface vlan Enters the interface configuration (VLAN) mode. ip default-gateway Defines a default gateway.
logging file Limits syslog messages sent to the logging file based on severity. logging on Controls error messages logging. login authentication Specifies the login authentication method list for a remote telnet or console. management access-class Defines which management access-list is used. management access-list Defines a management access-list, and enters the access-list for configuration. port jumbo-frame Enables jumbo frames for the device.
www.dell.com | support.dell.com snmp-server set Sets SNMP MIB value by the CLI. snmp-server trap authentication Enables the switch to send Simple Network Management Protocol traps when authentication failed. sntp authenticate Grants authentication for received Network Time Protocol (NTP) traffic from servers. sntp authentication-key Defines an authentication key for Simple Network Time Protocol (SNTP). spanning-tree Enables spanning tree functionality.
dot1x max-req Sets the maximum number of times that the switch sends an EAP request/identity frame to the client, before restarting the authentication process. show dot1x Allows multiple hosts on an 802.1X-authorized port, that has the dot1x port-control interface configuration command set to auto. dot1x port-control Enables manual control of the authorization state of the port dot1x re-authentication Enables periodic re-authentication of the client.
www.dell.com | support.dell.com name Configures a name to a VLAN. negotiation Enables auto-negotiation operation for the speed and duplex parameters of a given interface. port monitor Starts a port monitoring session. port security Disables new address learning on an interface. port security routed secureaddress Adds MAC-layer secure addresses to a routed port. port storm-control broadcast enable Enables broadcast storm control.
history size Changes the command history buffer size for a particular line. password Specifies a password on a line. autobaud Sets the line for automatic baud rate detection speed Sets the line baud rate. MA (Management Access-level) Mode Command Description deny (management) Defines a deny rule. permit (management) Defines a permit rule. PE (Privileged User EXEC) Mode Command Description show dot1x users Displays 802.1X statistics for the specified interface.
www.dell.com | support.dell.com 52 set interface active Reactivates an interface that was suspended by the system. show arp Displays entries in the ARP table. show authentication methods Displays information about the authentication methods. show bootvar Displays the active system image file that the device loads at startup show bridge address-table Displays dynamically created entries in the bridge-forwarding database.
show ports storm-control Displays the storm control configuration. show radius-servers Displays the RADIUS server settings. show running-config Displays the contents of the currently running configuration file. show snmp Displays the SNMP status. show spanning-tree Displays spanning tree configuration. show startup-config Displays the startup configuration file contents. show syslog-servers Displays the syslog servers settings.
www.dell.com | support.dell.com 54 show hosts Displays the default domain name, a list of name server hosts, the static and the cached list of host names and addresses. show interfaces configuration Displays the configuration for all configured interfaces. show interfaces counters Displays traffic seen by the physical interface. show interfaces description Displays the description for all configured interfaces. port channel load balance Displays Port-channel information.
VC (VLAN Configuration) Mode Command Description bridge address Adds a static MAC-layer station source address to the bridge table. bridge multicast address Registers MAC-layer multicast addresses to the bridge table, and adds static ports to the group. bridge multicast forbidden address Forbids adding a specific multicast address to specific ports. bridge multicast forbidden forward-all Enables forbidding forwarding of all multicast frames to a port.
Command Modes www.dell.com | support.dell.
Using the CLI This chapter describes how to start using the CLI and describes implemented command editing features to assist in using the CLI. CLI Command Modes Introduction To assist in configuring devices, the CLI [Command Line Interface] is divided into different command modes. Each command mode has its own set of specific commands. Entering a question mark "?" at the system prompt (console prompt) displays a list of commands available for that particular command mode.
www.dell.com | support.dell.com When starting a session, the initial mode is the User EXEC mode. Only a limited subset of commands are available in User EXEC Mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required. The Privileged mode gives access to commands that are restricted on EXEC mode and provides access to the device Configuration mode.
The following example illustrates how to access Privileged Exec mode and return back to the User EXEC mode: console>enable Enter Password: ****** console# console#disable console> The Exit command is used to return from any mode to the previous mode except when returning to User EXEC mode from the Privileged EXEC mode.
www.dell.com | support.dell.com Interface Configuration Mode and Specific Configuration Modes Interface Configuration mode commands are to modify specific interface operations. The following are the Interface Configuration modes: • Line Interface—Contains commands to configure the management connections. These include commands such as line speed, timeout settings, etc. The Global Configuration mode command line is used to enter the Line Configuration command mode.
1 Start the device and wait until the startup procedure is complete. The User Exec mode is entered, and the prompt "Console>" is displayed. 2 Configure the device and enter the necessary commands to complete the required tasks. 3 When finished, exit the session with the quit or exit command. When a different user is required to log onto the system, in the Privileged EXEC mode command mode the login command is entered. This effectively logs off the current user and logs on the new user.
www.dell.com | support.dell.com Terminal Command Buffer Every time a command is entered in the CLI, it is recorded on an internally managed Command History buffer. Commands stored in the buffer are maintained on a First In First Out (FIFO) basis.These commands can be recalled, reviewed, modified, and reissued. This buffer is not preserved across device resets. Keyword Source or destination Up-arrow key Ctrl+P Recalls commands in the history buffer, beginning with the most recent command.
Keyboard Shortcuts The CLI has a range of keyboard shortcuts to assist in editing the CLI commands. The following table describes the CLI shortcuts. Keyboard Key Description Up-arrow key Recalls commands from the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands. Down-arrow key Returns the most recent commands from the history buffer after recalling commands with the up arrow key.
Using the CLI www.dell.com | support.dell.
AAA Commands aaa authentication login The aaa authentication login Global Configuration mode commands defines login authentication. To return to the default configuration, use the no form of this command. Syntax aaa authentication login {default | list-name} method1 [method2...] no aaa authentication login {default | list-name} • default—Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.
www.dell.com | support.dell.com • Create a list by entering the aaa authentication login list-name method command for a particular protocol, where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence. • The additional methods of authentication are used only if the previous method returns an error, not if it fails.
Default Configuration If the default list is not set, only the enable password is checked. This has the same effect as the command aaa authentication enable default enable. On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has the same effect as using the command aaa authentication enable default enable none.
www.dell.com | support.dell.com Default Configuration Uses the default set with the command authentication login. Command Mode Line Configuration mode User Guidelines • Changing login authentication from default to another value may disconnect the telnet session. Example The following example specifies the default authentication method for a console.
Console (config)# line console Console (config-line)# enable authentication default ip http authentication The ip http authentication Global Configuration mode command specifies authentication methods for http. To return to the default, use the no form of this command. Syntax ip http authentication method1 [method2...] no ip http authentication • method1 [method2...]—Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication.
www.dell.com | support.dell.com ip https authentication The ip https authentication Global Configuration mode command specifies authentication methods for https servers. To return to the default, use the no form of this command. Syntax ip https authentication method1 [method2...] no ip https authentication • method1 [method2...]—Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication.
Syntax show authentication methods Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the authentication configuration.
www.dell.com | support.dell.
Default Configuration No password is required. Command Mode Line Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example specifies a password "secret" on a line. Console (config-line)# password secret enable password The enable password Global Configuration mode command sets a local password to control access to normal and privilege levels. To remove the password requirement, use the no form of this command.
www.dell.com | support.dell.com Example The following example sets a local level 15 password "secret" to control access to user and privilege levels. Console (config)# enable password level 15 secret username The username Global Configuration mode command establishes a username-based authentication system. To remove a user name use the no form of this command. Syntax username name [password password] [level level] [encrypted] no username name • name—The name of the user.
Syntax show users accounts Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the local users configured with access to the system.
AAA Commands www.dell.com | support.dell.
Address Table Commands bridge address The bridge address VLAN Interface Configuration mode command adds a static MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of the bridge address command (using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN).
www.dell.com | support.dell.com Console (config)# interface vlan 2 Console (config-vlan)# bridge address 3a:a2:64:b3:a2:45 ethernet g8 permanent bridge multicast filtering The bridge multicast filtering Global Configuration mode command enables filtering of multicast addresses. To disable filtering of multicast addresses, use the no form of the bridge multicast filtering command. Syntax bridge multicast filtering no bridge multicast filtering Default Configuration Disabled.
bridge multicast address {mac-multicast-address | ip-multicast-address} [add | remove] {ethernet interface-list | port-channel port-channel-number-list} no bridge multicast address {mac-multicast-address | ip-multicast-address} • add—Adds ports to the group. If no option is specified, this is the default option. • remove—Removes ports from the group. • mac-multicast-address—MAC multicast address in the format of xx:xx:xx:xx:xx:xx. • ip- multicast-address—IP multicast address.
www.dell.com | support.dell.com bridge multicast forbidden address The bridge multicast forbidden address Interface Configuration mode command forbids adding a specific multicast address to specific ports. Use the no form of this command to return to default.
bridge multicast forward-all The bridge multicast forward-all Interface Configuration mode command enables forwarding of all multicast packets on a port. To restore the default, use the no form of the bridge multicast forward-all command. Syntax bridge multicast forward-all {add | remove} {ethernet interface-list | port-channel portchannel-number-list} no bridge multicast forward-all • add—Adds ports to the group. • remove—Removes ports from the group.
www.dell.com | support.dell.com Syntax bridge multicast forbidden forward-all {add | remove} {ethernet interface-list | port-channel port-channel-number-list} no bridge multicast forward-all • add—Forbids forwarding all multicast packets. • remove—Does not forbid forwarding all multicast packets. • interface-list—Separates non consecutive valid Ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports.
• seconds—Time is number of seconds. (Range: 10 - 630 seconds) Default Configuration 300 seconds Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example In this example the bridge aging time is set to 250. Console (config)# bridge aging-time 250 clear bridge The clear bridge Privileged EXEC mode command removes any learned entries from the forwarding database. Syntax clear bridge • This command has no keywords or arguments.
www.dell.com | support.dell.com port security The port security Interface Configuration mode command locks the port. By locking the port, new addresses are not learned on the port. To enable new address learning, use the no form of the port security command. Syntax port security [forward | discard | discard-shutdown] [trap seconds] no port security • forward—Forwards frames with unlearned source addresses, but does not learn the address. • discard—Discards frames with unlearned source addresses.
port security routed secure-address The port security routed secure-address Interface Configuration mode command adds MAC-layer secure addresses to a routed port. Use the no form of this command to delete the MAC addresses. Syntax port security routed secure-address mac-address no port security routed secure-address mac-address • mac-address—Specify a MAC address in the format of xx:xx:xx:xx:xx:xx. Default Configuration No addresses are defined.
www.dell.com | support.dell.com • port-channel-number—A valid port-channel number. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • Internal usage VLANs (VLANs that are automatically allocated on routed ports) would be presented in the VLAN column by a port number and not by a VLAN ID. Example In this example, all classes of entries in the bridge-forwarding database are displayed.
Console# show bridge address-table Aging time is 300 sec vlan mac address port type ---- ----------- ---- ---- 1 00:60:70:4C:73:FF g8 dynamic 1 00:60:70:8C:73:FF g7 dynamic 200 00:10:0D:48:37:FF g4 static 8 00:10:0D:48:37:FF g2 dynamic show bridge address-table static The show bridge address-table static Privileged EXEC mode command displays statically created entries in the bridge-forwarding database.
www.dell.com | support.dell.com Console# show bridge address-table static Aging time is 300 sec vlan mac address port type ---- ----------- ---- ---- 1 00:60:70:4C:73:FF g8 permanent 1 00:60:70:8C:73:FF g8 delete-on-timeout 200 00:10:0D:48:37:FF g8 delete-on-reset show bridge address-table count The show bridge address-table count Privileged EXEC mode command displays the number of addresses present in all VLANs or in a specific VLAN.
Console# show bridge address-table count Capacity: 8192 Free: 8084 Used: 108 Static addresses: 2 Dynamic addresses: 97 Internal addresses: 9 show bridge multicast address-table The show bridge multicast address-table Privileged EXEC mode command displays multicast MAC address table information. Syntax show bridge multicast address-table [vlan vlan-id] [address mac-multicast-address | ipmulticast-address] [format ip | mac] • vlan_id—A VLAN ID value.
www.dell.com | support.dell.
show bridge multicast filtering The show bridge multicast filtering Privileged EXEC mode command displays the multicast filtering configuration. Syntax show bridge multicast filtering vlan-id • vlan_id—A valid VLAN ID value. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example In this example, the multicast configuration for VLAN 1 is displayed.
www.dell.com | support.dell.com Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example In this example, all classes of entries in the port-lock status are displayed.
Clock clock set The clock set Privileged EXEC mode command manually sets the system clock. Syntax clock set hh:mm:ss day month year or clock set hh:mm:ss month day year • hh:mm:ss—Current time in hours (military format), minutes, and seconds (0 - 23, mm: 0 - 59, ss: 0 - 59). • day—Current day (by date) in the month (1 - 31). • month—Current month using the first three letters by name (Jan, …, Dec). • year—Current year (2000 - 2097).
www.dell.com | support.dell.com Default Configuration No external clock source Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Examples The following example configures an external time source for the system clock. Console# clock source sntp clock timezone The clock timezone Global Configuration mode command sets the time zone for display purposes. To set the time to Coordinated Universal Time (UTC), use the no form of this command.
clock summer-time The clock summer-time Global Configuration mode command configures the system to automatically switch to summer time (daylight saving time). To configure the software to not automatically switch to summer time, use the no form of this command.
www.dell.com | support.dell.com Command Mode Global Configuration mode User Guidelines • In both the date and recurring forms of the command, the first part of the command specifies when summer time begins, and the second part specifies when it ends. All times are relative to the local time zone. The start time is relative to standard time. The end time is relative to summer time. If the starting month is chronologically after the ending month, the system assumes that you are in the southern hemisphere.
Command Mode Global Configuration mode User Guidelines • Multiple keys can be generated. Examples The following example defines the authentication key for SNTP. Console(config)# sntp authentication-key 8 md5 ClkKey Console(config)# sntp trusted-key 8 Console(config)# sntp authenticate sntp authenticate The sntp authenticate Global Configuration mode command grants authentication for received Network Time Protocol (NTP) traffic from servers. To disable the feature, use the no form of this command.
www.dell.com | support.dell.com sntp trusted-key The sntp trusted-key Global Configuration mode command authenticates the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize. To disable authentication of the identity of the system, use the no form of this command. Syntax sntp trusted-key key-number no sntp trusted-key key-number • key-number—Key number of authentication key to be trusted. (Range: 1 - 4294967295) Default Configuration Not trusted.
Default Configuration 1024 Command Mode Global configuration mode User Guidelines • There are no user guidelines for this command. Examples The following example sets the polling time for the Simple Network Time Protocol (SNTP) client to 120 seconds. Console (config)# sntp client poll timer 120 sntp broadcast client enable The sntp broadcast client enable Global Configuration mode command enables the Simple Network Time Protocol (SNTP) broadcast clients.
www.dell.com | support.dell.com sntp anycast client enable The sntp anycast client enable Global Configuration mode command enables anycast client. To disable the polling for SNTP broadcast client, use the no form of this command. Syntax sntp anycast client enable no sntp anycast client enable This command has no arguments or keywords.
Command Mode Interface configuration (Ethernet, Port-Channel, VLAN) mode User Guidelines • Use the sntp client enable Global Configuration mode command to enable broadcast clients globally. • Use the sntp anycast client enable Global Configuration mode command to enable anycast clients globally. Examples The following example enables the SNTP client on the interface.
www.dell.com | support.dell.com sntp unicast client poll The sntp unicast client poll Global Configuration mode command enables polling for the Simple Network Time Protocol (SNTP) predefined unicast clients. To disable the polling for SNTP client, use the no form of this command. Syntax sntp unicast client poll no sntp unicast client poll This command has no arguments or keywords.
Default Configuration No servers are defined. Command Mode Global Configuration mode User Guidelines • Up to 8 SNTP servers can be defined. • Use the sntp unicast client enable Global Configuration mode command to enable predefined unicast clients globally. • To enable polling you should also use the sntp unicast client poll Global Configuration mode command for global enabling. • Polling time is determined by the sntp client poll timer Global Configuration mode command.
www.dell.com | support.dell.com User Guidelines • The symbol that precedes the show clock display indicates the following: Symbol Description * Time is not authoritative. (blank) Time is authoritative. . Time is authoritative, but SNTP is not synchronized. Example The following example displays the time and date from the system clock.
show sntp configuration The show sntp configuration Privileged EXEC mode command shows the configuration of the Simple Network Time Protocol (SNTP). Syntax show sntp configuration This command has no keywords or arguments. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command.
www.dell.com | support.dell.com ----------- -------- ----------------- 176.1.1.8 Enabled 9 176.1.8.179 Disabled Disabled Broadcast Clients: Enabled Broadcast Clients Poll: Enabled Broadcast Interfaces: g1, g3 show sntp status The show sntp status Privileged EXEC mode command shows the status of the Simple Network Time Protocol (SNTP). Syntax show sntp status • This command has no keywords or arguments. Default Configuration This command has no default configuration.
176.1.8.179 Secondary Unknown AFE21789.643287C9 Interface IP address Last response --------- ---------- ------------------------ 176.1.1.8 Primary AFE252C1.6DBDDFF2 176.1.8.179 Secondary AFE21789.643287C9 8.98 189.
Clock www.dell.com | support.dell.
Configuration and Image Files delete startup-config The delete startup-config Privileged EXEC mode command deletes the startup-config file. Syntax delete startup-config This command has no arguments or keywords. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Examples The following example deletes the startup-config file.
www.dell.com | support.dell.com Keyword Source or destination flash Source or destination URL for Flash memory. It’s the default in case a URL is specified without a prefix running-config Represents the current running configuration file. startup-config Represents the startup configuration file. backup-config Represents the backup configuration file. image If source file, represent the active image file. If destination file, represent the non-active image file. boot Boot file.
Copy Character Descriptions: Character Description ! For network transfers, an exclamation point indicates that the copy process is taking place. Each exclamation point indicates the successful transfer of ten packets (512 bytes each). . For network transfers, a period indicates that the copy process timed out. Many periods in a row typically mean that the copy process may fail.
www.dell.com | support.dell.com Example The following example copies a system image named file1 from the TFTP server with an IP address of 172.16.101.101 to non active image file. Console# copy tftp://172.16.101.101/file1 image Accessing file 'file1' on 172.16.101.101... Loading file1 from 172.16.101.
show running-config The show running-config Privileged EXEC mode command displays the contents of the currently running configuration file. Syntax show running-config [sort type] • sort type —Specifies the sorting type of the file. Can be one of the following values: interface, feature. Default Configuration Sort type defaults to interface if unspecified. Command Mode Privileged EXEC mode User Guidelines • show running-config does not show all the port configurations under the port.
www.dell.com | support.dell.com Examples The following example displays the contents of the running-config file. Console# show running-config no spanning-tree vlan database vlan 2 exit interface range ethernet g(1-2) switchport access vlan 2 exit interface vlan 2 bridge address 00:00:00:00:00:01 ethernet g1 exit interface ethernet g1 gvrp enable exit gvrp enable interface ethernet g24 ip address dhcp exit ip name-server 10.6.1.
• sort type —Specifies the sorting type of the file. Can be one of the following values: interface, feature. Default Configuration Sort type defaults to interface if unspecified. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command.
www.dell.com | support.dell.com Examples The following example displays the contents of the startup-config file. Console# show startup-config no spanning-tree vlan database vlan 2 exit interface range ethernet g(1-2) switchport access vlan 2 exit interface vlan 2 bridge address 00:00:00:00:00:01 ethernet g1 exit interface ethernet g1 gvrp enable exit gvrp enable interface ethernet g24 ip address dhcp exit ip name-server 10.6.1.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Examples Console# show backup-config software version 1.1 hostname device interface ethernet g1 ip address 176.242.100.100 255.255.255.0 duplex full speed 1000 interface ethernet g2 ip address 176.243.100.100 255.255.255.
www.dell.com | support.dell.com show bootvar The show bootvar Privileged EXEC mode command displays the active system image file that the device loads at startup. Syntax show bootvar Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Examples The following example displays the active system image file that the device loads at startup.
Ethernet Configuration Commands interface ethernet The interface ethernet Global Configuration mode command enters the interface configuration mode to configure an Ethernet type interface. Syntax interface ethernet interface • interface—Valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example enables ports g8 for configuration.
www.dell.com | support.dell.com Command Mode Global Configuration mode User Guidelines • Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces. Example The following example shows how ports g18 to g20 and ports g22 to g24 are grouped to receive the same command.
The following example re-enables port g5. Console(config)# interface ethernet g5 Console(config-if)# no shutdown description The description Interface Configuration mode command adds a description to an interface. To remove the description use the no form of this command. Syntax description string no description • string—Comment or a description of the port up to 64 characters. Default Configuration By default, the interface does not have a description.
www.dell.com | support.dell.com • 1000—Force 1000 Mbps operation. • 10000—Force 10000 Mbps operation. Default Configuration Maximum port capability. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines • The command "no speed" in port-channel context returns each port in the port-channel to its maximum capability. Example The following example configures the speed operation of Ethernet g5 to force 100-Mbps operation.
• Half duplex mode can be set only for ports operating at 10 Mbps or 100 Mbps. Example The following example configures the duplex operation of Ethernet g5 to force full duplex operation. Console(config)# interface ethernet g5 Console(config-if)# duplex full negotiation The negotiation Interface Configuration mode command enables auto-negotiation operation for the speed and duplex parameters of a given interface. To disable negotiation, use the no form of this command.
www.dell.com | support.dell.com Syntax flowcontrol {auto | on | off} no flowcontrol • auto—Enables auto-negotiation of Flow Control. • on—Enables Flow Control. • off—Disables Flow Control. Default Configuration Flow Control is off. Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines • Flow Control will operate only if duplex mode is set to FULL. Back Pressure will operate only if duplex mode is set to HALF.
Default Configuration Automatic crossover is enabled Command Mode Interface Configuration (Ethernet) mode User Guidelines • Mdix Auto: All possibilities to connect a PC with cross OR normal cables are supported and are automatically detected. • Mdix ON: It is possible to connect to a PC only with a normal cable and to connect to another switch ONLY with a cross cable. • If MDIX is set to "no mdix", the device works opposite from the "MDIX On" behavior.
www.dell.com | support.dell.com Example In the following example Back Pressure is enabled on g5. Console(config)# interface ethernet g5 Console(config-if)# back-pressure port jumbo-frame The port jumbo-frame Global Configuration mode command enables jumbo frames for the device. The size of the port jumbo frame is 10K. To disable jumbo frames, use the no form of this command. Syntax port jumbo-frame no port jumbo-frame Default Configuration Jumbo Frames are not enabled.
Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example In the following example, the counters for interface g1 are cleared. Console# clear counters ethernet g1 set interface active The set interface active Privileged EXEC mode command reactivates an interface that was suspended by the system. Syntax set interface active {ethernet interface | port-channel port-channel-number} • interface—Valid Ethernet port.
www.dell.com | support.dell.com Syntax show interfaces configuration [ethernet interface | port-channel port-channel-number | • interface—Valid Ethernet port. • port-channel-number—Valid port-channel trunk index. Default Configuration This command has no default configuration. Command Modes Privilege EXEC mode User Guidelines • There are no user guidelines for this command.
The displayed port configuration information includes the following: • Port—The port number. • Port Type—The port designated IEEE shorthand identifier. For example 1000Base-T refers to 1000 Mbps baseband signaling. • Duplex—Displays the port Duplex status. • Speed—Refers to the port speed. • Neg—Describes the Auto-negotiation status. • Flow Control—Displays the Flow Control status. • Back Pressure—Displays the Back Pressure status. • MDIX Mode—Displays the Auto-crossover status.
www.dell.com | support.dell.
The displayed port status information includes the following: • Port—The port number. • Description—If the port has a description, the description is displayed. • Port Type—The port designated IEEE shorthand identifier. For example, 1000Base-T refers to 1000 Mbps baseband signaling. • Duplex—Displays the port Duplex status. • Speed—Refers to the port speed. • Neg—Describes the Auto-negotiation status. • Flow Control—Displays the Flow Control status.
www.dell.com | support.dell.com Console# show interfaces description ethernet g1 Port Description ---- ------------------ g1 Management_port g2 R&D_port g3 Finance_port Ch Description ---- ------------------ Ch 1 Output show interfaces counters The show interfaces counters User EXEC mode command displays traffic seen by the physical interface. Syntax show interfaces counters [ethernet interface | port-channel port-channel-number] • interface—A valid Ethernet port.
Console# show interfaces counters Port InOctets InUcastPkts InMcastPkts InBcastPkts ------- ------------- ---------------- ---------------- ------------ g1 183892 1289 987 8 g2 0 0 0 0 g3 123899 1788 373 19 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts ------- ------------- ---------------- ---------------- ------------ g4 9 8 0 9188 g5 0 0 0 0 g6 8789 27 8 0 Ch InOctets InUcastPkts InMcastPkts InBcastPkts ------- ------------- ----------------
www.dell.com | support.dell.com The following example displays counters for port g1.
InMcastPkts Counted received multicast packets. InBcastPkts Counted received broadcast packets. OutOctets Counted transmitted octets. OutUcastPkts Counted transmitted unicast packets. OutMcastPkts Counted transmitted multicast packets. OutBcastPkts Counted transmitted broadcast packets. Alignment Errors A count of frames received that are not an integral number of octets in length and do not pass the FCS check.
www.dell.com | support.dell.com Symbol Errors For an interface operating at 100 Mb/s, the number of times there was an invalid data symbol when a valid carrier was present.
Example The following example displays the jumbo frames configuration. Console# show ports jumbo-frame Jumbo frames are disabled Jumbo frames will be enabled after reset port storm-control include-multicast The port storm-control include-multicast Global Configuration mode command enables the device to count multicast packets together with broadcast packets. To disable counting of multicast packets, use the no form of this command.
www.dell.com | support.dell.com no port storm-control broadcast enable Default Configuration Broadcast storm control is disabled. Command Modes Interface Configuration (Ethernet) mode User Guidelines • Use the port storm-control broadcast rate Interface Configuration mode command, to set the maximum allowable broadcast rate. • Multicast can be counted as part of the "storm" frames if the port storm-control includemulticast Global Configuration mode command is already executed.
Example The following example configures the maximum broadcast rate 10 kilobytes per second. console(config)# interface ethernet g2 console(config-if)# port storm-control broadcast rate 10 show ports storm-control The show ports storm-control Privileged EXEC mode command displays the storm control configuration. Syntax show ports storm-control [interface] • interface—A valid Ethernet port. Default Configuration This command has no default configuration.
www.dell.com | support.dell.
GVRP Commands gvrp enable (global) GVRP, or GARP VLAN Registration Protocol, is an industry-standard protocol designed to propagate VLAN information from device to device. With GVRP, a single switch is manually configured with all desired VLANs for the network, and all other switches on the network learn these VLANs dynamically. The gvrp enable Global Configuration mode command enables GVRP globally. To disable GVRP globally on the switch, use the no form of this command.
www.dell.com | support.dell.com Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines • An access port would not dynamically join a VLAN because it is always a member in only one VLAN. • Membership in an untagged VLAN would be propagated in a same way as a tagged VLAN. i.e. in such a case it’s the administrator’s responsibility to set the PVID to be the untagged VLAN VID. Example The following example enables GVRP on ethernet g8.
Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines • The timer_value value must be a multiple of 10. • You must maintain the following relationship for the various timer values: • – ·Leave time must be greater than or equal to three times the join time. – ·Leave-all time must be greater than the leave time. Set the same GARP timer values on all Layer 2-connected devices.
www.dell.com | support.dell.com Example The following example disables dynamic VLAN creation on port g8. Console (config)# interface ethernet g8 Console (config-if)# gvrp vlan-creation-forbid gvrp registration-forbid The gvrp registration-forbid Interface Configuration mode command de-registers all dynamic VLANs, and prevents dynamic VLAN registration on the port. To allow dynamic registering for VLANs on a port, use the no form of this command.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example clears all the GVRP statistics information on port g8.
www.dell.com | support.dell.com Console# show gvrp configuration GVRP Feature is currently enabled on the switch. Maximum VLANs: 256 Port(s) GVRPStatus Registration Dynamic VLAN Creation Timers (milliseconds) Join Leave Leave All ------- ------ ------------ -------- ------------- ----- ----- g1 Enabled Normal Enabled 200 600 10000 g4 Enabled Normal Enabled 200 600 10000 show gvrp statistics The show gvrp statistics User EXEC mode command displays GVRP statistics.
Example The following example shows GVRP statistics information: Console# show gvrp statistics GVRP statistics: ---------------rJE : Join Empty Received rJIn : Join In Received rEmp : Empty Received rLIn : Leave In Received rLE : Leave Empty Received rLA sJE : Join Empty Sent sJIn : Join In Sent : Leave All Received sEmp : Empty Sent sLIn : Leave In Sent sLE sLA : Leave Empty Sent : Leave All Sent Port rJE rJIn rEmp rLIn rLE rLA sJE sJIn sEmp sLIn sLE sLA --- --- ---- ----
www.dell.com | support.dell.com Syntax show gvrp error-statistics [ethernet interface | port-channel port-channel-number] • interface—port. • port-channel-number—A valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays GVRP statistics information.
IGMP Snooping Commands ip igmp snooping (Global) The ip igmp snooping Global Configuration mode command enables Internet Group Management Protocol (IGMP) snooping. To disable IGMP snooping use the no form of this command. Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example enables IGMP snooping.
www.dell.com | support.dell.com User Guidelines • IGMP snooping can only be enabled on static VLANs. Example The following example enables IGMP snooping on VLAN 2. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping ip igmp snooping mrouter The ip igmp snooping mrouter Interface Configuration mode command enables automatic learning of multicast router ports in the context of a specific VLAN. To remove automatic learning of multicast router ports, use the no form of this command.
Syntax ip igmp snooping host-time-out time-out no ip igmp snooping host-time-out • time-out—Host timeout in seconds. (Range: 1 - 2147483647) Default Configuration The default host-time-out is 260 seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines • The timeout should be at least greater than 2*query_interval+max_response_time of the IGMP router. Example The following example configures the host timeout to 300 seconds.
www.dell.com | support.dell.com User Guidelines • There are no user guidelines for this command. Example The following example configures the mrouter timeout to 200 seconds. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping mrouter-time-out 200 ip igmp snooping leave-time-out The ip igmp snooping leave-time-out VLAN Interface Configuration mode command configures the leave-time-out.
show ip igmp snooping mrouter The show ip igmp snooping mrouter User EXEC mode command displays information on dynamically learned multicast router interfaces. Syntax show ip igmp snooping mrouter [interface vlan-id] • vlan_id—VLAN ID value. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example shows IGMP snooping mrouter information.
www.dell.com | support.dell.com Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example The example displays IGMP snooping information. Console # show ip igmp snooping interface 1 IGMP Snooping is globaly disabled IGMP Snooping is disabled on VLAN 1 IGMP host timeout is 260 sec IGMP Immediate leave is disabled.
Example The example shows IGMP snooping information. Console # show ip igmp snooping groups Vlan IP Address Querier Ports ----- ------------------ -------- ------------ 1 224-239.130|2.2.3 Yes g1, g2 19 224-239.130|2.2.
IGMP Snooping Commands www.dell.com | support.dell.
IP Addressing Commands clear host dhcp The clear host dhcp Privileged EXEC mode command deletes entries from the host name-toaddress mapping received from Dynamic Host Configuration Protocol (DHCP). Syntax clear host dhcp {name | *} • name—Particular host entry to remove. (Range: 1 - 158 characters.) • *— Removes all entries. Default Configuration This command has no default configuration.
www.dell.com | support.dell.com • prefix-length—The number of bits that comprise the IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 8 -30) Default Configuration No IP address is defined for interfaces. Command Mode Interface configuration (Ethernet, VLAN, port-channel) User Guidelines • An IP address cannot be configured for a range of interfaces (range context). Example The following example configures VLAN 1 with the IP address 131.108.1.
User Guidelines • The ip address dhcp command allows any interface to dynamically learn its IP address by using the DHCP protocol. • Some DHCP Servers require that the DHCPDISCOVER message have a specific host name. The most typical usage of the ip address dhcp hostname host-name command is when hostname is the host name provided by the system administrator.
www.dell.com | support.dell.com User Guidelines • There are no User Guidelines for this command. Example The following example defines an ip default gateway. Console(config)# ip default-gateway 192.168.1.1 show ip interface The show ip interface User EXEC mode command displays the usability status of interfaces configured for IP. Syntax show ip interface [ethernet interface-number | vlan vlan-id | port-channel number] • ethernet interface-number—port. • vlan vlan-id—VLAN number.
Console# show ip interface Gateway IP Address Type Activity Status --------------------- ----------- --------------- 10.7.1.1 Static Active IP address Interface Type ------------------- ------------ ------------ 10.7.1.192/24 VLAN 1 Static 10.7.2.192/24 VLAN 2 DHCP arp The arp Global Configuration mode command adds a permanent entry in the Address Resolution Protocol (ARP) cache. To remove an entry from the ARP cache, use the no form of this command.
www.dell.com | support.dell.com Example The following example adds the IP address 198.133.219.232 and MAC address 00:00:0c:40:0f:bc to the ARP table. Console (config)# arp 198.133.219.232 00:00:0c:40:0f:bc ethernet g8 arp timeout The arp timeout Global Configuration mode command configures how long an entry remains in the ARP cache. To restore the default value, use the no form of this command. Syntax arp timeout seconds no arp timeout • seconds—Time (in seconds) that an entry remains in the ARP cache.
Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example deletes all dynamic entries from the ARP cache. Console# clear arp-cache show arp The show arp Privileged EXEC mode command displays entries in the ARP table. Syntax show arp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command.
www.dell.com | support.dell.com ip domain-lookup The ip domain-lookup Global Configuration mode command enables the IP Domain Naming System (DNS)-based host name-to-address translation. To disable the DNS, use the no form of this command. Syntax ip domain-lookup no ip domain-lookup This command has no arguments or keywords. Default Configuration Enabled Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command.
Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Examples The following example defines a default domain name of www.dell.com. Console (config)# ip domain-name www.dell.com ip name-server The ip name-server Global Configuration mode command sets the available name servers. To remove a name server, use the no form of this command.
www.dell.com | support.dell.com Syntax ip host name address no ip host name • name—Name of the host (Range: 1 - 158 characters) • address—Associated IP address. Default Configuration No host is defined. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Examples The following example defines a static host name-to-address mapping in the host cache. Console (config)# ip host accounting.dell.com 176.10.23.
Examples The following example deletes entries from the host name-to-address cache. Console (config)# clear host * show hosts The show hosts User EXEC mode command displays the default domain name, a list of name server hosts, the static and the cached list of host names and addresses. Syntax show hosts [name] • name—Name of the host.(Range: 1 - 158 characters) Default Configuration Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command.
www.dell.com | support.dell.com console> show hosts Default domain is GM.COM Name/address lookup is enabled Name servers: 176.16.1.18 176.16.1.19 Static host name-to-address mapping: Host Addresses ---- --------- www.dell.com 176.16.8.8 176.16.8.9 Cache: TTL(Hours) 168 Host Total Elapsed Type Addresses ---- ----- --------- ------ --------- www.dell.com 72 3 IP 171.64.14.
LACP Commands lacp system-priority The lacp system-priority Global Configuration mode command configures the system priority. To reset to default, use the no form of this command. Syntax lacp system-priority value no lacp system-priority • value—Value of the priority. (Range: 1 - 65535) Default Configuration The default system priority value is 1. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command.
www.dell.com | support.dell.com Command Mode Interface Configuration (Ethernet) mode User Guidelines • There are no user guidelines for this command. Example The following example configures the priority value for port g8 to 247. Console (config)# interface ethernet g8 Console (config-if)# lacp port-priority 247 lacp timeout The lacp timeout Interface Configuration mode command assigns an administrative LACP timeout. To reset the default administrative LACP timeout use the no form of this command.
show lacp ethernet The show lacp ethernet Privilege EXEC mode command displays LACP information for Ethernet ports. Syntax show lacp ethernet interface [parameters | statistics | protocol-state] • Interface—Ethernet interface. Default Configuration This command has no default configuration. Command Mode Privilege EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example shows how to display LACP statistics information.
www.dell.com | support.dell.com Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example shows how to display LACP port-channel information.
Line Commands line The line Global Configuration mode command identifies a specific line for configuration and enters the line configuration command mode. Syntax line {console | telnet | ssh} • console—Console terminal line. • telnet—Virtual terminal for remote console access (Telnet). • ssh—Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration.
www.dell.com | support.dell.com Command Mode Line Configuration (console) mode User Guidelines • The configured speed would be applied when Autobaud is disabled. • If Autobaud is disabled, the new speed is implemented immediately. Examples The following example sets the baud rate to 9600. Console (config)# line console Console(config-line)# speed 9600 autobaud The autobaud Line Configuration mode command sets the line for automatic baud rate detection (autobaud).
Syntax exec-timeout minutes [seconds] no exec-timeout • minutes—Integer that specifies the number of minutes. (Range: 0 - 65535) • seconds—Additional time intervals in seconds. (Range: 0 - 59) Default Configuration The default configuration is 10 minutes. Command Mode Line Configuration mode User Guidelines • To specify no timeout, enter the exec-timeout ("0 0") command. Examples The following example configures the interval that the system waits until user input is detected to 20 minutes.
www.dell.com | support.dell.com Examples The following example displays the line configuration. console# show line console Interactive timeout: History: 10 minutes 10 terminal history The terminal history EXEC mode command enables the command history function for the current terminal session. To disable the command history function, use the no form of this command. Syntax terminal history terminal no history Default Configuration This command has no default configuration.
Default Configuration The default is determined by the history size line configuration command. Command Mode User EXEC mode User Guidelines The maximum for the sum of all buffers is 256.
Line Commands www.dell.com | support.dell.
LLDP Commands lldp enable (global) To enable Link Layer Discovery Protocol (LLDP), use the lldp enable command in global configuration mode. To disable LLDP, use the no form of this command. Syntax lldp enable no lldp enable Default Configuration The command is enabled. Command Mode Global configuration User Guidlines • There are no guidelines for this command. Example The following example enables Link Layer Discovery Protocol (LLDP) .
www.dell.com | support.dell.com Command Modes Interface configuration (Ethernet) User Guidelines • LLDP manages LAG ports individually. LLDP sends separate advertisements on each port in a LAG. LLDP data received through LAG ports is stored individually per port. • LLDP operation on a port is not dependent on STP state of a port. I.e. LLDP frames are sent and received on blocked ports. If a port is controlled by 802.1X, LLDP operates only if the port is authorized.
Examples The following example specifies how often the software sends Link Layer Discovery Protocol (LLDP) updates. Console (config) # lldp timer lldp hold-multiplier To specify the amount of time the receiving device should hold a Link Layer Discovery Protocol (LLDP) packet before discarding it, use the lldp hold-multiplier command in global configuration mode. To revert to the default setting, use the no form of this command.
www.dell.com | support.dell.com Syntax lldp reinit-delay seconds no lldp reinit-delay • seconds — Specifies the minimum time in seconds an LLDP port will wait before reinitializing LLDP transmission. (Range 1-10 seconds). Default Configuraiton 2 seconds Command Modes Global configuration User Guidelines There are no user guidelines for this command. Examples The following example specifies the minimum time an LLDP port will wait before reinitializing LLDP transmission.
Usage Guidelines • It is recommended that the TxDelay would be less than 0.25 of the LLDP timer interval. Examples The following example specifies the delay between successive LLDP frame transmissions initiated by value/status changes in the LLDP local systems MIB. Console (config) # lldp tx-delay 7 lldp optional-tlv To specify which optional TLVs from the basic set should be transmitted, use the lldp optional-tlv command in interface configuration mode.
www.dell.com | support.dell.com Syntax lldp management-address ip-address no management-address ip • ip-address — Specifies the management address to advertise. Default Configuration No IP address is advertised. Command Modes Interface configuration (Ethernet) User Guidelines • Each port can advertise one IP address. • Only static IP addresses can be advertised. Example The following example specifies management address that would be advertised from an interface.
show lldp configuration To display the Link Layer Discovery Protocol (LLDP) configuration, use the show lldp configuration command in privileged EXEC mode. Syntax show lldp configuration [ethernet interface] • Interface — Ethernet port Command Modes Privileged EXEC User Guidelines • There are no user guidelines for this command.
www.dell.com | support.dell.com Command Modes Privileged EXEC User Guidelines • There are no user guidelines for this command. Example The following example displays the Link Layer Discovery Protocol (LLDP) information that is advertised from a specific port. Switch# show lldp local ethernet g1 Device ID: 0060.704C.73FF Port ID: 1 Capabilities: Bridge System Name: ts-7800-1 System description: Port description: Management address: 172.16.1.
Switch# show lldp neighbors Port Device ID Port ID Hold Time Capabilities System Name g1 0060.704C.73FE 1 117 B ts-7800-2 g1 0060.704C.73FD 1 93 B ts-7800-2 g2 0060.704C.73F C 9 1 B, R ts-7900-1 g3 0060.704C.73FB 1 92 W ts-7900-2 Switch# show lldp neighbors ethernet g1 Device ID: 0060.704C.73FE Port ID: 1 Hold Time: 117 Capabilities: B System Name: ts-7800-2 System description: Port description: Management address: 172.16.1.
LLDP Commands www.dell.com | support.dell.
Management ACL management access-list The management access-list Global Configuration mode command defines an access-list for management, and enters the access-list for configuration. Once in the access-list configuration mode, the denied or permitted access conditions are configured with the deny and permit commands. To remove an access list, use the no form of this command. Syntax management access-list name no management access-list name • name—The access list name using up to 32 characters.
www.dell.com | support.dell.com Examples The following example shows how to create an access-list called "mlist", configure two management interfaces ethernet g1 and ethernet g9, and make the access-list the active list.
• mask prefix-length—Specifies the number of bits that comprise the source IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 0 - 32) • service service—Indicates service type. Can be one of the following: telnet, ssh, http, https or snmp. Default Configuration If no permit statement is present, the default is set to deny.
www.dell.com | support.dell.com • service service—Indicates service type. Can be one of the following: telnet, ssh, http, https or snmp. Default Configuration This command has no default configuration. Command Mode Management Access-list Configuration mode User Guidelines • Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is defined on the appropriate interface.The system supports up to 256 management access rules.
Example The following example configures an access-list called "mlist" as the management access-list. Console (config)# management access-class mlist show management access-list The show management access-list Privileged EXEC mode command displays management accesslists. Syntax show management access-list [name] • name—Name of the access list. If unspecified, defaults to an empty access-list.(Range: 1 32 characters) Default Configuration This command has no default configuration.
www.dell.com | support.dell.com Syntax show management access-class Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the management access-list information.
PHY Diagnostics Commands test copper-port tdr The test copper-port tdr Privileged EXEC mode command diagnoses with TDR (Time Domain Reflectometry) technology the quality and characteristics of a copper cable attached to a port. Syntax test copper-port tdr interface • interface—A valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • The port under test should be conducted when the fiber link is down.
www.dell.com | support.dell.com Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the last TDR (Time Domain Reflectometry) tests on all ports.
Example The following example displays the estimated copper cable length attached to all ports. Console# show copper-ports cable-length Port Length [meters] ---- --------------------- g1 < 50 g2 Giga link not active g3 110-140 show fiber-ports optical-transceiver The show fiber-ports optical-transceiver Privileged EXEC mode command displays the optical transceiver diagnostics. Syntax show fiber-ports optical-transceiver [interface] [detailed] • interface—A valid Ethernet port.
www.dell.com | support.dell.com Examples The following example displays the optical transceiver diagnostics. console# show fiber-ports optical-transceiver Port Temp Voltage Current Power Output Power Input Power LOS ---- ----- ------- ------ ------ ------ --- g3 Copper g21 W OK E OK OK OK g22 OK OK OK OK OK OK Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage. Current – Measured TX bias current.
The following example displays detailed optical transceiver diagnostics. console# show fiber-ports optical-transceiver detailed Port Temp [C] Voltage [Volt] Current [mA] Output Power [mWatt ] Input Power [mWatt] LOS ---- ----- ------- ------ ------ ------ --- g23 70 7.27 0.79 3.30 2.50 No g21 70 7.24 0.78 2.20 2.49 No Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage. Current – Measured TX bias current.
PHY Diagnostics Commands www.dell.com | support.dell.
Port Channel Commands interface port-channel The interface port-channel Global Configuration mode command enters the interface configuration mode of a specific port-channel. Syntax interface port-channel port-channel-number • port-channel-number—A valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines • Eight aggregated links can be defined with up to 8 member ports per port channel.
www.dell.com | support.dell.com Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines • Commands under the interface range context are executed independently on each interface in the range: If the command returns an error on one of the interfaces, it will not stop the execution of the command on other interfaces. Example The following example shows how port-channels 1, 2 and 8 are grouped to receive the same command.
Example The following example shows how port g5 is configured to port-channel number 1 without LACP. Console (config)# interface ethernet g5 Console (config-if)# channel-group 1 mode on port channel load balance Use the port-channel load-balance global configuration command to configure the load balancing policy of the port channeling. Use the no form of this command to reset to default.
www.dell.com | support.dell.com • port_channel_number — Number of the Port channel to display. (Range: Valid port channel) Default Configuration This command has no default configuration. Command Modes EXEC User Guidelines • There are no user guidelines for this command. Example The following example shows how all port channel information is displayed. Console# show interfaces port-channel Load balancing: Layer2 and Layer 3.
Port Monitor Commands port monitor The port monitor Interface Configuration mode command starts a port monitoring session. To stop a port monitoring session, use the no form of this command. Syntax port monitor src-interface [rx | tx] no port monitor src-interface • src-interface—Valid Ethernet port or port-channel number. • rx—Monitors received packets only. If no option specified, monitors both rx and tx. • tx—Monitors transmitted packets only. If no option specified, monitors both rx and tx.
www.dell.com | support.dell.com General Restrictions: • Ports cannot be configured as a group using the interface range ethernet command. NOTE: The Port Mirroring target must be a member of the Ingress VLAN of all Mirroring source ports. Therefore, multicast and broadcast frames in these VLANs are seen more than once. (Actually N, where N is the number of mirroring source ports).
Console# show ports monitor Source Port Destination Port Type Status ---------- ---------------- ------------ ------- g1 g8 RX, TX Active g2 g8 RX, TX Active g18 g8 Rx Active Port Monitor Commands 207
Port Monitor Commands www.dell.com | support.dell.
QoS Commands qos The qos Global Configuration mode command enables quality of service (QoS) on the device and enters QoS basic mode. Use the no form of this command to disable the QoS features on the device. Syntax qos no qos Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example shows how QoS is enabled on the device, in basic mode.
www.dell.com | support.dell.com User Guidelines • There are no user guidelines for this command. Example The following example displays a QoS mode. Console# show qos Trust: dscp Console# show qos Qos: disabled Trust: dscp wrr-queue cos-map The wrr-queue cos-map Global Configuration mode command maps assigned CoS values to select one of the egress queues. To return to the default values, use the no form of this command. Syntax wrr-queue cos-map queue-id cos1...
User Guidelines • You can use this command to distribute traffic into different queues, where each queue is configured with different weighted round robin (WRR) parameters. • To enable the expedite queues, use the priority-queue out Interface Configuration mode command wrr-queue cos-map. Example The following example maps CoS 3 to queue 4.
www.dell.com | support.dell.com Example The following example assigns WRR weights to egress queues.
Example The following example sets queue 4, 3 to be expedite queues. Console (config)# priority-queue out num-of-queues 2 show qos interface The show qos interface User EXEC mode command displays interface QoS data. Syntax show qos interface [ethernet interface-number | queuing] • ethernet interface-number—Ethernet port number. • queuing—Displays the queue strategy (WRR or EF), the weight for WRR queues, the CoS to queue map and the EF priority.
www.dell.com | support.dell.com Console# show qos interface ethernet g1 queuing Ethernet g1 wrr bandwidth weights and EF priority: qid weights Ef Priority 1 125 dis N/A 2 125 dis N/A 3 125 dis N/A 4 125 dis N/A Cos-queue map: cos qid 0 2 1 1 2 1 3 2 4 3 5 3 6 4 7 4 qos map dscp-queue The qos map dscp-queue Global Configuration mode command modifies the DSCP to queue map. To return to the default map, use the no form of this command.
Default Configuration The following table describes the default map. DSCP value 0-15 16-31 32-47 48-63 Queue-ID 1 2 3 4 Command Mode Global Configuration mode User Guidelines • Queue settings for 3, 11, 19, ... cannot be modified. Example The following example maps DSCP values 33, 40 and 41 to queue 1. Console (config)# qos map dscp-queue 33 40 41 to 1 qos trust (Global) The qos trust Global Configuration mode command can be used to configure the system to "trust" state.
www.dell.com | support.dell.com • Use this command to specify whether the port is trusted and which fields of the packet to use to classify traffic. • To return to the untrusted state, use the no qos command to apply best effort service. Example The following example configures the system to DSCP trust state. Console (config)# qos trust dscp qos trust (Interface) The qos trust Interface Configuration mode command enables each port trust state.
• default-cos—Specifies the default CoS value being assigned to the port. If the port is trusted and the packet is untagged then the default CoS value becomes the CoS value. (Range: 0 - 7) Default Configuration Port CoS is 0. Command Mode Interface Configuration (Ethernet, port-channel) command User Guidelines • You can use the default value to assign a CoS value to all untagged packets entering the port. Example The following example configures port g5 default CoS value to 3.
www.dell.com | support.dell.com Example The following example displays the DSCP port-queue map. console# show qos map Dscp-queue map: d1 : d2 0 1 2 3 4 5 6 7 8 9 --------------------------------------0 : 01 01 01 01 01 01 01 01 01 01 1 : 01 01 01 01 01 01 02 02 02 02 2 : 02 02 02 02 02 02 02 02 02 02 3 : 02 02 03 03 03 03 03 03 03 03 4 : 03 03 03 03 03 03 03 03 04 04 5 : 04 04 04 04 04 04 04 04 04 04 6 : 04 04 04 04 The following table describes the fields used above.
Radius Commands radius-server host The radius-server host Global Configuration mode command specifies a RADIUS server host. To delete the specified RADIUS host, use the no form of this command. Syntax radius-server host {ip-address | hostname} [auth-port auth-port-number] [timeout timeout] [retransmit retransmit] [deadtime deadtime] [key key] [source source] [priority priority] [usage type] no radius-server host ip-address • ip-address—IP address of the RADIUS server host.
www.dell.com | support.dell.com Command Mode Global Configuration mode User Guidelines • To specify multiple hosts, multiple radius-server host commands can be used. • If no host-specific timeout, retransmit, deadtime or key values are specified, the global values apply to each host. • The address type of the source parameter must be the same as the ip-address parameter. Example The following example specifies a RADIUS server host with the following characteristics: • Server host IP address—192.
Example The following example sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon to "dell-server". Console (config)# radius-server key dell-server radius-server retransmit The radius-server retransmit Global Configuration mode command specifies the number of times the software searches the list of RADIUS server hosts. To reset the default configuration, use the no form of this command.
www.dell.com | support.dell.com Default Configuration The default IP address is the outgoing IP interface. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example configures the source IP address used for communication with RADIUS servers to 10.1.1.1. Console (config)# radius-server source-ip 10.1.1.
radius-server deadtime The radius-server deadtime Global Configuration mode command improves RADIUS response times when servers are unavailable. The command is used to cause the unavailable servers to be skipped. To reset the default value, use the no form of this command. Syntax radius-server deadtime deadtime no radius-server deadtime • deadtime—Length of time in minutes, for which a RADIUS server is skipped over by transaction requests.
www.dell.com | support.dell.com Examples The following example displays the RADIUS server settings. Console# show radius-servers IP address Port --------- Time Auth Out ---- Dead time Source IP Priority Usage ----- ---------- ------ ----- ------- ----- 172.16.1.1 1645 Global Global Global Global 1 All 172.16.1.2 1645 11 8 Global Global 2 All Global values -------------TimeOut: 3 Retransmit: 3 Deadtime: 0 Source IP: 172.16.8.
RMON Commands show rmon statistics The show rmon statistics User EXEC mode command displays RMON Ethernet Statistics. Syntax show rmon statistics {ethernet interface number | port-channel port-channel-number} • interface—Valid Ethernet port. • port-channel-number—Valid port-channel trunk index. Default Configuration This command has no default configuration.
www.dell.com | support.dell.com The following table describes the significant fields shown in the display: 226 Field Description Dropped The total number of events in which packets are dropped by the probe due to lack of resources. This number is not always the number of packets dropped; it is the number of times this condition has been detected. Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets).
256 to 511 Octets The total number of packets (including bad packets) received that are between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets). 512 to 1023 Octets The total number of packets (including bad packets) received that are between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets).
www.dell.com | support.dell.com Example The following example enables a Remote Monitoring (RMON) MIB history statistics group on port g8 with the index number "1" and a polling interval period of 2400 seconds. Console (config)# interface ethernet g8 Console (config-if)# rmon collection history 1 interval 2400 show rmon collection history The show rmon collection history User EXEC mode command displays the requested history group configuration.
The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the entry. Interface The sampled Ethernet interface Interval The interval in seconds between samples. Requested Samples The requested number of samples to be saved. Granted Samples The granted number of samples to be saved. Owner The entity that configured this entry.
www.dell.com | support.dell.com Examples The following example displays RMON Ethernet Statistics history for "throughput" on index number 5. Console# show rmon history 5 throughput Sample Set: 1 Owner: CLI Interface: g1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 500 Time Octets Broadcast Multicast % ------------------ --------- ------- Packets ---------- --------- ----- Jan 18 2002 21:57:00 303595962 357568 3289 7287 19.
Console# show rmon history 5 other Sample Set: 1 Owner: CLI Interface: g1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 500 Time Dropped Collisions ------------------ -------- --------Jan 18 2002 21:57:00 3 0 Jan 18 2002 21:57:30 3 0 The following table describes the significant fields shown in the display: Field Description Time Date and Time the entry is recorded.
www.dell.com | support.dell.com Oversize The number of packets received during this sampling interval that were longer than 1518 octets (excluding framing bits but including FCS octets) but were otherwise well formed.
• type type—The sampling method for the selected variable and calculating the value to be compared against the thresholds. If the method is absolute, the value of the selected variable is compared directly with the thresholds at the end of the sampling interval. If the method is delta, the selected variable value at the last sample is subtracted from the current value, and the difference compared with the thresholds. • startup direction—The alarm that may be sent when this entry is first set to valid.
www.dell.com | support.dell.com Syntax show rmon alarm-table Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the alarms summary table. Console# show rmon alarm-table Index OID Owner ----- ------------------- -------------- 1 1.3.6.1.2.1.2.2.1.10.1 CLI 2 1.3.6.1.2.1.2.2.1.10.1 Manager 3 1.3.6.1.2.1.2.2.1.10.
Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays RMON 1 alarms. Console# show rmon alarm 1 Alarm 1 ------OID: 1.3.6.1.2.1.2.2.1.10.
www.dell.com | support.dell.com Interval The interval in seconds over which the data is sampled and compared with the rising and falling thresholds. Sample Type The method of sampling the variable and calculating the value compared against the thresholds. If the value is absolute, the value of the variable is compared directly with the thresholds at the end of the sampling interval.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example configures an event with the trap index of 10. Console (config)# rmon event 10 log show rmon events The show rmon events User EXEC mode command displays the RMON event table. Syntax show rmon events Default Configuration This command has no default configuration.
www.dell.com | support.dell.com Console# show rmon events Index Description Type Community Owner ----- ----------- -------- --------- ------- -------------------- 1 Errors Log 2 High Broadcast Log-Trap CLI device Last time sent Jan 18 2002 23:58:17 Manager Jan 18 2002 23:59:48 The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the event. Description A comment describing this event.
User Guidelines • There are no user guidelines for this command. Example The following example displays the RMON logging table.
www.dell.com | support.dell.com rmon table-size The rmon table-size Global Configuration mode command configures the maximum RMON tables sizes. To return to the default configuration, use the no form of this command. Syntax rmon table-size {history entries | log entries} no rmon table-size {history | log} • history entries—Maximum number of history table entries. (Range: 20 - 32767) • log entries—Maximum number of log table entries. (Range: 20 - 32767) Default Configuration History table size is 270.
SNMP Commands snmp-server community Use the snmp-server community command to set up the community access string to permit access to the Simple Network Management Protocol command. Use the no form of this command removes the specified community string.
www.dell.com | support.dell.com • 2 Map the internal security-name for SNMPv1 and SNMPv2 security models to an internal group-name. 3 Map the internal group-name for SNMPv1 and SNMPv2 security models to view-name (read-view and notify-view always, and for rw for write-view also) You can use the group-name to restrict the access rights of a community string. By specifying the group-name parameter the software: 1 Generates an internal security-name.
User Guidelines • You can enter this command multiple times for the same view record. • The number of views is limited to 64. • "Default" and "DefaultSuper" views exist. Those views are used by the software internally and can't be deleted or modified.
www.dell.com | support.dell.com User Guidelines • You can enter this command multiple times for the same filter record. Later lines take precedence when an object identifier is included in two or more lines. .
Syntax snmp-server location text no snmp-server location • text—Character string, up to 160 characters, describing the system location. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines • Do not include spaces in the text string. Example The following example sets the device location as "New_York".
www.dell.com | support.dell.com snmp-server trap authentication The snmp-server trap authentication Global Configuration mode command enables the switch to send Simple Network Management Protocol traps when authentication fails. To disable SNMP authentication failed traps, use the no form of this command. Syntax snmp-server trap authentication no snmp-server trap authentication Default Configuration This command has no default configuration.
• 1— SNMPv1 traps will be used. • 2— SNMPv2 traps will be used (Default). • udp-port port — UDP port of the host to use. The default is 162. (Range: 1 - 65535) • filter filtername — A string that is the name of the filter that define the filter for this host. If unspecified, does not filter anything. (Range : Up to 30 characters). • timeout seconds — Number of seconds to wait for an acknowledgment before resending informs. The default is 15 seconds.
www.dell.com | support.dell.com Command Mode Global Configuration mode User Guidelines • Although the CLI can set any required configuration, there might be a situation where a SNMP user sets a MIB variable that does not have an equivalent command. In order to generate configuration files that support those situations, the snmp-server set command is used. • This command is context sensitive. Examples The following example sets the scalar MIB "sysName" to have the value "dell".
• priv —Specifies authentication of a packet with encryption. Applicable only to SNMP Version 3 security model. • context name — Specifies context of packet. • read readview — A string that is the name of the view that enables you only to view the contents of the agent. If unspecified, all the objects except of the community-table and SNMPv3 user and access tables are available.
www.dell.com | support.dell.com • groupname — The name of the group to which the user belongs.(Range: Up to 30 characters) • remote engineid-string — Specifies the engine ID of remote SNMP entity to which the user belongs. The engine ID is concatenated hexadecimal string. Each byte in hexadecimal character strings is two hexadecimal digits. Each byte can be separated by a period or colon.(Range: 5 - 32 characters) • auth-md5 —The HMAC-MD5-96 authentication level. The user should enter password.
Example The following example configures a new SNMP Version 3 user. Console (config)# snmp-server user snmp-server v3-host The snmp-server v3-host Global Configuration mode command specifies the recipient of Simple Network Management Protocol Version 3 notifications. To remove the specified host, use the no form of this command.
www.dell.com | support.dell.com Command Mode Global Configuration mode User Guidelines • A user and notification view are not automatically created. Use the snmp-server user, snmpserver group and snmp-server view Global Configuration mode commands to generate a user, group and notify group, respectively. Example The following example configures an SNMPv3 host. Console(config)# snmp-server v3-host 192.168.0.
If the SNMPv3 engine ID is deleted or the configuration file is erased, SNMPv3 cannot be used. By default, SNMPv1/v2 are enabled on the device. SNMPv3 is enabled only by defining the Local Engine ID. If you want to specify your own ID, you do not have to specify the entire 32-character engine ID if it contains trailing zeros. Specify only the portion of the engine ID up to the point where just zeros remain in the value.
www.dell.com | support.dell.com User Guidelines • There are no user guidelines for this command. Example The following example displays the SNMP engine ID. Console# show snmp engineID Local SNMP engineID: 08009009020C0B099C075878 show snmp The show snmp Privileged EXEC mode command displays the SNMP status. Syntax show snmp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command.
. Traps are enabled. Authentication trap is enabled. Version 1,2 notifications Target Address Type Communit Version y UDP Port Filter name TO sec Filter name TO sec Retrie s Version 3 notifications Target Address Type Username Security Level UDP Port Retrie s System Contact: System Location: console# show snmp views To display the configuration of views use the show snmp views Privileged EXEC command Syntax show snmp views [viewname] • viewname— The name of the view.
www.dell.com | support.dell.com Console # show snmp views Name OID Tree Type user-view 1.3.6.1.2.1.1 Included user-view 1.3.6.1.2.1.1.7 Excluded user-view 1.3.6.1.2.1.2.2.1.*.1 Included show snmp groups To display the configuration of groups use the show snmp groups Privileged EXEC command. Syntax show snmp groups [groupname] • groupnam — The name of the group. Default Configuration There is no default configuration for this command.
Console # show snmp groups Name Security Views Model Level Context Read Write user-group V3 priv - Default managers-group V3 priv - Default managers-group V3 priv - Default Notify Default - Console # show snmp groups user-group Name: user-group Security Model: V3 Security Level: priv Security Context: Read View: Default Write View: "" Notify View: "" show snmp filters To display the configuration of filters use the show snmp filters Privileged EXEC command.
www.dell.com | support.dell.com Command Modes Privileged EXEC User Guidelines • There are no user guidelines for this command Example The following example displays the configuration of filters use the show snmp filters Privileged EXEC command. Console # show snmp filters Name OID Tree Type user-filter 1.3.6.1.2.1.1 Included user-filter 1.3.6.1.2.1.1.7 Excluded user-filter 1.3.6.1.2.1.2.2.1.*.
Console # show snmp users Name group name Auto Method John 1.3.6.1.2.1.1 md5 John 1.3.6.1.2.1.1.
SNMP Commands www.dell.com | support.dell.
Spanning-Tree Commands spanning-tree The spanning-tree Global Configuration mode command enables spanning-tree functionality. To disable spanning-tree functionality, use the no form of this command. Syntax spanning-tree no spanning-tree Default Configuration Spanning-tree is enabled. Command Modes Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example enables spanning-tree functionality.
www.dell.com | support.dell.com Command Modes Global Configuration mode User Guidelines • In RSTP mode, the switch would use STP when the neighbor switch is using STP. • In MSTP mode the switch would use RSTP when the neighbor switch is using RSTP, and would use STP when the neighbor switch is using STP Example The following example configures the spanning-tree protocol to RSTP.
spanning-tree hello-time The spanning-tree hello-time Global Configuration mode command configures the spanning-tree bridge hello time, which is how often the switch broadcasts hello messages to other switches.To reset the default hello time, use the no form of this command.
www.dell.com | support.dell.com Syntax spanning-tree hello-time seconds no spanning-tree hello-time • seconds—Time in seconds. (Range: 1 - 10) Default Configuration The default hello time for IEEE Spanning-Tree Protocol (STP) is 2 seconds. Command Modes Global Configuration mode User Guidelines • When configuring the Hello-Time the following relationship should be kept: – Max-Age >= 2*(Hello-Time + 1) Example The following example configures spanning-tree bridge hello time to 5 seconds.
Example The following example configures the spanning-tree bridge maximum-age to 10 seconds. Console(config)# spanning-tree max-age 10 spanning-tree priority The spanning-tree priority Global Configuration mode command configures the spanning-tree priority. The priority value is used to determine which bridge is elected as the root bridge. To reset the default spanning-tree priority use the no form of this command.
www.dell.com | support.dell.com Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines • When STP is disabled, the device will not forward STP BPDU's based on the Forward BPDU's setting. Example The following example disables spanning-tree on g5. Console (config)# interface ethernet g5 Console (config-if)# spanning-tree disable spanning-tree cost The spanning-tree cost Interface Configuration mode command configures the spanning-tree path cost for a port.
spanning-tree port-priority The spanning-tree port-priority Interface Configuration mode command configures port priority. To reset the default port priority, use the no form of this command. Syntax spanning-tree port-priority priority no spanning-tree port-priority • priority—The port priority. (Range: 0 - 240 in multiples of 16) Default Configuration The default port-priority for IEEE STP is 128.
www.dell.com | support.dell.com User Guidelines • This feature should be used only with interfaces connected to end stations. Otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network operations. Example The following example enables PortFast on g5. Console(config)# interface ethernet g5 Console(config-if)# spanning-tree portfast spanning-tree link-type The spanning-tree link-type Interface Configuration mode command overrides the default linktype setting.
spanning-tree mst priority The spanning-tree mst priority Global Configuration mode command configures the device priority for the specified spanning-tree instance. To return to the default configuration, use the no form of this command. Syntax spanning-tree mst instance-id priority priority no spanning-tree mst instance-id priority • instance - id — Displays the ID of the spanning -tree instance (Range: 1-15).
www.dell.com | support.dell.com Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example configures the maximum number of hops that a packet travels in an MST region before it is discarded to 10. Console (config) # spanning-tree mst max-hops 10 spanning-tree mst port-priority The spanning-tree mst port-priority Interface Configuration mode command configures port priority for the specified MST instance.
spanning-tree mst cost The spanning-tree mst cost Interface Configuration mode command configures the path cost for multiple spanning tree (MST) calculations. If a loop occurs, the spanning tree considers path cost when selecting an interface to put in the forwarding state. To return to the default configuration, use the no form of this command. Syntax spanning-tree mst instance-id cost cost no spanning-tree mst instance-id cost • instance-ID — ID of the spanning -tree instance (Range: 1-15).
www.dell.com | support.dell.com Syntax spanning-tree mst configuration Default Setting This command has no default configuration. Command Mode Global Configuration mode User Guidelines • All devices in an MST region must have the same VLAN mapping, configuration revision number, and name. Example The following example configures an MST region.
For two or more devices to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number, and the same name. Example The following example maps VLANs 10-20 to MST instance 1. Console(config)# spanning-tree mst configuration Console(config-mst)# instance 1 add vlan 10-20 name (mst) The name MST Configuration mode command defines the configuration name. To return to the default setting, use the no form of this command.
www.dell.com | support.dell.com Default Setting The default configuration revision number is 0. Command Mode MST Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example sets the configuration revision to 1. Console(config) # spanning-tree mst configuration Console(config-mst) # revision 1 show (mst) The show MST Configuration mode command displays the current or pending MST region configuration.
Name: Region1 Revision: 1 Instance Vlans Mapped State -------- ------------ ------- 0 1-9,21-4094 Enabled 1 10-20 Enabled exit (mst) The exit MST Configuration mode command exits the MST configuration mode and applies all configuration changes. Syntax exit Default Setting This command has no default configuration. Command Mode MST Configuration mode User Guidelines • There are no user guidelines for this command.
www.dell.com | support.dell.com Command Mode MST Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example exits the MST configuration mode without saving changes. Console(config) # spanning-tree mst configuration Console(config-mst) # abort spanning-tree pathcost method The spanning-tree pathcost method Global Configuration mode command sets the default path cost method. To revert to the default setting, use the no form of this command.
Syntax spanning-tree bpdu {filtering | flooding} • filtering—Filter BPDU packets when spanning-tree is disabled on an interface. • flooding—Flood BPDU packets when spanning-tree is disabled on an interface. Default Configuration The default definition is flooding. Command Modes Global Configuration mode User Guidelines • The command is relevant when spanning-tree is disabled globally or on a single interface.
www.dell.com | support.dell.com Example The following example restarts the protocol migration process (forces the renegotiation with neighboring switches) on g1. Console# clear spanning-tree detected-protocols ethernet g1 show spanning-tree The show spanning-tree Privileged EXEC mode command displays spanning-tree configuration.
Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 2000 Root Port 1(1/1) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.Nbr Cost Sts Role PortFast Type ---- ------- --------- ----- ----- ------ ------- ---- 1 Enabled 128.
www.dell.com | support.dell.com console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority Address 36864 00:02:4b:29: 7a:00 This switch is the Root. Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name 1 State Enabled Prio.Nbr Cost 128.1 Sts FWD Role Desg PortFast No 20000 2 Enabled 128.2 20000 Type P2p (RST P) FWD Desg No Shar ed (STP ) 3 Disabled 128.3 20000 4 Enabled 128.4 FWD 20000 5 Enabled 128.
Path Cost Root Port Bridge ID N/A N/A Hello Time N/A Max Age N/A N/A Forward Delay Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Delay 15 sec Forward Interface s Name State Prio.Nbr 1/1 Enabled 1/2 Enabled 128.2 20000 1/3 Disabled 128.3 20000 1/4 Enabled 128.4 128.1 Cost Sts Role PortFast Type 20000 20000 1/5 Enabled 128.
www.dell.com | support.dell.com Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Delay 15 sec Forward Interfaces Name State 1/1 Enabled Prio.Nbr 128.1 Cost Sts 20000 FWD Role Root PortFast Type No P2p (RST P) 1/2 Enabled 128.2 20000 FWD Desg No Shar ed (STP ) 1/4 Enabled 128.
Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State 1/4 Prio.Nbr Enabled Cost Sts Role PortFast 19 BLK Altn No 128.
www.dell.com | support.dell.com Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto) RSTP Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:01:42:97:e0:00 Designated port id: 128.25 Designated path cost: 0 Guard root: Disabled BPDU guard: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 2 (1/2) enabled State: Forwarding Role: Designated Port id: 128.
Port 4 (1/4) enabled State: Blocking Role: Alternate Port Identifier: 128.4 Port cost: 20000 Type: Shared (configured: auto) STP Port Fast: No (configured:no) Designated bridge Priority: 28672 Address: 00:30:94:41:62:c8 Designated port id: 128.25 Designated path cost: 20000 Guard root:Disabled BPDU guard: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 5 (1/5) enabled State: Disabled Role: N/A Port id: 128.
www.dell.com | support.dell.com Designated port id: 128.
Hello Time 2 sec This switch is the IST master. Max Age 20 sec sec Max hops 20 Forward Delay 15 Interfaces Nam e Cost State 1 Sts 128.1 Enabled 2 FWD 20000 128.2 Enabled 3 Type No P2p Bound (RSTP) No Shared Bound (STP) Root FWD 128.3 Desg FWD 20000 128.4 Enabled PortFast 20000 Enabled 4 Role Prio.
www.dell.com | support.dell.com Number of topology changes 2 last change occurred 1d9h ago Times: hold 1, topology change 2, notification 2 hello 2, max age 20, forward delay 15 Port 1 (1/1) enabled State: Forwarding Role: Boundary Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto) Boundary RSTP Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.
Guard root: Disabled BPDU guard: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 4 (1/4) enabled State: Forwarding Role: Designated Port id: 128.4 Port cost: 20000 Type: Shared (configured: auto) Internal Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.
www.dell.com | support.dell.
Default Configuration Disabled. Command Modes Global configuration User Guidelines • This command can be enabled when all the ports are Access ports. • This command is relevant in MSTP mode only. • When this feature is enabled incoming IEEE RSTP/STP packets would be mapped to the MSTP instance according to the port’s VLAN. Outgoing MSTP packets would be mapped to IEEE RSTP/STP packets according to the port’s VLAN.
www.dell.com | support.dell.com Example The following example enable root guard on port g8.
SSH Commands ip ssh port The ip ssh port Global Configuration mode command specifies the port to be used by the SSH server. To use the default port, use the no form of this command. Syntax ip ssh port port-number no ip ssh port • port-number—Port number for use by the SSH server (Range: 1 - 65535). Default Configuration The default value is 22. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command.
www.dell.com | support.dell.com User Guidelines • If encryption keys are not generated, the SSH server is in standby until the keys are generated. To generate SSH server keys, use the commands crypto key generate rsa, and crypto key generate dsa. Example The following example enables the device to be configured from a SSH server. Console (config)# ip ssh server crypto key generate dsa The ip ssh server Global Configuration mode command generates DSA key pairs.
Syntax crypto key generate rsa Default Configuration RSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines • RSA keys are generated in pairs: one public RSA key and one private RSA key. If the device already has RSA keys, a warning and prompt to replace the existing keys with new keys is displayed. • The maximum supported size for the RSA key is 2048 bits.
www.dell.com | support.dell.com Example The following example enables public key authentication for incoming SSH sessions. Console (config)# ip ssh pubkey-auth crypto key pubkey-chain ssh The crypto key pubkey-chain ssh Global Configuration mode command enters SSH Public Keychain configuration mode. The mode is used to manually specify other device public keys such as SSH client public keys. Syntax crypto key pubkey-chain ssh Default Configuration By default, there are no keys.
• dsa—DSA key. Default Configuration By default, there are no keys. Command Mode SSH Public Key Chain Configuration mode User Guidelines • Follow this command with the key-string command to specify the key. Example The following example enables a SSH public key to be manually configured for the SSH public key chain called "bob".
www.dell.com | support.dell.com Example The following example enters public key strings for SSH public key clients called "bob".
Example The following example displays the SSH server configuration. Console# show ip ssh SSH server enabled. Port: 22 RSA key was generated. DSA (DSS) key was generated. SSH Public Key Authentication is enabled. Active incoming sessions: IP address SSH username Version Cipher Auth Code ---------- ---------- --------- ------- ---------- 172.16.0.1 John Brown 2.
www.dell.com | support.dell.com User Guidelines • There are no user guidelines for this command. Example The following example displays the SSH public keys on the device.
Console# show crypto key pubkey-chain ssh Username Fingerprint -------- ----------------------------------------------bob 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 john 98:F7:6E:28:F2:79:87:C8:18:F8:88:CC:F8:89:87:C8 The following example displays the SSH public called "bob".
SSH Commands www.dell.com | support.dell.
Syslog Commands logging on The logging on Global Configuration mode command controls error messages logging. This command sends debug or error messages to a logging process, which logs messages to designated locations asynchronously to the process that generated the messages. To disable the logging process, use the no form of this command. Syntax logging on no logging on Default Configuration Logging is enabled.
www.dell.com | support.dell.com • port—Port number for syslog messages. If unspecified, the port number defaults to 514. (Range: 1 - 65535) • severity level—Limits the logging of messages to the syslog servers to a specified level: emergencies, alerts, critical, errors, warnings, notifications, informational and debugging. If unspecified, the default level is errors. • facility—The facility that is indicated in the message.
Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example limits messages logged to the console based on severity level "errors". Console (config)# logging console errors logging buffered The logging buffered Global Configuration mode command limits syslog messages displayed from an internal buffer based on severity. To cancel the buffer use, use the no form of this command.
www.dell.com | support.dell.com Syntax logging buffered size number no logging buffered size • number—Numeric value indicating the maximum number of messages stored in the history table. (Range: 20 - 400) Default Configuration The default number of messages is 200. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example changes the number of syslog messages stored in the internal buffer to 300.
logging file The logging file Global Configuration mode command limits syslog messages sent to the logging file based on severity. To cancel the buffer, use the no form of this command. Syntax logging file level no logging file • level—Limits the logging of messages to the buffer to a specified level: emergencies, alerts, critical, errors, warnings, notifications, informational and debugging. Default Configuration The default severity level is errors.
www.dell.com | support.dell.com Example The following example clears messages from the logging file. Console# clear logging file Clear Logging File [y/n]y show logging The show logging Privileged EXEC mode command displays the state of logging and the syslog messages stored in the internal buffer. Syntax show logging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • 308 There are no user guidelines for this command.
Example The following example displays the state of logging and the syslog messages stored in the internal buffer. Console# show logging Logging is enabled. Console Logging: Level debug. Console Messages: 5 Dropped. Buffer Logging: Level debug. Buffer Messages: 16 Logged, 16 Displayed, 200 Max. File Logging: Level error. File Messages: 0 Logged, 209 Dropped. SysLog server 31.1.1.2 Logging: error. Messages: 22 Dropped. SysLog server 5.2.2.2 Logging: info. Messages: 0 Dropped. SysLog server 10.2.2.
www.dell.com | support.dell.com User Guidelines • There are no user guidelines for this command. Example The following example displays the state of logging and the syslog messages stored in the logging file. Console # show logging file console# show logging file Logging is enabled. Console Logging: Level debug. Console Messages: 5 Dropped. Buffer Logging: Level debug. Buffer Messages: 21 Logged, 21 Displayed, 200 Max. File Logging: Level debug. File Messages: 4 Logged, 210 Dropped. SysLog server 31.1.
Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the syslog server settings. Console# show syslog-servers IP address Port Severity Facility Description ------------- ---- -------- -------- ----------- 192.180.2.275 14 Informational local 7 192.180.2.
Syslog Commands www.dell.com | support.dell.
System Management ping The ping User EXEC mode command sends ICMP echo request packets to another node on the network. Syntax ping ip-address | hostname [size packet_size] [count packet_count] [timeout time_out] • ip-address—IP address to ping. • hostname—hostname to ping. (Range: 1 - 158 characters) • packet_size—Number of bytes in a packet. The actual packet size is eight bytes larger than the size specified because the switch adds header information.
www.dell.com | support.dell.com Examples The following example displays a ping to IP address 10.1.1.1. Console> ping 10.1.1.1 Pinging 10.1.1.1 with 64 bytes of data: 64 bytes from 10.1.1.1: icmp_seq=0. time=11 ms 64 bytes from 10.1.1.1: icmp_seq=1. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=2. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=3. time=7 ms ----10.1.1.
• source ip-address—One of the interface addresses of the device to use as a source address for the probes. The device will normally pick what it feels is the best source address to use. (Range: Valid IP Address) • tos tos—The Type-Of-Service byte in the IP Header of the packet. (Range: 0-255) Default Configuration size packet_size—The default is 40 bytes. ttl max-ttl—The default is 30. count packet_count—The default count is 3. timeout time_out—The default is 6 seconds.
www.dell.com | support.dell.com Examples console> traceroute umaxp1.physics.lsa.umich.edu Type Esc to abort. Tracing the route to umaxp1.physics.lsa.umich.edu (141.211.101.64) 1 i2-gateway.stanford.edu (192.68.191.83) 0 msec 0 msec 0 msec 2 STAN.POS.calren2.NET (171.64.1.213) 0 msec 0 msec 0 msec 3 SUNV--STAN.POS.calren2.net (198.32.249.73) 1 msec 1 msec 1 msec 4 Abilene--QSV.POS.calren2.net (198.32.249.162) 1 msec 1 msec 1 msec 5 kscyng-snvang.abilene.ucaid.edu (198.32.8.
Field Description * The probe timed out. ? Unknown packet type. A Administratively unreachable. Usually, this output indicates that an access list is blocking traffic. H Host unreachable. N Network unreachable. P Protocol unreachable. Q Source quench. U Port unreachable. telnet The telnet User EXEC mode command is used to log in to a host that supports Telnet. Syntax telnet ip-address | hostname [port] [keyword1......] • ip-address—IP address of the destination host.
www.dell.com | support.dell.com Escape Sequence Purpose Ctrl-shift-6 b Break Ctrl-shift-6 c Interrupt Process (IP) Ctrl-shift-6 h Erase Character (EC) Ctrl-shift-6 o Abort Output (AO) Ctrl-shift-6 t Are You There? (AYT) Ctrl-shift-6 u Erase Line (EL) Ctrl-shift-6 x Suspends the Session At any time during an active Telnet session, the Telnet commands can be listed by pressing the Ctrl-shift-6 key, followed by a question mark at the system prompt: Ctrl-shift-6? A sample of this list follows.
/stream Turns on stream processing, which enables a raw TCP stream with no Telnet control sequences. A stream connection does not process Telnet options and can be appropriate for connections to ports running UNIX-toUNIX Copy Program (UUCP) and other non-Telnet protocols.
www.dell.com | support.dell.com pop3 Post Office Protocol v3 110 smtp Simple Mail Transport Protocol 25 sunrpc Sun Remote Procedure Call 111 syslog Syslog 514 tacacs TAC Access Control System 49 talk Talk 517 telnet Telnet 23 time Time 37 uucp Unix-to-Unix Copy Program 540 whois Nickname 43 www World Wide Web 80 Example Console> telnet 176.213.10.50 Esc U sends telnet EL resume The resume User EXEC mode command is used to switch to another open Telnet session.
reload The reload Privileged EXEC mode command reloads the operating system. Syntax reload Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • Caution should be exercised when resetting the device, to ensure that no other activity is being performed. In particular, the user should verify that no configuration files are being downloaded at the time of reset. Example The following example reloads the operating system.
www.dell.com | support.dell.com Example The following example specifies the device host name. Console (config)# hostname Dell show users The show users User EXEC mode command displays information about the active users. Syntax show users Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays information about the active users.
Default Configuration There is no default configuration for this command. Command Mode EXEC mode User Guidelines 1 Open telnet session from PC 5324 to other device. 2 In the other device syntax, press Cntrl-shift-t-X 3 Enter the command show session. The number of sessions opened from PC 5324 is displayed. 4 Enter the command resume [number of session] to return to the relevant telnet session.
www.dell.com | support.dell.com Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the system information.
Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays a system version (this version number is only for demonstration purposes). Router# show version SW version 3.131 HW version ( date 23-Jul-2002 time 17:34:19 ) 1.0.
www.dell.com | support.dell.com Default Configuration This command has no default configuration. No asset tag is defined by default. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example specifies the device asset tag as "1qwepot". Console (config)# asset-tag 1qwepot show system id The show system id User EXEC mode command displays the ID information.
TACACS Commands tacacs-server host The tacacs-server host Global Configuration mode command specifies a TACACS+ host. To delete the specified name or address, use the no form of this command. Syntax tacacs-server host {ip-address | hostname} [single-connection] [port port-number] [timeout timeout] [key key-string] [source source] [priority priority] no tacacs-server host {ip-address | hostname} • ip-address—Name or IP address of the host. • hostname—Hostname of the tacacs server.
www.dell.com | support.dell.com • If no host-specific timeout, key or source values are specified, the global values apply to each host. Example The following example specifies a TACACS+ host. Console (config)# tacacs-server host 172.16.1.1 tacacs-server key The tacacs-server key Global Configuration mode command sets the authentication encryption key used for all TACACS+ communications between the device and the TACACS+ daemon. To disable the key, use the no form of this command.
• timeout—Specifies the timeout value in seconds. (Range: 1 - 30) Default Configuration 5 seconds Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Examples The following example sets the timeout value as 30. Console (config)# tacacs-server timeout 30 tacacs-server source-ip The tacacs-server source-ip Global Configuration mode command specifies the source IP address that will be used for the communication with TACACS servers.
www.dell.com | support.dell.com show tacacs The show tacacs Privileged EXEC mode command displays configuration and statistics for a TACACS+ server. Syntax show tacacs [ip-address] • ip-address—Name or IP address of the host. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Examples The following example displays configuration and statistic for a TACACS+ server.
User Interface enable The enable User EXEC mode command enters the privileged EXEC mode. Syntax enable [privilege-level] • privilege-level—Privilege level to enter the system. (Range: 1 - 15) Default Configuration The default privilege level is 15. Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command.
www.dell.com | support.dell.com User Guidelines • There are no user guidelines for this command. Example The following example shows how to return to normal mode. Console# disable Console> login The login User EXEC mode command changes a login username. Syntax login Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example In the following example, because no keyword is entered, a prompt is displayed. After the keyword is selected, a message confirming the command entry method is displayed. Console# configure Console (config)# exit(configuration) The exit command exits any configuration mode to the next highest mode in the CLI mode hierarchy.
www.dell.com | support.dell.com exit(EXEC) The exit User EXEC mode command closes an active terminal session by logging off the device. Syntax exit Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example closes an active terminal session.
Example The following example ends the current configuration session and returns to the previous command mode. Console (config)# end Console # help The help command displays a brief description of the help system. Syntax help Default Configuration This command has no default configuration. Command Mode All Command modes User Guidelines • There are no user guidelines for this command. history The history Line Configuration mode command enables the command history function.
www.dell.com | support.dell.com Example The following example enables the command history function for telnet. Console (config)# line telnet Console (config-line)# history history size The history size Line Configuration mode command changes the command history buffer size for a particular line. To reset the command history buffer size to the default, use the no form of this command.
Command Mode Privilege EXEC command mode User Guidelines • There are no user guidelines for this command. Example The following example enables the debug command interface. console(config)# console# debug >debug Enter DEBUG Password: ***** DEBUG> show history The show history User EXEC mode command lists the commands entered in the current session. Syntax show history Default Configuration This command has no default configuration.
www.dell.com | support.dell.com Example The following example displays all the commands entered while in the current privileged EXEC mode. Console# show history show version show clock show history show privilege The show privilege User EXEC mode command displays the current privilege level. Syntax show privilege Default Configuration This command has no default configuration. Command Mode User EXEC command mode User Guidelines • There are no user guidelines for this command.
VLAN Commands vlan database The vlan database Global Configuration mode command enters the VLAN configuration mode. Syntax vlan database Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example enters the VLAN database mode. Console (config)# vlan database Console (config-vlan)# vlan Use the vlan VLAN Configuration mode command to create a VLAN.
www.dell.com | support.dell.com User Guidelines • There are no user guidelines for this command. Example The following example VLAN number 1972 is created. Console (config)# vlan database Console (config-vlan)# vlan 1972 default-vlan disable The default-vlan disable VLAN Configuration mode command disables the default VLAN functionality. Use the no form of this command to enable the default VLAN functionality.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example configures the VLAN 1 IP address of 131.108.1.27 and subnet mask 255.255.255.0. Console (config)# interface vlan 1 Console (config-if)# ip address 131.108.1.27 255.255.255.
www.dell.com | support.dell.com Example The following example groups VLAN 221 until 228 and VLAN 889 to receive the same command. Console (config)# interface range vlan 221-228,889 Console (config-if)# name The name Interface Configuration mode command adds a name to a VLAN. To remove the VLAN name use the no form of this command. Syntax name string no name • string—Unique name, up to 32 characters in length, to be associated with this VLAN. Default Configuration No name is defined.
Default Configuration VID=1 Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines • The command automatically removes the port from the previous VLAN, and adds it to the new VLAN. Example The following example configures a VLAN ID of 23 to the untagged layer 2 VLAN interface number g8.
www.dell.com | support.dell.com Example The following example shows how to add VLANs 2 and 5 to 8 to the allowed list of g8. Console (config)# interface ethernet g8 Console (config-if)# switchport trunk allowed vlan add 2,5-8 switchport trunk native vlan The switchport trunk native vlan Interface Configuration mode command defines the port as a member of the specified VLAN, and the VLAN ID as the "port default VLAN ID (PVID)". To configure the default VLAN ID, use the no form of this command.
Syntax switchport general allowed vlan add vlan-list [tagged | untagged] switchport general allowed vlan remove vlan-list • add vlan-list—List of VLAN IDs to add. Separate non consecutive VLAN IDs with a comma and no spaces. A hyphen designates a range of IDs. • remove vlan-list—List of VLAN IDs to remove. Separate non consecutive VLAN IDs with a comma and no spaces. A hyphen designates a range of IDs. • tagged—Sets the port to transmit tagged packets for the VLANs.
www.dell.com | support.dell.com Command Mode Interface configuration (Ethernet, port-channel) mode User Guidelines • This command has the following consequences: incoming untagged frames are assigned to this VLAN and outgoing traffic in this VLAN on this port is sent untagged (despite the normal situation where traffic sent from a trunk-mode port is all tagged). Example The following example shows how to configure the PVID for g8, when the interface is in general mode.
switchport general acceptable-frame-type tagged-only The switchport general acceptable-frame-type tagged-only Interface Configuration mode command discards untagged frames at ingress. To enable untagged frames at ingress, use the no form of this command. Syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress.
www.dell.com | support.dell.com Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines • There are no user guidelines for this command. Example The following example forbids adding VLANs number 234 till 256, to g8. Console (config)# interface ethernet g8 Console (config-if)# switchport forbidden vlan add 234-256 map protocol protocols-group The map protocol protocols-group VLAN Configuration mode command maps a protocol to a protocol group.
switchport general map protocols-group vlan The switchport general map protocols-group vlan Interface Configuration mode command sets a protocol-based classification rule. To delete a classification, use the no form of this command. Syntax switchport general map protocols-group group vlan vlan-id no switchport general map protocols-group group • group—Group number as defined in the map protocol protocols-group command. (Range: 1 - 2147483647) • vlan-id—Define the VLAN ID in the classifying rule.
www.dell.com | support.dell.com Command Mode Interface configuration (Ethernet, port-channel) User Guidelines • An internal usage VLAN is required when an IP interface is defined on Ethernet port or Portchannel. • Using this command the user can define the internal usage VLAN of a port. • If an internal-usage is not defined for a Port, and the user wants to define an IP interface, the software chooses one of the unused VLANs.
Console# show vlan Vlan Name Ports Type Authorization 1 default g1-2 other Required g1-4 10 VLAN0010 g3-4 dynamic Required 11 VLAN0011 g1-2 static Required 20 VLAN0020 g3-4 static Required 21 VLAN0021 static Required 30 VLAN0030 static Required 31 VLAN0031 static Not Required show vlan internal usage The show vlan internal usage Privileged EXEC mode command displays a list of VLANs being used internally by the switch.
www.dell.com | support.dell.com Example The following example displays all VLAN information. Console# show vlan internal usage VLAN Usage Reserved IP Address ---- --------- ---------- ---------- 1007 g21 No Active 1008 g22 Yes Inactive 1009 g23 Yes Active show vlan protocols-groups The show vlan protocols-groups Privileged EXEC mode command displays protocols-groups information. Syntax show vlan protocols-groups Default Configuration This command has no default configuration.
Console# show vlan protocols-groups Encapsulation Protocol Group Id ------------- -------- -------- ethernet 08 00 213 ethernet 08 06 213 ethernet 81 37 312 ethernet 81 38 312 rfc1042 08 00 213 rfc1042 08 06 213 show interfaces switchport The show interfaces switchport Privileged EXEC mode command displays switchport configuration. Syntax show interfaces switchport {ethernet interface | port-channel port-channel-number} • Interface—Specific interface, such as ethernet g8.
www.dell.com | support.dell.
no switchport mode • customer — The port is connected to customer equipment. Used when the switch is in a provider network. • access — Untagged layer 2 VLAN interface • trunk — Trunking layer 2 VLAN interface • general — Full 802.1q support VLAN interface Default Configuration All ports are in access mode, and belong to the default VLAN (whose VID=1).
www.dell.com | support.dell.com User Guidelines • There are no user guidelines for this command. Example The following example sets the port's VLAN when the interface is in customer mode.
Web Server ip http server The ip http server Global Configuration mode command enables the device to be configured from a browser. To disable this function use the no form of this command. Syntax ip http server no ip http server Default Configuration HTTP server is disabled by default. Command Mode Global Configuration mode User Guidelines • Only a user with access level 15 can use the web server. Example The following example enables the device to be configured from a browser.
www.dell.com | support.dell.com User Guidelines • There are no user guidelines for this command. However, specifying 0 as the port number will effectively disable HTTP access to the device. Example The following example shows how the http port number is configured to 100. Console (config)# ip http port 100 ip https server The ip https server Global Configuration mode command enables the device to be configured from a secured browser. To disable this function, use the no form of this command.
Default Configuration This default port number is 443. Command Mode Global Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example configures the https port number to 100. Console (enable)# ip https port 100 crypto certificate generate The crypto certificate generate Global Configuration mode command generates a HTTPS certificate.
www.dell.com | support.dell.com Default Configuration The Certificate and the SSL RSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines • The command is not saved in the device configuration; however, the certificate and keys generated by this command are saved in the private configuration, which is never displayed to the user or backed up to another device. • Use this command to generate self-signed certificate for your device.
Command Mode Privileged EXEC mode User Guidelines • Use this command to export a certificate request to a Certification Authority. The certificate request is generated in Base64-encoded X.509 format. • Before generating a certificate request you must first generate a self-signed certificate using the crypto certificate generate Global Configuration mode command.
www.dell.com | support.dell.com crypto certificate import The crypto certificate import Global Configuration mode command imports a certificate signed by Certification Authority for HTTPS. Syntax crypto certificate number import • number—Specifies the certificate number. (Range: 1 - 2) Default Configuration There is no default configuration for this command.
Examples The following example imports a certificate signed by Certification Authority for HTTPS.
www.dell.com | support.dell.com Command Mode Global configuration mode User Guidelines • The crypto certificate generate command should be used in order to generate HTTPS certificates. Example The following example configures the active certificate for HTTPS. Console (config)# ip https certificate 1 crypto certificate export pkcs12 The crypto certificate export pkcs12 Privileged EXEC mode command, exports the certificate and the RSA keys within a PKCS12 file.
Example The following example exports the certificate and RSA keys.
www.dell.com | support.dell.com crypto certificate import pkcs12 The crypto certificate import pkcs12 Privileged EXEC mode command, imports the certificate and the RSA keys within a PKCS12 file. Syntax crypto certificate number import pkcs12 passphrase • number—Specifies the certificate number. (Range: 1 - 2) • passphrase—Passphrase that is used to encrypt the PKCS12 file for export. (Range: 8 - 96) Default Configuration There is no default configuration for this command.
Console# crypto certificate 1 import pkcs12 passphrase Bag Attributes localKeyID: 0C 75 81 77 5A 31 53 D1 FF 4E 26 BE 8D 4A FD 8B 22 9F 45 D4 subject=/C=us/ST= /L= /CN= /O= /OU= issuer= /C=us/ST= /L= /CN= /O= /OU= -----BEGIN CERTIFICATE----MIIBfDCCASYCAQAwDQYJKoZIhvcNAQEEBQAwSTELMAkGA1UEBhMCdXMxCjAIBgNV BAgTASAxCjAIBgNVBAcTASAxCjAIBgNVBAMTASAxCjAIBgNVBAoTASAxCjAIBgNV BAsTASAwHhcNMDQwMjA3MTU1NDQ4WhcNMDUwMjA2MTU1NDQ4WjBJMQswCQYDVQQG EwJ1czEKMAgGA1UECBMBIDEKMAgGA1UEBxMBIDEKMAgGA1UEAxMBIDEKMAgGA1UE ChMBIDEKMAgG
www.dell.com | support.dell.com show crypto certificate mycertificate The show crypto certificate mycertificate Privileged EXEC mode command allows you to view the SSL certificates of your device. Syntax show crypto certificate mycertificate [number] • number—Specifies the certificate number. (Range: 1- 2) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command.
show ip http The show ip http Privileged EXEC mode command displays the HTTP server configuration. Syntax show ip http Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines • There are no user guidelines for this command. Example The following example displays the HTTP server configuration. Console# show ip http HTTP server enabled.
www.dell.com | support.dell.com Example The following example displays the HTTP server configuration. Console# show ip https HTTPS server enabled. Port: 443 Certificate 1 is active Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by: self-signed Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.
802.1x Commands aaa authentication dot1x The aaa authentication dot1x Global Configuration mode command specifies one or more authentication, authorization, and accounting (AAA) methods for use to authenticate interfaces running IEEE 802.1X. Use the no form of this command to return to default. Syntax aaa authentication dot1x default method1 [method2...] no aaa authentication dot1x default • method1 [method2...
www.dell.com | support.dell.com dot1x system-auto-control The dot1x system-auto-control Global Configuration mode command enables 802.1x globally. Use the no form of this command to disable 802.1x globally. Syntax dot1x system-auto-control no dot1x system-auto-control • This command has no arguments or keywords. Default Configuration Disabled Command Modes Global configuration mode User Guidelines • There are no user guidelines for this command. Examples The following example enables 802.
Default Configuration force-authorized Command Mode Interface configuration (Ethernet) User Guidelines • It is recommended to disable spanning tree or to enable spanning-tree PortFast mode on 802.1x edge ports (ports in auto state that are connected to end stations), in order to get immediately to the forwarding state after successful authentication. Examples The following example enables 802.1X authentication on the interface.
www.dell.com | support.dell.com Examples The following example enables periodic re-authentication of the client. Console (config)# interface ethernet g8 Console (config-if)# dot1x re-authentication dot1x timeout re-authperiod The dot1x timeout re-authperiod Interface Configuration mode command sets the number of seconds between re-authentication attempts. Use the no form of this command to return to the default setting.
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples • The following command manually initiates a re-authentication of the 802.1X-enabled port. Console# dot1x re-authenticate ethernet g8 dot1x timeout quiet-period The dot1x timeout quiet-period Interface Configuration mode command sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange (for example, the client provided an invalid password).
www.dell.com | support.dell.com Examples The following example sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange, to 3600.
dot1x max-req The dot1x max-req Interface Configuration mode command sets the maximum number of times that the switch sends an Extensible Authentication Protocol (EAP) - request/identity frame (assuming that no response is received) to the client, before restarting the authentication process. Use the no form of this command to return to the default setting.
www.dell.com | support.dell.com Default Configuration 30 Command Mode Interface configuration (Ethernet) mode User Guidelines • The default value of this command should be changed only to adjust to unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. Examples The following example sets the time for the retransmission of an EAP-request frame to the client, to 3600 seconds.
Examples The following example sets the time for the retransmission of packets to the authentication server., to 3600 seconds. Console (config)# dot1x timeout server-timeout 3600 show dot1x The show dot1x Privileged EXEC mode command displays 802.1X status for the switch or for the specified interface. Syntax show dot1x [ethernet interface] • interface—The full syntax is: port. Default Configuration This command has no default configuration.
www.dell.com | support.dell.com Console# show dot1x ethernet g3 Interface Admin Mode Oper Mode Reauth Control Reauth Period Username g3 Auto Unauthorize d Ena 3600 Clark State: held Quiet period: 60 Tx period: 30 Max req: 2 Login Time: n/a Last Authentication: n/a MAC Address: 00:08:78:32:98:78 Authentication Method: Remote Termination Cause: Supplicant logoff The following table describes the significant fields shown in the display: 380 Field Description Interface The interface number.
Max req The maximum number of times that the switch sends an Extensible Authentication Protocol (EAP)-request/identity frame (assuming that no response is received) to the client before restarting the authentication process. Login Time How long the user is logged in. Last Authentication Time since last authentication. Mac address The supplicant MAC address. Authentication Method The authentication method used to establish the session. Termination Cause The reason for the session termination.
www.dell.com | support.dell.com Field Description Username The User-Name representing the identity of the Supplicant. Login Time How long the user is logged in. Last Authentication Time since last authentication. Authentication Method The authentication method used to establish the session. Mac address The supplicant MAC address. Interface The interface that the user is using. show dot1x statistics The show dot1x statistics Privileged EXEC mode command displays 802.
Examples The following example displays 802.1X statistics for the specified interface. Switch# show dot1x statistics ethernet g1 EapolFramesRx: 11 EapolFramesTx: 12 EapolStartFramesRx: 1 EapolLogoffFramesRx: 1 EapolRespIdFramesRx: 3 EapolRespFramesRx: 6 EapolReqIdFramesTx: 3 EapolReqFramesTx: 6 InvalidEapolFramesRx: 0 EapLengthErrorFramesRx: 0 LastEapolFrameVersion: 1 LastEapolFrameSource: 0008.3b79.
www.dell.com | support.dell.com EapolReqFramesTx The number of EAP Request frames (other than Rq/Id frames) that have been transmitted by this Authenticator. InvalidEapolFramesRx The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized. EapLengthErrorFramesRx The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid.
dot1x multiple-hosts The dot1x multiple-hosts Interface Configuration mode command allows multiple hosts (clients) on an 802.1X-authorized port, that has the dot1x port-control Interface Configuration mode command set to auto. Use the no form of this command to return to the default setting. Syntax dot1x multiple-hosts no dot1x multiple-hosts This command has no arguments or keywords. Default Configuration Multiple hosts are disabled.
www.dell.com | support.dell.com • forward—Forward frames with source addresses not the supplicant address, but do not learn the address. • discard—Discard frames with source addresses not the supplicant address. • discard-shutdown—Discard frames with source addresses not the supplicant address. The port is also shutdown. • trap seconds—Send SNMP traps, and specifies the minimum time between consecutive traps.
Examples The following example displays 802.1X advanced features for the switch. Switch# show dot1x advanced Unauthenticated VLANs: 91, 92 Port Multiple Hosts g1 Disabled g2 Enabled Switch# show dot1x advanced ethernet g1 Port Multiple Hosts g1 Disabled Single host parameters Violation action: Discard Trap: Enabled Trap frequency: 100 Status: Single-host locked Violations since last trap: 9 802.
www.dell.com | support.dell.com console# show dot1x advanced ethernet g1 Guest VLAN: 3978 Unauthenticated VLANs: 91, 92 Use user attributes from Authentication Server: Enabled User VLAN not created: Create Interface Multiple Hosts g1 Disabled g2 Enabled Single Host Violation: Discard Trap: Enabled Frequency: 100 Status: Authorized (Locked) Counter: 9 388 802.