Users Guide
Table Of Contents
- Dell EMC Networking CLI
- Introduction
- Command Groups
- Mode Types
- ACL
- MAC Address Table
- Auto-VoIP
- CDP Interoperability
- DHCP L2 Relay
- DHCP Snooping
- Dynamic ARP Inspection
- Ethernet Configuration
- Ethernet CFM
- Green Ethernet
- GVRP
- IGMP Snooping
- IGMP Snooping Querier
- Interface Error Disable and Auto Recovery
- IP Addressing
- IPv6 ACL
- IPv6 MLD Snooping
- IPv6 MLD Snooping Querier
- IP Source Guard
- iSCSI Optimization
- Link Dependency
- LLDP
- Loop Protection
- MLAG
- Multicast VLAN Registration
- Port Channel
- Port Monitor
- QoS
- Spanning Tree
- UDLD
- VLAN
- Switchport Voice VLAN
- AAA
- Administrative Profiles
- E-mail Alerting
- RADIUS
- TACACS+
- 802.1x
- Captive Portal
- Denial of Service
- Management ACL
- Password Management
- SSH
- MMRP
- MVRP
- MSRP
- 802.1AS Timesync
- Data Center Bridging
- OpenFlow
- Priority Flow Control
- ARP (IPv4)
- BFD
- BGP
- BGP Routing Policy
- DHCP Server and Relay Agent (IPv4)
- DHCPv6
- DHCPv6 Snooping
- DVMRP
- GMRP
- IGMP
- IGMP Proxy
- IP Helper/DHCP Relay
- IP Routing
- IPv6 Routing
- Loopback Interface
- Multicast
- IPv6 Multicast
- OSPF
- OSPFv3
- Router Discovery Protocol
- Routing Information Protocol
- Tunnel Interface
- Virtual Router
- Virtual Router Redundancy
- Application Deployment
- Auto-Install
- CLI Macro
- Clock
- Command Line Configuration Scripting
- DHCP Client
- HiveAgent
- Line
- PHY Diagnostics
- Power Over Ethernet (PoE)
- RMON
- Serviceability Tracing
- sFlow
- SNMP
- Support Assist
- SYSLOG
- System Management
- Telnet Server
- Time Ranges
- USB Flash Drive
- User Interface
- Web Server
- Using the CLI
- Layer 2 Switching Commands
- ACL Commands
- ACL Logging
- Commands in this Section
- ip access-list
- deny | permit (IP ACL)
- deny | permit (Mac-Access-List-Configuration)
- ip access-group
- mac access-group
- mac access-list extended
- mac access-list extended rename
- remark
- service-acl input
- show service-acl interface
- show access-lists interface
- show ip access-lists
- show mac access-lists
- MAC Address Table Commands
- Commands in this Section
- clear mac address-table
- mac address-table aging-time
- mac address-table multicast forbidden address
- mac address-table static
- switchport port-security (Global Configuration)
- switchport port-security (Interface Configuration)
- show mac address-table multicast
- show mac address-table
- show mac address-table address
- show mac address-table count
- show mac address-table dynamic
- show mac address-table interface
- show mac address-table static
- show mac address-table vlan
- show port-security
- Auto-VoIP Commands
- CDP Interoperability Commands
- DHCP Layer 2 Relay Commands
- Commands in this Section
- dhcp l2relay (Global Configuration)
- dhcp l2relay (Interface Configuration)
- dhcp l2relay circuit-id
- dhcp l2relay remote-id
- dhcp l2relay trust
- dhcp l2relay vlan
- show dhcp l2relay all
- show dhcp l2relay interface
- show dhcp l2relay stats interface
- show dhcp l2relay agent-option vlan
- show dhcp l2relay vlan
- show dhcp l2relay circuit-id vlan
- show dhcp l2relay remote-id vlan
- clear dhcp l2relay statistics interface
- DHCP Snooping Commands
- Commands in this Section
- clear ip dhcp snooping binding
- clear ip dhcp snooping statistics
- ip dhcp snooping
- ip dhcp snooping binding
- ip dhcp snooping database
- ip dhcp snooping database write-delay
- ip dhcp snooping limit
- ip dhcp snooping log-invalid
- ip dhcp snooping trust
- ip dhcp snooping verify mac-address
- show ip dhcp snooping
- show ip dhcp snooping binding
- show ip dhcp snooping database
- show ip dhcp snooping interfaces
- show ip dhcp snooping statistics
- DHCPv6 Snooping Commands
- clear ipv6 dhcp snooping binding
- clear ipv6 dhcp snooping statistics
- ipv6 dhcp snooping
- ipv6 dhcp snooping vlan
- ipv6 dhcp snooping binding
- ipv6 dhcp snooping database
- ipv6 dhcp snooping database write-delay
- ipv6 dhcp snooping limit
- ipv6 dhcp snooping log-invalid
- ipv6 dhcp snooping trust
- ipv6 dhcp snooping verify mac-address
- ipv6 verify binding
- ipv6 verify source
- show ipv6 dhcp snooping
- show ipv6 dhcp snooping binding
- show ipv6 dhcp snooping database
- show ipv6 dhcp snooping interfaces
- show ipv6 dhcp snooping statistics
- show ipv6 source binding
- show ipv6 verify
- show ipv6 verify source
- Dynamic ARP Inspection Commands
- Ethernet Configuration Commands
- Commands in this Section
- clear counters
- description
- default (interface)
- duplex
- flowcontrol
- interface
- interface range
- link debounce time
- rate-limit cpu
- show interfaces
- show interfaces advertise
- show interfaces configuration
- show interfaces counters
- show interfaces debounce
- show interfaces description
- show interfaces detail
- show interfaces status
- show interfaces transceiver
- show interfaces trunk
- show statistics
- show statistics switchport
- show storm-control
- show storm-control action
- shutdown
- speed
- switchport protected
- switchport protected name
- show switchport protected
- show system mtu
- system jumbo mtu
- Ethernet CFM Commands
- Commands in this Section
- ethernet cfm domain
- service
- ethernet cfm cc level
- ethernet cfm mep level
- ethernet cfm mep enable
- ethernet cfm mep active
- ethernet cfm mep archive-hold-time
- ethernet cfm mip level
- ping ethernet cfm
- traceroute ethernet cfm
- show ethernet cfm errors
- show ethernet cfm domain
- show ethernet cfm maintenance-points local
- show ethernet cfm maintenance-points remote
- show ethernet cfm statistics
- Green Ethernet Commands
- GMRP Commands
- GVRP Commands
- IGMP Snooping Commands
- Commands in this Section
- ip igmp snooping
- show ip igmp snooping
- show ip igmp snooping groups
- show ip igmp snooping mrouter
- ip igmp snooping vlan immediate-leave
- ip igmp snooping vlan groupmembership-interval
- ip igmp snooping vlan last-member-query- interval
- ip igmp snooping vlan mcrtrexpiretime
- ip igmp snooping report-suppression
- ip igmp snooping unregistered floodall
- ip igmp snooping vlan mrouter
- IGMP Snooping Querier Commands
- Interface Error Disable and Auto Recovery
- IPv6 Access List Commands
- IPv6 MLD Snooping Commands
- Commands in this Section
- ipv6 mld snooping vlan groupmembership- interval
- ipv6 mld snooping vlan immediate-leave
- ipv6 mld snooping listener-message-suppression
- ipv6 mld snooping vlan last-listener-query- interval
- ipv6 mld snooping vlan mcrtrexpiretime
- ipv6 mld snooping vlan mrouter
- ipv6 mld snooping (Global)
- show ipv6 mld snooping
- show ipv6 mld snooping groups
- show ipv6 mld snooping mrouter
- IPv6 MLD Snooping Querier Commands
- IP Source Guard Commands
- iSCSI Optimization Commands
- Link Dependency Commands
- LLDP Commands
- Commands in this Section
- clear lldp remote-data
- clear lldp statistics
- dcb enable
- debug lldp
- lldp med
- lldp med confignotification
- lldp med faststartrepeatcount
- lldp med transmit-tlv
- lldp notification
- lldp notification-interval
- lldp receive
- lldp timers
- lldp transmit
- lldp tlv-select
- show lldp
- show lldp interface
- show lldp local-device
- show lldp med
- show lldp med interface
- show lldp med local-device detail
- show lldp med remote-device
- show lldp remote-device
- show lldp statistics
- Loop Protection
- MLAG Commands
- Commands in this Section
- clear vpc statistics
- feature vpc
- peer detection enable
- peer detection interval
- peer-keepalive destination
- peer-keepalive enable
- peer-keepalive timeout
- role priority
- show vpc
- show vpc brief
- show vpc consistency-parameters
- show vpc consistency-features
- show vpc peer-keepalive
- show vpc role
- show vpc statistics
- system-mac
- system-priority
- vpc
- vpc domain
- vpc peer-link
- Multicast VLAN Registration Commands
- Port Channel Commands
- Static LAGS
- VLANs and LAGs
- LAG Thresholds
- LAG Hashing
- Enhanced LAG Hashing
- Manual Aggregation of LAGs
- Flexible Assignment of Ports to LAGs
- Commands in this Section
- channel-group
- interface port-channel
- interface range port-channel
- hashing-mode
- lacp port-priority
- lacp system-priority
- lacp timeout
- port-channel local-preference
- port-channel min-links
- show interfaces port-channel
- show lacp
- show statistics port-channel
- Port Monitor Commands
- QoS Commands
- Access Control Lists
- Layer 2 ACLs
- Layer 3/4 IPv4 ACLs
- Class of Service (CoS)
- Queue Mapping
- DiffServ
- Commands in this Section
- assign-queue
- class
- class-map
- class-map rename
- classofservice dot1p-mapping
- classofservice ip-dscp-mapping
- classofservice trust
- conform-color
- cos-queue min-bandwidth
- cos-queue random-detect
- cos-queue strict
- diffserv
- drop
- mark cos
- mark ip-dscp
- mark ip-precedence
- match access-group
- match class-map
- match cos
- match destination-address mac
- match any
- match dstip
- match dstip6
- match dstl4port
- match ethertype
- match ip6flowlbl
- match ip dscp
- match ip precedence
- match ip tos
- match protocol
- match source-address mac
- match srcip
- match srcip6
- match srcl4port
- match vlan
- mirror
- police-simple
- police-single-rate
- police-two-rate
- policy-map
- random-detect queue-parms
- random-detect exponential-weighting-constant
- redirect
- service-policy
- show class-map
- show classofservice dot1p-mapping
- show classofservice ip-dscp-mapping
- show classofservice trust
- show diffserv
- show diffserv service interface
- show diffserv service brief
- show interfaces cos-queue
- show interfaces random-detect
- show policy-map
- show policy-map interface
- show service-policy
- traffic-shape
- vlan priority
- Spanning Tree Commands
- Commands in this Section
- clear spanning-tree detected-protocols
- exit (mst)
- instance (mst)
- name (MST)
- revision (mst)
- show spanning-tree
- show spanning-tree summary
- show spanning-tree vlan
- spanning-tree
- spanning-tree auto-portfast
- spanning-tree backbonefast
- spanning-tree bpdu flooding
- spanning-tree bpdu-protection
- spanning-tree cost
- spanning-tree disable
- spanning-tree forward-time
- spanning-tree guard
- spanning-tree loopguard
- spanning-tree max-age
- spanning-tree max-hops
- spanning-tree mode
- spanning-tree mst configuration
- spanning-tree mst cost
- spanning-tree mst port-priority
- spanning-tree mst priority
- spanning-tree portfast
- spanning-tree portfast bpdufilter default
- spanning-tree portfast default
- spanning-tree port-priority (Interface Configuration)
- spanning-tree priority
- spanning-tree tcnguard
- spanning-tree transmit hold-count
- spanning-tree uplinkfast
- spanning-tree vlan
- spanning-tree vlan forward-time
- spanning-tree vlan hello-time
- spanning-tree vlan max-age
- spanning-tree vlan root
- spanning-tree vlan priority
- UDLD Commands
- VLAN Commands
- Double VLAN Mode
- Independent VLAN Learning
- Protocol Based VLANs
- IP Subnet Based VLANs
- MAC-Based VLANs
- Private VLAN Commands
- Commands in this Section
- interface vlan
- interface range vlan
- name (VLAN Configuration)
- private-vlan
- protocol group
- protocol vlan group
- protocol vlan group all
- show dot1q-tunnel
- show interfaces switchport
- show port protocol
- show switchport ethertype
- show vlan
- show vlan association mac
- show vlan association subnet
- show vlan private-vlan
- switchport access vlan
- switchport dot1q ethertype (Global Configuration)
- switchport dot1q ethertype (Interface Configuration)
- switchport general forbidden vlan
- switchport general acceptable-frame-type tagged-only
- switchport general allowed vlan
- switchport general ingress-filtering disable
- switchport general pvid
- switchport mode
- switchport mode dot1q-tunnel
- switchport mode private-vlan
- switchport private-vlan
- switchport trunk
- switchport trunk encapsulation dot1q
- vlan
- vlan association mac
- vlan association subnet
- vlan makestatic
- vlan protocol group
- vlan protocol group add protocol
- vlan protocol group name
- vlan protocol group remove
- Switchport Voice VLAN Commands
- ACL Commands
- Security Commands
- AAA Commands
- Administrative Authentication
- Administrative Accounting
- Accounting Method Lists
- Access Line Modes
- Command Authorization
- Network Authentication
- Local 802.1x Authentication Server
- MAC Authentication Bypass
- Guest VLAN
- Unauthenticated VLAN
- Commands in this Section
- aaa accounting
- aaa accounting delay-start
- aaa accounting update
- aaa authentication dot1x default
- aaa authentication enable
- aaa authentication login
- aaa authorization
- aaa authorization network default radius
- aaa ias-user username
- aaa new-model
- aaa server radius dynamic-author
- authentication enable
- authentication order
- authentication priority
- authentication restart
- clear (IAS)
- clear authentication statistics
- clear authentication authentication-history
- enable password
- ip http authentication
- ip https authentication
- password (AAA IAS User Configuration)
- password (User Exec)
- show aaa ias-users
- show aaa statistics
- show accounting methods
- show accounting update
- show authentication
- show authentication authentication-history
- show authentication methods
- show authentication statistics
- show authorization methods
- show users accounts
- show users login-history
- username
- username unlock
- Administrative Profiles Commands
- E-mail Alerting Commands
- Commands in this Section
- logging email
- logging email urgent
- logging email message-type to-addr
- logging email from-addr
- logging email message-type subject
- logging email logtime
- logging email test message-type
- show logging email statistics
- clear logging email statistics
- security
- mail-server ip-address | hostname
- port (Mail Server Configuration Mode)
- username (Mail Server Configuration Mode)
- password (Mail Server Configuration Mode)
- show mail-server
- RADIUS Commands
- RADIUS-based Dynamic VLAN Assignment
- RADIUS Change of Authorization
- Commands in this Section
- acct-port
- attribute 6
- attribute 8
- attribute 25
- attribute 31
- attribute 168 include-in-access-req
- authentication event fail retry
- auth-port
- automate-tester
- deadtime
- key
- msgauth
- name (RADIUS Server)
- primary
- priority
- radius server attribute 4
- radius server attribute 6
- radius server attribute 8
- radius server attribute 25
- radius server attribute 31
- radius server attribute 168
- radius server deadtime
- radius server
- radius server key
- radius server retransmit
- radius server source-ip
- radius server source-interface
- radius server timeout
- radius server vsa send authentication
- retransmit
- show aaa servers
- show radius statistics
- source-ip
- timeout
- usage
- TACACS+ Commands
- 802.1x Commands
- 802.1x Monitor Mode
- Commands in this Section
- dot1x dynamic-vlan enable
- dot1x eapolflood
- dot1x initialize
- mab
- default mab
- mab request format
- dot1x max-reauth-req
- dot1x max-req
- dot1x max-users
- dot1x port-control
- dot1x re-authenticate
- dot1x reauthentication
- dot1x system-auth-control
- dot1x system-auth-control monitor
- dot1x timeout quiet-period
- dot1x timeout re-authperiod
- dot1x timeout server-timeout
- dot1x timeout supp-timeout
- dot1x timeout tx-period
- auth-type
- client
- ignore
- port
- server-key
- show dot1x
- show dot1x authentication-history
- show dot1x clients
- show dot1x interface
- show dot1x interface statistics
- show dot1x users
- clear dot1x authentication–history
- dot1x guest-vlan
- dot1x timeout guest-vlan-period
- dot1x unauth-vlan
- show dot1x advanced
- Captive Portal Commands
- Commands in this Section
- authentication timeout
- captive-portal
- enable
- http port
- https port
- show captive-portal
- show captive-portal status
- block
- configuration
- enable
- group
- interface
- locale
- name (Captive Portal)
- protocol
- redirect
- redirect-url
- session-timeout
- verification
- captive-portal client deauthenticate
- show captive-portal client status
- show captive-portal configuration client status
- show captive-portal interface client status
- show captive-portal interface configuration status
- clear captive-portal users
- no user
- show captive-portal user
- user group
- user-logout
- user name
- user password
- user session-timeout
- show captive-portal configuration
- show captive-portal configuration interface
- show captive-portal configuration locales
- show captive-portal configuration status
- user group
- user group moveusers
- user group name
- Denial of Service Commands
- Management ACL Commands
- Password Management Commands
- Configurable Minimum Password Length
- Password History
- Password Aging
- User Lockout
- Password Strength
- Commands in this Section
- passwords aging
- passwords history
- passwords lock-out
- passwords min-length
- passwords strength-check
- passwords strength minimum uppercase-letters
- passwords strength minimum lowercase-letters
- passwords strength minimum numeric- characters
- passwords strength minimum special-characters
- passwords strength max-limit consecutive- characters
- passwords strength max-limit repeated- characters
- passwords strength minimum character-classes
- passwords strength exclude-keyword
- enable password encrypted
- show passwords configuration
- show passwords result
- SSH Commands
- AAA Commands
- Audio Visual Bridging Commands
- Multiple MAC Registration Protocol Commands
- Multiple VLAN Registration Protocol Commands
- Multiple Stream Reservation Protocol Commands
- 802.1AS Timesync Commands
- Commands in this Section
- clear dot1as statistics
- dot1as (Global Configuration)
- dot1as (Interface Configuration)
- dot1as priority
- dot1as interval announce
- dot1as interval sync
- dot1as interval pdelay
- dot1as timeout announce
- dot1as timeout sync
- dot1as pdelay-threshold
- dot1as interval pdelay-loss
- show dot1as
- show dot1as statistics
- Data Center Technology Commands
- Data Center Bridging Commands
- Data Center Bridging Exchange Protocol
- Interoperability with IEEE DCBX
- Port Roles
- Commands in this Section
- Data Center Bridging Capability Exchange Commands
- datacenter-bridging
- lldp dcbx version
- lldp dcbx port-role
- show lldp tlv-select
- show lldp dcbx
- Enhanced Transmission Selection (ETS) Commands
- classofservice traffic-class-group
- traffic-class-group max-bandwidth
- traffic-class-group min-bandwidth
- traffic-class-group strict
- traffic-class-group weight
- show classofservice traffic-class-group
- show interfaces traffic
- show interfaces traffic-class-group
- OpenFlow Commands
- Priority Flow Control Commands
- Data Center Bridging Commands
- Layer 3 Routing Commands
- ARP Commands
- Bidirectional Forwarding Detection Commands
- Border Gateway Protocol Commands
- Commands in this Section
- router bgp
- address-family
- address-family ipv4 vrf
- address-family ipv6
- address-family vpnv4 unicast
- aggregate-address
- bgp aggregate-different-meds (BGP Router Configuration)
- bgp aggregate-different-meds (IPv6 Address Family Configuration)
- bgp always-compare-med
- bgp client-to-client reflection (BGP Router Configuration)
- bgp client-to-client reflection (IPv6 Address Family Configuration)
- bgp cluster-id
- bgp default local-preference
- bgp fast-external-fallover
- bgp fast-internal-fallover
- bgp listen
- bgp log-neighbor-changes
- bgp maxas-limit
- bgp router-id
- clear ip bgp
- clear ip bgp counters
- default-information originate (BGP Router Configuration)
- default-information originate (IPv6 Address Family Configuration)
- default metric (BGP Router Configuration)
- default metric (IPv6 Address Family Configuration)
- distance
- distance bgp (BGP Router Configuration)
- distance bgp (IPv6 Address Family Configuration)
- distribute-list prefix in
- distribute-list prefix out (BGP Router Configuration)
- distribute-list prefix out (IPv6 Address Family Configuration)
- enable
- ip as-path access-list
- ip bgp-community new-format
- ip bgp fast-external-fallover
- ip community-list
- ip extcommunity-list
- match extcommunity
- maximum-paths (BGP Router Configuration)
- maximum-paths (IPv6 Address Family Configuration)
- maximum-paths ibgp (BGP Router Configuration)
- maximum-paths ibgp (IPv6 Address Family Configuration)
- neighbor activate
- neighbor advertisement-interval (BGP Router Configuration)
- neighbor advertisement-interval (IPv6 Address Family Configuration)
- neighbor allowas-in
- neighbor connect-retry-interval
- neighbor default-originate (BGP Router Configuration)
- neighbor default-originate (IPv6 Address Family Configuration)
- neighbor description
- neighbor ebgp-multihop
- neighbor filter-list (BGP Router Configuration)
- neighbor filter-list (IPv6 Address Family Configuration)
- neighbor inherit peer
- neighbor local-as
- neighbor maximum-prefix (BGP Router Configuration)
- neighbor maximum-prefix (IPv6 Address Family Configuration)
- neighbor next-hop-self (BGP Router Configuration)
- neighbor next-hop-self (IPv6 Address Family Configuration)
- neighbor password
- neighbor prefix-list (BGP Router Configuration)
- neighbor prefix-list (IPv6 Address Family Configuration)
- neighbor remote-as
- neighbor remove-private-as
- neighbor rfc5549-support
- neighbor route-map (BGP Router Configuration)
- neighbor route-map (IPv6 Address Family Configuration)
- neighbor route-reflector-client (BGP Router Configuration)
- neighbor route-reflector-client (IPv6 Address Family Configuration)
- neighbor send-community (BGP Router Configuration)
- neighbor send-community (IPv6 Address Family Configuration)
- neighbor shutdown
- neighbor timers
- neighbor update-source
- network (BGP Router Configuration)
- network (IPv6 Address Family Configuration)
- rd
- redistribute (BGP)
- redistribute (BGP IPv6)
- route-target
- set extcommunity rt
- set extcommunity soo
- show bgp ipv6
- show bgp ipv6 aggregate-address
- show bgp ipv6 community
- show bgp ipv6 community-list
- show bgp ipv6 listen range
- show bgp ipv6 neighbors
- show bgp ipv6 neighbors advertised-routes
- show bgp ipv6 neighbors policy
- show bgp ipv6 neighbors received-routes
- show bgp ipv6 statistics
- show bgp ipv6 summary
- show bgp ipv6 update-group
- show bgp ipv6 route-reflection
- show ip bgp
- show ip bgp aggregate-address
- show ip bgp community
- show ip bgp community-list
- show ip bgp extcommunity-list
- show ip bgp listen range
- show ip bgp neighbors
- show ip bgp neighbors advertised-routes
- show ip bgp neighbors received-routes
- show ip bgp neighbors policy
- show ip bgp route-reflection
- show ip bgp statistics
- show ip bgp summary
- show ip bgp template
- show ip bgp traffic
- show ip bgp update-group
- show ip bgp vpn4
- template peer
- timers bgp
- BGP Routing Policy
- Commands in this Section
- ip as-path access-list
- ip bgp-community new-format
- ip community-list
- ip prefix-list
- ip prefix-list description
- ipv6 prefix-list
- match as-path
- match community
- match ip address prefix-list
- match ipv6 address prefix-list
- show ip as-path-access-list
- show ip community-list
- show ip prefix-list
- show ipv6 prefix-list
- clear ip prefix-list
- clear ipv6 prefix-list
- clear ip community-list
- set as-path
- set comm-list delete
- set community
- set ipv6 next-hop (BGP)
- set local-preference
- set metric
- DVMRP Commands
- IGMP Commands
- Commands in this Section
- ip igmp last-member-query-count
- ip igmp last-member-query-interval
- ip igmp mroute-proxy
- ip igmp query-interval
- ip igmp query-max-response-time
- ip igmp robustness
- ip igmp startup-query-count
- ip igmp startup-query-interval
- ip igmp version
- show ip igmp
- show ip igmp groups
- show ip igmp interface
- show ip igmp membership
- show ip igmp interface stats
- IGMP Proxy Commands
- IP Helper/DHCP Relay Commands
- Commands in this Section
- bootpdhcprelay maxhopcount
- bootpdhcprelay minwaittime
- clear ip helper statistics
- ip dhcp relay information check
- ip dhcp relay information check-reply
- ip dhcp relay information option
- ip dhcp relay information option-insert
- ip helper-address (global configuration)
- ip helper-address (interface configuration)
- ip helper enable
- show ip helper-address
- show ip dhcp relay
- show ip helper statistics
- IP Routing Commands
- Static Routes/ECMP Static Routes
- Static Reject Routes
- Default Routes
- Commands in this Section
- encapsulation
- ip icmp echo-reply
- ip icmp error-interval
- ip netdirbcast
- ip policy route-map
- ip redirects
- ip route
- ip route default
- ip route distance
- ip routing
- ip unnumbered
- ip unnumbered gratuitous-arp accept
- ip unreachables
- match ip address
- match length
- match mac-list
- route-map
- set interface null0
- set ip default next-hop
- set ip next-hop
- set ip precedence
- show ip brief
- show ip interface
- show ip policy
- show ip protocols
- show ip route
- show ip route static
- show ip route preferences
- show ip route summary
- show ip traffic
- show ip vlan
- show route-map
- show routing heap summary
- IPv6 Routing Commands
- IPv6 Limitations & Restrictions
- Commands in this Section
- clear ipv6 neighbors
- clear ipv6 statistics
- ipv6 address
- ipv6 enable
- ipv6 hop-limit
- ipv6 host
- ipv6 icmp error-interval
- ipv6 mld last-member-query-count
- ipv6 mld last-member-query-interval
- ipv6 mld host-proxy
- ipv6 mld host-proxy reset-status
- ipv6 mld host-proxy unsolicit-rprt-interval
- ipv6 mld query-interval
- ipv6 mld query-max-response-time
- ipv6 nd dad attempts
- ipv6 nd ra hop-limit unspecified
- ipv6 nd managed-config-flag
- ipv6 nd ns-interval
- ipv6 nd nud max-multicast-solicits
- ipv6 nd nud max-unicast-solicits
- ipv6 nd nud retry
- ipv6 nd other-config-flag
- ipv6 nd prefix
- ipv6 nd raguard attach-policy
- ipv6 nd ra-interval
- ipv6 nd ra-lifetime
- ipv6 nd reachable-time
- ipv6 nd suppress-ra
- ipv6 redirect
- ipv6 route
- ipv6 route distance
- ipv6 unicast-routing
- ipv6 unreachables
- show ipv6 brief
- show ipv6 interface
- show ipv6 mld groups
- show ipv6 mld interface
- show ipv6 mld host-proxy
- show ipv6 mld host-proxy groups
- show ipv6 mld host-proxy groups detail
- show ipv6 mld host-proxy interface
- show ipv6 mld traffic
- show ipv6 nd raguard policy
- show ipv6 neighbors
- show ipv6 protocols
- show ipv6 route
- show ipv6 route preferences
- show ipv6 route summary
- show ipv6 snooping counters
- show ipv6 traffic
- show ipv6 vlan
- traceroute ipv6
- Loopback Interface Commands
- IP Multicast Commands
- Commands in this Section
- clear ip mroute
- ip multicast boundary
- ip mroute
- ip multicast-routing
- ip multicast ttl-threshold
- ip pim
- ip pim bsr-border
- ip pim bsr-candidate
- ip pim dense-mode
- ip pim dr-priority
- ip pim hello-interval
- ip pim join-prune-interval
- ip pim rp-address
- ip pim rp-candidate
- ip pim sparse-mode
- ip pim ssm
- show ip mfc
- show ip multicast
- show ip pim boundary
- show ip multicast interface
- show ip mroute
- show ip mroute group
- show ip mroute source
- show ip mroute static
- show ip pim
- show ip pim bsr-router
- show ip pim interface
- show ip pim neighbor
- show ip pim rp-hash
- show ip pim rp mapping
- show ip pim statistics
- IPv6 Multicast Commands
- clear ipv6 mroute
- ipv6 pim (VLAN Interface config)
- ipv6 pim bsr-border
- ipv6 pim bsr-candidate
- ipv6 pim dense-mode
- ipv6 pim dr-priority
- ipv6 pim hello-interval
- ipv6 pim join-prune-interval
- ipv6 pim register-threshold
- ipv6 pim rp-address
- ipv6 pim rp-candidate
- ipv6 pim sparse-mode
- ipv6 pim ssm
- show ipv6 pim
- show ipv6 pim bsr-router
- show ipv6 mroute group
- show ipv6 mroute source
- show ipv6 pim interface
- show ipv6 pim neighbor
- show ipv6 pim rp-hash
- show ipv6 pim rp mapping
- show ipv6 pim statistics
- OSPF Commands
- Route Preferences
- OSPF Equal Cost Multipath (ECMP)
- Forwarding of OSPF Opaque LSAs Enabled by Default
- Passive Interfaces
- Graceful Restart
- Commands in this Section
- area default-cost (Router OSPF)
- area nssa (Router OSPF)
- area nssa default-info-originate (Router OSPF Config)
- area nssa no-redistribute
- area nssa no-summary
- area nssa translator-role
- area nssa translator-stab-intv
- area range (Router OSPF)
- area stub
- area stub no-summary
- area virtual-link
- area virtual-link authentication
- area virtual-link dead-interval
- area virtual-link hello-interval
- area virtual-link retransmit-interval
- area virtual-link transmit-delay
- auto-cost
- bandwidth
- bfd
- capability opaque
- clear ip ospf
- clear ip ospf stub-router
- compatible rfc1583
- default-information originate (Router OSPF Configuration)
- default-metric
- distance ospf
- distribute-list out
- enable
- exit-overflow-interval
- external-lsdb-limit
- ip ospf area
- ip ospf authentication
- ip ospf cost
- ip ospf database-filter all out
- ip ospf dead-interval
- ip ospf hello-interval
- ip ospf mtu-ignore
- ip ospf network
- ip ospf priority
- ip ospf retransmit-interval
- ip ospf transmit-delay
- log adjacency-changes
- max-metric router-lsa
- maximum-paths
- network area
- nsf
- nsf helper
- nsf helper strict-lsa-checking
- nsf restart-interval
- passive-interface default
- passive-interface
- redistribute (OSPF)
- router-id
- router ospf
- show ip ospf
- show ip ospf abr
- show ip ospf area
- show ip ospf asbr
- show ip ospf database
- show ip ospf database database-summary
- show ip ospf interface
- show ip ospf interface brief
- show ip ospf interface stats
- show ip ospf lsa-group
- show ip ospf neighbor
- show ip ospf range
- show ip ospf statistics
- show ip ospf stub table
- show ip ospf traffic
- show ip ospf virtual-links
- show ip ospf virtual-links brief
- timers pacing flood
- timers pacing lsa-group
- timers spf
- OSPFv3 Commands
- area default-cost (Router OSPFv3)
- area nssa (Router OSPFv3)
- area nssa default-info-originate (Router OSPFv3 Config)
- area nssa no-redistribute
- area nssa no-summary
- area nssa translator-role
- area nssa translator-stab-intv
- area range (Router OSPFv3)
- area stub
- area stub no-summary
- area virtual-link
- area virtual-link dead-interval
- area virtual-link hello-interval
- area virtual-link retransmit-interval
- area virtual-link transmit-delay
- default-information originate (Router OSPFv3 Configuration)
- default-metric
- distance ospf
- enable
- exit-overflow-interval
- external-lsdb-limit
- ipv6 ospf
- ipv6 ospf area
- ipv6 ospf cost
- ipv6 ospf dead-interval
- ipv6 ospf hello-interval
- ipv6 ospf mtu-ignore
- ipv6 ospf network
- ipv6 ospf priority
- ipv6 ospf retransmit-interval
- ipv6 ospf transmit-delay
- ipv6 router ospf
- maximum-paths
- nsf
- nsf helper
- nsf helper strict-lsa-checking
- nsf restart-interval
- passive-interface
- passive-interface default
- redistribute (OSPFv3)
- router-id
- show ipv6 ospf
- show ipv6 ospf abr
- show ipv6 ospf area
- show ipv6 ospf asbr
- show ipv6 ospf border-routers
- show ipv6 ospf database
- show ipv6 ospf database database-summary
- show ipv6 ospf interface
- show ipv6 ospf interface brief
- show ipv6 ospf interface stats
- show ipv6 ospf interface vlan
- show ipv6 ospf neighbor
- show ipv6 ospf range
- show ipv6 ospf stub table
- show ipv6 ospf virtual-links
- show ipv6 ospf virtual-link brief
- timers throttle spf
- Router Discovery Protocol Commands
- Routing Information Protocol Commands
- Commands in this Section
- auto-summary
- default-information originate (Router RIP Configuration)
- default-metric
- distance rip
- distribute-list out
- enable
- hostroutesaccept
- ip rip
- ip rip authentication
- ip rip receive version
- ip rip send version
- redistribute (RIP)
- router rip
- show ip rip
- show ip rip interface
- show ip rip interface brief
- split-horizon
- Tunnel Interface Commands
- Virtual Router Commands
- Virtual Router Redundancy Protocol Commands
- Pingable VRRP Interface
- VRRP Route/Interface Tracking
- Interface Tracking
- Route Tracking
- Commands in this Section
- ip vrrp
- vrrp accept-mode
- vrrp authentication
- vrrp description
- vrrp ip
- vrrp mode
- vrrp preempt
- vrrp priority
- vrrp timers advertise
- vrrp timers learn
- vrrp track interface
- vrrp track ip route
- show vrrp
- show vrrp interface
- Switch Management Commands
- Application Deployment
- Auto-Install Commands
- CLI Macro Commands
- Clock Commands
- Real-time Clock
- Simple Network Time Protocol
- Commands in this Section
- show sntp configuration
- show sntp server
- show sntp status
- sntp authenticate
- sntp authentication-key
- sntp broadcast client enable
- sntp client poll timer
- sntp server
- sntp source-interface
- sntp trusted-key
- sntp unicast client enable
- clock set
- clock timezone hours-offset
- no clock timezone
- clock summer-time recurring
- clock summer-time date
- no clock summer-time
- show clock
- Command Line Configuration Scripting Commands
- Configuration and Image File Commands
- DHCP Client Commands
- DHCP Server Commands
- Commands in this Section
- ip dhcp pool
- bootfile
- clear ip dhcp binding
- clear ip dhcp conflict
- client-identifier
- client-name
- default-router
- dns-server (IP DHCP Pool Config)
- domain-name (IP DHCP Pool Config)
- hardware-address
- host
- ip dhcp bootp automatic
- ip dhcp conflict logging
- ip dhcp excluded-address
- ip dhcp ping packets
- lease
- netbios-name-server
- netbios-node-type
- network
- next-server
- option
- service dhcp
- sntp
- show ip dhcp binding
- show ip dhcp conflict
- show ip dhcp global configuration
- show ip dhcp pool
- show ip dhcp server statistics
- DHCPv6 Server Commands
- clear ipv6 dhcp
- dns-server (IPv6 DHCP Pool Config)
- domain-name (IPv6 DHCP Pool Config)
- ipv6 dhcp pool
- ipv6 dhcp relay
- ipv6 dhcp server
- prefix-delegation
- service dhcpv6
- show ipv6 dhcp
- show ipv6 dhcp binding
- show ipv6 dhcp interface (User Exec)
- show ipv6 dhcp interface (Privileged Exec)
- show ipv6 dhcp pool
- show ipv6 dhcp statistics
- HiveAgent Commands
- IP Addressing Commands
- Commands in this Section
- clear host
- clear ip address-conflict-detect
- interface out-of-band
- ip address
- ip address (Out-of-Band)
- ip address-conflict-detect run
- ip address dhcp (Interface Configuration)
- ip default-gateway
- ip domain-lookup
- ip domain-name
- ip host
- ip name-server
- ip name-server source-interface
- ipv6 address (Interface Configuration)
- ipv6 address (OOB Port)
- ipv6 address dhcp
- ipv6 enable (Interface Configuration)
- ipv6 enable (OOB Configuration)
- ipv6 gateway (OOB Configuration)
- show hosts
- show ip address-conflict
- show ip helper-address
- show ipv6 dhcp interface out-of-band statistics
- show ipv6 interface out-of-band
- Line Commands
- PHY Diagnostics Commands
- Power Over Ethernet Commands
- Flexible Power Management
- Commands in this Section
- power inline
- power inline detection
- power inline four-pair forced
- power inline limit
- power inline management
- power inline powered-device
- power inline priority
- power inline reset
- power inline usage-threshold
- clear power inline statistics
- show power inline
- show power inline firmware-version
- RMON Commands
- Serviceability Commands
- Commands in this Section
- debug aaa accounting
- debug arp
- debug authentication interface
- debug auto-voip
- debug bfd
- debug cfm
- debug clear
- debug console
- debug crashlog
- debug dhcp packet
- debug dhcp server packet
- debug dot1ag
- debug dot1x
- debug igmpsnooping
- debug ip acl
- debug ip bgp
- debug ip dvmrp
- debug ip igmp
- debug ip mcache
- debug ip pimdm packet
- debug ip pimsm packet
- debug ipv6 dhcp
- debug ipv6 mcache
- debug ipv6 mld
- debug ipv6 pimdm
- debug ipv6 pimsm
- debug isdp
- debug lacp
- debug mldsnooping
- debug ospf
- debug ospfv3
- debug ping
- debug rip
- debug sflow
- debug spanning-tree
- debug udld
- debug vpc
- debug vrrp
- exception core-file
- exception dump
- exception protocol
- exception switch-chip-register
- ip http timeout-policy
- show debugging
- show supported mibs
- snapshot bgp
- write core
- Sflow Commands
- SNMP Commands
- Commands in this Section
- show snmp
- show snmp engineid
- show snmp filters
- show snmp group
- show snmp user
- show snmp views
- show trapflags
- snmp-server community
- snmp-server community-group
- snmp-server contact
- snmp-server enable traps
- snmp-server engineID local
- snmp-server filter
- snmp-server group
- snmp-server host
- snmp-server location
- snmp-server user
- snmp-server view
- snmp-server v3-host
- snmp-server source-interface
- SupportAssist Commands
- SYSLOG Commands
- Command Logging
- Commands in this Section
- clear logging
- clear logging file
- description (Logging)
- level
- logging cli-command
- logging
- logging audit
- logging buffered
- logging console
- logging facility
- logging file
- logging monitor
- logging on
- logging protocol
- logging snmp
- logging source-interface
- logging traps
- logging web-session
- port
- show logging
- show logging file
- show syslog-servers
- terminal monitor
- System and Stack Management Commands
- asset-tag
- banner exec
- banner login
- banner motd
- banner motd acknowledge
- buffers
- clear checkpoint statistics
- clear counters stack-ports
- connect
- cut-through mode
- disconnect
- exit
- hardware profile portmode
- hostname
- initiate failover
- load-interval
- locate
- logout
- member
- memory free low-watermark
- nsf
- ping
- process cpu threshold
- quit
- reload
- service unsupported-transceiver
- set description
- slot
- show banner
- show buffers
- show checkpoint statistics
- show cut-through mode
- show hardware profile
- show idprom interface
- show interfaces
- show interfaces advanced firmware
- show interfaces utilization
- show memory cpu
- show nsf
- show power-usage-history
- show process app-list
- show process app-resource-list
- show process cpu
- show process proc-list
- show router-capability
- show sessions
- show slot
- show supported cardtype
- show supported switchtype
- show switch
- show system
- show system fan
- show system id
- show system power
- show system temperature
- show tech-support
- show users
- show version
- stack
- stack-port
- stack-port shutdown
- standby
- switch renumber
- telnet
- traceroute
- traceroute ipv6
- update bootcode
- Telnet Server Commands
- Time Ranges Commands
- USB Flash Drive Commands
- User Interface Commands
- Web Server Commands
- Web Sessions
- Commands in this Section
- common-name
- country
- crypto certificate generate
- crypto certificate import
- crypto certificate request
- duration
- ip http port
- ip http server
- ip http secure-certificate
- ip http secure-port
- ip http secure-server
- key-generate
- location
- no crypto certificate
- organization-unit
- show crypto certificate mycertificate
- show ip http server status
- show ip http server secure status
- state
- Appendix A: List of Commands
Security Commands 883
IP-Address, NAS-IP-Address (if configured in switch), NAS-Port identifiers
are maintained in the switch for 802.1X session identification. CoA-Request
requests must contain at least one of the Acct-Session-Id, Framed-IP-Address,
User-Name, or Calling-Station-Id for presentation to the NAS for CoA
requests.
A valid authenticated RFC 3575 Disconnect-Request terminates the session
without disabling the port. The termination may cause the host to attempt to
reauthenticate on the port. If an ACL was applied for the session, the ACL is
removed when the session is terminated.
If a valid authenticated RFC 3575 Disconnect-Request request is received
from a configured server and the session cannot be found, the switch returns a
CoA-NAK message with the 503 Session Context Not Found response code.
If it expected that more than one session will authenticate over a port, use of
MAC based authentication is recommended. If MAC based authentication is
enabled, the user is denied access to the port even if a previous authentication
has occurred on the port.
Command History
Introduced in version 6.2.0.1 firmware.
Example
The following example configures RADIUS servers at 1.1.1.1, 2.2.2.2, and
3.3.3.3 and CoA clients at 4.4.4.4 and 5.5.5.5. It sets the front panel ports to
use 802.1x MAC-based authentication. CoA is configured for two dynamic
RADIUS servers located at 1.1.1.1 and 2.2.2.2 using a global shared secret and
a third server using a server specific shared secret. CoA and disconnect
requests are accepted from the CoA clients at 4.4.4.4 and 5.5.5.5. Any
attribute contained in the Disconnect request is allowed for session
identification. In this example, the NAS-IP-Address is optionally configured
at the fixed IPv4 address of 3.3.3.3. CoA client 5.5.5.5 uses the global server
key while client 4.4.4.4 uses a client-specific server key.
console#configure terminal
console(config)# aaa new-model
console(config)# aaa authentication dot1x default radius
console(config)# dot1x system-auth-control
console(config)# interface range gi1/0/1-24
console(config-if)# dot1x port-control mac-based
console(config-if)# exit