Users Guide
Table Of Contents
- Dell EMC Networking CLI
- Introduction
- Command Groups
- Mode Types
- Layer 2 Commands
- ACL
- MAC Address Table
- MAC Notification
- Auto-VoIP
- CDP Interoperability
- DHCP L2 Relay
- DHCP Snooping
- Dynamic ARP Inspection
- Ethernet Configuration
- Ethernet CFM
- Ethernet Ring Protection
- Green Ethernet
- GVRP
- IGMP Snooping
- IGMP Snooping Querier
- Interface Error Disable and Auto Recovery
- IP Addressing
- IPv6 ACL
- IPv6 MLD Snooping
- IPv6 MLD Snooping Querier
- IP Source Guard
- iSCSI Optimization
- Link Dependency
- LLDP
- Loop Protection
- MLAG
- Multicast VLAN Registration
- Port Channel
- Port Monitor
- QoS
- Spanning Tree
- UDLD
- VLAN
- Switchport Voice VLAN
- Multiple MAC Registration Protocol
- Multiple VLAN Registration Protocol
- Security Commands
- Data Center Commands
- Layer 3 Routing Commands
- ARP (IPv4)
- BFD
- BGP
- BGP Routing Policy
- DHCP Server and Relay Agent (IPv4)
- DHCPv6
- DHCPv6 Snooping
- DVMRP
- GMRP
- IGMP
- IGMP Proxy
- IP Helper/DHCP Relay
- IP Routing
- IPv6 Routing
- Loopback Interface
- Multicast
- IPv6 Multicast
- OSPF
- OSPFv3
- IPv6 Policy-Based Routing
- Router Discovery Protocol
- Routing Information Protocol
- Tunnel Interface
- Unicast Reverse Path Forwarding
- Virtual Router
- Virtual Router Redundancy
- Virtual Router Redundancy Protocol version 3 Commands
- Switch Management Commands
- Using the CLI
- Layer 2 Switching Commands
- ACL Commands
- MAC Address Table Commands
- clear mac address-table
- mac address-table aging-time
- mac address-table multicast forbidden address
- mac address-table static
- switchport port-security (Global Configuration)
- switchport port-security (Interface Configuration)
- show mac address-table multicast
- show mac address-table
- show mac address-table address
- show mac address-table count
- show mac address-table dynamic
- show mac address-table interface
- show mac address-table static
- show mac address-table vlan
- show port-security
- MAC Notification Commands
- Auto-VoIP Commands
- CDP Interoperability Commands
- DHCP Layer 2 Relay Commands
- dhcp l2relay (Global Configuration)
- dhcp l2relay (Interface Configuration)
- dhcp l2relay circuit-id
- dhcp l2relay remote-id
- dhcp l2relay trust
- dhcp l2relay vlan
- show dhcp l2relay all
- show dhcp l2relay interface
- show dhcp l2relay stats interface
- show dhcp l2relay agent-option vlan
- show dhcp l2relay vlan
- show dhcp l2relay circuit-id vlan
- show dhcp l2relay remote-id vlan
- clear dhcp l2relay statistics interface
- DHCP Snooping Commands
- clear ip dhcp snooping binding
- clear ip dhcp snooping statistics
- ip dhcp snooping
- ip dhcp snooping binding
- ip dhcp snooping database
- ip dhcp snooping database write-delay
- ip dhcp snooping limit
- ip dhcp snooping log-invalid
- ip dhcp snooping trust
- ip dhcp snooping verify mac-address
- show ip dhcp snooping
- show ip dhcp snooping binding
- show ip dhcp snooping database
- show ip dhcp snooping interfaces
- show ip dhcp snooping statistics
- DHCPv6 Snooping Commands
- clear ipv6 dhcp snooping binding
- clear ipv6 dhcp snooping statistics
- ipv6 dhcp snooping
- ipv6 dhcp snooping vlan
- ipv6 dhcp snooping binding
- ipv6 dhcp snooping database
- ipv6 dhcp snooping database write-delay
- ipv6 dhcp snooping limit
- ipv6 dhcp snooping log-invalid
- ipv6 dhcp snooping trust
- ipv6 dhcp snooping verify mac-address
- ipv6 verify binding
- ipv6 verify source
- show ipv6 dhcp snooping
- show ipv6 dhcp snooping binding
- show ipv6 dhcp snooping database
- show ipv6 dhcp snooping interfaces
- show ipv6 dhcp snooping statistics
- show ipv6 source binding
- show ipv6 verify
- show ipv6 verify source
- Dynamic ARP Inspection Commands
- Ethernet Configuration Commands
- clear counters
- description
- default (interface)
- duplex
- flowcontrol
- forward-error-correction
- interface
- interface range
- link debounce time
- rate-limit cpu
- show interfaces
- show interfaces advertise
- show interfaces configuration
- show interfaces counters
- show interfaces debounce
- show interfaces description
- show interfaces detail
- show interfaces status
- show interfaces transceiver
- show interfaces trunk
- show statistics
- show statistics switchport
- show storm-control
- show storm-control action
- shutdown
- speed
- switchport protected
- switchport protected name
- show switchport protected
- show system mtu
- system jumbo mtu
- Ethernet CFM Commands
- ethernet cfm domain
- service
- ethernet cfm cc level
- ethernet cfm mep level
- ethernet cfm mep enable
- ethernet cfm mep active
- ethernet cfm mep archive-hold-time
- ethernet cfm mip level
- ping ethernet cfm
- traceroute ethernet cfm
- show ethernet cfm errors
- show ethernet cfm domain
- show ethernet cfm maintenance-points local
- show ethernet cfm maintenance-points remote
- show ethernet cfm statistics
- Ethernet Ring Protection Commands
- ethernet ring g8032 profile
- timer
- non-revertive
- ethernet ring g8032
- port0
- port1
- open-ring
- instance
- profile
- rpl
- inclusion-list
- ethernet tcn-propagation
- aps-channel
- level
- raps-vlan
- g8032
- show ethernet ring g8032 configuration
- show ethernet ring g8032 brief
- show ethernet ring g8032 status
- show ethernet ring g8032 port status
- show ethernet ring g8032 profile
- show ethernet ring g8032 statistics
- show ethernet ring g8032 summary
- Green Ethernet Commands
- GMRP Commands
- GVRP Commands
- IGMP Snooping Commands
- ip igmp snooping
- show ip igmp snooping
- show ip igmp snooping groups
- show ip igmp snooping mrouter
- ip igmp snooping vlan immediate-leave
- ip igmp snooping vlan groupmembership-interval
- ip igmp snooping vlan last-member-query- interval
- ip igmp snooping vlan mcrtrexpiretime
- ip igmp snooping report-suppression
- ip igmp snooping unregistered floodall
- ip igmp snooping vlan mrouter
- IGMP Snooping Querier Commands
- Interface Error Disable and Auto Recovery Commands
- IP Device Tracking Commands
- IPv6 Access List Commands
- IPv6 MLD Snooping Commands
- ipv6 mld snooping vlan groupmembership- interval
- ipv6 mld snooping vlan immediate-leave
- ipv6 mld snooping listener-message-suppression
- ipv6 mld snooping vlan last-listener-query- interval
- ipv6 mld snooping vlan mcrtrexpiretime
- ipv6 mld snooping vlan mrouter
- ipv6 mld snooping (Global)
- show ipv6 mld snooping
- show ipv6 mld snooping groups
- show ipv6 mld snooping mrouter
- IPv6 MLD Snooping Querier Commands
- IP Source Guard Commands
- iSCSI Optimization Commands
- Link Dependency Commands
- LLDP Commands
- clear lldp remote-data
- clear lldp statistics
- debug lldp
- lldp med
- lldp med confignotification
- lldp med faststartrepeatcount
- lldp med-tlv-select
- lldp notification
- lldp notification-interval
- lldp receive
- lldp timers
- lldp transmit
- lldp tlv-select
- show lldp
- show lldp interface
- show lldp local-device
- show lldp med
- show lldp med interface
- show lldp med local-device detail
- show lldp med remote-device
- show lldp remote-device
- show lldp statistics
- Loop Protection Commands
- MLAG Commands
- clear vpc statistics
- feature vpc
- peer detection enable
- peer detection interval
- peer-keepalive destination
- peer-keepalive enable
- peer-keepalive timeout
- role priority
- show vpc
- show vpc brief
- show vpc consistency-parameters
- show vpc consistency-features
- show vpc peer-keepalive
- show vpc role
- show vpc statistics
- system-mac
- system-priority
- vpc
- vpc domain
- vpc peer-link
- Multicast VLAN Registration Commands
- Port Channel Commands
- Static LAGS
- VLANs and LAGs
- LAG Thresholds
- LAG Hashing
- Enhanced LAG Hashing
- Manual Aggregation of LAGs
- Flexible Assignment of Ports to LAGs
- channel-group
- interface port-channel
- interface range port-channel
- hashing-mode
- lacp port-priority
- lacp system-priority
- lacp timeout
- port-channel local-preference
- port-channel min-links
- show interfaces port-channel
- show lacp
- show statistics port-channel
- Port Monitor Commands
- destination
- destination interface
- erspan-id
- ip address
- ip dscp
- ip prec
- ip ttl
- monitor capture (Global Configuration)
- monitor capture (Privileged Exec)
- monitor capture mode
- monitor session
- monitor session type erspan-source
- origin ip address
- reflector-port
- remote-span
- source
- source interface
- show monitor capture
- show monitor session
- show vlan remote-span
- QoS Commands
- Access Control Lists
- Layer 2 ACLs
- Layer 3/4 IPv4 ACLs
- Class of Service (CoS)
- Queue Mapping
- DiffServ
- assign-queue
- class
- class-map
- class-map rename
- classofservice dot1p-mapping
- classofservice ip-dscp-mapping
- classofservice trust
- conform-color
- cos-queue min-bandwidth
- cos-queue random-detect
- cos-queue strict
- diffserv
- drop
- mark cos
- mark ip-dscp
- mark ip-precedence
- match access-group
- match class-map
- match cos
- match destination-address mac
- match any
- match dstip
- match dstip6
- match dstl4port
- match ethertype
- match ip6flowlbl
- match ip dscp
- match ip precedence
- match ip tos
- match protocol
- match source-address mac
- match srcip
- match srcip6
- match srcl4port
- match vlan
- mirror
- police-simple
- police-single-rate
- police-two-rate
- policy-map
- random-detect queue-parms
- random-detect exponential-weighting-constant
- redirect
- service-policy
- show class-map
- show classofservice dot1p-mapping
- show classofservice ip-dscp-mapping
- show classofservice trust
- show diffserv
- show diffserv service interface
- show diffserv service brief
- show interfaces cos-queue
- show interfaces random-detect
- show interfaces traffic
- show interfaces utilization
- show policy-map
- show policy-map interface
- show service-policy
- traffic-shape
- vlan priority
- Spanning Tree Commands
- clear spanning-tree detected-protocols
- exit (mst)
- instance (mst)
- name (MST)
- revision (mst)
- show spanning-tree
- show spanning-tree summary
- show spanning-tree vlan
- spanning-tree
- spanning-tree auto-portfast
- spanning-tree backbonefast
- spanning-tree bpdu flooding
- spanning-tree bpdu-protection
- spanning-tree cost
- spanning-tree disable
- spanning-tree forward-time
- spanning-tree guard
- spanning-tree loopguard
- spanning-tree max-age
- spanning-tree max-hops
- spanning-tree mode
- spanning-tree mst configuration
- spanning-tree mst cost
- spanning-tree mst port-priority
- spanning-tree mst priority
- spanning-tree portfast
- spanning-tree portfast bpdufilter default
- spanning-tree portfast default
- spanning-tree port-priority (Interface Configuration)
- spanning-tree priority
- spanning-tree tcnguard
- spanning-tree transmit hold-count
- spanning-tree uplinkfast
- spanning-tree vlan
- spanning-tree vlan forward-time
- spanning-tree vlan hello-time
- spanning-tree vlan max-age
- spanning-tree vlan root
- spanning-tree vlan priority
- UDLD Commands
- VLAN Commands
- Double VLAN Mode
- Independent VLAN Learning
- Protocol Based VLANs
- IP Subnet Based VLANs
- MAC-Based VLANs
- Private VLAN Commands
- interface vlan
- interface range vlan
- name (VLAN Configuration)
- private-vlan
- protocol group
- protocol vlan group
- protocol vlan group all
- show dot1q-tunnel
- show interfaces switchport
- show port protocol
- show switchport ethertype
- show vlan
- show vlan association mac
- show vlan association subnet
- show vlan private-vlan
- switchport access vlan
- switchport dot1q ethertype (Global Configuration)
- switchport dot1q ethertype (Interface Configuration)
- switchport general forbidden vlan
- switchport general acceptable-frame-type tagged-only
- switchport general allowed vlan
- switchport general ingress-filtering disable
- switchport general pvid
- switchport mode
- switchport mode dot1q-tunnel
- switchport mode private-vlan
- switchport private-vlan
- switchport trunk
- switchport trunk encapsulation dot1q
- vlan
- vlan association mac
- vlan association subnet
- vlan makestatic
- vlan protocol group
- vlan protocol group add protocol
- vlan protocol group name
- vlan protocol group remove
- Switchport Voice VLAN Commands
- Multiple MAC Registration Protocol Commands
- Multiple VLAN Registration Protocol Commands
- Security Commands
- AAA Commands
- Administrative Authentication
- Administrative Accounting
- Accounting Method Lists
- Access Line Modes
- Command Authorization
- Network Authentication
- Local 802.1x Authentication Server
- MAC Authentication Bypass
- Guest VLAN
- Unauthenticated VLAN
- aaa accounting
- aaa accounting delay-start
- aaa accounting update
- aaa authentication dot1x default
- aaa authentication enable
- aaa authentication login
- aaa authorization
- aaa authorization network default radius
- aaa ias-user username
- aaa new-model
- aaa server radius dynamic-author
- authentication command
- authentication control-direction
- authentication critical recovery
- authentication dynamic-vlan enable
- authentication enable
- authentication event server dead action
- authentication event server alive action
- authentication open
- authentication order
- authentication priority
- authentication timer restart
- authentication violation
- clear (IAS)
- clear authentication statistics
- clear authentication authentication-history
- enable password
- ip admission proxy http redirect-url
- ip admission proxy http redirect-tgt
- ip dns domain-list
- authentication allow-unauth dhcp
- ip http authentication
- ip https authentication
- mab
- password (AAA IAS User Configuration)
- password (User Exec)
- show aaa ias-users
- show aaa statistics
- show accounting methods
- show accounting update
- show authentication
- show authentication authentication-history
- show authentication methods
- show authentication statistics
- show authorization methods
- show mab
- show users accounts
- show users login-history
- username
- username unlock
- Administrative Profiles Commands
- E-mail Alerting Commands
- logging email
- logging email urgent
- logging email message-type to-addr
- logging email from-addr
- logging email message-type subject
- logging email logtime
- logging email test message-type
- show logging email statistics
- clear logging email statistics
- security
- mail-server ip-address | hostname
- port (Mail Server Configuration Mode)
- username (Mail Server Configuration Mode)
- password (Mail Server Configuration Mode)
- show mail-server
- RADIUS Commands
- RADIUS-based Dynamic VLAN Assignment
- RADIUS Change of Authorization
- acct-port
- attribute 6
- attribute 8
- attribute 25
- attribute mac format
- attribute 32
- attribute 44
- attribute 168
- authentication event fail retry
- auth-port
- automate-tester
- deadtime
- key
- msgauth
- name (RADIUS Server)
- primary
- priority
- radius server attribute 4
- radius server attribute 6
- radius server attribute 8
- radius server attribute 25
- radius server attribute 32
- radius server attribute 44
- radius server attribute mac format
- radius server attribute 168
- radius server dead-criteria
- radius server deadtime
- radius server
- radius server key
- radius server load-balance
- radius server retransmit
- radius server source-ip
- radius server source-interface
- radius server timeout
- radius server vsa send authentication
- retransmit
- show aaa servers
- show radius statistics
- source-ip
- timeout
- usage authmgr
- TACACS+ Commands
- 802.1x NAS Commands
- 802.1x Monitor Mode
- dot1x eapolflood
- clear authentication sessions
- default mab
- mab request format attribute 1
- mab request format attribute 2
- dot1x max-reauth-req
- dot1x max-req
- dot1x max-start
- dot1x pae
- authentication host-mode
- authentication max-users
- authentication port-control
- authentication periodic
- clear dot1x statistics
- dot1x supplicant user
- dot1x system-auth-control
- authentication monitor
- dot1x timeout
- authentication timer reauthenticate
- auth-type
- client
- ignore
- port
- server-key
- dot1x user
- show dot1x
- show authentication authentication-history
- show authentication clients
- show dot1x interface
- show dot1x interface statistics
- clear authentication authentication–history
- 802.1x Advanced Features
- authentication event no-response
- authentication event fail
- show dot1x advanced
- Captive Portal Commands
- Captive Portal Administrative Profile Commands
- authentication timeout
- captive-portal
- enable
- http port
- https port
- show captive-portal
- show captive-portal status
- Captive Portal Configuration Commands
- block
- configuration
- enable
- group
- interface
- locale
- name (Captive Portal)
- protocol
- redirect
- redirect-url
- session-timeout
- verification
- Captive Portal Client Connection Commands
- captive-portal client deauthenticate
- show captive-portal client status
- show captive-portal configuration client status
- show captive-portal interface client status
- Captive Portal Interface Commands
- show captive-portal interface configuration status
- clear captive-portal users
- no user
- show captive-portal user
- user group
- user-logout
- user name
- user password
- user session-timeout
- Captive Portal Status Commands
- show captive-portal configuration
- show captive-portal configuration interface
- show captive-portal configuration locales
- show captive-portal configuration status
- Captive Portal User Group Commands
- user group
- user group moveusers
- user group name
- Denial of Service Commands
- Management ACL Commands
- Password Management Commands
- Configurable Minimum Password Length
- Password History
- Password Aging
- User Lockout
- Password Strength
- passwords aging
- passwords history
- passwords lock-out
- passwords min-length
- passwords strength-check
- passwords strength minimum uppercase-letters
- passwords strength minimum lowercase-letters
- passwords strength minimum numeric- characters
- passwords strength minimum special-characters
- passwords strength max-limit consecutive- characters
- passwords strength max-limit repeated- characters
- passwords strength minimum character-classes
- passwords strength exclude-keyword
- enable password encrypted
- show passwords configuration
- show passwords result
- SSH Commands
- crypto key generate dsa
- crypto key generate ecdsa
- crypto key generate rsa
- crypto key pubkey-chain ssh
- crypto key zeroize pubkey-chain
- crypto key zeroize {rsa|dsa|ecdsa}
- ip scp server enable
- ip ssh port
- ip ssh pubkey-auth
- ip ssh server
- key-string
- ssh
- ssh session-limit
- ssh time-out
- show crypto key mypubkey
- show crypto key pubkey-chain ssh
- show ip ssh
- show ssh
- AAA Commands
- Data Center Technology Commands
- Layer 3 Routing Commands
- ARP Commands
- Bidirectional Forwarding Detection Commands
- Border Gateway Protocol Commands
- router bgp
- address-family
- address-family ipv4 vrf
- address-family ipv6
- address-family vpnv4 unicast
- aggregate-address
- bgp aggregate-different-meds (BGP Router Configuration)
- bgp aggregate-different-meds (IPv6 Address Family Configuration)
- bgp always-compare-med
- bgp client-to-client reflection (BGP Router Configuration)
- bgp client-to-client reflection (IPv6 Address Family Configuration)
- bgp cluster-id
- bgp default local-preference
- bgp fast-external-fallover
- bgp fast-internal-fallover
- bgp listen
- bgp log-neighbor-changes
- bgp maxas-limit
- bgp router-id
- clear ip bgp
- clear ip bgp counters
- default-information originate (BGP Router Configuration)
- default-information originate (IPv6 Address Family Configuration)
- default metric (BGP Router Configuration)
- default metric (IPv6 Address Family Configuration)
- distance
- distance bgp (BGP Router Configuration)
- distance bgp (IPv6 Address Family Configuration)
- distribute-list prefix in
- distribute-list prefix out (BGP Router Configuration)
- distribute-list prefix out (IPv6 Address Family Configuration)
- enable
- ip as-path access-list
- ip bgp-community new-format
- ip bgp fast-external-fallover
- ip community-list
- ip extcommunity-list
- match extcommunity
- maximum-paths (BGP Router Configuration)
- maximum-paths (IPv6 Address Family Configuration)
- maximum-paths ibgp (BGP Router Configuration)
- maximum-paths ibgp (IPv6 Address Family Configuration)
- neighbor activate
- neighbor advertisement-interval (BGP Router Configuration)
- neighbor advertisement-interval (IPv6 Address Family Configuration)
- neighbor allowas-in
- neighbor connect-retry-interval
- neighbor default-originate (BGP Router Configuration)
- neighbor default-originate (IPv6 Address Family Configuration)
- neighbor description
- neighbor ebgp-multihop
- neighbor filter-list (BGP Router Configuration)
- neighbor filter-list (IPv6 Address Family Configuration)
- neighbor inherit peer
- neighbor local-as
- neighbor maximum-prefix (BGP Router Configuration)
- neighbor maximum-prefix (IPv6 Address Family Configuration)
- neighbor next-hop-self (BGP Router Configuration)
- neighbor next-hop-self (IPv6 Address Family Configuration)
- neighbor password
- neighbor prefix-list (BGP Router Configuration)
- neighbor prefix-list (IPv6 Address Family Configuration)
- neighbor remote-as
- neighbor remove-private-as
- neighbor rfc5549-support
- neighbor route-map (BGP Router Configuration)
- neighbor route-map (IPv6 Address Family Configuration)
- neighbor route-reflector-client (BGP Router Configuration)
- neighbor route-reflector-client (IPv6 Address Family Configuration)
- neighbor send-community (BGP Router Configuration)
- neighbor send-community (IPv6 Address Family Configuration)
- neighbor shutdown
- neighbor timers
- neighbor update-source
- network (BGP Router Configuration)
- network (IPv6 Address Family Configuration)
- rd
- redistribute (BGP)
- redistribute (BGP IPv6)
- route-target
- set extcommunity rt
- set extcommunity soo
- show bgp ipv6
- show bgp ipv6 aggregate-address
- show bgp ipv6 community
- show bgp ipv6 community-list
- show bgp ipv6 listen range
- show bgp ipv6 neighbors
- show bgp ipv6 neighbors advertised-routes
- show bgp ipv6 neighbors policy
- show bgp ipv6 neighbors received-routes
- show bgp ipv6 statistics
- show bgp ipv6 summary
- show bgp ipv6 update-group
- show bgp ipv6 route-reflection
- show ip bgp
- show ip bgp aggregate-address
- show ip bgp community
- show ip bgp community-list
- show ip bgp extcommunity-list
- show ip bgp listen range
- show ip bgp neighbors
- show ip bgp neighbors advertised-routes
- show ip bgp neighbors received-routes
- show ip bgp neighbors policy
- show ip bgp route-reflection
- show ip bgp statistics
- show ip bgp summary
- show ip bgp template
- show ip bgp traffic
- show ip bgp update-group
- show ip bgp vpn4
- template peer
- timers bgp
- timers policy-apply delay
- graceful-restart
- graceful-restart-helper
- BGP Routing Policy
- ip as-path access-list
- ip bgp-community new-format
- ip community-list
- ip prefix-list
- ip prefix-list description
- ipv6 prefix-list
- match as-path
- match community
- match ip address prefix-list
- match ipv6 address prefix-list
- show ip as-path-access-list
- show ip community-list
- show ip prefix-list
- show ipv6 prefix-list
- clear ip prefix-list
- clear ipv6 prefix-list
- clear ip community-list
- set as-path
- set comm-list delete
- set community
- set ipv6 next-hop (BGP)
- set local-preference
- set metric
- DVMRP Commands
- IGMP Commands
- ip igmp last-member-query-count
- ip igmp last-member-query-interval
- ip igmp mroute-proxy
- ip igmp query-interval
- ip igmp query-max-response-time
- ip igmp robustness
- ip igmp startup-query-count
- ip igmp startup-query-interval
- ip igmp version
- show ip igmp
- show ip igmp groups
- show ip igmp interface
- show ip igmp membership
- show ip igmp interface stats
- IGMP Proxy Commands
- IP Helper/DHCP Relay Commands
- ip dhcp relay maxhopcount
- ip dhcp relay minwaittime
- clear ip helper statistics
- ip dhcp relay information check
- ip dhcp relay information check-reply
- ip dhcp relay information option
- ip dhcp relay information option-insert
- ip dhcp relay information option server-override
- ip dhcp relay source-interface
- ip helper-address (global configuration)
- ip helper-address (interface configuration)
- ip helper enable
- show ip helper-address
- show ip dhcp relay
- show ip helper statistics
- IP Routing Commands
- Static Routes/ECMP Static Routes
- Static Reject Routes
- Default Routes
- encapsulation
- ip icmp echo-reply
- ip icmp error-interval
- ip load-sharing
- ip directed-broadcast
- ip policy route-map
- ip redirects
- ip route
- ip route default
- ip route distance
- ip routing
- ip unnumbered
- ip unnumbered gratuitous-arp accept
- ip unreachables
- match ip address
- match length
- match mac-list
- route-map
- set interface null0
- set ip default next-hop
- set ip next-hop
- set ip precedence
- show ip brief
- show ip interface
- show ip policy
- show ip protocols
- show ip route
- show ip route preferences
- show ip route summary
- show ip traffic
- show ip vlan
- show route-map
- show routing heap summary
- IPv6 Routing Commands
- IPv6 Limitations & Restrictions
- clear ipv6 neighbors
- clear ipv6 ospf
- clear ipv6 ospf configuration
- clear ipv6 ospf counters
- clear ipv6 ospf neighbor
- clear ipv6 ospf redistribution
- clear ipv6 ospf stub-router
- clear ipv6 statistics
- ipv6 address
- ipv6 enable
- ipv6 hop-limit
- ipv6 host
- ipv6 icmp error-interval
- ipv6 mld last-member-query-count
- ipv6 mld last-member-query-interval
- ipv6 mld host-proxy
- ipv6 mld host-proxy reset-status
- ipv6 mld host-proxy unsolicit-rprt-interval
- ipv6 mld query-interval
- ipv6 mld query-max-response-time
- ipv6 nd dad attempts
- ipv6 nd ra hop-limit unspecified
- ipv6 nd managed-config-flag
- ipv6 nd ns-interval
- ipv6 nud max-multicast-solicits
- ipv6 nud max-unicast-solicits
- ipv6 nd nud retry
- ipv6 nd other-config-flag
- ipv6 nd prefix
- ipv6 nd raguard attach-policy
- ipv6 nd ra-interval
- ipv6 nd ra-lifetime
- ipv6 nd reachable-time
- ipv6 nd suppress-ra
- ipv6 neighbor
- ipv6 redirect
- ipv6 route
- ipv6 route distance
- ipv6 unicast-routing
- ipv6 unreachables
- show ipv6 brief
- show ipv6 interface
- show ipv6 mld groups
- show ipv6 mld interface
- show ipv6 mld host-proxy
- show ipv6 mld host-proxy groups
- show ipv6 mld host-proxy groups detail
- show ipv6 mld host-proxy interface
- show ipv6 mld traffic
- show ipv6 nd raguard policy
- show ipv6 neighbors
- show ipv6 protocols
- show ipv6 route
- show ipv6 route preferences
- show ipv6 route summary
- show ipv6 snooping counters
- show ipv6 traffic
- show ipv6 vlan
- traceroute ipv6
- Loopback Interface Commands
- IP Multicast Commands
- clear ip mroute
- ip multicast boundary
- ip mroute
- ip multicast-routing
- ip multicast ttl-threshold
- ip pim
- ip pim bsr-border
- ip pim bsr-candidate
- ip pim dense-mode
- ip pim dr-priority
- ip pim hello-interval
- ip pim join-prune-interval
- ip pim rp-address
- ip pim rp-candidate
- ip pim sparse-mode
- ip pim ssm
- show ip mfc
- show ip multicast
- show ip pim boundary
- show ip multicast interface
- show ip mroute
- show ip mroute group
- show ip mroute source
- show ip mroute static
- show ip pim
- show ip pim bsr-router
- show ip pim interface
- show ip pim neighbor
- show ip pim rp-hash
- show ip pim rp mapping
- show ip pim statistics
- IPv6 Multicast Commands
- clear ipv6 mroute
- ipv6 pim (VLAN Interface config)
- ipv6 pim bsr-border
- ipv6 pim bsr-candidate
- ipv6 pim dense-mode
- ipv6 pim dr-priority
- ipv6 pim hello-interval
- ipv6 pim join-prune-interval
- ipv6 pim register-threshold
- ipv6 pim rp-address
- ipv6 pim rp-candidate
- ipv6 pim sparse-mode
- ipv6 pim ssm
- show ipv6 pim
- show ipv6 pim bsr-router
- show ipv6 mroute group
- show ipv6 mroute source
- show ipv6 pim interface
- show ipv6 pim neighbor
- show ipv6 pim rp-hash
- show ipv6 pim rp mapping
- show ipv6 pim statistics
- IP Service Level Agreement Commands
- OSPF Commands
- Route Preferences
- OSPF Equal Cost Multipath (ECMP)
- Forwarding of OSPF Opaque LSAs Enabled by Default
- Passive Interfaces
- Graceful Restart
- area default-cost (Router OSPF)
- area nssa (Router OSPF)
- area nssa default-info-originate (Router OSPF Config)
- area nssa no-redistribute
- area nssa no-summary
- area nssa translator-role
- area nssa translator-stab-intv
- area range (Router OSPF)
- area stub
- area stub no-summary
- area virtual-link
- area virtual-link authentication
- area virtual-link dead-interval
- area virtual-link hello-interval
- area virtual-link retransmit-interval
- area virtual-link transmit-delay
- auto-cost
- bandwidth
- bfd
- capability opaque
- clear ip ospf
- clear ip ospf stub-router
- compatible rfc1583
- default-information originate (Router OSPF Configuration)
- default-metric
- distance ospf
- distribute-list out
- enable
- exit-overflow-interval
- external-lsdb-limit
- ip ospf area
- ip ospf authentication
- ip ospf cost
- ip ospf database-filter all out
- ip ospf dead-interval
- ip ospf hello-interval
- ip ospf mtu-ignore
- ip ospf network
- ip ospf priority
- ip ospf retransmit-interval
- ip ospf transmit-delay
- log adjacency-changes
- max-metric router-lsa
- maximum-paths
- network area
- nsf
- nsf helper
- nsf helper strict-lsa-checking
- nsf restart-interval
- passive-interface default
- passive-interface
- redistribute (OSPF)
- router-id
- router ospf
- show ip ospf
- show ip ospf abr
- show ip ospf area
- show ip ospf asbr
- show ip ospf database
- show ip ospf database database-summary
- show ip ospf interface
- show ip ospf interface brief
- show ip ospf interface stats
- show ip ospf lsa-group
- show ip ospf neighbor
- show ip ospf range
- show ip ospf statistics
- show ip ospf stub table
- show ip ospf traffic
- show ip ospf virtual-links
- show ip ospf virtual-links brief
- timers pacing flood
- timers pacing lsa-group
- timers spf
- OSPFv3 Commands
- area default-cost (Router OSPFv3)
- area nssa (Router OSPFv3)
- area nssa default-info-originate (Router OSPFv3 Config)
- area nssa no-redistribute
- area nssa no-summary
- area nssa translator-role
- area nssa translator-stab-intv
- area range (Router OSPFv3)
- area stub
- area stub no-summary
- area virtual-link
- area virtual-link dead-interval
- area virtual-link hello-interval
- area virtual-link retransmit-interval
- area virtual-link transmit-delay
- default-information originate (Router OSPFv3 Configuration)
- default-metric
- distance ospf
- enable
- exit-overflow-interval
- external-lsdb-limit
- ipv6 ospf
- ipv6 ospf area
- ipv6 ospf cost
- ipv6 ospf dead-interval
- ipv6 ospf hello-interval
- ipv6 ospf mtu-ignore
- ipv6 ospf network
- ipv6 ospf priority
- ipv6 ospf retransmit-interval
- ipv6 ospf transmit-delay
- ipv6 router ospf
- maximum-paths
- nsf
- nsf helper
- nsf helper strict-lsa-checking
- nsf restart-interval
- passive-interface
- passive-interface default
- redistribute (OSPFv3)
- router-id
- show ipv6 ospf
- show ipv6 ospf abr
- show ipv6 ospf area
- show ipv6 ospf asbr
- show ipv6 ospf border-routers
- show ipv6 ospf database
- show ipv6 ospf database database-summary
- show ipv6 ospf interface
- show ipv6 ospf interface brief
- show ipv6 ospf interface stats
- show ipv6 ospf interface vlan
- show ipv6 ospf lsa-group
- show ipv6 ospf neighbor
- show ipv6 ospf range
- show ipv6 ospf statistics
- show ipv6 ospf stub table
- show ipv6 ospf virtual-link
- show ipv6 ospf virtual-link brief
- timers throttle spf
- IPv6 Policy-Based Routing Commands
- Router Discovery Protocol Commands
- Routing Information Protocol Commands
- auto-summary
- default-information originate (Router RIP Configuration)
- default-metric
- distance rip
- distribute-list out
- enable
- hostroutesaccept
- ip rip
- ip rip authentication
- ip rip receive version
- ip rip send version
- redistribute (RIP)
- router rip
- show ip rip
- show ip rip interface
- show ip rip interface brief
- split-horizon
- Tunnel Interface Commands
- Unicast Reverse Path Forwarding Commands
- Virtual Router Commands
- Virtual Router Redundancy Protocol Commands
- Pingable VRRP Interface
- VRRP Route/Interface Tracking
- Interface Tracking
- Route Tracking
- Virtual Router Redundancy Protocol Commands
- ip vrrp
- vrrp accept-mode
- vrrp authentication
- vrrp description
- vrrp ip
- vrrp mode
- vrrp preempt
- vrrp priority
- vrrp timers advertise
- vrrp timers learn
- vrrp track interface
- vrrp track ip route
- show vrrp
- show vrrp interface
- Virtual Router Redundancy Protocol v3 Commands
- Switch Management Commands
- Application Deployment
- Auto-Install Commands
- CLI Macro Commands
- Clock Commands
- Real-time Clock
- Simple Network Time Protocol
- show sntp configuration
- show sntp server
- show sntp status
- sntp authenticate
- sntp authentication-key
- sntp broadcast client enable
- sntp client poll timer
- sntp server
- sntp source-interface
- sntp trusted-key
- sntp unicast client enable
- clock set
- clock timezone hours-offset
- no clock timezone
- clock summer-time recurring
- clock summer-time date
- no clock summer-time
- show clock
- Command Line Configuration Scripting Commands
- CLI Output Filtering Commands
- Configuration and Image File Commands
- DHCP Client Commands
- DHCP Server Commands
- ip dhcp pool
- bootfile
- clear ip dhcp binding
- clear ip dhcp conflict
- client-identifier
- client-name
- default-router
- dns-server (IP DHCP Pool Config)
- domain-name (IP DHCP Pool Config)
- hardware-address
- host
- ip dhcp bootp automatic
- ip dhcp conflict logging
- ip dhcp excluded-address
- ip dhcp ping packets
- lease
- netbios-name-server
- netbios-node-type
- network
- next-server
- option
- service dhcp
- sntp
- show ip dhcp binding
- show ip dhcp conflict
- show ip dhcp global configuration
- show ip dhcp pool
- show ip dhcp server statistics
- DHCPv6 Server Commands
- HiveAgent Commands
- IP Addressing Commands
- clear host
- clear ip address-conflict-detect
- interface out-of-band
- ip address
- ip address (Out-of-Band)
- ip address-conflict-detect run
- ip address dhcp (Interface Configuration)
- ip default-gateway
- ip domain-lookup
- ip domain-name
- ip host
- ip name-server
- ip name-server source-interface
- ipv6 address (Interface Configuration)
- ipv6 address (OOB Port)
- ipv6 address dhcp
- ipv6 enable (Interface Configuration)
- ipv6 enable (OOB Configuration)
- ipv6 gateway (OOB Configuration)
- show hosts
- show ip address-conflict
- show ip helper-address
- show ipv6 dhcp interface out-of-band statistics
- show ipv6 interface out-of-band
- Line Commands
- MACsec Commands
- mka policy (Global Config)
- key-server priority
- macsec-cipher-suite
- confidentiality-offset
- key chain
- key
- cryptographic-algorithm
- key-string
- time-range
- macsec [network-link]
- mka policy (Interface Config)
- mka pre-shared-key key-chain
- macsec replay-protection
- authentication linksec policy
- show macsec
- show mka policy
- show mka sessions
- show key chain
- show mka statistics
- show macsec secy statistics
- clear mka statistics
- clear macsec secy statistics
- mka defaults policy send-secure-announcements
- send-secure-announcements
- eapol announcements
- PHY Diagnostics Commands
- Power Over Ethernet Commands
- Flexible Power Management
- power inline
- power inline detection
- power inline four-pair forced
- power inline limit
- power inline management
- power inline poe-ha
- power inline powered-device
- power inline priority
- power inline reset
- power inline usage-threshold
- clear power inline statistics
- show power inline
- show power inline firmware-version
- RMON Commands
- Serviceability Commands
- debug aaa
- debug arp
- debug authentication interface
- debug auto-voip
- debug bfd
- debug cfm
- debug clear
- debug console
- debug crashlog
- debug dhcp packet
- debug dhcp server packet
- debug dot1x
- debug igmpsnooping
- debug ip acl
- debug ip bgp
- debug ip device tracking
- debug ip dvmrp
- debug ip igmp
- debug ip mcache
- debug ip pimdm packet
- debug ip pimsm packet
- debug ip vrrp
- debug ipv6 dhcp
- debug ipv6 mcache
- debug ipv6 mld
- debug ipv6 ospfv3 packet
- debug ipv6 pimdm
- debug ipv6 pimsm
- debug ipv6 ping
- debug isdp
- debug lacp
- debug mldsnooping
- debug ospf
- debug ospfv3 packet
- debug ping
- debug rip
- debug sflow
- debug spanning-tree
- debug tacacs
- debug transfer
- debug udld
- debug vpc
- debug vrrp
- exception core-file
- exception dump
- exception protocol
- exception switch-chip-register
- ip http timeout-policy
- show debugging
- show exception
- show supported mibs
- snapshot bgp
- write core
- Sflow Commands
- SNMP Commands
- show snmp
- show snmp engineid
- show snmp filters
- show snmp group
- show snmp user
- show snmp views
- show trapflags
- snmp-server community
- snmp-server community-group
- snmp-server contact
- snmp-server enable traps
- snmp-server engineID local
- snmp-server filter
- snmp-server group
- snmp-server host
- snmp-server location
- snmp-server user
- snmp-server view
- snmp-server v3-host
- snmp-server source-interface
- SupportAssist Commands
- SYSLOG Commands
- Command Logging
- clear logging
- clear logging file
- description (Logging)
- level
- logging cli-command
- logging
- logging audit
- logging buffered
- logging console
- logging facility
- logging file
- logging monitor
- logging on
- logging protocol
- logging snmp
- logging source-interface
- logging traps
- logging web-session
- port
- show logging
- show logging file
- show syslog-servers
- terminal monitor
- System and Stack Management Commands
- asset-tag
- banner exec
- banner login
- banner motd
- banner motd acknowledge
- buffers
- clear checkpoint statistics
- clear counters stack-ports
- connect
- disconnect
- exit
- hardware profile portmode
- hostname
- initiate failover
- load-interval
- locate
- logout
- member
- memory free low-watermark
- nsf
- ping
- process cpu threshold
- quit
- reload
- service unsupported-transceiver
- set description
- slot
- show banner
- show buffers
- show checkpoint statistics
- show cut-through mode
- show hardware profile portmode
- show idprom interface
- show interfaces
- show interfaces advanced firmware
- show memory cpu
- show msg-queue
- show nsf
- show power-usage-history
- show process app-list
- show process app-resource-list
- show process cpu
- show process proc-list
- show router-capability
- show sessions
- show slot
- show supported cardtype
- show supported switchtype
- show switch
- show system
- show system fan
- show system id
- show system power
- show system temperature
- show tech-support
- show users
- show version
- stack
- stack-port
- stack-port shutdown
- standby
- switch renumber
- telnet
- traceroute
- traceroute ipv6
- update bootcode
- Telnet Server Commands
- Time Ranges Commands
- USB Flash Drive Commands
- User Interface Commands
- Web Server Commands
- Web Sessions
- common-name
- country
- crypto certificate generate
- crypto certificate import
- crypto certificate request
- duration
- ip http port
- ip http server
- ip http secure-certificate
- ip http secure-port
- ip http secure-server
- ip scp server enable
- key-generate
- location
- no crypto certificate
- organization-name
- organization-unit
- quit
- show crypto certificate mycertificate
- show ip http server status
- show ip http server secure status
- state
- subject-alternative-name
- Appendix A: List of Commands
Security Commands 1194
User Guidelines
A rule with the specified priority-value must exist in order to be removed.
Command History
Command introduced in version 6.5 firmware.
permit (management)
Use the permit command in Management Access-List configuration mode to
set conditions for allowing packets to flow to the switch management
function.
Syntax
permit ip-source
ip-address
[mask
mask
|
prefix-length
] [vlan
vlan-id
|fortygigabitethernet unit/slot/port][ service
service
] [ priority
priority-value
]
permit {vlan
vlan-id
} [service
service
] [priority
priority-value
]
permit service
service
[priority
priority-value
]
permit priority
priority-value
• vlan
vlan-id
— A valid VLAN number.
•
ip-address
— Source IP address.
• mask
mask
— Specifies the network mask of the source IP address.
• mask
prefix-length
— Specifies the number of bits that comprise the
source IP address prefix. The prefix length must be preceded by a forward
slash (/). (Range: 0–32)
• service
service
— Indicates service type. It can be one of the following:
telnet, ssh, http, https, tftp, snmp, sntp, or any. The any keyword indicates
that the service match for the ACL is effectively “don’t care”.
• priority
priority-value
— Priority for the rule. (Range: 1 – 64)
Default Configuration
This command has no default configuration.