Users Guide
Table Of Contents
- Dell EMC Networking CLI
- Introduction
- Command Groups
- Mode Types
- Layer 2 Commands
- ACL
- MAC Address Table
- MAC Notification
- Auto-VoIP
- CDP Interoperability
- DHCP L2 Relay
- DHCP Snooping
- Dynamic ARP Inspection
- Ethernet Configuration
- Ethernet CFM
- Ethernet Ring Protection
- Green Ethernet
- GVRP
- IGMP Snooping
- IGMP Snooping Querier
- Interface Error Disable and Auto Recovery
- IP Addressing
- IPv6 ACL
- IPv6 MLD Snooping
- IPv6 MLD Snooping Querier
- IP Source Guard
- iSCSI Optimization
- Link Dependency
- LLDP
- Loop Protection
- MLAG
- Multicast VLAN Registration
- Port Channel
- Port Monitor
- QoS
- Spanning Tree
- UDLD
- VLAN
- Switchport Voice VLAN
- Multiple MAC Registration Protocol
- Multiple VLAN Registration Protocol
- Security Commands
- Data Center Commands
- Layer 3 Routing Commands
- ARP (IPv4)
- BFD
- BGP
- BGP Routing Policy
- DHCP Server and Relay Agent (IPv4)
- DHCPv6
- DHCPv6 Snooping
- DVMRP
- GMRP
- IGMP
- IGMP Proxy
- IP Helper/DHCP Relay
- IP Routing
- IPv6 Routing
- Loopback Interface
- Multicast
- IPv6 Multicast
- OSPF
- OSPFv3
- IPv6 Policy-Based Routing
- Router Discovery Protocol
- Routing Information Protocol
- Tunnel Interface
- Unicast Reverse Path Forwarding
- Virtual Router
- Virtual Router Redundancy
- Virtual Router Redundancy Protocol version 3 Commands
- Switch Management Commands
- Using the CLI
- Layer 2 Switching Commands
- ACL Commands
- MAC Address Table Commands
- clear mac address-table
- mac address-table aging-time
- mac address-table multicast forbidden address
- mac address-table static
- switchport port-security (Global Configuration)
- switchport port-security (Interface Configuration)
- show mac address-table multicast
- show mac address-table
- show mac address-table address
- show mac address-table count
- show mac address-table dynamic
- show mac address-table interface
- show mac address-table static
- show mac address-table vlan
- show port-security
- MAC Notification Commands
- Auto-VoIP Commands
- CDP Interoperability Commands
- DHCP Layer 2 Relay Commands
- dhcp l2relay (Global Configuration)
- dhcp l2relay (Interface Configuration)
- dhcp l2relay circuit-id
- dhcp l2relay remote-id
- dhcp l2relay trust
- dhcp l2relay vlan
- show dhcp l2relay all
- show dhcp l2relay interface
- show dhcp l2relay stats interface
- show dhcp l2relay agent-option vlan
- show dhcp l2relay vlan
- show dhcp l2relay circuit-id vlan
- show dhcp l2relay remote-id vlan
- clear dhcp l2relay statistics interface
- DHCP Snooping Commands
- clear ip dhcp snooping binding
- clear ip dhcp snooping statistics
- ip dhcp snooping
- ip dhcp snooping binding
- ip dhcp snooping database
- ip dhcp snooping database write-delay
- ip dhcp snooping limit
- ip dhcp snooping log-invalid
- ip dhcp snooping trust
- ip dhcp snooping verify mac-address
- show ip dhcp snooping
- show ip dhcp snooping binding
- show ip dhcp snooping database
- show ip dhcp snooping interfaces
- show ip dhcp snooping statistics
- DHCPv6 Snooping Commands
- clear ipv6 dhcp snooping binding
- clear ipv6 dhcp snooping statistics
- ipv6 dhcp snooping
- ipv6 dhcp snooping vlan
- ipv6 dhcp snooping binding
- ipv6 dhcp snooping database
- ipv6 dhcp snooping database write-delay
- ipv6 dhcp snooping limit
- ipv6 dhcp snooping log-invalid
- ipv6 dhcp snooping trust
- ipv6 dhcp snooping verify mac-address
- ipv6 verify binding
- ipv6 verify source
- show ipv6 dhcp snooping
- show ipv6 dhcp snooping binding
- show ipv6 dhcp snooping database
- show ipv6 dhcp snooping interfaces
- show ipv6 dhcp snooping statistics
- show ipv6 source binding
- show ipv6 verify
- show ipv6 verify source
- Dynamic ARP Inspection Commands
- Ethernet Configuration Commands
- clear counters
- description
- default (interface)
- duplex
- flowcontrol
- forward-error-correction
- interface
- interface range
- link debounce time
- rate-limit cpu
- show interfaces
- show interfaces advertise
- show interfaces configuration
- show interfaces counters
- show interfaces debounce
- show interfaces description
- show interfaces detail
- show interfaces status
- show interfaces transceiver
- show interfaces trunk
- show statistics
- show statistics switchport
- show storm-control
- show storm-control action
- shutdown
- speed
- switchport protected
- switchport protected name
- show switchport protected
- show system mtu
- system jumbo mtu
- Ethernet CFM Commands
- ethernet cfm domain
- service
- ethernet cfm cc level
- ethernet cfm mep level
- ethernet cfm mep enable
- ethernet cfm mep active
- ethernet cfm mep archive-hold-time
- ethernet cfm mip level
- ping ethernet cfm
- traceroute ethernet cfm
- show ethernet cfm errors
- show ethernet cfm domain
- show ethernet cfm maintenance-points local
- show ethernet cfm maintenance-points remote
- show ethernet cfm statistics
- Ethernet Ring Protection Commands
- ethernet ring g8032 profile
- timer
- non-revertive
- ethernet ring g8032
- port0
- port1
- open-ring
- instance
- profile
- rpl
- inclusion-list
- ethernet tcn-propagation
- aps-channel
- level
- raps-vlan
- g8032
- show ethernet ring g8032 configuration
- show ethernet ring g8032 brief
- show ethernet ring g8032 status
- show ethernet ring g8032 port status
- show ethernet ring g8032 profile
- show ethernet ring g8032 statistics
- show ethernet ring g8032 summary
- Green Ethernet Commands
- GMRP Commands
- GVRP Commands
- IGMP Snooping Commands
- ip igmp snooping
- show ip igmp snooping
- show ip igmp snooping groups
- show ip igmp snooping mrouter
- ip igmp snooping vlan immediate-leave
- ip igmp snooping vlan groupmembership-interval
- ip igmp snooping vlan last-member-query- interval
- ip igmp snooping vlan mcrtrexpiretime
- ip igmp snooping report-suppression
- ip igmp snooping unregistered floodall
- ip igmp snooping vlan mrouter
- IGMP Snooping Querier Commands
- Interface Error Disable and Auto Recovery Commands
- IP Device Tracking Commands
- IPv6 Access List Commands
- IPv6 MLD Snooping Commands
- ipv6 mld snooping vlan groupmembership- interval
- ipv6 mld snooping vlan immediate-leave
- ipv6 mld snooping listener-message-suppression
- ipv6 mld snooping vlan last-listener-query- interval
- ipv6 mld snooping vlan mcrtrexpiretime
- ipv6 mld snooping vlan mrouter
- ipv6 mld snooping (Global)
- show ipv6 mld snooping
- show ipv6 mld snooping groups
- show ipv6 mld snooping mrouter
- IPv6 MLD Snooping Querier Commands
- IP Source Guard Commands
- iSCSI Optimization Commands
- Link Dependency Commands
- LLDP Commands
- clear lldp remote-data
- clear lldp statistics
- debug lldp
- lldp med
- lldp med confignotification
- lldp med faststartrepeatcount
- lldp med-tlv-select
- lldp notification
- lldp notification-interval
- lldp receive
- lldp timers
- lldp transmit
- lldp tlv-select
- show lldp
- show lldp interface
- show lldp local-device
- show lldp med
- show lldp med interface
- show lldp med local-device detail
- show lldp med remote-device
- show lldp remote-device
- show lldp statistics
- Loop Protection Commands
- MLAG Commands
- clear vpc statistics
- feature vpc
- peer detection enable
- peer detection interval
- peer-keepalive destination
- peer-keepalive enable
- peer-keepalive timeout
- role priority
- show vpc
- show vpc brief
- show vpc consistency-parameters
- show vpc consistency-features
- show vpc peer-keepalive
- show vpc role
- show vpc statistics
- system-mac
- system-priority
- vpc
- vpc domain
- vpc peer-link
- Multicast VLAN Registration Commands
- Port Channel Commands
- Static LAGS
- VLANs and LAGs
- LAG Thresholds
- LAG Hashing
- Enhanced LAG Hashing
- Manual Aggregation of LAGs
- Flexible Assignment of Ports to LAGs
- channel-group
- interface port-channel
- interface range port-channel
- hashing-mode
- lacp port-priority
- lacp system-priority
- lacp timeout
- port-channel local-preference
- port-channel min-links
- show interfaces port-channel
- show lacp
- show statistics port-channel
- Port Monitor Commands
- destination
- destination interface
- erspan-id
- ip address
- ip dscp
- ip prec
- ip ttl
- monitor capture (Global Configuration)
- monitor capture (Privileged Exec)
- monitor capture mode
- monitor session
- monitor session type erspan-source
- origin ip address
- reflector-port
- remote-span
- source
- source interface
- show monitor capture
- show monitor session
- show vlan remote-span
- QoS Commands
- Access Control Lists
- Layer 2 ACLs
- Layer 3/4 IPv4 ACLs
- Class of Service (CoS)
- Queue Mapping
- DiffServ
- assign-queue
- class
- class-map
- class-map rename
- classofservice dot1p-mapping
- classofservice ip-dscp-mapping
- classofservice trust
- conform-color
- cos-queue min-bandwidth
- cos-queue random-detect
- cos-queue strict
- diffserv
- drop
- mark cos
- mark ip-dscp
- mark ip-precedence
- match access-group
- match class-map
- match cos
- match destination-address mac
- match any
- match dstip
- match dstip6
- match dstl4port
- match ethertype
- match ip6flowlbl
- match ip dscp
- match ip precedence
- match ip tos
- match protocol
- match source-address mac
- match srcip
- match srcip6
- match srcl4port
- match vlan
- mirror
- police-simple
- police-single-rate
- police-two-rate
- policy-map
- random-detect queue-parms
- random-detect exponential-weighting-constant
- redirect
- service-policy
- show class-map
- show classofservice dot1p-mapping
- show classofservice ip-dscp-mapping
- show classofservice trust
- show diffserv
- show diffserv service interface
- show diffserv service brief
- show interfaces cos-queue
- show interfaces random-detect
- show interfaces traffic
- show interfaces utilization
- show policy-map
- show policy-map interface
- show service-policy
- traffic-shape
- vlan priority
- Spanning Tree Commands
- clear spanning-tree detected-protocols
- exit (mst)
- instance (mst)
- name (MST)
- revision (mst)
- show spanning-tree
- show spanning-tree summary
- show spanning-tree vlan
- spanning-tree
- spanning-tree auto-portfast
- spanning-tree backbonefast
- spanning-tree bpdu flooding
- spanning-tree bpdu-protection
- spanning-tree cost
- spanning-tree disable
- spanning-tree forward-time
- spanning-tree guard
- spanning-tree loopguard
- spanning-tree max-age
- spanning-tree max-hops
- spanning-tree mode
- spanning-tree mst configuration
- spanning-tree mst cost
- spanning-tree mst port-priority
- spanning-tree mst priority
- spanning-tree portfast
- spanning-tree portfast bpdufilter default
- spanning-tree portfast default
- spanning-tree port-priority (Interface Configuration)
- spanning-tree priority
- spanning-tree tcnguard
- spanning-tree transmit hold-count
- spanning-tree uplinkfast
- spanning-tree vlan
- spanning-tree vlan forward-time
- spanning-tree vlan hello-time
- spanning-tree vlan max-age
- spanning-tree vlan root
- spanning-tree vlan priority
- UDLD Commands
- VLAN Commands
- Double VLAN Mode
- Independent VLAN Learning
- Protocol Based VLANs
- IP Subnet Based VLANs
- MAC-Based VLANs
- Private VLAN Commands
- interface vlan
- interface range vlan
- name (VLAN Configuration)
- private-vlan
- protocol group
- protocol vlan group
- protocol vlan group all
- show dot1q-tunnel
- show interfaces switchport
- show port protocol
- show switchport ethertype
- show vlan
- show vlan association mac
- show vlan association subnet
- show vlan private-vlan
- switchport access vlan
- switchport dot1q ethertype (Global Configuration)
- switchport dot1q ethertype (Interface Configuration)
- switchport general forbidden vlan
- switchport general acceptable-frame-type tagged-only
- switchport general allowed vlan
- switchport general ingress-filtering disable
- switchport general pvid
- switchport mode
- switchport mode dot1q-tunnel
- switchport mode private-vlan
- switchport private-vlan
- switchport trunk
- switchport trunk encapsulation dot1q
- vlan
- vlan association mac
- vlan association subnet
- vlan makestatic
- vlan protocol group
- vlan protocol group add protocol
- vlan protocol group name
- vlan protocol group remove
- Switchport Voice VLAN Commands
- Multiple MAC Registration Protocol Commands
- Multiple VLAN Registration Protocol Commands
- Security Commands
- AAA Commands
- Administrative Authentication
- Administrative Accounting
- Accounting Method Lists
- Access Line Modes
- Command Authorization
- Network Authentication
- Local 802.1x Authentication Server
- MAC Authentication Bypass
- Guest VLAN
- Unauthenticated VLAN
- aaa accounting
- aaa accounting delay-start
- aaa accounting update
- aaa authentication dot1x default
- aaa authentication enable
- aaa authentication login
- aaa authorization
- aaa authorization network default radius
- aaa ias-user username
- aaa new-model
- aaa server radius dynamic-author
- authentication command
- authentication control-direction
- authentication critical recovery
- authentication dynamic-vlan enable
- authentication enable
- authentication event server dead action
- authentication event server alive action
- authentication open
- authentication order
- authentication priority
- authentication timer restart
- authentication violation
- clear (IAS)
- clear authentication statistics
- clear authentication authentication-history
- enable password
- ip admission proxy http redirect-url
- ip admission proxy http redirect-tgt
- ip dns domain-list
- authentication allow-unauth dhcp
- ip http authentication
- ip https authentication
- mab
- password (AAA IAS User Configuration)
- password (User Exec)
- show aaa ias-users
- show aaa statistics
- show accounting methods
- show accounting update
- show authentication
- show authentication authentication-history
- show authentication methods
- show authentication statistics
- show authorization methods
- show mab
- show users accounts
- show users login-history
- username
- username unlock
- Administrative Profiles Commands
- E-mail Alerting Commands
- logging email
- logging email urgent
- logging email message-type to-addr
- logging email from-addr
- logging email message-type subject
- logging email logtime
- logging email test message-type
- show logging email statistics
- clear logging email statistics
- security
- mail-server ip-address | hostname
- port (Mail Server Configuration Mode)
- username (Mail Server Configuration Mode)
- password (Mail Server Configuration Mode)
- show mail-server
- RADIUS Commands
- RADIUS-based Dynamic VLAN Assignment
- RADIUS Change of Authorization
- acct-port
- attribute 6
- attribute 8
- attribute 25
- attribute mac format
- attribute 32
- attribute 44
- attribute 168
- authentication event fail retry
- auth-port
- automate-tester
- deadtime
- key
- msgauth
- name (RADIUS Server)
- primary
- priority
- radius server attribute 4
- radius server attribute 6
- radius server attribute 8
- radius server attribute 25
- radius server attribute 32
- radius server attribute 44
- radius server attribute mac format
- radius server attribute 168
- radius server dead-criteria
- radius server deadtime
- radius server
- radius server key
- radius server load-balance
- radius server retransmit
- radius server source-ip
- radius server source-interface
- radius server timeout
- radius server vsa send authentication
- retransmit
- show aaa servers
- show radius statistics
- source-ip
- timeout
- usage authmgr
- TACACS+ Commands
- 802.1x NAS Commands
- 802.1x Monitor Mode
- dot1x eapolflood
- clear authentication sessions
- default mab
- mab request format attribute 1
- mab request format attribute 2
- dot1x max-reauth-req
- dot1x max-req
- dot1x max-start
- dot1x pae
- authentication host-mode
- authentication max-users
- authentication port-control
- authentication periodic
- clear dot1x statistics
- dot1x supplicant user
- dot1x system-auth-control
- authentication monitor
- dot1x timeout
- authentication timer reauthenticate
- auth-type
- client
- ignore
- port
- server-key
- dot1x user
- show dot1x
- show authentication authentication-history
- show authentication clients
- show dot1x interface
- show dot1x interface statistics
- clear authentication authentication–history
- 802.1x Advanced Features
- authentication event no-response
- authentication event fail
- show dot1x advanced
- Captive Portal Commands
- Captive Portal Administrative Profile Commands
- authentication timeout
- captive-portal
- enable
- http port
- https port
- show captive-portal
- show captive-portal status
- Captive Portal Configuration Commands
- block
- configuration
- enable
- group
- interface
- locale
- name (Captive Portal)
- protocol
- redirect
- redirect-url
- session-timeout
- verification
- Captive Portal Client Connection Commands
- captive-portal client deauthenticate
- show captive-portal client status
- show captive-portal configuration client status
- show captive-portal interface client status
- Captive Portal Interface Commands
- show captive-portal interface configuration status
- clear captive-portal users
- no user
- show captive-portal user
- user group
- user-logout
- user name
- user password
- user session-timeout
- Captive Portal Status Commands
- show captive-portal configuration
- show captive-portal configuration interface
- show captive-portal configuration locales
- show captive-portal configuration status
- Captive Portal User Group Commands
- user group
- user group moveusers
- user group name
- Denial of Service Commands
- Management ACL Commands
- Password Management Commands
- Configurable Minimum Password Length
- Password History
- Password Aging
- User Lockout
- Password Strength
- passwords aging
- passwords history
- passwords lock-out
- passwords min-length
- passwords strength-check
- passwords strength minimum uppercase-letters
- passwords strength minimum lowercase-letters
- passwords strength minimum numeric- characters
- passwords strength minimum special-characters
- passwords strength max-limit consecutive- characters
- passwords strength max-limit repeated- characters
- passwords strength minimum character-classes
- passwords strength exclude-keyword
- enable password encrypted
- show passwords configuration
- show passwords result
- SSH Commands
- crypto key generate dsa
- crypto key generate ecdsa
- crypto key generate rsa
- crypto key pubkey-chain ssh
- crypto key zeroize pubkey-chain
- crypto key zeroize {rsa|dsa|ecdsa}
- ip scp server enable
- ip ssh port
- ip ssh pubkey-auth
- ip ssh server
- key-string
- ssh
- ssh session-limit
- ssh time-out
- show crypto key mypubkey
- show crypto key pubkey-chain ssh
- show ip ssh
- show ssh
- AAA Commands
- Data Center Technology Commands
- Layer 3 Routing Commands
- ARP Commands
- Bidirectional Forwarding Detection Commands
- Border Gateway Protocol Commands
- router bgp
- address-family
- address-family ipv4 vrf
- address-family ipv6
- address-family vpnv4 unicast
- aggregate-address
- bgp aggregate-different-meds (BGP Router Configuration)
- bgp aggregate-different-meds (IPv6 Address Family Configuration)
- bgp always-compare-med
- bgp client-to-client reflection (BGP Router Configuration)
- bgp client-to-client reflection (IPv6 Address Family Configuration)
- bgp cluster-id
- bgp default local-preference
- bgp fast-external-fallover
- bgp fast-internal-fallover
- bgp listen
- bgp log-neighbor-changes
- bgp maxas-limit
- bgp router-id
- clear ip bgp
- clear ip bgp counters
- default-information originate (BGP Router Configuration)
- default-information originate (IPv6 Address Family Configuration)
- default metric (BGP Router Configuration)
- default metric (IPv6 Address Family Configuration)
- distance
- distance bgp (BGP Router Configuration)
- distance bgp (IPv6 Address Family Configuration)
- distribute-list prefix in
- distribute-list prefix out (BGP Router Configuration)
- distribute-list prefix out (IPv6 Address Family Configuration)
- enable
- ip as-path access-list
- ip bgp-community new-format
- ip bgp fast-external-fallover
- ip community-list
- ip extcommunity-list
- match extcommunity
- maximum-paths (BGP Router Configuration)
- maximum-paths (IPv6 Address Family Configuration)
- maximum-paths ibgp (BGP Router Configuration)
- maximum-paths ibgp (IPv6 Address Family Configuration)
- neighbor activate
- neighbor advertisement-interval (BGP Router Configuration)
- neighbor advertisement-interval (IPv6 Address Family Configuration)
- neighbor allowas-in
- neighbor connect-retry-interval
- neighbor default-originate (BGP Router Configuration)
- neighbor default-originate (IPv6 Address Family Configuration)
- neighbor description
- neighbor ebgp-multihop
- neighbor filter-list (BGP Router Configuration)
- neighbor filter-list (IPv6 Address Family Configuration)
- neighbor inherit peer
- neighbor local-as
- neighbor maximum-prefix (BGP Router Configuration)
- neighbor maximum-prefix (IPv6 Address Family Configuration)
- neighbor next-hop-self (BGP Router Configuration)
- neighbor next-hop-self (IPv6 Address Family Configuration)
- neighbor password
- neighbor prefix-list (BGP Router Configuration)
- neighbor prefix-list (IPv6 Address Family Configuration)
- neighbor remote-as
- neighbor remove-private-as
- neighbor rfc5549-support
- neighbor route-map (BGP Router Configuration)
- neighbor route-map (IPv6 Address Family Configuration)
- neighbor route-reflector-client (BGP Router Configuration)
- neighbor route-reflector-client (IPv6 Address Family Configuration)
- neighbor send-community (BGP Router Configuration)
- neighbor send-community (IPv6 Address Family Configuration)
- neighbor shutdown
- neighbor timers
- neighbor update-source
- network (BGP Router Configuration)
- network (IPv6 Address Family Configuration)
- rd
- redistribute (BGP)
- redistribute (BGP IPv6)
- route-target
- set extcommunity rt
- set extcommunity soo
- show bgp ipv6
- show bgp ipv6 aggregate-address
- show bgp ipv6 community
- show bgp ipv6 community-list
- show bgp ipv6 listen range
- show bgp ipv6 neighbors
- show bgp ipv6 neighbors advertised-routes
- show bgp ipv6 neighbors policy
- show bgp ipv6 neighbors received-routes
- show bgp ipv6 statistics
- show bgp ipv6 summary
- show bgp ipv6 update-group
- show bgp ipv6 route-reflection
- show ip bgp
- show ip bgp aggregate-address
- show ip bgp community
- show ip bgp community-list
- show ip bgp extcommunity-list
- show ip bgp listen range
- show ip bgp neighbors
- show ip bgp neighbors advertised-routes
- show ip bgp neighbors received-routes
- show ip bgp neighbors policy
- show ip bgp route-reflection
- show ip bgp statistics
- show ip bgp summary
- show ip bgp template
- show ip bgp traffic
- show ip bgp update-group
- show ip bgp vpn4
- template peer
- timers bgp
- timers policy-apply delay
- graceful-restart
- graceful-restart-helper
- BGP Routing Policy
- ip as-path access-list
- ip bgp-community new-format
- ip community-list
- ip prefix-list
- ip prefix-list description
- ipv6 prefix-list
- match as-path
- match community
- match ip address prefix-list
- match ipv6 address prefix-list
- show ip as-path-access-list
- show ip community-list
- show ip prefix-list
- show ipv6 prefix-list
- clear ip prefix-list
- clear ipv6 prefix-list
- clear ip community-list
- set as-path
- set comm-list delete
- set community
- set ipv6 next-hop (BGP)
- set local-preference
- set metric
- DVMRP Commands
- IGMP Commands
- ip igmp last-member-query-count
- ip igmp last-member-query-interval
- ip igmp mroute-proxy
- ip igmp query-interval
- ip igmp query-max-response-time
- ip igmp robustness
- ip igmp startup-query-count
- ip igmp startup-query-interval
- ip igmp version
- show ip igmp
- show ip igmp groups
- show ip igmp interface
- show ip igmp membership
- show ip igmp interface stats
- IGMP Proxy Commands
- IP Helper/DHCP Relay Commands
- ip dhcp relay maxhopcount
- ip dhcp relay minwaittime
- clear ip helper statistics
- ip dhcp relay information check
- ip dhcp relay information check-reply
- ip dhcp relay information option
- ip dhcp relay information option-insert
- ip dhcp relay information option server-override
- ip dhcp relay source-interface
- ip helper-address (global configuration)
- ip helper-address (interface configuration)
- ip helper enable
- show ip helper-address
- show ip dhcp relay
- show ip helper statistics
- IP Routing Commands
- Static Routes/ECMP Static Routes
- Static Reject Routes
- Default Routes
- encapsulation
- ip icmp echo-reply
- ip icmp error-interval
- ip load-sharing
- ip directed-broadcast
- ip policy route-map
- ip redirects
- ip route
- ip route default
- ip route distance
- ip routing
- ip unnumbered
- ip unnumbered gratuitous-arp accept
- ip unreachables
- match ip address
- match length
- match mac-list
- route-map
- set interface null0
- set ip default next-hop
- set ip next-hop
- set ip precedence
- show ip brief
- show ip interface
- show ip policy
- show ip protocols
- show ip route
- show ip route preferences
- show ip route summary
- show ip traffic
- show ip vlan
- show route-map
- show routing heap summary
- IPv6 Routing Commands
- IPv6 Limitations & Restrictions
- clear ipv6 neighbors
- clear ipv6 ospf
- clear ipv6 ospf configuration
- clear ipv6 ospf counters
- clear ipv6 ospf neighbor
- clear ipv6 ospf redistribution
- clear ipv6 ospf stub-router
- clear ipv6 statistics
- ipv6 address
- ipv6 enable
- ipv6 hop-limit
- ipv6 host
- ipv6 icmp error-interval
- ipv6 mld last-member-query-count
- ipv6 mld last-member-query-interval
- ipv6 mld host-proxy
- ipv6 mld host-proxy reset-status
- ipv6 mld host-proxy unsolicit-rprt-interval
- ipv6 mld query-interval
- ipv6 mld query-max-response-time
- ipv6 nd dad attempts
- ipv6 nd ra hop-limit unspecified
- ipv6 nd managed-config-flag
- ipv6 nd ns-interval
- ipv6 nud max-multicast-solicits
- ipv6 nud max-unicast-solicits
- ipv6 nd nud retry
- ipv6 nd other-config-flag
- ipv6 nd prefix
- ipv6 nd raguard attach-policy
- ipv6 nd ra-interval
- ipv6 nd ra-lifetime
- ipv6 nd reachable-time
- ipv6 nd suppress-ra
- ipv6 neighbor
- ipv6 redirect
- ipv6 route
- ipv6 route distance
- ipv6 unicast-routing
- ipv6 unreachables
- show ipv6 brief
- show ipv6 interface
- show ipv6 mld groups
- show ipv6 mld interface
- show ipv6 mld host-proxy
- show ipv6 mld host-proxy groups
- show ipv6 mld host-proxy groups detail
- show ipv6 mld host-proxy interface
- show ipv6 mld traffic
- show ipv6 nd raguard policy
- show ipv6 neighbors
- show ipv6 protocols
- show ipv6 route
- show ipv6 route preferences
- show ipv6 route summary
- show ipv6 snooping counters
- show ipv6 traffic
- show ipv6 vlan
- traceroute ipv6
- Loopback Interface Commands
- IP Multicast Commands
- clear ip mroute
- ip multicast boundary
- ip mroute
- ip multicast-routing
- ip multicast ttl-threshold
- ip pim
- ip pim bsr-border
- ip pim bsr-candidate
- ip pim dense-mode
- ip pim dr-priority
- ip pim hello-interval
- ip pim join-prune-interval
- ip pim rp-address
- ip pim rp-candidate
- ip pim sparse-mode
- ip pim ssm
- show ip mfc
- show ip multicast
- show ip pim boundary
- show ip multicast interface
- show ip mroute
- show ip mroute group
- show ip mroute source
- show ip mroute static
- show ip pim
- show ip pim bsr-router
- show ip pim interface
- show ip pim neighbor
- show ip pim rp-hash
- show ip pim rp mapping
- show ip pim statistics
- IPv6 Multicast Commands
- clear ipv6 mroute
- ipv6 pim (VLAN Interface config)
- ipv6 pim bsr-border
- ipv6 pim bsr-candidate
- ipv6 pim dense-mode
- ipv6 pim dr-priority
- ipv6 pim hello-interval
- ipv6 pim join-prune-interval
- ipv6 pim register-threshold
- ipv6 pim rp-address
- ipv6 pim rp-candidate
- ipv6 pim sparse-mode
- ipv6 pim ssm
- show ipv6 pim
- show ipv6 pim bsr-router
- show ipv6 mroute group
- show ipv6 mroute source
- show ipv6 pim interface
- show ipv6 pim neighbor
- show ipv6 pim rp-hash
- show ipv6 pim rp mapping
- show ipv6 pim statistics
- IP Service Level Agreement Commands
- OSPF Commands
- Route Preferences
- OSPF Equal Cost Multipath (ECMP)
- Forwarding of OSPF Opaque LSAs Enabled by Default
- Passive Interfaces
- Graceful Restart
- area default-cost (Router OSPF)
- area nssa (Router OSPF)
- area nssa default-info-originate (Router OSPF Config)
- area nssa no-redistribute
- area nssa no-summary
- area nssa translator-role
- area nssa translator-stab-intv
- area range (Router OSPF)
- area stub
- area stub no-summary
- area virtual-link
- area virtual-link authentication
- area virtual-link dead-interval
- area virtual-link hello-interval
- area virtual-link retransmit-interval
- area virtual-link transmit-delay
- auto-cost
- bandwidth
- bfd
- capability opaque
- clear ip ospf
- clear ip ospf stub-router
- compatible rfc1583
- default-information originate (Router OSPF Configuration)
- default-metric
- distance ospf
- distribute-list out
- enable
- exit-overflow-interval
- external-lsdb-limit
- ip ospf area
- ip ospf authentication
- ip ospf cost
- ip ospf database-filter all out
- ip ospf dead-interval
- ip ospf hello-interval
- ip ospf mtu-ignore
- ip ospf network
- ip ospf priority
- ip ospf retransmit-interval
- ip ospf transmit-delay
- log adjacency-changes
- max-metric router-lsa
- maximum-paths
- network area
- nsf
- nsf helper
- nsf helper strict-lsa-checking
- nsf restart-interval
- passive-interface default
- passive-interface
- redistribute (OSPF)
- router-id
- router ospf
- show ip ospf
- show ip ospf abr
- show ip ospf area
- show ip ospf asbr
- show ip ospf database
- show ip ospf database database-summary
- show ip ospf interface
- show ip ospf interface brief
- show ip ospf interface stats
- show ip ospf lsa-group
- show ip ospf neighbor
- show ip ospf range
- show ip ospf statistics
- show ip ospf stub table
- show ip ospf traffic
- show ip ospf virtual-links
- show ip ospf virtual-links brief
- timers pacing flood
- timers pacing lsa-group
- timers spf
- OSPFv3 Commands
- area default-cost (Router OSPFv3)
- area nssa (Router OSPFv3)
- area nssa default-info-originate (Router OSPFv3 Config)
- area nssa no-redistribute
- area nssa no-summary
- area nssa translator-role
- area nssa translator-stab-intv
- area range (Router OSPFv3)
- area stub
- area stub no-summary
- area virtual-link
- area virtual-link dead-interval
- area virtual-link hello-interval
- area virtual-link retransmit-interval
- area virtual-link transmit-delay
- default-information originate (Router OSPFv3 Configuration)
- default-metric
- distance ospf
- enable
- exit-overflow-interval
- external-lsdb-limit
- ipv6 ospf
- ipv6 ospf area
- ipv6 ospf cost
- ipv6 ospf dead-interval
- ipv6 ospf hello-interval
- ipv6 ospf mtu-ignore
- ipv6 ospf network
- ipv6 ospf priority
- ipv6 ospf retransmit-interval
- ipv6 ospf transmit-delay
- ipv6 router ospf
- maximum-paths
- nsf
- nsf helper
- nsf helper strict-lsa-checking
- nsf restart-interval
- passive-interface
- passive-interface default
- redistribute (OSPFv3)
- router-id
- show ipv6 ospf
- show ipv6 ospf abr
- show ipv6 ospf area
- show ipv6 ospf asbr
- show ipv6 ospf border-routers
- show ipv6 ospf database
- show ipv6 ospf database database-summary
- show ipv6 ospf interface
- show ipv6 ospf interface brief
- show ipv6 ospf interface stats
- show ipv6 ospf interface vlan
- show ipv6 ospf lsa-group
- show ipv6 ospf neighbor
- show ipv6 ospf range
- show ipv6 ospf statistics
- show ipv6 ospf stub table
- show ipv6 ospf virtual-link
- show ipv6 ospf virtual-link brief
- timers throttle spf
- IPv6 Policy-Based Routing Commands
- Router Discovery Protocol Commands
- Routing Information Protocol Commands
- auto-summary
- default-information originate (Router RIP Configuration)
- default-metric
- distance rip
- distribute-list out
- enable
- hostroutesaccept
- ip rip
- ip rip authentication
- ip rip receive version
- ip rip send version
- redistribute (RIP)
- router rip
- show ip rip
- show ip rip interface
- show ip rip interface brief
- split-horizon
- Tunnel Interface Commands
- Unicast Reverse Path Forwarding Commands
- Virtual Router Commands
- Virtual Router Redundancy Protocol Commands
- Pingable VRRP Interface
- VRRP Route/Interface Tracking
- Interface Tracking
- Route Tracking
- Virtual Router Redundancy Protocol Commands
- ip vrrp
- vrrp accept-mode
- vrrp authentication
- vrrp description
- vrrp ip
- vrrp mode
- vrrp preempt
- vrrp priority
- vrrp timers advertise
- vrrp timers learn
- vrrp track interface
- vrrp track ip route
- show vrrp
- show vrrp interface
- Virtual Router Redundancy Protocol v3 Commands
- Switch Management Commands
- Application Deployment
- Auto-Install Commands
- CLI Macro Commands
- Clock Commands
- Real-time Clock
- Simple Network Time Protocol
- show sntp configuration
- show sntp server
- show sntp status
- sntp authenticate
- sntp authentication-key
- sntp broadcast client enable
- sntp client poll timer
- sntp server
- sntp source-interface
- sntp trusted-key
- sntp unicast client enable
- clock set
- clock timezone hours-offset
- no clock timezone
- clock summer-time recurring
- clock summer-time date
- no clock summer-time
- show clock
- Command Line Configuration Scripting Commands
- CLI Output Filtering Commands
- Configuration and Image File Commands
- DHCP Client Commands
- DHCP Server Commands
- ip dhcp pool
- bootfile
- clear ip dhcp binding
- clear ip dhcp conflict
- client-identifier
- client-name
- default-router
- dns-server (IP DHCP Pool Config)
- domain-name (IP DHCP Pool Config)
- hardware-address
- host
- ip dhcp bootp automatic
- ip dhcp conflict logging
- ip dhcp excluded-address
- ip dhcp ping packets
- lease
- netbios-name-server
- netbios-node-type
- network
- next-server
- option
- service dhcp
- sntp
- show ip dhcp binding
- show ip dhcp conflict
- show ip dhcp global configuration
- show ip dhcp pool
- show ip dhcp server statistics
- DHCPv6 Server Commands
- HiveAgent Commands
- IP Addressing Commands
- clear host
- clear ip address-conflict-detect
- interface out-of-band
- ip address
- ip address (Out-of-Band)
- ip address-conflict-detect run
- ip address dhcp (Interface Configuration)
- ip default-gateway
- ip domain-lookup
- ip domain-name
- ip host
- ip name-server
- ip name-server source-interface
- ipv6 address (Interface Configuration)
- ipv6 address (OOB Port)
- ipv6 address dhcp
- ipv6 enable (Interface Configuration)
- ipv6 enable (OOB Configuration)
- ipv6 gateway (OOB Configuration)
- show hosts
- show ip address-conflict
- show ip helper-address
- show ipv6 dhcp interface out-of-band statistics
- show ipv6 interface out-of-band
- Line Commands
- MACsec Commands
- mka policy (Global Config)
- key-server priority
- macsec-cipher-suite
- confidentiality-offset
- key chain
- key
- cryptographic-algorithm
- key-string
- time-range
- macsec [network-link]
- mka policy (Interface Config)
- mka pre-shared-key key-chain
- macsec replay-protection
- authentication linksec policy
- show macsec
- show mka policy
- show mka sessions
- show key chain
- show mka statistics
- show macsec secy statistics
- clear mka statistics
- clear macsec secy statistics
- mka defaults policy send-secure-announcements
- send-secure-announcements
- eapol announcements
- PHY Diagnostics Commands
- Power Over Ethernet Commands
- Flexible Power Management
- power inline
- power inline detection
- power inline four-pair forced
- power inline limit
- power inline management
- power inline poe-ha
- power inline powered-device
- power inline priority
- power inline reset
- power inline usage-threshold
- clear power inline statistics
- show power inline
- show power inline firmware-version
- RMON Commands
- Serviceability Commands
- debug aaa
- debug arp
- debug authentication interface
- debug auto-voip
- debug bfd
- debug cfm
- debug clear
- debug console
- debug crashlog
- debug dhcp packet
- debug dhcp server packet
- debug dot1x
- debug igmpsnooping
- debug ip acl
- debug ip bgp
- debug ip device tracking
- debug ip dvmrp
- debug ip igmp
- debug ip mcache
- debug ip pimdm packet
- debug ip pimsm packet
- debug ip vrrp
- debug ipv6 dhcp
- debug ipv6 mcache
- debug ipv6 mld
- debug ipv6 ospfv3 packet
- debug ipv6 pimdm
- debug ipv6 pimsm
- debug ipv6 ping
- debug isdp
- debug lacp
- debug mldsnooping
- debug ospf
- debug ospfv3 packet
- debug ping
- debug rip
- debug sflow
- debug spanning-tree
- debug tacacs
- debug transfer
- debug udld
- debug vpc
- debug vrrp
- exception core-file
- exception dump
- exception protocol
- exception switch-chip-register
- ip http timeout-policy
- show debugging
- show exception
- show supported mibs
- snapshot bgp
- write core
- Sflow Commands
- SNMP Commands
- show snmp
- show snmp engineid
- show snmp filters
- show snmp group
- show snmp user
- show snmp views
- show trapflags
- snmp-server community
- snmp-server community-group
- snmp-server contact
- snmp-server enable traps
- snmp-server engineID local
- snmp-server filter
- snmp-server group
- snmp-server host
- snmp-server location
- snmp-server user
- snmp-server view
- snmp-server v3-host
- snmp-server source-interface
- SupportAssist Commands
- SYSLOG Commands
- Command Logging
- clear logging
- clear logging file
- description (Logging)
- level
- logging cli-command
- logging
- logging audit
- logging buffered
- logging console
- logging facility
- logging file
- logging monitor
- logging on
- logging protocol
- logging snmp
- logging source-interface
- logging traps
- logging web-session
- port
- show logging
- show logging file
- show syslog-servers
- terminal monitor
- System and Stack Management Commands
- asset-tag
- banner exec
- banner login
- banner motd
- banner motd acknowledge
- buffers
- clear checkpoint statistics
- clear counters stack-ports
- connect
- disconnect
- exit
- hardware profile portmode
- hostname
- initiate failover
- load-interval
- locate
- logout
- member
- memory free low-watermark
- nsf
- ping
- process cpu threshold
- quit
- reload
- service unsupported-transceiver
- set description
- slot
- show banner
- show buffers
- show checkpoint statistics
- show cut-through mode
- show hardware profile portmode
- show idprom interface
- show interfaces
- show interfaces advanced firmware
- show memory cpu
- show msg-queue
- show nsf
- show power-usage-history
- show process app-list
- show process app-resource-list
- show process cpu
- show process proc-list
- show router-capability
- show sessions
- show slot
- show supported cardtype
- show supported switchtype
- show switch
- show system
- show system fan
- show system id
- show system power
- show system temperature
- show tech-support
- show users
- show version
- stack
- stack-port
- stack-port shutdown
- standby
- switch renumber
- telnet
- traceroute
- traceroute ipv6
- update bootcode
- Telnet Server Commands
- Time Ranges Commands
- USB Flash Drive Commands
- User Interface Commands
- Web Server Commands
- Web Sessions
- common-name
- country
- crypto certificate generate
- crypto certificate import
- crypto certificate request
- duration
- ip http port
- ip http server
- ip http secure-certificate
- ip http secure-port
- ip http secure-server
- ip scp server enable
- key-generate
- location
- no crypto certificate
- organization-name
- organization-unit
- quit
- show crypto certificate mycertificate
- show ip http server status
- show ip http server secure status
- state
- subject-alternative-name
- Appendix A: List of Commands
Security Commands 1217
Command History
Command introduced in version 6.7.0 firmware.
crypto key generate rsa
Use the crypto key generate rsa command in Global Configuration mode to
generate RSA key pairs for use by the SSH or HTTPS server. Use the crypto
key zeroize form of the command to delete the private key from the local file
system.
Syntax
crypto key generate rsa
Default Configuration
RSA key pairs do not exist. By default, 2048-bit RSA keys are generated.
Command Mode
Global Configuration mode
User Guidelines
RSA keys are generated in pairs: one public RSA key and one private RSA key.
These keys are used to encrypt communication with the switch when using
SSH. If your switch already has RSA keys when you issue this command, you
are warned and prompted to replace the existing keys. The keys are not saved
in the switch configuration; they are saved in the file system and the private
key is never displayed to the user. RSA keys, along with other switch
credentials, are distributed to all units in a stack on a configuration save.
Use the crypto key zeroize rsa command to remove RSA key pair from the
system.
Private keys should never be shared with unauthorized users. This command
generates the private public key pairs in the following files:
ssh_host_rsa_key and ssh_host_rsa_key.pub, ssh_host_key and
ssh_host_key.pub files. Both the RSA and DSA keys must be generated to
enable the SSH server.