5400_CLI.book Page 1 Wednesday, December 17, 2008 4:33 PM Dell™ PowerConnect™ 5400 Systems CLI Reference Guide w w w. d e l l . c o m | s u p p o r t . d e l l .
5400_CLI.book Page 2 Wednesday, December 17, 2008 4:33 PM Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. ____________________ Information in this document is subject to change without notice. © 2008 Dell Inc. All rights reserved.
5400_CLI.book Page 3 Wednesday, December 17, 2008 4:33 PM Contents 1 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CLI Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Introduction . . . . . . . . . . . . . . . . . User EXEC Mode . . . . . . . . . . . . . . Privileged EXEC Mode . . . . . . . . . . . Global Configuration Mode . . . . . . . . . Interface Configuration Mode and Specific Configuration Modes . . . . . . . . . . . . 25 . . . . .
5400_CLI.book Page 4 Wednesday, December 17, 2008 4:33 PM IGMP Snooping Commands IP Addressing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 . . . . . . . . . . . . . . . . . . . . . . . . . . 43 iSCSI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 LACP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Line Commands . . . . . . . . . . . . . . . . . . . . .
400_CLI.book Page 5 Wednesday, December 17, 2008 4:33 PM Web Server Commands 802.1x Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 . . . . . . . . . . . . . . . . . . . . . . . . . . 62 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 802.1x Advanced Commands . 3 Command Modes GC (Global Configuration) Mode . . . . . . . . . . . . . . . . . . . . . . . . . IC (Interface Configuration) Mode .
5400_CLI.book Page 6 Wednesday, December 17, 2008 4:33 PM 5 AAA Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . aaa authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 enable authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 ip http authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 ip https authentication . . . . . . . . .
5400_CLI.book Page 7 Wednesday, December 17, 2008 4:33 PM show bridge address-table . . . . . . . . . . . . . . . . . . . . . . . . . . show bridge address-table static . . . . . . . . . . . . . . . . . . . . . . . 107 show bridge address-table count . . . . . . . . . . . . . . . . . . . . . . . 108 show bridge multicast address-table . . . . . . . . . . . . . . . . . . . . . 109 . . . . . . . . . . . . . . . . . . . . . . . . 110 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5400_CLI.book Page 8 Wednesday, December 17, 2008 4:33 PM sntp anycast client enable . sntp client enable . . . . . . . . . . . . . . . . . . . . . . . . . . 130 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 . . . . . . . . . . . . . . . . . . . . . . . . . 131 . . . . . . . . . . . . . . . . . . . . . . . . . . 132 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5400_CLI.book Page 9 Wednesday, December 17, 2008 4:33 PM speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 flowcontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 . . . . . . . . . . . . . . . .
5400_CLI.book Page 10 Wednesday, December 17, 2008 4:33 PM ip dhcp snooping verify . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip dhcp snooping database . . . . . . . . . . . . . . . . . . . . . . . . . . 182 . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 . . . . . . . . . . . . . . . . . . . . . . . 184 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 clear ip dhcp snooping database show ip dhcp snooping show ip dhcp snooping binding . . . . . . . . . . . . .
5400_CLI.book Page 11 Wednesday, December 17, 2008 4:33 PM show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . . . . . . 200 show ip igmp snooping interface . . . . . . . . . . . . . . . . . . . . . . . 201 . . . . . . . . . . . . . . . . . . . . . . . . 202 show ip igmp snooping groups 14 IP Addressing Commands . . . . . . . . . . . . . . . . . . . . . . 205 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 . . . . . . . . . . . . . . . . . . . . . . . . . .
5400_CLI.book Page 12 Wednesday, December 17, 2008 4:33 PM ipv6 address link-local. ipv6 unreachables . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5400_CLI.book Page 13 Wednesday, December 17, 2008 4:33 PM show lacp ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . show lacp port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 . . . . . . . . . . . . . . . . . . . . . . . . . . .
5400_CLI.book Page 14 Wednesday, December 17, 2008 4:33 PM show lldp neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . show lldp med configuration 20 Management ACL . . . . . . . . . . . . . . . . . . . . . . . . . 266 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269 management access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 . . . . . . . . . . . . . . . . . . . . . . . . . . .
5400_CLI.book Page 15 Wednesday, December 17, 2008 4:33 PM 24 QoS Commands . qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 show qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . wrr-queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . wrr-queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . priority-queue out num-of-queues .
5400_CLI.book Page 16 Wednesday, December 17, 2008 4:33 PM 26 RMON Commands . show rmon statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 rmon collection history . . . . . . . . . . . . . . . . . . . . . . . . . . . . show rmon collection history . . . . . . . . . . . . . . . . . . . . . . . . . 312 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 . . . . . . . . . . . . . . . . . . . . . . . . .
5400_CLI.book Page 17 Wednesday, December 17, 2008 4:33 PM show snmp engineid . show snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 show snmp views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . show snmp groups . 342 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 show snmp filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344 show snmp users. . .
5400_CLI.book Page 18 Wednesday, December 17, 2008 4:33 PM show (mst) exit (mst) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 abort (mst) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . spanning-tree pathcost method spanning-tree bpdu . . . . . . . . . . . . . . . . . . . . . . . . 362 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5400_CLI.book Page 19 Wednesday, December 17, 2008 4:33 PM logging buffered size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391 clear logging . logging file . clear logging file . aaa logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5400_CLI.book Page 20 Wednesday, December 17, 2008 4:33 PM show version . asset-tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416 show system id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 TACACS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 . . . . . . . . . . . . . . . . . . . . . . . .
5400_CLI.book Page 21 Wednesday, December 17, 2008 4:33 PM 34 Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . interface tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 433 tunnel mode ipv6ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 tunnel isatap router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 tunnel source .
5400_CLI.book Page 22 Wednesday, December 17, 2008 4:33 PM 36 VLAN Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451 vlan database vlan . interface vlan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453 . . . . . . . . . . . . . . . . . . . . . . .
5400_CLI.book Page 23 Wednesday, December 17, 2008 4:33 PM 37 Voice VLAN. voice vlan id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471 voice vlan oui-table voice vlan cos . . . . . . . . . . . . . . . . . . . . . . . . . . . 471 voice vlan enable . . . . . . . . . . . .
5400_CLI.book Page 24 Wednesday, December 17, 2008 4:33 PM 39 802.1x Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . aaa authentication dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . 492 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492 dot1x re-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . dot1x timeout re-authperiod . dot1x re-authenticate 494 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495 . . . . . . . . .
5400_CLI.book Page 25 Wednesday, December 17, 2008 4:33 PM Using the CLI This chapter describes how to start using the CLI and describes implemented command editing features to assist in using the CLI. CLI Command Modes Introduction To assist in configuring devices, the CLI (Command Line Interface) is divided into different command modes. Each command mode has its own set of specific commands.
5400_CLI.book Page 26 Wednesday, December 17, 2008 4:33 PM When starting a session, the initial mode is the User EXEC mode. Only a limited subset of commands are available in User EXEC Mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required. The Privileged mode gives access to commands that are restricted on EXEC mode and provides access to the device Configuration mode.
5400_CLI.book Page 27 Wednesday, December 17, 2008 4:33 PM The following example illustrates how to access Privileged Exec mode and return back to the User EXEC mode: console>enable Enter Password: ****** console# console#disable console> The Exit command is used to return from any mode to the previous mode except when returning to User EXEC mode from the Privileged EXEC mode.
5400_CLI.book Page 28 Wednesday, December 17, 2008 4:33 PM Interface Configuration Mode and Specific Configuration Modes Interface Configuration mode commands are to modify specific interface operations. The following are the Interface Configuration modes: • Line Interface — Contains commands to configure the management connections. These include commands such as line speed, timeout settings, etc. The Global Configuration mode command line is used to enter the Line Configuration command mode.
5400_CLI.book Page 29 Wednesday, December 17, 2008 4:33 PM To start using the CLI, perform the following steps: 1 Start the device and wait until the startup procedure is complete. The User Exec mode is entered, and the prompt "Console>" is displayed. 2 Configure the device and enter the necessary commands to complete the required tasks. 3 When finished, exit the session with the quit or exit command.
5400_CLI.book Page 30 Wednesday, December 17, 2008 4:33 PM Setup Wizard The CLI supports a Setup Wizard. This is an easy-to-use user interface which quickly guides the user in setting up basic device information, so that the device can be easily managed from a Web Based Interface. Refer to the Getting Started Guide and User Guide for more information on the Setup Wizard. Terminal Command Buffer Every time a command is entered in the CLI, it is recorded on an internally managed Command History buffer.
5400_CLI.book Page 31 Wednesday, December 17, 2008 4:33 PM Command Completion If the command entered is incomplete, invalid, or has missing or invalid parameters, then the appropriate error message is displayed. This assists in entering the correct command. By pressing the button, an incomplete command is entered. If the characters already entered are not enough for the system to identify a single matching command, press "?" to display the available commands matching the characters already entered.
5400_CLI.book Page 32 Wednesday, December 17, 2008 4:33 PM CLI Command Conventions When entering commands there are certain command entry standards that apply to all commands. The following table describes the command conventions. 32 Convention Description [] In a command line, square brackets indicates an optional entry. {} In a command line, curly brackets indicate a selection of compulsory parameters separated by the | character. One option must be selected.
5400_CLI.book Page 33 Wednesday, December 17, 2008 4:33 PM Command Groups Introduction The Command Language Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, you have greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
5400_CLI.book Page 34 Wednesday, December 17, 2008 4:33 PM Ethernet Configuration Configures all port configuration options for example ports, storm control, port speed and auto-negotiation. GVRP Commands Configures and displays GVRP configuration and information. IGMP Snooping Commands Configures IGMP snooping and displays IGMP configuration and IGMP information. IP Addressing Commands Configures and manages IP addresses on the device.
5400_CLI.book Page 35 Wednesday, December 17, 2008 4:33 PM ACL Commands Command Group Description Access Mode ip access-list Defines an IPv4 Access List and places the device in IPv4 Access List Configuration mode. Global Configuration mac access-list Enables the MAC-Access List Configuration mode and creates Layer 2 ACLs. Global Configuration permit (ip) Permits traffic if the conditions defined in the permit statement match.
5400_CLI.book Page 36 Wednesday, December 17, 2008 4:33 PM password Specifies a password on a line. Line Configuration enable password Sets a local password to control access to normal and privilege levels. Global Configuration username Establishes a username-based authentication system. Global Configuration show users accounts Displays information about the local user database.
5400_CLI.book Page 37 Wednesday, December 17, 2008 4:33 PM show bridge address-table count Displays the number of addresses present in all or at a specific VLAN. Privileged User EXEC show bridge multicast address-table Displays statically created entries in the bridgeforwarding database. Privileged User EXEC show bridge multicast filtering Displays the Multicast filtering configuration. Privileged User EXEC show ports security Displays the port-lock status.
5400_CLI.book Page 38 Wednesday, December 17, 2008 4:33 PM sntp unicast client enable Enables the device to use the SNTP to request and Global Configuration accept NTP traffic from servers. sntp unicast client poll Enables polling for the SNTP predefined Unicast Global Configuration clients. sntp server Specifies SNTP UDP port of the SNTP server show clock Displays the time and date from the system clock. User EXEC show sntp configuration Shows the configuration of the SNTP.
5400_CLI.book Page 39 Wednesday, December 17, 2008 4:33 PM DHCP Snooping Commands Command Group Description Access Mode ip dhcp snooping Globally enables Dynamic Host Configuration Protocol (DHCP) snooping Global Configuration ip dhcp snooping vlan Enables DHCP snooping on a VLAN. Global Configuration ip dhcp snooping trust Configures a port as trusted for DHCP snooping purposes.
5400_CLI.book Page 40 Wednesday, December 17, 2008 4:33 PM 40 description Adds a description to an interface. Interface Configuration speed Configures the speed of a given Ethernet interface when not using auto-negotiation. Interface Configuration duplex Configures the full/half duplex operation of a given Ethernet interface when not using auto-negotiation. Interface Configuration negotiation Enables auto-negotiation operation for the speed and Interface duplex parameters of a given interface.
5400_CLI.book Page 41 Wednesday, December 17, 2008 4:33 PM GVRP Commands Command Group Description Mode gvrp enable (global) Enables GVRP globally. Global Configuration gvrp enable (interface) Enables GVRP on an interface. Interface Configuration garp timer Adjusts the GARP application join, leave, and leaveall GARP timer values. Interface Configuration gvrp vlan-creation-forbid Enables or disables dynamic VLAN creation.
5400_CLI.book Page 42 Wednesday, December 17, 2008 4:33 PM IP Addressing Commands 42 Command Group Description Access Mode clear host dhcp Sets an IP address on the device. Interface Configuration ip address Sets an IP address Interface Configuration ip address dhcp Acquires an IP address on an interface from the DHCP server.
5400_CLI.book Page 43 Wednesday, December 17, 2008 4:33 PM IPv6 Addressing Commands Command Group Description Access Mode ipv6 enable Enables IPv6 processing on an interface. Interface Configuration ipv6 address autoconfig Enables automatic configuration of IPv6 addresses using stateless autoconfiguration on an interface. Interface Configuration ipv6 icmp error-interval Configures the rate limit interval and bucket size parameters for IPv6 ICMP error messages.
5400_CLI.book Page 44 Wednesday, December 17, 2008 4:33 PM iSCSI Commands Command Group Description Access Mode iscsi enable Globally enables iSCSI awareness. Global Configuration iscsi target port Configures iSCSI port(s), target address and name. Global Configuration iscsi cos Sets the quality of service profile applied to iSCSI flows. Global Configuration iscsi aging time Sets aging time for iSCSI sessions.
5400_CLI.book Page 45 Wednesday, December 17, 2008 4:33 PM exec-timeout Configures the interval that the system waits until user input is detected. Line Configuration show line Displays line parameters. User EXEC terminal history Enables the command history function for the current User EXEC terminal session. terminal history size Cand history buffer size for the current terminal session.
5400_CLI.book Page 46 Wednesday, December 17, 2008 4:33 PM lldp med network-policy Attaches a LLDP MED network policy to a port. (interface) Interface Configuration (Ethernet) lldp med location Configures location information for the LLDP MED for an Interface interface. Configuration (Ethernet) clear lldp rx Restarts the LLDP RX state machine and clearing the neighbors table. Privileged EXEC show lldp configuration Displays the LLDP configuration.
5400_CLI.book Page 47 Wednesday, December 17, 2008 4:33 PM deny (management) Defines a deny rule. Management Access-level management access-class Defines which management access-list is used. Global Configuration show management access-list Displays management access-lists. Privileged User EXEC show management access-class Displays the active management access-list.
5400_CLI.book Page 48 Wednesday, December 17, 2008 4:33 PM Port Monitor Commands Command Group Description Access Mode port monitor Starts a port monitoring session. Interface Configuration show ports monitor Displays the port monitoring status. User EXEC QoS Commands 48 Command Group Description Access Mode qos Enables quality of service (QoS) on the device Global Configuration and enters QoS basic or advance mode. show qos Displays the QoS status.
5400_CLI.book Page 49 Wednesday, December 17, 2008 4:33 PM RADIUS Commands Command Group Description Access Mode radius-server host Specifies a RADIUS server host. Global Configuration radius-server key Sets the authentication and encryption key for all RADIUS Global communications between the router and the RADIUS Configuration daemon. radius-server retransmit Specifies the number of times the software searches the list Global of RADIUS server hosts.
5400_CLI.book Page 50 Wednesday, December 17, 2008 4:33 PM show rmon events Displays the RMON event table. User EXEC show rmon log Displays the RMON logging table. User EXEC rmon table-size Configures the maximum RMON tables sizes. Global Configuration SNMP Commands Command Group Description Access Mode snmp-server community the community access string to permit access to SNMP protocol.
5400_CLI.book Page 51 Wednesday, December 17, 2008 4:33 PM show snmp views Displays the configuration of views. Privileged EXEC show snmp groups Displays the configuration of groups. Privileged EXEC show snmp filters Displays the configuration of filters Privileged EXEC show snmp users Displays the configuration of groups. Privileged EXEC Spanning Tree Commands Command Group Description Access Mode spanning-tree Enables spanning tree functionality.
5400_CLI.book Page 52 Wednesday, December 17, 2008 4:33 PM spanning-tree mst priority Configures port priority for the specified MST instance Interface Configuration sspanning-tree mst cost Configures the path cost for multiple spanning tree (MST) calculations. Interface Configuration spanning-tree mst configuration Enables configuring an MST region by entering the Multiple Spanning Tree (MST) mode. Global Configuration instance (mst) Maps VLANS to an MST instance.
5400_CLI.book Page 53 Wednesday, December 17, 2008 4:33 PM SSH Commands Command Group Description Access Mode ip ssh port Specifies the port to be used by the SSH server. Global Configuration ip ssh server Enables the device to be configured from a SSH server. Global Configuration crypto key generate dsa Generates DSA key pairs. Global Configuration crypto key generate rsa Generates RSA key pairs.
00_CLI.book Page 54 Wednesday, December 17, 2008 4:33 PM logging buffered size Changes the number of syslog messages stored in the internal buffer. Global Configuration clear logging Clears messages from the internal logging buffer. Privileged User EXEC logging file Limits syslog messages sent to the logging file based Global on severity. Configuration clear logging file Clears messages from the logging file. Privileged User EXEC aaa logging Controls logging of AAA events.
5400_CLI.book Page 55 Wednesday, December 17, 2008 4:33 PM show users Lists the open Telnet sessions. User EXEC show sessions Lists the open Telnet sessions User EXEC show system Displays system information. User EXEC set system Activates/deactivates specified features. Priviledged EXEC show system mode Displays information on features control User EXEC show version Displays the system version information. User EXEC asset-tag Specifies the device asset-tag.
5400_CLI.book Page 56 Wednesday, December 17, 2008 4:33 PM passwords history hold-time Configures the duration of time a password is relevant for tracking passwords history. Global Configuration passwords lockout Enables lockout of a user account after a series of authentication failures. Global Configuration aaa login-history file Enables writing to login history file. Global Configuration set username active Reactivates a previously locked out user account.
5400_CLI.book Page 57 Wednesday, December 17, 2008 4:33 PM User Interface Commands Command Group Description Access Mode enable Enters the privileged EXEC mode. All disable Returns to User EXEC mode. All login Changes a login username. All configure Enables the Global Configuration mode All exit(configuration) Exits any configuration mode to the next highest mode in the All CLI mode hierarchy. exit(EXEC) Closes an active terminal session by logging off the device.
5400_CLI.book Page 58 Wednesday, December 17, 2008 4:33 PM 58 switchport access vlan Configures the VLAN membership mode of a port. Interface Configuration switchport access vlan Configures the VLAN ID when the interface is in access mode. Interface Configuration switchport trunk allowed Adds or removes VLANs from a port in general mode.
5400_CLI.book Page 59 Wednesday, December 17, 2008 4:33 PM Voice VLAN Commands Command Group Description Access Mode voice vlan id Enters the VLAN Configuration mode. Global Configuration voice vlan oui-table Configure the Voice OUI table. Global Configuration voice vlan cos Sets the Voice VLAN Class Of Service. Global Configuration voice vlan aging-timeout Sets the Voice VLAN aging timeout. Global Configuration voice vlan enable Enables automatic Voice VLAN configuration for a port.
5400_CLI.book Page 60 Wednesday, December 17, 2008 4:33 PM crypto certificate import Imports a certificate signed by Certification Authority for HTTPS. Global Configuration ip https certificate Configures the active certificate for HTTPS. Global Configuration ip https port Configures a TCP port for use by a secure web browser to configure the device. Global Configuration ip http exec-timeout Sets the interval the system waits for user input before automatically loging off.
5400_CLI.book Page 61 Wednesday, December 17, 2008 4:33 PM dot1x timeout reauthperiod Sets the number of seconds between re-authentication attempts. dot1x re-authenticate Manually initiates a re-authentication of all 802.1X-enabled Privileged User ports or the specified 802.1X-enabled port. EXEC dot1x timeout quietperiod Sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange.
5400_CLI.book Page 62 Wednesday, December 17, 2008 4:33 PM 802.1x Advanced Commands 62 dot1x auth-not-req Enables unauthorized users access to that VLAN. VLAN Configuration dot1x multiple-hosts Allows multiple hosts (clients) on an 802.1X-authorized port with the dot1x port-control Interface Configuration mode command set to auto.
5400_CLI.book Page 63 Wednesday, December 17, 2008 4:33 PM Command Modes GC (Global Configuration) Mode Command Description aaa authentication enable Defines authentication method lists for accessing higher privilege levels. aaa authentication login Defines login authentication. aaa authentication dot1x Specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1X. arp Adds a permanent entry in the ARP cache.
5400_CLI.book Page 64 Wednesday, December 17, 2008 4:33 PM 64 dot1x system-auth-control Enables 802.1x globally. enable password Sets a local password to control access to normal and privilege levels. end Ends the current configuration session and returns to the previous command mode. gvrp enable (global) Enables GVRP globally. hostname Specifies or modifies the device host name. interface ethernet Enters the Interface Configuration mode to configure an Ethernet type interface.
5400_CLI.book Page 65 Wednesday, December 17, 2008 4:33 PM ip ssh server Enables the device to be configured from a SSH server. ipv6 default-gateway Defines an IPv6 default gateway. ipv6 host Defines a static host name-to-address mapping in the host name cache. ipv6 icmp error-interval Configures the rate limit interval and bucket size parameters for IPv6 ICMP error messages. ipv6 neighbor Configures a static entry in the IPv6 neighbor discovery cache.
5400_CLI.book Page 66 Wednesday, December 17, 2008 4:33 PM radius-server retransmit Specifies the number of times the software searches the list of RADIUS server hosts. radius-server source-ip Specifies the source IP address used for communication with RADIUS servers. radius-server source-ipv6 Specifies the source IPv6 address used for the IPv6 communication with RADIUS servers. radius-server timeout Sets the interval for which a router waits for a server host to reply.
5400_CLI.book Page 67 Wednesday, December 17, 2008 4:33 PM tacacs-server source-ip Specifies the source IP address that will be used for the communication with TACACS servers. tacacs-server timeout Sets the timeout value. tacacs-server host Specifies a TACACS+ host. tunnel isatap query-interval Configures the interval between DNS Queries (before the IP address of the ISATAP router is known) for the automatic tunnel router domain name.
5400_CLI.book Page 68 Wednesday, December 17, 2008 4:33 PM 68 dot1x single-host-violation Configures the action to be taken, when a station whose MAC address is not the supplicant MAC address, attempts to access the interface. dot1x timeout quiet-period Sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange. dot1x timeout re-authperiod Sets the number of seconds between re-authentication attempts.
5400_CLI.book Page 69 Wednesday, December 17, 2008 4:33 PM mdix Enables automatic crossover on a given interface. name Configures a name to a VLAN. negotiation Enables auto-negotiation operation for the speed and duplex parameters of a given interface. port monitor Starts a port monitoring session. port security Disables new address learning on an interface. port security routed secureaddress Adds MAC-layer secure addresses to a routed port.
5400_CLI.book Page 70 Wednesday, December 17, 2008 4:33 PM LC (Line Configuration) Mode Command Description enable authentication Specifies the authentication method list when accessing a higher privilege level from a remote telnet or console. exec-banner Enables the display of exec banners. exec-timeout Configures the interval that the system waits until user input is detected. history Enables the command history function.
5400_CLI.book Page 71 Wednesday, December 17, 2008 4:33 PM clear logging file Clears messages from the logging file clear spanning-tree detectedprotocols Restarts the protocol migration process on all interfaces or on the specified interface. clock set Manually sets the system clock. configure Enters the global configuration mode. copy Copies files from a source to a destination. crypto certificate request Generates and displays certificate requests for HTTPS.
5400_CLI.book Page 72 Wednesday, December 17, 2008 4:33 PM show fiber-ports opticaltransceiver Displays the optical transceiver diagnostics. show ip ssh Displays the SSH server configuration. show ipv6 icmp error-interval Displays the IPv6 ICMP error interval setting show ipv6 interface Displays the usability status of interfaces configured for IPv6. show ipv6 neighbors Displays IPv6 neighbor discovery cache information. show ipv6 route Displays the current state of the IPv6 routing table.
5400_CLI.book Page 73 Wednesday, December 17, 2008 4:33 PM UE (User EXEC) Mode Command Description clear counters Clears statistics on an interface. enable Enters the privileged EXEC mode. exit(EXEC) Closes an active terminal session by logging off the device. login Changes a login username. ping Sends ICMP echo request packets to another node on the network. show clock Displays the time and date from the system clock. show gvrp configuration Displays GVRP configuration information.
5400_CLI.book Page 74 Wednesday, December 17, 2008 4:33 PM show rmon alarm-table Displays the alarms summary table. show rmon collection history Displays the requested history group configuration. show rmon events Displays the RMON event table. show rmon history Displays RMON Ethernet Statistics history. show rmon log Displays the RMON logging table. show rmon statistics Displays RMON Ethernet Statistics. show system Displays system information.
5400_CLI.book Page 75 Wednesday, December 17, 2008 4:33 PM ACL Commands ip access-list The ip access-list Global Configuration mode command defines an IPv4 Access List and places the device in IPv4 Access List Configuration mode. Use the no form of this command to remove the Access List. Syntax • ip access-list access-list-name • no ip access-list access-list-name • access-list-name — Specifies the name of the IPv4 Access-List. Default Configuration No IPv4 Access List is defined.
5400_CLI.book Page 76 Wednesday, December 17, 2008 4:33 PM Syntax • mac access-list name • no mac access-list name access-list-name — Name of the MAC Access List. • Default Configuration No MAC Access List is defined. Command Mode Global Configuration mode. User Guidelines • MAC ACLs are defined by a unique name. An IPv4 ACL, IPv6 ACL and MAC ACL cannot share the same name. Example The following example shows how to create a MAC ACL.
5400_CLI.
5400_CLI.book Page 78 Wednesday, December 17, 2008 4:33 PM Default Configuration No IPv4 ACL is defined. Command Mode IP-Access List Configuration mode. User Guidelines • Use the ip access-list Global Configuration mode command to enable the IP-Access List Configuration mode. • Before an Access Control Element (ACE) is added to an ACL, all packets are permitted.
5400_CLI.book Page 79 Wednesday, December 17, 2008 4:33 PM • disable-port — Specifies that the Ethernet interface is disabled if the condition is matched. • source — Specifies the Source IP address of the packet. • source-wildcard — Specifies wildcard bits to be applied to the source IP address by placing 1s in bit positions to be ignored. • destination — Specifies the destination IP address of the packet.
5400_CLI.book Page 80 Wednesday, December 17, 2008 4:33 PM User Guidelines • Use the ip access-list Global Configuration mode command to enable the IP-Access List Configuration mode. • Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the defined conditions are denied.
5400_CLI.book Page 81 Wednesday, December 17, 2008 4:33 PM Default Configuration No MAC ACL is defined. Command Mode MAC-Access List Configuration mode. User Guidelines • Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied.
5400_CLI.book Page 82 Wednesday, December 17, 2008 4:33 PM • cos — Specifies the packets’s Class of Service (CoS). (Range: 0 - 7) • cos-wildcard — Specifies wildcard bits to be applied to the CoS. • eth-type — Specifies the packet’s Ethernet type in hexadecimal format. (Range: 0 - 05dd-ffff) • inner-vlan vlan id — Specifies the inner vlan id of a double tagged packet. Default Configuration No MAC Access List is defined. Command Mode MAC-Access List Configuration mode.
5400_CLI.book Page 83 Wednesday, December 17, 2008 4:33 PM User Guidelines There are no user guidelines for this command. Example The following example binds (services) an ACL to VLAN 2. Console(config)# interface eth g1 Console(config-if)# service-acl input macl1 show access-lists The show access-lists Privileged EXEC mode command displays access control lists (ACLs) defined on the device. Syntax • show access-lists [name] • name — The name of the ACL.
5400_CLI.book Page 84 Wednesday, December 17, 2008 4:33 PM show interfaces access-lists The show interfaces access-lists Privileged EXEC mode command displays access lists applied on interfaces. Syntax • show interfaces access-lists [ ethernet interface | port-channel port-channel-number ] • interface — Specifies the Valid Ethernet port. • port-channel-number — Specifies the port-channel index. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
5400_CLI.book Page 85 Wednesday, December 17, 2008 4:33 PM AAA Commands aaa authentication login The aaa authentication login Global Configuration mode commands defines login authentication. Use the no form of this command to return to the default configuration. Syntax • aaa authentication login {default | list-name} method1 [method2...
5400_CLI.book Page 86 Wednesday, December 17, 2008 4:33 PM User Guidelines • The default and optional list names created with the aaa authentication login command are used with the login authentication command. • Create a list by entering the aaa authentication login list-name method command for a particular protocol, where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.
5400_CLI.book Page 87 Wednesday, December 17, 2008 4:33 PM Default Configuration If the default list is not set, only the enable password is checked. This has the same effect as the command aaa authentication enable default enable. On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has the same effect as using the command aaa authentication enable default enable none. Command Mode Global Configuration mode.
5400_CLI.book Page 88 Wednesday, December 17, 2008 4:33 PM Command Mode Line Configuration mode. User Guidelines • Changing login authentication from default to another value may disconnect the telnet session. Example The following example specifies the default authentication method for a console.
5400_CLI.book Page 89 Wednesday, December 17, 2008 4:33 PM ip http authentication The ip http authentication Global Configuration mode command specifies authentication methods for http. Use the no form of this command to return to the default. Syntax • ip http authentication method1 [method2...] • no ip http authentication • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication.
5400_CLI.book Page 90 Wednesday, December 17, 2008 4:33 PM Syntax • ip https authentication method1 [method2...] • no ip https authentication method1 [method2...] — Specify at least one from the following table: • Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS servers for authentication.
5400_CLI.book Page 91 Wednesday, December 17, 2008 4:33 PM Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the authentication configuration.
5400_CLI.book Page 92 Wednesday, December 17, 2008 4:33 PM password The password Line Configuration mode command specifies a password on a line. Use the no form of this command to remove the password. Syntax • password password [encrypted] • no password • password — Password for this level, from 1 to 159 characters in length. • encrypted — Encrypted password to be entered, copied from another device configuration. Default Configuration No password is required.
5400_CLI.book Page 93 Wednesday, December 17, 2008 4:33 PM Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example sets a local level 15 password "secret" to control access to user and privilege levels. Console (config)# enable password level 15 secret username The username Global Configuration mode command establishes a username-based authentication system. Use the no form of this command to remove a user name.
5400_CLI.book Page 94 Wednesday, December 17, 2008 4:33 PM show users accounts The show users accounts Privileged EXEC mode command displays information about the local user database. Syntax • show users accounts Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the local users configured with access to the system.
5400_CLI.book Page 95 Wednesday, December 17, 2008 4:33 PM Address Table Commands bridge address The bridge address VLAN Interface Configuration mode command adds a static MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of the bridge address command (using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN).
5400_CLI.book Page 96 Wednesday, December 17, 2008 4:33 PM Example The following example adds a permanent static MAC-layer station source address 3aa2.64b3.a245 on port g8 to the bridge table. Console (config)# interface vlan 2 Console (config-vlan)# bridge address 3a:a2:64:b3:a2:45 ethernet g8 permanent bridge multicast filtering The bridge multicast filtering Global Configuration mode command enables filtering of Multicast addresses.
5400_CLI.book Page 97 Wednesday, December 17, 2008 4:33 PM bridge multicast address The bridge multicast address Interface Configuration mode command registers MAC-layer Multicast addresses to the bridge table, and adds static ports to the group. To unregister the MAC address, use the no form of the bridge multicast address command.
5400_CLI.book Page 98 Wednesday, December 17, 2008 4:33 PM The following example registers the MAC address and adds ports statically. Console (config)# interface vlan 8 Console (config-if)# bridge multicast address 01:00:5e:02:02:03 add ethernet g1-9 bridge multicast forbidden address The bridge multicast forbidden address Interface Configuration mode command forbids adding a specific Multicast address to specific ports. Use the no form of this command to return to default.
5400_CLI.book Page 99 Wednesday, December 17, 2008 4:33 PM Examples In this example the MAC address 01:00:5e:02:02:03 is forbidden on port g9 within VLAN 8.
5400_CLI.book Page 100 Wednesday, December 17, 2008 4:33 PM bridge multicast forward-all The bridge multicast forward-all Interface Configuration mode command enables forwarding of all Multicast packets on a port. To restore the default, use the no form of the bridge multicast forward-all command. Syntax • bridge multicast forward-all {add | remove} {ethernet interface-list | port-channel port-channelnumber-list} • no bridge multicast forward-all • add — Adds ports to the group.
5400_CLI.book Page 101 Wednesday, December 17, 2008 4:33 PM Syntax • bridge multicast forbidden forward-all {add | remove} {ethernet interface-list | port-channel portchannel-number-list} • no bridge multicast forward-all • add — Forbids forwarding all Multicast packets. • remove — Does not forbid forwarding all Multicast packets. • interface-list — Separates non consecutive valid Ethernet ports with a comma and no spaces; a hyphen is used to designate a range of ports.
5400_CLI.book Page 102 Wednesday, December 17, 2008 4:33 PM Default Configuration 300 seconds Command Mode Global Configuration mode. User Guidelines There are no user guidelines for this command. Example In this example the bridge aging time is set to 250. Console (config)# bridge aging-time 250 clear bridge The clear bridge Privileged EXEC mode command removes any learned entries from the forwarding database. Syntax • clear bridge • This command has no keywords or arguments.
5400_CLI.book Page 103 Wednesday, December 17, 2008 4:33 PM port security The port security Interface Configuration mode command locks the port. By locking the port, new addresses are not learned on the port. To enable new address learning, use the no form of the port security command. Syntax • port security [forward | discard | discard-shutdown] [trap seconds] • no port security • forward — Forwards frames with unlearned source addresses, but does not learn the address.
5400_CLI.book Page 104 Wednesday, December 17, 2008 4:33 PM Syntax • port security mode {lock | max-addresses} • no port security mode • lock — Saves the current dynamic MAC addresses associated with the port and disables learning, relearning and aging. • max-addresses — Deletes the current dynamic MAC addresses associated with the port and learns up to the maximum number addresses allowed on the port. Relearning and aging are enabled. Default Configuration This setting is disabled.
5400_CLI.book Page 105 Wednesday, December 17, 2008 4:33 PM User Guidelines • The command is relevant only in port security max-addresses mode. Example In this example, port security mode is set to dynamic for Ethernet interface g7. Console(config)# interface ethernet g7 Console(config-if)# port security mode mac-addresses port security routed secure-address The port security routed secure-address Interface Configuration mode command adds MAC-layer secure addresses to a routed port.
5400_CLI.book Page 106 Wednesday, December 17, 2008 4:33 PM show bridge address-table The show bridge address-table Privileged EXEC mode command displays all entries in the bridgeforwarding database. Syntax • show bridge address-table [vlan vlan] [ethernet interface | port-channel port-channel-number] • vlan — Specific valid VLAN, such as VLAN 1. • interface — A valid Ethernet port. • port-channel-number — A valid port-channel number.
5400_CLI.book Page 107 Wednesday, December 17, 2008 4:33 PM show bridge address-table static The show bridge address-table static Privileged EXEC mode command displays statically created entries in the bridge-forwarding database. Syntax • show bridge address-table static [vlan vlan] [ethernet interface | port-channel port-channel-number] Parameters • vlan — Specifies a valid VLAN, such as VLAN 1. • interface — A valid Ethernet port number. • port-channel-number — A valid port-channel number.
5400_CLI.book Page 108 Wednesday, December 17, 2008 4:33 PM show bridge address-table count The show bridge address-table count Privileged EXEC mode command displays the number of addresses present in all VLANs or in a specific VLAN. Syntax • show bridge address-table count [vlan vlan] [ethernet interface-number | port-channel port-channelnumber] Parameters • vlan — Specifies a valid VLAN, such as VLAN 1. • interface — A valid Ethernet port. • port-channel-number — A valid port-channel number.
5400_CLI.book Page 109 Wednesday, December 17, 2008 4:33 PM show bridge multicast address-table The show bridge multicast address-table Privileged EXEC mode command displays Multicast MAC address table information. Syntax • show bridge multicast address-table [vlan vlan-id] [address mac-multicast-address | ip-multicastaddress] [format ip | mac] • vlan_id — A VLAN ID value. • mac-multicast-address — A MAC Multicast address in the format of xx:xx:xx:xx:xx:xx.
5400_CLI.book Page 110 Wednesday, December 17, 2008 4:33 PM Forbidden ports for Multicast addresses: Vlan MAC Address Ports ---- ----------- ---------- 1 01:00:5e:02:02:03 g8 19 01:00:5e:02:02:08 g8 Console # show bridge multicast address-table format ip Multicast address table for VLANs in MAC-GROUP bridging mode: Vlan IP/Mac Address Type Ports ---- ----------- ----- ---------- 1 224-239.130|2.2.3 static g1,g2 19 224-239.130|2.2.8 static g1-8 19 224-239.130|2.2.
5400_CLI.book Page 111 Wednesday, December 17, 2008 4:33 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example In this example, the Multicast configuration for VLAN 1 is displayed.
5400_CLI.book Page 112 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example In this example, all classes of entries in the port-lock status are displayed.
5400_CLI.book Page 113 Wednesday, December 17, 2008 4:33 PM Frequency: Minimum time in seconds between consecutive traps Counter: Number of actions since last trap show ports security addresses The show ports security addresses Privileged EXEC mode command displays the current dynamic addresses in locked ports. Syntax • show ports security addresses [ethernet interface | port-channel port-channel-number] • interface — A valid Ethernet port.
5400_CLI.
5400_CLI.book Page 115 Wednesday, December 17, 2008 4:33 PM Login Banner banner exec The banner exec Global Configuration mode command specifies and enables a message to be displayed when an EXEC process is created (The user has successfully logged in). Use the no form of this command to delete the existing EXEC banner. Syntax • banner exec d message d • no banner exec • d — Delimiting character, for example a pound sign (#). A delimiting character cannot be used in the banner message.
5400_CLI.book Page 116 Wednesday, December 17, 2008 4:33 PM • To customize the banner, use tokens in the form $(token) in the message text. The following table displays the tokens. Token Information displayed in the banner $(hostname) Displays the host name for the device. $(domain) Displays the domain name for the device. $(bold) Indicates that the next text is a bold text. Using this token again indicates the end of the bold text. $(inverse) Indicates that the next text is an inverse text.
5400_CLI.book Page 117 Wednesday, December 17, 2008 4:33 PM Syntax • banner login d message d • no banner login • d — Delimiting character, for example a pound sign (#). A delimiting character cannot be used in the banner message. • message — Message text. The message must start in a new line and can be a multi-line message. Tokens in the form $(token) in the message text can be included. Tokens are replaced with the corresponding configuration variable. Tokens are described in the usage guidelines.
5400_CLI.book Page 118 Wednesday, December 17, 2008 4:33 PM Example The following example sets a Login banner that uses tokens. The percent sign (%) is used as a delimiting character. Notice that the $(token) syntax is replaced by the corresponding configuration variable. Console (config)# banner login % Enter TEXT message. End with the character '%'. You have entered $(hostname).$(domain) % When the login banner is executed, the user will see the following banner: You have entered host123.ourdomain.
5400_CLI.book Page 119 Wednesday, December 17, 2008 4:33 PM • To customize the banner, use tokens in the form $(token) in the message text. The following table displays the tokens. Token Information displayed in the banner $(hostname) Displays the host name for the device. $(domain) Displays the domain name for the device. $(bold) Indicates that the next text is a bold text. Using this token again indicates the end of the bold text. $(inverse) Indicates that the next text is an inverse text.
5400_CLI.book Page 120 Wednesday, December 17, 2008 4:33 PM Default Configuration Enabled Command Mode Line Configuration mode User Guidelines • There are no user guidelines for this command. Example The following example enables the display of exec banners. Console (config)# line console Console(config-line)# exec-banner login-banner The login-banner Line Configuration mode command enables the display of login banners. Use the no form of this command to disable the display of login banners.
5400_CLI.book Page 121 Wednesday, December 17, 2008 4:33 PM motd-banner The motd-banner Line Configuration mode command enables the display of message-of-the-day banners. Use the no form of this command to disable the display of motd banners. Syntax • motd-banner • no motd-banner Default Configuration Enabled Command Mode Line Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example enables the display of message-of-the-day banners.
5400_CLI.book Page 122 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example displays the banners configuration.
5400_CLI.book Page 123 Wednesday, December 17, 2008 4:33 PM Clock clock set The clock set Privileged EXEC mode command manually sets the system clock. Syntax • clock set hh:mm:ss day month year or • clock set hh:mm:ss month day year • hh:mm:ss — Current time in hours (military format), minutes, and seconds. (0 - 23, mm: 0 59, ss: 0 - 59) • day — Current day (by date) in the month. (1 - 31) • month — Current month using the first three letters by name. (Jan, …, Dec) • year — Current year.
5400_CLI.book Page 124 Wednesday, December 17, 2008 4:33 PM Syntax • clock source {sntp} • no clock source • sntp — SNTP servers Default Configuration No external clock source. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Examples The following example configures an external time source for the system clock.
5400_CLI.book Page 125 Wednesday, December 17, 2008 4:33 PM Examples The following example sets the timezone to 6 hours difference from UTC. Console# (config)# clock timezone -6 zone CST clock summer-time The clock summer-time Global Configuration mode command configures the system to automatically switch to summer time (daylight saving time). Use the no form of this command to configure the software to not automatically switch to summer time.
5400_CLI.book Page 126 Wednesday, December 17, 2008 4:33 PM Default Configuration Summer time is disabled. offset offset — default is 60 zone acronym — If unspecified default to the timezone acronym. If the timezone has not been defined, the default will be UTC. Command Mode Global Configuration mode. User Guidelines • In both the date and recurring forms of the command, the first part of the command specifies when summer time begins, and the second part specifies when it ends.
5400_CLI.book Page 127 Wednesday, December 17, 2008 4:33 PM Syntax • sntp authentication-key number md5 value • no sntp authentication-key number • number — Key number. (Range: 1 - 4294967295) • value — Key value. (Range: Up to 8 characters) Default Configuration No authentication key is defined. Command Mode Global Configuration mode. User Guidelines • Multiple keys can be generated. Examples The following example defines the authentication key for SNTP.
5400_CLI.book Page 128 Wednesday, December 17, 2008 4:33 PM User Guidelines • The command is relevant for both Unicast and Broadcast. Examples The following example defines the authentication key for SNTP and grants authentication.
5400_CLI.book Page 129 Wednesday, December 17, 2008 4:33 PM sntp client poll timer The sntp client poll timer Global Configuration mode command sets the polling time for the Simple Network Time Protocol (SNTP) client. Use the no form of this command to return to default. Syntax • sntp client poll timer seconds • no sntp client poll timer • seconds — Polling interval in seconds (Range: 60 - 86400) Default Configuration SNTP client polling time is1024 seconds. Command Mode Global Configuration mode.
5400_CLI.book Page 130 Wednesday, December 17, 2008 4:33 PM User Guidelines • The sntp Broadcast client enable Interface Configuration mode command enables the device to receive Broadcast transmissions globally and on ALL interfaces. • Use the sntp client enable Interface Configuration mode command to enable the SNTP client on a specific interface. Examples The following example enables the SNTP Broadcast clients.
5400_CLI.book Page 131 Wednesday, December 17, 2008 4:33 PM sntp client enable The sntp client enable Global Configuration mode command enables the Simple Network Time Protocol (SNTP) Broadcast and Anycast client on an interface. Use the no form of this command to disable the SNTP client.
5400_CLI.book Page 132 Wednesday, December 17, 2008 4:33 PM Default Configuration Disabled. Command Mode Interface Configuration (Ethernet, Port-Channel, VLAN) mode. User Guidelines • Use the sntp client enable Global Configuration mode command to enable Broadcast clients globally. • Use the sntp anycast client enable Global Configuration mode command to enable Anycast clients globally. Examples The following example enables the SNTP client on the interface.
5400_CLI.book Page 133 Wednesday, December 17, 2008 4:33 PM Examples The following example enables the device to use the Simple Network Time Protocol (SNTP) to request and accept Network Time Protocol (NTP) traffic from servers. Console (config)# sntp unicast client enable sntp unicast client poll The sntp unicast client poll Global Configuration mode command enables polling for the Simple Network Time Protocol (SNTP) predefined Unicast clients.
5400_CLI.book Page 134 Wednesday, December 17, 2008 4:33 PM Syntax • sntp server {ip4-address | ip6-address | hostname}[poll] [key keyid] • no sntp server {ip4-address | ip6-address | hostname} • ip4-address — IPv4 server address. • ipv6-address — IPv6 server address. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified. Refer to the usage guidelines for the interface name syntax. • hostname — Hostname of the server.
5400_CLI.book Page 135 Wednesday, December 17, 2008 4:33 PM Example The following example configures the device to accept SNTP traffic from the server on 192.1.1.1. Console(config)# sntp server 192.1.1.1 show clock The show clock User EXEC mode command displays the time and date from the system clock. Syntax • show clock [detail] • detail — Shows timezone and summertime configuration. Default Configuration This command has no default configuration. Command Mode User EXEC mode.
5400_CLI.book Page 136 Wednesday, December 17, 2008 4:33 PM Example The following example displays the time and date from the system clock. Console# show clock 15:29:03 PDT(UTC-7) Jun 17 2002 Time source is SNTP Device> show clock detail 15:29:03 PDT(UTC-7) Jun 17 2002 Time source is SNTP Time zone: Acronym is PST Offset is UTC-8 Summertime: Acronym is PDT Recurring every year. Begins at first Sunday of April at 2:00. Ends at last Sunday of October at 2:00. Offset is 60 minutes.
5400_CLI.book Page 137 Wednesday, December 17, 2008 4:33 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Examples Console# show sntp configuration Polling interval: 7200 seconds MD5 Authentication keys: 8, 9 Authentication is required for synchronization. Trusted Keys: 8,9 Unicast Clients Polling: Enabled.
5400_CLI.book Page 138 Wednesday, December 17, 2008 4:33 PM show sntp status The show sntp status Privileged EXEC mode command shows the status of the Simple Network Time Protocol (SNTP). Syntax • show sntp status This command has no keywords or arguments. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Examples The following example shows the status of the SNTP.
5400_CLI.book Page 139 Wednesday, December 17, 2008 4:33 PM Configuration and Image Files dir To display list of files on a flash file system, use the dir Privileged EXEC command. Syntax • dir This command has no arguments or keywords. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 140 Wednesday, December 17, 2008 4:33 PM syslog1.sys r- 262144 -- 07-Feb-2005 10:16:02 syslog2.sys r- 262144 -- 07-Feb-2005 10:16:02 directry.prv -- 262144 -- 07-Feb-2005 10:15:56 startup-config rw 400000 95 13-Feb-2005 18:46:34 Total size of flash: 33292288 bytes Free size of flash: 20708893 bytes more To display a file, use the more Privileged EXEC command. Syntax • more url url — The location URL or reserved keyword of the source file to be copied.
5400_CLI.book Page 141 Wednesday, December 17, 2008 4:33 PM Examples Console# more ! version 12.1 ! . . . interface FastEthernetg1 ip address 176.242.100.100 255. ip pim dense-mode duplex auto speed auto ! . . . end rename To rename a file, use the rename Privileged EXEC command Syntax • rename url new-url • url — The location URL. • new-url — New URL.
5400_CLI.book Page 142 Wednesday, December 17, 2008 4:33 PM The following table shows keywords and URL prefixes: Keyword Source Destination flash Source or destination URL for Flash memory. It's the default in case a URL is specified without a prefix. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines NOTICE: *.sys and *.prv files can't be renamed. Example Console# rename configuration.bak m-config.
5400_CLI.book Page 143 Wednesday, December 17, 2008 4:33 PM copy The copy Privileged EXEC command copies any file from a source to a destination. Syntax • copy source-url destination-url [snmp] • source-url — The location URL or reserved keyword of the source file to be copied. (Range: 1 - 160 characters) • destination-url — The destination file URL or reserved keyword of the destination file. (Range: 1 - 160 characters) • snmp — Used only when copying from/to startup-config.
5400_CLI.book Page 144 Wednesday, December 17, 2008 4:33 PM User Guidelines • The location of a file system dictates the format of the source or destination URL. • The entire copying process may take several minutes and differs from protocol to protocol and from network to network. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified. Refer to the usage guidelines for the interface name syntax.
5400_CLI.book Page 145 Wednesday, December 17, 2008 4:33 PM Use the copy source-url running-config command to load a "configuration file" from a network server to the device "running configuration". The configuration is added to the "running configuration" as if the commands were typed in the command-line interface (CLI). The resulting configuration file is a combination of the previous "running configuration" and the loaded "configuration file", with the loaded "configuration file" having precedence.
5400_CLI.book Page 146 Wednesday, December 17, 2008 4:33 PM delete The delete Privileged EXEC mode command deletes a file from a Flash memory device. Syntax • delete url url — The location URL or reserved keyword of the source file to be copied. • The following table shows keywords and URL prefixes: Keyword Source or Destination flash Source or destination URL for Flash memory. It's the default in case a URL is specified without a prefix startup-config Represents the startup configuration file.
5400_CLI.book Page 147 Wednesday, December 17, 2008 4:33 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • Use the show bootvar command to find out which image is the active image. Examples The following example loads system image 1 for the next device startup. Console# boot system image-1 show running-config The show running-config Privileged EXEC mode command displays the contents of the currently running configuration file.
5400_CLI.book Page 148 Wednesday, December 17, 2008 4:33 PM Examples The following example displays the contents of the running-config file. Console# show running-config no spanning-tree vlan database vlan 2 exit interface range ethernet g(1-2) switchport access vlan 2 exit interface vlan 2 bridge address 00:00:00:00:00:01 ethernet g1 exit interface ethernet g1 gvrp enable exit gvrp enable interface ethernet g24 ip address dhcp exit ip name-server 10.6.1.
5400_CLI.book Page 149 Wednesday, December 17, 2008 4:33 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Examples The following example displays the contents of the startup-config file.
5400_CLI.book Page 150 Wednesday, December 17, 2008 4:33 PM show bootvar The show bootvar Privileged EXEC mode command displays the active system image file that the device loads at startup. Syntax • show bootvar Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Examples The following example displays the active system image file that the device loads at startup.
5400_CLI.book Page 151 Wednesday, December 17, 2008 4:33 PM Ethernet Configuration Commands interface ethernet The interface ethernet Global Configuration mode command enters the Interface Configuration mode to configure an Ethernet type interface. Syntax • interface ethernet interface • interface — Valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 152 Wednesday, December 17, 2008 4:33 PM Syntax • interface range ethernet {port-range | all} • port-range — List of valid ports to add. Separate non consecutive ports with a comma and no spaces; a hyphen is used to designate a range of ports. • all — All Ethernet ports. Default Configuration This command has no default configuration. Command Mode Global Configuration mode.
5400_CLI.book Page 153 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Examples The following example disables port g5. Console(config)# interface ethernet g5 Console(config-if)# shutdown The following example re-enables port g5. Console(config)# interface ethernet g5 Console(config-if)# no shutdown description The description Interface Configuration mode command adds a description to an interface.
5400_CLI.book Page 154 Wednesday, December 17, 2008 4:33 PM speed The speed Interface Configuration mode command configures the speed of a given Ethernet interface when not using auto-negotiation. Use the no form of this command to restore the default. Syntax • speed {10| 100 | 1000}. • no speed • 10 — Force 10 Mbps operation. • 100 — Force 100 Mbps operation. • 1000 — Force 1000 Mbps operation. Default Configuration Maximum port capability.
5400_CLI.book Page 155 Wednesday, December 17, 2008 4:33 PM Default Configuration The interface is set to full duplex. Command Mode Interface Configuration (Ethernet) mode. User Guidelines • Before attempting to force a particular duplex mode on the port operating at 10/100/1000 Mbps, disable the auto-negotiation on that port. • Half duplex mode can be set only for ports operating at 10 Mbps or 100 Mbps.
5400_CLI.book Page 156 Wednesday, December 17, 2008 4:33 PM Example The following example enables auto negotiation of Ethernet port 5. (config)# interface ethernet g5 (config-if)# negotiation (config-if)# flowcontrol The flowcontrol Interface Configuration mode command configures the Flow Control on a given interface. Use the no form of this command to restore the default. Syntax • flowcontrol {auto | on | off} • no flowcontrol • auto — Enables auto-negotiation of Flow Control.
5400_CLI.book Page 157 Wednesday, December 17, 2008 4:33 PM system flowcontrol The system flowcontrol Interface Configuration mode command enables flow control on cascade ports. To disable flow control, use the no form of this command. Syntax system flowcontrol no system flowcontrol Default Configuration System flowcontrol is disabled. Command Mode Interface Configuration mode. User Guidelines This command is only operational on the 48 port device.
5400_CLI.book Page 158 Wednesday, December 17, 2008 4:33 PM User Guidelines • Mdix Auto: All possibilities to connect a PC with cross OR normal cables are supported and are automatically detected. • Mdix ON: It is possible to connect to a PC only with a normal cable and to connect to another switch ONLY with a cross cable. • If MDIX is set to "no mdix", the device works opposite from the "MDIX On" behavior.
5400_CLI.book Page 159 Wednesday, December 17, 2008 4:33 PM port jumbo-frame The port jumbo-frame Global Configuration mode command enables jumbo frames for the device. The size of the port jumbo frame is 10K. Use the no form of this command to disable jumbo frames. Syntax • port jumbo-frame • no port jumbo-frame Default Configuration Jumbo Frames are not enabled. Command Mode Global Configuration mode. User Guidelines • The command would be effective only after reset.
5400_CLI.book Page 160 Wednesday, December 17, 2008 4:33 PM Example In the following example, the counters for interface g1 are cleared. Console# clear counters ethernet g1 set interface active The set interface active Privileged EXEC mode command reactivates an interface that was suspended by the system. Syntax • set interface active {ethernet interface | port-channel port-channel-number} • interface — Valid Ethernet port. • port-channel-number — V alid port-channel trunk index.
5400_CLI.book Page 161 Wednesday, December 17, 2008 4:33 PM Default Configuration This command has no default configuration. Command Modes Privilege EXEC mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 162 Wednesday, December 17, 2008 4:33 PM The displayed port configuration information includes the following: • Port — The port number. • Port Type — The port designated IEEE shorthand identifier. For example 1000Base-T refers to 1000 Mbps baseband signaling. • Duplex — Displays the port Duplex status. • Speed — Refers to the port speed. • Neg — Describes the Auto-negotiation status. • Flow Control — Displays the Flow Control status.
5400_CLI.
5400_CLI.
5400_CLI.book Page 165 Wednesday, December 17, 2008 4:33 PM show interfaces advertise The show interfaces advertise Privileged EXEC mode command displays auto-negotiation data. Syntax show interfaces advertise [ ethernet interface | port-channel port-channel-number ] • interface — A valid Ethernet port. • port-channel-number — Port channel index. A valid port channel. Default Configuration This command has no default configuration.
5400_CLI.
5400_CLI.book Page 167 Wednesday, December 17, 2008 4:33 PM Type: 1G-Copper Link state: Up Auto Negotiation: enabled 1000f 1000h 100f 100h 10f 10h Admin Local Link Advertisement yes no yes yes yes yes Oper Local Link Advertisement yes no yes yes yes yes Remote Link Advertisement N/A N/A N/A N/A N/A N/A Priority Resolution -- - - - - yes Link State: Up Auto Negotiation: disabled.
5400_CLI.book Page 168 Wednesday, December 17, 2008 4:33 PM Example The following example displays the description for the interface g1. Console# show interfaces description ethernet g1 Port Description ---- ------------------ g1 Management_port g2 R&D_port g3 Finance_port Ch Description ---- ------------------ Ch 1 Output show interfaces counters The show interfaces counters User EXEC mode command displays traffic seen by the physical interface.
5400_CLI.book Page 169 Wednesday, December 17, 2008 4:33 PM Examples The following example displays traffic seen by the physical interface.
5400_CLI.book Page 170 Wednesday, December 17, 2008 4:33 PM The following example displays counters for port g1.
5400_CLI.book Page 171 Wednesday, December 17, 2008 4:33 PM The following table describes the fields shown in the display: Field Description InOctets Counted received octets. InUcastPkts Counted received Unicast packets. InMcastPkts Counted received Multicast packets. InBcastPkts Counted received Broadcast packets. OutOctets Counted transmitted octets. OutUcastPkts Counted transmitted Unicast packets. OutMcastPkts Counted transmitted Multicast packets.
5400_CLI.book Page 172 Wednesday, December 17, 2008 4:33 PM Symbol Errors For an interface operating at 100 Mb/s, the number of times there was an invalid data symbol when a valid carrier was present.
5400_CLI.book Page 173 Wednesday, December 17, 2008 4:33 PM port storm-control include-multicast The port storm-control include-multicast Interface Configuration (Ethernet) mode command enables counting Multicast packets in the port storm-control broadcast rate command. Use the no form of this command to disable counting Multicast packets. Syntax • port storm-control include-multicast [unknown-unicast] • no port storm-control include-multicast Count unknown Unicast packets.
5400_CLI.book Page 174 Wednesday, December 17, 2008 4:33 PM User Guidelines • Use the port storm-control Broadcast rate Interface Configuration command to the set the maximum rate. • Use the port storm-control include-multicast Interface Configuration command to count also Multicast packets and optionally unknown Unicast packets in the storm control calculation. • The command can be enabled on specific port only if rate-limit Interface Configuration command is not enabled on that port.
5400_CLI.book Page 175 Wednesday, December 17, 2008 4:33 PM Example The following example configures the maximum Broadcast rate 10 kilobytes per second. console(config)# interface ethernet g2 console(config-if)# port storm-control broadcast rate 10 show ports storm-control The show ports storm-control Privileged EXEC mode command displays the storm control configuration. Syntax show ports storm-control [interface] • interface — A valid Ethernet port.
5400_CLI.
5400_CLI.book Page 177 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example displays the flow control state on cascade ports..
5400_CLI.
5400_CLI.book Page 179 Wednesday, December 17, 2008 4:33 PM DHCP Snooping ip dhcp snooping The ip dhcp snooping Global Configuration mode command globally enables DHCP snooping. Use the no form of this command to return to the default setting. Syntax • ip dhcp snooping • no ip dhcp snooping Default Configuration DHCP snooping disabled. Command Mode Global Configuration mode. User Guidelines • For any DHCP snooping configuration to take effect, you must globally enable DHCP snooping.
5400_CLI.book Page 180 Wednesday, December 17, 2008 4:33 PM Default Configuration DHCP snooping on VLAN disabled. Command Mode Global Configuration mode. User Guidelines • Prior to enabling DHCP snooping on a VLAN, globally enable DHCP snooping. Example The following example enables DHCP snooping on a VLAN. console (config)#ip dhcp snooping vlan vlan-id ip dhcp snooping trust The ip dhcp snooping trust Interface Configuration mode command configures a port as trusted for DHCP snooping purposes.
5400_CLI.book Page 181 Wednesday, December 17, 2008 4:33 PM Syntax • ip dhcp snooping information option allowed-untrusted • no ip dhcp snooping information option allowed-untrusted Default Configuration Discard DHCP packets with option-82 information from an untrusted port. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 182 Wednesday, December 17, 2008 4:33 PM Example The following example configures the switch to verify on an untrusted port that the source MAC address in a DHCP packet matches the client hardware address. console (config)#ip dhcp snooping verify ip dhcp snooping database The ip dhcp snooping database Global Configuration mode command configures the DHCP snooping binding file. Use the no form of this command to delete the binding file.
5400_CLI.book Page 183 Wednesday, December 17, 2008 4:33 PM Default Configuration 1200. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example configures the update frequency ofthe DHCP snooping binding file.
5400_CLI.book Page 184 Wednesday, December 17, 2008 4:33 PM User Guidelines • After entering this command, an entry is added to the DHCP snooping database. If DHCP snooping binding file exists, the entry is also added to that file. • The entries are displayed in the show commands as a ’DHCP Snooping entry’. Example The following example configures the DHCP snooping binding database and adds binding entries to the database.
5400_CLI.book Page 185 Wednesday, December 17, 2008 4:33 PM Default Configuration This command has no default configuration. Command Mode EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the DHCP snooping configuration.
5400_CLI.book Page 186 Wednesday, December 17, 2008 4:33 PM Command Mode EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the DHCP snooping binding database and configuration information for all interfaces on a switch. Console# show ip dhcp snooping binding Update frequency: 1200 Total number of binding: 2 186 Mac Address IP Address Lease(sec) Type VLAN Interface 0060.704C.73FF 10.1.8.1 7983 snooping 3 g21 0060.704C.
5400_CLI.book Page 187 Wednesday, December 17, 2008 4:33 PM GVRP Commands gvrp enable (global) GVRP, or GARP VLAN Registration Protocol, is an industry-standard protocol designed to propagate VLAN information from device to device. With GVRP, a single switch is manually configured with all desired VLANs for the network, and all other switches on the network learn these VLANs dynamically. The gvrp enable Global Configuration mode command enables GVRP globally.
5400_CLI.book Page 188 Wednesday, December 17, 2008 4:33 PM Syntax • gvrp enable • no gvrp enable Default Configuration GVRP is disabled on all interfaces by default. Command Mode Interface Configuration (Ethernet, port-channel) mode. User Guidelines • An access port would not dynamically join a VLAN because it is always a member in only one VLAN. • Membership in an untagged VLAN would be propagated in a same way as a tagged VLAN. i.e.
5400_CLI.book Page 189 Wednesday, December 17, 2008 4:33 PM Default Configuration The default timer values are as follows: • Join timer — 200 milliseconds • Leave timer — 600 milliseconds • Leavall timer — 10000 milliseconds Command Mode Interface Configuration (Ethernet, port-channel) mode. User Guidelines • The timer_value value must be a multiple of 10.
5400_CLI.book Page 190 Wednesday, December 17, 2008 4:33 PM User Guidelines • This command forbids dynamic VLAN creation from the interface. The creation or modification of dynamic VLAN registration entries as a result of the GVRP exchanges on an interface are restricted only to those VLANs for which static VLAN registration exists. Example The following example disables dynamic VLAN creation on port g8.
5400_CLI.book Page 191 Wednesday, December 17, 2008 4:33 PM clear gvrp statistics The clear gvrp statistics Privileged EXEC mode command clears all the GVRP statistics information. Syntax • clear gvrp statistics [ethernet interface | port-channel port-channel-number] • interface — A valid Ethernet interface. • port-channel-number — A valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
5400_CLI.book Page 192 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example shows how to display GVRP configuration information: Console# show gvrp configuration GVRP Feature is currently enabled on the switch.
5400_CLI.
5400_CLI.
5400_CLI.book Page 195 Wednesday, December 17, 2008 4:33 PM IGMP Snooping Commands ip igmp snooping (Global) The ip igmp snooping Global Configuration mode command enables Internet Group Management Protocol (IGMP) snooping. Use the no form of this command to disable IGMP snooping. Syntax • ip igmp snooping • no ip igmp snooping Default Configuration IGMP snooping is disabled. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 196 Wednesday, December 17, 2008 4:33 PM Default Configuration IGMP snooping is disabled. Command Mode Interface Configuration (VLAN) mode. User Guidelines • IGMP snooping can only be enabled on static VLANs. Example The following example enables IGMP snooping on VLAN 2.
5400_CLI.book Page 197 Wednesday, December 17, 2008 4:33 PM ip igmp snooping host-time-out The ip igmp snooping host-time-out Interface Configuration mode command configures the host-timeout. If an IGMP report for a Multicast group was not received for a host-time-out period from a specific port, this port is deleted from the member list of that Multicast group. Use the no form of this command to reset to default host-time-out.
5400_CLI.book Page 198 Wednesday, December 17, 2008 4:33 PM Default Configuration The default value is 300 seconds. Command Mode Interface Configuration (VLAN) mode. User Guidelines • There are no user guidelines for this command. Example The following example configures the mrouter timeout to 200 seconds.
5400_CLI.book Page 199 Wednesday, December 17, 2008 4:33 PM Example The following example configures the host leave-time-out to 60 seconds. Console (config)# interface vlan 2 Console (config-if)# ip igmp snooping leave-time-out 60 ip igmp snooping querier enable The ip igmp snooping querier enable Interface Configuration mode command enables Internet Group Management Protocol (IGMP) querier on a specific VLAN. Use the no form of this command to disable IGMP querier on a VLAN interface.
5400_CLI.book Page 200 Wednesday, December 17, 2008 4:33 PM ip igmp snooping querier address The ip igmp snooping querier address Interface Configuration mode command defines the source IP address that the IGMP Snooping querier uses. Use the no form of this command to return to default. Syntax • ip igmp snooping querier address ip-address • no ip igmp snooping querier address ip-address — Source IP address.
5400_CLI.book Page 201 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example shows IGMP snooping mrouter information. Console # show ip igmp snooping mrouter VLAN Ports ---- ------ 2 g1 show ip igmp snooping interface The show ip igmp snooping interface User EXEC mode command shows IGMP snooping configuration. Syntax • show ip igmp snooping interface vlan-id • vlan_id — VLAN ID value.
5400_CLI.book Page 202 Wednesday, December 17, 2008 4:33 PM Example The example displays IGMP snooping information. Console # show ip igmp snooping interface 1000 IGMP Snooping is globally enabled IGMP Snooping admin: Enabled Hosts and routers IGMP version: 2 IGMP snooping oper mode: Enabled IGMP snooping querier admin: Enabled IGMP snooping querier oper: Enabled IGMP snooping querier address admin: IGMP snooping querier address oper: 172.16.1.
5400_CLI.book Page 203 Wednesday, December 17, 2008 4:33 PM User Guidelines • To see the full Multicast address table (including static addresses) use the show bridge address-table command. Example The example shows IGMP snooping information. Console # show ip igmp snooping groups Vlan IP Address Querier Ports ----- ------------------ -------- ------------ 1 224-239.130|2.2.3 Yes g1, g2 19 224-239.130|2.2.
5400_CLI.
5400_CLI.book Page 205 Wednesday, December 17, 2008 4:33 PM IP Addressing Commands clear host dhcp The clear host dhcp Privileged EXEC mode command deletes entries from the host name-to-address mapping received from Dynamic Host Configuration Protocol (DHCP). Syntax • clear host dhcp {name | *} • name — Particular host entry to remove. (Range: 1 - 158 characters.) • * — Removes all entries. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
5400_CLI.book Page 206 Wednesday, December 17, 2008 4:33 PM Syntax • ip address ip-address {mask | prefix-length} • no ip address [ip-address] • ip-address — IP address • mask — Specifies the network mask of the IP address. (Range: Valid Subnet mask) • prefix-length — The number of bits that comprise the IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 8 -30) Default Configuration No IP address is defined for interfaces.
5400_CLI.book Page 207 Wednesday, December 17, 2008 4:33 PM Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet, VLAN, port-channel). User Guidelines • The ip address dhcp command allows any interface to dynamically learn its IP address by using the DHCP protocol. • Some DHCP Servers require that the DHCPDISCOVER message have a specific host name.
5400_CLI.book Page 208 Wednesday, December 17, 2008 4:33 PM Command Mode Global Configuration mode. User Guidelines • There are no User Guidelines for this command. Example The following example defines an ip default gateway. Console(config)# ip default-gateway 192.168.1.1 show ip interface The show ip interface User EXEC mode command displays the usability status of interfaces configured for IP.
5400_CLI.book Page 209 Wednesday, December 17, 2008 4:33 PM Console# show ip interface Gateway IP Address Type Activity Status --------------------- ----------- --------------- 10.7.1.1 Static Active IP address Interface Type ------------------- ------------ ------------ 10.7.1.192/24 VLAN 1 Static 10.7.2.192/24 VLAN 2 DHCP arp The arp Global Configuration mode command adds a permanent entry in the Address Resolution Protocol (ARP) cache.
5400_CLI.book Page 210 Wednesday, December 17, 2008 4:33 PM Example The following example adds the IP address 198.133.219.232 and MAC address 00:00:0c:40:0f:bc to the ARP table. Console (config)# arp 198.133.219.232 00:00:0c:40:0f:bc ethernet g8 arp timeout The arp timeout Global Configuration mode command configures how long an entry remains in the ARP cache. Use the no form of this command to restore the default value.
5400_CLI.book Page 211 Wednesday, December 17, 2008 4:33 PM Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example deletes all dynamic entries from the ARP cache. Console# clear arp-cache show arp The show arp Privileged EXEC mode command displays entries in the ARP table.
5400_CLI.book Page 212 Wednesday, December 17, 2008 4:33 PM Example The following example displays entries in the ARP table. Console# show arp ARP timeout: 60000 Seconds Interface IP address HW address status ---------- -------------- ---------------- -------- g1 10.7.1.102 00:10:B5:04:DB:4B Dynamic g2 10.7.1.135 00:50:22:00:2A:A4 Static ip domain-lookup The ip domain-lookup Global Configuration mode command enables the IP Domain Naming System (DNS)-based host name-to-address translation.
5400_CLI.book Page 213 Wednesday, December 17, 2008 4:33 PM ip domain-name The ip domain-name Global Configuration mode command defines a default domain name, that the software uses to complete unqualified host names (names without a dotted-decimal domain name). Use the no form of this command to disable use of the Domain Name System (DNS). Syntax • ip domain-name name • no ip domain-name • name — Default domain name used to complete unqualified host names.
5400_CLI.book Page 214 Wednesday, December 17, 2008 4:33 PM Command Mode Global Configuration mode. User Guidelines • The preference of the servers is determined by the order they were entered. • Up to 8 servers can be defined. Examples The following example sets the available name server. Console (config)# ip name-server 176.16.1.18 ip host The ip host Global Configuration mode command defines a static host name-to-address mapping in the host cache.
5400_CLI.book Page 215 Wednesday, December 17, 2008 4:33 PM clear host The clear host Privileged EXEC mode command deletes entries from the host name-to-address cache. Syntax • clear host {name | *} • name — Particular host entry to remove. (Range: 1 - 158 characters) • * — Removes all entries. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 216 Wednesday, December 17, 2008 4:33 PM Examples The following example displays host information. console> show hosts Default domain is GM.COM Name/address lookup is enabled Name servers: 176.16.1.18 176.16.1.19 Static host name-to-address mapping: Host Addresses ---- --------- www.dell.com 176.16.8.8 176.16.8.9 Cache: TTL(Hours) Host Total Elapsed ---- ----- --------- ------ --------- 3 171.64.14.203 www.dell.
5400_CLI.book Page 217 Wednesday, December 17, 2008 4:33 PM IPv6 Addressing ipv6 enable The ipv6 enable Interface Configuration mode command enables IPv6 processing on an interface. Use the no form of this command to disable IPv6 processing on an interface. Syntax • ipv6 enable [no-autoconfig] • no ipv6 enable – no-autoconfig — Enables IPv6 processing on an interface without a stateless address autoconfiguration procedure. Default Configuration IPv6 is disabled.
5400_CLI.book Page 218 Wednesday, December 17, 2008 4:33 PM ipv6 address autoconfig The ipv6 address autoconfig Interface Configuration mode command enables automatic configuration of IPv6 addresses using stateless autoconfiguration on an interface. Addresses are configured depending on the prefixes received in Router Advertisement messages. , Use the no form of this command to disable address autoconfiguration on the interface.
5400_CLI.book Page 219 Wednesday, December 17, 2008 4:33 PM • milliseconds — The time interval between tokens being placed in the bucket, each token represents a single ICMP error message. (Range: 0 - 2147483647) • bucketsize — The maximum number of tokens stored in the bucket. (Range: 1 - 200) Default Configuration The default interval is 100ms and the default bucketsize is 10 tokens. Command Mode Global Configuration mode.
5400_CLI.book Page 220 Wednesday, December 17, 2008 4:33 PM Example The following example displays the IPv6 ICMP error interval setting.. Console> show ipv6 icmp error-interval Rate limit interval: 100 ms Bucket size: 10 tokens ipv6 address The ipv6 address Interface Configuration mode command configures an IPv6 address for an interface. use the no form of this command to remove the address from the interface.
5400_CLI.book Page 221 Wednesday, December 17, 2008 4:33 PM Example The following example configures an IPv6 address FE80::260:3EFF:FE11:6770 for interface g1. Console# Console (config)# interface g1 Console (config-if)# ipv6 address FE80::260:3EFF:FE11:6770 ipv6 address link-local The ipv6 address link-local Interface Configuration mode command configures an IPv6 link-local address for an interface. Use the no form of this command to return to the default link local address on the interface.
5400_CLI.book Page 222 Wednesday, December 17, 2008 4:33 PM Example The following example assigns FE80::260:3EFF:FE11:6770 as the link-local address. Console# Console (config)# interface g1 Console (config-if)# ipv6 address FE80::260:3EFF:FE11:6770 linklocal ipv6 unreachables The ipv6 unreachables Interface Configuration mode command enables the generation of Internet Control Message Protocol for IPv6 (ICMPv6) unreachable messages for any packets arriving on a specified interface.
5400_CLI.book Page 223 Wednesday, December 17, 2008 4:33 PM Syntax • ipv6 default-gateway ipv6-address • no ipv6 default-gateway • ipv6-address — IPv6 address of the next hop that can be used to reach that network. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified. Refer to the usage guidelines for the interface name syntax. Default Configuration No default gateway is defined. Command Mode Global Configuration mode.
5400_CLI.book Page 224 Wednesday, December 17, 2008 4:33 PM Syntax • ipv6 mld join-group group-address • no ipv6 mld join-group group-address • group-address — The multicast group IPv6 address. Default Configuration This command has no default setting. Command Mode Interface configuration (Ethernet, VLAN, Port-channel). User Guidelines • The ipv6 mld join-group command configures MLD reporting for a specified group.
5400_CLI.book Page 225 Wednesday, December 17, 2008 4:33 PM Example The following example defines an IPv6 default gateway. Console(config-if)# ipv6 mld version 1 show ipv6 interface The show ipv6 interface Privileged EXEC mode command displays the usability status of interfaces configured for IPv6.
5400_CLI.
5400_CLI.
5400_CLI.book Page 228 Wednesday, December 17, 2008 4:33 PM Example The following example displays the current state of the IPv6 routing table. Console> show ipv6 route Codes: L - Local, S - Static, I - ICMP, ND - Router Advertisment The number in the brackets is the metric.
5400_CLI.book Page 229 Wednesday, December 17, 2008 4:33 PM User Guidelines • Duplicate address detection verifies the uniqueness of new unicast IPv6 addresses before the addresses are assigned to interfaces (the new addresses remain in a tentative state while duplicate address detection is performed). Duplicate address detection uses neighbor solicitation messages to verify the uniqueness of unicast IPv6 addresses.
5400_CLI.book Page 230 Wednesday, December 17, 2008 4:33 PM Syntax • ipv6 host name ipv6-address1 [ipv6-address2...ipv6-address4] • no ipv6 host name • name — Name of the host. (Range: 1 - 158 characters) • ipv6-address1 — Associated IPv6 address. The address is specified in hexadecimal using 16-bit values between colons. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified. Refer to the usage guidelines for the interface name syntax.
5400_CLI.book Page 231 Wednesday, December 17, 2008 4:33 PM Syntax • ipv6 neighbor ipv6_addr hw_addr {ethernet interface-number | vlan vlan-id | port-channel number } • no ipv6 neighbor ipv6_addr {ethernet interface-number | vlan vlan-id | port-channel number} – ipv6_addr — IPv6 address to map to the specified MAC address. – hw_addr — MAC address to map to the specified IPv6 address. – ethernet interface-number — Valid port number. – vlan vlan-id — VLAN number.
5400_CLI.book Page 232 Wednesday, December 17, 2008 4:33 PM Syntax • ipv6 set mtu {ethernet interface | vlan vlan-id | port-channel port-channel-number} { bytes | default} • ethernet interface — Valid interface number. • vlan vlan-id — VLAN number. • port-channel port-channel-number — Valid Port Channel index. • bytes — MTU in bytes with a minimum is 1280 bytes. • default— Sets the default MTU size to 1500 bytes. Default Configuration 1500 bytes. Command Mode Privileged EXEC mode.
5400_CLI.book Page 233 Wednesday, December 17, 2008 4:33 PM User Guidelines • The associated interface of a MAC address can be aged out from the FDB table, so the Interface field can be empty. • When an ARP entry is associated with an IP interface that is defined on a port or port-channel, the VLAN field is empty. • The possible neighbor cash states are: INCMP (Incomplete) — Address resolution is being performed on the entry.
5400_CLI.book Page 234 Wednesday, December 17, 2008 4:33 PM clear ipv6 neighbors The clear ipv6 neighbors Privileged EXEC mode command deletes all entries in the IPv6 neighbor discovery cache, except static entries. Syntax • clear ipv6 neighbors Default Configuration This command has no default setting. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 235 Wednesday, December 17, 2008 4:33 PM iSCSI Commands iscsi enable The iscsi enable Global Configuration mode command globally enables iSCSI awareness. Use the no form of this command to disable iSCSI awareness. Syntax • iscsi enable • no iscsi enable Default Configuration This command has no default configuration. Command Mode Global Configuration mode.
5400_CLI.book Page 236 Wednesday, December 17, 2008 4:33 PM Syntax • iscsi target port tcp-port-1 [tcp-port-2.… tcp-port-8] [address ip-address] [name targetname] • no iscsi target port tcp-port-1 [tcp-port-2.… tcp-port-8] [address ip-address] • tcp-port — TCP port number or list of TCP port numbers on which iSCSI target/s listen to requests. Up to 16 TCP ports can be defined in the system in one command or by using multiple commands. • ip-address — IP address of the iSCSI target.
5400_CLI.book Page 237 Wednesday, December 17, 2008 4:33 PM iscsi cos The iscsi cos Global Configuration mode command sets the quality of service profile that will be applied to iSCSI flows. Use the no form of this command to return to default. Syntax • iscsi cos {vpt vpt | dscp dscp} [remark] • no iscsi cos • vpt/dscp — The Virtual Priority Tag (VPT) or DSCP to which the iSCSI frames are assigned. • remark — Mark the iSCSI frames with the configured VPT/DSCP when egressing the switch.
5400_CLI.book Page 238 Wednesday, December 17, 2008 4:33 PM Syntax • iscsi aging-time time • no iscsi aging-time time — The number in minutes a session is not active prior to its removal. (Range: 1- 43,200) • Default Configuration 5 minutes. Command Mode Global Configuration mode. User Guidelines • All connections are measured in groups of 32. The aging time is the minimum time a connection's activity is measured deterministically.
5400_CLI.book Page 239 Wednesday, December 17, 2008 4:33 PM Default Configuration 256 connections. Command Mode Global Configuration mode. User Guidelines • The new setting takes affect after reset. • The amount of iSCSI connections affects other system features: iSCSI aware, DHCP snooping and ACL rules use the same system resource. When increasing the number of iSCSI connections the other application rules (DHCP snooping or ACL) can be removed after reset.
5400_CLI.book Page 240 Wednesday, December 17, 2008 4:33 PM Example The following example displays the iSCSI settings. Console # show iscsi iSCSI enabled iSCSI vpt is 5, remark Session aging time: 60 min Maximum number of connections is 256 -------------------------------------------------iSCSI targets and TCP ports: --------------------------- TCP Port Target IP Address Name 30001 172.16.1.1 iqn.1993-11.com.diskvendor:diskarrays.sn. 45678.tape:sys1.xyz 30033 172.16.1.10 30033 172.16.1.
5400_CLI.book Page 241 Wednesday, December 17, 2008 4:33 PM User Guidelines • The aging mechanism checks session activity in a group of N TCP iSCSI connections. In the worst case, when all 256 sessions are monitored and are not terminated gracefully, the existing mechanism causes inaccuracy: the last group of monitored iSCSI sessions ages out after (256/N)*aging-time. • In general, the higher number of ungracefully terminated iSCSI TCP connections, the higher the aging inaccuracy is.
5400_CLI.book Page 242 Wednesday, December 17, 2008 4:33 PM Initiator: iqn.1992-04.com.osvendor.plan9:cdrom.12.storage:sys1.xyz -------------------------------------------------------------- Time started: 23-Jul-2002 10:04:50 Time for aging out: 10 min ISID: 11 Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.3 49154 172.16.1.20 30001 172.16.1.4 49155 172.16.1.21 30001 172.16.1.5 49156 172.16.1.
5400_CLI.book Page 243 Wednesday, December 17, 2008 4:33 PM LACP Commands lacp system-priority The lacp system-priority Global Configuration mode command configures the system priority. Use the no form of this command to reset to default. Syntax • lacp system-priority value • no lacp system-priority • value — Value of the priority. (Range: 1 - 65535) Default Configuration The default system priority value is 1. Command Mode Global Configuration mode.
5400_CLI.book Page 244 Wednesday, December 17, 2008 4:33 PM Default Configuration The default port priority value is 1. Command Mode Interface Configuration (Ethernet) mode. User Guidelines • There are no user guidelines for this command. Example The following example configures the priority value for port g8 to 247.
5400_CLI.book Page 245 Wednesday, December 17, 2008 4:33 PM show lacp ethernet The show lacp ethernet Privilege EXEC mode command displays LACP information for Ethernet ports. Syntax • show lacp ethernet interface [parameters | statistics | protocol-state] • Interface — Ethernet interface. Default Configuration This command has no default configuration. Command Mode Privilege EXEC mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 246 Wednesday, December 17, 2008 4:33 PM Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example shows how to display LACP port-channel information.
5400_CLI.book Page 247 Wednesday, December 17, 2008 4:33 PM Line Commands line The line Global Configuration mode command identifies a specific line for configuration and enters the Line Syntax • line {console | telnet | ssh} • console — Console terminal line. • telnet — Virtual terminal for remote console access (Telnet). • ssh — Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration. Command Mode Global Configuration mode.
5400_CLI.book Page 248 Wednesday, December 17, 2008 4:33 PM Syntax • speed bps • bps — Baud rate in bits per second (bps). The options are 2400, 4800, 9600, 19200 and 38400. Default Configuration This default speed is 9600. Command Mode Line Configuration (console) mode. User Guidelines • The configured speed would be applied when Autobaud is disabled. • If Autobaud is disabled, the new speed is implemented immediately. Examples The following example sets the baud rate to 9600.
5400_CLI.book Page 249 Wednesday, December 17, 2008 4:33 PM Examples The following example sets the line for automatic baud rate detection. Console (config)# line console Console(config-line)# autobaud exec-timeout The exec-timeout Line Configuration mode command sets the interval that the system waits until user input is detected. Use the no form of this command to restore the default setting.
5400_CLI.book Page 250 Wednesday, December 17, 2008 4:33 PM show line The show line User EXEC mode command displays line parameters. Syntax • show line [console | telnet | ssh] • console — Console terminal line. • telnet — Virtual terminal for remote console access (Telnet). • ssh — Virtual terminal for secured remote console access (SSH). Default Configuration Default value is console. Command Mode User EXEC mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 251 Wednesday, December 17, 2008 4:33 PM Command Mode User EXEC mode. User Guidelines The command enables the command history for the current session. The default would be determined by the history Line Configuration command. Examples The following example disables the command history function for the current terminal session.
5400_CLI.
5400_CLI.book Page 253 Wednesday, December 17, 2008 4:33 PM LLDP Commands lldp enable (global) The lldp enable Global Configuration mode command enables Link Layer Discovery Protocol (LLDP). Use the no form of this command to disable LLD. Syntax • lldp enable • no lldp enable Default Configuration LLDP is enabled. Command Mode Global Configuration mode. User Guidlines • There are no guidelines for this command. Example The following example enables Link Layer Discovery Protocol (LLDP) .
5400_CLI.book Page 254 Wednesday, December 17, 2008 4:33 PM Syntax • lldp enable [rx | tx | both] • no lldp enable • rx — Receive only LLDP packets. • tx —Transmit only LLDP packets. • both — Receive and transmit LLDP packets (default) Default Configuration Enabled in both modes. Command Modes Interface Configuration (Ethernet) mode. User Guidelines • LLDP manages LAG ports individually. LLDP sends separate advertisements on each port in a LAG.
5400_CLI.book Page 255 Wednesday, December 17, 2008 4:33 PM Default Configuration Default — 30 seconds. Command Modes Global Configuration mode. User Guidelines There are no user guidelines for this command. Examples The following example specifies the system to send Link Layer Discovery Protocol (LLDP) updates every 50 seconds.
5400_CLI.book Page 256 Wednesday, December 17, 2008 4:33 PM Examples The following example specifies the amount of time the receiving device should hold a Link Layer Discovery Protocol (LLDP) packet to 10 before discarding it. Console (config) # lldp hold-multiplier 10 lldp reinit-delay The lldp reinit-delay Global Configuration mode command specifies the minimum time an LLDP port waits before reinitializing LLDP transmissions. Use the no form of this command to revert to the default setting.
5400_CLI.book Page 257 Wednesday, December 17, 2008 4:33 PM Syntax • lldp tx-delay seconds • no lldp tx-delay Parameters • seconds — Specifies the delay in seconds between successive LLDP frame transmissions initiated by value/status changes in the LLDP local systems MIB. (Range 1 - 8192 seconds) Default Configuration The default value is 2 seconds. Command Modes Global Configuration mode. Usage Guidelines • It is recommended that the TxDelay would be less than 0.25 of the LLDP timer interval.
5400_CLI.book Page 258 Wednesday, December 17, 2008 4:33 PM User Guidelines There are no user guidelines for this command. Example The following example specifies which optional TLV (2)s from the basic set should be transmitted. Console(config)# interface ethernet g5 Console(config-if)# lldp optional-tlv sys-name lldp management-address The lldp management-address Interface Configuration mode command specifies the management address that would be advertised from an interface.
5400_CLI.book Page 259 Wednesday, December 17, 2008 4:33 PM lldp med enable The lldp med enable Interface Configuration mode command enables Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) on an interface. Use the no form of this command to disable LLDP MED on an interface. Syntax • lldp med enable [tlv1 … tlv3] • no lldp med enable • tlv — Specifies TLV that should be included. Available TLVs are: network-policy and location.
5400_CLI.book Page 260 Wednesday, December 17, 2008 4:33 PM Syntax • lldp med network-policy number application [vlan id] [vlan-type {tagged | untagged}] [up priority] [dscp value] • no lldp med network-policy number • number — Network policy sequential number. • application — The name or the number of the primary function of the application defined for this network policy.
5400_CLI.book Page 261 Wednesday, December 17, 2008 4:33 PM Command Mode Interface Configuration (Ethernet) mode. User Guidelines There are no guidelines for this command. lldp med location The lldp med location Interface Configuration mode command configures location information for the Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) for an interface. Use the no form of this command to delete location information for an interface.
5400_CLI.book Page 262 Wednesday, December 17, 2008 4:33 PM clear lldp rx The clear lldp rx Privileged EXEC mode command restarts the LLDP RX state machine and clears the neighbors table. Syntax • clear lldp rx [ethernet interface] interface — Ethernet port • Command Modes Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The folowing example restarts the LLDP RX state machine and clears the neighbors table.
5400_CLI.book Page 263 Wednesday, December 17, 2008 4:33 PM Example The following example displays the Link Layer Discovery Protocol (LLDP) configuration.
5400_CLI.book Page 264 Wednesday, December 17, 2008 4:33 PM Example The following example displays the Link Layer Discovery Protocol (LLDP) information that is advertised from port g1. Switch# show lldp local ethernet g1 Device ID: 0060.704C.73FF Port ID: 1 Capabilities: Bridge System Name: ts-7800-1 System description: Port description: Management address: 172.16.1.8 802.
5400_CLI.book Page 265 Wednesday, December 17, 2008 4:33 PM show lldp neighbors The show lldp neighbors Privileged EXEC mode command displays information about neighboring devices discovered using Link Layer Discovery Protocol (LLDP). Syntax • show lldp neighbors [ethernet interface] • interface — Ethernet interface Command Modes Privileged EXEC mode. User Guidelines There are no user guidelines for this command.
5400_CLI.book Page 266 Wednesday, December 17, 2008 4:33 PM LLDP-MED Inventory Hardware revision: 2.1 Firmware revision: 2.3 Software revision: 2.7.1 Serial number: LM759846587 Manufacturer name: VP Model name: TR12 Asset ID: 9 show lldp med configuration The show lldp med configuration Privileged EXEC mode command displays the Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) configuration. Syntax • show lldp med configuration [ethernet interface] • interface — Ethernet port.
5400_CLI.book Page 267 Wednesday, December 17, 2008 4:33 PM Example The following example displays the Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) configuration.
5400_CLI.
5400_CLI.book Page 269 Wednesday, December 17, 2008 4:33 PM Management ACL management access-list The management access-list Global Configuration mode command defines an Access-List for management, and enters the Access-List for configuration. Once in the Access-List Configuration mode, the denied or permitted access conditions are configured with the deny and permit commands. Use the no form of this command to remove an Access List.
5400_CLI.book Page 270 Wednesday, December 17, 2008 4:33 PM Examples The following example shows how to create an Access-List called ’mlist’, configure two management interfaces ethernet g1 and ethernet g9, and make the Access-List the active list.
5400_CLI.book Page 271 Wednesday, December 17, 2008 4:33 PM permit (management) The permit Management Access-List Configuration mode command defines a permit rule. Syntax • permit [ethernet interface-number | vlan vlan-id | port-channel number] [service service] • permit ip-source {ipv4-address | ipv6-address/prefix-length} [mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel number] [service service] • ethernet interface-number — A valid Ethernet port number.
5400_CLI.book Page 272 Wednesday, December 17, 2008 4:33 PM deny (management) The deny Management Access-List Configuration mode command defines a deny rule. Syntax • deny [ethernet interface-number | vlan vlan-id | port-channel number] [service service] • deny ip-source {ipv4-address | ipv6-address/prefix-length}[mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel number] [service service] • ethernet interface-number — A valid Ethernet port number.
5400_CLI.book Page 273 Wednesday, December 17, 2008 4:33 PM management access-class The management access-class Global Configuration mode command defines which management Access-List is used. Use the no form of this command to disable restriction. Syntax • management access-class {console-only | name} • no management access-class • name — Name of the Access List. If unspecified, defaults to an empty Access-List.
5400_CLI.book Page 274 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example displays the active management Access-List. Console# show management access-list mlist ----permit ethernet g1 permit ethernet g9 ! (Note: all other access implicitly denied) show management access-class The show management access-class Privileged EXEC mode command displays the active management Access-List.
5400_CLI.book Page 275 Wednesday, December 17, 2008 4:33 PM PHY Diagnostics Commands test copper-port tdr The test copper-port tdr Privileged EXEC mode command diagnoses with TDR (Time Domain Reflectometry) technology the quality and characteristics of a copper cable attached to a port. Syntax • test copper-port tdr interface • interface — A valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
5400_CLI.book Page 276 Wednesday, December 17, 2008 4:33 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the last TDR (Time Domain Reflectometry) tests on all ports.
5400_CLI.book Page 277 Wednesday, December 17, 2008 4:33 PM User Guidelines • The port must be active and working in 1000M. Example The following example displays the estimated copper cable length attached to all ports.
5400_CLI.book Page 278 Wednesday, December 17, 2008 4:33 PM Examples The following example displays the optical transceiver diagnostics. console# show fiber-ports optical-transceiver Port Temp Voltage Current Power Output Power Input Power LOS ---- ----- ------- ------ ------ ------ --- g3 Copper g21 W OK E OK OK OK g22 OK OK OK OK OK OK Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage. Current – Measured TX bias current.
5400_CLI.book Page 279 Wednesday, December 17, 2008 4:33 PM The following example displays detailed optical transceiver diagnostics. console# show fiber-ports optical-transceiver detailed Port Temp [C] Voltage [Volt] Current [mA] Output Power [mWatt] Input Power [mWatt] LOS --- ----- ------ ------ ------ ---- --- g23 70 7.27 0.79 3.30 2.50 No g21 70 7.24 0.78 2.20 2.49 No Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage.
5400_CLI.
5400_CLI.book Page 281 Wednesday, December 17, 2008 4:33 PM Port Channel Commands interface port-channel The interface port-channel Global Configuration mode command enters the Interface Configuration mode of a specific port-channel. Syntax • interface port-channel port-channel-number • port-channel-number — A valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode Global Configuration mode.
5400_CLI.book Page 282 Wednesday, December 17, 2008 4:33 PM Syntax • interface range port-channel {port-channel-range | all} • port-channel-range — List of port-channels to configure. Separate non-consecutive port-channels with a comma and no spaces. A hyphen designates a range of port-channels. • all — All the channel-ports. Default Configuration This command has no default configuration. Command Mode Global Configuration mode.
5400_CLI.book Page 283 Wednesday, December 17, 2008 4:33 PM Command Mode Interface Configuration (Ethernet) mode. User Guidelines • There are no user guidelines for this command. Example The following example shows how port g5 is configured to port-channel number 1 without LACP.
5400_CLI.book Page 284 Wednesday, December 17, 2008 4:33 PM show interfaces port-channel The show interfaces port-channel Privileged EXEC mode command shows Port channel information. Syntax • show interfaces port-channel [port-channel-number] port_channel_number — Number of the Port channel to display. (Range: Valid port channel) • Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 285 Wednesday, December 17, 2008 4:33 PM Port Monitor Commands port monitor The port monitor Interface Configuration mode command starts a port monitoring session. Use the no form of this command to stop a port monitoring session. Syntax • port monitor src-interface [rx | tx] • no port monitor src-interface • src-interface — Valid Ethernet port or port-channel number. • rx — Monitors received packets only. If no option specified, monitors both rx and tx.
5400_CLI.book Page 286 Wednesday, December 17, 2008 4:33 PM • • The following restrictions apply to ports configured to be destination ports: • The port cannot be already configured as a source port. • The port cannot be a member in a port-channel. • An IP interface is not configured on the port. • GVRP is not enabled on the port. • The port is not a member in any VLAN, except for the default VLAN (will automatically be removed from the default VLAN).
5400_CLI.book Page 287 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example shows how the port copy status is displayed.
5400_CLI.
5400_CLI.book Page 289 Wednesday, December 17, 2008 4:33 PM QoS Commands qos The qos Global Configuration mode command enables quality of service (QoS) on the device and enters QoS basic mode. Use the no form of this command to disable the QoS features on the device. Syntax • qos • no qos Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 290 Wednesday, December 17, 2008 4:33 PM Command Mode User EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays a QoS mode. Console#show qos Qos: disabled Trust: dscp wrr-queue cos-map The wrr-queue cos-map Global Configuration mode command maps assigned CoS values to select one of the egress queues. Use the no form of this command to return to the default values. Syntax • wrr-queue cos-map queue-id cos1...
5400_CLI.book Page 291 Wednesday, December 17, 2008 4:33 PM User Guidelines • You can use this command to distribute traffic into different queues, where each queue is configured with different weighted round robin (WRR) parameters. • To enable the expedite queues, use the priority-queue out Interface Configuration mode command wrr-queue cos-map. Example The following example maps CoS 3 to queue 4.
5400_CLI.book Page 292 Wednesday, December 17, 2008 4:33 PM Example The following example assigns WRR weights to egress queues.
5400_CLI.book Page 293 Wednesday, December 17, 2008 4:33 PM Example The following example sets queue 8, 7 to be expedite queues. Console (config)# priority-queue out num-of-queues 2 traffic-shape The traffic-shape Interface Configuration (Ethernet, Port-Channel) mode command sets the shaper on an egress port. Use the no form of this command to disable the shaper.
5400_CLI.book Page 294 Wednesday, December 17, 2008 4:33 PM Syntax • rate-limit rate • no rate-limit rate — Specifies the maximum of kilobits per second of ingress traffic on a port. (Range: 3.5M – 1G ) • Default Configuration The default configuration is disabled. Command Mode Interface Configuration (Ethernet) mode. User Guidelines • The command can be enabled on a specific port only if port storm-control brodcast enable Interface Configuration command is not enabled on that port.
5400_CLI.book Page 295 Wednesday, December 17, 2008 4:33 PM Default Configuration There is no default configuration for this command. Command Mode User EXEC mode. User Guidelines If no keyword is specified with the show qos interface command, the port QoS mode (DSCP trusted, CoS trusted, untrusted), default CoS value, attached to the port, attached to the interface are displayed. If a specific interface is not specified, the information for all interfaces is displayed.
5400_CLI.book Page 296 Wednesday, December 17, 2008 4:33 PM qos map dscp-queue The qos map dscp-queue Global Configuration mode command modifies the DSCP to queue map. Use the no form of this command to return to the default map. Syntax • qos map dscp-queue dscp-list to queue-id • no qos map dscp-queue [dscp-list ] • dscp-list — Specify up to 8 DSCP values, separate each DSCP with a space. (Range: 0 - 63) • queue-id — Enter the queue number to which the DSCP value corresponds.
5400_CLI.book Page 297 Wednesday, December 17, 2008 4:33 PM Default Configuration CoS is the default trust mode. Command Mode Global Configuration mode. User Guidelines • Packets entering a quality of service (QoS) domain are classified at the edge of the QoS domain. When the packets are classified at the edge, the switch port within the QoS domain can be configured to one of the trusted states because there is no need to classify the packets at every switch within the domain.
5400_CLI.book Page 298 Wednesday, December 17, 2008 4:33 PM Example The following example configures port g5 to default trust state (CoS). Console (config)# interface ethernet g5 Console (config-if) qos trust qos cos The qos cos Interface Configuration mode command configures the default port CoS value. Use the no form of this command to return to the default setting. Syntax • qos cos default-cos • no qos cos default-cos — Specifies the default CoS value being assigned to the port.
5400_CLI.book Page 299 Wednesday, December 17, 2008 4:33 PM Default Configuration This command has no default configuration. Command Mode User EXEC mode . User Guidelines • There are no user guidelines for this command. Example The following example displays the DSCP port-queue map.
5400_CLI.
5400_CLI.book Page 301 Wednesday, December 17, 2008 4:33 PM Radius Commands radius-server host The radius-server host Global Configuration mode command specifies a RADIUS server host. Use the no form of this command to delete the specified RADIUS host.
5400_CLI.book Page 302 Wednesday, December 17, 2008 4:33 PM Default Configuration By default, no RADIUS host is specified. Command Mode Global Configuration mode. User Guidelines • To specify multiple hosts, multiple radius-server host commands can be used. • If no host-specific timeout, retransmit, deadtime or key values are specified, the global values apply to each host. • The address type of the source parameter must be the same as the ip-address parameter.
5400_CLI.book Page 303 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon to "dell-server".
5400_CLI.book Page 304 Wednesday, December 17, 2008 4:33 PM radius-server source-ip The radius-server source-ip Global Configuration mode command specifies the source IP address used for communication with RADIUS servers. Use the no form of this command to return to the default. Syntax • radius-server source-ip source • no radius source-server-ip source source — Specifies the source IP address. • Default Configuration The default IP address is the outgoing IP interface.
5400_CLI.book Page 305 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example configures the source IPv6 address used for communication with RADIUS servers. Console (config)# radius-server source-ipv6 3156::98 radius-server timeout The radius-server timeout Global Configuration mode command sets the interval for which a device waits for a server host to reply. Use the no form of this command to restore the default.
5400_CLI.book Page 306 Wednesday, December 17, 2008 4:33 PM radius-server deadtime The radius-server deadtime Global Configuration mode command improves RADIUS response times when servers are unavailable. The command is used to cause the unavailable servers to be skipped. Use the no form of this command to reset the default value. Syntax • radius-server deadtime deadtime • no radius-server deadtime deadtime — Length of time in minutes, for which a RADIUS server is skipped over by transaction requests.
5400_CLI.book Page 307 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Examples The following example displays the RADIUS server settings. Console# show radius-servers IP address Port Auth Time Out Retransmit Dead time Source IP Priority Usage --------- ---- ----- ---------- ------ ----- ------- ----- 172.16.1.1 1645 Global Global Global Global 1 All 172.16.1.
5400_CLI.
5400_CLI.book Page 309 Wednesday, December 17, 2008 4:33 PM RMON Commands show rmon statistics The show rmon statistics User EXEC mode command displays RMON Ethernet Statistics. Syntax • show rmon statistics {ethernet interface number | port-channel port-channel-number} • interface — Valid Ethernet port. • port-channel-number — Valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode User EXEC mode.
5400_CLI.book Page 310 Wednesday, December 17, 2008 4:33 PM Example The following example displays RMON Ethernet Statistics for port g1.
5400_CLI.book Page 311 Wednesday, December 17, 2008 4:33 PM Oversize Pkts The total number of packets received longer than 1518 octets (excluding framing bits, but including FCS octets) and otherwise well formed. Fragments The total number of packets received less than 64 octets in length (excluding framing bits but including FCS octets) and either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
5400_CLI.book Page 312 Wednesday, December 17, 2008 4:33 PM Syntax • rmon collection history index [owner ownername] [buckets bucket-number] [interval seconds] • no rmon collection history index • index — The requested statistics index group. (Range: 1 - 65535) • owner ownername — Records the RMON statistics group owner name. If unspecified, the name is an empty string.
5400_CLI.book Page 313 Wednesday, December 17, 2008 4:33 PM Command Mode User EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays all RMON group statistics.
5400_CLI.book Page 314 Wednesday, December 17, 2008 4:33 PM show rmon history The show rmon history User EXEC mode command displays RMON Ethernet Statistics history. Syntax • show rmon history index {throughput | errors | other} [period seconds] • index — The requested set of samples. (Range: 1 - 65535) • throughput — Displays throughput counters. • errors — Displays error counters. • other — Displays drop and collision counters. • period seconds — Specifies the requested period time to display.
5400_CLI.book Page 315 Wednesday, December 17, 2008 4:33 PM The following example displays RMON Ethernet Statistics history for "errors" on index number 5.
5400_CLI.book Page 316 Wednesday, December 17, 2008 4:33 PM The following table describes the significant fields shown in the display: 316 Field Description Time Date and Time the entry is recorded. Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). Packets The number of packets (including bad packets) received during this sampling interval.
5400_CLI.book Page 317 Wednesday, December 17, 2008 4:33 PM rmon alarm The rmon alarm Global Configuration mode command configures alarm conditions. Use the no form of this command to remove an alarm. Syntax • rmon alarm index variable interval rthreshold fthreshold revent fevent [type type] [startup direction] [owner name] • no rmon alarm index • index — The alarm index. (Range: 1 - 65535) • variable — The object identifier of the particular variable to be sampled.
5400_CLI.book Page 318 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 319 Wednesday, December 17, 2008 4:33 PM Example The following example displays the alarms summary table. Console# show rmon alarm-table Index OID Owner ----- ------------------- -------------- 1 1.3.6.1.2.1.2.2.1.10.1 CLI 2 1.3.6.1.2.1.2.2.1.10.1 Manager 3 1.3.6.1.2.1.2.2.1.10.9 CLI The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the entry. OID Monitored variable OID.
5400_CLI.book Page 320 Wednesday, December 17, 2008 4:33 PM Example The following example displays RMON 1 alarms. Console# show rmon alarm 1 Alarm 1 ------OID: 1.3.6.1.2.1.2.2.1.10.1 Last sample Value: 878128 Interval: 30 Sample Type: delta Startup Alarm: rising Rising Threshold: 8700000 Falling Threshold: 78 Rising Event: 1 Falling Event: 1 Owner: CLI The following table describes the significant fields shown in the display: 320 Field Description OID Monitored variable OID.
5400_CLI.book Page 321 Wednesday, December 17, 2008 4:33 PM Startup Alarm The alarm that may be sent when this entry is first set. If the first sample is greater than or equal to the rising threshold, and startup alarm is equal to rising or rising and falling, then a single rising alarm is generated. If the first sample is less than or equal to the falling threshold, and startup alarm is equal falling or rising and falling, then a single falling alarm is generated.
5400_CLI.book Page 322 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example configures an event with the trap index of 10. Console (config)# rmon event 10 log show rmon events The show rmon events User EXEC mode command displays the RMON event table. Syntax • show rmon events Default Configuration This command has no default configuration. Command Mode User EXEC mode.
5400_CLI.book Page 323 Wednesday, December 17, 2008 4:33 PM The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the event. Description A comment describing this event. Type The type of notification that the device generates about this event. Can have the following values: none, log, trap, log-trap. In the case of log, an entry is made in the log table for each event.
5400_CLI.book Page 324 Wednesday, December 17, 2008 4:33 PM Example The following example displays the RMON logging table.
5400_CLI.book Page 325 Wednesday, December 17, 2008 4:33 PM rmon table-size The rmon table-size Global Configuration mode command configures the maximum RMON tables sizes. Use the no form of this command to return to the default configuration. Syntax • rmon table-size {history en.tries | log entries} • no rmon table-size {history | log} • history entries — Maximum number of history table entries. (Range: 20 - 32767) • log entries — Maximum number of log table entries.
5400_CLI.
5400_CLI.book Page 327 Wednesday, December 17, 2008 4:33 PM SNMP Commands snmp-server community The snmp-server community command sets up the community access string to permit access to the Simple Network Management Protocol command. Use the no form of this command removes the specified community string.
5400_CLI.book Page 328 Wednesday, December 17, 2008 4:33 PM User Guidelines • The view-name parameter cannot be specified for su, which has access to the whole MIB. • The view-name parameter can be used to restrict the access rights of a community string. When it is specified: • • – An internal security name is generated. – The internal security name for SNMPv1 and SNMPv2 security models is mapped to an internal group name.
5400_CLI.book Page 329 Wednesday, December 17, 2008 4:33 PM Default Setting ’Default’ and ’DefaultSuper’ views exists. Command Mode Global Configuration mode. User Guidelines • You can enter this command multiple times for the same view record. • The number of views is limited to 64. • "Default" and "DefaultSuper" views exist. Those views are used by the software internally and can't be deleted or modified.
5400_CLI.book Page 330 Wednesday, December 17, 2008 4:33 PM Command Modes Global Configuration mode. User Guidelines • You can enter this command multiple times for the same filter record. Later lines take precedence when an object identifier is included in two or more lines. .
5400_CLI.book Page 331 Wednesday, December 17, 2008 4:33 PM snmp-server location The snmp-server location Global Configuration mode command sets up information on where the device is located. To remove the location string use, the no form of this command. Syntax • snmp-server location text no snmp-server location • text — Character string, up to 160 characters, describing the system location. Default Configuration This command has no default configuration. Command Mode Global Configuration mode.
5400_CLI.book Page 332 Wednesday, December 17, 2008 4:33 PM Examples The following example displays the command to enable SNMP traps. Console (config)# snmp-server enable traps snmp-server trap authentication The snmp-server trap authentication Global Configuration mode command enables the switch to send Simple Network Management Protocol traps when authentication fails. Use the no form of this command to disable SNMP authentication failed traps.
5400_CLI.book Page 333 Wednesday, December 17, 2008 4:33 PM Syntax • snmp-server host {ip4-address | ip6-address | hostname} community-string [traps | informs] [1 | 2] [udp-port port] [filter filtername] [timeout seconds] [retries retries] • no snmp-server host {ip4-address | ip6-address | hostname} [traps | informs] • ip4-address — The host IPv4 address (the targeted recipient). • ip6-address — The host IPv6 address (the targeted recipient).
5400_CLI.book Page 334 Wednesday, December 17, 2008 4:33 PM • If a trap and inform are defined on the same target, and an inform was sent, the trap is not sent. • The IPv6Z address format: % – interface-name — vlan | ch | isatap | | 0 – integer — | – decimal-number — 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 – physical-port-name — Designated port number, for example g1.
5400_CLI.book Page 335 Wednesday, December 17, 2008 4:33 PM Examples The following example sets the scalar MIB "sysName" to have the value "dell". Console (config)# snmp-server set sysName sysname dell The following example sets the entry MIB "rndCommunityTable" with keys 0.0.0.0 and "public". The field rndCommunityAccess gets the value "super" and the rest of the fields get their default values. Console (config)# snmp-server set rndCommunityTable rndCommunityMngStationAddr 0.0.0.
5400_CLI.book Page 336 Wednesday, December 17, 2008 4:33 PM Default Configuration No group entry exists. Command Mode Global Configuration mode. User Guidelines • The Router context is translated to "" context in the MIB.
5400_CLI.book Page 337 Wednesday, December 17, 2008 4:33 PM • md5-des-keys — Concatenated hexadecimal string of the MD5 key (MSB) and the privacy key (LSB). If authentication is only required you should enter 16 bytes, if authentication and privacy are required you should enter 32 bytes. Each byte in hexadecimal character strings is two hexadecimal digits. Each byte can be separated by a period or colon. (Range: 16 - 32 characters) • auth-sha-key — The HMAC-SHA-96 authentication level.
5400_CLI.book Page 338 Wednesday, December 17, 2008 4:33 PM Syntax • snmp-server v3-host {ip4-address | ip6-address | hostname} | hostname} username [traps | informs] {noauth | auth | priv} [udp-port port] [filter filtername] [timeout seconds] [retries retries] • no snmp-server v3-host {ip4-address | ip6-address | hostname} username [traps | informs] • ip4-address — The host IPv4 address (the targeted recipient). • ip6-address — The host IPv6 address (the targeted recipient).
5400_CLI.book Page 339 Wednesday, December 17, 2008 4:33 PM User Guidelines • The command logical key is the pair (ip-address/hostname, traps/informs). • A user and notification view are not automatically created. Use the snmp-server user, snmp-server group and snmp-server view Global Configuration mode commands to generate a user, group and notify group, respectively.
5400_CLI.book Page 340 Wednesday, December 17, 2008 4:33 PM Default Setting The engine ID is not configured. If SNMPv3 is enabled using this command, and the default is specified, the default engine ID is defined per standard as: • First 4 octets — first bit = 1, the rest is IANA Enterprise number. • Fifth octet — set to 3 to indicate the MAC address that follows. • Last 6 octets — MAC address of the device. Command Mode Global Configuration mode.
5400_CLI.book Page 341 Wednesday, December 17, 2008 4:33 PM Example The following example specifies the Simple Network Management Protocol (SNMP) engineID on the local device. Console(config) # snmp-server engineID local default show snmp engineid The show snmp engineID Privileged EXEC mode command displays the ID of the local Simple Network Management Protocol (SNMP) engine. Syntax • show snmp engineID Default Setting This command has no default configuration. Command Mode Privileged EXEC mode.
5400_CLI.book Page 342 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example displays the SNMP communications status. . console# sh snmp Traps are enabled. Authentication trap is enabled.
5400_CLI.book Page 343 Wednesday, December 17, 2008 4:33 PM Command Modes Privileged EXEC mode. User Guidelines • There are no user guidelines for this command Example The following example displays the configuration of views use the show snmp views Privileged EXEC command. Console # show snmp views Name OID Tree Type user-view 1.3.6.1.2.1.1 Included user-view 1.3.6.1.2.1.1.7 Excluded user-view 1.3.6.1.2.1.2.2.1.*.
5400_CLI.book Page 344 Wednesday, December 17, 2008 4:33 PM Example The following example displays the configuration of views use the show snmp views Privileged EXEC command.
5400_CLI.book Page 345 Wednesday, December 17, 2008 4:33 PM Default Configuration There is no default configuration for this command. Command Modes Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the configuration of filters use the show snmp filters Privileged EXEC command. Console # show snmp filters Name OID Tree Type user-filter 1.3.6.1.2.1.1 Included user-filter 1.3.6.1.2.1.1.7 Excluded user-filter 1.3.6.1.
5400_CLI.book Page 346 Wednesday, December 17, 2008 4:33 PM Example The following example displays the configuration of groups use the show snmp users Privileged EXEC command. Console # show snmp users Name group name Auto Method John 1.3.6.1.2.1.1 md5 John 1.3.6.1.2.1.1.
5400_CLI.book Page 347 Wednesday, December 17, 2008 4:33 PM Spanning-Tree Commands spanning-tree The spanning-tree Global Configuration mode command enables spanning-tree functionality. Use the no form of this command to disable spanning-tree functionality. Syntax • spanning-tree • no spanning-tree Default Configuration Spanning-tree is enabled. Command Modes Global Configuration mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 348 Wednesday, December 17, 2008 4:33 PM Syntax • spanning-tree mode {stp | rstp| mstp} • no spanning-tree mode • stp — STP is the Spanning Tree operative mode. • rstp — RSTP is the Spanning Tree operative mode. • mstp — MSTP is enabled Default Configuration STP configured. Command Modes Global Configuration mode. User Guidelines • In RSTP mode, the switch would use STP when the neighbor switch is using STP.
5400_CLI.book Page 349 Wednesday, December 17, 2008 4:33 PM User Guidelines • When configuring the Forward-Time the following relationship should be kept: – 2*(Forward-Time - 1) >= Max-Age Example The following example configures spanning-tree bridge forward time to 25 seconds.
5400_CLI.book Page 350 Wednesday, December 17, 2008 4:33 PM spanning-tree max-age The spanning-tree max-age Global Configuration mode command configures the spanning-tree bridge maximum age. Use the no form of this command to reset the default maximum age. Syntax • spanning-tree max-age seconds • no spanning-tree max-age seconds -Time in seconds. (Range: 6 - 40) • Default Configuration The default max-age for IEEE STP is 20 seconds. Command Modes .
5400_CLI.book Page 351 Wednesday, December 17, 2008 4:33 PM Command Modes Global Configuration mode. User Guidelines • The priority value must be a multiple of 4096. • The bridge with the lowest priority is elected to be the Root Bridge. Example The following example configures spanning-tree priority to 12288. Console(config)# spanning-tree priority 12288 spanning-tree disable The spanning-tree disable Interface Configuration mode command disables spanning-tree on a specific port.
5400_CLI.book Page 352 Wednesday, December 17, 2008 4:33 PM spanning-tree cost The spanning-tree cost Interface Configuration mode command configures the spanning-tree path cost for a port. Use the no form of this command to reset the default port path cost. Syntax • spanning-tree cost cost • no spanning-tree cost cost — The port path cost.
5400_CLI.book Page 353 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example configures the spanning priority on g5 to 96. Console(config)# interface ethernet g5 Console(config-if)# spanning-tree port-priority 96 spanning-tree portfast The spanning-tree portfast Interface Configuration mode command enables PortFast mode.
5400_CLI.book Page 354 Wednesday, December 17, 2008 4:33 PM spanning-tree link-type The spanning-tree link-type Interface Configuration mode command overrides the default link-type setting. Use the no form of this command to reset the default. Syntax • spanning-tree link-type {point-to-point | shared} • no spanning-tree link-type • point-to-point — Specifies the port link type as point-to-point. • shared — Specifies that the port link type is shared.
5400_CLI.book Page 355 Wednesday, December 17, 2008 4:33 PM Default Setting The default bridge priority for IEEE Spanning Tree Protocol (STP) is 32768. Command Mode Global Configuration mode. User Guidelines • The device with the lowest priority is selected as the root of the spanning tree. Example The following example configures the spanning tree priority of instance 1 to 4096.
5400_CLI.book Page 356 Wednesday, December 17, 2008 4:33 PM spanning-tree mst port-priority The spanning-tree mst port-priority Interface Configuration mode command configures port priority for the specified MST instance. Use the no form of this command to return to the default configuration. Syntax • spanning-tree mst instance-id port-priority priority • no spanning-tree mst instance-id port-priority • instance-ID — ID of the spanning tree instance. (Range: 1 - 15) • priority — The port priority.
5400_CLI.book Page 357 Wednesday, December 17, 2008 4:33 PM Default Setting Default path cost is determined by port speed and path cost method (long or short) as shown below: Interface Long Short Port-channel 20,000 4 Gigabit Ethernet (1000 Mbps) 20,000 4 Fast Ethernet (100 Mbps) 200,000 19 Ethernet (10 Mbps) 2,000,000 100 Command Modes Interface Configuration (Ethernet, port-channel) mode. Default Configuration There is no default configuration for this command.
5400_CLI.book Page 358 Wednesday, December 17, 2008 4:33 PM Example The following example configures an MST region. Console(config)# spanning-tree mst configuration Console(config-mst) # instance 1 add vlan 10-20 Console(config-mst) # name region1 Console(config-mst) # revision 1 instance (mst) The instance MST Configuration mode command maps VLANS to an MST instance. Syntax • instance instance-id {add | remove} vlan vlan-range • instance-ID — ID of the MST instance.
5400_CLI.book Page 359 Wednesday, December 17, 2008 4:33 PM name (mst) The name MST Configuration mode command defines the configuration name. Use the no form of this command to return to the default setting. Syntax • name string • no name • string — MST configuration name and is case-sensitive. (Range: 1 - 32 characters) Default Setting The default name is a bridge ID. Command Mode MST Configuration mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 360 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example sets the configuration revision to 1. Console(config) # spanning-tree mst configuration Console(config-mst) # revision 1 show (mst) The show MST Configuration mode command displays the current or pending MST region configuration. Syntax • show {current | pending} • current — Indicates the current region configuration.
5400_CLI.book Page 361 Wednesday, December 17, 2008 4:33 PM exit (mst) The exit MST Configuration mode command exits the MST Configuration mode and applies all configuration changes. Syntax • exit Default Setting This command has no default configuration. Command Mode MST Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example exits the MST Configuration mode and saves changes.
5400_CLI.book Page 362 Wednesday, December 17, 2008 4:33 PM Example The following example exits the MST Configuration mode without saving changes. Console(config) # spanning-tree mst configuration Console(config-mst) # abort spanning-tree pathcost method The spanning-tree pathcost method Global Configuration mode command sets the default path cost method. Use the no form of this command to revert to the default setting.
5400_CLI.book Page 363 Wednesday, December 17, 2008 4:33 PM Syntax • spanning-tree bpdu {filtering | flooding} • no spanning-tree bpdu • filtering — Filter BPDU packets when spanning-tree is disabled on an interface. • flooding — Flood BPDU packets when spanning-tree is disabled on an interface. Default Configuration The default definition is flooding. Command Modes Global Configuration mode.
5400_CLI.book Page 364 Wednesday, December 17, 2008 4:33 PM Example The following example restarts the protocol migration process (forces the renegotiation with neighboring switches) on g1. Console# clear spanning-tree detected-protocols ethernet g1 show spanning-tree The show spanning-tree Privileged EXEC mode command displays spanning-tree configuration.
5400_CLI.book Page 365 Wednesday, December 17, 2008 4:33 PM Examples The following example displays spanning-tree information. Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 2000 Root Port 1(g1) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.
5400_CLI.book Page 366 Wednesday, December 17, 2008 4:33 PM Root ID Priority Address 36864 00:02:4b:29:7a:00 This switch is the Root. Hello Time 2 Max Age 20 sec sec 15 sec Forward Delay Interfaces Name 1 2 State Prio.Nbr Enabled 128.1 Enabled 128.2 Cost Sts Role 20000 FWD Desg 20000 FWD Desg PortFast Type No P2p (RSTP) No Shared (STP) 3 Disabled 128.3 20000 4 Enabled 128.4 20000 FWD 128.
5400_CLI.book Page 367 Wednesday, December 17, 2008 4:33 PM Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Delay 15 sec Forward Interfaces Name State g1 Enabled Prio.Nbr Cost Sts Role PortFast Type 128.1 20000 g2 Enabled 128.2 20000 g3 Disabled 128.3 20000 g4 Enabled 128.4 20000 g5 Enabled 128.
5400_CLI.book Page 368 Wednesday, December 17, 2008 4:33 PM Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 Max Age 20 sec sec Delay 15 sec Forward Interfaces Name State Prio.Nbr 128.1 Cost Sts 20000 FWD Role g1 Enabled Root g2 Enabled 128.2 20000 FWD Desg g4 Enabled 128.
5400_CLI.book Page 369 Wednesday, December 17, 2008 4:33 PM Interfaces Name State 1/4 Enabled Prio.Nbr 128.
5400_CLI.book Page 370 Wednesday, December 17, 2008 4:33 PM State: Forwarding Role: Root Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto) RSTP Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:01:42:97:e0:00 Designated port id: 128.25 Designated path cost: 0 Guard root: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 2 (1/2) enabled State: Forwarding Role: Designated Port id: 128.
5400_CLI.book Page 371 Wednesday, December 17, 2008 4:33 PM Port 4 (1/4) enabled State: Blocking Role: Alternate Port Identifier: 128.4 Port cost: 20000 Type: Shared (configured: auto) STP Port Fast: No (configured:no) Designated bridge Priority: 28672 Address: 00:30:94:41:62:c8 Designated port id: 128.25 Designated path cost: 20000 Guard root:Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 5 (1/5) enabled State: Disabled Role: N/A Port id: 128.
5400_CLI.book Page 372 Wednesday, December 17, 2008 4:33 PM Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9 CST Root ID IST Master ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (g1) Hello Time 2 sec Max Age 20 sec Delay 15 sec Priority 32768 Address 00:02:4b:29:7a:00 Hello Time 2 sec. Max Age 20 sec Forward Forward Delay 15 sec Max hops 20 Interfaces Name State Prio.
5400_CLI.book Page 373 Wednesday, December 17, 2008 4:33 PM Bridge ID Priority 32768 Address 00:02:4b:29:7a:00 Number of topology changes 2 last change occurred 1d9h ago Times: hold 1, topology change 2, notification 2 hello 2, max age 20, forward delay 15 Port 1 (g1) enabled State: Forwarding Role: Boundary Port id: 128.
5400_CLI.book Page 374 Wednesday, December 17, 2008 4:33 PM Port 3 (1/3) disabled State: Blocking Role: Alternate Port id: 128.3 Port cost: 20000 Type: Shared (configured: auto) Internal Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:1a:19 Designated port id: 128.78 Designated path cost: 20000 Guard root: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 4 (1/4) enabled State: Forwarding Role: Designated Port id: 128.
5400_CLI.
5400_CLI.book Page 376 Wednesday, December 17, 2008 4:33 PM Spanning-tree guard root The spanning-tree guard root Interface Configuration mode command enables root guard on all spanning tree instances on the interface. Root guard restricts the interface to be the switch root port. Use the no form of this command to disable root guard on the interface. Syntax • spanning-tree guard root • no spanning-tree guard root Default Configuration Root guard is disabled.
5400_CLI.book Page 377 Wednesday, December 17, 2008 4:33 PM SSH Commands ip ssh port The ip ssh port Global Configuration mode command specifies the port to be used by the SSH server. Use the no form of this command to use the default port. Syntax • ip ssh port port-number • no ip ssh port • port-number — Port number for use by the SSH server. (Range: 1 - 65535) Default Configuration The default value is 22. Command Mode Global Configuration mode.
5400_CLI.book Page 378 Wednesday, December 17, 2008 4:33 PM Default Configuration SSH is enabled. Command Mode Global Configuration mode. User Guidelines • If encryption keys are not generated, the SSH server is in standby until the keys are generated. To generate SSH server keys, use the commands crypto key generate rsa, and crypto key generate dsa. Example The following example enables the device to be configured from a SSH server.
5400_CLI.book Page 379 Wednesday, December 17, 2008 4:33 PM crypto key generate rsa The crypto key generate rsa Global Configuration mode command generates RSA key pairs. Syntax • crypto key generate rsa Default Configuration RSA key pairs do not exist. Command Mode Global Configuration mode. User Guidelines • RSA keys are generated in pairs: one public RSA key and one private RSA key. If the device already has RSA keys, a warning and prompt to replace the existing keys with new keys is displayed.
5400_CLI.book Page 380 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example enables public key authentication for incoming SSH sessions. Console (config)# ip ssh pubkey-auth crypto key pubkey-chain ssh The crypto key pubkey-chain ssh Global Configuration mode command enters SSH Public Key-chain Configuration mode. The mode is used to manually specify other device public keys such as SSH client public keys.
5400_CLI.book Page 381 Wednesday, December 17, 2008 4:33 PM Syntax • user-key username {rsa | dsa} • no user-key username • username — Specifies the remote SSH client username, which can be up to 48 characters long. • rsa — RSA key. • dsa — DSA key. Default Configuration By default, there are no keys. Command Mode SSH Public Key Chain Configuration mode. User Guidelines • Follow this command with the key-string command to specify the key.
5400_CLI.book Page 382 Wednesday, December 17, 2008 4:33 PM Command Mode SSH Public Key-string Configuration mode. User Guidelines • Use the key-string row command to specify the SSH public key row by row. Each row must begin with the key-string row command. This command is useful for configuration files. • UU-encoded DER format is the same format in authorized_keys file used by OpenSSH. Example The following example enters public key strings for SSH public key clients called ’bob’.
5400_CLI.book Page 383 Wednesday, December 17, 2008 4:33 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the SSH server configuration. Console# show ip ssh SSH server enabled. Port: 22 RSA key was generated. DSA (DSS) key was generated. SSH Public Key Authentication is enabled. Active incoming sessions: IP address SSH username ---------172.
5400_CLI.book Page 384 Wednesday, December 17, 2008 4:33 PM show crypto key mypubkey The show crypto key mypubkey Privileged EXEC mode command displays the SSH public keys on the device. Syntax • show crypto key mypubkey [rsa | dsa] • rsa — RSA key. • dsa — DSA key. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 385 Wednesday, December 17, 2008 4:33 PM show crypto key pubkey-chain ssh The show crypto key pubkey-chain ssh Privileged EXEC mode command displays SSH public keys stored on the device. Syntax • show crypto key pubkey-chain ssh [username username] [fingerprint bubble-babble | hex] • username — Specifies the remote SSH client username. • bubble-babble — Fingerprints in Bubble Babble format. • hex — Fingerprint in Hex format.
5400_CLI.
5400_CLI.book Page 387 Wednesday, December 17, 2008 4:33 PM Syslog Commands logging on The logging on Global Configuration mode command controls error messages logging. This command sends debug or error messages to a logging process, which logs messages to designated locations asynchronously to the process that generated the messages. Use the no form of this command to disable the logging process. Syntax • logging on • no logging on Default Configuration Logging is enabled.
5400_CLI.book Page 388 Wednesday, December 17, 2008 4:33 PM Syntax • logging {ip4-address | ip6-address |hostname} [port port] [severity level] [facility facility] [description text] • no logging {ip4-address | ip6-address | hostname} • ip4-address — Host IPv4 address to be used as a syslog server. • ip6-address — Host IPv6 address to be used as a syslog server. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified.
5400_CLI.book Page 389 Wednesday, December 17, 2008 4:33 PM Example The following example limits logged messages sent to the syslog server with IP address 10.1.1.1 to severity level critical. Console (config)# logging 10.1.1.1 severity critical logging console The logging console Global Configuration mode command limits messages logged to the console based on severity. Use the no form of this command to disable logging to the console terminal.
5400_CLI.book Page 390 Wednesday, December 17, 2008 4:33 PM Default Configuration The default level is informational. Command Mode Global Configuration mode. User Guidelines • All the syslog messages are logged to the internal buffer. This command limits the commands displayed to the user. Example The following example limits syslog messages displayed from an internal buffer based on the severity level "debugging".
5400_CLI.book Page 391 Wednesday, December 17, 2008 4:33 PM clear logging The clear logging Privileged EXEC mode command clears messages from the internal logging buffer. Syntax • clear logging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example clears messages from the internal syslog message logging buffer.
5400_CLI.book Page 392 Wednesday, December 17, 2008 4:33 PM Example The following example limits syslog messages sent to the logging file based on the severity level ’alerts’. Console (config)# logging file alerts clear logging file The clear logging file Privileged EXEC mode command clears messages from the logging file. Syntax • clear logging file Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
5400_CLI.book Page 393 Wednesday, December 17, 2008 4:33 PM Command Mode Global Configuration mode. User Guidelines • Other types of AAA events are not subject to this command. Example The following examplee nables logging messages related to AAA login events. Console(config)# aaa logging login file-system logging The file-system logging Global Configuration mode command controls logging file system events. To disable logging use the no form of the command.
5400_CLI.book Page 394 Wednesday, December 17, 2008 4:33 PM management logging The management logging Global Configuration mode command controls logging of management access lists events. To disable logging use the no form of the command. Syntax • management logging deny • no management logging deny • deny — Log messages related to management ACLs deny actions. Default Configuration Logging of management access lists events enabled. Command Mode Global Configuration mode.
5400_CLI.book Page 395 Wednesday, December 17, 2008 4:33 PM Example The following example displays the show logging settings. Console# show logging Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max. File logging: level notifications. File Messages: 0 Dropped (severity). Syslog server 192.180.2.27 logging: errors. Messages: 6 Dropped (severity). Syslog server 192.180.2.28 logging: errors.
5400_CLI.
5400_CLI.book Page 397 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example displays the show logging file settings. Console# show logging file Logging is enabled. Console logging: level debugging. Console Messages: 0 Dropped (severity). Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max. File logging: level notifications. File Messages: 0 Dropped (severity). Syslog server 192.180.2.27 logging: errors.
5400_CLI.
5400_CLI.book Page 399 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example displays the syslog server settings. Console# show syslog-servers IP address Port Severity Facility Description ------------- ---- -------- -------- ----------- 192.180.2.275 14 Informational local 7 192.180.2.
5400_CLI.
5400_CLI.book Page 401 Wednesday, December 17, 2008 4:33 PM System Management ping The ping User EXEC mode command sends ICMP echo request packets to another node on the network. Syntax • ping ip-address | hostname [size packet_size] [count packet_count] [timeout time_out] • ping ipv6 {ipv6-address | hostname} [size packet_size] [count packet_count] [timeout time_out] • ipv6 — IPv6 checks the network connectivity. • ip4-address — Destination host IPv4 address.
5400_CLI.book Page 402 Wednesday, December 17, 2008 4:33 PM User Guidelines Press Esc to stop pinging. Following are sample results of the ping command: • Destination (host/network) unreachable — The gateway for this destination indicates an unreachable destination. • Destination does not respond — If the host does not respond, a “no answer from host” appears in ten seconds.
5400_CLI.book Page 403 Wednesday, December 17, 2008 4:33 PM The following example displays an address 180.50.1.1 which does not have connectivity. Console# ping 180.50.1.1 Pinging 180.50.1.1 with 56 bytes of data: PING: net-unreachable PING: net-unreachable PING: net-unreachable traceroute The traceroute User EXEC mode command discovers the routes that packets will actually take when traveling to their destination.
5400_CLI.book Page 404 Wednesday, December 17, 2008 4:33 PM count packet_count — The default count is 3. timeout time_out — The default is 6 seconds. Command Mode User EXEC mode. User Guidelines • The traceroute command works by taking advantage of the error messages generated by a device when a datagram exceeds its time-to-live (TTL) value. • The traceroute command starts by sending probe datagrams with a TTL value of one.
5400_CLI.book Page 405 Wednesday, December 17, 2008 4:33 PM The following table describes the significant fields shown in the display Field Description 1 Indicates the sequence number of the router in the path to the host. i2-gateway.stanford.edu Host name of this device. 192.68.191.83 IP address of this device. 1 msec 1 msec 1 msec Round-trip time for each of the probes that are sent. The following table describes the characters that can appear in the traceroute command output.
5400_CLI.book Page 406 Wednesday, December 17, 2008 4:33 PM User Guidelines • The Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating system-specific functions. To issue a special Telnet command, enter Esc and then a command character.
5400_CLI.book Page 407 Wednesday, December 17, 2008 4:33 PM Keywords Table Options Description /echo Enables local echo /quiet Prevents onscreen display of all messages from the software. /source-interface Specifies the source interface. /stream Turns on stream processing, which enables a raw TCP stream with no Telnet control sequences.
5400_CLI.
5400_CLI.book Page 409 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Examples The following command switches to another open Telnet session. Console> resume 176.213.10.50 reload The reload Privileged EXEC mode command reloads the operating system. Syntax • reload Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
5400_CLI.book Page 410 Wednesday, December 17, 2008 4:33 PM Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example specifies the device host name. Console (config)# hostname Dell service cpu-utilization The service cpu-utilization Global Configuration mode command allows the software to measure CPU utilization.
5400_CLI.book Page 411 Wednesday, December 17, 2008 4:33 PM show cpu utilization The show cpu utilization privileged EXEC mode command displays information about CPU utilization. Syntax • show cpu utilization Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • Use the service cpu-utilization Global Configuration mode command to enable measuring CPU utilization. Example The following example displays the cpu utilization.
5400_CLI.book Page 412 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example Console> show users Username Protocol Location Bob Serial John SSH 172.16.0.1 Robert HTTP 172.16.0.8 Betty Telnet 172.16.1.7 show sessions The show sessions User EXEC mode command lists the open Telnet sessions. Syntax • show sessions This command has no arguments or keywords. Default Configuration There is no default configuration for this command.
5400_CLI.book Page 413 Wednesday, December 17, 2008 4:33 PM Examples The following table describes the significant fields shown in the display: Console> show sessions Connecti on Host -------- Address Port Byte -------------- -------- ----- ---- 1 Remote device 172.16.1.1 23 89 2 172.16.1.2 172.16.1.2 23 8 Field Description Connection Connection number Host Remote host to which the device is connected through a Telnet session. Address IP address of the remote host.
5400_CLI.book Page 414 Wednesday, December 17, 2008 4:33 PM Example The following example displays the system information. console> show system System Description: Kenan 24 System Up Time (days,hour:min:sec): 00,05:19:48 System Contact: System Name: RS1 System location: System MAC Address: 00:00:b0:00:00:00 Sys Object ID: 1.3.6.1.4.1.674.10895.
5400_CLI.book Page 415 Wednesday, December 17, 2008 4:33 PM User Guidelines • Only after reboot is the command implemented. During reboot the startup-config is deleted. It is highly recommended to backup the startup-config before executing this command. Example The following example enables support for ACLs and DVA. Console# set system dva show system mode The show system mode User EXEC mode command displays information on features control.
5400_CLI.book Page 416 Wednesday, December 17, 2008 4:33 PM Syntax • show version Default Configuration This command has no default configuration. Command Mode User EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays a system version (this version number is only for demonstration purposes). Console# show version SW version 1.0.0.1 ( date Jun 26 2008 time 19:08:13 ) Boot version HW version ( date time ) 1.0.
5400_CLI.book Page 417 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example specifies the device asset tag as "1qwepot". Console (config)# asset-tag 1qwepot show system id The show system id User EXEC mode command displays the ID information. Syntax • show system id Default Configuration This command has no default configuration. Command Mode User EXEC mode.
5400_CLI.
5400_CLI.book Page 419 Wednesday, December 17, 2008 4:33 PM TACACS Commands tacacs-server host The tacacs-server host Global Configuration mode command specifies a TACACS+ host. Use the no form of this command to delete the specified name or address.
5400_CLI.book Page 420 Wednesday, December 17, 2008 4:33 PM User Guidelines • Multiple tacacs-server host commands can be used to specify multiple hosts. • If no host-specific timeout, key or source values are specified, the global values apply to each host. Example The following example specifies a TACACS+ host. Console (config)# tacacs-server host 172.16.1.
5400_CLI.book Page 421 Wednesday, December 17, 2008 4:33 PM Syntax • tacacs-server timeout timeout • no tacacs-server timeout • timeout — Specifies the timeout value in seconds. (Range: 1 - 30) Default Configuration 5 seconds. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Examples The following example sets the timeout value as 30.
5400_CLI.book Page 422 Wednesday, December 17, 2008 4:33 PM Examples The following example specifies the source IP address. Console (config)# tacacs-server source-ip 172.16.8.1 show tacacs The show tacacs Privileged EXEC mode command displays configuration and statistics for a TACACS+ server. Syntax • show tacacs [ip-address] ip-address — Host name or IP address of the host. • Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
5400_CLI.book Page 423 Wednesday, December 17, 2008 4:33 PM TIC Commands passwords min-length The passwords min-length Global Configuration mode command configures the minimal length required for passwords in the local database. Use the no form of this command to remove a requirement. Syntax • passwords min-length length • no passwords min-length • length — The minimal length required for passwords. Default Configuration This command has no default configuration.
5400_CLI.book Page 424 Wednesday, December 17, 2008 4:33 PM password-aging The password-aging Line Configuration mode command configures the aging time of line passwords. To disable password expiration time use the no form of this command. Syntax • password-aging days • no password-aging days — The number of days before a password change is forced. (Range: 1-365) • Default Configuration Password aging is disabled. Command Mode Line Configuration mode.
5400_CLI.book Page 425 Wednesday, December 17, 2008 4:33 PM Default Configuration Password aging is disabled. Command Mode Global Configuration mode. User Guidelines • The aging time is calculated from the day the password was defined, and not from the day the aging was defined. • After a password expires a user can login for another 3 times. • 10 days before expiration a syslog message is generated.
5400_CLI.book Page 426 Wednesday, December 17, 2008 4:33 PM Example The following example configures the required number of password changes before a password can be reused to 3. Console (config)#passwords history 3 passwords history hold-time The passwords history hold-time Global Configuration mode command configures the duration that a password is relevant for tracking passwords history. To return to default use the no form of this command.
5400_CLI.book Page 427 Wednesday, December 17, 2008 4:33 PM Syntax • passwords lockout number • no passwords lockout • number — The number of authentication failures before the user account is locked-out. (Range: 1-5). Default Configuration Lockout is disabled. Command Mode Global Configuration mode. User Guidelines • The setting is relevant to local users passwords, line passwords and enable passwords. • The account is not locked out for access from local console.
5400_CLI.book Page 428 Wednesday, December 17, 2008 4:33 PM User Guidelines • The login history is still kept in the device internal buffer. Example The following example enables writing to login history file. Console (config)# aaa login-history file set username active The set username active Privileged EXEC mode command reactivates a locked out user account. Syntax • set username name active name — The user name.
5400_CLI.book Page 429 Wednesday, December 17, 2008 4:33 PM Command Mode Privileged EXEC mode. Example The following example reactivates a locked out telnet line. Console# set line telnet active set enable-password active The set enable-password active Privileged EXEC mode command reactivates a locked out local password. Syntax • set enable-password level active • level — The level for which the password applies. (Range 1 - 15) Default Configuration This command has no default configuration.
5400_CLI.book Page 430 Wednesday, December 17, 2008 4:33 PM Example The following example displays information about password management in the local database.
5400_CLI.book Page 431 Wednesday, December 17, 2008 4:33 PM Lockout If lockout control is enabled, it specifies how many times a user has failed to enter the correct password since the last successful login. If the password is locked out it specifies “LOCKOUT”. Line Configuration and status for specific line password. show users login-history The show users login-history Privileged EXEC mode command displays information about the login history of users.
5400_CLI.
5400_CLI.book Page 433 Wednesday, December 17, 2008 4:33 PM Tunnel interface tunnel The interface tunnel Global Configuration mode command enters tunnel interface configuration mode. Syntax • interface tunnel number • number — Tunnel index. (Range: 1) Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 434 Wednesday, December 17, 2008 4:33 PM Syntax • tunnel mode ipv6ip {isatap} • no tunnel mode ipv6ip • isatap — Automatic IPv6 over IPv4 ISATAP tunnel is enabled. Default Configuration Disabled. Command Mode Interface Tunnel Configuration mode. User Guidelines • The system can be enabled to an ISATAP tunnel. When enabled, an automatic tunnel interface is created on each interface that is assigned with IPv4 address.
5400_CLI.book Page 435 Wednesday, December 17, 2008 4:33 PM User Guidelines • The ipv6 tunnel routers-dns command determines the string that the host uses for automatic tunnel router lookup in IPv4 DNS procedure. By default, the string ‘ISATAP’ is used for the corresponding automatic tunnel types. • Per tunnel only one string can represent the automatic tunnel router name. Using this command overwrites the existing entry.
5400_CLI.book Page 436 Wednesday, December 17, 2008 4:33 PM Example The following example sets the local (source) tunnel interface IPv4 address. Console (config)# interface tunnel 1 Console (config-tunnel)# tunnel source auto tunnel isatap query-interval The tunnel isatap query-interval Global Configuration mode command configures the interval between DNS Queries (before the IP address of the ISATAP router is known) for the automatic tunnel router domain name.
5400_CLI.book Page 437 Wednesday, December 17, 2008 4:33 PM Syntax • tunnel isatap solicitation-interval seconds • no tunnel isatap solicitation-interval • seconds — Specify the number of seconds between ISATAP router solicitations messages. (Range: 10 – 3600) Default Configuration 10 seconds. Command Mode Global Configuration mode. User Guidelines • This command determines the interval of Router Solicitation messages when there is no active ISATAP router.
5400_CLI.book Page 438 Wednesday, December 17, 2008 4:33 PM User Guidelines • The DNS query interval (after the IP address of the ISATAP router is known) is the TTL that is received from the DNS divided by (Robustness + 1). • The router solicitation interval (when there is an active ISATAP router) is the minimum-routerlifetime that is received from the ISATAP router divided by (Robustness + 1).
5400_CLI.book Page 439 Wednesday, December 17, 2008 4:33 PM Example The following example displays information on the ISATAP tunnel. Console> show ipv6 tunnel Router DNS name: ISATAP Router IPv4 address: 172.16.1.
5400_CLI.
5400_CLI.book Page 441 Wednesday, December 17, 2008 4:33 PM User Interface enable The enable User EXEC mode command enters the privileged EXEC mode. Syntax • enable [privilege-level] • privilege-level — Privilege level to enter the system. (Range: 1 - 15) Default Configuration The default privilege level is 15. Command Mode User EXEC mode. User Guidelines • There are no user guidelines for this command.
5400_CLI.book Page 442 Wednesday, December 17, 2008 4:33 PM Default Configuration The default privilege level is 1. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example shows how to return to normal mode. Console# disable Console> login The login User EXEC mode command changes a login username. Syntax • login Default Configuration This command has no default configuration. Command Mode User EXEC mode.
5400_CLI.book Page 443 Wednesday, December 17, 2008 4:33 PM configure The configure Privileged EXEC mode command enters the Global Configuration mode. Syntax • configure This command has no keywords or arguments. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example In the following example, because no keyword is entered, a prompt is displayed.
5400_CLI.book Page 444 Wednesday, December 17, 2008 4:33 PM Example The following example changes the configuration mode from Interface Configuration mode to User EXEC mode. Console(config-if)# exit Console(config)# exit Console# exit(EXEC) The exit User EXEC mode command closes an active terminal session by logging off the device. Syntax • exit Default Configuration This command has no default configuration. Command Mode User EXEC mode .
5400_CLI.book Page 445 Wednesday, December 17, 2008 4:33 PM Command Mode All Command modes. User Guidelines • There are no user guidelines for this command. Example The following example ends the current configuration session and returns to the previous command mode. Console (config)# end Console # help The help command displays a brief description of the help system. Syntax • help Default Configuration This command has no default configuration. Command Mode All Command modes.
5400_CLI.book Page 446 Wednesday, December 17, 2008 4:33 PM Command Mode Line Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example enables the command history function for telnet. Console (config)# line telnet Console (config-line)# history terminal datadump The terminal datadump EXEC mode command enables dumping of all the output from the show command without ’prompting’. Use the no form of this command to disable dumping.
5400_CLI.book Page 447 Wednesday, December 17, 2008 4:33 PM history size The history size Line Configuration mode command changes the command history buffer size for a particular line. Use the no form of this command to reset the command history buffer size to the default. Syntax • history size number-of-commands • no history size • number-of-commands — Number of commands that the system records in its history buffer. (Range: 10 - 256) Default Configuration The default history buffer size is 10.
5400_CLI.book Page 448 Wednesday, December 17, 2008 4:33 PM Example The following example enables the debug command interface. console(config)# console# debug >debug Enter DEBUG Password: ***** DEBUG> show history The show history User EXEC mode command lists the commands entered in the current session. Syntax • show history Default Configuration This command has no default configuration. Command Mode User EXEC command mode.
5400_CLI.book Page 449 Wednesday, December 17, 2008 4:33 PM show privilege The show privilege User EXEC mode command displays the current privilege level. Syntax • show privilege Default Configuration This command has no default configuration. Command Mode User EXEC command mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the current privilege level.
5400_CLI.book Page 450 Wednesday, December 17, 2008 4:33 PM Example The following example displays VLAN information.
5400_CLI.book Page 451 Wednesday, December 17, 2008 4:33 PM VLAN Commands vlan database The vlan database Global Configuration mode command enters the VLAN Database Configuration mode. Syntax • vlan database Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example enters the VLAN database mode.
5400_CLI.book Page 452 Wednesday, December 17, 2008 4:33 PM Default Configuration This command has no default configuration. Command Mode VLAN Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example VLAN number 1972 is created. Console (config)# vlan database Console (config-vlan)# vlan 1972 interface vlan The interface vlan Global Configuration mode command enters the Interface Configuration (VLAN) mode.
5400_CLI.book Page 453 Wednesday, December 17, 2008 4:33 PM interface range vlan The interface range vlan Global Configuration mode command enters the Interface Configuration mode to configure multiple VLANs. Syntax • interface range vlan {vlan-range | all} • vlan-range — A list of valid VLAN IDs to add. Separate non consecutive VLAN IDs with a comma and no spaces; a hyphen designates a range of IDs. • all — All existing static VLANs. Default Configuration This command has no default configuration.
5400_CLI.book Page 454 Wednesday, December 17, 2008 4:33 PM Command Mode Interface Configuration (VLAN) mode. User Guidelines • The VLAN name should be unique. Example The following example names VLAN number 19 with the name "Marketing". Console (config)# interface vlan 19 Console (config-if)# name Marketing switchport access vlan The switchport access vlan Interface Configuration mode command configures the VLAN ID when the interface is in access mode.
5400_CLI.book Page 455 Wednesday, December 17, 2008 4:33 PM switchport trunk allowed vlan The switchport trunk allowed vlan Interface Configuration mode command adds or removes VLANs, to or from a trunk port. Syntax • switchport trunk allowed vlan {add vlan-list | remove vlan-list} • add vlan-list — List of VLAN IDs to add. Separate non consecutive VLAN IDs with a comma and no spaces. A hyphen designates a range of IDs. • remove vlan-list — List of VLAN IDs to remove.
5400_CLI.book Page 456 Wednesday, December 17, 2008 4:33 PM Command Mode Interface Configuration (Ethernet, port-channel) mode. User Guidelines • This command has the following consequences: incoming untagged frames are assigned to this VLAN and outgoing traffic in this VLAN on this port is sent untagged (despite the normal situation where traffic sent from a trunk-mode port is all tagged). • The command adds the port as a member in the VLAN.
5400_CLI.book Page 457 Wednesday, December 17, 2008 4:33 PM User Guidelines • You can use this command to change the egress rule (e.g. from tagged to untagged), without first removing the VLAN from the list. Example The following example shows how to add VLANs 2, 5, and 6 to the allowed list.
5400_CLI.book Page 458 Wednesday, December 17, 2008 4:33 PM switchport general ingress-filtering disable The switchport general ingress-filtering disable Interface Configuration mode command disables port ingress filtering. Use the no form of this command to enable ingress filtering on a port. Syntax • switchport general ingress-filtering disable • no switchport general ingress-filtering disable Default Configuration Ingress filtering is enabled.
5400_CLI.book Page 459 Wednesday, December 17, 2008 4:33 PM User Guidelines • There are no user guidelines for this command. Example The following example configures g8 to discard untagged frames at ingress. Console (config)# interface ethernet g8 Console (config-if)# switchport general acceptable-frame-type tagged-only switchport forbidden vlan The switchport forbidden vlan Interface Configuration mode command forbids adding specific VLANs to a port.
5400_CLI.book Page 460 Wednesday, December 17, 2008 4:33 PM switchport mode Use the switchport mode Interface Configuration command to configure the VLAN membership mode of a port. Use the no form of this command to reset the mode to the appropriate default for the device. Syntax • switchport mode { access | trunk | general | customer } • no switchport mode • customer — The port is connected to customer equipment. Used when the switch is in a provider network.
5400_CLI.book Page 461 Wednesday, December 17, 2008 4:33 PM Default Configuration No VLAN is configured. Command Modes Interface Configuration (Ethernet, port-channel) mode. User Guidelines • There are no user guidelines for this command. Example The following example sets the port's VLAN when the interface is in customer mode.
5400_CLI.book Page 462 Wednesday, December 17, 2008 4:33 PM Example The following example maps protocol ip-arp to the group named "213". Console (config)# vlan database Console (config-vlan)# map protocol ip-arp protocols-group 213 switchport general map protocols-group vlan The switchport general map protocols-group vlan Interface Configuration mode command sets a protocol-based classification rule. Use the no form of this command to delete a classification.
5400_CLI.book Page 463 Wednesday, December 17, 2008 4:33 PM switchport protected The switchport protected Interface Configuration mode command overrides the FDB decision, and sends all the Unicast, Multicast and Broadcast traffic to an uplink port. Use the no form of this command to disable overriding the FDB decision. Syntax • switchport protected {ethernet port | port-channel port-channel-number } • no switchport protected • port — Specifies the uplink port (Ethernet port).
5400_CLI.book Page 464 Wednesday, December 17, 2008 4:33 PM Command Mode Interface Configuration (Ethernet, Port Channel) mode. User Guidelines • An internal usage VLAN is required when an IP interface is defined on Ethernet port or Port Channel. • Using this command the user can define the internal usage VLAN of a port. • If an internal-usage is not defined for a Port, and the user defines an IP interface, the software selects one of the unused VLANs.
5400_CLI.book Page 465 Wednesday, December 17, 2008 4:33 PM Example The following example displays all VLAN information.
5400_CLI.book Page 466 Wednesday, December 17, 2008 4:33 PM Example The following example displays all VLAN information. Console# show vlan internal usage Usage VLAN Reserved IP Address --------- --------- ---------- ---------- g21 1007 No Active g22 1008 Yes Inactive g23 1009 Yes Active show vlan protocols-groups The show vlan protocols-groups Privileged EXEC mode command displays protocols-groups information.
5400_CLI.book Page 467 Wednesday, December 17, 2008 4:33 PM Example The following example displays protocols-groups information. Console# show vlan protocols-groups Encapsulation Protocol Group Id ------------- -------- -------- ethernet 08 00 213 ethernet 08 06 213 ethernet 81 37 312 ethernet 81 38 312 rfc1042 08 00 213 rfc1042 08 06 213 show interfaces switchport The show interfaces switchport Privileged EXEC mode command displays switchport configuration.
5400_CLI.book Page 468 Wednesday, December 17, 2008 4:33 PM Example The following example displays switchport configuration individually for g1.
5400_CLI.book Page 469 Wednesday, December 17, 2008 4:33 PM Voice VLAN voice vlan id The voice vlan id Global Configuration mode command enables the Voice VLAN, and configures the Voice VALN id. Use the no form of this command to disable the Voice VALN. Syntax • voice vlan id vlan-id • no voice vlan id • vlan-id — Specify the Voice VLAN ID. Default Configuration Voice VLAN is not defined. Command Mode Global Configuration mode.
5400_CLI.book Page 470 Wednesday, December 17, 2008 4:33 PM Syntax • voice vlan oui-table {add mac-address-prefix [description text] | remove mac-address-prefix} • no voice vlan oui-table • mac-address-prefix — Specify the MAC address prefix to be entered to the list. • description text — An optional text that describes the OUI.
5400_CLI.book Page 471 Wednesday, December 17, 2008 4:33 PM voice vlan cos The voice vlan cos Global Configuration mode command sets the Voice VLAN Class Of Service. Use the no form of this command to return to default. Syntax • voice vlan cos cos [remark] • no voice vlan cos • cos — Specify the Voice VLAN Class Of Service. • remark — Specify that the L2 User Priority would be remarked. Default Configuration CoS: 6 Remarked Command Mode Global Configuration mode.
5400_CLI.book Page 472 Wednesday, December 17, 2008 4:33 PM Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example configures Voice vlan aging-timeout. Console (config)# voice vlan aging-timeout minutes voice vlan enable The voice vlan enable Interface Configuration mode command enables automatic Voice VLAN configuration for a port. Use the no form of this command to disable automatic Voice VLAN configuration.
5400_CLI.book Page 473 Wednesday, December 17, 2008 4:33 PM voice vlan secure Use the voice vlan secure Interface Configuration command to configure the secure mode for the Voice VLAN. Use the no form of this command to disable the secure mode. Syntax • voice vlan secure • no voice vlan secure Default Configuration Not secured. Command Mode Interface Configuration (Ethernet, port-channel) mode.
5400_CLI.book Page 474 Wednesday, December 17, 2008 4:33 PM Default Configuration OUI Description 0001e3 Siemens_AG_phone 00036b Cisco_phone 000fe2 H3C_Aolynk 0060b9 Philips_and_NEC_AG_ph one 00d01e Pingtel_phone 00e075 Polycom/Veritel_phone 00e0bb 3Com_phone Command Mode EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the Voice VLAN configuration.
5400_CLI.book Page 475 Wednesday, December 17, 2008 4:33 PM .
5400_CLI.
5400_CLI.book Page 477 Wednesday, December 17, 2008 4:33 PM Web Server ip http server The ip http server Global Configuration mode command enables the device to be configured from a browser. Use the no form of this command to disable this function. Syntax • ip http server • no ip http server Default Configuration HTTP server is disabled by default. Command Mode Global Configuration mode. User Guidelines • Only a user with access level 15 can use the web server.
5400_CLI.book Page 478 Wednesday, December 17, 2008 4:33 PM Default Configuration This default port number is 80. Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. However, specifying 0 as the port number will effectively disable HTTP access to the device. Example The following example shows how the http port number is configured to 100.
5400_CLI.book Page 479 Wednesday, December 17, 2008 4:33 PM Example The following example the interval the system waits for user input before automatically loging off to 3 minutes 30 seconds. Console (config)# ip http exec-timeout 3 30 ip https server The ip https server Global Configuration mode command enables the device to be configured from a secured browser. Use the no form of this command to disable this function.
5400_CLI.book Page 480 Wednesday, December 17, 2008 4:33 PM Command Mode Global Configuration mode. User Guidelines • There are no user guidelines for this command. Example The following example configures the https port number to 100. Console (config)# ip https port 100 ip https exec-timeout The ip https exec-timeout Global Configuration mode command sets the interval the system waits for user input before automatically loging off. Use the no form of this command to return to default.
5400_CLI.book Page 481 Wednesday, December 17, 2008 4:33 PM crypto certificate generate The crypto certificate generate Global Configuration mode command generates a HTTPS certificate. Syntax • crypto certificate [number] generate [key-generate [length]] [passphrase string] [cn common-name] [or organization] [loc location] [st state] [cu country] [duration days] • number — Specifies the certificate number. If unspecified, defaults to 1. (Range: 1 - 2) • key-generate — Regenerate SSL RSA key.
5400_CLI.book Page 482 Wednesday, December 17, 2008 4:33 PM Example The following example regenerates a HTTPS certificate. Console(config)# crypto certificate generate key-generate crypto certificate request The crypto certificate request Privileged EXEC mode command generates and displays certificate requests for HTTPS. Syntax • crypto certificate number request common- name [or organization] [loc location] [st state] [cu country] • number — Specifies the certificate number.
5400_CLI.book Page 483 Wednesday, December 17, 2008 4:33 PM Examples The following example generates and displays a certificate request for HTTPS.
5400_CLI.book Page 484 Wednesday, December 17, 2008 4:33 PM User Guidelines • Use this command to enter an external certificate (signed by Certification Authority) to the device. To end the session, enter a new line, enter "." (period) and add another new line. • The imported certificate must be based on a certificate request created by the crypto certificate request Privileged EXEC mode command.
5400_CLI.book Page 485 Wednesday, December 17, 2008 4:33 PM ip https certificate The ip https certificate Global Configuration mode command configures the active certificate for HTTPS. Use the no form of this command to return to default. Syntax • ip https certificate number • no ip https certificate • number — Specifies the certificate number. (Range: 1 - 2) Default Configuration Certificate number 1. Command Mode Global Configuration mode.
5400_CLI.book Page 486 Wednesday, December 17, 2008 4:33 PM Example The following example imports the certificate and RSA keys.
5400_CLI.book Page 487 Wednesday, December 17, 2008 4:33 PM show crypto certificate mycertificate The show crypto certificate mycertificate Privileged EXEC mode command allows you to view the SSL certificates of your device. Syntax • show crypto certificate mycertificate [number] • number — Specifies the certificate number. (Range: 1- 2) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode .
5400_CLI.book Page 488 Wednesday, December 17, 2008 4:33 PM show ip http The show ip http Privileged EXEC mode command displays the HTTP server configuration. Syntax • show ip http Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines • There are no user guidelines for this command. Example The following example displays the HTTP server configuration. Console# show ip http HTTP server enabled.
5400_CLI.book Page 489 Wednesday, December 17, 2008 4:33 PM Example The following example displays the HTTP server configuration. Console# show ip https HTTPS server enabled. Port: 443 Certificate 1 is active Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by: self-signed Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.
5400_CLI.
5400_CLI.book Page 491 Wednesday, December 17, 2008 4:33 PM 802.1x Commands aaa authentication dot1x The aaa authentication dot1x Global Configuration mode command specifies one or more authentication, authorization, and accounting (AAA) methods for use to authenticate interfaces running IEEE 802.1X. Use the no form of this command to return to default. Syntax • aaa authentication dot1x default method1 [method2...] • no aaa authentication dot1x default • method1 [method2...
5400_CLI.book Page 492 Wednesday, December 17, 2008 4:33 PM Examples The following example uses the aaa authentication dot1x default command with no authentication. Console (config)# aaa authentication dot1x default none dot1x system-auth-control The dot1x system-auth-control Global Configuration mode command enables 802.1x globally. Use the no form of this command to disable 802.1x globally.
5400_CLI.book Page 493 Wednesday, December 17, 2008 4:33 PM Syntax • dot1x port-control {auto | force-authorized | force-unauthorized} • no dot1x port-control • auto — Enable 802.1X authentication on the interface and cause the port to transition to the authorized or unauthorized state based on the 802.1X authentication exchange between the switch and the client. • force-authorized — Disable 802.
5400_CLI.book Page 494 Wednesday, December 17, 2008 4:33 PM Default Configuration Periodic re-authentication is disabled. Command Mode Interface Configuration (Ethernet) mode. User Guidelines • It is recommended to use re-authentication because if re-authentication is not defined, once a port is authenticated, it will remain in this state until the port is down or a log-off message is sent by client. Examples The following example enables periodic re-authentication of the client.
5400_CLI.book Page 495 Wednesday, December 17, 2008 4:33 PM dot1x re-authenticate The dot1x re-authenticate Privileged EXEC mode command manually initiates a re-authentication of all 802.1X-enabled ports or the specified 802.1X-enabled port. Syntax • dot1x re-authenticate [ethernet interface] • interface — Valid Ethernet port. (Full syntax: unit/port) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
5400_CLI.book Page 496 Wednesday, December 17, 2008 4:33 PM User Guidelines • During the quiet period, the switch does not accept or initiate any authentication requests. • The default value of this command should only be changed to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. • If it is necessary to provide a faster response time to the user, a smaller number than the default should be entered.
5400_CLI.book Page 497 Wednesday, December 17, 2008 4:33 PM Examples The following command sets the number of seconds that the switch waits for a response to an EAP request/identity frame, to 3600 seconds.
5400_CLI.book Page 498 Wednesday, December 17, 2008 4:33 PM dot1x timeout supp-timeout The dot1x timeout supp-timeout Interface Configuration mode command sets the time for the retransmission of an Extensible Authentication Protocol (EAP)-request frame to the client. Use the no form of this command to return to the default setting.
5400_CLI.book Page 499 Wednesday, December 17, 2008 4:33 PM Default Configuration 30 seconds for the retransmission of packets to authentication server. Command Mode Interface Configuration (Ethernet) mode. User Guidelines • There are no user guidelines for this command. Examples The following example sets the time for the retransmission of packets to the authentication server., to 3600 seconds.
5400_CLI.book Page 500 Wednesday, December 17, 2008 4:33 PM Examples Console(config-if)# dot1x send-async-request-id Console(config-if)# show dot1x The show dot1x Privileged EXEC mode command displays 802.1X status for the switch or for the specified interface. Syntax • show dot1x [ethernet interface] interface — The full syntax is: port. • Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
5400_CLI.
5400_CLI.book Page 502 Wednesday, December 17, 2008 4:33 PM Login Time How long the user is logged in. Last Authentication Time since last authentication. Mac address The supplicant MAC address. Authentication Method The authentication method used to establish the session. Termination Cause The reason for the session termination. show dot1x users The show dot1x users Privileged EXEC mode command displays 802.1X users for the switch.
5400_CLI.book Page 503 Wednesday, December 17, 2008 4:33 PM The following table describes the significant fields shown in the display. Field Description Username The User-Name representing the identity of the Supplicant. Login Time How long the user is logged in. Last Authentication Time since last authentication. Authentication Method The authentication method used to establish the session. Mac address The supplicant MAC address. Interface The interface that the user is using.
5400_CLI.book Page 504 Wednesday, December 17, 2008 4:33 PM Examples The following example displays 802.1X statistics for the specified interface. Switch# show dot1x statistics ethernet g1 EapolFramesRx: 11 EapolFramesTx: 12 EapolStartFramesRx: 1 EapolLogoffFramesRx: 1 EapolRespIdFramesRx: 3 EapolRespFramesRx: 6 EapolReqIdFramesTx: 3 EapolReqFramesTx: 6 InvalidEapolFramesRx: 0 EapLengthErrorFramesRx: 0 LastEapolFrameVersion: 1 LastEapolFrameSource: 0008.3b79.
5400_CLI.book Page 505 Wednesday, December 17, 2008 4:33 PM EapLengthErrorFramesRx The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid. LastEapolFrameVersion The protocol version number carried in the most recently received EAPOL frame. LastEapolFrameSource The source MAC address carried carried in the most recently received EAPOL frame.
5400_CLI.book Page 506 Wednesday, December 17, 2008 4:33 PM dot1x multiple-hosts The dot1x multiple-hosts Interface Configuration mode command allows multiple hosts (clients) on an 802.1X-authorized port with the dot1x port-control Interface Configuration mode command set to auto. Use the no form of this command to return to the default setting. Syntax • dot1x multiple-hosts • no dot1x multiple-hosts This command has no arguments or keywords. Default Configuration Multiple hosts are disabled.
5400_CLI.book Page 507 Wednesday, December 17, 2008 4:33 PM Syntax • dot1x single-host-violation {forward | discard | discard-shutdown} [trap seconds] • no port dot1x single-host-violation • forward — Forward frames with source addresses not the supplicant address, but do not learn the address. • discard — Discard frames with source addresses not the supplicant address. • discard-shutdown — Discard frames with source addresses not the supplicant address. The port is also shutdown.
5400_CLI.book Page 508 Wednesday, December 17, 2008 4:33 PM Command Mode Interface Configuration (VLAN) mode. User Guidelines • Use the dot1x guest-vlan enable Interface Configuration command to enable unauthorized users on an interface an access to the Guest VLAN. If the Guest VLAN is defined and enabled, the port automatically joins the Guest VLAN when the port is unauthorized, and leaves the Guest VLAN when the port becomes authorized.
5400_CLI.book Page 509 Wednesday, December 17, 2008 4:33 PM dot1x mac-authentication The dot1x mac-authentication Interface Configuration mode command enables authentication based on the station’s MAC address. Use the no form of this command to disable MAC authentication. Syntax • dot1x mac-authentication {mac-only | mac-and-802.1x} • no dot1x mac-authentication • mac-only — Enable authentication based on the station’s MAC address only. 802.1X frames are ignored. • mac-and-802.1x — Enable 802.
5400_CLI.book Page 510 Wednesday, December 17, 2008 4:33 PM Default Configuration This command has no default configuration. Command Mode Global configuration mode. User Guidelines • There are no user guidelines for this command. Example The following command enables sending traps when a MAC address was failed in authentication of the 802.1X MAC authentication access control.
5400_CLI.book Page 511 Wednesday, December 17, 2008 4:33 PM • After successful authentication the port remains member in the unauthenticated VLANs and in the Guest VLAN. Other static VLAN configuration is not applied on the port. • If the supplicant VLAN does not exist on the switch, the supplicant is rejected. Examples The following command enables user-based VLAN assignment.
5400_CLI.book Page 512 Wednesday, December 17, 2008 4:33 PM Examples The following example displays 802.1X advanced features for the switch.