Reference Guide
Table Of Contents
- Table of Contents
- Preface
- 1: Using the Command-Line Interface
- 2: Stacking Commands
- 3: Management Commands
- Network Interface Commands
- Console Port Access Commands
- Telnet Commands
- Secure Shell Commands
- Management Security Commands
- Hypertext Transfer Protocol Commands
- ip http accounting exec, ip https accounting exec
- ip http authentication
- ip https authentication
- ip http server
- ip http secure-server
- ip http java
- ip http port
- ip http rest-api port
- ip http rest-api secure-port
- ip http session hard-timeout
- ip http session maxsessions
- ip http session soft-timeout
- ip http secure-session hard-timeout
- ip http secure-session maxsessions
- ip http secure-session soft-timeout
- ip http secure-port
- ip http secure-protocol
- show ip http
- Access Commands
- User Account Commands
- aaa authentication login
- aaa authentication enable
- aaa authorization
- authorization commands
- authorization exec
- authorization exec default
- show authorization methods
- enable authentication
- username (Global Config)
- username nopassword
- username unlock
- username snmpv3 accessmode
- username snmpv3 authentication
- username snmpv3 encryption
- username snmpv3 encryption encrypted
- show users
- show users long
- show users accounts
- show users login-history [long]
- show users login-history [username]
- login authentication
- password
- password (Line Configuration)
- password (User EXEC)
- password (aaa IAS User Config)
- enable password (Privileged EXEC)
- passwords min-length
- passwords history
- passwords aging
- passwords lock-out
- passwords strength-check
- passwords strength maximum consecutive-characters
- passwords strength maximum repeated-characters
- passwords strength minimum uppercase-letters
- passwords strength minimum lowercase-letters
- passwords strength minimum numeric-characters
- passwords strength minimum special-characters
- passwords strength minimum character-classes
- passwords strength exclude-keyword
- show passwords configuration
- show passwords result
- aaa ias-user username
- aaa session-id
- aaa accounting
- password (AAA IAS User Configuration)
- clear aaa ias-users
- show aaa ias-users
- accounting
- show accounting
- show accounting methods
- clear accounting statistics
- show domain-name
- SNMP Commands
- snmp-server
- snmp-server community
- snmp-server community-group
- snmp-server enable traps violation
- snmp-server enable traps
- snmp-server enable traps bgp
- snmp-server enable traps fip-snooping
- snmp-server port
- snmp trap link-status
- snmp trap link-status all
- snmp-server enable traps linkmode
- snmp-server enable traps multiusers
- snmp-server enable traps stpmode
- snmp-server engineID local
- snmp-server filter
- snmp-server group
- snmp-server host
- snmp-server user
- snmp-server view
- snmp-server v3-host
- snmptrap source-interface
- snmptrap ipaddr snmpversion
- snmptrap ip6addr snmpversion
- show snmp
- show snmp engineID
- show snmp filters
- show snmp group
- show snmp-server
- show snmp source-interface
- show snmp user
- show snmp views
- show trapflags
- RADIUS Commands
- aaa server radius dynamic-author
- auth-type
- authorization network radius
- clear radius dynamic-author statistics
- client
- debug aaa coa
- debug aaa pod
- ignore server-key
- ignore session-key
- port
- radius accounting mode
- radius server attribute 4
- radius server host
- radius server key
- radius server msgauth
- radius server primary
- radius server retransmit
- radius source-interface
- radius server timeout
- server-key
- show radius servers
- show radius
- show radius servers
- show radius accounting
- show radius accounting statistics
- show radius source-interface
- show radius statistics
- TACACS+ Commands
- Configuration Scripting Commands
- Prelogin Banner, System Prompt, and Host Name Commands
- 4: Utility Commands
- AutoInstall Commands
- CLI Output Filtering Commands
- Dual Image Commands
- System Information and Statistics Commands
- load-interval
- show arp switch
- show eventlog
- show hardware
- show version
- show platform vpd
- show interface
- show interfaces status
- show interfaces traffic
- show interface counters
- show interface ethernet
- show interface ethernet switchport
- show interface lag
- show fiber-ports optical-transceiver
- show fiber-ports optical-transceiver-info
- show mac-addr-table
- process cpu threshold
- show process app-list
- show process app-resource-list
- show process cpu
- show process proc-list
- show running-config
- show running-config interface
- show
- dir
- show sysinfo
- show tech-support
- length value
- terminal length
- show terminal length
- memory free low-watermark processor
- clear mac-addr-table
- Box Services Commands
- Logging Commands
- logging buffered
- logging buffered wrap
- logging cli-command
- logging console
- logging host
- logging host reconfigure
- logging host remove
- logging protocol
- logging syslog
- logging syslog port
- logging syslog source-interface
- show logging
- show logging buffered
- show logging hosts
- show logging persistent
- show logging traplogs
- clear logging buffered
- Email Alerting and Mail Server Commands
- logging email
- logging email urgent
- logging email message-type to-addr
- logging email from-addr
- logging email message-type subject
- logging email logtime
- logging traps
- logging email test message-type
- show logging email config
- show logging email statistics
- clear logging email statistics
- mail-server
- security
- port
- username (Mail Server Config)
- password
- show mail-server config
- System Utility and Clear Commands
- Power Over Ethernet Commands
- Simple Network Time Protocol Commands
- Time Zone Commands
- DHCP Server Commands
- ip dhcp pool
- client-identifier
- client-name
- default-router
- dns-server
- hardware-address
- host
- lease
- network (DHCP Pool Config)
- bootfile
- domain-name
- domain-name enable
- netbios-name-server
- netbios-node-type
- next-server
- option
- ip dhcp excluded-address
- ip dhcp ping packets
- service dhcp
- ip dhcp bootp automatic
- ip dhcp conflict logging
- clear ip dhcp binding
- clear ip dhcp server statistics
- clear ip dhcp conflict
- show ip dhcp binding
- show ip dhcp global configuration
- show ip dhcp pool configuration
- show ip dhcp server statistics
- show ip dhcp conflict
- DNS Client Commands
- IP Address Conflict Commands
- Serviceability Packet Tracing Commands
- capture file | remote | line
- capture remote port
- capture file size
- capture line wrap
- show capture packets
- cpu-traffic direction interface
- cpu-traffic direction match cust-filter
- cpu-traffic direction match srcip
- cpu-traffic direction match dstip
- cpu-traffic direction match tcp
- cpu-traffic direction match udp
- cpu-traffic mode
- cpu-traffic trace
- show cpu-traffic
- show cpu-traffic interface
- show cpu-traffic summary
- show cpu-traffic trace
- clear cpu-traffic
- exception protocol
- exception dump tftp-server
- exception dump nfs
- exception dump filepath
- exception core-file
- exception switch-chip-register
- exception dump ftp-server
- exception dump compression
- exception dump stack-ip-address protocol
- exception dump stack-ip-address add
- exception dump stack-ip-address remove
- show exception
- show exception core-dump-file
- show exception log
- logging persistent
- mbuf
- show mbuf
- show mbuf total
- show msg-queue
- Support Mode Commands
- Cable Test Command
- sFlow Commands
- Green Ethernet Commands
- Remote Monitoring Commands
- Statistics Application Commands
- 5: Switching Commands
- Port Configuration Commands
- Spanning Tree Protocol Commands
- spanning-tree
- spanning-tree auto-edge
- spanning-tree backbonefast
- spanning-tree bpdufilter
- spanning-tree bpdufilter default
- spanning-tree bpduflood
- spanning-tree bpduguard
- spanning-tree bpdumigrationcheck
- spanning-tree configuration name
- spanning-tree configuration revision
- spanning-tree cost
- spanning-tree edgeport
- spanning-tree forward-time
- spanning-tree guard
- spanning-tree max-age
- spanning-tree max-hops
- spanning-tree mode
- spanning-tree mst
- spanning-tree mst instance
- spanning-tree mst priority
- spanning-tree mst vlan
- spanning-tree port mode
- spanning-tree port mode all
- spanning-tree port-priority
- spanning-tree tcnguard
- spanning-tree transmit
- spanning-tree uplinkfast
- spanning-tree vlan
- spanning-tree vlan cost
- spanning-tree vlan forward-time
- spanning-tree vlan hello-time
- spanning-tree vlan max-age
- spanning-tree vlan root
- spanning-tree vlan port-priority
- spanning-tree vlan priority
- show spanning-tree
- show spanning-tree active
- show spanning-tree backbonefast
- show spanning-tree brief
- show spanning-tree interface
- show spanning-tree mst detailed
- show spanning-tree mst port detailed
- show spanning-tree mst port summary
- show spanning-tree mst port summary active
- show spanning-tree mst summary
- show spanning-tree summary
- show spanning-tree uplinkfast
- show spanning-tree vlan
- Loop Protection Commands
- VLAN Commands
- vlan database
- network mgmt_vlan
- vlan
- vlan acceptframe
- vlan ingressfilter
- vlan internal allocation
- vlan makestatic
- vlan name
- vlan participation
- vlan participation all
- vlan port acceptframe all
- vlan port ingressfilter all
- vlan port pvid all
- vlan port tagging all
- vlan protocol group
- vlan protocol group name
- vlan protocol group add protocol
- protocol group
- protocol vlan group
- protocol vlan group all
- show port protocol
- vlan pvid
- vlan tagging
- vlan association subnet
- vlan association mac
- remote-span
- show vlan
- show vlan internal usage
- show vlan brief
- show vlan port
- show vlan association subnet
- show vlan association mac
- Private VLAN Commands
- Switch Ports
- Voice VLAN Commands
- Provisioning (IEEE 802.1p) Commands
- Asymmetric Flow Control
- Protected Ports Commands
- GARP Commands
- GVRP Commands
- GMRP Commands
- Port-Based Network Access Control Commands
- aaa authentication dot1x default
- clear dot1x statistics
- clear dot1x authentication-history
- clear radius statistics
- dot1x eapolflood
- dot1x dynamic-vlan enable
- dot1x port-control
- dot1x port-control all
- dot1x system-auth-control
- dot1x system-auth-control monitor
- dot1x user
- authentication enable
- authentication order
- authentication priority
- authentication timer restart
- show authentication authentication-history
- show authentication interface
- show authentication methods
- show authentication statistics
- clear authentication statistics
- clear authentication authentication-history
- show dot1x
- show dot1x authentication-history
- show dot1x clients
- show dot1x users
- 802.1X Supplicant Commands
- Task-based Authorization
- Storm-Control Commands
- storm-control broadcast
- storm-control broadcast action
- storm-control broadcast level
- storm-control broadcast rate
- storm-control multicast
- storm-control multicast action
- storm-control multicast level
- storm-control multicast rate
- storm-control unicast
- storm-control unicast action
- storm-control unicast level
- storm-control unicast rate
- show storm-control
- Link Dependency Commands
- Port-Channel/LAG (802.3ad) Commands
- port-channel
- addport
- deleteport (Interface Config)
- deleteport (Global Config)
- lacp admin key
- lacp collector max-delay
- lacp actor admin key
- lacp actor admin state individual
- lacp actor admin state longtimeout
- lacp actor admin state passive
- lacp actor admin state
- lacp actor port priority
- lacp partner admin key
- lacp partner admin state individual
- lacp partner admin state longtimeout
- lacp partner admin state passive
- lacp partner port id
- lacp partner port priority
- lacp partner system id
- lacp partner system priority
- interface lag
- port-channel static
- port lacpmode
- port lacpmode enable all
- port lacptimeout (Interface Config)
- port lacptimeout (Global Config)
- port-channel adminmode
- port-channel linktrap
- port-channel load-balance
- port-channel min-links
- port-channel name
- port-channel system priority
- show hashdest
- show lacp actor
- show lacp partner
- show port-channel brief
- show port-channel
- show port-channel system priority
- show port-channel counters
- clear port-channel counters
- clear port-channel all counters
- Port Mirroring Commands
- Static MAC Filtering Commands
- DHCP L2 Relay Agent Commands
- dhcp l2relay
- dhcp l2relay circuit-id subscription
- dhcp l2relay circuit-id vlan
- dhcp l2relay remote-id subscription
- dhcp l2relay remote-id vlan
- dhcp l2relay vlan
- show dhcp l2relay all
- show dhcp l2relay circuit-id vlan
- show dhcp l2relay interface
- show dhcp l2relay remote-id vlan
- show dhcp l2relay stats interface
- show dhcp l2relay agent-option vlan
- show dhcp l2relay vlan
- clear dhcp l2relay statistics interface
- DHCP Client Commands
- DHCP Snooping Configuration Commands
- ip dhcp snooping
- ip dhcp snooping vlan
- ip dhcp snooping verify mac-address
- ip dhcp snooping database
- ip dhcp snooping database write-delay
- ip dhcp snooping binding
- ip dhcp filtering trust
- ip verify binding
- ip dhcp snooping limit
- ip dhcp snooping log-invalid
- ip dhcp snooping trust
- ip verify source
- show ip dhcp snooping
- show ip dhcp snooping binding
- show ip dhcp snooping database
- show ip dhcp snooping interfaces
- show ip dhcp snooping statistics
- clear ip dhcp snooping binding
- clear ip dhcp snooping statistics
- show ip verify source
- show ip verify interface
- show ip source binding
- IGMP Snooping Configuration Commands
- set igmp
- set igmp header-validation
- set igmp interfacemode
- set igmp fast-leave
- set igmp groupmembership-interval
- set igmp maxresponse
- set igmp mcrtrexpiretime
- set igmp mrouter
- set igmp mrouter interface
- set igmp report-suppression
- show igmpsnooping
- show igmpsnooping mrouter interface
- show igmpsnooping mrouter vlan
- show mac-address-table igmpsnooping
- IGMP Snooping Querier Commands
- MLD Snooping Commands
- set mld
- set mld interfacemode
- set mld fast-leave
- set mld groupmembership-interval
- set mld maxresponse
- set mld mcrtexpiretime
- set mld mrouter
- set mld mrouter interface
- show mldsnooping
- show mldsnooping mrouter interface
- show mldsnooping mrouter vlan
- show mldsnooping ssm entries
- show mac-address-table mldsnooping
- clear mldsnooping
- MLD Snooping Querier Commands
- Port Security Commands
- LLDP (802.1AB) Commands
- lldp transmit
- lldp receive
- lldp timers
- lldp transmit-tlv
- lldp transmit-mgmt
- lldp notification
- lldp notification-interval
- clear lldp statistics
- clear lldp remote-data
- show lldp
- show lldp interface
- show lldp statistics
- show lldp remote-device
- show lldp remote-device detail
- show lldp local-device
- show lldp local-device detail
- LLDP-MED Commands
- Denial of Service Commands
- dos-control all
- dos-control sipdip
- dos-control firstfrag
- dos-control tcpfrag
- dos-control tcpflag
- dos-control l4port
- dos-control smacdmac
- dos-control tcpport
- dos-control udpport
- dos-control tcpflagseq
- dos-control tcpoffset
- dos-control tcpsyn
- dos-control tcpsynfin
- dos-control tcpfinurgpsh
- dos-control icmpv4
- dos-control icmpv6
- dos-control icmpfrag
- show dos-control
- MAC Database Commands
- ISDP Commands
- Interface Error Disable and Auto Recovery
- UniDirectional Link Detection Commands
- 6: Routing Commands
- Address Resolution Protocol Commands
- IP Routing Commands
- routing
- ip routing
- ip address
- ip address dhcp
- ip default-gateway
- ip load-sharing
- ip route
- ip route default
- ip route distance
- ip route net-prototype
- ip netdirbcast
- ip mtu
- release dhcp
- renew dhcp
- renew dhcp network-port
- renew dhcp service-port
- encapsulation
- show dhcp lease
- show ip brief
- show ip interface
- show ip interface brief
- show ip load-sharing
- show ip protocols
- show ip route
- show ip route ecmp-groups
- show ip route hw-failure
- show ip route net-prototype
- show ip route summary
- clear ip route counters
- show ip route preferences
- show ip stats
- show routing heap summary
- Routing Policy Commands
- ip policy route-map
- ip prefix-list
- ip prefix-list description
- ipv6 prefix-list
- route-map
- match as-path
- match community
- match ip address
- match ip address access-list-number | access-list-name
- match ipv6 address
- match length
- match mac-list
- set as-path
- set comm-list delete
- set community
- set interface
- set ip next-hop
- set ip default next-hop
- set ip precedence
- set ipv6 next-hop (BGP)
- set local-preference
- set metric (BGP)
- show ip policy
- show ip prefix-list
- show ipv6 prefix-list
- show route-map
- clear ip prefix-list
- clear ipv6 prefix-list
- Virtual LAN Routing Commands
- DHCP and BOOTP Relay Commands
- IP Helper Commands
- Routing Information Protocol Commands
- router rip
- enable (RIP)
- ip rip
- auto-summary
- default-information originate (RIP)
- default-metric (RIP)
- distance rip
- distribute-list out (RIP)
- ip rip authentication
- ip rip receive version
- ip rip send version
- hostroutesaccept
- split-horizon
- redistribute (RIP)
- show ip rip
- show ip rip interface brief
- show ip rip interface
- 7: IPv6 Management Commands
- IPv6 Management Commands
- Loopback Interface Commands
- IPv6 Routing Commands
- DHCPv6 Snooping Configuration Commands
- 8: Quality of Service Commands
- Class of Service Commands
- classofservice dot1p-mapping
- classofservice ip-dscp-mapping
- classofservice ip-precedence-mapping
- classofservice trust
- cos-queue max-bandwidth
- cos-queue min-bandwidth
- cos-queue random-detect
- cos-queue strict
- random-detect
- random-detect exponential weighting-constant
- random-detect queue-parms
- traffic-shape
- show classofservice dot1p-mapping
- show classofservice ip-dscp-mapping
- show classofservice ip-precedence-mapping
- show classofservice packet-drop-count
- show classofservice trust
- show interfaces cos-queue
- show interfaces random-detect
- show interfaces tail-drop-threshold
- Differentiated Services Commands
- DiffServ Class Commands
- class-map
- class-map rename
- match ethertype
- match any
- match class-map
- match cos
- match secondary-cos
- match destination-address mac
- match dstip
- match dstip6
- match dstl4port
- match ip dscp
- match ip precedence
- match ip tos
- match ip6flowlbl
- match protocol
- match signature
- match srcip
- match srcip6
- match srcl4port
- match src port
- match vlan
- match secondary-vlan
- DiffServ Policy Commands
- DiffServ Service Commands
- DiffServ Show Commands
- MAC Access Control List Commands
- IP Access Control List Commands
- IPv6 Access Control List Commands
- Management Access Control and Administration List
- Time Range Commands for Time-Based ACLs
- Auto-Voice over IP Commands
- Class of Service Commands
- 9: Application Commands
- 10: 200 Series Log Messages
- Glossary
Table 14: ACL Command Parameters (continued)
Parameter Description
flag [+fin | -fin] [+syn | -syn] [+rst | -rst]
[+psh | -psh] [+ack | -ack] [+urg | -urg]
[established]
This option is available only if the protocol is tcp.
Specifies that the IP ACL rule matches on the TCP flags.
When +tcpflagname is specified, a match occurs if the specified
tcpflagname flag is set in the TCP header.
When -tcpflagname is specified, a match occurs if the specified
tcpflagname flag is not set in the TCP header.
When established is specified, a match occurs if the specified RST or
ACK bits are set in the TCP header. Two rules are installed in the
hardware when the established option is specified.
[icmp-type icmp-type [icmp-code
icmp-code] | icmp-message icmp-
message]
This option is available only if the protocol is icmp.
Specifies a match condition for ICMP (Internet Control Message
Protocol) packets.
When icmp-type is specified, the IP ACL rule matches on the
specified ICMP message type, a number from 0 to 255.
When icmp-code is specified, the IP ACL rule matches on the
specified ICMP message code, a number from 0 to 255.
Specifying icmp-message implies that both icmp-type and icmp-
code are specified. The following icmp-messages are supported: echo,
echo-reply, host-redirect, mobile-redirect, net-
redirect, net-unreachable, redirect, packet-too-big,
port-unreachable, source-quench, router-solicitation,
router-advertisement, time-exceeded, ttl-exceeded and
unreachable.
igmp-type igmp-type This option is available only if the protocol is igmp.
When igmp-type is specified, the IP ACL rule matches on the specified
IGMP (Internet Group Management Protocol) message type, a number
from 0 to 255.
fragments Specifies that the IP ACL rule matches on fragmented IP packets.
[log]
Specifies that this rule is to be logged.
[time-range time-range-name] Allows imposing time limitation on the ACL rule as defined by the
parameter time-range-name. If a time range with the specified name
does not exist and the ACL containing this ACL rule is applied to an
interface or bound to a VLAN, then the ACL rule is applied immediately.
If a time range with specified name exists and the ACL containing this
ACL rule is applied to an interface or bound to a VLAN, the ACL rule is
applied when the time-range with specified name becomes active. The
ACL rule is removed when the time-range with specified name becomes
inactive. For information about configuring time ranges, see Time Range
Commands for Time-Based ACLs on page 653.
[assign-queue queue-id] Specifies the assign-queue, which is the queue identifier to which
packets matching this rule are assigned.
[rate-limit rate burst-size] Specifies the allowed rate of trac as per the configured rate in kbps,
and burst-size in kbytes.
no access-list
This command deletes an IP ACL that is identified by the parameter accesslistnumber from the system.
The range for accesslistnumber 1-99 for standard access lists and 100-199 for extended access lists.
Quality of Service Commands
ExtremeSwitching 200 Series: Command Reference Guide for version 01 .02.04.0007 630