Switch 7700 Command reference Guide, v2.0
Table Of Contents
- About This Software Version
- Organization of the Manual
- Intended Readership
- Conventions
- Related Manuals
- Logging in Commands
- authentication-mode
- auto-execute command
- command-privilege level
- databits
- display history-command
- display user-interface
- display users
- flow-control
- free user-interface
- header
- history-command max-size
- idle-timeout
- lock
- modem
- modem auto-answer
- modem timer answer
- parity
- quit
- return
- screen-length
- send
- service-type telnet level
- set authentication password
- shell
- speed
- stopbits
- super
- super password
- sysname
- system-view
- telnet
- user-interface
- user privilege level
- Ethernet Port Configuration Commands
- Ethernet Port Link Aggregation Commands
- VLAN Configuration Commands
- GARP Configuration Commands
- GVRP Configuration Commands
- IP Address Configuration Commands
- ARP Configuration Commands
- DHCP Relay Configuration Commands
- IP Performance Configuration Commands
- Routing Table Display Commands
- Static Route Configuration Command
- RIP Configuration Commands
- OSPF Configuration Commands
- abr-summary
- area
- asbr-summary
- authentication-mode
- default cost
- default interval
- default limit
- default tag
- default type
- default-cost
- default-route-advertise
- display ospf abr-asbr
- display ospf asbr-summary
- display ospf brief
- display ospf cumulative
- display ospf error
- display ospf interface
- display ospf lsdb
- display ospf nexthop
- display ospf peer
- display ospf request-queue
- display ospf retrans-queue
- display ospf routing
- display ospf vlink
- filter-policy export
- filter-policy import
- import-route
- network
- nssa
- ospf
- ospf authentication-mode
- ospf cost
- ospf dr-priority
- ospf mtu-enable
- ospf network-type
- ospf timer dead
- ospf timer hello
- ospf timer poll
- ospf timer retransmit
- ospf trans-delay
- peer
- preference
- reset ospf all
- router id
- silent-interface
- spf-schedule-interval
- stub
- vlink-peer
- Integrated IS-IS Configuration Commands
- area-authentication- mode
- default-route-advertise
- display isis interface
- display isis lsdb
- display isis mesh-group
- display isis peer
- display isis route
- display isis spf-log
- domain-authentication- mode
- filter-policy export
- filter-policy import
- ignore-lsp-checksum- error
- import-route
- isis
- isis authentication-mode
- isis circuit-level
- isis cost
- isis dis-priority
- isis enable
- isis mesh-group
- isis timer csnp
- isis timer dead
- isis timer hello
- isis timer lsp
- isis timer retransmit
- is-level
- log-peer-change
- network-entity
- preference
- reset isis all
- reset isis peer
- set-overload
- silent-interface
- spf-delay-interval
- spf-slice-size
- summary
- timer lsp-max-age
- timer lsp-refresh
- timer spf
- BGP Configuration Commands
- aggregate
- bgp
- compare-different-as- med
- confederation id
- confederation nonstandard
- confederation peer-as
- dampening
- debugging bgp
- default local-preference
- default med
- display bgp group
- display bgp network
- display bgp paths
- display bgp peer
- display bgp routing-table
- display bgp routing-table as-path-acl
- display bgp routing-table cidr
- display bgp routing-table community
- display bgp routing-table community-list
- display bgp routing-table dampening
- display bgp routing-table different-origin-as
- display bgp routing-table flap-info
- display bgp routing-table peer
- display bgp routing-table regular-expression
- filter-policy export
- filter-policy import
- group
- import-route
- ip as-path acl
- ip community-list
- network
- peer advertise-community
- peer allow-as-loop
- peer as-number
- peer as-path-acl
- peer connect-interface
- peer default-route-advertise
- peer description
- peer ebgp-max-hop
- peer enable
- peer filter-policy
- peer group
- peer ip-prefix
- peer next-hop-local
- peer public-as-only
- peer reflect-client
- peer route-policy
- peer route-update-interval
- peer timer
- reflect between-clients
- reflect cluster-id
- reset bgp
- reset bgp flap-info
- reset bgp group
- reset dampening
- summary automatic
- timer
- IP Routing Policy Configuration Commands
- apply as-path
- apply community
- apply cost
- apply cost-type
- apply ip next-hop
- apply isis
- apply local-preference
- apply origin
- apply tag
- display ip ip-prefix
- display route-policy
- filter-policy export
- filter-policy import
- if-match { acl | ip-prefix }
- if-match as-path
- if-match community
- if-match cost
- if-match interface
- if-match ip next-hop
- if-match tag
- ip ip-prefix
- route-policy
- Route Capacity Configuration Commands
- GMRP Configuration Commands
- IGMP Snooping Configuration Commands
- Multicast Common Configuration Commands
- PIM Configuration Commands
- ACL Configuration Command List
- QoS Configuration Commands List
- display mirroring-group
- display priority-trust
- display qos cos-local-precedence- map
- display qos-interface queue-scheduler
- display qos-interface all
- display qos-interface traffic-bandwidth
- display qos-interface traffic-limit
- display qos-interface traffic-priority
- display qos-interface traffic-red
- display qos-interface traffic-statistic
- mirroring-group
- priority
- priority trust
- priority-trust
- qos cos-local-precedence- map
- queue-scheduler
- reset traffic-statistic
- traffic-bandwidth
- traffic-limit
- traffic-priority
- traffic-red
- traffic-statistic
- Logon user’s ACL Control Command
- RSTP Configuration Commands
- MSTP Configuration Commands
- active region-configuration
- check region-configuration
- display stp
- display stp region-configuration
- instance
- region-name
- reset stp
- revision-level
- stp
- stp bpdu-protection
- stp bridge-diameter
- stp bridge-priority
- stp edged-port
- stp instance cost
- stp instance port priority
- stp instance root primary
- stp instance root secondary
- stp interface
- stp interface edged-port
- stp interface instance cost
- stp interface instance port priority
- stp interface loop-protection
- stp interface mcheck
- stp interface point-to-point
- stp interface root-protection
- stp interface transit-limit
- stp loop-protection
- stp max-hops
- stp mcheck
- stp mode
- stp point-to-point
- stp region-configuration
- stp root-protection
- stp timer forward-delay
- stp timer hello
- stp timer max-age
- stp transit-limit
- vlan-mapping modulo
- 802.1x Configuration Commands
- AAA Configuration Commands
- RADIUS Protocol Configuration Commands
- data-flow-format
- display local-server statistics
- display radius
- display radius statistics
- display stop-accounting-buffer
- key
- local-server
- primary accounting
- primary authentication
- radius scheme
- reset stop-accounting-buffer
- retry
- retry realtime-accounting
- retry stop-accounting
- secondary accounting
- secondary authentication
- server-type
- state
- stop-accounting-buffer enable
- timer
- timer realtime-accounting
- user-name-format
- VRRP Configuration Commands
- HA Configuration Commands
- File System Management Commands
- Configuration File Management Commands
- FTP Server Configuration Commands
- FTP Client Commands
- TFTP Configuration Commands
- MAC Address Table Management Commands
- Device Management Commands
- Basic System Configuration and Management Commands
- System Status and System Information Display Commands
- System Debug Commands
- Network Connection Test Commands
- Log Commands
- display channel
- display info-center
- info-center console channel
- info-center enable
- info-center logbuffer
- info-center loghost
- info-center monitor channel
- info-center snmp channel
- info-center source
- info-center timestamp
- info-center trapbuffer
- rename channel
- reset logbuffer
- reset trapbuffer
- terminal debugging
- terminal logging
- terminal monitor
- terminal trapping
- SNMP Configuration Commands
- display snmp-agent community
- display snmp-agent
- display snmp-agent group
- display snmp-agent mib-view
- display snmp-agent statistics
- display snmp-agent sys-info contact
- display snmp-agent sys-info location
- display snmp-agent sys-info version
- display snmp-agent usm-user
- snmp-agent local-engineid
- snmp-agent community
- snmp-agent group
- snmp-agent mib-view
- snmp-agent packet max-size
- snmp-agent sys-info
- snmp-agent target-host
- snmp-agent trap enable
- snmp-agent trap life
- snmp-agent trap queue-size
- snmp-agent trap source
- snmp-agent usm-user
- undo snmp-agent
- RMON Configuration Commands
- NTP Configuration Commands
- debugging ntp-service
- display ntp-service sessions
- display ntp-service status
- display ntp-service trace
- ntp-service access
- ntp-service authentication enable
- ntp-service authentication-keyid
- ntp-service broadcast-client
- ntp-service broadcast-server
- ntp-service max-dynamic sessions
- ntp-service multicast-client
- ntp-service multicast-server
- ntp-service refclock-master
- ntp-service reliable authentication-keyid
- ntp-service source-interface
- ntp-service in-interface disable
- ntp-service unicast-peer
- ntp-service unicast-server
RADIUS Protocol Configuration Commands 377
Parameter
accounting: Configures to set/delete the authentication key for the RADIUS
accounting packet.
authentication: Configures to set/delete the encryption key for RADIUS
authentication/authorization packet.
string: Specifies the key with a character string not exceeding 16 characters,
excluding “/”, “: ”, “*”, “? ”, “<” and “>”. By default, the key is “3Com”.
Description
■ Use the key command to configure encryption key for RADIUS
authentication/authorization or accounting packet.
■ Use the undo key command to restore the default key.
RADIUS client (switch system) and RADIUS server use MD5 algorithm to hash the
exchanged packets. The two ends verify the packet through setting the key. Only
when the keys are identical can both ends accept the packets from each other and
give responses. So it is necessary to ensure that the keys set on the switch and the
RADIUS server are identical. If the authentication/authorization and accounting are
performed on two different servers with different keys, you should set two keys
respectively.
Related commands: primary accounting, primary authentication, radius
scheme
.
Example
Example 1:
Set the authentication/authorization key of the RADIUS server group to “hello”.
[SW7700-radius]key authentication hello
Example 2:
Set the accounting packet key of the RADIUS server group to “ok”.
[SW7700-radius]key accounting ok
local-server Syntax
local-server nas-ip ip-address key password
undo local-server nas-ip ip-address
View
System view
Parameter
nas-ip ip-address: set IP address of access server. ip-address is expressed in the
format of dotted decimal.
key password: Set password of logon user. password is a character string
containing up to 16 characters.