User Manual
Table Of Contents
- Contents
- Introduction
- How to read the command reference
- How to use the commands
- Configuration
- Maintenance and operation functions
- 4.1 Passwords
- 4.2 User account maintenance
- 4.3 Configuration management
- 4.4 Manage boot information
- 4.5 Show unit information
- 4.6 Time management
- 4.7 Terminal settings
- 4.8 Management
- 4.9 SYSLOG
- 4.10 SNMP
- 4.10.1 Set host that receives SNMP notifications
- 4.10.2 Set notification type to transmit
- 4.10.3 Set system contact
- 4.10.4 Set system location
- 4.10.5 Set SNMP community
- 4.10.6 Set SNMP view
- 4.10.7 Set SNMP group
- 4.10.8 Set SNMP user
- 4.10.9 Show SNMP community information
- 4.10.10 Show SNMP view settings
- 4.10.11 Show SNMP group settings
- 4.10.12 Show SNMP user settings
- 4.11 RMON
- 4.11.1 Set RMON function
- 4.11.2 Set RMON Ethernet statistical information group
- 4.11.3 Set RMON history group
- 4.11.4 Set RMON event group
- 4.11.5 Set RMON alarm group
- 4.11.6 Show RMON function status
- 4.11.7 Show RMON Ethernet statistical information group status
- 4.11.8 Show RMON history group status
- 4.11.9 Show RMON event group status
- 4.11.10 Show RMON alarm group status
- 4.11.11 Clear counters of the RMON Ethernet statistical information group
- 4.12 Telnet server
- 4.13 Telnet client
- 4.14 TFTP server
- 4.15 HTTP server
- 4.15.1 Start HTTP server and change listening port number
- 4.15.2 Start secure HTTP server and change listening port number
- 4.15.3 Show HTTP server settings
- 4.15.4 Set hosts that can access the HTTP server
- 4.15.5 Restrict access to the HTTP server according to the IP address of the client
- 4.15.6 Web GUI display language
- 4.15.7 Set log-in timeout time for HTTP server
- 4.16 SSH server
- 4.16.1 Start SSH server and change listening port number
- 4.16.2 Show SSH server settings
- 4.16.3 Set host that can access the SSH server
- 4.16.4 Set client that can access the SSH server
- 4.16.5 Generate SSH server host key
- 4.16.6 Clear SSH server host key
- 4.16.7 Show SSH server public key
- 4.16.8 Set SSH client alive checking
- 4.17 SSH client
- 4.18 E-mail notification
- 4.18.1 SMTP e-mail server settings
- 4.18.2 SMTP e-mail server name settings
- 4.18.3 E-mail notification trigger settings
- 4.18.4 E-mail transmission template settings mode
- 4.18.5 E-mail transmission server ID settings
- 4.18.6 E-mail transmission source address setting
- 4.18.7 Destination e-mail address setting for e-mail transmission
- 4.18.8 Setting for subject used when sending e-mails
- 4.18.9 Wait time settings for e-mail transmission
- 4.18.10 E-mail settings when sending certificates
- 4.18.11 E-mail settings for certificate notification
- 4.18.12 Notification timing settings for expired certificates
- 4.18.13 Show e-mail transmission information
- 4.19 LLDP
- 4.19.1 Enable LLDP function
- 4.19.2 Set system description
- 4.19.3 Set system name
- 4.19.4 Create LLDP agent
- 4.19.5 Set automatic setting function by LLDP
- 4.19.6 Set LLDP transmission/reception mode
- 4.19.7 Set type of management address
- 4.19.8 Set basic management TLVs
- 4.19.9 Set IEEE-802.1 TLV
- 4.19.10 Set IEEE-802.3 TLV
- 4.19.11 Set LLDP-MED TLV
- 4.19.12 Set LLDP frame transmission interval
- 4.19.13 Set LLDP frame transmission interval for high speed transmission period
- 4.19.14 Set time from LLDP frame transmission stop until re-initialization
- 4.19.15 Set multiplier for calculating time to live (TTL) of device information
- 4.19.16 Set number of LLDP frames transmitted during the high speed transmission period
- 4.19.17 Set maximum number of connected devices manageable by a port
- 4.19.18 Global interface setting for LLDP function
- 4.19.19 Show interface status
- 4.19.20 Show information for connected devices of all interfaces
- 4.19.21 Clear LLDP frame counters
- 4.20 L2MS (Layer 2 management service) settings
- 4.21 Snapshot
- 4.22 Firmware update
- 4.23 Schedule
- 4.24 General maintenance and operation functions
- Interface control
- 5.1 Interface basic settings
- 5.1.1 Set description
- 5.1.2 Shutdown
- 5.1.3 Set speed and duplex mode
- 5.1.4 Set MRU
- 5.1.5 Set cross/straight automatic detection
- 5.1.6 Set EEE
- 5.1.7 Show EEE capabilities
- 5.1.8 Show EEE status
- 5.1.9 Set port mirroring
- 5.1.10 Show port mirroring status
- 5.1.11 Show interface status
- 5.1.12 Show brief interface status
- 5.1.13 Resetting an interface
- 5.1.14 Show frame counter
- 5.1.15 Clear frame counters
- 5.1.16 Show SFP+ module status
- 5.1.17 Set SFP+ module optical reception level monitoring
- 5.2 Link aggregation
- 5.2.1 Set static logical interface
- 5.2.2 Show static logical interface status
- 5.2.3 Set LACP logical interface
- 5.2.4 Show LACP logical interface status
- 5.2.5 Set LACP system priority order
- 5.2.6 Show LACP system priority
- 5.2.7 LACP different-speed link aggregation settings
- 5.2.8 Set LACP timeout
- 5.2.9 Clear LACP frame counters
- 5.2.10 Show LACP frame counter
- 5.2.11 Set load balance function rules
- 5.2.12 Show protocol status of LACP logical interface
- 5.2.13 Set LACP port priority order
- 5.3 Port authentication
- 5.3.1 Configuring the IEEE 802.1X authentication function for the entire system
- 5.3.2 Configuring the MAC authentication function for the entire system
- 5.3.3 Configuring the Web authentication function for the entire system
- 5.3.4 Set operation mode for the IEEE 802.1X authentication function
- 5.3.5 Set for forwarding control on an unauthenticated port for IEEE 802.1X authentication
- 5.3.6 Set the EAPOL packet transmission count
- 5.3.7 Set the MAC authentication function
- 5.3.8 Set MAC address format during MAC authentication
- 5.3.9 Set the Web authentication function
- 5.3.10 Set host mode
- 5.3.11 Set re-authentication
- 5.3.12 Set dynamic VLAN
- 5.3.13 Set the guest VLAN
- 5.3.14 Suppression period settings following failed authentication
- 5.3.15 Set reauthentication interval
- 5.3.16 Set the reply wait time for the RADIUS server overall
- 5.3.17 Set supplicant reply wait time
- 5.3.18 Set RADIUS server host
- 5.3.19 Set the reply wait time for each RADIUS server
- 5.3.20 Set number of times to resend requests to RADIUS server
- 5.3.21 Set RADIUS server shared password
- 5.3.22 Set time of RADIUS server usage prevention
- 5.3.23 Set NAS-Identifier attribute sent to RADIUS server
- 5.3.24 Show port authentication information
- 5.3.25 Show supplicant information
- 5.3.26 Show statistical information
- 5.3.27 Clear statistical information
- 5.3.28 Show RADIUS server setting information
- 5.3.29 Settings for redirect destination URL following successful Web authentication
- 5.3.30 Clear the authentication state
- 5.3.31 Setting the time for clearing the authentication state (system)
- 5.3.32 Setting the time for clearing the authentication state (interface)
- 5.3.33 Set EAP pass through
- 5.4 Port security
- 5.5 Error detection function
- 5.1 Interface basic settings
- Layer 2 functions
- 6.1 FDB (Forwarding Data Base)
- 6.2 VLAN
- 6.2.1 Move to VLAN mode
- 6.2.2 Set VLAN interface
- 6.2.3 Set private VLAN
- 6.2.4 Set secondary VLAN for primary VLAN
- 6.2.5 Set access port (untagged port)
- 6.2.6 Set associated VLAN of an access port (untagged port)
- 6.2.7 Set trunk port (tagged port)
- 6.2.8 Set associated VLAN for trunk port (tagged port)
- 6.2.9 Set native VLAN for trunk port (tagged port)
- 6.2.10 Set private VLAN port type
- 6.2.11 Set private VLAN host port
- 6.2.12 Set promiscuous port for private VLAN
- 6.2.13 Set voice VLAN
- 6.2.14 Set CoS value for voice VLAN
- 6.2.15 Set DSCP value for voice VLAN
- 6.2.16 Set multiple VALN group
- 6.2.17 Set name of multiple VLAN group
- 6.2.18 Show VLAN information
- 6.2.19 Show private VLAN information
- 6.2.20 Show multiple VLAN group setting information
- 6.3 STP (Spanning Tree Protocol)
- 6.3.1 Set spanning tree for the system
- 6.3.2 Set forward delay time
- 6.3.3 Set maximum aging time
- 6.3.4 Set bridge priority
- 6.3.5 Set spanning tree for an interface
- 6.3.6 Set spanning tree link type
- 6.3.7 Set interface BPDU filtering
- 6.3.8 Set interface BPDU guard
- 6.3.9 Set interface path cost
- 6.3.10 Set interface priority
- 6.3.11 Set edge port for interface
- 6.3.12 Show spanning tree status
- 6.3.13 Show spanning tree BPDU statistics
- 6.3.14 Clear protocol compatibility mode
- 6.3.15 Move to MST mode
- 6.3.16 Generate MST instance
- 6.3.17 Set VLAN for MST instance
- 6.3.18 Set priority of MST instance
- 6.3.19 Set MST region name
- 6.3.20 Set revision number of MST region
- 6.3.21 Set MST instance for interface
- 6.3.22 Set interface priority for MST instance
- 6.3.23 Set interface path cost for MST instance
- 6.3.24 Show MST region information
- 6.3.25 Show MSTP information
- 6.3.26 Show MST instance information
- 6.4 Loop detection
- Layer 3 functions
- IP multicast control
- 8.1 IP multicast basic settings
- 8.2 IGMP snooping
- 8.2.1 Set enable/disable IGMP snooping
- 8.2.2 Set IGMP snooping fast-leave
- 8.2.3 Set multicast router connection destination
- 8.2.4 Set query transmission function
- 8.2.5 Set IGMP query transmission interval
- 8.2.6 Set TTL value verification function for IGMP packets
- 8.2.7 Set IGMP version
- 8.2.8 Show multicast router connection port information
- 8.2.9 Show IGMP group membership information
- 8.2.10 Show an interface's IGMP-related information
- 8.2.11 Clear IGMP group membership entries
- 8.3 MLD snooping
- 8.3.1 Enable/disable MLD snooping
- 8.3.2 Set MLD snooping fast-leave
- 8.3.3 Set multicast router connection destination
- 8.3.4 Set query transmission function
- 8.3.5 Set MLD query transmission interval
- 8.3.6 Set MLD version
- 8.3.7 Show multicast router connection port information
- 8.3.8 Show MLD group membership information
- 8.3.9 Show an interface's MLD-related information
- 8.3.10 Clear MLD group membership entries
- Traffic control
- 9.1 ACL
- 9.1.1 Generate IPv4 access list
- 9.1.2 Add comment to IPv4 access list
- 9.1.3 Apply IPv4 access list
- 9.1.4 Generate IPv6 access list
- 9.1.5 Add comment to IPv6 access list
- 9.1.6 Apply IPv6 access list
- 9.1.7 Generate MAC access list
- 9.1.8 Add comment to MAC access list
- 9.1.9 Apply MAC access list
- 9.1.10 Show generated access list
- 9.1.11 Clear counters
- 9.1.12 Show access list applied to interface
- 9.1.13 Set VLAN access map and move to VLAN access map mode
- 9.1.14 Set access list for VLAN access map
- 9.1.15 Set VLAN access map filter
- 9.1.16 Show VLAN access map
- 9.1.17 Show VLAN access map filter
- 9.2 QoS (Quality of Service)
- 9.2.1 Enable/disable QoS
- 9.2.2 Set default CoS
- 9.2.3 Set trust mode
- 9.2.4 Show status of QoS function setting
- 9.2.5 Show QoS information for interface
- 9.2.6 Show egress queue usage ratio
- 9.2.7 Set CoS - egress queue ID conversion table
- 9.2.8 Set DSCP - egress queue ID conversion tabl
- 9.2.9 Set port priority order
- 9.2.10 Specify egress queue of frames transmitted from the switch itself
- 9.2.11 Generate class map (traffic category conditions)
- 9.2.12 Associate class map
- 9.2.13 Set traffic classification conditions (access-list)
- 9.2.14 Set traffic classification conditions (CoS)
- 9.2.15 Set traffic classification conditions (TOS precedence)
- 9.2.16 Set traffic classification conditions (DSCP)
- 9.2.17 Set traffic classification conditions (Ethernet Type)
- 9.2.18 13.2.22 Set traffic classification conditions (VLAN ID)
- 9.2.19 Set traffic classification conditions (VLAN ID range)
- 9.2.20 Show class map information
- 9.2.21 Generate policy map for received frames
- 9.2.22 Apply policy map for received frames
- 9.2.23 Set pre-marking (CoS)
- 9.2.24 Set pre-marking (TOS precedence)
- 9.2.25 Set pre-marking (DSCP)
- 9.2.26 Set individual policers (single rate)
- 9.2.27 Set individual policers (twin rate)
- 9.2.28 Set remarking of individual policers
- 9.2.29 Generate aggregate policer
- 9.2.30 Set aggregate policer (single rate)
- 9.2.31 Set aggregate policer (twin rate)
- 9.2.32 Set remarking of aggregate policers
- 9.2.33 Show aggregate policers
- 9.2.34 Apply aggregate policer
- 9.2.35 Show metering counters
- 9.2.36 Clear metering counters
- 9.2.37 Set egress queue (CoS-Queue)
- 9.2.38 Set egress queue (DSCP-Queue)
- 9.2.39 Show policy map information
- 9.2.40 Show map status
- 9.2.41 Set egress queue scheduling
- 9.2.42 Set traffic shaping (individual port)
- 9.2.43 Set traffic-shaping (queue units)
- 9.3 Flow control
- 9.4 Storm control
- 9.1 ACL
- Application
- 10.1 Local RADIUS server
- 10.1.1 Local RADIUS server function settings
- 10.1.2 Set access interface
- 10.1.3 Generate a route certificate authority
- 10.1.4 RADIUS configuration mode
- 10.1.5 Authentication method settings
- 10.1.6 RADIUS client (NAS) settings
- 10.1.7 Authenticated user settings
- 10.1.8 Reauthentication interval setting
- 10.1.9 Apply setting data to local RADIUS server
- 10.1.10 Issuing a client certificate
- 10.1.11 Aborting the issue of a client certificate
- 10.1.12 Revoking client certificates
- 10.1.13 Exporting of client certificates (sending via e-mail)
- 10.1.14 Show RADIUS client (NAS) status
- 10.1.15 Show authenticated user information
- 10.1.16 Client certificate issuance status display
- 10.1.17 Client certificate list display
- 10.1.18 Revoked client certificate list display
- 10.1 Local RADIUS server
- Index
10.1.12 Revoking client certificates
[Syntax]
certificate revoke user userid
certificate revoke id certificate-id
[Keyword]
user : Revoking client certificates for specified users
id : Revoking client certificates for specified client certificate IDs
[Parameter]
userid : User ID
(within 3–32 characters; cannot specify “DEFAULT”)
Authentication method Characters that can be inputted
EAP-MD5, EAP-TTLS, PEAP, PAP
Single-byte alphanumeric characters and
symbols other than the characters \ [ ] " ? and
spaces
EAP-TLS
Single-byte alphanumeric characters and
symbols other than the characters \ [ ] / : * | < >
" ? and spaces
certificate-id : Client certificate ID
Combination of “user ID” and “serial number”
[Input mode]
priviledged EXEC mode
[Description]
This revokes client certificates for specified users or client certificate IDs.
In the event that a client certificate is revoked, the authorization using that certificate will fail.
[Note]
Client certificate IDs (certificate-id) can be checked using the show radius-server local certificate list command.
[Example]
This revokes the client certificate for user ID “Taro”.
SWP2#certificate revoke user Taro
This revokes the client certificate for client certificate ID “Taro-DF598EE9B44D22CC”.
SWP2#certificate revoke id Taro-DF598EE9B44D22CC
10.1.13 Exporting of client certificates (sending via e-mail)
[Syntax]
certificate export mail all compress
certificate export mail user userid compress
[Keyword]
all : Send client certificates for all users via e-mail
user : Send client certificates for specified users via e-mail
compress : Compress into a ZIP file
[Parameter]
userid : User ID
(within 3–32 characters; cannot specify “DEFAULT”)
280 | Command Reference | Application