Dell PowerConnect 5548p Command Line Interface Guide
Contents
1. 2 2 0 468 spanning tree mst port priority 469 spanning tree mst cost 22 22 ee eee 470 spanning tree mst configuration 471 19 20 instance INSTA 472 mame MST cc cece eee eee eee eeee 473 revision INST cece cena eee 473 show MST cece aa 474 exit MSE Nee dE EEN EN EN Ne 475 abort MST 0 0 0 cc cece cece cece eee e eee 476 show spanning tree 0 2 0eee eee eee 476 show spanning tree bpdu n a 491 31 VLAN Commands 493 vian datahaeg 2 vu i inn e a 493 vlasne naan eA a a E OA 493 interface lan 494 interface range vlan 0 cece eee eee eens 495 TEE 496 switchport protected pont 497 switchport community 2 2022000ee 498 show interfaces protected ports 498 switchport sid Ree oes ae ee SE 499 switchport made 500 switchport access vlan s nuu esnenenanann nn 501 switchport access multicast tv vlan 502 switchport trunk allowed vlan 503 switchport trunk native lan 504 switchport general allowed vian 505 switchport general pd 506 switchport general ingress filtering disable 507 switchport general acceptable frame type 508 switchport customer lan 509 switchport general forbidden vlan 509 map protocol protocols group2. 510 switchport general map protocols group vian 511 private vlan EEN dE dey RAN 512 private vlan association 513 switchport private vlan mapping 514 switchport private vlan host association 515 show vlan private vlan 200eeeeeeeee 516 ip Internal usage vlan eee eee 516 Showvlan 0 ENEE KEREN NEEN eee d 518 show vlan multicast tv 0 cece ee eee eee eee 519 show vlan protocols groups 20 0 519 show vlan internal usage 520 show interfaces suwitchpnort ea 521 32 IGMP Snooping Commands 523 ip igmp snooping Global 523 ip igmp snooping van 523 ip igmp snooping mrouter 524 ip igmp snooping mrouter interface 525 ip igmp snooping forbidden mrouter interface 526 ip igmp snooping static 527 ip igmp snooping multicast tv 528 21 ip igmp snooping querier n 529 ip igmp snooping querier address 530 ip igmp robustness 0 00eee eee ee eee ee 531 ip igmp query interval naana 531 ip igmp query max response time 532 ip igmp last member query count 533 ip igmp last member query interval 534 ip igmp snooping vlan immediate leave 534 show ip igmp snooping mrouter 535 show ip igmp snooping interface 536 show ip
3. 2 2 055 224 show authentication method 225 password 22560545 eons etree cane ne Boge een 226 service password reCovery ssusssrunernnn 227 enable passwon cere eee 228 Username 229 show user accounts seeeeee eee e een e eee 230 aaa accounting login 231 aaa accounting dotix ccc cece eee eee eas 233 Show accounting cece cece e eens 235 passwords min length 2 20 20eeeee 235 passwords strength check enable 236 passwords strength minimum character classes 237 passwords strength max limit repeated characters 238 passwords agin 239 passwords history 2 2020eee eee eee ee 240 passwords history hold time 241 passwords lockout eee eee ee 242 aaa login history file 243 Set username active 00 c cece eee eee eens 243 set line active 244 set enable password active 245 show passwords configuration 246 show users login ston 247 15 RADIUS Commands 249 radius server huet 249 radius server ke 251 radius server retransmit ec cece eee eens 252 radius server Sourcen 253 radius server source ipv usses 254 radius server timeout uuaa 255 radius server deadtime 0 255 show radius servers 0ce eee e eee e eens 256 16 TACACS Commands 259 tacacs server host 0cc cece eee eee
4. Interval The interval in seconds over which the data is sampled and compared with the rising and falling thresholds Sample Type The method of sampling the variable and calculating the value compared against the thresholds If the value is absolute the variable value is compared directly with the thresholds at the end of the sampling interval If the value is delta the variable value at the last sample is subtracted from the current value and the difference is compared with the thresholds 288 RMON Commands Field Description Startup Alarm The alarm that may be sent when this entry is first set If the first sample is greater than or equal to the rising threshold and startup alarm is equal to rising or rising falling then a single rising alarm is generated If the first sample is less than or equal to the falling threshold and startup alarm is equal falling or rising falling then a single falling alarm is generated Rising Threshold The sampled statistic rising threshold When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval is less than this threshold a single event is generated Falling Threshold The sampled statistic falling threshold When the current sampled value is less than or equal to this threshold and the value at the last sampling interval is greater than this threshold a single event is generated Rising Event The event inde
5. 306 Reauth Period l 802 1x Commands Reauthentication period Field Description Username The username representing the supplicant identity This field shows the username if the port control is auto If the port is Authorized it displays the username of the current user If the port is Unauthorized it displays the last user authenticated successfully Quiet period The number of seconds that the device remains in the quiet state following a failed authentication exchange for example the client provided an invalid password Tx period The number of seconds that the device waits for a response to an Extensible Authentication Protocol EAP request identity frame from the client before resending the request The maximum number of times that the device sends an EAP request frame assuming that no response is received to the client before restarting the authentication process Supplicant timeout The number of seconds that the device waits for a response to an EAP request frame from the client before resending the request Server timeout The number of seconds that the device waits for a response from the authentication server before resending the request Session Time The amount of time HH MM SS that the user is logged in MAC address The supplicant MAC address Authentication Method The authentication method used to establish the session Terminatio
6. FAI LSE LACP Commands 545 show lacp port channel Use the show lacp port channel EXEC mode command to display LACP information for a port channel Syntax show lacp port channel port_channel_number j Parameters port_channel_number Spccifies the port channel number Command Mode EXEC mode Example The following example displays LACP information about port channel 1 Console gt show lacp port channel 1 Port Channel 1 Port Type 1000 Ethernet Actor System 1 Priority 000285 0E1C00 MAC Address 29 Admin Key 29 Oper Key Partner System 0 Priority 00 00 00 00 00 00 MAC Address 14 Oper Key 546 LACP Commands GVRP Commands gvrp enable Global Use the gvrp enable Global Configuration mode command to enable the Generic Attribute Registration Protocol GARP VLAN Registration Protocol GVRP globally Use the no form of this command to disable GVRP on the device Syntax gvrp enable no gvrp enable Default Configuration GVRP is globally disabled Command Mode Global Configuration mode Example The following example enables GVRP globally on the device Console config gvrp enable gvrp enable Interface Use the gvrp enable Interface Configuration Ethernet Port channel mode command to enable GVRP on an interface Use the no form of this command to disable GVRP on an interface GVRP Commands 547 Syntax gvrp enable no gvrp enable Default Configuration G
7. bold Session activated bold Enter commands at the prompt 2 When a user logs on to the system the following output is displayed Session activated Enter commands at the prompt banner login Use the banner login command in Global Configuration mode to specify and enable a message to be displayed before the username and password login prompts Use the no form of this command to delete the existing Login banner Syntax banner login d message text d no banner login Parameters e Delimiting character of your choice A pound sign for example You cannot use the delimiting character in the banner message User Interface Commands 55 e message text Message text The message must start on a new line You can enter multi line messages You can include tokens in the form of token in the message text Tokens are replaced with the corresponding configuration variable Tokens are described in the User Guidelines The message can contain up to 2000 characters after every 510 characters you must press lt Enter gt to continue Default Configuration Disabled no Login banner is displayed Command Mode Global Configuration mode User Guidelines Follow this command with one or more blank spaces and a delimiting character of your choice Then enter one or more lines of text terminating the message with the second occurrence of the delimiting character When a user connects to a device the message of t
8. Console config snmp server contact Technical_Support snmp server location Use the snmp server location Global Configuration mode command to configure the system location string Use the no form of this command to remove the location string Syntax snmp server location text no snmp server location Parameters text Specifies a string describing system location information Length 1 160 characters Command Mode Global Configuration mode Example The following example defines the device location as New_York Console config snmp server location New_York snmp server set Use the snmp server set Global Configuration mode command to define the SNMP MIB value SNMP Commands 175 Syntax snmp server set variable name name value name value2 Parameters e variable name Specifies the SNMP MIB variable name which must be a valid string e name value Specifies a list of name and value pairs Each name and value must be a valid string In the case of scalar MIBs there is only a single name value pair In the case of an entry in a table there is at least one name value pair followed by one or more fields Command Mode Global Configuration mode User Guidelines Although the CLI can set any required configuration there might be a situation where an SNMP user sets a MIB variable that does not have an equivalent command To generate configuration files that support those situations use the snmp s
9. Console config dhcp address 10 12 1 99 255 255 255 0 O1b7 0813 8811 66 address DHCP Network Use the address DHCP Pool Network Configuration mode command to configure the subnet number and mask for a Dynamic Host Configuration Protocol DHCP address pool on DHCP Server Use the no form of this command to remove the subnet number and mask Syntax address network number low low address high high address mask pretix length no address 660 DHCP Server Commands Parameters e network number Specifies the IP address of the DHCP address pool e mask Specifies the pool network mask e prefix length Specifies the number of bits that comprise the address prefix The prefix is an alternative way of specifying the client network mask The prefix length must be preceded by a forward slash e low ow address Specifies the first IP address to use in the address range e high high address Specifies the last IP address to use in the address range Default Configuration DHCP address pools are not configured If the low address is not specified it defaults to the first IP address in the network If the high address is not specified it defaults to the last IP address in the network Command Mode DHCP Pool Network Configuration mode Example The following example configures the subnet number and mask for a Dynamic Host Configuration Protocol DHCP address pool on DHCP Server Console config dhc
10. Default Configuration Disabled Command Mode Line Configuration mode Example console configure console config line console console config line exec banner console config line exit console config line telnet console config line exec banner console config line exit User Interface Commands 59 console config line ssh console config line exec banner login banner Use the login banner command in Line Configuration mode to enable the display of login banners Use the no form of this command to disable the display of login banners Syntax login banner no login banner Parameters This command has no arguments or keywords Default Configuration Enabled Command Mode Line Configuration mode Example console configure console config line console console config line login banner console config line exit console config line telnet console config line login banner console config line exit console config line ssh console config line login banner 60 User Interface Commands motd banner Use the motd banner command in Line Configuration mode to enable the display of message of the day banners Use the no form of this command to disable the display of MOTD banners Syntax motd banner no motd banner Parameters This command has no arguments or keywords Default Configuration Enabled Command Mode Line Configuration mod
11. Example The following example enables counting CPU traffic Console config service cpu counters show cpu counters The show cpu counters EXEC mode command displays traffic counter information to and from the CPU Syntax show cpu counters 88 System Management Commands Command Mode EXEC mode User Guidelines Use the service cpu counters command to enable traffic counting to and from the CPU Example The following example displays the CPU traffic counters Console show cpu counters CPU counters are activ In Octets 987891 In Unicast Packets 3589 In Multicast Packets 29 In Broadcast Packets 8 Out Octets 972181 Out Unicast Packets 3322 Out Multicast Packets 22 Out Broadcast Packets 8 show users The show users EXEC mode command displays information about the active users Syntax show users Command Mode EXEC mode System Management Commande 89 Example The following example displays information about the active users Console show users Username Protocol Bob Serial John SSH Robert HTTP Betty Telnet Sam show sessions Location 172 172 172 172 16 0 1 16 0 8 Z DEER The show sessions EXEC mode command displays open Telnet sessions Syntax show sessions Command Mode EXEC mode User Guidelines The command displays Telnet sessions to remote hosts opened by the current Telnet session to the local device It does not display Telnet ses
12. e ip list Specifies that a list of IP addresses immediately follows the option code sp address1 ip address2 Specifies a list of one or more IP addresses Command Mode DHCP Pool Host Configuration mode DHCP Pool Network Configuration mode User Guidelines DHCP provides a framework for passing configuration information to hosts on a TCP IP network Configuration parameters and other control information are carried in tagged data items that are stored in the DHCP message options field The data items themselves are also called options The DHCP Server Commandes 671 current set of DHCP options are documented in RFC 2131 Dynamic Host Configuration Protocol For options in hexadecimal format the string parameter should include all the bytes in the option value including leading zeros Examples The following example configures DHCP option 19 which specifies whether the client should configure its IP layer for packet forwarding A value of 0 means disable Ip forwarding A value of 1 means enable IP forwarding IP forwarding is enabled in the following example Console config dhcp option 19 hex 01 The following example configures DHCP option 2 which specifies the offset of the client s subnet in seconds from Coordinated Universal Time UTC A value of 0xE10 in the following example indicates a location hour east of the meridian Console config dhcp option 2 hex 00000E10 The following examp
13. Command Mode EXEC mode User Guidelines The command calculates the overloading status of the current LLDP configuration and not for the last LLDP packet that was sent Example Switch show lldp local tlvs overloading Ports with LLDP TLV overloading are gil 0 1 gil 0 9 Switch show lldp local tlvs overloading No LLDP TLV overloading Switch show lldp local tlvs overloading gil 0 1 TLVs Group Bytes Status Mandatory 31 Transmitted LLDP MED Capabilities g Transmitted LLDP MED Location 200 Transmitted 802 1 1360 Overloading Total 1600 bytes Left 100 bytes LLDP Commands 443 show dp local Use the show Ildp local Privileged EXEC mode command to display the Link Layer Discovery Protocol LLDP information that is advertised from a specific port Syntax show lldp local interface id Parameters Interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode Privileged EXEC mode Example The following examples display LLDP information that is advertised from gigabitethernet ports 1 0 1 and 1 0 2 Switch show lldp local gil 0 1 Device ID 0060 704C 73FF Port ID gil 0 1 Capabilities Bridge System Name ts 7800 1 System description Port description Management address 172 16 1 8 802 3 MAC PHY Configuration Status Auto negotiation support Supported Auto negotiation status Enabled Auto negotiation Advertised Capabilities 100BASE TX full duplex 1000BASE T full
14. Example The following example enables the PortFast mode on gigabitethernet port 1 0 15 Console config interface gigabitethernet 1 0 15 Console config if spanning tree portfast spanning tree link type Use the spanning tree link type Interface Configuration Ethernet port channel mode command to override the default link type setting determined by the port duplex mode and enable Rapid Spanning Tree Protocol RSTP transitions to the forwarding state Use the no form of this command to restore the default configuration Syntax spanning tree link type point to point shared no spanning tree spanning tree link type Parameters e point to point Specifies that the port link type is point to point Spanning Tree Commands 461 e shared Specifies that the port link type is shared Default Configuration The device derives the port link type from the duplex mode A full duplex port is considered a point to point link and a half duplex port is considered a shared link Command Mode Interface Configuration Ethernet port channel mode Example The following example enables shared spanning tree on gigabitethernet port 1 0 15 Console config interface gigabitethernet 1 0 15 Console config if spanning tree link type shared spanning tree pathcost method Use the spanning tree pathcost method Global Configuration mode command to set the default path cost method Use the no form of this command to
15. Network unreachable Protocol unreachable Source quench Fragment reassembly time exceeded Source route failed CIDO VU Z z 7 Port unreachable telnet The telnet EXEC mode command enables logging on to a host that supports Telnet Syntax telnet ip address hostname port keyword System Management Commande 77 Parameters e ip address Specifies the destination host IP address e hostname Spccifies the destination host name Length 1 160 characters Maximum label length 63 characters e port Specifies the decimal TCP port number or one of the keywords listed in the Ports table in the User Guidelines e keyword Specifies the one or more keywords listed in the Keywords table in the User Guidelines Default Configuration The default port is the Telnet port 23 on the host By default Telnet is enabled Command Mode EXEC mode User Guidelines Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating system specific functions To enter a Telnet sequence press the escape sequence keys Ctrl shift 6 followed by a Telnet command character Special Telnet Sequences Telnet Sequence Purpose Ctrl shift 6 b Break Ctrl shift 6 c Interrupt Process IP Ctrl shift 6 h Erase Character EC Ctrl shift 6 o0 Abort Output AO Ctrl shift 6 t Are You There AYT Ctrl shift 6 u
16. boot host auto config 143 boot host auto update 143 boot host den 144 boot host auto save cccceee cence eee eee ee 145 GU EE 145 ip dhcp tftp server ip adr 148 ip dhcp tftp serverfile 200ee ee 149 show ip dhcp Um sener 149 8 Management ACLCommands 151 management access list u un aeaa 151 permit Management 152 deny Management 153 management access clasS 0 eceeeeeeeee 155 show management access list 00005 155 show management access class 055 156 9 SNMP Commands x05 e Bes 159 SNMP SONVON EEN EEN SES ENEE NR ENNEN Nd 159 snmp server community ssns s nnne 159 SMMP SErver le 162 snmp server group 20 cece eee eee eee 163 SMMP SErver USEF 165 snmp server filter 167 snmp server hoer 168 snmp server enginelD local 171 snmp server enginelD remote 172 snmp server enable trans 173 snmp server trap authentication 174 snmp server Contact 174 snmp server location 175 snmp server sei 175 GUTE EE 176 show snmp enginelD a na 178 show snmp views 179 show snmp groupe 179 show snmp filters 20 020 20ee eee eee ee 180 show snmp ueers eee eee eee 181 10 RSA and Certificate Commands 183 crypto key generate dea 183 crypto key generate reg 184 show crypto key mypubkey nn
17. dns server Use the dns server DHCP Pool Configuration mode command to configure the Domain Name System DNS IP servers available to a Dynamic Host Configuration Protocol DHCP client Use the no form of this command to remove the DNS server list Syntax dns server ip address 1p address2 ip address6 no dns server Parameters ip address Specifies a DNS Server IP address One IP address is required although up to eight addresses can be specified in one command line Command Mode DHCP Pool Host Configuration mode 664 DHCP Server Commands DHCP Pool Network Configuration mode Default Configuration No DNS server is defined User Guidelines If DNS IP servers are not configured for a DHCP client the client cannot correlate host names to IP addresses Example The following example specifies 10 12 1 99 as the client domain name server IP address Console config dhcp dns server 10 12 1 99 domain name Use the domain name DHCP Pool Configuration mode command to specify the domain name for a Dynamic Host Configuration Protocol DHCP client Use the no form of this command to remove the domain name Syntax domain name domain no domain name Parameters domain Specifies the DHCP client domain name string Length 1 32 characters Command Mode DHCP Pool Host Configuration mode DHCP Pool Network Configuration mode Default Configuration No domain name is defined DHCP Server Commandes 665
18. DHCP Snooping and ARP Inspection Commands ip arp inspection validate Use the ip arp inspection validate Global Configuration mode command to perform specific checks for dynamic Address Resolution Protocol ARP inspection Use the no form of this command to restore the default configuration Syntax ip arp inspection validate no ip arp inspection validate Default Configuration ARP inspection validation is disabled Command Mode Global Configuration mode User Guidelines The following checks are performed Source MAC address Compares the source MAC address in the Ethernet header against the sender MAC address in the ARP body This check is performed on both ARP requests and responses e Destination MAC address Compares the destination MAC address in the Ethernet header against the target MAC address in the ARP body This check is performed for ARP responses e IP addresses Compares the ARP body for invalid and unexpected IP addresses Addresses include 0 0 0 0 255 255 255 255 and all IP multicast addresses Example The following example executes ARP inspection validation Console config ip arp inspection validate DHCP Snooping and ARP Inspection Commands 579 ip arp inspection list create Use the ip arp inspection list create Global Configuration mode command to create a static ARP binding list and enters the ARP list configuration mode Use the no form of this command to delete the list Syntax ip
19. Parameters isatap Enables an automatic IPv6 over IPv4 Intra Site Automatic Tunnel Addressing Protocol ISATAP tunnel Default Configuration The Pv6 transition mechanism global support mode is disabled Command Mode Interface Configuration Tunnel mode User Guidelines The system can be enabled to ISATAP tunnel When enabled an automatic tunnel interface is created on each interface that is assigned an IPv address Note that on a specific interface for example port or VLAN both native IPV6 and transition mechanisms can coexist The host implementation chooses the egress interface according to the scope of the destination IP address such as ISATAP or native IPv6 Example The following example configures an Pv6 transition mechanism global support mode Console config interface tunnel 1 Console config tunnel tunnel mode ipv6ip isatap tunnel isatap router Use the tunnel isatap router Interface Configuration Tunnel mode command to configure a global string that represents a specific automatic tunnel router domain name Use the no form of this command to remove the string associated with the router domain name and restore the default configuration Syntax tunnel isatap router router name 644 Tunnel Commands no tunnel isatap router Parameters router name Specifies the router s domain name Default Configuration The automatic tunnel router s default domain name is ISATAP Command Mode Interf
20. Parameters This command has no arguments or keywords Default Disabled Command Mode Global Configuration mode User Guidelines The command is effective after reset show qos interface Use the show qos interface EXEC mode command to display Quality of Service QoS information on the interface Syntax show qos interface buffers queueing policers shapers d rate limit intertace id Parameters e buffers Displays the buffer settings for the interface s queues For GE ports displays the queue depth for each of the 8 queues e queueing Displays the queue s strategy WRR or EF the weight for WRR queues the CoS to queue map and the EF priority e policers Displays all the policers configured for this interface their settings and the number of policers currently unused e shapers Displays the shaper of the specified interface and the shaper for the queue on the specified interface e zate limit Displays the rate limit configuration Quality of Service QoS Commands 745 e interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Default Configuration There is no default configuration for this command Command Mode EXEC mode User Guidelines The policers option is relevant for a VLAN interface only If no parameter is specified with the show qos interface command the port QoS mode DSCP trusted CoS trusted untrus
21. Range Up to 4 characters e recurring Indicates that summer time should start and end on the corresponding specified days every year e date Indicates that summer time should start on the first specific date listed in the command and end on the second specific date in the command e usa The summer time rules are the United States rules e eu The summer time rules are the European Union rules e week Week of the month Can be 1 4 first last e day Day of the week first three letters by name such as Sun characters e date Date of the month Range 1 31 e month Month first three letters by name such as Feb characters e year year no abbreviation Range 2000 2097 e hh mm Time military format in hours and minutes Range hh mmbh 0 23 mm 0 59 e offset Number of minutes to add during summer time default is 60 Range 1440 Default Configuration Summer time is disabled Command Mode Global Configuration mode User Guidelines In both the date and recurring forms of the command the first part of the command specifies when summer time begins and the second part specifies 110 Clock Commands when it ends All times are relative to the local time zone The start time is relative to standard time The end time is relative to summer time If the starting month is chronologically after the ending month the system assumes that you are in the southern hemisphere USA ru
22. Syntax show rmon log even Parameters event Specifies the event index Range 0 65535 Command Mode EXEC mode Example The following examples display the RMON log table Console show rmon log aximum table size 500 800 after reset Event Description Time MIB Var Jan 18 2006 23 48 19 Lid Ove 2 1L 25241410253 Delta Rising Actual Val 800 Thres Set 100 Interval sec 1 rmon table size Use the rmon table size Global Configuration mode command to configure the maximum size of RMON tables Use the no form of this command to return to the default configuration Syntax rmon table size history entries log entries no rmon table size history log Parameters e history entries Specifies the maximum number of history table entries Range 20 270 292 RMON Commands e log entries Specifies the maximum number of log table entries Range 20 100 Default Configuration The default history table size is 270 entries The default log table size is 200 entries Command Mode Global Configuration mode User Guidelines The configured table size takes effect after the device is rebooted Example The following example configures the maximum size of RMON history tables to 100 entries Console config rmon table size history 100 RMON Commands 293 294 RMON Commands 802 1x Commands aaa authentication dot1x Use the aaa authentication dotlx Global Configuration mod
23. User Guidelines Defining a static IP address on an interface implicitly removes the DHCP client configuration on the interface If the product supports multiple IP addresses The product supports up to x IP addresses The IP addresses should be from different IP subnets When adding an IP address from a subnet that already exists in the list the new IP address replaces the existing IP address from that subnet If the product is switch only and supports a single IP address If the IP address configured in global context then it would be bound to the currently defined management interface If the management interface is Default VLAN and the VID of the default VLAN is changed then when new setting is applied the IP address will be automatically redefined on the new Default VLAN If the IP address is configured in Interface context then the IP address is bound to the interface in context If a static IP address is already defined the user must do no IP address in the relevant interface context before changing the IP address If a dynamic IP address is already defined the user must do no ip address in the relevant interface context before configuring another dynamic IP address The Interface context could be a port LAG or VLAN depending on support that is defined for the product Example The following example configures VLAN with IP address 131 108 1 27 and subnet mask 255 255 255 0 Console config interface vlan 1 600
24. VLAN Interface IP Address HW Address Status VLAN 1 gil 0 1 LO The LOZ 00 10 B5 04 DB 4B Dynamic VLAN 1 gil 0 2 ne e Ma Ee 00 50 22 00 2A A4 Static show arp configuration Use the show arp configuration privileged EXEC command to display the global and interface configuration of the ARP protocol Syntax show arp configuration IP Addressing Commands 609 Parameters This command has no arguments or key words Command Mode Privileged EXEC mode Example Console show arp configuration Global configuration ARP Proxy enabled ARP timeout 80000 Seconds Interface configuration g2 ARP Proxy disabled D RP timeout 60000 Seconds VLAN 1 ARP Proxy enabled ARP timeout 70000 Seconds VLAN 2 ARP Proxy enabled ARP timeout 80000 Second Global interface ip Use the interface ip Global Configuration mode command to enter the IP Interface Configuration mode Syntax interface ip p address Parameters ip address Specifies one of the IP addresses of the device 610 IP Addressing Commands Command Mode Global Configuration mode Example The following example enters the IP interface configuration mode Console config interface ip 192 168 1 1 Console config ip directed broadcast Use the directed broadcast IP Interface Configuration mode command to enable the translation of a directed broadcast to physical broadcasts Use the no form of this command to disable this function Synta
25. class Management access class is enabled using access list mlist Management ACL Commande 157 158 Management ACL Commands SNMP Commands snmp server Use the snmp server server Global Configuration mode command to enable the device to be configured by SNMP Use the no form of this command to disable this function Syntax snmp server server no snmp server server Parameters This command has no arguments or keywords Default Enabled Command Mode Global Configuration mode Example snmp server server console config snmp server server snmp server community Use the snmp server community Global Configuration mode command to set up the community access string to permit access to the Simple Network SNMP Commands 159 Management Protocol command Use the no form of this command to remove the specified community string Syntax snmp server community string view view name ro rw suj tipv address 1pv6 address mask d prefix length type router oob snmp server community group string group name ipv4 address ipv6 address mask pretix length type router oob no snmp server community string ipv4 address ipv6 address Parameters 160 string Community string that acts like a password and permits access to the SNMP protocol Range 1 20 characters ro Specifies read only access default rw Specifies read write access su Specifies SNMP administrator access view view
26. e restrict Generates a trap when a station whose MAC address is not the supplicant MAC address attempts to access the interface The minimum time between the traps is 1 second Those frames are forwarded but their source address are not learned e protect Discard frames with source addresses not the supplicant address e shutdown Discard frames with source addresses not the supplicant address and shutdown the port 314 802 1x Commands Default Configuration Protect Command Mode Interface Configuration Ethernet mode User Guidelines The command is relevant for single host mode The command is not relevant for multiple hosts mode The command is relevant for multiple sessions mode but you should note that since PCs are sending traffic prior to successful 802 1X authentication this command might not be useful in this mode BPDU message whose MAC address is not the supplicant MAC address wouldn t be discarded in the protect mode BPDU message whose MAC address is not the supplicant MAC address would cause a shutdown in the shutdown mode Example console config interface gigabitethernet gil 0 1 console config if dot1lx violation mode protect dot1x guest vian Use the dot1x guest vlan Interface Configuration VLAN mode command to define a guest VLAN Use the no form of this command to restore the default configuration Syntax dot ls guest vlan no dotlx guest vlan Default Configuration No VLA
27. e mac and 802 1x Enables 802 1X authentication and MAC address authentication on the interface Default Configuration Authentication based on the station s MAC address is disabled Command Mode Interface Configuration Ethernet mode User Guidelines The guest VLAN must be enabled when MAC authentication is enabled Static MAC addresses cannot be authorized Do not change an authenticated MAC address to a static address It is not recommended to delete authenticated MAC addresses Reauthentication must be enabled when working in this mode 318 802 1x Commands Example The following example enables authentication based on the station s MAC address on gigabitethernet port 1 0 1 Console config interface gil 0 1 Console config if dot1x mac authentication mac only dot1x traps mac authentication success Use the dot1x traps mac authentication success Global Configuration mode command to enable sending traps when a MAC address is successfully authenticated by the 802 1X mac authentication access control Use the no form of this command to disable the traps Syntax dotlx traps mac authentication success no dotlx traps mac authentication success Parameters This command has no arguments or keywords Default Default is disabled Command Mode Global Configuration mode dot1x traps mac authentication failure Use the dotls traps mac authentication failure Global Configuration mode command to enable se
28. end Switch show parser macro description InterfaceMacro Description Macro Commands 67 1 2 dup 1 3 duplex Switch config interface gigabitethernet 1 0 2 Switch config if no macro description Switch config if end Switch show parser macro description InterfaceMacro Description macro global Use the macro global Global Configuration command to apply a macro to a switch or to apply and trace a macro configuration on a switch Syntax macro global apply trace macro name parameter value parameter value parameter value Parameters e apply Apply a macro to the switch e trace Apply and trace a macro to the switch e macro name Specify the name of the macro e paramete Optional Specify unique parameter values that are specific to the switch You can enter up to three keyword value pairs Parameter keyword matching is case sensitive All matching occurrences of the keyword are replaced with the corresponding value Default Configuration The command has no default setting Command Mode Global Configuration mode 68 Macro Commands User Guidelines You can use the macro global trace macro name Global Configuration mode command to apply and show the macros running on the switch or to debug the macro in order to locate any syntax or configuration errors If a command fails because of a syntax error or a configuration error when you apply a macro the macro nonetheless continue
29. 0 95 Disable 3 Off Watts 0 Watts 0 95 Disable 4 off Watts 0 Watts 0 95 Disable 5 off Watts 0 Watts 0 95 Disable 6 off Watts 0 Watts 0 95 Disable 7 off Watts 0 Watts 0 95 Disable 8 Off Watts 0 Watts 0 95 Disable Port Powered Device State Status Priority Class gil 0 1 IP Phone Model A Auto On High Class0 gil 0 2 Wireless AP Model A Auto On Low Class1l gil 0 3 Auto off Low N A Example 2 362 Power over Ethernet PoE Commands The following example displays information about the inline power for a specific port console config show power inline gil 1 1 Port Powered Device State Status Priority Class Power limit for port power limit mode 15 4W Overload Counter 0 Short Counter 0 Denied Counter 0 Absent Counter 0 Invalid Signature Counter 0 The following table describes the fields shown in the display Field Description Power The inline power sourcing equipment operational status Nominal Power The inline power sourcing equipment nominal power in Watts Consumed Power The measured usage power in Watts Usage Threshold The usage threshold expressed in percent for comparing the measured power and initiating an alarm if threshold is exceeded Traps Indicates if inline power traps are enabled Port The Ethernet port number Powered device A description of the powered device type Admin State Indicates if the port is enabled to provide power The possibl
30. 128 to 255 Octets 512 to 1023 Octets 256 to 511 Octets 1 1024 to max Octets 0 The following table describes the significant fields displayed Field Description Dropped The total number of events in which packets were dropped by the probe due to lack of resources Note that this number is not necessarily the number of packets dropped It is the number of times this condition was detected Octets The total number of octets of data including those in bad packets received on the network excluding framing bits but including FCS octets Packets The total number of packets including bad packets broadcast packets and multicast packets received Broadcast The total number of good packets received and directed to the broadcast address This does not include multicast packets Multicast The total number of good packets received and directed to a multicast address This number does not include packets directed to the broadcast address CRC Align Errors The total number of packets received with a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but with either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Collisions The best estimate of the total number of collisions on this Ethernet segment Undersize Pkts The total
31. 32 39 40 47 48 56 57 63 value i w aS a O N Queue ID Command Mode Global Configuration mode Example The following example maps DSOP values 33 40 and 41 to queue 1 Console config qos map dscp queue 33 40 41 to 1 qos map dscp dp Use the qos map dscp dp Global Configuration mode command to map the DSCP to Drop Precedence Use the no form of this command to restore the default configuration Syntax qos map dscp dp dscp listto dp no qos map dscp dp dscp ist Parameters e dscp list Specifies up to 8 DSCP values with values separated by a space Range 0 63 e dp Specifies the Drop Precedence value to which the DSCP values are mapped values 0 2 where 2 is the highest Drop Precedence Default Configuration All the DSCPs are mapped to Drop Precedence 0 Quality of Service QoS Commands 751 Command Mode Global Configuration mode Example The following example maps DSCP values 25 27 and 29 to Drop Precedence 2 Console config qos map dscp dp 25 27 29 to 2 qos trust Global Use the qos trust Global Configuration mode command to configure the system to the basic mode and trust state Use the no form of this command to return to the default configuration Syntax qos trust cos dscp no qos trust Parameters e cos Specifies that ingress packets are classified with packet CoS values Untagged packets are classified with the d
32. AAA Commands 227 Default Configuration The full service password recovery is enabled by default Command Mode Gobal Configuration mode User Guidelines This mechanism allows an end user with physical access to the console port of the device to enter the boot menu and trigger the password recovery process The following functionality occurs e If password recovery is enabled the user can access the boot menu and trigger the password recovery in the boot menu All configuration files and user files are kept e If password recovery is disabled the user still can access the boot menu and trigger the password recovery in the boot menu However the configuration files and user files are removed and the following log message is generated to the terminal All the configuration and user files were removed Example The following command disables password recovery console no service password recovery Note that choosing to use Password recovery option in the Boot Menu during the boot process will remove the configuration files and the user files Would you like to continue Y N enable password Use the enable password Global Configuration mode command to set a local password to control access to normal and privilege levels Use the no form of this command to return to the default password 228 AAA Commands Syntax enable password evel privilege level password encrypted encrypted password no ena
33. Error 354 PHY Diagnostics Commands console show fiber ports optical transceiver detailed Port Temp Voltage Current Output Input LOS C Volt mA Power Power mWatt mWatt gid 1 Copper gi0 26 Copper gi0 27 28 3 32 7 26 3 53 3 68 No gi0 28 29 3533 6 50 Ee SASL No Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power in milliWatts Input Power Measured RX received power in milliWatts LOS Loss of signal N A Not Available N S Not Supported W Warning E Error PHY Diagnostics Commands 355 356 PHY Diagnostics Commands Power over Ethernet PoE Commands power inline Use the power inline Interface Configuration mode command to configure the inline power administrative mode on an interface Syntax power inline fauto never Parameters e auto Turns on the device discovery protocol and applies power to the device e never Tums off the device discovery protocol and stops supplying power to the device Default Configuration The default configuration is set to auto Command Mode Interface Configuration Ethernet mode Example The following example turns on the device discovery protocol on port 4 Console config interface gigabitethernet 1 0 4 Console config if power inline auto Power over Ethernet PoE Commands 357 power inline powered device Use
34. Example The following example specifies yahoo com as the DHCP client domain name string Console config dhcp domain name yahoo com netbios name server Use the netbios name server DHCP Pool Configuration mode command to configure the NetBIOS Windows Internet Naming Service WINS servers that are available to Microsoft Dynamic Host Configuration Protocol DHCP clients Use the no form of this command to remove the NetBIOS name server list Syntax netbios name server 1p address 1p address2 ip address8 no netbios name server Parameters ip address Specifies the NetBIOS WINS name server IP address One IP address is required although up to eight addresses can be specified in one command line Command Mode DHCP Pool Host Configuration mode DHCP Pool Network Configuration mode Default Configuration No bios server is defined Example The following example specifies the IP address of a NetBIOS name server available to the DHCP client Console config dhcp netbios name server 10 12 1 90 666 DHCP Server Commands netbios node type Use the netbios node type DHCP Pool Configuration mode command to configure the NetBIOS node type for Microsoft Dynamic Host Configuration Protocol DHCP clients Use the no form of this command to remove the NetBIOS node type Syntax netbios node type b node d p node m node h node no netbios node type Parameters e b node Specifies the Broadcast NetBIOS node ty
35. HCP Auto Configuration Enabled HCP Option 67 Enabled D DD DUD HH HAN HCP Option 82 Disabled IPv6 defaults 802 1x defaults 802 1X is disabled Mode Multiple host Guest VLAN Not defined Interface defaults in present unit 48 GE regular 2 10G fiberOptics PoE Enabled POE mode Port Limit Duplex Full Negotiation Enabled Flow control Off 98 System Management Commands Mdix mode auto LAGs No LAG is defined Storm control Disabled Storm control mode unknown unicast broadcast multicast Port security Disabled LLDP Enabled LLDPDU Handeling Filtering Jumbo frames Disabled Port Channel Load Balancing Layer 2 Bridging defaults Maximum 16K entries Aging time 5 minutes iSCSI Enabled iSCSI cos 5 with no remark Multicast defaults Multicast filtering Disabled IGMP snooping Disabled IGMP Querier Disabled Multicast TV Vlan Interface disabled Port monitoring defaults Port monitor is not defined Maximum source port 4 Maximum destination ports for mirroring 2 Spanning tree defaults Spanning tree is Enabled Spanning tree mode is Classic Spanning tree interface Enabled Port fast Disabled BPDU handling Filtering BPDU Guard Disabled Vlan defaults System Management Commande 99 Maximum Vlans 4094 Default VLAN Enabled Default VLAN id 1 GVRP Disabled Port mode undefined PVID 1 VLAN membership 1 Voice vlan defaults Voice VLA
36. IP Addressing Commands Console config if ip address 131 108 1 27 255 255 255 0 ip address dhcp Use the ip address dhep Interface Configuration Ethernet VLAN Port channel mode command to acquire an IP address for an Ethernet interface from the Dynamic Host Configuration Protocol DHCP server Use the no form of this command to release an acquired IP address Syntax ip address dhcp no ip address dhcp Parameters No parameters Command Mode Interface Configuration Ethernet VLAN Port channel mode It cannot be configured for a range of interfaces range context User Guidelines The ip address dhcp command allows any interface to dynamically learn its IP address by using the DHCP protocol DHCP client configuration on an interface implicitly removes the static IP address configuration on the interface If the device is configured to obtain its IP address from a DHCP server it sends a DHCPDISCOVER message to provide information about itself to the DHCP server on the network If the ip address dhcp command is used with or without the optional keyword the DHCP option 12 field host name option is included in the DISCOVER message By default the host name specified in the option 12 field is the globally configured device host name The no ip address dhep command releases any IP address that was acquired and sends a DHCPRELEASE message IP Addressing Commands 601 Example The following example acquires an
37. IPv6 address when the certificate is generated or to the device s lowest static Pv4 address if there is no static IPv6 address or to 0 0 0 0 if there is no static IP address If duration days is not specified it defaults to 365 days Command Mode Global Configuration mode User Guidelines This command is not saved in the router configuration However the certificate and keys generated by this command are saved in the private configuration which is never displayed to the user or backed up to another device When exporting a RSA key pair to a PKCS 12 file the RSA key pair is as secure as the passphrase Keep the passphrase secure If the RSA key does not exist you must use the parameter key generate 186 RSA and Certificate Commands Example The following example generates a self signed certificate for HTTPS Console crypto certificate generate key generate crypto certificate request The crypto certificate request Privileged EXEC mode command generates and displays a certificate request for HTTPS Syntax crypto certificate number request common name ou organization umt or organization loc location st state cu country Parameters e number Specifies the certificate number Range 1 2 e common name Specifies the device s fully qualified URL or IP address Length 1 64 characters e ou organization unit Specifies the organization unit or department name Length 1 64 characters e or or
38. Interface configuration Ethernet port channel User Guidelines Use this command to isolate unicast multicast and broadcast traffic at Layer 2 from other protected ports that are not associated with the same community as the ingress interface on the same switch Please note that the packet is still subject to FDB decision and to all filtering rules Use the switchport community Interface Configuration command to associate the interface with a community Example console config interface gil 0 1 console config if switchport protected port VLAN Commands 497 switchport community Use the switchport community Interface Configuration mode command to associate a protected port with a community Use the no form of this command to return to default Syntax switchport community community no switchport community Parameters community Specifies the community number Range 1 30 Default Configuration The port is not associated with any community Command Mode Interface Configuration Ethernet port channel mode User Guidelines The command is relevant only when the port is defined as a protected port Use the switchport protected port Interface Configuration command to define a port as a protected port Example console config interface gigabitethernet 1 0 1 console config if switchport community 1 show interfaces protected ports Use the show interfaces protected ports EXEC mode command to sho
39. Maximum label length 63 characters 620 IP Addressing Commands e Removes all entries Command Mode Privileged EXEC mode User Guidelines This command deletes the host name to address mapping temporarily until the next refresh of the IP addresses Example The following example deletes all entries from the host name to address mapping received from DHCP Console clear host dhcp show hosts Use the show hosts EXEC mode command to display the default domain name the list of name server hosts the static and the cached list of host names and addresses Syntax show hosts name Parameters name Specifies the host name Length 1 158 characters Maximum label length 63 characters Command Mode EXEC mode IP Addressing Commands 621 Example The following example displays host information Console gt show hosts System name Devic Default domain is gm com sales gm com usa sales gm com DHCP Name address lookup is enabled Name servers Preference order 176 16 1 18 176 16 1 19 Configured host name to address mapping Host Addresses accounting gm com 176 16 8 8 176 16 8 9 DHCP 2002 0 130F 0A0 1504 0BB4 Host Tota Elapse Type Addresses 1 d EE www stanford edu 7 gt gt IP 171 64 14 203 72 3 622 IP Addressing Commands IPv6 Addressing Commands ipv6 enable Use the ipv6 enable Interface Configuration Ethernet VLAN Port channel mode command to e
40. Parameters e capability Specifies the capabilities to advertise Possible values 10h 10f 100h 100 1000f If unspecified defaults to list of all the capabilities of the port e Preferred Specifies the master slave preference e Master Advertise master preference e Slave Advertise slave preference Default Configuration Auto negotiation is enabled and preferred default mode is master mode Command Mode Interface Configuration Ethernet Port channel mode Example The following example enables auto negotiation on gigabitethernet port 1 0 5 Console config interface gigabitethernet 1 0 5 Console config if negotiation Console config if flowcontrol Use the flowcontrol Interface Configuration Ethernet Port channel mode command to configure the Flow Control on a given interface Use the no form of this command to disable Flow Control Syntax flowcontrol fauto on off no flowcontrol Parameters e aut Specifies auto negotiation e on Enables Flow Control Ethernet Configuration Commands 333 e off Disables Flow Control Default Configuration Flow control is enabled Command Mode Interface Configuration Ethernet Port channel mode User Guidelines Use the negotiation command to enable flow control auto Example The following example enables Flow Control on port gi1 0 1 Console config interface gigabitethernet 1 0 1 Console config if flowcontrol on flowcon
41. Parameters detail Displays the TimeZone and SummerTime configuration Command Mode EXEC mode Example The following example displays the system time and date Console gt show clock 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Console gt show clock detail 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Time zone 122 Clock Commands Acronym is PST Offset is UTC 8 Summertime Acronym is PDT Recurring every year Ends at last Sunday of October at 2 00 Offset is 60 minutes DHCP timezone Disabled Device gt show clock detail 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Timezone DHCP Acronym is PST Offset is UTC 8 Timezone static Acronym is PST Offset is UTC 8 Summertime Static Acronym is PDT Recurring every year Begins at first Sunday of April at 2 00 Ends at last Sunday of October at 2 00 Offset is 60 minutes DHCP timezone Enabled Begins at first Sunday of April at 2 00 Clock Commands 123 show sntp configuration The show sntp configuration Privileged EXEC mode command displays the Simple Network Time Protocol SNTP configuration on the device Syntax show sntp configuration Command Mode Privileged EXEC mode Example The following example displays the device s current SNTP configuration console show sntp configuration SNTP port 123 Polling interval 1024 seconds No MD5 authentication keys Authenticati
42. Privileged EXEC mode 802 1x Commands 323 Example The following example displays 802 1x advanced features for the device console show dot1lx advanced Guest VLAN 3978 Unauthenticated VLANs 91 92 Interface Multiple Guest MAC VLAN Legacy Policy Hosts VLAN Authentication Assignment supp Mode Assignment gil 0 1 Disabled Enabled MAC and 802 1X Enabled Enable Disabled gil 0 2 Enabled Disabled Disabled Enabled Enable Disabled Switch show dot1x advanced gigabitethernet 1 0 1 Interface Multiple Guest MAC VLAN Legacy Policy Hosts VLAN Authentication Assignment sup Mode Assignment gil 0 1 Disabled Enabled MAC and 802 1X Enabled Enable Legacy Supp mode is disabled Policy assignment resource err handling Accept Single host parameters Violation action Discard Trap Enabledx Status Single host locked Violations since last trap 9 dot1x system auth control monitor Use the dot1x system auth control monitor Global Configuration command to enable 802 1x globally the 802 1x Monitoring mode and define the Monitor VLAN Use the no format of the command to return to default Syntax dotlx system auth control monitor v an rn cl no dotlx system auth control monitor 324 802 1x Commands Parameters vlan vlan id Specifies the 802 1x Monitoring VLAN If the parameter is omitted the Default VLAN is used as the 802 1x Monitoring VLAN Range Any manually created VLAN or the Default VLAN Default Disabled Command
43. Specifies that the device can be managed only from the console e name Specifies the access list name to be used Length 1 32 characters Default Configuration The default configuration is no management connection restrictions Command Mode Global Configuration mode Example The following example defines an access list called mlist as the active management access list Console config management access class mlist show management access list The show management access list Privileged EXEC mode command displays management access lists Syntax show management access list name Management ACL Commande 155 Parameters name Specifies the name of a management access list to be displayed Length 1 32 characters Command Mode Privileged EXEC mode Example The following example displays the mlist management access list Console show management access list mlist console only deny Note all other access implicitly denied mlist permit gil 0 1 permit gil 0 9 Note all other access implicitly denied console show management access class The show management access class Privileged EXEC mode command displays information about the active management access list Syntax show management access class Command Mode Privileged EXEC mode 156 Management ACL Commands Example The following example displays the active management access list information Console show management access
44. Therefore when defining an SNMP community the administrator must indicate which tables are being configured If Type is router it means that the device s tables are being configured Example snmp server community console config snmp server community abcd su 1 1 1 121 mask 255 0 0 0 console config snmp server community group tom abcd 1 1 1 122 prefix 8 snmp server view The snmp server view Global Configuration mode command creates or updates a Simple Network Management Protocol SNMP server view entry Use the no form of this command to remove an SNMP server view entry Syntax snmp server view view name oid tree included excluded no snmp server view view name oid tree Parameters view name Specifies the label for the view record that is being created or updated The name is used to reference the record Length 1 30 characters e oid tree Specifies the ASN 1 subtree object identifier to be included or excluded from the view To identify the subtree specify a text string consisting of numbers such as 1 3 6 2 4 or a word such as System Replace a single sub identifier with the asterisk wildcard to specify a subtree family for example 1 3 4 e included Specifies that the view type is included 162 SNMP Commands e excluded Specifies that the view type is excluded Default Configuration Default and DefaultSuper are the default view names Command Mode Global Configuration mode
45. This Feature Forwarded Dropped IP MAC Validation Failure Syntax show ip arp inspection statistics v an vlan id Parameters vlan id Specifies VLAN ID 584 DHCP Snooping and ARP Inspection Commands Command Mode EXEC mode User Guidelines To clear ARP Inspection counters use the clear ip arp inspection statistics CLI command Counters values are kept when disabling the ARP Inspection feature Example console show ip arp inspection statistics Vlan Forwarded Packets Dropped Packets IP MAC Failures 2 1500100 80 clear ip arp inspection statistics Use the clear ip arp inspection statistics Privileged EXEC mode command to clear statistics ARP Inspection statistics globally Syntax clear ip arp inspection statistics vlan vlan id Parameters vlan id Specifies VLAN ID Command Mode Privileged EXEC mode Example console clear ip arp inspection statistics DHCP Snooping and ARP Inspection Commands 585 ip dhcp information option Use the ip dhcp information option Global Configuration command to enable DHCP option 82 data insertion Use the no form of this command to disable DHCP option 82 data insertion Syntax ip dhcp information option no ip dhcp information option Parameters This command has no arguments or keywords Default Configuration DHCP option 82 data insertion is disabled Command Mode Global Configuration mode User Guidelines DHCP option 82 would be enabled only if DHCP snoo
46. Up arrow key Recalls commands from the history buffer beginning with the most recent command Repeat the key sequence to recall successively older commands 40 User Interface Commands enable The enable EXEC mode command enters the Privileged EXEC mode Syntax enable privilege levell Parameters ptivilege level Specifies the privilege level at which to enter the system Range 1 15 Default Configuration The default privilege level is 15 Command Mode EXEC mode Example The following example enters the Privileged EXEC mode Console gt enable enter password Console User Interface Commands 41 disable The disable Privileged EXEC mode command leaves the Privileged EXEC mode and returns to the User EXEC mode Syntax disable privilege level Parameters ptivilege level Specifies the privilege level at which to enter the system Range 1 15 Default Configuration The default privilege level is 1 Command Mode Privileged EXEC mode Example The following example returns to the User EXEC mode Console disable Console gt login The login EXEC mode command changes a user s login Syntax login Command Mode EXEC mode 42 User Interface Commands Example The following example enters Privileged EXEC mode and logs in with D 7 username admin S Console gt login User Name admin Password Console configure The configure Privileged EXEC mode
47. channel mode command to configure the Port VLAN ID PVID when the interface is in general mode Use the no form of this command to restore the default configuration Syntax switchport general pvid v an id no switchport general pvid Parameters vlan id Specifies the Port VLAN ID PVID 506 VLAN Commands Default Configuration If the default VLAN is enabled PVID is 1 Otherwise PVID is 4095 Command Mode Interface Configuration Ethernet Port channel mode Example The following example configures PVID 234 for gigabitethernet port 1 0 2 when the interface is in general mode Console config interface gigabitethernet 1 0 2 Console config if switchport mode general Console config if switchport general pvid 234 switchport general ingress filtering disable Use the switchport general ingress filtering disable Interface Configuration Ethernet Port channel mode command to disable port ingress filtering Use the no form of this command to restore the default configuration Syntax switchport general ingress filtering disable no switchport general ingress filtering disable Default Configuration Ingress filtering is enabled Command Mode Interface Configuration Ethernet port channel mode Example The following example disables port ingress filtering on gigabitethernet port 1 0 1 Console config interface gigabitethernet 1 0 1 Console config if switchport mode general VLAN Commands
48. defaults to 6343 The range is 1 65535 bytes Specifies the maximum number of bytes that can be sent in a single sample datagram If unspecified it defaults to 1400 Default No receiver is defined sFlow Commands 417 Command Mode Global Configuration mode User Guidelines If the IP address of the sFlow receiver is set to 0 0 0 0 no sFlow datagrams are sent sflow flow sampling Use the sflow flow sampling Interface Configuration mode command to enable sFlow Flow sampling and configure the average sampling rate of a specific port Use the no form of this command to disable Flow sampling Syntax sflow flow sampling rate receiver index max header size bytes no sflow flow sampling Parameters rate Specifies the average sampling rate Range 1 1024 1073741823 m receiver index Index of the receiver collector Range 1 8 m bytes Specifies the maximum number of bytes that would be copied from the sampled packet If unspecified defaults to 128 Range 20 256 Default Disabled Command Mode Interface Configuration Ethernet mode User Guidelines A new sampling rate configuration is not immediately loaded to the hardware It will be loaded to the hardware only after the next packet is sampled based on the current sampling rate 418 sFlow Commands sflow counters sampling Use the sflow counters sampling Interface Configuration mode command to enable sFlow Counters sampling and to co
49. following formula 426 LLDP Commands TTL min 65535 LLDP Timer LLDP HoldMultiplier For example if the value of the LLDP timer is 30 seconds and the value of the LLDP hold multiplier is 4 then the value 120 is encoded in the TTL field of the LLDP header Example The following example sets the LLDP packet hold time interval to 90 seconds Console config lldp timer 30 Console config lldp hold multiplier 3 Ildp reinit Use the lldp reinit Global Configuration mode command to specify the minimum time an LLDP port waits before reinitializing LLDP transmission Use the no form of this command to revert to the default setting Syntax lldp reinit seconds no lldp reinit Parameters seconds Specifies the minimum time in seconds an LLDP port waits before reinitializing LLDP transmission Range 1 10 Default 2 seconds Command Mode Global Configuration mode Example console config lldp reinit 4 LLDP Commands 427 Ildp tx delay Use the dp tx delay Global Configuration mode command to set the delay between successive LLDP frame transmissions initiated by value status changes in the LLDP local systems MIB Use the no form of this command to restore the default configuration Syntax lldp tx delay seconds no Ildp tx delay Parameters seconds Specifies the delay in seconds between successive LLDP frame transmissions initiated by value status changes in the LLDP local systems MIB Range 17
50. indicated period Range 5 3600 Default 5 seconds Command Mode Global Configuration mode Example console config lldp notification interval 10 Ildp optional tlv 802 1 Use the Ildp optional tlv Interface Configuration mode command to specify which optional TLVs from the basic set to transmit Use the no form of this command revert to the default setting Syntax lldp optional tlv 802 1 od no lldp optional tlv 802 1 pvid lldp optional tlv 802 1 ppvid add ppvid Ildp optional tlv 802 1 ppvid remove ppvid lldp optional tlv 802 1 vlan name add v an id lldp optional tlv 802 1 vlan name remove v an id lldp optional tlv 802 1 protocol add stp rstp mstp pause 802 1x lacp gvrp lldp optional tlv 802 1 protocol remove s p rstp mstp pause 502 1x lacp gvrp Parameters e pvid Advertises the PVID of the port 432 LLDP Commands ppvid Adds removes PPVID for advertising PPVID 0 can be used to advertise the PPVIDs capabilities of the interface Range 0 4094 e vlan Adds removse VLAN ID for advertising Range 1 4094 Default No optional TLV is transmitted Command Mode Interface Configuration Ethernet mode Ildp med enable Use the Udp med enable Interface Configuration Ethernet mode command to enable Link Layer Discovery Protocol LLDP Media Endpoint Discovery MED on an interface Use the no form of this command to disable LLDP MED on an interface Syntax lldp me
51. interface gigabitethernet 1 0 7 Console config if switchport mode general Console config if switchport general forbidden vlan add 234 256 map protocol protocols group Use the map protocol protocols group VLAN Configuration mode command to map a protocol to a group of protocols Use the no form of this command to delete a protocol from a group Syntax map protocol protocol encapsulation protocols group group no map protocol protocol encapsulation 510 VLAN Commands Parameters e protocol Specifies a 16 bit protocol number or one of the reserved names listed in the User Guidelines Range 0x0600 0xF FFF e encapsulation Specities one of the following values Ethernet rfc1042 IcOther If no option is indicated the default is Ethernet e protocols group group Specifies the group number of the group of protocols associated together Range 1 2147483647 Default Configuration The default encapsulation is Ethernet Command Mode VLAN Configuration mode User Guidelines The value 0x8100 is not valid as the protocol number for Ethernet encapsulation The following protocol names are reserved for Ethernet Encapsulation e ip e arp e ipv6 ipx Example The following example maps protocol ip to protocol group number 213 Console config vlan database Console config vlan map protocol ip protocols group 213 switchport general map protocols group vlan Use the switchport general
52. permit 00 00 00 00 00 01 00 00 00 00 00 ff any console config mac al exit console config interface gigabitethernet 1 0 1 console config if service acl output server service acl input block Use the service acl input block Interface Configuration mode commands to discard packets that are classified to specific protocols Use the no form of those commands to disable discarding of the packets Syntax service acl input protocol protocol2 protocol6 no service acl input Parameters protocol Specifies a protocol to filter Available values are blockcdp blockvtp blockdtp blockudld blockpagp blocksstp and blockall Default Configuration No protocol is defined Command Mode Interface Configuration Ethernet Port Channel mode User Guidelines If you want to define multiple protocols on the same interface those protocols should be defined in the same command To change configuration of the protocol filtering for an interface you should first remove the current assignment of protocol filtering assignment and then assign the new configuration of the protocol filtering If Proprietary Protocol Filtering rules are assigned on an interface the user is not able to assign ACL or Policy Map or Security suite rules to that interface and to enable 802 1X Dynamic Policy Assignment to that interface 712 If ACL or Policy Map or Security suite rules are assigned to an interface or 802 1X Dynamic Policy
53. weights to egress queues The weight ratio determines the frequency at which the packet scheduler removes packets from each queue Use the no form of this command to restore the default configuration Syntax wrr queue bandwidth weight weight2 weight_n no wrr queue bandwidth Parameters weight weight2 weight_n Specifies the ratio of the bandwidth assigned by the WRR packet scheduler to the packet queues Separate values by a space Range 0 255 Default Configuration wir is disabled by default The default wrr weight is l for all queues Command Mode Global Configuration mode User Guidelines The ratio for each queue is defined as the queue weight divided by the sum of all queue weights the normalized weight This sets the bandwidth allocation of each queue A weight of 0 indicates that no bandwidth is allocated for the same queue and the shared bandwidth is divided among the remaining queues It is not recommended to set the weight of a queue to a 0 as it might stop transmission of control protocols packets generated by the device All eight queues participate in the WRR excluding the expedite queues in which case the corresponding weight is ignored not used in the ratio calculation The expedite queue is a priority queue it is serviced until empty before the other queues are serviced The expedite queues are enabled by using the priority queue out Interface Configuration mode command 740 Quality of Ser
54. 0 3 0 Number of hits that were counted in global counter due to lack of resources 19 721 722 Quality of Service QoS Commands qos Use the qos Global Configuration mode command to enable Quality of Service QoS on the device Use the no form of this command to disable QoS on the device Syntax qos basic advanced no qos Parameters e basic QosS basic mode If no option is specified the QoS mode defaults to the basic mode e advanced Specifies the QoS advanced mode which enables the full range of QoS configuration Default Configuration If the qos command is entered without any parameters the QoS basic mode is enabled Command Mode Global Configuration mode Example The following example enables the QoS basic mode on the device Console config qos basic Quality of Service QoS Commands 723 show gos Use the show qos EXEC mode command to display the Quality of Service QoS mode for the device The trust mode is displayed for the QoS basic mode Syntax show qos Parameters This command has no arguments or keywords Default Configuration Disabled Command Mode Command Mode EXEC mode User Guidelines Trust mode is displayed if QoS is enabled in basic mode Example The following example displays QoS attributes when QoS is enabled in basic mode on the device and the advanced mode is supported Console gt show qos Qos basic Basic trust dscp The followi
55. 00 04 50 DD HH MM Time for aging out 2 min ISID 22 Initiator Initiator Target Target IP Address TCP Port IP Address IP Port I 25310 2430 49200 NEE Ee 30001 172 16 1 40 49201 172 176 1421 30001 598 iSCSI Commands IP Addressing Commands address Use the ip address Interface Configuration Ethernet VLAN Port channel mode command to define an IP address for an interface Use the no form of this command to remove an IP address definition Syntax If the product is a switch router ip address ip address mask prefix length no ip address ip address If the product is a switch only ip address ip address mask prefix length default gateway ip address no ip address ip address If the product is switch only and supports a single IP address ip address ip address mask prefix length default gateway ip address no ip address Parameters ip address Specifies the IP address e mask Specifies the network mask of the IP address e prefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Range 8 30 e default gateway ip address Specifies the default gateway IP address IP Addressing Commands 599 Default Configuration No IP address is defined for interfaces Command Mode Interface Configuration Ethernet VLAN Port channel mode It cannot be configured for a range of interfaces range context
56. 03 SSHD E ERROR SSH error key_read key_from_blob bgEgGnt 9 z6NHgZwKI5xKqF7cBtd11xmFgSEWuDhhoSUedydAjVkKS5XR2 failed 01 Jan 2010 05 55 03 SSHD E ERROR SSH error key_from blob invalid key type 01 Jan 2010 05 56 34 SSHD E ERROR SSH error bad sigbloblen 58 SIGBLOB_LEN console show syslog servers Use the show syslog servers Privileged EXEC mode command to display the syslog server settings Syntax show syslog servers Command Mode Privileged EXEC mode Example The following example displays the syslog server settings console show syslog servers Device Configuration IP address Port Severity Facility Description A KECN Kaka 514 info Local 3000 100 514 info Local console 276 Syslog Commands RMON Commands show rmon statistics Use the show rmon statistics EXEC mode command to display RMON Ethernet statistics Syntax show rmon statistics 7nterface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays RMON Ethernet statistics for gigabitethernet port 1 0 1 console show rmon statistics gil 0 1 Port gil 0 1 Dropped 0 Octets 0 Packets 0 Broadcast 0 Multicast 0 CRC Align Errors 0 Collisions 0 Undersize Pkts 0 Oversize Pkts 0 Fragments 0 Jabbers 0 64 Octets 0 65 to 127 Octets 1 RMON Commands 277
57. 176 213 10 50 via Telnet Console gt telnet 176 213 10 50 Esc U sends telnet EL resume The resume EXEC mode command enables switching to another open Telnet session Syntax resume connection Parameters connection Specifies the connection number Range 1 4 connections System Management Commande 81 Default Configuration The default connection number is that of the most recent connection Command Mode EXEC mode Example The following command switches to open Telnet session number 1 Console gt resume 1 hostname The hostname Global Configuration mode command specifies or modifies the device host name Use the no form of the command to remove the existing host name Syntax hostname name no hostname Parameters Name specifies The Device Host Name Length 1 160 Characters Maximum label length 63 characters Default Configuration No host name is defined Command Mode Global Configuration mode Example The following example specifies the device host name as enterprise Console config hostname enterprise enterprise config 82 System Management Commands reload The reload Privileged EXEC mode command reloads the operating system Syntax reload slot stack member number Command Mode Privileged EXEC mode Parameters stack member number Specifies the new master unit number Range 1 8 If unspecified reloads all the units Example The following ex
58. 507 Console config if switchport general ingress filtering disable switchport general acceptable frame type Use the switchport general acceptable frame type Interface Configuration mode command to configure ingress filtering based on packet type tagged untagged Use the no form of this command to return to default Syntax switchport general acceptable frame type tagged only untagged only all no switchport general acceptable frame type Parameters tagged only Discard untagged packets and priority tagged packets e untagged only Discard VLAN tagged packets not including Priority tagged packets e all Do not discard packets based on whether the packet is VLAN tagged or not Default Configuration All frame types are accepted at ingress Command Mode Interface Configuration Ethernet port channel mode Example The following example configures gigabitethernet port 1 0 3 to discard untagged frames at ingress Console config interface gigabitethernet 1 0 3 Console config if switchport mode general Console config if switchport general acceptable frame type tagged only 508 VLAN Commands switchport customer vlan Use the switchport customer vlan Interface Configuration Ethernet Port channel mode command to set the port s VLAN when the interface is in customer mode Use the no form of this command to restore the default configuration Syntax switchport customer vlan v an id no swi
59. AAA Commands User Guidelines The setting is relevant to local users passwords line passwords and enable passwords The software checks the maximum number of characters in the new password that can be repeated consecutively passwords aging Use the passwords aging Global Configuration mode command to enforce password aging Use the no form of this command to return to default Syntax passwords aging days no passwords aging Parameters days Specifies the number of days before a password change is forced You can use 0 to disable aging Range 0 365 Default Disabled Command Mode Global Configuration mode User Guidelines Aging is relevant only to users of the local database with privilege level 15 and to enable a password of privilege level 15 Example The following example configures the aging time to be 24 Console config passwords aging 24 AAA Commands 239 passwords history The passwords history Global Configuration mode command configures the number of password changes required before a password can be reused Use the no form of this command to remove the requirement Syntax passwords history number no passwords history Parameters number Specifies the number of password changes required before a password can be reused Range 1 8 Default Configuration Password history is disabled Command Mode Global Configuration mode User Guidelines The setting is relevant to local us
60. Bytes are separated by a period or colon If an odd number of hexadecimal digits are entered the system automatically prefixes the digit 0 to the string Length 5 32 characters 9 64 hexadecimal digits e default Specifies that the engine ID is created automatically based on the device MAC address Default Configuration The engine ID is not configured If SNMPv3 is enabled using this command and the default is specified the default engine ID is defined per standard as e First 4 octets First bit 1 the rest is IANA Enterprise number 674 e Fifth octet Set to 3 to indicate the MAC address that follows e Last 6 octets The device MAC address Command Mode Global Configuration mode User Guidelines To use SNMPy3 specify an engine ID for the device Any ID can be specified or use a default string which is generated using the device MAC address SNMP Commands 171 As the EngineID should be unique within an administrative domain the following guidelines are recommended e For standalone devices use the default keyword to configure the Engine ID e For stackable systems configure an EngineID and verify that it is unique within the administrative domain Changing or removing the value of snmpEngineID deletes the SNMPv3 users database The SNMP EngineID cannot be all 0x0 or all 0xF or 0x000000001 Example The following example enables SNMPv3 on the device and sets the device local engine ID to the default
61. Command Mode EXEC mode Example Switch show lldp statistics Contax config if do show Ildp statistics Tables Last Change Time 14 Oct 2010 32 08 18 Tables Inserts 26 Tables Deletes 2 Tables Dropped 0 Tables Ageouts 1 LLDP Commands 451 452 TX Frames Port 0 1 0 2 0 3 0 4 gil 0 5 0 6 0 7 0 8 0 9 0 10 RX Frames Total Total Discarded Errors 730 850 0 0 0 0 730 0 0 0 0 0 0 0 0 8 7 0 0 0 0 0 0 0 730 0 0 0 0 LLDP Commands RX TLVs RX Ageouts Discarded Unrecognized Total Spanning Tree Commands spanning tree Use the spanning tree Global Configuration mode command to enable spanning tree functionality Use the no form of this command to disable the spanning tree functionality Syntax spanning tree no spanning tree Default Configuration Spanning tree is enabled Command Mode Global Configuration mode Example The following example enables spanning tree functionality Console config spanning tree spanning tree mode Use the spanning tree mode Global Configuration mode command to configure the spanning tree protocol currently running Use the no form of this command to restore the default configuration Spanning Tree Commands 453 Syntax spanning tree mode stp rstp mst no spanning tree mode Parameters e stp Specifies that the Spanning Tree Protocol STP is enabled e rstp Specifies that th
62. Configuration command to apply and show the macros running on an interface or to debug the macro to find any syntax or configuration errors If a command fails because of a syntax error or a configuration error the macro continues to apply t in the interface Use the parameter value Macro Commands 65 keywords to designate values specific to the interface when creating a macro that requires the assignment of a unique value Keyword matching is case sensitive All matching occurrences of the keyword are replaced with the corresponding value Any full match of a keyword even if it is part of a large string is considered a match and replaced by the corresponding value Some macros might contain keywords that require a parameter value You can use the macro apply macro name command to display a list of any required values in the macro If you apply a macro without entering the keyword values the commands are invalid and are therefore not applied When you apply a macro to an interface the macro name is automatically added to the interface You can display the applied commands and macro names by using the show running configuration interface interface id user EXEC mode command A macro applied to an interface range behaves the same way as a macro applied to a single interface When a macro is applied to an interface range it is applied sequentially to each interface within the range If a macro command fails on one interface it is
63. Configuration mode Example The following example creates VLAN number 1972 Console config vlan database Console config vlan vlan 1972 interface vian Use the interface vlan Global Configuration mode command to enter the Interface Configuration VLAN mode and enable configuration of the specified VLAN ID Syntax interface vlan v an id Parameters vlan id Specifies an existing VLAN ID Command Mode Global Configuration mode 494 VLAN Commands User Guidelines If the VLAN does not exist ghost VLAN not all of the commands are available under the interface VLAN context The commands that are supported for VLANs that do not exist are e IGMP snooping control commands e Bridge multicast configuration commands Example The following example configures VLAN 1 with IP address 131 108 1 27 and subnet mask 255 255 255 0 Console config interface vlan 1 Console config if ip address 131 108 1 27 255 255 255 0 interface range vian Use the interface range vlan Global Configuration mode command to enable configuring multiple VLANs simultaneously Syntax interface range vlan v an range Parameters vlan range Specifies a list of VLAN IDs Separate nonconsecutive VLAN IDs with a comma and no spaces Use a hyphen to designate a range of IDs Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each interface in the range If th
64. Duplex Speed Neg ctrl State Pressure Mode gil 0 1 1G Copper Full 1000 Disabled Off Up Disabled Off gil 0 2 1G Copper Down Flow Link Ch Type Duplex Speed Neg ctrl State Pol 1G Full 10000 Disabled Off Up show interfaces advertise Use the show interfaces advertise EXEC mode command to display auto negotiation advertisement information for all configured interfaces or for a specific interface Syntax show interfaces advertise interface rd Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Ethernet Configuration Commands 341 Examples The following examples display auto negotiation information Console show interfaces advertise Port Type Neg Operational Link Advertisement gil 0 1 1G Copper Enable 1000f 100f 10f 10h gil 0 2 1G Copper Enable 1000f Console show interfaces advertise gigabitethernet 1 0 1 Port gil 0 1 Type 1G Copper Link state Up Auto Negotiation enabled 10h 10f 100 100f 1000f h Diea Zheng Admin Local link Advertisement yes yes yes yes Oper Local link Advertisement yes yes a yes yes Remote Local link no no yes yes yes Advertisement yes yes Priority Resolution yes Console show interfaces advertise gigabitethernet 1 0 1 Port gil 0 1 Type 1G Copper Link state Up Auto negotiation disabled show interfaces description Use the show
65. Dynamic Host Configuration Protocol DHCP client Use the no form of this command to remove the boot server name Syntax next server name name no next server name Parameters name Specifies the name of the next server in the boot process Length 1 64 characters 668 DHCP Server Commands Command Mode DHCP Pool Host Configuration mode DHCP Pool Network Configuration mode Default Configuration No next server name is defined Example The following example specifies www bootserver com as the name of the next server in the boot process of a DHCP client Console config dhcp next server www bootserver com bootfile Use the bootfile DHCP Pool Configuration mode command to specify the default boot image file name for a Dynamic Host Configuration Protocol DHCP client Use the no form of this command to delete the boot image file name Syntax bootfile A ename no bootfile Parameters filename Specifies the file name used as a boot image Length 1 128 characters Command Mode DHCP Pool Host Configuration mode DHCP Pool Network Configuration mode DHCP Server Commandes 669 Example The following example specifies boot_image_file as the default boot image file name for a DHCP client Console config dhcp bootfile boot_image_file time server Use the time server DHCP Pool Configuration mode command to specify the time servers list for a Dynamic Host Configuration Protocol DHCP client Use
66. Enter gt Ctrl F4 Any combination keys pressed simultaneously on the keyboard 36 Screen Display Indicates system messages and prompts appearing on the console all When a parameter is required to define a range of ports or parameters and all is an option the default for the command is all when no parameters are defined For example the command interface range port channel has the option of either entering a range of channels or selecting all When the command is entered without a parameter it automatically defaults to all Entering Commands A CLI command is a series of keywords and arguments Keywords identify a command and arguments specify configuration parameters For example in the command show interfaces status gil 0 5 show interfaces and status are keywords gi is an argument that specifies the interface type and 1 0 5 is an argument that specifies the port To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter console config username admin password smith Help information can be displayed in the following ways e Keyword Lookup The character is entered in place of a command A list of all valid commands and corresponding help messages are displayed e Partial Keyword Lookup A command is incomplete and the character is entered in place of a parameter The matched
67. Ethernet mode command to associate a port with a port channel Use the no form of this command to remove a port from a port channel Syntax channel group port channel mode on auto no channel group Parameters e port channel Spccifies the port channel number for the current port to join e mode on auto Specifies the mode of joining the port channel The possible values are e on Forces the port to join a channel without an LACH operation e auto Forces the port to join a channel as a result of an LACH operation Default Configuration The port is not assigned to a port channel Command Mode Interface Configuration Ethernet mode Example The following example forces port gi1 0 1 to join port channel 1 without an LACP operation Console config interface gigabitethernet 1 0 1 Port Channel Commands 383 Console config if channel group 1 mode on port channel load balance Use the port channel load balance Global Configuration mode command to configure the load balancing policy of the port channeling Use the no form of this command to reset to default Syntax port channel load balance src dst mac src dst ip src dst mac ip no port channel load balance Parameters e sre dst mac Port channel load balancing is based on the source and destination MAC address e sre dst ip Port channel load balancing is based on the source and destination IP address e sre dst mac ip Port cha
68. Host Configuration Protocol DHCP server Syntax show ip dhcp expired ip address Parameters ip address Specifies the IP Command Mode EXEC mode Example Router gt show ip dhcp expired DHCP server enabled IP address Hardware address 172 16 1 11 00a0 9802 32de 172 16 3 254 02c7 800 0422 Router gt show ip dhcp expired 172 16 1 11 DHCP server enabled DHCP ServerCommands 687 IP address Hardware address 172 16 1 1300a0 9802 32de 172 16 1 14 show ip dhcp expired Field Descriptions e IP address The IP address of the host as recorded on the DHCP Server e Hardware address The MAC address or client identifier of the host as recorded on the DHCP Server show ip dhcp pre allocated Use the show ip dhcp pre allocated EXEC command to display the specific one or all the pre allocated addresses on the Dynamic Host Configuration Protocol DHCP server Syntax show ip dhep pre allocated ip address Parameters ip address Specifies the IP Command Mode EXEC mode Examples Router gt show ip dhcp pre allocated DHCP server enabled IP address Hardware address 172 16 1 11 00a0 9802 32de 172 16 3 254 02c7 800 0422 Router gt show ip dhcp pre allocated 172 16 1 11 DHCP server enabled 688 DHCP Server Commands IP address Hardware address 172 16 1 1500a0 9802 32de 172 16 1 16 show ip dhcp declined Field Descriptions e IP address The IP address of the host as recorded on the DHCP Serv
69. ICMP unreachable messages on the interface Example console config interface gil 0 1 console config if ipv6 unreachables ipv6 default gateway Use the ipv6 default gateway Global Configuration mode command to define an IPv6 default gateway Use the no form of this command To remove the default gateway Syntax ipv6 default gateway ipv6 address no ipv6 default gateway Parameters ipv6 address Specifies the IPv6 address of the next hop that can be used to reach that network When the Pv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the user guidelines for the interface name syntax Default Configuration No default gateway is defined Command Mode Global Configuration mode User Guidelines The format of an IPv6Z address is lt ipv6 link local address gt lt interface name gt 630 IPv6 Addressing Commands interface name vlan lt integer gt ch lt integer gt lt physical port name gt 0 integer lt decimal number gt lt integer gt lt decimal number gt decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example 1 0 16 Configuring a new default GW without deleting the previous configured information overwrites the previous configuration A configured default GW has a higher precedence over automatically advertised via router advertisement message Precedence takes effect once the configure
70. ID must be an Ethernet port Command Mode Privileged EXEC mode Example The following examples display the status of 802 1x enabled Ethernet ports Console show dot1x 802 1x is enabled Port Admin Oper Reauth Reauth Username Mode Mode Control Period gil 0 1 Auto Authorized Ena 3600 Bob gil 0 2 Auto Authorized Ena 3600 John gil 0 3 Auto Unauthorized Ena 3600 Clark gil 0 4 Force auth Authorized Dis 3600 n a gil 0 5 Force auth Unauthorized Dis 3600 n a Port is down or not present Console show dotlx interface gil 0 3 802 1x is enabled 802 1x Commands 305 Port Admin Oper Mode Mode gil 0 3 Auto Unauthorized Quiet period 60 Seconds Tx period 30 Seconds Max req 2 Supplicant timeout 30 Seconds Server timeout Session Time HH MM SS MAC Address Authentication Method Termination Cause Authenticator State Machine State Backend State Machine State Authentication success Authentication fails Reauth Reauth Username Control Period Enable 3600 Clark 30 Seconds 08 19 17 00 08 78 32 98 78 Remote Supplicant logoff HELD IDLE The following table describes the significant fields shown in the display Field Description Port The port number Admin mode The port admin mode Possible values Force auth Force unauth Auto Oper mode The port oper mode Possible values Authorized Unauthorized or Down Reauth Control Reauthentication control
71. Mode Global Configuration mode User Guidelines The 802 1x Monitoring VLAN cannot be deleted manually show dot1x monitoring result Use the show dot1x monitoring result Privileged EXEC mode command to display the captured information of each interface host on the switch stack Syntax show dotlx monitoring result username username Parameters username username Spcecifies supplicant username Range 1 80 characters Command Mode Privileged EXEC mode User Guidelines The following table describes the significant fields shown in the display Field Description Usernamr Supplicant Username VLAN VLAN assigned to Supplicant MAC address Supplicant MAC address 802 1x Commands 325 Port Ethernet port or port channel Reject reason Reason in the case of failure The following table describes the reasons Table 1 Time Abbreviation Supplicant Session time Reject Reason Description Description ACL DEL ACL was deleted by a user ACL NOTEXST ACL sent by radius Server does not exist on the device ACL OVRFL ACL sent by radius server can not be applied because of TCAM overflow AUTH ERR Rejected by Radius due wrong user name or password in Radius server FLTR ERR Radius accept message contains more than 2 filter id FRS MTH DENY First method is deny IPv6WithMAC Radius accept message contains filter with IPv6 DIP and MAC addresses I
72. Mode Privileged EXEC mode Example The following example displays the configured SNMP groups Console show snmp groups Name user group v3 managers group V3 Security Views Level Read Write Notify priv Default me ne priv Default Default WE The following table describes significant fields shown above Field Description Name Group name Security Model SNMP model in use v1 v2 or v3 Security Level Packet authentication with encryption Applicable to SNMP v3 security only show snmp filters Views View name enabling viewing the agent contents If unspecified all objects except the community table and SNMPv3 user and access tables are available View name enabling data entry and managing the agent contents View name enabling specifying an inform or a trap Use the show snmp filters Privileged EXEC mode command to display the configured SNMP filters 180 SNMP Commands Syntax show snmp filters 4 tername Parameters filtername Spccifies the filter name Length 1 30 characters Command Mode Privileged EXEC mode Example The following example displays the configured SNMP filters Console show snmp filters Name OID Tree Type user filter EC GE EC EN RE Included user filter E Od ied do Excluded user filter ert ole Oe ee E Included show snmp users Use the show snmp users Privileged EXEC mode command to display the configured SNMP us
73. Number of transitions to forwarding state 1 BPDU sent 2 received 120638 482 Spanning Tree Commands Port 2 gil 0 2 State Forwarding Port id 128 2 Type Shared Designated bridge Priority 128 2 enabled auto 327 configured Designated port id Guard root Disabled Number of transitions to forwarding BPDU sent 2 received 170638 Port 3 disabled State Port id Type N A Designated bridge Priority N A gil 0 3 N A 128 3 configured auto Designated port id N A Guard root Disabled Number of transitions to forwarding BPDU sent N A received N A Port 4 gil 0 4 State Blocking Port id 128 4 Type Shared Designated bridge Priority 128 25 enabled configured auto 286 Designated port id Guard root Disabled Number of transitions to forwarding BPDU sent 2 received 120638 Port 2 State Port id Type N A Designated bridge Priority N A gil 0 5 Disabled 12855 configured enabled auto Designated port id N A Guard root Disabled STP 68 STP 72 Role Designated Port cost 20000 Port Fast No configured no Address 00 02 4b 29 7a 00 Designated path cost 20000 BPDU guard Disabled state A Role N A Port cost 20000 Port Fast N A configured no Address N A Designated path cost N A BPDU guard Disabled state N A Role Alternate Port cost 20000 Port Fast No configured no Address 00 30 94 41 62 c
74. Parameters interface id Specify an interface ID The interface ID must be an Ethernet port Command Mode EXEC mode User Guidelines The port must be active and working at 100 M or 1000 M Example The following example displays the estimated copper cable length attached to all ports Console gt show cable diagnostics cable length Port Length meters gil 0 1 Si 50 gil 0 2 Copper not active gil 0 3 110 140 gil 0 4 Fiber show fiber ports optical transceiver Use the show fiber ports optical transceiver EXEC mode command to display the optical transceiver diagnostics PHY Diagnostics Commands 353 Syntax show fiber ports optical transceiver interface intertace id detailed Parameters e interface id Specifies an interface ID The interface ID must be an Ethernet port e detailed Displays detailed diagnostics Command Mode EXEC mode Example The following examples display the optical transceiver diagnostics results console show fiber ports optical transceiver Port Temp Voltage Current Output Input LOS Power Power gil 0 1 W OK OK OK OK OK gil 0 2 OK OK OK E OK OK Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power in milliWatts Input Power Measured RX received power in milliWatts LOS Loss of signal N A Not Available N S Not Supported W Warning E
75. Radius accounting Attributes Values and when they are sent by the switch Name Description User Name 1 User s identity NAS IP Address 4 The switch IP address that is used for the session with the Radius server Class 25 Arbitrary value is included in all accounting packets for a specific session Called Station ID 30 The switch IP address that is used for the management session Calling Station ID 31 The user IP address Acct Session ID 44 A unique accounting identifier Acct Authentic 45 Indicates how the supplicant was authenticated Acct Session Time 46 Indicates how long the user was logged in Acct Terminate Cause 49 Reports why the session was terminated Example console config aaa accounting login start stop group radius 232 AAA Commands aaa accounting dot1x To enable accounting of 802 1x sessions use the aaa accounting dot 1x Global Configuration mode command Use the no form of this command to disable accounting Syntax aaa accounting dotlx start stop group radius no aaa accounting dotlx start stop group radius Parameters This command has no arguments or keywords Default Disabled Command Mode Global Configuration mode User Guidelines This command enables the recording of 802 1x sessions If accounting is activated the device sends a start stop messages to a Radius server when a user logs in logs out to the netwo
76. Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 Deferred Transmissions 0 Late Collisions 0 Excessive Collisions 0 Carrier Sense Errors 0 Oversize Packets 0 Internal MAC Rx Errors 0 Symbol Errors 0 Received Pause Frames 0 Transmitted Pause Frames 0 344 Ethernet Configuration Commands The following table describes the fields shown in the display Field Description InOctets The number of received octets InUcastPkts The number of received unicast packets InMcastPkts The number of received multicast packets InBceastPkts The number of received broadcast packets OutOctets The number of transmitted octets OutUcastPkts The number of transmitted unicast packets OutMcastPkts The number of transmitted multicast packets OutBcastPkts The number of transmitted broadcast packets FCS Errors The number of frames received that are an integral number of octets in length but do not pass the FCS check Single Collision Frames The number of frames that are involved in a single collision and are subsequently transmitted successfully Multiple Collision Frames The number of frames that are involved in more than one collision and are subsequently transmitted successfully SQE Test Errors The number of times that the SQE TEST ERROR is received The SQE TEST ERROR is set in accordance with the rules for verificatio
77. The following example creates a management access list called mlist configures management gigabitethernet interfaces 1 0 1 and 1 0 9 and makes the new access list the active list Console config management access list mlist Console config macl permit gil 0 1 Console config macl permit gil 0 9 Console config macl exit Console config management access class mlist The following example creates a management access list called mlist configures all interfaces to be management interfaces except gigabitethernet interfaces 1 0 1 and 1 0 9 and makes the new access list the active list Console config management access list mlist Console config macl deny gigabitethernet 1 0 1 deny gigabitethernet 1 0 9 Console 13 config macl permit exit Console config macl Console config macl Console config management access class mlist permit Management The permit Management Access List Configuration mode command sets conditions for the management access list Syntax permit interface id service service permit ip source ipv address ipv6 address ipv6 pretix length mask mask pretix length intertace id service service 152 Management ACL Commands Parameters e interface id Specify an interface ID The interface ID can be one of the following types Ethernet port Port channel or VLAN e service service Specifies the service type Possible valu
78. The following example limits logging messages displayed on the console to messages with severity level errors Console config logging console errors logging buffered Use the logging buffered Global Configuration mode command to limit the syslog message display from an internal buffer to messages with a specific severity leve and to define the buffer sizel Use the no form of this command to cancel using the buffer and returning the buffer size to defult Syntax logging buffered buffer size severity evel no logging buffered Parameters butter size Specifies the maximum number of messages stored in the history table Range 20 400 severity eve Specifies the severity level of messages logged in the buffer The possible values are emergencies alerts critical errors warnings notifications informational and debugging 268 Syslog Commands Default Configuration The default severity level is informational Command Mode Global Configuration mode User Guidelines All the syslog messages are logged to the internal buffer This command limits the messages displayed to the user Example The following example limits the syslog message display from an internal buffer to messages with severity level debugging Console config logging buffered debugging clear logging Use the clear logging Privileged EXEC mode command to clear messages from the internal logging buffer Syntax clear logging Comma
79. The total number of packets including bad packets received that are between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets 512 to 1023 Octets The total number of packets including bad packets received that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets 1024 to max The total number of packets including bad packets received that were between 1024 octets and the maximum frame size in length inclusive excluding framing bits but including FCS octets rmon collection stats Use the rmon collection stats Interface Configuration mode command to enable Remote Monitoring RMON MIB history group of statistics on an RMON Commands 279 interface Use the no form of this command to remove a specified RMON history group of statistics Syntax rmon collection stats index owner ownername buckets bucket number interval seconds no rmon collection stats index Parameters e index The requested group of statistics index Range 1 65535 owner ownername Records the name of the owner of the RMON group of statistics If unspecified the name is an empty string Range Valid string e buckets bucket number A value associated with the number of buckets specified for the RMON collection history group of statistics If unspecified defaults to 50 Range 1 50 e interval seconds The number of seconds in each polling c
80. User Guidelines If auth md5 or auth sha is specified both authentication and privacy are enabled for the user When you enter a show running config command you do not see a line for this user To see if this user has been added to the configuration type the show snmp user command An SNMP EngineID should be defined in order to add users to the device Changing or removing the value of snmpEngineID deletes the SNMPv3 users database The logical key of the command is Username Configuring a remote host is required in order to send informs to that host A configured remote host is also able to manage the device besides getting the informs To configure a remote user specify the IP address for the remote SNMP agent of the device where the user resides Also before you configure remote users for a particular agent configure the SNMP engine ID using the snmp server engineID remote command The remote agent s SNMP engine ID is needed when computing the authentication and privacy digests from the password If 166 SNMP Commands the remote engine ID is not configured first the configuration command fails Example snmp server user console config snmp server user tom acbd vl console config snmp server user tom acbd vie console config snmp server engineid local default The engine id must be unique within your administrative domain Do you wish to continue Y N y The SNMPv3 database will be erased Do yo
81. User Guidelines This command can be entered multiple times for the same view record The command logical key is the pair view name oid tree The number of views is limited to 64 Default and DefaultSuper views are reserved for internal software use and cannot be deleted or modified Example The following example creates a view that includes all objects in the MIB II system group except for sysServices System 7 and all objects for interface 1 in the MIB II interface group Console config snmp server view user view system included Console config snmp server view user view system 7 excluded Console config snmp server view user view ifEntry 1 included snmp server group The snmp server group Global Configuration mode command configures a new Simple Network Management Protocol SNMP group or a table that maps SNMP users to SNMP views Use the no form of this command remove a specified SNMP group Syntax snmp server group groupname v1 v2 v3 noauth auth priv notify notityview read readview write writeview SNMP Commands 163 no snmp server group groupname v1 v2 v3 noauth auth priv context name Parameters e groupname Specifies the group name Length 1 30 characters e vl Specifies the SNMP Version 1 security model yv2 Specifies the SNMP Version 2 security model v3 Specifies the SNMP Version 3 security model e noauth Specifies no packet authenticati
82. about all interfaces are printed Applied only for the OUI VLAN type Parameters Range interface id Ethernet Port channel Voice VLAN Commands 563 Command Mode EXEC mode Example Example 1 switch gt show voice vlan Administrate Voice VLAN state is auto triggered Operational Voice VLAN state is auto enabled Best Local Voice VLAN ID is 20 Best Local VPT is 4 Best Local DSCP is 1 Voice VLAN is received from switch 00 01 22 01 ab 87 45 Agreed Voice VLAN priority is 0 active UC device Agreed Voice VLAN ID is 100 Agreed VPT is 0 Agreed DSCP is 0 Agreed VLAN Last Change is 10 Apr 10 20 01 00 Example 2 Administrate Voice VLAN state is auto enabled Operational Voice VLAN state is auto enabled Best Local Voice VLAN ID is 1 default Best Local VPT is 0 default Best Local DSCP is 0 default Agreed Voice VLAN is received from switch 00 01 22 01 ab 87 45 Agreed Voice VLAN priority is 2 static Agreed Voice VLAN ID is 20 Agreed VPT is 7 Agreed DSCP is 20 Agreed VLAN Last Change is 10 Apr 10 20 01 00 Example 3 Administrate Voice VLAN state is auto triggered Operational Voice VLAN state is disabled 564 Voice VLAN Commands Example 4 Administrate Voice VLAN state is disabled Operational Voice VLAN state is disabled Best Local Voice VLAN ID is 20 Best Local VPT is 0 default Best Local DSCP is 0 default Aging timeout 1440 minutes CoS 6 Remark Yes Example 5 Administrate Voic
83. address 7p address none automatic interface id no lldp management address Parameters e ip address Specifies the static management address to advertise e none Specifies that no address is advertised LLDP Commands 429 e automatic Spcecifies that the software would automatically choose a management address to advertise from all the IP addresses of the product In case of multiple IP addresses the software chooses the lowest IP address among the dynamic IP addresses If there are no dynamic addresses the software chooses the lowest IP address among the static IP addresses e automatic interface id Specifies that the software automatically chooses a management address to advertise from the IP ddresses that are configured associated for the interface ID In case of multiple IP addresses the software chooses the lowest IP address among the dynamic IP addresses of the interface If there are no dynamic addresses the software chooses the lowest IP address among the static IP addresses of the interface The interface ID can be one of the following types Ethernet port Port channel or VLAN Note that if the port or port channel are members in a VLAN that has an IP address that address is not included because the address is associated with the VLAN Default Configuration No IP address is advertised The default advertisement is automatic Command Mode Interface Configuration Ethernet mode User Guidelines Each
84. addresses that are associated with a multicast tv VLAN Use the no form of this command to remove all associations Syntax ip igmp snooping vlan v an id multicast tv 1p multicast address count number no ip igmp snooping vlan vian id multicast tv ip mul ticast address count number Parameters vlan id Specifies the VLAN e number Configures multiple contiguous multicast IP addresses If not specified the default is 1 Range 1 256 Default No multicast IP address is associated Command Mode Global Configuration mode 528 IGMP Snooping Commands User Guidelines Use this command to define the multicast transmissions on a multicast I V VLAN The configuration is only relevant for an Access port that is a member in the configured VLAN as a multicast I V VLAN If an IGMP message is received on such an Access port it is associated with the multicast I V VLAN only if it is for one of the multicast IP addresses that are associated with the multicast V VLAN Up to 256 VLANs can be configured ip igmp snooping querier Use the ip igmp snooping querier Global Configuration mode command to enable the Internet Group Management Protocol IGMP querier on a specific VLAN Use the no form of this command to disable the IGMP querier on a VLAN interface Syntax ip igmp snooping vlan vlan id querier no ip igmp snooping vlan v an id querier Parameters vlan id Specifies the VLAN Default Disabled Command Mode Glo
85. and aging e max addresses Deletes the current dynamic MAC addresses associated with the port and learns up to the maximum number of addresses allowed on the port Relearning and aging are enabled Default Configuration The default port security mode is lock Command Mode Interface Configuration Ethernet port channel mode Example The following example sets the port security mode to dynamic for gigabitethernet interface 1 0 7 Console config interface gigabitethernet 1 0 7 Console config if port security mode dynamic port security max Use the port security mode Interface Configuration Ethernet Port channel mode command to configure the maximum number of addresses that can be learned on the port while the port is in port security max addresses mode Use the no form of this command to restore the default configuration Address Table Commands 397 Syntax port security max max addr no port security max Parameters max addr Specifies the maximum number of addresses that can be learned on the port Range 0 128 Default Configuration This default maximum number of addresses is 1 Command Mode Interface Configuration Ethernet Port channel mode User Guidelines This command is relevant in port security max addresses mode only Example Console config interface gigabitethernet 1 0 1 Console config if port security max 20 port security routed secure address Use the port security rout
86. arp inspection list create name no ip arp inspection list create name Parameters name Specifies the static ARP binding list name Length 1 32 characters Default Configuration No static ARP binding list exists Command Mode Global Configuration mode User Guidelines Use the ip arp inspection list assign command to assign the list to a VLAN Example The following example creates the static ARP binding list servers and enters the ARP list configuration mode Console config ip arp inspection list create servers Console config ARP list Ip mac Use the ip mac ARP list Configuration mode command to create a static ARP binding Use the no form of this command to delete a static ARP binding Syntax ip ip address mac mac address 580 DHCP Snooping and ARP Inspection Commands no ip p address mac mac address Parameters ip address Specifies the IP address to be entered to the list e mac address Specifies the MAC address associated with the IP address Default Configuration No static ARP binding is defined Command Mode ARP list Configuration mode Example The following example creates a static ARP binding Console config ip arp inspection list create servers Console config ARP list ip 172 16 1 1 mac 0060 704C 7321 Console config ARP list ip 172 16 1 2 mae 0060 704C 7322 ip arp inspection list assign Use the ip arp inspection list assign Global Configuration mode command to assign a sta
87. attributes are applied only on packets from IP phones See the User Guidelines e all QoS attributes are applied only on all packets that are classified to the Voice VLAN Command Mode Interface Configuration Ethernet port channel mode Voice VLAN Commands 559 voice vian cos Use the voice vlan cos Global Configuration mode command to set the OUI Voice VLAN Class of Service CoS Use the no form of this command to restore the default configuration Syntax voice vlan cos cos remark no voice vlan cos Parameters e cos Specifies the voice VLAN Class of Service Range 0 7 e remark Specifies that the L2 User Priority is remarked Default Configuration The default CoS value is 6 The L2 User Priority is not remarked Command Mode Global Configuration mode User Guidelines Example The following example sets the OUI Voice VLAN CoS to 6 Console config voice vlan cos 7 voice vlan aging timeout Use the voice vlan aging timeout Global Configuration mode command to set the OUI Voice VLAN aging timeout interval Use the no form of this command to restore the default configuation 560 Voice VLAN Commands Syntax voice vlan aging timeout minutes no voice vlan aging timeout Parameters minutes Specifies the voice VLAN aging timeout interval in minutes Range 143200 Default Configuration The default voice VLAN aging timeout interval is 1440 minutes Command Mode Global Configur
88. auto Boundary RSTP Port Fast No configured no Designated bridge Priority 32768 Address 00 01 42 97 e0 00 Designated port id 128 25 Designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Port 2 gil 0 2 enabled State Forwarding Role Designated Port id 128 2 Port cost 20000 Type Shared configured auto Boundary STPPort Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path cost 20000 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Spanning Tree Commands 487 Port 3 gil 0 3 enabled State Forwarding Port id 128 3 Type Shared configured auto Internal Designated bridge Priority 32768 Designated port id 128 3 Number of transitions to forwarding state BPDU sent 2 received 170638 Port 4 gil 0 4 enabled State Forwarding Port id 128 4 Type Shared configured auto Internal Designated bridge Priority 32768 Designated port id 128 2 BPDU sent 2 received 170638 MST 1 Vlans Mapped 10 20 Root ID Priority 24576 Address Path Cost20000 Root Port gil 0 4 Rem hops 19 Bridge ID Priority 32768 Address Number of transitions to forwarding state Role Designated Port cost 20000 Port Fast No configured no Address 00 02 4b 29 7a 00 Designated path cost 20000 Role Designated Port cost 20000 Port Fast No con
89. command enters the Global Configuration mode Syntax configure ferminal Parameters terminal Enter the Global Configuration mode with or without the keyword terminal Command Mode Privileged EXEC mode Example The following example enters Global Configuration mode Console configure Console config exit Configuration The exit command exits any configuration mode to the next highest mode in the CLI mode hierarchy User Interface Commands 43 Syntax exit Command Mode All commands in configuration modes Examples The following examples change the configuration mode from Interface Configuration mode to Privileged EXEC mode Console config if exit Console config exit Console Router config if exit Router config exit Router exit EXEC The exit EXEC mode command closes an active terminal session by logging off the device Syntax exit Command Mode EXEC mode Example The following examples close an active terminal session Console gt exit Router gt exit 44 User Interface Commands end The end command ends the current configuration session and returns to the Privileged EXEC mode Syntax end Command Mode All configuration modes Example The following examples end the Global Configuration mode session and return to the Privileged EXEC mode Console config end Console Router config if end Router help The help command disp
90. config interface gigabitethernet 1 0 1 Console config if lldp med network policy add 1 clear Ildp table Use the clear Ildp table command in Privileged EXEC mode to restart the LLDP RX state machine and clear the neighbors table Syntax clear Ildp table interface id LLDP Commands 437 Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode Privileged EXEC mode Example console clear lldp table gigabitethernet 1 0 1 Ildp med location Use the dp med location Interface Configuration Ethernet mode command to configure the location information for the Link Layer Discovery Protocol LLDP Media Endpoint Discovery MED for an interface Use the no form of this command to delete location information for an interface Syntax lldp med location coordinate data civic address data fecs elin data no lldp med location coordinate civic address ecs elin Parameters e coordinate Specifies the location data as coordinates e civic address Specities the location data as a civic address e ecs elin Specifies the location data as an Emergency Call Service Emergency Location Identification Number ECS ELIN e data Spcecifies the location data in the format defined in ANSI TIA 1057 dotted hexadecimal data Each byte in a hexadecimal character string is two hexadecimal digits Bytes are separated by a period or colon Length coordinate
91. config iscsi target port 30001 address 176 16 1 1 name iqn 1993 11 com disk vendor diskarrays sn 45678 tape sysl xyz iscsi cos Use the iscsi cos Global Configuration mode command to set the quality of service profile to apply to iSCSI flows Use the no form of this command to restore the default configuration iSCSI Commands 591 Syntax iscsi cos enable iscsi cos disable iscsi cos vpt vpt dscp dscp remark Parameters e enable enables iSCSI CoS vpt Specifies the VLAN Priority Tag VPT that iSCSI frames are assigned Range 0 7 e dscp Specifies the Differentiated Services Code Point DSCP that iSCSI frames are assigned Range 0 63 e remark Marks the iSCSI frames with the configured VPT or DSCP when egressing the switch Default Configuration iSCSI COS is disabled by default the default profile is VPT 5 Command Mode Global Configuration mode User Guidelines The iscsi cos enable command is used to enable an iSCSI CoS profile whether the default profile or one configured by using the iscsi cos vpt dscp command When executing the iscsi cos disable command iSCSI CoS configuration is not deleted Use the Remark option to prioritize iSCSI traffic in the next hop switch which might be iSCS unaware iSCSI flows are assigned by default with a VPT DSCP that is mapped to the highest queue not used for stack management or voice VLAN if the mapping was not changed by the user T
92. copies files from a source to a destination Syntax copy source url destination url snmp Parameters e source url Specifies the source file location URL or source file reserved keyword to be copied Length 1 160 characters e destination url Specities the destination file URL or destination file reserved keyword Length 1 160 characters e snmp Specifies that the destination source file is in SNMP format Used only when copying from to startup config The following table displays URL options Keyword Source or Destination flash Source or destination URL for flash memory This is the default URL If a URL is specified without a prefix running config Currently running configuration file startup config Startup configuration file image Image file If specified as the source file it is the active image file If specified as the destination file it is the non active image file Configuration Image File Commands 127 Keyword Source or Destination boot Boot file tftp Source or destination URL for a TFTP network server The syntax for this alias is tftp host directory filename The host can be either an IP address or a host name usb Copy to a file on the USB device The syntax is usb directory filename xmodem Source for the file from a serial connection that uses the Xmodem protocol unit memberA Image file on one of the units To copy from the
93. ee ee 604 arp timeout Global 605 arp timeout NENNEN ENEE NEEN eee NN 606 ip arp proxy disable 2 20eeeeeeeee 607 IP DENGER iera eee pedestal 607 Clear arp cache cece cece eee 608 SHOW ar 2 ER peg dee ER dd EE els 608 show arp configuration anaana 609 LORSE 610 directed broadcast cece cece eee eee eee 611 broadcast address c cece seen eee eee eee 612 ip helper address 0 00ceeeeeee cena 612 show ip helper address 2 00 2eeeee 614 source precedence 20 eeeeeeeeeeeees 615 ip domain lookup 20 20 0eeee cece eres 616 ip domain name 616 ip Mame server 2 00e cee eee eee eee 617 Ip Itten led eee A ae Zei 619 Clear host icesscadec cee ENEE NN sede ceased ce 620 clear host den 620 25 show hosts 621 39 IPv6 Addressing Commands 623 ipv6 enable eege eee 623 ipv6 address autoconfig a na 624 ipv6 icmp error interval uaaa 625 show ipv6 icmp error interval 626 ipv6 address 627 ipv6 address link local 628 ipv6 unreachables iannau 629 ipv6 default gateway 630 show ipv6 mtertare unsneeennanann annn 631 Show IPv6 route 633 ipv6 nd dad attempts 0 2 ee eee 634 DYO get os ve eee ee ee Ee 635 ipv6 neighbor 0 20ee cece e eee eee 636 IDN set MMU ENEE See ees REN EEN eee eee oe 637 ipv6 mid version 638
94. entering this command an entry is added to the DHCP Snooping database If the DHCP Snooping binding file exists the entry is also added to that file The entry is displayed in the show commands as a DHCP Snooping entry The user cannot delete dynamic temporary entries for which the IP address is 0 0 0 0 Example The following example adds a binding entry to the DHCP Snooping binding database Console ip dhep snooping binding 0060 704C 73FF 23 176 10 1 1 ethernet 1 5 expiry 900 DHCP Snooping and ARP Inspection Commands 573 clear ip dhcp snooping database Use the clear ip dhcp snooping database Privileged EXEC mode command to clear the DHCP Snooping binding database Syntax clear ip dhcp snooping database Command Mode Privileged EXEC mode Example The following example clears the DHCP Snooping binding database Console clear ip dhcp snooping database show ip dhcp snooping Use the show ip dhcp snooping EXEC mode command to display the DHCP snooping configuration for all interfaces or for a specific interface Syntax show ip dhcp snooping nterface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays the DHCP snooping configuration console show ip dhcp snooping DHCP snooping is Enabled 574 DHCP Snooping and ARP Inspection Commands DHCP snoopin
95. fevent type absolute delta startup rising rising falling falling owner name no rmon alarm index Parameters e index Specifies the alarm index Range 1 65535 284 RMON Commands mib object id Specifies the object identifier of the variable to be sampled Valid OID interval Specifies the interval in seconds during which the data is sampled and compared with rising and falling thresholds Range 14294967295 rthreshold Specifies the rising threshold value Range 04294967295 fthreshold Specifies the falling threshold value Range 0 4294967295 revent Specifies the index of the event triggered when a rising threshold is crossed Range 0 65535 fevent Specifies the index of the event triggered when a falling threshold is crossed Range 0 65535 type absolute delta Specifies the method used for sampling the selected variable and calculating the value to be compared against the thresholds The possible values are e absolute Specifies that the selected variable value is compared directly with the thresholds at the end of the sampling interval e delta Specifies that the selected variable value of the last sample is subtracted from the current value and the difference is compared with the thresholds startup rising rising falling falling Spccifies the alarm that may be sent when this entry becomes valid The possible values are e rising Specifies that if the
96. file s new URL Length 1 160 characters The following table displays options for the URL parameter Keyword Source or Destination flash URL for flash memory If a URL is specified without a prefix this is the default URL usb Universal Serial Bus USB File System WORD Specify URL prefixes Command Mode Privileged EXEC mode User Guidelines sys and prv files cannot be renamed Configuration Image File Commands 137 Example The following example renames the configuration file Console rename configuration bak m config bak boot system The boot system Privileged EXEC mode command specifies the active system image file that is loaded by the device at startup Syntax boot system d image 1 image 2 switch number all Parameters e switch number Spccifies the unit number If unspecified defaults to the master unit number e image 1 Specifies that image is loaded as the system image during the next device startup e image 2 Specifies that image 2 is loaded as the system image during the next device startup Default Configuration This command has no default configuration The default unit number is the master unit number Command Mode Privileged EXEC mode User Guidelines Use the show bootvar command to determine which image is the active image 138 Configuration Image File Commands Example The following example specifies that image 1 is the active system image
97. file loaded by the device at startup Console boot system image 1 show running config The show running config Privileged EXEC mode command displays the current running configuration file contents Syntax show running config Parameters This command has no arguments or keywords Command Mode Privileged EXEC mode Example The following example displays the running configuration file contents Console show running config no spanning tree interface range gil 0 1 48 speed 1000 exit no lldp run interface vlan 1 ip address 1 1 1 1 255 0 0 0 exit line console exec timeout 0 exit console Configuration Image File Commands 139 show startup config The show startup config Privileged EXEC mode command displays the startup configuration file contents Syntax show startup config Command Mode Privileged EXEC mode Example The following example displays the startup configuration file contents Console show startup config no spanning tree interface range gil 0 1 48 speed 1000 exit no lldp run interface vlan 1 ip address 1 1 1 1 255 0 0 0 exit line console exec timeout 0 exit console show bootvar The show bootvar EXEC mode command displays the active system image file that is loaded by the device at startup Syntax show bootvar unit unit 140 Configuration Image File Commands Parameters unit unit Specifies the unit number Command Mode EXEC mode Example The f
98. first sample after this entry becomes valid is greater than or equal to rthreshold a single rising alarm is generated e rising falling Specifies that if the first sample after this entry becomes valid is greater than or equal to rthreshold a single rising alarm is generated If the first sample after this entry becomes valid is less than or equal to fthreshold a single falling alarm is generated e fallin Specifies that if the first sample after this entry becomes valid is less than or equal to fthreshold a single falling alarm is generated owner name Spcecifies the name of the person who configured this alarm Valid string RMON Commands _ 285 Default Configuration The default method type is absolute The default startup direction is rising falling If the owner name is not specified it defaults to an empty string Command Mode Global Configuration mode Example The following example configures an alarm with index 1000 MIB object ID D Link sampling interval 360000 seconds 100 hours rising threshold value 1000000 falling threshold value 1000000 rising threshold event index 10 falling threshold event index 10 absolute method type and rising falling alarm console config rmon alarm 1000 1 3 6 1 2 1 2 2 1 10 1 360000 1000000 1000000 10 20 show rmon alarm table Use the show rmon alarm table EXEC mode command to display a summary of the alarms table Syntax show rmon alarm table Comman
99. forbid a port to dynamically join by IGMP for example a multicast group The port can still be a multicast router port Example The following example forbids forwarding of all multicast packets to gil 0 1 within VLAN 2 Console config interface vlan 2 Console config if bridge multicast forbidden forward all add ethernet gi1 0 1 mac address table static Use the mac address table static Global Configuration mode command to add MAC layer station source address to the MAC address table Use the no form of this command to delete the MAC address Syntax mac address table static mac address vlan vlan id interface intertace id permanent delete on reset delete on timeout secure no mac address table static mac address vlan vlan id Address Table Commands 393 Parameters mac address AC address Range Valid MAC address vlan id Specify the VLAN interface id Specify an interface ID The interface ID can be one of the following types Ethernet port or port channel Range Valid Ethernet port Valid Port channel number permanent The address can only deleted by the no bridge address command delete on reset The address is deleted after reset delete on timeout The address is deleted after aged out secure The address is deleted after the port changes mode to unlock learning no port security command Available only when the port is in learning locked mode Default Configuration No st
100. gil 0 3 Console config sntp client enable gigabitethernet 1 0 3 sntp client enable Interface To enable the Simple Network Time Protocol SNTP broadcast and anycast client on an interface use the sntp client enable Interface Configuration command Use the no form of this command to disable the SNTP client The sntp client enable Interface Configuration Ethernet Port channel VLAN mode command enables the Simple Network Time Protocol SNTP broadcast and anycast client on an interface Use the no form of this command to disable the SNTP client Syntax sntp client enable no sntp client enable Default Configuration The SNTP client is disabled on an interface Command Mode Interface Configuration Ethernet Port channel VLAN mode User Guidelines The sntp broadcast client enable Global Configuration mode command globally enables broadcast clients Clock Commands 117 The sntp anycast client enable Global Configuration mode command globally enables anycast clients Example The following example enables the SNTP broadcast and anycast client on an interface Console config if sntp client enable sntp unicast client enable The sntp unicast client enable Global Configuration mode command enables the device to use Simple Network Time Protocol SNTP predefined unicast clients Use the no form of this command to disable the SNTP unicast clients Syntax sntp unicast client enable no sntp unicast client en
101. group in the bridge database without adding or removing ports or port channels specify the mac multicast address parameter only 388 Address Table Commands Static multicast addresses can be defined on static VLANs only You can execute the command before the VLAN is created Example The following example registers the MAC address to the bridge table Console config interface vlan 8 Console config if bridge multicast address 01 00 5e 02 02 03 The following example registers the MAC address and adds ports statically Console config interface vlan 8 Console config if bridge multicast address 01 00 5e 02 02 03 add gil 0 1 2 bridge multicast forbidden address Use the bridge multicast forbidden address Interface Configuration VLAN mode command to forbid adding or removing a specific multicast address to or from specific ports Use the no form of this command to restore the default configuration Syntax bridge multicast forbidden address mac multicast address add remove ethernet intertace list port channel port channel list no bridge multicast forbidden address mac mul ticast address Parameters e mac multicast address Specifies the group MAC multicast address e add Forbids adding ports to the group e remove Forbids removing ports from the group e ethernet interface list Spccifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphe
102. host query messages are sent on the interface Range 100 25500 Default 1000 Command Mode Interface Configuration VLAN mode User Guidelines You can execute the command before the VLAN is created Example ip igmp snooping vian immediate leave Use the ip igmp snooping vlan immediate leave Global Configuration mode command to enable the IGMP Snooping Immediate Leave processing on a VLAN Use the no format of the command to disable IGMP Snooping Immediate Leave processing Syntax ip igmp snooping vlan v an idimmediate leave no ip igmp snooping vlan v an d immediate leave 534 IGMP Snooping Commands Parameters vlan id Specifies the VLAN ID value Range 1 4094 Default Disabled Command Mode Global Configuration mode User Guidelines You can execute the command before the VLAN is created Example show ip igmp snooping mrouter The show ip igmp snooping mrouter EXEC mode command displays information on dynamically learned multicast router interfaces for all VLANs or for a specific VLAN Syntax show ip igmp snooping mrouter zn erface vlan id Parameters interface vlan id Specifies the VLAN ID Command Mode EXEC mode IGMP Snooping Commands 535 Example The following example displays information on dynamically learned multicast router interfaces for VLAN 1000 Console show ip igmp snooping mrouter interface 1000 1000 gil 0 1 gil 0 2 gil 0 3 gi1 0 23 show ip igmp snooping interf
103. igmp snooping groups 537 show ip igmp snooping multicast tv 538 33 LACP Comimanus ee Sead nk 541 lacp system priori 541 lacp port priority 0e cece eee eee 542 lacp timeout 20 cece eee eee eee 542 Show lacp EE 543 show lacp port channel naana 546 34 GVRP Commands 2 2 26 6 eeu 547 gvrp enable Global 547 gvrp enable Interface anannnnnaannn 547 garp Imer EE 548 gvrp vlan creation forbid naaa 550 gvrp registration forbid annaas 550 35 Voi 36 DHCP Snooping and ARP Inspection Commands 567 clear gvrp statistics 2 0 2 cece eee eee 551 show gvrp configuration sss eessaaen aae 552 show gvrp statistics nsun nnana 553 show gvrp ertor statlstics 554 ce VLAN Commands 557 voice vlan oui table 0 ccc e eee eterna 558 voice vlan COS mode 559 VOICE VIAN COS nasses eee eee teen ene 560 voice vlan aging timeout cee eee eee 560 voice vlan enable cece eect e renee eens 561 voice vlan secure 1 eee eee eee eens 562 Show voice vlan 0ccee cece eee eee eee 563 ip dhcp sngogoping cece ee eee 567 ip dhcp snooping van 568 ip dhcp snooping must 568 ip dhcp snooping information option allowed untrusted 569 ip dhcp snooping vert 570 ip dhcp snooping database nuaa a 571 ip dhcp snooping database upd
104. interfaces description EXEC mode command to display the description for all configured interfaces or for a specific interface Syntax show interfaces description interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel 342 Ethernet Configuration Commands Command Mode EXEC mode Example The following example displays the description of all configured interfaces Console show interfaces description Port Descriptions gil O0 1l gil 0 1 Port that should be used for management only gil 0 2 gil 0 1 gil 0 1 gil 0 2 Ch Description Pol Output show interfaces counters Use the show interfaces counters EXEC mode command to display traffic seen by all the physical interfaces or by a specific interface Syntax show interfaces counters interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Ethernet Configuration Commands 343 Example The following example displays traffic seen by all the physical interfaces console show interfaces counters gigabitethernet 1 0 Port InUcastPkts InMcastPkts InBcastPkts InOctets gil 0 1 0 0 0 0 Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets gil 0 1 0 1 35 7051 Alignment Errors 0 FCS Errors 0
105. ip arp inspection Global Configuration mode command globally to enable Address Resolution Protocol ARP inspection Use the no form of this command to disable ARP inspection Syntax ip arp inspection no ip arp inspection Default Configuration ARP inspection is disabled Command Mode Global Configuration mode User Guidelines Note that if a port is configured as an untrusted port then it should also be configured as an untrusted port for DHCP Snooping or the IP address MAC address binding for this port should be configured statically Otherwise hosts that are attached to this port cannot respond to ARPs 576 DHCP Snooping and ARP Inspection Commands Example The following example enables ARP inspection on the device Console config ip arp inspection ip arp inspection vlan Use the ip arp inspection vlan Global Configuration mode command to enable ARP inspection on a VLAN based on the DHCP Snooping database Use the no form of this command to disable ARP inspection on a VLAN Syntax ip arp inspection vlan v an id no ip arp inspection vlan v an id Parameters vlan id Specifies the VLAN ID Default Configuration DHCP Snooping based ARP inspection on a VLAN is disabled Command Mode Global Configuration mode User Guidelines This command enables ARP inspection on a VLAN based on the DHCP snooping database Use the ip arp inspection list assign Global Configuration mode command to enable static ARP inspe
106. map protocols group vlan Interface Configuration Ethernet Port channel mode command to set a protocol based classification rule Use the no form of this command to delete a classification VLAN Commands 511 Syntax switchport general map protocols group group vlan van Ad no switchport general map protocols group group Parameters e group Specifies the group number as defined in the map protocol protocols group command Range 1 65535 vlan id Defines the VLAN ID in the classifying rule Command Mode Interface Configuration Ethernet port channel mode Default Configuration No classification is defined User Guidelines The VLAN classification rule priorities are 1 MAC based VLAN Best match among the rules 2 Subnet based VLAN Best match among the rules 3 Protocol based VLAN 4 PVID Example The following example sets a protocol based classification rule Console config if switchport general map protocols group 1 vlan 8 private vian Use the private vlan Interface VLAN Configuration mode command to configure a private VLAN Use the no form of this command to return the VLAN to normal VLAN configuration 512 VLAN Commands Syntax ptivate vlan primary isolated no private vlan Parameters e Primary Designate the VLAN as Primary VLAN e Isolated Designate the VLAN as Isolated VLAN Default Configuration No private VLANs are configured Command Mode Interface Configu
107. mode 408 Address Table Commands Example The following example displays the multicast configuration for VLAN 1 Console show bridge multicast filtering 1 Filtering Enabled VLAN 1 Port Forward All Soso Static Status GEERT AR gil 0 2 Forbidden Filter gil 0 3 Forward Forward s Forward d show bridge multicast unregistered Use the show bridge multicast unregistered EXEC mode command to display the unregistered multicast filtering configuration Syntax show bridge multicast unregistered interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Address Table Commands 409 Example The following example displays the unregistered multicast configuration Console show bridge multicast unregistered Port Unregistered gil 0 1 Forward gil 0 2 Filter gil 0 3 Filter show ports security Use the show ports security Privileged EXEC mode command to display the port lock status Syntax show ports security interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode Example The following example displays the port lock status of all ports console show ports security Port Status Learning Action Max Trap Frequency gil 0 1 Enabled Max Discard 3 Ena
108. model behavior allows only the following options Add and Remove Inside except vlan list is saved as add vlan list where vlan list is a list of all VLANs from 1 to 4094 minus the VLANs from vlan list Command show running startup always uses the latter format The port must be in trunk mode before the command can take effect Example console config interface gigabitethernet 1 0 1 console config if switchport mode trunk console config if switchport trunk allowed vlan all switchport trunk native vlan Use the switchport trunk native vlan Interface Configuration Ethernet port channel mode command to define the native VLAN when the interface is in trunk mode Use the no form of this command to restore the default configuration Syntax switchport trunk native vlan vlan id none no switchport trunk native vlan Parameters vlan id Specifies the native VLAN ID e none Specifies the access port cannot belong to any VLAN 504 VLAN Commands Default Configuration If the default VLAN is enabled the VLAN ID is 1 Otherwise the VLAN ID is 4095 Command Mode Interface Configuration Ethernet port channel mode User Guidelines The command adds the port as a member of the VLAN If the port is already a member of the VLAN not a native it must first be removed from the VLAN Example The following example configures VLAN number 123 as the native VLAN when the port is in trunk mode Console i
109. n u 719 show interfaces access lists counters 720 30 show class map 726 matchissa Bea eel ee E E ia 727 police map 727 ClASS eet ENEE ARENS RE eae ee oe Meet 729 show police map 730 LUC SE 731 Set ca tS ae ane ates Ee 732 POCO EE EE 733 Setpvice poltey eee e eee eee 735 qos aggregate policer nnnna erranen 735 show qos aggregate policer 737 police aggregate ece cece eee eee 737 Wit queue C s mapn cece eee eee eee 738 wrr queue bandwidth a usnuaeaaaa 740 priority queue out num of queues 741 traffic shape 0c e cece a 742 traffic shape gueue eee eee 743 rate limit Ethernet cece eee ee 744 qos wir queue wd 744 show qos Interface 745 qos wrr queue threshold 2 205 748 qos map Doliced decn nnna 749 qos map dechp gueue eee eee ee 750 qos map dscp dp 2 20 cece eee eee eee 751 qos trust Global 752 qos trust Interface cee cece eee ees 753 OS EE 754 qos dscp mutation 20 e cece e eee eee 755 qos map dscp mutation eee 755 show gOS map 756 clear qos statistics cece eee eee 758 qos statistics policer eee eee 759 qos statistics aggregate policer 760 qos statistics queues 2 00ee eee ee eee 760 show qos statistics eee eee eee 761 31 32 Preface About this Document This CLI Reference Guide descri
110. name no service policy input Parameters policy map name Specifies the policy map name to apply to the input interface Length 1 32 characters Command Mode Interface Configuration Ethernet VLAN Port channel mode User Guidelines Only one policy map per interface per direction is supported Example The following example attaches a policy map called Policy to the input interface Console config if service policy input policyl qos aggregate policer Use the qos aggregate policer Global Configuration mode command to define the policer parameters that can be applied to multiple traffic classes Use the no form of this command to remove an existing aggregate policer Syntax qos aggregate policer aggregate policer name committed rate kbps excess burst byte exceed action drop d policed dscp transmit Quality of Service QoS Commands 735 no qos aggregate policer aggregate policer name Parameters aggregate policer name Specifies the aggregate policer name e committed rate kbps Specifies the average traffic rate CIR in kbits per second kbps Range 3 57982058 e excess burst byte Specifies the normal burst size CBS in bytes Range 3000 19173960 e exceed action drop policed dscp transmit Specifies the action taken when the rate is exceeded The possible values are e drop Drops the packet e policed dscp transmit Remarks the packet DSCP Default Configuration No aggregate polic
111. name Specifies the name of a view to be configured using the command snmp server view no specific order of the command configurations is imposed on the user The view defines the objects available to the community It is not relevant for su which has access to the whole MIB If unspecified all the objects except the community table and SNMPv3 user and access tables are available Range 1 30 characters ipv4 address Management station IPv4 address The default is all IP addresses ipv6 address Management station IPv4 address The default is all IP addresses mask Specifies the mask of the IPv4 address This is not a network mask but rather a mask that defines which bits of the packet s source address are compared to the configured IP address If unspecified it defaults to 255 255 255 255 The command returns an error if the mask is specified without an Pv4 address ptefix length Specifies the number of bits that comprise the IPv4 address prefix If unspecified it defaults to 32 The command returns an error if the prefix length is specified without an IPv4 address SNMP Commands e group name Specities the name of a group that should be configured using the command snmp server group with v1 or v2 parameter no specific order of the two command configurations is imposed on the user The group defines the objects available to the community Range 1 30 characters type router Specifies that SNMP requests f
112. neighbors znterface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode Privileged EXEC mode User Guidelines There are no guidelines for this command A TLV value that cannot be displayed as an ASCII string is displayed as an hexadecimal string Example The following examples display information about neighboring devices discovered using LLDP Location information if it exists is also displayed 446 LLDP Commands Switch show lldp neighbors Port Device ID Port ID System Name Capabilities TTL gil 0 1 00 00 00 11 11 11 gil 0 1 ts 7800 2 B 90 gil 0 1 00 00 00 11 11 11 D gil 0 1 ts 7800 2 B 90 gil 0 2 00 00 26 08 13 24 gil 0 3 ts 7900 1 D R 90 gil 0 3 00 00 26 08 13 24 gil 0 2 ts 7900 2 W 90 Switch show lldp neighbors gil 0 1 Device ID 00 00 00 11 11 11 Port ID gil 0 System Name ts 7800 2 Capabilities B System description Port description Management address 172 16 1 1 Time To Live 90 seconds 802 3 MAC PHY Configuration Status Auto negotiation support Supported Auto negotiation status Enabled Auto negotiation Advertised Capabilities 100BASE TX full duplex 1000BASE T full duplex Operational MAU type 1000BaseTFD 802 3 Power via MDI MDI Power support Port Class PD PSE MDI Power Support Not Supported PSE MDI Power State Not Enabled PSE power pair control ability Not supported PSE Power Pair Signal PSE Power cl
113. no lacp port priority Parameters value Specifies the port priority Range luse the no form of this command65535 Default Configuration The default port priority is 1 Command Mode Interface Configuration Ethernet mode Example The following example sets the priority of gigabitethernet port 1 0 6 console config interface gil 0 6 console config if lacp port priority 247 lacp timeout Use the lacp timeout Interface Configuration Ethernet mode command to assign an administrative LACP timeout to an interface Use the no form of this command to restore the default configuration Syntax lacp timeout ong short no lacp timeout 542 LACP Commands Parameters e long Specifies the long timeout value e short Specifies the short timeout value Default Configuration The default port timeout value is Long Command Mode Interface Configuration Ethernet mode Example The following example assigns a long administrative LACP timeout to gigabitethernet port 1 0 6 Console config interface gigabitethernet 1 0 6 Console config if lacp timeout long show lacp Use the show lacp EXEC mode command to display LACP information for all Ethernet ports or for a specific Ethernet port Syntax show lacp intertace id parameters statistics protocol state Parameters e parameters Displays parameters only e statistics Displays statistics only e protocol state Displays protocol state onl
114. no sntp server ipv address ipv6 address ipv6z address hostname Parameters ipv address Specifies the server Pv4 address ipv6 address Specifies the server IPv6 address A Link Local address IPv6Z address can be defined pv6z address Specifies the IPv6Z address to ping The IPv6Z address format is pv6 ink local address interface name The subparameters are e ipv6 link local address Specifies the IPv6 Link Local address e interface name Specifies the outgoing interface name The interface name has the format v an integer ch integer rsatap integer physical port name The subparameter integer has the format decimal digit integer decimal digit Range for the decimal digit 0 9 hostname Specifies the server hostname Only translation to IPv4 addresses is supported Length 1 158 characters Maximum label length 63 characters poll Enables polling key keyid Specifies the Authentication key to use when sending packets to this peer Range 1 4 294967295 Default Configuration No servers are defined Command Mode Global Configuration mode User Guidelines Up to 8 SNTP servers can be defined The sntp unicast client enable Global Configuration mode command enables predefined unicast clients The sntp unicast client poll Global Configuration mode command globally enables polling 120 Clock Commands Polling time is configured with the sntp client poll time
115. of the command to return to default Syntax ip igmp query max response time seconds no ip igmp query max response time Parameters seconds Maximum response time in seconds advertised in IGMP queries Range 5 20 Default 10 532 IGMP Snooping Commands Command Mode Interface Configuration VLAN mode User Guidelines You can execute the command before the VLAN is created Example ip igmp last member query count Use the ip igmp last member query count Interface Configuration mode command to configure the Last Member Query Counter Use the no format of the command to return to default Syntax ip igmp last member query count count no ip igmp last member query count Parameter count The number of times that group or group source specific queries are sent upon receipt of a message indicating a leave Range 1 7 Default A value of Robustness variable Command Mode Interface Configuration VLAN mode User Guidelines You can execute the command before the VLAN is created Example IGMP Snooping Commands 533 ip igmp last member query interval Use the ip igmp last member query interval Interface Configuration mode command to configure the Last Member Query interval Use the no format of the command to return to default Syntax ip igmp last member query interval milliseconds no ip igmp last member query interval Parameters milliseconds Interval in milliseconds at which IGMP group specific
116. on a port Syntax spanning tree disable no spanning tree disable Default Configuration Spanning tree is enabled on all ports Command Mode Interface Configuration Ethernet port channel mode Example The following example disables the spanning tree on gigabitethernet port 1 0 5 Console config interface gigabitethernet 1 0 5 Console config if spanning tree disable 458 Spanning Tree Commands spanning tree cost Use the spanning tree cost Interface Configuration Ethernet port channel mode command to configure the spanning tree path cost for a port Use the no form of this command to restore the default configuration Syntax spanning tree cost cost no spanning tree cost Parameters cost Specifies the port path cost Range 1 200000000 Default Configuration Default path cost is determined by port speed and path cost method long or short as shown below Interface Long Port channel 20 000 Gigabit Ethernet 1000 20 000 Mbps Fast Ethernet 100 Mbps 200 000 Ethernet 10 Mbps 2 000 000 Command Mode Interface Configuration Ethernet port channel mode Example The following example configures the spanning tree cost on gigabitethernet port 1 0 15 to 35000 Console config interface gigabitethernet 1 0 15 Console config if spanning tree cost 35000 Spanning Tree Commands 459 spanning tree port priority Use the spanning tree port priority Interface Configuration Et
117. port can advertise one IP address Example The following example sets the LLDP management address advertisement mode to automatic on gigabitethermet port 1 0 2 Console config interface gigabitethernet 1 0 2 Console config 11dp management address automatic Ildp notifications Use the lldp notifications Interface Configuration Ethernet mode command to enable or disable sending Link Layer Discovery Protocol LLDP 430 LLDP Commands notifications on an interface Use the no form of this command to restore the default configuration Syntax lldp notifications enable disable no Ildp notifications Parameters e enable Enables sending LLDP notifications e disable Disables sending LLDP notifications Default Configuration Sending LLDP notifications is disabled Command Mode Interface Configuration Ethernet mode Example The following example enables sending LLDP notifications on gigabitethernet port 1 0 5 Console config interface gigabitethernet 1 0 5 Console config lldp notifications 10 Ildp notifications interval Use the lldp notifications interval Global Configuration mode command to configure the maximum transmission rate of LLDP notifications Use the no form of this command to return to the default Syntax lldp notifications interval seconds no lldp notifications interval LLDP Commands 431 Parameters seconds The device should not send more than one notification in the
118. ports in auto state that are connected to end stations in order to proceed to the forwarding state immediately after successful authentication Example The following example enables 802 1x authentication on gigabitethernet port 1 0 15 Console config interface gigabitethernet 1 0 15 Console config if dot1x port control auto 802 1x Commands 297 dot1x re authentication Use the dot1x reauthentication Interface Configuration mode command to enable periodic re authentication of the client Use the no form of this command to return to the default setting Syntax dot1x reauthentication no dotlx reauthentication Parameters This command has no arguments or keywords Default Periodic re authentication is disabled Command Mode Interface configuration Ethernet Example console config interface gigabitethernet 1 0 1 console config if dotlx reauthentication dot1x timeout reauth period Use the dot1x timeout reauth period Interface Configuration mode command to set the number of seconds between re authentication attempts Use the no form of this command to return to the default setting Syntax dotlx timeout reauth period seconds no dot1x timeout reauth period 298 802 1x Commands Parameters seconds Number of seconds between re authentication attempts Range 304294967295 Default 3600 Command Mode Interface Configuration Ethernet mode Example console config interface gig
119. power inline limit Interface Configuration mode command to configure the power limit per port on an interface Use the no form of the command to return to default Syntax power inline limit power no power inline limit Parameters power States the port power consumption limit in Milliwatts Range 0 15400 Default Configuration The default value is the maximum power allowed in the specific working mode e 154W Command Mode Interface Configuration Ethernet mode Example The following example sets inline power on a port console config interface gil 0 1 console config if power inline limit 2222 show power inline Use the show power inline EXEC mode command to display information about the inline power for all interfaces or for a specific interface Syntax show power inline in ferface id module stack member number Power over Ethernet PoE Commands 361 Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port stack member number Specifies the switch member in a stack Default Configuration There is no default configuration for this command Command Mode EXEC mode Example 1 The following example displays information about the inline power console config show power inline Port based power limit mode Unit Power Nominal Consumed Usage Traps Power Power Threshold d On 500 Watts 100 Watts 20 95 Disable 2 off Watts 0 Watts
120. return to the default configuration Syntax spanning tree pathcost method Zone short no spanning tree pathcost method Parameters e long Specifies that the default port path costs are within the range 1 200 000 000 e short Specifies that the default port path costs are within the range 1 65 535 Default Configuration Short path cost method 462 Spanning Tree Commands Command Mode Global Configuration mode User Guidelines This command applies to all the spanning tree instances on the switch e If the short method is chosen the switch use for the default cost values in the range through 65 535 e If the long method is chosen the switch use for the default cost values in the range through 200 000 000 Example The following example sets the default path cost method to Long Console config spanning tree pathcost method long spanning tree bpdu Global Use the spanning tree bpdu Global Configuration mode command to define BPDU handling when the spanning tree is disabled globally or on a single interface Use the no form of this command to restore the default configuration Syntax spanning tree bpdu Altering Hooding no spanning tree bpdu Parameters e filtering Specifies that BPDU packets are filtered when the spanning tree is disabled on an interface e flooding Specifies that untagged BPDU packets are flooded unconditionally without applying VLAN rules to all ports with
121. seconds 2 DHCP Relay Commands ip dhcp relay enable Global Use the ip dhep relay enable Global Configuration mode command to enable Dynamic Host Configuration Protocol DHCP relay features on the device Use the no form of this command to disable the DHCP relay agent Syntax ip dhcp relay enable no ip dhcp relay enable Default Configuration DHCP relay features are disabled Command Mode Global Configuration mode Example The following example enables DHCP features on the device Console config ip dhcp relay enable ip dhcp relay enable Interface Use the ip dhep relay enable Interface Configuration VLAN Ethernet Port channel mode command to enable Dynamic Host Configuration Protocol DHCP relay features on the router Use the no form of this command To disable the DHCP relay agent features DHCP Relay Commands 651 Syntax ip dhcp relay enable no ip dhcp relay enable Default Configuration Disabled Command Mode Interface Configuration VLAN mode Interface Configuration VLAN Ethernet Port channel mode User Guidelines Enable DHCP relay globally before enabling DHCP relay on an interface Example The following example enables DHCP features on VLAN 21 Console config interface vlan 21 Console config if ip dhcp relay enable ip dhcp relay address Global Use the ip dhcp relay address Global Configuration mode command to define the DHCP servers available for the DHCP relay U
122. server database Console clear ip dhcp binding 10 12 1 99 show ip dhcp The show ip dhcp EXEC mode command displays the DHCP configuration Syntax show ip dhcp DHCP Server Commandes 677 Command Mode EXEC mode Example The following example displays the DHCP configuration Console gt show ip dhcp DHCP server is enabled DHCP ping packets is enabled with 2 retries and 500 milliseconds show ip dhcp excluded addresses The show ip dhcp excluded addresses EXEC mode command displays the excluded addresses Syntax show ip dhcp excluded addresses Command Mode EXEC mode Example The following example displays the excluded addresses Console gt show ip dhcp excluded addresses The number of excluded addresses ranges is 2 Excluded addresses TOI ds 212s ett E lOO OT S220 25 102 24 9 show ip dhcp pool host The show ip dhcp pool host EXEC mode command displays the DHCP pool host configuration 678 DHCP Server Commands Syntax show ip dhcp pool host address name Parameters e address Specifies the client IP address e name Specifies the DHCP pool name Length 1 32 characters Command Mode EXEC mode Example The following example displays the DHCP pool host configuration Console gt show ip dhcp pool host The number of host pools is 1 Name IP Address Hardware Address Station D2 6 Lesty cl Console gt show ip dhcp pool host station Name IP Address Hardware A
123. session activity in a group of N TCP iSCSI connections In the worst case if all 256 sessions are monitored and are not terminated gracefully the existing mechanism causes inaccuracies the last group of monitored iSCSI sessions are aged out after 256 N aging time In general the higher the number of ungraceful terminated iSCSI TCP connections the higher the aging time inaccuracy Example The following example displays the iSCSI sessions Console show iscsi sessions Target igqn 1993 11 com disk vendor diskarrays sn 45678 Initiator igqn 1992 04 com os vendor plan9 cdrom 12 ISID 11 Initiator igqn 1995 05 com os vendor plan9 cdrom 10 ISID 222 Target iqn 103 1 com storage vendor sn 43338 storage tape sysl xyz Initiator igqn 1992 04 com os vendor plan9 cdrom 12 ISID 44 Initiator igqn 1995 05 com os vendor plan9 cdrom 10 ISID 65 Console show iscsi sessions detailed Target igqn 1993 11 com disk vendor diskarrays sn 45678 Session 1 iSCSI Commands 597 Initiator ign 1992 04 com os vendor plan9 cdrom 12 storage sysl xyz UP Time 02 10 45 DD HH MM Time for aging out 10 min L 11 Initiator Initiator Target Target IP Address TCP Port IP Address IP Port 172 16 1 3 49154 L726 1 621420 30001 172 16 1 4 49155 LIZ 1L6e1 621 30001 EE cured Baro 49156 VIZ LG ee 22 30001 Session 2 Initiator ign 1995 05 com os vendor plan9 cdrom 10 Status Active UP Time
124. switchport access multicast tv vlan 11 switchport trunk allowed vian Use the switchport trunk allowed vlan Interface Configuration mode command to set the trunk characteristics when the interface is in trunking mode Use the no form of this command to reset a trunking characteristic to the default Syntax switchport trunk allowed vlan d all none add vlan list remove vlan list except vlan list no switchport trunk allowed vlan Parameters all Specifies all VLANs from 1 to 4094 At any time the port belongs to all VLANs exiting at the time Range 1 4094 none Specifies an empty VLAN list The port does not belong to any VLAN add vlan list List of VLAN IDs to add Separate nonconsecutive VLAN IDs with a comma and no spaces Use a hyphen to designate a range of IDs remove vlan list List of VLAN IDs to remove Separate nonconsecutive VLAN IDs with a comma and no spaces Use a hyphen to designate a range of IDs except vlan list List of VLAN IDs is calculated by inverting the defined list of VLANs the calculated list will include all VLANs from interval 1 4094 except VLANs from the defined list VLAN Commands 503 Default Configuration The Default VLAN is its Native VLAN and the port belongs to either all VLANs or only to the Default VLAN depending on a value of parameter Trunk Port Default Configuration Command Mode Interface Configuration Ethernet port channel mode User Guidelines The RS port
125. system Total size of flash 33292288 bytes Free size of flash 20708893 bytes console dir Directory of flash File Name Permission Size Data Size Modified Flash tmp rw 524288 104 01 Jan 2010 05 35 04 image 1 rw 10485760 10485760 01 Jan 2010 06 10 23 image 2 rw 10485760 10485760 01 Jan 2010 05 43 54 dhcpsn prv Ge 262144 Se 01 Jan 2010 05 25 07 sshkeys prv Sa 262144 z 04 Jan 2010 06 05 00 syslogl sys r 524288 o 01 Jan 2010 05 57 00 syslog2 sys ibe 524288 01 Jan 2010 05 57 00 directry prv 262144 01 Jan 2010 05 25 07 startup config rw 786432 1081 01 Jan 2010 10 05 34 Total size of flash 66322432 bytes Free size of flash 42205184 bytes 134 Configuration Image File Commands console more The more Privileged EXEC mode command displays a file Syntax more url Parameters url Specifies the location URL or reserved keyword of the source file to be displayed Length 1 160 characters The following table displays options for the URL parameter Keyword Source or Destination flash Source or destination URL for flash memory If a URL is specified without a prefix this is the default URL running config Current running configuration file startup config Startup configuration file mirror config Mirrored configuration file usb Universal Serial Bus USB File System Command Mode Privileged EXEC mode User Guidelines Files are displayed in ASCII format except for th
126. that includes all objects in the MIB II system group except for sysServices System 7 and all objects for interface 1 in the MIB II interfaces group Console config snmp server filter filter name system included Console config snmp server filter filter name system 7 excluded Console config snmp server filter filter name ifEntry 1 included snmp server host Use the snmp server host Global Configuration mode command to specify the recipient of a Simple Network Management Protocol notification operation Use the no form of this command to remove the specified host 168 SNMP Commands Syntax snmp server host ipv4 address d ipv6 address hostname traps informs version 1 2c 3 auth noauth priv community string udp port port filter filtername timeout seconds retries retries no snmp server host d ipv address ipv6 address hostname traps informs version 1 2c 3 Parameters pv4 address IPv4 address of the host the targeted recipient ipv6 address Pv6 address of the host the targeted recipient When the IPv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the User Guidelines for the interface name syntax hostname Hostname of the host Range 1 158 characters Maximum label size 63 trap Sends SNMP traps to this host default informs Sends SNMP informs to this host Not applicable to SNMPv1 1 SNMPvI t
127. the default configuration Syntax spanning tree bpduguard enable disable no spanning tree bpduguard Parameters enable Enables BPDU Guard disable Disables BPDU Guard Default Configuration BPDU Guard is disabled Command Mode Interface Configuration Ethernet Port channel mode User Guidelines The command can be enabled when the spanning tree is enabled useful when the port is in the PortFast mode or disabled 466 Spanning Tree Commands Example The following example shuts down Ethernet port 1 0 5 when it receives a BPDU Console config interface gigabitethernet 1 0 5 Console config if spanning tree bpduguard enable clear spanning tree detected protocols Use the clear spanning tree detected protocols Privileged EXEC command to restart the protocol migration process force the renegotiation with neighboring switches on all interfaces or on the specified interface Syntax clear spanning tree detected protocols interface interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode User Guidelines This feature should be used only when working in RSTP or MSTP mode Example console clear spanning tree detected protocols spanning tree mst priority Use the spanning tree mst priority Global Configuration mode command to configure the device priority for the specif
128. the domain name Use the no form of this command to remove the client name Syntax client name name no client name Parameters name Specifies the client name using standard ASCII characters The client name should not include the domain name For example the name Mars should not be specified as mars yahoo com Length 1 32 characters Command Mode DHCP Pool Host Configuration mode Default Coniguration No client name is defined Example The following example defines the string Client as the client name Console config dhcp client name clientl default router Use the default router DHCP Pool Configuration mode command to configure the default router list for a Dynamic Host Configuration Protocol DHCP client Use the no form of this command to remove the default router list Syntax default router p address ip address2 ip address6 no default router DHCP Server Commands 663 Parameters ip address Specifies the IP address of a router One IP address is required although up to eight addresses can be specified in one command line Command Mode DHCP Pool Host Configuration mode DHCP Pool Network Configuration mode Default Configuration No default router is defined User Guidelines The router IP address should be on the same subnet as the client subnet Example The following example specifies 10 12 1 99 as the default router IP address Console config dhcp default router 10 12 1 99
129. the Access Control Entries ACEs that their time range is currently active including those that are not associated with time range Command Mode Privileged EXEC mode Example Switch show access lists 717 Router show access lists Standard IP access list 1 deny any Standard IP access list 2 deny 192 168 0 0 wildcard bits 0 0 0 255 permit any Standard IP access list 3 deny 0 0 0 0 deny 192 168 0 1 wildcard bits 0 0 0 255 permit any Standard IP access list 4 permit 0 0 0 0 permit 192 168 0 2 wildcard bits 0 0 0 255 Extended IP access list ACL1 permit 234 172 30 40 1 0 0 0 0 any permit 234 172 30 8 8 0 0 0 0 any Extended IP access list ACL2 permit 234 172 30 19 1 0 0 0 255 any time range weekdays permit 234 172 30 23 8 0 0 0 255 any time range weekends Switch show access lists time range active Extended IP access list ACL permit 234 172 30 40 1 0 0 0 0 any permit 234 172 30 8 8 0 0 0 0 any Extended IP access list ACL2 permit 234 172 30 19 1 0 0 0 255 any time range weekdays Switch show access lists 718 show interfaces access lists Use the show interfaces access lists Privileged EXEC mode command to display access lists applied on interfaces Syntax show interfaces access lists interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port Port channel or VLAN Command Mode Privileged EXEC mode Example
130. the associated statement is in effect The second occurrence can be at the following day see description in the User Guidelines Range 0 23 mm 0 59 e list day of the week1 Specifies a list of days that the time range is in effect Default There is no periodic time when the time range is in effect Command Mode Time range Configuration mode User Guidelines The second occurrence of the day can be at the following week E g Thursday Monday means that the time range is effective on Thursday Friday Saturday Sunday and Monday The second occurrence of the time can be at thefollowing day E g 22 00 2 00 show time range Use the show time range EXEC command To display the time range configuration Syntax show time range time range name 716 Parameters time range name Specities the name of the time range Range 1 32 Command Mode EXEC mode Example Console show time range http allowed absolute start 12 00 1 jan 2005 absolute end 12 00 31 dec 2005 periodic monday 8 00 to friday 20 00 show access lists Use the show access lists Privileged EXEC mode command to display access control lists ACLs configured on the switch Syntax show access lists name access list number show access lists time range active name Parameters e name Spcecifies the name of the ACL access list number Specifies the number of the IP standard ACL list e time range active Shows only
131. the no form of this command to remove the time servers list Syntax time server 1p address 1p address2 ip address8 no time server Parameters ip address Specifies the IP address of a time server One IP address is required although up to eight addresses can be specified in one command line Command Mode DHCP Pool Host Configuration mode DHCP Pool Network Configuration mode Default Configuration No time server name is defined User Guidelines The router IP address should be on the same subnet as the client subnet Example The following example specifies 10 12 1 99 as the time server IP address Console config dhcp time server 10 12 1 99 670 DHCP Server Commands option Use the option DHCP Pool Configuration mode command to configure the Dynamic Host Configuration Protocol DHCP Server options Use the no form of this command to remove the options Syntax option code ascii asci string hex hex string ip 1p address option ip list code ip address I ip address2 no option code Parameters e code Specifies the DHCP option code e ascii ascii string Specifies an NVT ASCII character string ASCII character strings which contain white space must be delimited by quotation marks e hex hex string Specifies dotted hexadecimal data Each byte in hexadecimal character strings is two hexadecimal digits Bytes are separated by a period or colon ip ip address Specifies an IP address
132. this command to disable cable crossover Syntax mdix Zon auto no mdix Parameters e on Enables manual MDIX e auto Enables automatic MDI MDIX Default Configuration The default setting is On Command Mode Interface Configuration Ethernet mode Example The following example enables automatic crossover on port 1 5 Console config interface gil 0 1 5 Console config if mdix auto The following example enables automatic crossover on port gigabitethernet 1 0 I Console config interface gigabitethernet 1 0 5 Console config if mdix auto 336 Ethernet Configuration Commands back pressure Use the back pressure Interface Configuration Ethernet mode command to enable back pressure on a specific interface Use the no form of this command to disable back pressure Syntax back pressure no back pressure Default Configuration Back pressure is enabled Command Mode Interface Configuration Ethernet mode Example The following example enables back pressure on port gi1 0 5 Console config interface gigabitethernet 1 0 5 Console config if back pressure port jumbo frame Use the port jumbo frame Global Configuration mode command to enable jumbo frames on the device Use the no form of this command to disable jumbo frames Syntax port jumbo frame no port jumbo frame Default Configuration Jumbo frames are disabled on the device Ethernet Configuration Commands 337 Comman
133. timeout server timeout Interface Configuration Ethernet mode command to set the time interval during which the device waits for a response from the authentication server Use the no form of this command to restore the default configuration Syntax dot ls timeout server timeout seconds no dotlx timeout server timeout Parameters seconds Specifies the time interval in seconds during which the device waits for a response from the authentication server Range 1 65535 seconds Default Configuration The default timeout period is 30 seconds Command Mode Interface Configuration Ethernet mode User Guidelines The actual timeout period can be determined by comparing the value specified by the dot1x timeout server timeout command to the result of multiplying the number of retries specified by the radius server retransmit command by the timeout period specified by the radius server timeout command and selecting the lower of the two values Example The following example sets the time interval between retransmission of packets to the authentication server to 3600 seconds Console config interface gigabitethernet 1 0 15 Console config if dot1x timeout server timeout 3600 304 802 1x Commands show dot1x Use the show dot1x Privileged EXEC mode command to display the 802 1x device or specified interface status Syntax show dotlx interface interface id Parameters interface id Specify an interface ID The interface
134. when a user tries to log in Note that if a password is inserted in encrypted format the minimum length requirement is checked during user login only Passwords that were defined before defining the minimum length requirement are only checked during user login Example The following example configures the minimal required password length to 8 characters Console config passwords min length 8 passwords strength check enable Use the passwords strength check enable Global Configuration mode command to enforce minimum password strength The no form of this command disables enforcing password strength Syntax passwords strength check enable no passwords strength check enable Parameters This command has no arguments or keywords Default Disabled 236 AAA Commands Command Mode Global Configuration mode User Guidelines If password strength is enabled the user is forced to enter passwords that e Contain characters from user defined several character classes uppercase letters lowercase letters numbers and special characters available on a standard keyboard e Contain no character that is repeated more than user defined times consecutively The user can control the above attributes of password strength with specific commands Example The following example enables password strength and configures the character classes to 3 Console config passwords strength check enable Console config password
135. 0 1 Role Designated Port cost 20000 configured no Address 00 02 4b 29 7a 00 Designated path cost 20000 1 Role Alternate Port cost 20000 Port Fast No configured no Address 00 02 4b 29 1a 19 Designated path cost 20000 1 Role Designated Port cost 20000 Port Fast No configured no Address 00 02 4b 29 7a 00 Designated path cost 20000 1 489 Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST Root ID IST Master ID Bridge ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost20000 Root gil 0 1 Port Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Priority 32768 Address 00 02 4b 19 7a 00 Path Cost10000 Rem hops 19 Priority 32768 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ax hops 20 Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST Root ID Priority 32768 Address 00 01 42 97 e0 00 This switch is root for CST and IST master 490 Spanning Tree Commands Root gil 0 1 Port Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 show spanning tree bpdu Use the show spanning tree bpdu EXEC mode command to display the BPDU handling when spanning tree is disabled Syntax show spanning tree bpdu interface id Parameters interface id Speci
136. 0 0 0 0 gil 0 2 0 0 0 0 0 gil 0 3 0 0 0 0 0 gil 0 4 0 0 0 0 0 gil 0 5 0 0 0 0 0 gil 0 6 0 0 0 0 0 gil 0 0 7 0 0 0 0 0 gil 0 0 8 0 0 0 0 0 GVRP Commands 555 556 GVRP Commands Voice VLAN Commands The voice vlan id Global Configuration mode command specified the Voice VLAN Identified The no format of the command returns the value to default Syntax voice vlan id v an rd no voice vlan id Parameters vlan id Specifies the voice VLAN ID Parameters Range vian id 4094 Default Configuration Default VLAN s Identifier Command Mode Global Configuration mode User Guidelines If the Voice VLAN does not exist it is created automatically It will not removed automatically Example The following example enables VLAN 35 as the voice VLAN on the device Console config voice vlan id 35 Voice VLAN Commands 557 voice vian oui table Use the voice vlan oui table Global Configuration mode command to configure the voice OUI table Use the no form of this command to restore the default configuration Syntax voice vlan oui table add mac address prefix d remove mac address pretix text no voice vlan oui table Parameters e add mac address pretix aAdds the specified MAC address to the voice VLAN OUI table Length 3 bytes e text Adds the specified text as a description of the specified MAC address to the voice VLAN OUI table Length 1 32 characters remove mac address pretix R
137. 0 0 0 0 255 1 1 2 0 0 0 0 0 deny IP Use the deny IP Access list Configuration mode command to set deny conditions for IPv4 access list 698 Syntax deny protocol any source source wildcard any destination destination wildcard dscp number precedence number time range time range name disable port log input deny icmp any source source wildcard any destination destination wildcard any icmp type any icmp code dscp number precedence number time range time range name disable port log input deny igmp any source source wildcard any d destination destination wildcard igmp type dscp number d precedence number time range time range name disable port log mput deny tcp any source source wildcard any source port port range any destination destination wildcard any destination port port range dscp number precedence number match all list of flags time range time range name disable port log input deny udp any source source wildcard any source port port range any destination destination wildcard any destination port port range dscp number d precedence number match all time range name time range time range name disable port log iput Parameters e protocol The name or the number of an IP protocol Available protocol names icmp igmp ip tcp egp igp udp hmp rdp idpr ipv6 ipv6 rout ipv6 frag idrp rsvp gre esp ah ipv6 icm
138. 0 00 00 00 00 00 00 5 00 00 00 00 00 00 00 00 00 00 00 6 00 00 00 00 Quality of Service QoS Commands 757 The following table appears Policed dscp map d1 d2 0 l 2 3 4 5 6 7 8 9 0 00 0 02 03 04 05 06 07 08 09 1 10 1 12 13 14 15 16 17 18 19 2 20 2 22 23 24 25 26 27 28 29 3 30 3 32 33 34 35 36 37 38 39 4 40 4 42 43 44 45 46 47 48 49 5 50 Di 52 53 54 55 56 57 58 59 6 60 61 62 63 The following table appears Dscp dscp mutation map d1 d2 0 1 2 3 4 5 6 7 8 9 0 00 0 02 03 04 05 06 07 08 09 1 10 1 12 13 14 15 16 17 18 19 2 20 2 22 23 24 25 26 27 28 29 3 30 3 32 33 34 35 36 37 38 39 4 40 4 42 43 44 45 46 47 48 49 5 50 5 52 53 54 55 56 57 58 59 6 60 6 62 63 clear qos statistics Use the clear qos statistics EXEC mode command to clear the QoS statistics counters Syntax clear qos statistics Command Mode EXEC mode 758 Quality of Service QoS Commands Example The following example clears the QoS statistics counters Console clear qos statistics qos statistics policer Use the qos statistics policer Interface Configuration Ethernet Port channel mode command to enable counting in profile and out of profile Use the no form of this command to disable counting Syntax qos statistics policer policy map name class map name no qos statistics policer policy map name class map name Parameters e policy map name Specifies the policy map name e class map name Specifies the class ma
139. 0 1 2 BEGETS Required 3978 VLAN0091 gil 0 17 eee Not Required Guest VLAN static Guest 518 VLAN Commands show vian multicast tv Use the show vlan multicast tv EXEC mode command to display information on the source ports and receiver ports of multicast V VLAN Syntax show vlan multicast tv vlan v an id Parameters vlan id Specifies the VLAN ID Command Mode EXEC mode Example The following example displays information on the source and receiver ports of multicast V VLAN ID 1000 Console show vlan multicast tv vlan 1000 Source ports Receiver Ports gil 0 8 gil 0 1 18 gil 0 1 18 gil 0 1 18 gil 0 9 The following table describes the significant fields shown in the display Field Description Source ports Ports that can transmit and receive traffic to and from the VLAN Receiver ports Ports that can only receive traffic from the VLAN show vlan protocols groups Use the show vlan protocols groups EXEC mode command to display protocols groups information VLAN Commands 519 Syntax show vlan protocols groups Command Mode EXEC mode Example The following example displays protocols groups information Console gt show vlan protocols groups Protocol Encapsulation Group 0x800 IP Ethernet 1 0x806 ARP Ethernet 1 0x86dd IPv6 Ethernet 2 3 0x8898 Ethernet show vlan internal usage Use the show vlan internal usage Privileged EXEC mode command to display a list of VLAN
140. 0 5 e day Day by date in the month Range 1 31 e month Month first three letters by name Range Jan Dec e year Year no abbreviation Range 2000 2097 Default There is no absolute time when the time range is in effect Command Mode Time range Configuration mode periodic Use the periodic Time range Configuration mode command to specify a recurring weekly time range for functions that support the time range feature Use the no form of this command To remove the time limitation Syntax periodic day ofthe week hh mm to day oFtthe week hh mm no periodic day ofthe week hh mm to day of the week hh mm periodic list AA mm to hh mm day oFthe week day of the week2 day of the week7 no periodic list Ah mm to hh mm day of the weekl day of the week2 day of the week7 periodic list hA mm to hh mm all no periodic list al hh mm to hh mm all 715 Parameters e day of the week The starting day that the associated time range is in effect The second occurrence is the ending day the associated statement is in effect The second occurrence can be the following week see description in the User Guidelines Possible values are Monday Tuesday Wednesday Thursday Friday Saturday and Sunday e hh mm tThe first occurrence of this argument is the starting hours minutes military format that the associated time range is in effect The second occurrence is the ending hours minutes military format
141. 000ceee eee eee 101 system fans always on 0cccceeee cena eens 102 show system Ian 103 assSet tag EE 103 show system H 104 5 Clock Commands 107 Clock eet eise SE AE e O Aia 107 clock entre Seed eegne hate es Weta cutee 108 Clock timezone 108 clock summer timMe 109 sntp authentication key 20 2 000 111 sntp authenticate 0 20e eee eee eee 112 sntp trusted key 20 cece eee eee eee 113 sntp client poll mer 114 sntp broadcast client enable aana 115 sntp anycast client enable n 115 sntp client enable 0020eeee eee eee 116 sntp client enable Interface 117 sntp unicast client enable 118 sntp unicast client nol 119 SNP SOME s sec ec SN Se EN NENNEN E EE e eee Sek dE 119 sntp Un EE 121 SHOW d hl EE 122 show sntp configuration sueann 124 show sntp status 124 6 Configuration Image File Commands 127 COPY sce age sal Geo Bat eee ed oe eae 127 Write Memory 0 cece cece eee eee eens 132 E DEE 132 PWO EE 133 GIT shee Sah a eee RU eget ach etic ead 134 WOEN SEENEN epee ine etd 135 kee ee et leg tants A 136 PON AMG ef s Made ete ey See aes eee eae 137 boot system 138 show running Confg cece ences 139 show startup config ass seueena nenna 140 show bootvar 140 7 Auto Update and Auto Configuration 143
142. 0U zfwOllg 206 Telnet SSH and Slogin Commands kTwm1750R9gHujS6KwGN2QWXgh3ub8gDjTSq muSn Wd05iDX2IExQWuU08licgl1kO02LYciz Z4TrEU 9FIxwPiVQOjc KBXuR0 juNg5nFYsY OZCkON W9a tnkm1lshRE7Di71 w3fNiOA 6w9044t 6 AINEICBCCA4YcF6zMzaTlwefWwXx6f Rmt SnhhqdAtN 4oJfcel166DqvxX1gWmN ZNR4DYDvSzg01DnwCAC8Qh Fingerprint a4 16 46 23 5a 8d 1d b5 37 59 eb 44 13 b9 33 e9 user key The user key SSH Public Key string Configuration mode command specifies which SSH public key is manually configured Use the no form of this command to remove an SSH public key Syntax user key username rsa dsa no user key username Parameters username Specifies the remote SSH client username Length 1 48 characters e rsa Specifies that the RSA key pair is manually configured e dsa Specifies that the DSA key pair is manually configured Default Configuration No SSH public keys exist Command Mode SSH Public Key string Configuration mode User Guidelines Follow this command with the key string SSH Public Key String Configuration mode command to specify the key Telnet SSH and SloginCommands 207 Please note that after entering this command the existing key is deleted even if no new key is defined by the key string command Exampe The following example enables manually configuring an SSH public key for SSH public key chain bob Console config crypto key pubkey chain ssh Console config pubkey chain user key bob rsa Co
143. 1 When using the ping ipv6 command to check network connectivity of a directly attached host using its link local address the egress interface may be specified in the IPv6Z format If the egress interface is not specified the default interface is selected Specifying interface zone 0 is equivalent to not defining an egress interface When using the ping ipv6 command with MC address the information displayed is taken from all received echo responses Examples Console gt ping ip 10 1 1 1 Pinging 10 1 1 1 with 64 bytes of data 64 bytes from 10 1 1 1 icmp_seq 0 time 11 ms 64 bytes from 10 1 1 1 icmp_seq l time 8 ms 64 bytes from 10 1 1 1 icmp_seq 2 time 8 ms 72 System Management Commands 64 bytes from 10 1 1 1 icmp_seq 3 time 7 ms 10 1 1 1 PING Statistics 4 packets transmitted 4 packets received 7 8 11 round trip ms min avg max Console gt ping ip yahoo com Pinging yahoo com 66 218 71 198 with 64 0 packet loss bytes of data 64 bytes from 10 1 1 1 icmp_seq 0 time 11 ms 64 bytes from 10 1 1 1 icmp_seq 1l time 8 ms 64 bytes from 10 1 1 1 icmp_seq 2 time 8 ms 64 bytes from 10 1 1 1 icmp_seq 3 time 7 ms 10 1 1 1 PING Statistics 4 packets transmitted 4 packets received 7 8 11 round trip ms min avg max Console gt ping ip oob 176 16 1 1 0 packet loss Pinging oob 176 16 1 1 with 64 bytes of data 64 bytes from oob 176 16 1 1 icmp_seq 0 64 bytes from oo
144. 1 8Ubx3GyCm oW93BSOFwxwEsP58kf sPYPy 8wwmoNt DwIDAQABoB8wHQYJKoZ IhvcNAQkH MRD jEyMwg I CCAgICAICAgIMA0GCSqGSIb3DQEBBAUAA4GBAGb8UgIx7rB05m 2 m5ZZPhIwl8ARSPXwhVdJexF jbnmvcacqjPG8pliRV6LkxryGF2bVU3 jKEipcZa gtuNpyTkDt32ZVU72pjz fa8TFOn3 CN router gm com 0 General Motors C US crypto certificate import The crypto certificate import Global Configuration mode command imports a certificate signed by a Certification Authority for HTTPS Syntax crypto certificate number import 188 RSA and Certificate Commands Parameters number Specifies the certificate number Range 1 2 Command Mode Global Configuration mode User Guidelines To end the session use a blank line The imported certificate must be based on a certificate request created by the crypto certificate request privileged EXEC command If the public key found in the certificate does not match the device s SSL RSA key the command fails This command is not saved in the router configuration However the certificate imported by this command is saved in the private configuration which is never displayed to the user or backed up to another device Example The following example imports a certificate signed by Certification Authority for HTTPS Console config crypto certificate 1 import dHmUgUm9vdCBDZXJ0aWZpZX IwXDANBgkqhkiG9w0BAQEFAANLADBIAkKEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTmlxyJ1ltllalGagqchfMqge0kmfhcoHSwWr yf 1FpDOMWOTgDAwIDAQABo4 IBo jCCAZ 4wE
145. 16 bytes Civic address 6 160 bytes Ecs elin 10 25 bytes Default Configuration The location is not configured 438 LLDP Commands Command Mode Interface Configuration Ethernet mode Example The following example configures the LLDP MED location information on gigabitethernet port 1 0 2 as a civic address console config interface gil 0 2 console config if lldp med location civic address 616263646566 show IIdp configuration Use the show Ildp configuration Privileged EXEC mode command to display the Link Layer Discovery Protocol LLDP configuration for all interfaces or for a specific interface Syntax show Ildp configuration interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode Privileged EXEC mode Example The following example sets the LLDP re initialization delay to 10 seconds Switch show lldp configuration State Enabled Timer 30 Seconds Hold multiplier 4 Reinit delay 2 Seconds Tx delay 2 Seconds Notifications interval 5 seconds LLDP Commands 439 LLDP packets handling Filtering Port State Optional TLVs Address Notifications gil 0 1 RX TX PD SN SD SC Erze Konigi Disabled gil 0 2 TX PD SN TT Disabled gil 0 3 RX TX PD SN SD SC None Disabled gil 0 5 RX TX D SN SD SC automatic Disabled gil 0 6 RX TX PD SN SD SC auto vlan 1 Disabled gil 0 7 RX TX PD SN SD SC auto gl Disabled gil 0 8 R
146. 25 seconds Console config spanning tree forward time 25 spanning tree hello time Use the spanning tree hello time Global Configuration mode command to configure the spanning tree bridge Hello time which is how often the device broadcasts Hello messages to other devices Use the no form of this command to restore the default configuration Syntax spanning tree hello time seconds no spanning tree hello time Spanning Tree Commands 455 Parameters seconds Specifies the spanning tree Hello time in seconds Range 1 10 Default Configuration The default Hello time for IEEE Spanning Tree Protocol STP is 2 seconds Command Mode Global Configuration mode User Guidelines When configuring the Hello time the following relationship should be maintained Max Age gt 2 Hello Time 1 Example The following example configures the spanning tree bridge hello time to 5 seconds Console config spanning tree hello time 5 spanning tree max age Use the spanning tree max age Global Configuration mode command to configure the spanning tree bridge maximum age Use the no form of this command to restore the default configuration Syntax spanning tree max age seconds no spanning tree max age Parameters seconds Specifies the spanning tree bridge maximum age in seconds Range 6 40 456 Spanning Tree Commands Default Configuration The default maximum age for IEEE Spanning Tree Protocol STP is 20 seco
147. 5 81 77 5A 31 53 D1 FF 4E 26 BE 8D 4A FD 8B 22 9F 45 D4 Key Attributes lt No Attributes gt Proc Type 4 ENCRYPTED DEK Info DES EDE3 CBC 085DCBF3A41D2669 dac0m9jqEp1DM50sIDb8Jq14xW 1P0kqSxuMhc250dBE 1f PBg9VSVVIARaYt16w bX67UyJ8t 7HHF 3Aow j cWZE1Q5GJgSQ0VemsqsRQz jpCTb090rx cNwVfIvjoedgQ Mt15 fKIAcqs fEgEGIJNX04 jEzsXAkwfOLFfgt 4703 IpkUn0AxrQzutJDOcC28Uxp 192 RSA and Certificate Commands raMVTIVS1SkJIvaPuXJxdZ27 9tDMwZf f ILB KCIGACT5V5 4WEgDkrFtuuF9 oxm2 5SVL8TvUmXB 3hX4Uoaxt xAhuyOdhhlkyyZSpw9BPPR 8bc wUYERh7 7JXLKHpd ueeu3znfIX4dDeti8B3xYvvE8kGZjxFN1lcC3zc3JsD0IVulLkyiAa93P4LPEVAwG FwlLqmGiiqw9JM tzc6kYkZXylFzCrSVf2exP tEvM show crypto certificate mycertificate The show crypto certificate mycertificate Privileged EXEC mode command displays the device SSL certificates Syntax show crypto certificate mycertificate number Parameters number Specifies the certificate number Range 1 2 Command Mode Privileged EXEC mode Example The following example displays SSL certificate present on the device Console show crypto certificate mycertificate 1 dHmUgUm9vdCBDZXJ0aWZpZX IwXDANBgkghkiG9w0BAQEFAANLADBIAKEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTmlxyJl1ltllalGaqchfMqge0kmfhcoHSwr yf 1FpDOMWOTgDAwIDAQABo4 IBo jCCAZ 4wEwY JKwY BBAGCNxXQCBAY eBABDAEEw CwROPBAQDAgFGMA8GA1UdEWEB wQFMAMBAf 8wHQYDVROOBBYEFAf 4MT9BRD47 ZVKBAEL9Ggp 6MI IBNgYDVRO BI IBLTCCASkwgdKggctggcyGgclsZGFwOi8v LOVByb3h5JTIwU2 9mdHdhcmU1MjBSb2 90TTI
148. 6 Po7 Po8 2 2 gil 0 dynamicGvrp Required 10 v0010 gil 0 permanent Not Required 11 v0011 gil 0 1 gi1 0 13 permanent Required 20 20 gil 0 permanent Required 30 30 gil 0 1 gi1 0 13 permanent Required 31 31 gil 0 permanent Required 91 91 gil 0 1 gi1 0 40 permanent Required 4093 guest vlan gil 0 1 gil1 0 13 permanent Guest console config s banner exec Use the banner exec command to specify and enable a message to be displayed when an EXEC process is created The user has successfully logged in use the banner exec command in Global Configuration mode Use the no form of this command to delete the existing EXEC banner Syntax banner exec d message text d no banner exec User Interface Commands 53 Parameters e d Delimiting character of your choice a pound sign for example You cannot use the delimiting character in the banner message e message text The message must start in a new line You can enter multi line messages You can include tokens in the form of token in the message text Tokens are replaced with the corresponding configuration variable Tokens are described in the User Guidelines The message can contain up to 2000 characters after every 510 characters you must press lt Enter gt to continue Default Configuration Disabled no EXEC banner is displayed Command Mode Global Configuration mode User Guidelines Follow this command with one or more blank spaces and a delimiting cha
149. 6 address link local Use the ipv6 address link local command to configure an IPv6 link local address for an interface Use the no form of this command to return to the default link local address on the interface Syntax ipv6 address ipv6 address pretix length link local no ipv6 address ipv6 address pretix length link local Parameters ipv6 address Specifies the Pv6 network assigned to the interface This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimals using 16 bit values between colons e prefix length Specifies the length of the IPv6 prefix A decimal value indicates how many of the high order contiguous bits of the address comprise the prefix the network portion of the address A slash mark must precede the decimal Only 64 bit length is supported according to IPv6 over Ethernet s well known practice Default Configuration IPv6 is enabled on the interface link local address of the interface is FE80 EUI64 interface MAC address Command Mode Interface Configuration Ethernet VLAN Port channel mode It cannot be configured for a range of interfaces range context 628 IPv6 Addressing Commands User Guidelines Using the no ipv6 link local address command removes the manually configured link local IPv6 address from an interface Multiple IPv6 addresses can be configured per interface but only one link local address When the no ipv6 link local addres
150. 7 800 0422 Infinite Static DHCP Server Commands 685 The following table describes the significant fields shown in the display Field Description IP address The host IP address as recorded on the DHCP Server Hardware The MAC address or client identifier of the host as recorded address on the DHCP Server Lease expiration The lease expiration date of the host IP address Type The manner in which the IP address was assigned to the host show ip dhcp declined Use the show ip dhcp declined EXEC command to display the specific one or all the declined addresses on the Dynamic Host Configuration Protocol DHCP server Syntax show ip dhcp declined ip address Parameters ip address Specifies the IP address Command Mode EXEC mode Example Router gt show ip dhcp declined DHCP server enabled IP address Hardware address 172 16 1 11 00a0 9802 32de 172 16 3 254 02c7 800 0422 Router gt show ip dhcp declined 172 16 1 11 DHCP server enabled 686 DHCP Server Commands IP address Hardware address 172 16 1 1100a0 9802 32de L t 12 show ip dhcp declined Field Descriptions e IP address The IP address of the host as recorded on the DHCP Server e Hardware address The MAC address or client identifier of the host as recorded on the DHCP Server show ip dhcp expired Use the show ip dhcp expired EXEC command to display the specific one or all the expired addresses on the Dynamic
151. 8 Designated path cost 20000 BPDU guard Disabled state 1 Role N A Port cost 20000 Port Fast N A configured no Address N A Designated path cost N A BPDU guard Disabled Spanning Tree Commands 483 Number of transitions to forwarding state N A BPDU sent N A received N A Console show spanning tree ethernet gil 0 1 Port 1 gil 0 1 enabled State Forwarding Role Root Port id 128 1 Port cost 20000 Type P2p configured auto RSTP Port Fast No configured no Designated bridge Priority 32768 Address 00 01 42 97 e0 00 Designated port id 128 25 Designated path cost 0 Guard root Disabled BPDU guard Disabled Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Console show spanning tree mst configuration Name Regionl Revision 1 Instance Vlans mapped State 0 1 9 21 4094 Enabled E 10 20 Enabled 484 Spanning Tree Commands Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST Root ID IST Master Interfaces Name gil 0 1 gil 0 2 gil 0 3 gil 0 4 ID Enabled Enabled Enabled Enabled Priority 32768 Path 20000 Cost gil 0 1 Root Port Priority 32768 Address 00 01 42 97 e0 00 Address 00 02 4b 29 7a 00 This switch is the IST master Hello Time 2 sec Max Age 20 sec Max hops 20 Prio Nbr Cost Ss E 20000 128 2 20000 128 3 20000 128 4 20000 St
152. 8192 seconds Default Configuration The default LLDP frame transmission delay is 2 seconds Command Mode Global Configuration mode User Guidelines It is recommended that the tx delay be less than 0 25 of the LLDP timer interval Example The following example sets the LLDP transmission delay to 10 seconds Console config 1ldp tx delay 10 Ildp optional tlv Use the dp optional tlv Interface Configuration Ethernet mode command to specify which optional TLVs from the basic set are transmitted Use the no form of this command to restore the default configuration 428 LLDP Commands Syntax lldp optional zk v t v2 dra no lldp optional tlv Parameters tlv Specifies TLV that should be included Available optional TLVs are port desc sys name sys desc sys cap 802 3 mac phy 802 3 lag 802 3 max frame size Default Configuration No optional TLV is transmitted Command Mode Interface Configuration Ethernet mode Example The following example specifies that the port description TLV is transmitted on gigabitethernet port 1 0 2 Console config interface gigabitethernet 1 0 2 Console config if lldp optional tlv port desc lldp management address Use the Ildp management address Interface Configuration Ethernet mode command to specify the management address advertised from an interface Use the no form of this command to stop advertising management address information Syntax Ildp management
153. Access list Configuration mode User Guidelines You enter MAC access list configuration mode by using the MAC Access list Global Configuration command After an access control entry ACE is added to an access control list an implied deny any any condition exists at the end of the list That is if there are no matches the packets are denied However before the first ACE is added the list permits all packets Example console config mac access list extended serverl 709 console config mac al permit 00 00 00 00 00 01 00 00 00 00 00 ff any service acl input use the service acl input command in interface configuration mode to control access to an interface Use the no form of this command to remove the access control Syntax service acl input ac name acl name2 no service acl input Parameters acl name Specifies an ACL to apply to the interface See the usage guidelines Range acl name0 32 characters Use for empty string Default No ACL is assigned Command Mode Interface Configuration Ethernet Port Channel mode Interface Configuration Ethernet VLAN Port Channel mode User Guidelines IPv4 ACL and IPv6 ACL can be bound together to an interface MAC ACL cannot be bound on an interface with IPv4 ACL or IPv6 ACL Two ACLs of the same type can t be added to a port An ACL cannot be added to a port that is alredy bounded to an ACL without first removing the current ACL and binding the two AC
154. Address Source address Ports 8 ff 02 4 4 4 gil 0 9 8 02 742474 fe80 200 7ff f gil 0 9 e00 200 404 Address Table Commands show bridge multicast address table static Use the show bridge multicast address table static EXEC mode command to display the statically configured multicast addresses Syntax show bridge multicast address table static v an vlan 1d address mac multicast address d ipv multicast address 1pv6 multicast address source ipv source address ipv6 source address all mac ip Parameters e vlan vlan id Specifies the VLAN ID e address mac multicast address ipv4 multicast address ipv6 multicast address Specifies the multicast address The possible values are e mac multicast address Specifies the MAC multicast address e ipv4 multicast address Specifies the IPv4 multicast address e ipv6 multicast address Specifies the IPv6 multicast address e source ipv4 source address ipv6 source address Specifies the source address The possible values are e mpv4 address Specifies the source IPv4 address e ipv6 address Specifies the source IPv6 address Default Configuration When all mac ip is not specified all entries mac and ip will be displayed Command Mode EXEC mode User Guidelines A MAC address can be displayed in IP format only if it is within the range 0100 5e00 0000 0100 5e7E ffff Address Table Commands 405 Example The following example d
155. Assignment is enabled for an interface the user is not able to assign Proprietary Protocol Filtering rules to that interface The following table defines the DA and protocol types of the packets that are subject for discarding per each command Destination Address Protocol Type 00 0ccc cccc 0x2000 00 0666 Cep 0x2003 00 0ccc ccce 0x2004 00 0ccc ccce 0x0111 00 0ccc cccc 0x0104 00 0ccc cccd DH Dese cect 0100 0ece cect Example Console Config if service acl input blockcdp blockvtp time range use the time range global configuration mode command to enable time range configuration mode and define time ranges for functions such as access lists Use the no form of this command To remove the time range configuration Syntax time range time range name no time range time range name Parameters time range name Spcecifies the name for the time range Range 1 32 characters Default No time range is defined 713 Command Mode Global Configuration mode User Guidelines After the time range command use the periodic time range configuration command and the absolute time range configuration command Multiple periodic commands are allowed in a time range Only one absolute command is allowed If a time range command has both absolute and periodic values specified then the periodic items are evaluated only after the absolute start time is reached and are not further
156. Be RS ete Hee 52 banner login cc cece e cece eee eens 55 banner mond 57 exec hauner ss moesta ana EE EE E i 59 Iogin hanner 60 MOtd banner 0 ccc eee eee teen eee eee 61 Show hanner 61 3 Macro Commands e ceoeaced EEN 63 MACIO MAME 0 eee eee eee ete ete ee eens 63 macro app 65 macro description 67 macro global 68 macro global description 69 show parser macro 2 2 eee cece cece eee ee 70 4 System Management Commands 71 PING 2sc2eden haaa dade N E este hd eed D ET UE 74 telnet et ee heey dee dees Wed EE Sere 77 CT 81 hostname esine Meda Sea ea ea see 82 POlOAG vic 30 EEN BEN EE NEEN EE vind 83 Stack Masters dees ve eech de Fie a Serge Se 83 system light 20000 et ek AEs 84 switch renumber 0 ccc ceeee cence eee eens 84 show switch c0ccceceeeeeeeeeeeeaeeeeees 85 service cpu utilization eee ee 86 show cpu utilization eee eee ee 87 clear cpu counters 0 20eeeeee eee eee 87 service Cpu Counters ee eee eee ee 88 show cpu counters cece eee eee 88 SHOW Users 355 5525 och Vis eek Sena oe whee 89 SHOW SOSSIONS EE 90 show system 0c cece cece ee eee eee eens 91 Show VEISION ENEE sees hed a Su SE EEN 94 system resources routing eee eee 94 show system resources routings asnasan 95 show system tcam utilization ae 96 show system defaults ccc ece cence eee 97 show tech support 2
157. CP Server Commands dynamic allocated DHCP server enabled The The The The The number number number number number IP address of of of of of used all types entries is 5 pre allocated entries is 1 allocated entries is 1 expired entries is 1 declined entries is 2 Hardware Address Lease Expiration Type State 1 16 3 24 02c7 802 0422 dynamic declined The following table describes the significant fields shown in the display Field Description IP address The host IP address as recorded on the DHCP Server Hardware The MAC address or client identifier of the host as recorded address on the DHCP Server Lease expiration The lease expiration date of the host IP address Type The manner in which the IP address was assigned to the host State The IP Address state show ip dhcp server statistics Use the show ip dhep server statistics EXEC command to display Dynamic Host Configuration Protocol DHCP Server statistics Syntax show ip dhcp server statistics Command Mode EXEC mode DHCP Server Commands 683 Example The following example displays DHCP Server statistics DHCP server The number number number number number number number number number number of enabled network pools is 6 f excluded pools is 2 f used all types entries is 7 f pre allocated entries is 1 f allocated entries is 3 f static entries is 1 f dynamic ent
158. Command Mode Interface Configuration Ethernet Port channel mode Example The following example sets a shaper on gigabitethernet port 1 0 5 when the average traffic rate exceeds 124000 kbps or the normal burst size exceeds 9600 bytes Console config interface gil 0 5 Console config if traffic shape 124000 9600 Quality of Service QoS Commands 743 rate limit Ethernet Use the rate limit Interface Configuration Ethernet mode command to limit the incoming traffic rate on a port Use the no form of this command to disable the rate limit Syntax rate limit committed rate kbps burst committed burst byte no rate limit Parameters e rate Specifies the maximum number of kilobits per second of ingress traffic on a port The range is 3 10000000 e burst bytes The burst size in bytes 3000 19173960 If unspecified defaults to 128K Default Configuration Rate limiting is disabled Command Mode Interface Configuration Ethernet mode User Guidelines Example The following example limits the incoming traffic rate on gigabitethernet port 1 0 5 to 150 000 kbps Console config interface gil 0 5 Console config if rate limit 150000 qos wrr queue wrtd Use the qos wrr queue wrtd Global Configuration mode command to enable Weighted Random Tail Drop WRTD Use the no form of this command to disable WRTD 744 Quality of Service QoS Commands Syntax qos wrt queue wrtd no qos wrr queue witd
159. Configuration mode show system fans Use the show system fans EXEC command to view the fans status Syntax show system fans Command Mode EXEC mode Example console gt show system fans Unit Temperature Speed Admin state Oper state Celsius RPM 1 30 8000 auto on 2 40 8000 on on The asset tag Global Configuration mode command assigns an asset tag to a device Use the no form of this command to restore the default setting Syntax asset tag unit unzt tag no asset tag unit uzt System Management Commande 103 Parameters e unit Specifies the unit number Range 1 8 e tag Specifies the device asset tag Default Configuration No asset tag is defined The default unit number is the master unit number Command Mode Global Configuration mode Example The following example assigns the asset tag 2365491870 to the device Console config asset tag 2365491870 show system id The show system id EXEC mode command displays the system identity information Syntax show system id unit unit Parameters unit unit Specifies the unit number Range 1 8 Command Mode EXEC mode 104 System Management Commands Example The following example displays the system identity information Console gt show system id Unit Service tag Serial number Asset tag 1 89788978 8936589782 7843678957 2 3216523877 5621987728 System Management Commande 105 106 System Management Commands Clock C
160. Console show interfaces access lists Interface ACL gil 0 1 Ingress ip ipv6 Egress mac gil 0 4 Egress mac gil 0 5 Ingress ip clear access lists counters Use The Clear Access lists Counters Privileged EXEC mode command to clear access lists counters Syntax clear access lists counters interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode Example console clear access lists counters gigabitethernet 1 0 1 show interfaces access lists counters Use the show interfaces access lists counters Privileged EXEC mode command to display Access List counters Syntax show interfaces access lists counters ethernet interface d port channel port channel number Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode User Guidelines The counter of deny ACE hits counts only ACEs with the log input keyword Because forwarding is done in hardware and counting is done in software if a large number of packets match a deny ACE containing a log input keyword the software might not be able to match the hardware processing rate and not all packets are counted Example console show interfaces access lists counters Interface Deny ACE hits gil 0 1 79 gil 0 2 9 720 gil
161. DP Administrate status enabled EEE LLDP Operational status enabled Resolved Tx Timer 10usec Local Tx Timer 10 usec Remote Rx Timer 5 usec Resolved Timer 25 usec EEE Commands 375 Local Rx Timer 20 usec Remote Tx Timer 25 usec 376 EEE Commands Green Ethernet show green ethernet Use the show green ethernet Privileged EXEC mode command to show green ethernet configuration and information Syntax show green ethernet in erface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Parameters Range Default When no interface is specified this command shows information for all interfaces Command Mode Privileged EXEC mode User Guidelines The following describes all possible reasons the show command displays and their descriptions If there are a several reasons for non operation then only the highest priority reason is displayed Energy detect Non operational Reasons priority Reason Description Green Ethernet 377 Port is not present Link Type is not supported fiber auto media select Port Link is up NA Short Reach Non operational Reasons Priority Reason Description 1 NP Port is not present LT Link Type is not supported fiber LS Link Speed Is not Supported 100M 10M 10G LL Link Length received from VCT Test exceed threshold LD Port Link is Down NA 2 3 4 6 Example console s
162. Default Configuration The default deadtime interval is 0 Command Mode Global Configuration mode Example The following example sets all RADIUS server deadtimes to 10 minutes Console config radius server deadtime 10 show radius servers Use the show radius servers Privileged EXEC mode command to display the RADIUS server settings Syntax show radius servers Command Mode Privileged EXEC mode 256 RADIUS Commands Example The following example displays RADIUS server settings Console Port Port IP address Auth Acct LIZ eb ded T812 1813 Le Le T812 1813 Global values TimeOut 3 Retransmit 3 Deadtime 0 Source IP 172 176 8V1 show radius servers Global 11 Retrans mit Global 8 Global Global RADIUS Commands Source Priority Usage IET p ian s SE 1 All Global 2 All Global 257 258 RADIUS Commands TACACS Commands tacacs server host Use the tacacs server host Global Configuration mode command to specify a TACACS host Use the no form of this command to delete the specified TACACS host Syntax tacacs server host 7p address hostname single connection port port number timeout timeout key key string source source priority priority no tacacs server host ip address hostname Parameters e ip address Specifies the TACACS server host IP address e hostname Specifies the TACACS server host name Length 1 158 characters Maximum label leng
163. Dell PowerConnect 5500 Series CLI Reference Guide Regulatory Model PC5524 PC5524P PC5548 and PC5548P Notes Cautions and Warnings E NOTE A NOTE indicates important information that helps you make better use of your computer VAN CAUTION A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed A WARNING A WARNING indicates a potential for property damage personal injury or death Information in this publication is subject to change without notice 2011 2012 Dell Inc All rights reserved Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc is strictly forbidden Trademarks used in this text Dell the DELL logo Dell Precision OptiPlex Latitude PowerEdge PowerVault PowerConnect OpenManage EqualLogic KACE FlexAddress and Vostro are trademarks of Dell Inc Intel Pentium Xeon Core and Celeron are registered trademarks of Intel Corporation in the U S and other countries AMD is a registered trademark and AMD Opteron AMD Phenom and AMD Sempron are trademarks of Advanced Micro Devices Inc Microsoft Windows Windows Server MS DOS and Windows Vista are either trademarks or re gistered trademarks of Microsoft Corporation in the United States and or other countries Red Hat Enterprise Linux and Enterprise Linux are registered trademarks of Red Hat Inc
164. EpSwoQUvV35LqJJk6710U zfwOllg kTwm1750R9gHujS6KwGN2QWXgh3ub8gDjTSq muSn Wd05iDX2IExQWu08licg1lk02LYciz Z4TrEU 9FIxwPiVQOjc KBXuR0 juNg5nFYsY OZCkON W9a tnkm1shRE7Di71 w3fNiOA 6w9044t 6 AINEICBCCA4YcF6zMzaTlwefWwXxX6f Rmt SnhhqdAtN 4oJfce166DqvxX1gWmN zZNR4DYDvSzg01DnwCAC8Qh Fingerprint a4 16 46 23 5a 8d 1d b5 37 59 eb 44 13 b9 33 e9 Console config crypto key pubkey chain ssh Console config pubkey chain user key bob rsa Console config pubkey key key string row AAAAB3Nza Console config pubkey key key string row Clyc2 Telnet SSH and SloginCommands 209 show ip ssh The show ip ssh Privileged EXEC mode command displays the SSH server configuration Syntax show ip ssh Command Mode Privileged EXEC mode Example The following example displays the SSH server configuration Console show ip ssh SSH server enabled Port 22 RSA key was generated DSA DSS key was generated SSH Public Key Authentication is enabled Active incoming sessions IP address SSH Version Cipher See username tN it Patek Auth code Ly ao ig oo Oo EA E E Lieb 3DES John Brown HMAC SHA1 The following table describes the significant fields shown in the display Field Description IP address The client address SSH username The user name Version The SSH version number 210 Telnet SSH and Slogin Commands Field Description Cipher The encryption type DES Blowfish
165. Erase Line EL At any time during an active Telnet session available Telnet commands can be listed by pressing the Ctrl shift 6 keys at the system prompt 78 System Management Commands A sample of this list follows Note that the Ctrl shift 6 sequence appears as on the screen Console gt Ctrl shift 6 Special telnet escape help AA sends telnet BREAK AA sends telnet IP AA B C H sends telnet EC O sends telnet AO E AA sends telnet AYT U sends telnet EL Ctrl shift 6 x suspends the session return to system command prompt Several concurrent Telnet sessions can be opened enabling switching between the sessions To open a subsequent session the current connection has to be suspended by pressing the escape sequence keys Ctrl shift 6 and x to return to the system command prompt Then open a new connection with the telnet EXEC mode command This command lists concurrent Telnet connections to remote hosts that were opened by the current Telnet session to the local device It does not list Telnet connections to remote hosts that were opened by other Telnet sessions Keywords Table Options Description echo Enables local echo quiet Prevents onscreen display of all messages from the software source interface Specifies the source interface System Management Commande 79 Options Description stream Tu
166. Ethernet port channel mode User Guidelines The command automatically removes the port from the previous VLAN and adds it to the new VLAN VLAN Commands 501 Example The following example configures a VLAN ID of 23 to the untagged layer 2 VLAN gigabitethernet port 1 0 1 Console config interface gigabitethernet 1 0 1 Console config if switchport access vlan 23 switchport access multicast tv vlan Use the switchport access multicast tv vlan Interface Configuration Ethernet Port channel mode command to enable receiving multicast transmissions from a VLAN that is not the Access port VLAN while keeping the L2 segregation with subscribers on different Access port VLANs Use the no form of this command to disable receiving multicast transmissions Syntax switchport access multicast tv vlan v an id no switchport access multicast tv vlan Parameters vlan id Specifies the Multicast TV VLAN ID Default Configuration Receiving multicast transmissions is disabled Command Mode Interface Configuration Ethernet Port channel mode User Guidelines The user cannot transmit multicast transmissions on the multicast TV VLAN A multicast TV VLAN cannot be enabled if a Guest VLAN is enabled on the interface 502 VLAN Commands Example The following example enables gigabitethernet port 1 0 5 to receive multicast transmissions from VLAN 11 Console config interface gigabitethernet 1 0 5 Console config if
167. Global Configuration mode command enables public key authentication of incoming SSH sessions Use the no form of this command to disable this function Syntax ip ssh pubkey auth no ip ssh pubkey auth Default Configuration Public Key authentication of incoming SSH sessions is disabled Command Mode Global Configuration mode User Guidelines AAA authentication is independent Telnet SSH and SloginCommands 205 Example The following example enables public key authentication for incoming SSH sessions Console config ip ssh pubkey auth crypto key pubkey chain ssh The crypto key pubkey chain ssh Global Configuration mode command enters the SSH Public Key chain Configuration mode This mode is used to manually specify other device public keys such as SSH client public keys Syntax crypto key pubkey chain ssh Default Configuration Keys do not exist Command Mode Global Configuration mode User Guidelines Use this command when you want to manually specify SSH client s public keys Example The following example enters the SSH Public Key chain Configuration mode and manually configures the RSA key pair for SSH public key chain to bob Console config crypto key pubkey chain ssh Console config pubkey chain user key bob Console config pubkey key key string rsa AAAAB3NzaC 1lyc2EAAAADAQABAAABAQCvTnRwPW1 Al4kpqIw9GBRonZQZxjHKcqKL6rM10 ZNX ZSkvHG QusIZ 761LmFT34v7u7ChFAE Vu4GREpSwoQUvV35LqJJk671
168. Guidelines A macro can contain up to 3000 characters and up to 200 lines Enter one macro command per line Use the character to end the macro Use the character at the beginning of a line to enter comment text within the macro You can define mandatory keywords within a macro by using a help string to specify the keywords Enter macro keywords word to define the keywords that are available for use with the macro The keyword name is case sensitive You can enter up to three keywords separated by a space Only the first three Macro Commands 63 keywords are visible if you enter more than three macro keywords The command can be anywhere within the macro When creating a macro do not use the exit or end commands or change the command mode using interface interface id Doing so might cause commands that follow exit end or interface interface id to be executed in a different command mode You can modify a macro by creating a new macro with the same name as the existing macro The newer macro overwrites the existing macro Examples The following example shows how to create a macro that defines the duplex mode and speed Switch config macro name dup Enter macro commands one per line End with the character macro description dup duplex full speed auto The following example shows how to create a macro with macro keywords Switch config macro name duplex Enter macro commands one per line End with the charac
169. I commands Accessing the CLI from the Console Line Start the device and wait until the startup procedure is complete The User Exec mode is entered and the prompt console gt is displayed 2 3 Accessing the CLI from Telnet 1 2 3 4 Configure the device and enter the necessary commands to complete the required tasks When finished exit the session with the quit or exit command Enter telnet and the IP address of the device A User Name prompt is displayed Enter the User Name and Password You are in the Privileged Exec mode Configure the device and enter the necessary commands to complete the required tasks When finished exit the session with the quit or exit command When another user is required to log onto the system the login command is entered in the Privileged EXEC command mode This effectively logs off the current user and logs on the new user CLI Command Conventions The following table describes the command syntax conventions In a command line square brackets indicates an optional entry In a command line curly brackets indicate a selection of compulsory parameters separated by the character One option must be selected For example flowcontrol auto on off means that for the flowcontrol command either auto on or off must be selected Italic font Indicates a parameter lt Enter gt Any individual key on the keyboard For example click lt
170. I connections supported in the system The amount of iSCSI sessions has effect on the system memory consumption The memory consumption is 500 bytes per session and 20 bytes per connection 256 sessions each with 4 connections consumes 145KB In the current implementation if more than 1024 connections exist you will still get QoS but only 1024 connections will be displayed show iscsi Use the show iscsi Privileged EXEC mode command to display the iSCSI configuration Syntax show iscsi Command Mode Privileged EXEC mode User Guidelines The iSCSI targets displayed are the statically configured targets only To display all iSCSI entities targets and initiators whether statically configured or dynamically discovered use the show iscsi sessions command iSCSI Commands 595 Example The following example display the iSCSI configuration Console show iscsi iSCSI disabled iSCSI COS disabled iSCSI vpt is 5 Remark iSCSI aging time 5 min Maximum number of connections 256 iSCSI targets and TCP ports TCP Target IP Name Port Address show iscsi sessions Use the show iscsi sessions Privileged EXEC mode command to display the iSCSI sessions Syntax show iscsi sessions detailed Parameters detailed Specifies that the displayed list is detailed Command Mode Privileged EXEC mode 596 iSCSI Commands User Guidelines The target list is not sorted alphabetically The aging mechanism checks
171. IB kor SNMPv3 the software doesn t automatically create a user nor a notify view Use the commands snmp server user snmp server group and snmp server view in Global Configuration mode to create a user a group or a notify group respectively The format of an Pv6Z address is lt spv6 ink local address gt lt intertace name gt interface name vlan lt integer gt ch lt integer gt isatap lt integer gt lt physical port name gt 0 integer lt decimal number gt lt integer gt lt decimal number gt decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example 1 0 16 If the egress interface is not specified the default interface is selected Specifying interface zone 0 is equal to not defining an egress interface Example The following defines a host at the IP address displayed console config snmp server host 1 1 1 121 abe 170 SNMP Commands snmp server enginelD local The snmp server engineID local Global Configuration mode command specifies the Simple Network Management Protocol SNMP engineID on the local device Use the no form of this command to remove the configured engine ID Syntax snmp server engineID local enginerd string default no snmp server engineID local Parameters e engineid string Specifies a concatenated hexadecimal character string identifying the engine ID Each byte in a hexadecimal character string is two hexadecimal digits
172. IP address for gigabitethernet port 1 0 16 from DHCP Console config interface gigabitethernet 1 0 16 Console config if ip address dhcp renew dhcp Use the renew dhep Privileged EXEC mode command to renew an IP address that was acquired from a DHCP server for a specific interface Syntax renew dhcp interface id force autoconfig Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port Port channel or VLAN force autoconfig In the case the DHCP server holds a DHCP option 67 record for the assigned IP address the file would overwrite the existing device configuration Command Mode Privileged EXEC mode User Guidelines Note that this command does not enable DHCP on an interface If DHCP is not enabled on the requested interface the command returns an error message If DHCP is enabled on the interface and an IP address was already acquired the command tries to renew that IP address If DHCP is enabled on the interface and an IP address has not yet been acquired the command initiates a DHCP request 602 IP Addressing Commands Example The following example renews an IP address that was acquired from a DHCP server for VLAN 19 Console renew dhcp vlan 19 ip default gateway The ip default gateway Global Configuration mode command defines a default gateway device Use the no form of this command to restore the default configuration Syntax
173. Interface Configuration mode command Quality of Service QoS Commands 731 If specifying trust cos QoS maps a packet to a queue the received or default port CoS value and the CoS to queue map If specifying trust dscp QoS maps the packet using the DSCP value from the ingress packet If specifying tep udp port QoS maps the packet to a queue using the TCP UDP port value from the ingress packet and the tep udp port to queue map Example The following example creates an ACL places it into a class map places the class map into a policy map and configures the trust state using the DSCP value in the ingress packet console config mac access list extended m1 console config mac al permit any any console config mac al exit console config class map cl console config cmap exit console config policy map p1 console config pmap class c1 console config cmap match access group ml console config pmap c trust cos dscp set Use the set Policy map Class Configuration mode command to set new values in the IP packet Syntax set dscp new dscp queue queue id cos new cos no set Parameters e dscp new dscp Specifies the new DSCP value for the classified traffic Range 0 63 732 Quality of Service QoS Commands queue queue id Specifies the explicit queue id to set the egress queue e cos new cos Specifies the new User priority to be marked
174. Jan 19 2004 08 23 48 Bob Serial Jan 19 2004 08 29 29 Robert HTTP 172 16 0 8 Jan 19 2004 08 42 31 John SSH 172 16 0 1 Jan 19 2004 08 49 52 Betty Telnet 72 16 1467 248 AAA Commands RADIUS Commands radius server host Use the radius server host Global Configuration mode command to specify a RADIUS server host Use the no form of the command to delete the specified RADIUS server host Syntax radius server host 7pv4 address ipv6 address pv6z address hostname auth port auth port number timeout timeout retransmit retries deadtime deadtime key key string source ipv4 address ipv6 address priority priority usage login amp 02 1x all no radius server host ipv address ipv6 address hostname Parameters e ipv4 address Specifies the RADIUS server host IPv4 address ipv6 address Specifies the RADIUS server host IPv6 address e ipv6z address Specifies the RADIUS server host IPv6Z address The IPv6Z address format is ipv6 link local address interface name The subparameters are e ipv6 link local address Specifies the IPv6 Link Local address e mterface name Spcecifies the outgoing interface name The interface name has the format vlan integer ch integer isatap integer physical port name The subparameter integer has the format decimal digit integer decimal digit decimal digit has the range 0 9 RADIUS Commands 249 e hostname Spccifies the RADIUS serve
175. Ls together Example console config mac access list extended server console config mac al permit 00 00 00 00 00 01 00 00 00 00 00 ff any console config mac al exit console config interface gigabitethernet 1 0 1 710 console config if service acl input server service acl output Use the service acl output command in Interface Configuration mode to control access to an interface on the Egress transmit path Use the no form of this command to remove the access control Syntax service acl output ac name acl name2 no service acl output Parameters acl name Specifies an ACL to apply to the interface See the Usage Guidelines Range acl name 32 characters Use for empty string Default No ACL is assigned Command Mode Interface Configuration Ethernet Port Channel mode Interface Configuration Ethernet VLAN Port Channel mode User Guidelines The deny rule actions log input and disable port are not supported Trying to use these actions will result in an error IPv ACLs and IPv6 ACLs can be bound together on an interface A MAC ACL cannot be bound on an interface together with an IPv4 ACL or IPv6 ACL Two ACLs of the same type cannot be added to a port An ACL cannot be added to a port that is already bound to an ACL without first removing the current ACL and binding the two ACLs together Example console config mac access list extended server console config mac al
176. N Disabled Cos 6 with no remark OUI table 00 E0 BB 3COM 00 03 6B Cisco 00 E0 75 Veritel 00 D0 1E Pingtel 00 01 53 Simens 00 60 B9 NEC Philips 00 0F E2 Huawei 3COM 00 09 6E Avaya Network security defaults DHCP snooping Disabled ARP inspection Disabled ARP inspection Validation Disabled DOS attacks IP addressing defaults No IP interface is defined QOS and ACLs defaults QoS mode is basic QoS Basic Trust Mode CoS QoS Advanced Trust Mode CoS DSCP Queue default mapping 100 System Management Commands cos qid 0 2 1 1 2 1 3 3 4 4 5 5 6 6 7 7 show tech support Use the show tech support command to display system and configuration information you can provide to the Technical Assistance Center when reporting a problem Syntax show tech support config memory Parameters Memory Displays memory and processor state data Config Displays switch configuration within the CLI commands supported on the device Default Configuration By default this command displays the output for technical support related show commands Use keywords to specify the type of information to be displayed If you do not specify any parameters the system displays all configuration and memory data Command Types Switch command Command Mode EXEC mode System Management Commands 101 User Guidelines Caution Avoid running multiple show tech support commands on a switch or multiple switch
177. N is defined as a guest VLAN 802 1x Commands 315 Command Mode Interface Configuration VLAN mode User Guidelines Use the dot1x guest vlan enable Interface Configuration mode command to enable unauthorized users on an interface to access the guest VLAN If the guest VLAN is defined and enabled the port automatically joins the guest VLAN when the port is unauthorized and leaves it when the port becomes authorized To be able to join or leave the guest VLAN the port should not be a static member of the guest VLAN Example The following example defines VLAN 2 as a guest VLAN Console configure Console config interface vlan 2 Console config if dot1x guest vlan dot1x guest vlan timeout Use the dot1x guest vlan timeout Global Configuration mode command to set the time delay between enabling 802 1x or port up and adding a port to the guest VLAN Use the no form of this command to restore the default configuration Syntax dot ls guest vlan timeout t7meout no dotlx guest vlan timeout Parameters timeout Specifies the time delay in seconds between enabling 802 1x or port up and adding the port to the guest VLAN Range 30 180 Default Configuration The guest VLAN is applied immediately 316 802 1x Commands Command Mode Global Configuration mode User Guidelines This command is relevant if the guest VLAN is enabled on the port Configuring the timeout adds delay from enabling 802 1X or port up to th
178. Oe al fr GP Ps Cu Ps Fa Temperature 47 45 49 36 39 45 40 56 Up time 00 00 31 24 00 00 31 19 00 00 31 24 00 00 31 24 00 00 31 24 00 00 31 24 00 00 31 25 00 00 31 25 console show system unit 2 System System System System System System System Type Type Up Time days hour min sec Contact Name Location MAC Address Object ID Main Power Supply Status PowerConnect 5548 08 23 03 46 00 99 88 66 33 33 1 3 6 1 4 1 674 10895 3031 PowerConnect 5548 OK System Management Commande 93 Fans Status OK Unit Temperature Celsius Status show version The show version EXEC mode command displays system version information Syntax show version unit oul Parameters unit unit Specifies the unit number Range 1 8 Command Mode EXEC mode Example The following example displays system version information console gt show version Unit SW Version Boot Version HW Version 313 2 178 1 0 0 3 131 2 178 1 0 0 system resources routing The system resources routing Global Configuration mode command configures the routing table maximum size Use the no form of this command to return to the default size Syntax system resources routing routes hosts interfaces 94 System Management Commands no system resources routing Parameters e routes Spccifies the maximum number of remote networks in the routing table e hosts Specifies the maximum number of di
179. PV6WithNotIP Radius accept message contains IPv6 and not IP simultaneously POL BasicMode Policy Map is not supported in the QoS basic mode POL DEL Policy Map was deleted by a user POL OVRFL Policy Map sent by radius server can not be applied because of TCAM overflow RAD APIERR RADIUS API returned error e g No RADIUS server is configured RAD_INVLRES RADIUS server returned invalid packet e g EAP Attribute is missing RAD NORESP RADIUS server is not responding 326 VLAN DFLT VLAN sent by radius server can not be applied because it is the Default VLAN 802 1x Commands Table 1 Reject Reason Description VLAN DYNAM VLAN sent by radius server can not be applied because it is a Dynamic VLAN VLAN GUEST VLAN sent by radius server can not be applied because it is the Guest VLAN Examples Example 1 Switch show dotlx monitoring results Monitoring VLAN 100 Port VLAN UsernameMAC Reject Time Address Reason gil 0 1 100 Bob 0008 3b79 8787 VLAN NOTEX08 19 17 gil 0 2 15 John 0008 3b89 3128 SERV ERR 09 20 11 gil 0 2 5 John 0008 3b89 3129 SERV ERR 09 20 11 Example 2 Switch show dot1x monitoring Bob Username Bob Port gil 0 1 Quiet period 60 Seconds Tx period 30 Seconds Max req 2 Supplicant timeout 30 Seconds Server timeout 30 Seconds Session Time HH MM SS 08 19 17 MAC Address 00 08 78 32 98 78 Authentication Method Remote Assigned VLAN 207 R
180. RC4 Auth Code The authentication Code HMAC MD5 HMAC SHA 1 show crypto key pubkey chain ssh The show crypto key pubkey chain ssh Privileged EXEC mode command displays SSH public keys stored on the device Syntax show crypto key pubkey chain ssh username username fingerprint bubble babble hex Parameters e username username Specifies the remote SSH client username Length 1 48 characters e fingerprint bubble babble hex Spccifies the fingerprint display format The possible values are e bubble babble Specifies that the fingerprint is displayed in Bubble Babble format e hex Specifies that the fingerprint is displayed in hexadecimal format Default Configuration The default fingerprint format is hexadecimal Command Mode Privileged EXEC mode Example The following examples display SSH public keys stored on the device Console show crypto key pubkey chain ssh Username Telnet SSH and SloginCommands 211 bob john Fingerprint BATCC2012C5 278239227586 2792CC2232C5 982590 F 1286 98 P726GEs28sF2 79 87 2C8 18 F6 862CC2F8 89287 C8 Console show crypto key pubkey chain ssh username bob Username bob Key 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 YACCO1C5 129D99E4 Fingerprint 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 212 Telnet SSH and Slogin Commands Line Commands line The line Global Configuratio
181. Router Advertisement messages Use the no form of this command to disable address autoconfiguration on the interface Syntax ipv6 address autocontig no ipv6 address autocontig Parameters Thiis command has no arguments or keywords Default Configuration Address autoconfiguration is enabled on the interface no addresses are assigned by default Command Mode Interface Configuration Ethernet VLAN Port channel mode 624 IPv6 Addressing Commands User Guidelines When address autoconfig is enabled router solicitation ND procedure is initiated to discover a router and assign IP addresses to the interface based on the advertised on link prefixes When disabling address autoconfig automatically generated addresses that are assigned to the interface are removed The default state of the address autoconfig is enabled Use the enable ipv6 no autoconfig command to enable an Pv6 interface without address autoconfig Example console config interface vlan 1 console config if ipv6 address autoconfig ipv6 icmp error interval Use the ipv6 icmp error interval Global Configuration mode command to configure the rate limit interval and bucket size parameters for IPv6 Internet Control Message Protocol ICMP error messages Use the no form of this command to return the interval to its default setting Syntax ipv6 icmp error interval mu liseconds bucketsize no ipv6 icmp error interval Parameters e milliseconds Th
182. TP anycast client Syntax sntp anycast client enable no sntp anycast client enable Clock Commands 115 Default Configuration The SNTP anycast client is disabled Command Mode Global Configuration mode User Guidelines The polling time is configured with the sntp client poll timer Global Configuration mode command Use the sntp client enable Interface Configuration mode command to enable the SNTP client on a specific interface Example The following example enables SNTP anycast clients Console config sntp anycast client enable sntp client enable The sntp client enable Global Configuration mode command enables the Simple Network Time Protocol SNTP broadcast and anycast client on an interface Use the no form of this command to disable the SNTP client Syntax sntp client enable intertace id no sntp client enable interface id Parameters interface id Specifies an interface ID which can be one of the following types Ethernet port Port channel or VLAN Default Configuration The SNTP client is disabled on an interface Command Mode Global Configuration mode 116 Clock Commands User Guidelines The sntp broadcast client enable Global Configuration mode command globally enables broadcast clients The sntp anycast client enable Global Configuration mode command globally enables anycast clients Example The following example enables the SNTP broadcast and anycast client on gigabitethernet port
183. The following example sets the inline power management priority of gigabitethernet port 4 to High Console config interfacegigabitethernet 1 0 4 Console config if power inline priority high power inline usage threshold Use the power inline usage threshold Global Configuration mode command to configure the threshold for initiating inline power usage alarms Use the no form of this command to restore the default configuration Syntax power inline usage threshold percent no power inline usage threshold Parameters percent Specifies the threshold in percent to compare to the measured power Range 1 99 Power over Ethernet PoE Commande 359 Default Configuration The default threshold is 95 percent Command Mode Global Configuration mode Example The following example configures the threshold for initiating inline power usage alarms to 90 percent Console config power inline usage threshold 90 power inline traps enable Use the power inline traps enable Global Configuration mode command to enable inline power traps Use the no form of this command to disable traps Syntax power inline traps enable no power inline traps enable Default Configuration Inline power traps are disabled Command Mode Global Configuration mode Example The following example enables inline power traps Console config power inline traps enable 360 Power over Ethernet PoE Commands power inline limit Use the
184. The number of EAPOL Start frames that have been received by this Authenticator EapolLogoffFramesRx The number of EAPOL Logoff frames that have been received by this Authenticator EapolRespldFramesRx The number of EAP Resp Id frames that have been received by this Authenticator EapolRespFramesRx The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator EapolReqidFramesTx The number of EAP Req Id frames that have been transmitted by this Authenticator EapolReqFramesTx The number of EAP Request frames other than Req Id frames that have been transmitted by this Authenticator InvalidEapolFramesRx The number of EAPOL frames that have been received by this Authenticator for which the frame type is not recognized EapLengthErrorFramesR x The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid LastEapolFrameVersion The protocol version number carried in the most recently received EAPOL frame LastEapolFrameSource The source MAC address carried in the most recently received EAPOL frame clear dot1x statistics Use the clear dot 1x statistics Privileged EXEC mode command to clear 802 1x statistics 802 1x Commands 311 Syntax clear dot 1x statistics mterface id Parameters interface id Specify an Ethernet port ID Default Configuratio
185. The sntp client poll timer Global Configuration mode command sets the polling time for the Simple Network Time Protocol SNTP client Use the no form of this command to restore the default configuration Syntax sntp client poll timer seconds no sntp client poll timer Parameters seconds Specifies the polling interval in seconds Range 60 86400 Default Configuration The default polling interval is 1024 seconds Command Mode Global Configuration mode Example The following example sets the polling time for the SNTP client to 120 seconds Console config sntp client poll timer 120 114 Clock Commands sntp broadcast client enable The sntp broadcast client enable Global Configuration mode command enables Simple Network Time Protocol SNTP broadcast clients Use the no form of this command to disable SNTP broadcast clients Syntax sntp broadcast client enable no sntp broadcast client enable Default Configuration The SNTP broadcast client is disabled Command Mode Global Configuration mode User Guidelines Use the sntp client enable Interface Configuration mode command to enable the SNTP client on a specific interface Example The following example enables the SNTP broadcast clients Console config sntp broadcast client enable sntp anycast client enable The sntp anycast client enable Global Configuration mode command enables the SNTP anycast client Use the no form of this command to disable the SN
186. VRP is disabled on all interfaces Command Mode Interface Configuration Ethernet Port channel mode User Guidelines An access port does not dynamically join a VLAN because it is always a member of one VLAN only Membership in an untagged VLAN is propagated in the same way as in a tagged VLAN That is the PVID must be manually defined as the untagged VLAN VID Example The following example enables GVRP on gigabitethernet port 1 0 6 Console config interface gigabitethernet 1 0 6 Console config if gvrp enable garp timer Use the garp timer Interface Configuration Ethernet port channel mode command to adjust the values of the join leave and leaveall timers of GARP applications such as GVRP Use the no form of this command to restore the default configuration Syntax garp timer join leave d leaveall timer value no garp timer Parameters e join leave leaveall Spccifies the type of timer for which the timer value is specified The possible values are 548 GVRP Commands e join Spccifies the GARP join timer The GARP join timer value specifies the time interval between the two join messages sent by the GARP application e leave Specifies the GARP leave timer The GARP leave timer value specifies the time interval for a GARP application to wait for a join message after receiving a leave message for a GARP attribute before it de registers the GARP attribute e leaveall Specifies the GARP leaveall
187. WD Root No P2p RSTP Enabled 128 1 20000 FWD Desg No Shared STP Enabled 128 2 20000 BLK Altn No Shared STP Enabled 128 4 Console show spanning tree blockedports Spanning tree enabled mode RSTP Default port cost method long Root ID Bridge ID Interfaces Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port gil 0 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Spanning Tree Commands 481 Name State Prio Nbr Cost Sts Role PortFast Type gil 0 4 e 5 19 BLK Altn No Shared STP Enabled 128 4 Console show spanning tree detail Spanning tree enabled mode RSTP Default port cost method long Root ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port gil 0 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 2 last change occurred 2d18h ago Times hold 1 topology change 35 notification 2 hello 2 max age 20 forward delay 15 Port 1 gil 0 1 enabled State Forwarding Role Root Port id 128 1 Port cost 20000 Type P2p configured auto RSTP Port Fast No configured no Designated bridge Priority 32768 Address 00 01 42 97 e0 00 Designated port id 128 25 Designated path cost 0 Guard root Disabled BPDU guard Disabled
188. X TX PD SN SD SC auto chl Disabled Switch show lldp configuration gil 0 1 State Enabled Timer 30 Seconds Hold multiplier 4 Reinit delay 2 Seconds Tx delay 2 Seconds Notifications interval 5 seconds LLDP packets handling Filtering Port State Optional TLVs Address Notifications gil 0 1 RX TX PD SN SD SC 72 16 1 1 Disabled 802 3 optional TLVs 802 3 mac phy 802 3 lag 802 3 max frame size 802 1 optional TLVs PVID Enabled PPVIDs 0 1 92 VLANs 1 92 Protocols 802 1x 440 LLDP Commands The following table describes the significant fields shown in the display Field Description Timer The time interval between LLDP updates Hold multiplier The amount of time as a multiple of the timer interval that the receiving device holds a Link Layer Discovery Protocol LLDP packet before discarding it Reinit timer The minimum time interval an LLDP port waits before re initializing an LLDP transmission Tx delay The delay between successive LLDP frame transmissions initiated by value status changes in the LLDP local systems MIB Port The port number State The port s LLDP state Optional TLVs Optional TLVs that are advertised Possible values are PD Port description SN System name SD System description SC System capabilities Address The management address that is advertised Notifications Indicates whether LLDP notificatio
189. XEC mode Example The following example displays configuration and statistical information for all TACACS servers Console show tacacs IP address Status Port Single Time Source Priority Connection Out IP Lt dp E Connected 49 NOve EE Aspnes 1 Global Global Global values TimeOut 3 Source IP 172 16 8 1 TACACS Commands 263 264 TACACS Commands Syslog Commands logging on Use the logging on Global Configuration mode command to control error message logging This command sends debug or error messages to a logging process which logs messages asynchronously to designated locations for the process that generated the messages Use the no form of this command to disable the logging process Syntax logging on no logging on Default Configuration Message logging is enabled Command Mode Global Configuration mode User Guidelines The logging process controls the logging messages distribution at various destinations such as the logging buffer logging file or syslog server Logging on and off at these destinations can be individually configured using the logging buffered logging file and logging Global Configuration mode commands However if the logging on command is disabled no messages are sent to these destinations Only the console receives messages Syslog Commands 265 Example The following example enables logging error messages Console config logging on Logging host Use the logg
190. abitethernet 1 0 1 console config if dotlx timeout reauth period 5000 dot1x re authenticate The dotlx re authenticate Privileged EXEC mode command manually initiates re authentication of all 802 1x enabled ports or the specified 802 1x enabled port Syntax dot ls re authenticate interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode Privileged EXEC mode Example The following command manually initiates re authentication of 802 1x enabled gigabitethernet port 1 0 15 Console dotlx re authenticate gigabitethernet 1 0 15 802 1xCommands 299 dot1x timeout quiet period Use the dot1x timeout quiet period Interface Configuration Ethernet mode command to set the time interval that the device remains in a quiet state following a failed authentication exchange for example the client provided an invalid password Use the no form of this command to restore the default configuration Syntax dot ls timeout quiet period seconds no dot1x timeout quiet period Parameters seconds Spcecifies the time interval in seconds that the device remains in a quiet state following a failed authentication exchange with the client Range 0 65535 seconds Default Configuration The default quiet period is 60 seconds Command Mode Interface Configuration Ethernet mode User Guidelines During the quiet period the device does not accept or initiate authen
191. able Default Configuration The SNTP unicast client is disabled Command Mode Global Configuration mode User Guidelines Use the sntp server Global Configuration mode command to define SNTP Servers Example The following example enables the device to use Simple Network Time Protocol SNTP unicast clients Console config sntp unicast client enable 118 Clock Commands sntp unicast client poll The sntp unicast client poll Global Configuration mode command enables polling for the Simple Network Time Protocol SNTP predefined unicast clients Use the no form of this command to disable the polling for the SNTP client Syntax sntp unicast client poll no sntp unicast client poll Default Configuration Polling is disabled Command Mode Global Configuration mode User Guidelines Polling time is configured with the sntp client poll timer Global Configuration mode command Example The following example enables polling for SNTP predefined unicast clients Console config sntp unicast client poll sntp server The sntp server Global Configuration mode command configures the device to use the Simple Network Time Protocol SNTP to request and accept Network Time Protocol NTP traffic from a specified server Use the no form of this command to remove a server from the list of SNTP servers Syntax sntp server ipv4 address ipv6 address 1pv6z address hostname poll key keyrd Clock Commands 119
192. able count Capacity 8192 Free 8083 Used 109 Static addresses 2 Secure addresses 1 Dynamic addresses 97 Internal addresses 9 show bridge multicast address table Use the show bridge multicast address table EXEC mode command to display multicast MAC address or IP address table information Address Table Commands 401 Syntax show bridge multicast address table v an vlan id address mac multicast address 1pv4 multicast address d ipv6 multicast address format ip mac Parameters e vlan vlan id Specifies the VLAN ID e address mac multicast address ipv4 multicast address ipv6 multicast address Specifies the multicast address The possible values are e mac multicast address Specifies the MAC multicast address e ipv4 multicast address Specifies the IPv4 multicast address e ipv6 multicast address Specifies the IPv6 multicast address e format ip mac Specifies the multicast address format The possible values are e ip Specifies that the multicast address is an IP address e mac Specifies that the multicast address is a MAC address Default Configuration If the format is not specified it defaults to mac Command Mode EXEC mode User Guidelines A MAC address can be displayed in IP format only if it is within the range 0 100 500 0000 through 0100 5e7f ffff Multicast Router ports defined statically or discovered dynamically are members in all MC groups Ports
193. ace The show ip igmp snooping interface EXEC mode command displays the IGMP snooping configuration for a specific VLAN Syntax show ip igmp snooping interface v an id Parameters vlan id Specifies the VLAN ID Command Mode EXEC mode Example The following example displays the IGMP snooping configuration for VLAN 1000 Console show ip igmp snooping interface 1000 IGMP Snooping is globally enabled IGMP Snooping admin Enabled IGMP Snooping oper Enabled Routers IGMP version 3 Groups that are in IGMP version 2 compatibility mode 231 0212 Ek EAE Groups that are in IGMP version 1 compatibility mode 536 IGMP Snooping Commands IGMP Wd nooping querier admin Enabled IGMP snooping querier oper Enabled IGMP n nooping querier address admin IGMP snooping querier address oper 172 16 1 1 IGMP Wd nooping querier version admin 3 IGMP IGMP Wd nooping robustness admin 2 oper 2 n nooping query interval admin 125 sec oper 125 sec IGMP snooping query maximum response admin 10 sec oper 10 sec IGMP snooping last member query counter admin 2 oper 2 IGMP snooping last member query interval admin 1000 msec oper 500 msec IGMP snooping last immediate leave enabl Automatic learning of multicast router ports is enabled show ip igmp snooping groups The show ip igmp snooping groups EXEC mode command displays the multicast groups learned by the IGMP
194. ace Configuration Tunnel mode User Guidelines The ipv6 tunnel routers dns command determines the string that the host uses for automatic tunnel router lookup in the IPv4 DNS procedure By default the string ISATAP is used for the corresponding automatic tunnel types Only one string can represent the automatic tunnel router name per tunnel Using this command therefore overwrites the existing entry Example The following example configures the global string ISATAP2 as the automatic tunnel router domain name Console config tunnel 1 Console config tunnel tunnel isatap router ISATAP2 tunnel source Use the tunnel source Interface Configuration Tunnel mode command to set the local source Pv4 address of a tunnel interface The no form deletes the tunnel local address Syntax tunnel source d auto ipv4 address no tunnel source Tunnel Commands 645 Parameters e auto The system minimum IPv4 address is used as the source address for packets sent on the tunnel interface If the IPv4 address is changed then the local address of the tunnel interface is changed too e ip4 address Specifies the IPv4 address to use as the source address for packets sent on the tunnel interface The local address of the tunnel interface is not changed when the IPv4 address is moved to another interface only if StackTable is changed Default No source address is defined Command Mode Interface Configuration Tunnel mod
195. ad amp Underload states Port is off Underload state Port is off Overload state Port is off power budget exceeded Port is off internal hardware fault Port is off voltage injection into the port Port is off improper Capacitor Detection results Port is off discharged load Port fails Capacitor Port is on detection regardless Force On 364 Power over Ethernet PoE Commands Undefined error during Force On Supply voltage higher than settings Supply voltage lower than settings Disable_PDU flag raised during Force On Port is forced on then disabled Port is off forced power error due to Overload Port is off out of power budget during Force On Communication error with PoE devices after Force On Port is off short condition Port is off over temperature at the port Port is off device is too hot Unknown device port status Force Power Error Short Circuit Force Power Error Channel Over Temperature Force Power Error Chip Over Temperature Power Management Static Power Management Static ovl Force Power Error Management Static Force Power Error Management Static ovl High power port is ON Chip Over Power Force Power Error Chip Over Power show power inline consumption Use the show power inline consumption EXEC mode command to display information about the inline power consumption for all interfaces or for a specific interface Syntax show power inline consumption interface id mod
196. address prefix length eu1 64 Parameters ipv6 address Specifies the Pv6 network assigned to the interface This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16 bit values between colons e prefix length Specifies the length of the IPv6 prefix A decimal value that indicates how many of the high order contiguous bits of the address comprise the prefix the network portion of the address A slash mark must precede the decimal e eui 64 Optional Builds an interface ID in the low order 64 bits of the IPv6 address based on the interface MAC address e anycast Optional Indicates that this address is an anycast address e prefix length 3 128 64 when the eui 64 parameter is used Default Configuration No IP address is defined for the interface Command Mode Interface configuration Ethernet VLAN Port channel mode It cannot be configured for a range of interfaces range context User Guidelines If the value specified for the prefix length argument is greater than 64 bits the prefix bits have precedence over the interface ID IPv6 Addressing Commands 627 Using the no Pv6 address command without arguments removes all manually configured IPv6 addresses from an interface including link local manually configured addresses Example console config interface vlan 1 console config if ipv6 address 3000 123 64 eui 64 anycast ipv
197. address4 no ip host name Parameters e name Specifies the host name Length 1 158 characters Maximum label length 63 characters e address Specifies the associated IP address Up to 4 addresses can be defined Default Configuration No host is defined Command Mode Global Configuration mode User Guidelines Host names are restricted to the ASCII letters A through Z case insensitive the digits 0 through 9 the underscore and the hyphen A period is used to separate labels Example The following example defines a static host name to address mapping in the host cache IP Addressing Commands 619 Console config ip host accounting website com 176 10 23 1 clear host Use the clear host Privileged EXEC mode command to delete entries from the host name to address cache Syntax clear host name Parameters e name Specifies the host entry to remove Length 1 158 characters Maximum label length 63 characters e Removes all entries Command Mode Privileged EXEC mode Example The following example deletes all entries from the host name to address cache Console clear host clear host dhcp Use the clear host dhep Privileged EXEC mode command to delete entries from the host name to address mapping received from Dynamic Host Configuration Protocol DHCP Syntax clear host dhcp name Parameters e name Specifies the host entry to remove Length 1 158 characters
198. alk 517 telnet 23 time 37 uucp 117 whois 43 www 80 For UDP enter a number or one of the following values biff 512 bootpe 68 bootps 67 discard 9 dnsix 90 domain 53 echo 7 mobile ip 434 nameserver 42 netbios dgm 138 netbios ns 137 non500 isakmp 4500 ntp 123 rip 520 snmp 161 snmptrap 162 sunrpe 111 syslog 514 tacacs 49 talk 517 tftp 69 time 37 who 513 xdmep 177 Range 065535 e source port Specifies the UDP TCP source port Predefined port names are defined in the destination port parameter Range 0 65535 e match all list of flag List of TCP flags that should occur If a flag should be set it is prefixed by If a flag should be unset it is prefixed by Available options are urg Zack psh rst syn fin urg ack psh rst syn and fin The flags are concatenated to a one string For example fin ack e time range name Name of the time range that applies to this permit statement Range 1 32 Default No IPv6 access list is defined 704 Command Mode Ipv6 Access list Configuration mode User Guidelines The number of TCP UDP ranges that can be defined in ACLs is limited You can define up to ASIC specific ranges for TCP and up to ASIC specific ranges for UDP Ifa range of ports is used for a source port in ACE it would be not be counted again if it is also used for a source port in another ACE If a range of p
199. all time range name time range time range name Parameters e protocol The name or the number of an IP protocol Available protocol names icmp igmp ip tcp egp igp udp hmp rdp idpr ipv6 ipvo rout ipvo frag idrp rsvp gre esp ah ipv6 icmp eigrp ospf ipinip pim Um isis To match any protocol use the ip keyword Range 0 255 e source Soutce IP address of the packet e source wildcard Wildcard bits to be applied to the source IP address Use ones in the bit position that you want to be ignored e destination Destination IP address of the packet e destination wildcard Wildcard bits to be applied to the destination IP address Use ones in the bit position that you want to be ignored 696 dscp number Specifies the DSCP value precedence number Specifies the IP precedence value icmp type Specifies an ICMP message type for filtering ICMP packets Enter a number or one of the following values echo reply destination unreachable source quench redirect alternate host address echo request router advertisement router solicitation time exceeded parameter problem timestamp timestamp reply information request information reply address mask request address mask reply traceroute datagram conversion error mobile host redirect mobile registration request mobile registration reply domain name request domain name reply skip photuris Range 0 255 icmp code Specifies an ICMP
200. ameters an appropriate error message is displayed To complete an incomplete command press the lt Tab gt button If the characters already entered are not enough for the system to identify a single matching command press to display the available commands matching the characters already entered Incorrect or incomplete commands are automatically re entered next to the cursor If a parameter must be added the parameter can be added to the basic command already displayed next to the cursor The following example indicates that the command interface requires a missing parameter config interface smissing mandatory parameter config interface 33 Keyboard Shortcuts The CLI has a range of keyboard shortcuts to assist in entering the CLI commands The following table describes these shortcuts Table 1 Keyboard Keys Up arrow key Recalls commands from the history buffer beginning with the most recent command Repeat the key sequence to recall successively older commands Down arrow key Returns the most recent commands from the history buffer after recalling commands with the up arrow key Repeating the key sequence will recall successively more recent commands Ctrl A Moves the cursor to the beginning of the command line Ctrl E Moves the cursor to the end of the command line Ctrl Z End Returns back to the Privileged EXEC mode from any mode Backspace key Moves the cursor back one space
201. ample reloads the operating system on all units Console reload This command will reset the whole system and disconnect your current session Do you want to continue y n n stack master The stack master Global Configuration mode command forces a stack master selection Use the no form of this command to restore the default configuration Syntax stack master unit unt no stack master Parameters unit Specifies the new master unit number Range 1 2 Default Configuration The default is no forced master System Management Commande 83 Command Mode Global Configuration mode Example The following example forces the stack master to be unit 2 Console config stack master unit 2 system light Use the system light EXEC command to light LEDs on a specific unit Syntax system light unzt unit number duration seconds system light stop Parameters e unit number Specify unit number or all e seconds The number of seconds to light the LEDs If unspecified defaults to 5 seconds Range 2 6 stop Stop lighting the LEDs Command Mode EXEC mode switch renumber Use the switch renumber Global Configuration command to change the unit ID of a specific unit Syntax switch current unit number renumber new unit number Parameters e current unit number Specify Unit number Range 1 8 84 System Management Commands e new unit number The new unit number Range 1 8 Co
202. and generates a self signed certificate for HTTPS Syntax crypto certificate number generate key generate length passphrase string cn common name ou organization umt or organization loc location st state cu country duration days Parameters e number Specifies the certificate number Range 1 2 e key generate Regenerates SSL RSA key e length Specifies the SSL s RSA key length Range 512 2048 e passphrase string Specifies the passphrase used for exporting the certificate in PKCS12 file format Length 8 96 characters RSA and Certificate Commands 185 e cncommon name Specifies the fully qualified device URL or IP address Length 1 64 characters e ou organization unit Specifies the organization unit or department name Length 1 64 characters e or organization Specifies the organization name Length 1 64 characters e loc location Specifies the location or city name Length 1 64 characters e st state Spccifies the state or province name Length 1 64 characters e cu country Specifies the country name Length 2 characters e duration days Specifies the number of days a certification is valid Range 30 3650 Default Configuration The default certificate number is 1 The default SSLs RSA key length is 1024 If passphrase string is not specified the certificate is not exportable If cn common name is not specified it defaults to the device s lowest static
203. and assigns the address to the requesting client 674 DHCP Server Commands Example The following example enables the DHCP Server to send ping packets before assigning the address to a requesting client Console config dhcp ping enable ip dhcp ping count Use the ip dhcp ping count Global Configuration mode command to specify the number of packets a Dynamic Host Configuration Protocol DHCP Server sends to a pool address as part of a ping operation Use the no form of this command to restore the default configuration Syntax ip dhcp ping count number no ip dhep ping count Parameters number Specifies the number of ping packets that are sent before assigning the address to a requesting client Range 1 10 Default Configuration A Dynamic Host Configuration Protocol DHCP Server sends two packets to a pool address as part of a ping operation Command Mode Global Configuration mode Example The following example specifies that a DHCP Server sends five packets to a pool address as part of a ping operation Console config ip dhcp ping count 5 DHCP Server Commands 675 ip dhcp ping timeout The ip dhep ping timeout Global Configuration mode command specifies the time interval during which a Dynamic Host Configuration Protocol DHCP Server waits for a ping reply from an address pool To restore the default timeout use the no form of this command Syntax ip dhcp ping timeout m iseconds no ip dhep ping
204. ange that applies to this permit statement Range 1 32 disable port The Ethernet interface is disabled if the condition is matched e log input Specifies sending an informational syslog message about the packet that matches the entry Because forwarding is done in hardware and logging is done in software if a large number of packets match a deny ACE containing a log input keyword the software might not be able to match the hardware processing rate and not all packets will be logged Default No IPv4 access list is defined Command Mode IP Access list Configuration mode User Guidelines You enter IP access list configuration mode by using the IP Access list Global Configuration command After an access control entry ACE is added to an access control list an implied deny any any condition exists at the end of the list That is if there are no matches the packets are denied However before the first ACE is added the list permits all packets The number of TCP UDP ranges that can be defined in ACLs is limited You can define up to ASIC specific ranges for TCP and up to ASIC specific ranges for UDP If a range of ports is used for source port in ACE it would be not be counted again if it is also used for source port in another ACE If a range of ports is used for destination port in ACE it would be not be counted again if it is also used for destination port in another ACE If a range of ports is used for source port it wo
205. arameters ageregate policer name Spcecifies the aggregate policer name Command Mode EXEC mode Example The following example displays the parameters of the aggregate policer called Policer1 Console gt show qos aggregate policer policerl aggregate policer policerl 96000 4800 exceed action drop not used by any policy map police aggregate Use the police aggregate Policy map Class Configuration mode command to apply an aggregate policer to multiple classes within the same policy map Use Quality of Service QoS Commands 737 the no form of this command to remove an existing aggregate policer from a policy map Syntax police aggregate aggregate policer name no police aggregate aggregate policer name Parameters ageregate policer name Spcecifies the aggregate policer name Command Mode Policy map Class Configuration mode User Guidelines An aggregate policer can be applied to multiple classes in the same policy map An aggregate policer cannot be applied across multiple policy maps or interfaces Use the exit command to return to the Policy map Configuration mode Use the end command to return to the Privileged EXEC mode Example The following example applies the aggregate policer called Policer to a class called Class in a policy map called Policy Console config policy map policyl Console config pmap class classl Console config pmap c police aggregate policerl wrr queue Cos map Use the wir
206. are and logging is done in software if a large number of packets match a deny ACE containing a log input keyword the software might not be able to match the hardware processing rate and not all packets will be logged Default No IPv6 access list is defined Command Mode IPv6 Access list Configuration mode User Guidelines The number of TCP UDP ranges that can be defined in ACLs is limited You can define up to ASIC specific ranges for TCP and up to ASIC specific ranges for UDP If a range of ports is used for source port in ACE it would be not be counted again if it is also used for source port in another ACE If a range of ports is used for a destination port in ACE it would be not be counted again if it is also used for a destination port in another ACE If a range of ports is used for source port it would be counted again if it is also used for destination port 707 Example console config ipv6 access list server console config ipv6 al deny tcp 3001 2 64 any any 80 mac access list Use the mac access list Global Configuration mode command to define a Layer 2 access list and to place the device in MAC access list configuration mode Use the no form of this command to remove the access list Syntax mac access list extended access ist name no mac access list extended access ist name Parameters access list name Specifies the name of the MAC access list Range access list name0 32 characters use for e
207. as the default target ports but they can be removed just as any other configured target 590 iSCSI Commands Command Mode Global Configuration mode User Guidelines When working with private iSCSI ports not IANA assigned iSCSI ports 3260 and 860 it is recommended that the target IP address also be specified so that the device snoops only frames for which its TCP destination port is one of the configured TCP ports and their destination IP is the target s IP address In this way the CPU is not falsely loaded by non iSCSI flows if other applications choose to use these un reserved ports It is the user s responsibility to not define as iSCSI ports any ports that are well known or are configured on the product for other uses such as Telnet SSH HTTP HTTPS SNMP or DHCP To bind a port to an IP address and the port is already defined but not bound to an IP address first remove the port by using the no form of the command and then add it again with the relevant IP address Target names are displayed only when using the show iscsi command These names are not used to match or to perform any sanity check on the iSCSI session information acquired by snooping A maximum of 16 TCP ports can be configured either bound to IP or not This number can be changed by using the iscsi max target ports command However the change takes effect only after reset Example The following example configures an iSCSI target port Console
208. ass 1 802 3 Link Aggregation LLDP Commands 447 Aggregation capability Capable of being aggregated Aggregation status Not currently in aggregation Aggregation port ID 1 802 3 Maximum Frame Size 1522 802 3 EEE Remote Tx 25 usec Remote Rx 30 usec Local Tx Echo 30 usec Local Rx Echo 25 usec 802 1 PVID 1 802 1 PPVID 2 supported enabled 802 1 VLAN 2 VLAN2 802 1 Protocol 88 8E 01 E LDP MED capabilities Network Policy pa LDP MED Device type Endpoint class 2 LLDP MED Network policy Application type Voice Flags Unknown policy VLAN ID 0 Layer 2 priority 0 DSCP 0 LLDP MED Power over Ethernet Device Type Power Device Power source Primary power Power priority High Power value 9 6 Watts LLDP MED Inventory Hardware revision 2 1 Firmware revision 2 3 448 LLDP Commands Software revision Serial number Manufacturer name VP Model name TR12 Asset ID 9 LLDP MED Location Coordinates Field Seck LM759846587 54 53 01 7 51 57 50 ba 5b 97 27 80 00 00 67 01 The following table describes significant LLDP fields shown in the display Description Port The port number Device ID The neighbor device s configured ID name or MAC address Port ID The neighbor device s port ID System name The neighbor device s administratively assigned name Capabilities The capabilities discovered on the neighbor devic
209. assigned statically You can execute the command before the VLAN is created Example console config ip igmp snooping vlan 1 forbidden mrouter interface gil 0 1 ip igmp snooping static Use the ip igmp snooping static Global Configuration mode command to register an P layer multicast address to the bridge table and to add statically ports to the group Use the no form of this command to remove ports specified as members of a static multicast group Syntax ip igmp snooping vlan vlan id static ip address interface intertace lst no ip igmp snooping vlan vian id static 1p address interface intertace list Parameter vlan id Specifies the VLAN ip address Specifies the IP multicast address e interface list Specifies a list of interfaces The interfaces can be from one of the following types Ethernet port or Port channel Default Configuration No multicast addresses are defined Command Mode Global Configuration mode IGMP Snooping Commands 527 User Guidelines Static multicast addresses can only be defined on static VLANs You can execute the command before the VLAN is created You can register an entry without specifying an interface Using the no command without a port list removes the entry Example console config ip igmp snooping vlan 1 static 239 2 2 2 gil 0 ip igmp snooping multicast tv Use the ip igmp snooping multicast tv Global Configuration mode command to define the multicast ip
210. ate freq 572 ip dhcp snooping binding 2 5 572 clear ip dhcp snooping database 574 show ip dhcp snooping 2 20 eeeee gt 574 23 24 show ip dhcp snooping binding 575 ip arp Inspection 576 ip arp inspection vlan eee ee 577 ip arp inspection trust 2 e0eee eee 578 ip arp inspection valtdate 0 a 579 ip arp inspection list create 580 IP MISE eebe cess eet i Bellet Eech 580 ip arp inspection list assign aaa 581 ip arp inspection logging interval 582 show ip arp inspection nnne nnna 583 show ip arp inspection let 584 show ip arp inspection statistics 584 clear ip arp inspection statistics 585 ip dhcp information option 586 show ip dhcp information option 586 37 iSCSI Commands eege 589 iscsi enable seii iiare ae Ee E Sees WES Dees 589 iscsi target port EEN ANEN e d ERAN EEN 590 DK 591 iscsi aging time 0 ccc cece eee 593 iscsi max tep connections 2 594 SHOW SCSI EE 595 show iscsi SESSIONS 0 0 c cece eee eee eee eee 596 38 IP Addressing Commands 599 TEE 599 ip address den e220 peel EN ted es 601 renew den 602 ip default gateway 2020e cece eee eee 603 show ip Interface 603 Op aoe Aes ee ee ee
211. atic addresses are defined The default mode for an added address is permanent Command Mode Global Configuration mode Example console config mac address table static 00 3f bd 45 5a bl vlan 1 gil 0 1 clear mac address table Use the clear mac address table Privileged EXEC command to remove learned or secure entries from the forwarding database Syntax clear mac address table dynamic interface interface id clear mac address table secure interface intertace 1d 394 Address Table Commands Parameters interface interface id Delete all dynamic address on the specified interface The interface ID can be one of the following types Ethernet port or port channel Command Mode Privileged EXEC mode Example console clear mac address table dynamic mac address table aging time Use the mac address table aging time global configuration command to set the aging time of the address table Use the no form of this command to restore the default Syntax mac address table aging time seconds no mac address table aging time Parameters seconds T ime is number of seconds Range 10 300 Default Configuration 300 Command Mode Global Configuration mode Example console config mac address table aging time 600 Address Table Commands 395 port security Use the port security Interface Configuration Ethernet Port channel mode command to enable port security on an interface Use the no form of this co
212. ation mode Example The following example sets the OUI Voice VLAN aging timeout interval to 12 hours Console config voice vlan aging timeout 720 voice vian enable Use the voice vlan enable Interface Configuration Ethernet Port channel mode command to enable OUI Voice VLAN configuration on a port Use the no form of this command to disable OUI Voice VLAN configuration on a port Syntax voice vlan enable no voice vlan enable Default Configuration Automatic voice VLAN configuration of a port is disabled Command Mode Interface Configuration Ethernet Port channel mode Voice VLAN Commands 561 User Guidelines The port is added to the voice VLAN if a packet with a source MAC address that is a telephony MAC address defined by the voice vlan oui table Global Configuration mode command is trapped on the port Note The packet VLAN ID can be the voice VLAN ID or any other VLAN ID The port joins the voice VLAN as a tagged port If the time since the last MAC address with a telephony MAC address aged out exceeds the timeout limit configured by the voice vlan aging timeout Global Configuration mode command the port is removed from the voice VLAN Example The following example enables OUI Voice VLAN configuration on gigabitethernet port 1 0 2 Console config interface gigabitethernet 1 0 2 Console config if voice vlan enable voice vlan secure Use the voice vlan secure Interface Configuration Ether
213. ation succeeds even if all methods return an error Select one or more methods from the following list Keyword Description local Uses the local username database for authentication none Uses no authentication radius Uses the list of all RADIUS servers for authentication tacacs Uses the list of all TACACS servers for authentication Default Configuration The local user database is the default authentication login method This is the same as entering the ip http authentication local command Command Mode Global Configuration mode User Guidelines The command is relevant for HTTP and HTTPS server users The additional methods of authentication are used only if the previous method returns an error not if it fails Specify none as the final method in the command line to ensure that the authentication succeeds even if all methods return an error Example The following example specifies the HTTP access authentication methods Console config ip http authentication aaa login authentication radius local show authentication methods The show authentication methods Privileged EXEC mode command displays information about the authentication methods AAA Commands 225 Syntax show authentication methods Command Mode Privileged EXEC mode Example The following example displays the authentication configuration Console show authentication methods Login Aut Default Console_L Enable Au D
214. b 176 16 1 1 icmp_seg 1 64 bytes from oob 176 16 1 1 icmp_seqg 2 64 bytes from oob 176 16 1 1 icmp_seg 3 10 1 1 1 PING Statistics 4 packets transmitted 4 packets received 5 5 5 round trip ms min avg max console gt ping ipv6 3003 11 Pinging 3003 11 with 64 bytes of data time 5 time 5 time 5 time 5 0 packet loss 64 bytes from 3003 11 icmp_seq 1l time 0 ms 64 bytes from 3003 11 icmp_seq 2 time 50 ms 64 bytes from 3003 11 icmp_seq 3 time 0 ms System Management Commande 73 64 bytes from 3003 11 icmp_seq 4 time 0 ms 3003 11 PING Statistics 4 packets transmitted 4 packets received 0 packet loss round trip ms min avg max 0 12 50 console gt ping ipv6 FF02 1 Pinging FF02 1 with 64 bytes of data 64 bytes from 3003 11 icmp_seq 1 time 0 ms 64 bytes from 3003 33 icmp_seq 1 time 70 ms 64 bytes from 3003 11 icmp_seq 2 time 0 ms 64 bytes from 3003 55 icmp_seq 1 time 1050 ms 64 bytes from 3003 33 icmp_seq 2 time 70 ms 64 bytes from 3003 55 icmp_seq 2 time 1050 ms 64 bytes from 3003 11 icmp_seq 3 time 0 ms 64 bytes from 3003 33 icmp_seq 3 time 70 ms 64 bytes from 3003 11 icmp_seq 4 time 0 ms 64 bytes from 3003 55 icmp_seq 3 time 1050 ms 64 bytes from 3003 33 icmp_seq 4 time 70 ms 64 bytes from 3003 55 icmp_sq 4 time 1050 ms FF02 1 PING Statistics 4 packets transmitted 12 packets received traceroute To disco
215. bal Configuration mode User Guidelines The IGMP snooping querier can be enabled on a VLAN only if IGMP snooping is enabled for that VLAN No more then one switch can be configured as an IGMP Querier for a VLAN When the IGMP snooping querier is enabled it starts after a host time out 2 with no IGMP traffic detected from a multicast router IGMP Snooping Commands 529 The IGMP Snooping Querier disables itself if it detects IGMP traffic from a multicast router It restarts automatically after host time out 2 Following are the IGMP snooping querier parameters as a function of the IGMP snooping parameters e QueryMaxResponseTime host time out 10 e QueryInterval host time out 3 Example console config ip igmp snooping vlan 1 querier ip igmp snooping querier address Use the ip igmp snooping querier address Global Configuration mode command to define the source IP address that the IGMP snooping querier would use Use the no form of this command to return to default Syntax ip igmp snooping vlan v an id querier address 1p address no ip igmp snooping vlan vian id querier address Parameters vlan id Specifies the VLAN ip addres Source IP address Default If an IP address is configured for the VLAN it is used as the source address of the IGMP snooping querier Command Mode Global Configuration mode User Guidelines If an IP address is not configured by this command and no IP address is configured fo
216. bal Configuration mode command to enable DHCP Snooping on a VLAN Use the no form of this command to disable DHCP Snooping on a VLAN Syntax ip dhcp snooping vlan vlan id no ip dhcp snooping v an id Parameters vlan id Specifies the VLAN ID Default Configuration DHCP Snooping on a VLAN is disabled Command Mode Global Configuration mode User Guidelines DHCP Snooping must be enabled globally before enabling DHCP Snooping ona VLAN Example The following example enables DHCP Snooping on VLAN 21 Console config ip dhcp snooping vlan 21 ip dhcp snooping trust Use the ip dhcp snooping trust Interface Configuration Ethernet Port channel mode command to configure a port as trusted for DHCP snooping purposes Use the no form of this command to restore the default configuration 568 DHCP Snooping and ARP Inspection Commands Syntax ip dhcp snooping trust no ip dhep snooping trust Default Configuration The interface is untrusted Command Mode Interface Configuration Ethernet Port channel mode User Guidelines Configure as trusted the ports that are connected to a DHCP server or to other switches or routers Configure the ports that are connected to DHCP clients as untrusted Example The following example configures gigabitethernet port 1 0 5 as trusted for DHCP Snooping Console config interface gigabitethernet 1 0 5 Console config if ip dhcp snooping trust ip dhcp snooping information op
217. bal Configuration mode command to enable logging Management Access List ACL deny events Use the no form of this command to disable logging management access list events Syntax management logging deny no management logging deny Parameters deny Enables logging messages related to management ACL deny actions Default Configuration Logging management ACL deny events is enabled Command Mode Global Configuration mode User Guidelines Other management ACL events are not subject to this command Example The following example enables logging messages related to management ACL deny actions Console config management logging deny show logging Use the show logging Privileged EXEC mode command to display the logging status and the syslog messages stored in the internal buffer Syntax show logging Syslog Commands 273 Command Mode Privileged EXEC mode Example The following example displays the logging status and the syslog messages stored in the internal buffer console show logging Logging is enabled Console Logging Level info Console Messages 0 Dropped Buffer Logging Level info Buffer Messages 61 Logged 61 Displayed 200 Max File Logging Level error File Messages 898 Logged 64 Dropped 4 messages were not logged Application filtering control Application Event Status AAA Login Enabled File system Copy Enabled File system Delete Rename Enabled Management ACL Deny Enabled Agg
218. ber interface Specifies the Ethernet port e queue Spcecifies the output queue number e dp Specifies the drop precedence The available values are high low Default Configuration Set 1 All interfaces all queues high DP Set 2 All interfaces all queues low DP Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables QoS statistics for output queues for counter set 1 Console config qos statistics queues 1 all all all show qos statistics Use the show qos statistics EXEC mode command to display Quality of Service statistical information Syntax show qos statistics Command Mode EXEC mode Quality of Service QoS Commands 761 User Guidelines Up to 16 sets of counters can be enabled for policers The counters can be enabled in the creation of the policers Use the qos statistics queues Global Configuration mode command to enable OoS statistics for output queues Example The following example displays Quality of Service statistical information Console show qos statistics Policers Interface Policy map Class Map gil 0 1 Policyl Classl gil 0 1 Policyl Class2 gil 0 2 Policyl Classl gil 0 2 Policyl Class2 Aggregate Policers Policerl 7985687 762 Quality of Service QoS Commands In profile bytes Out of profile bytes 7564575 8759 746587458 5326 Out of profile 121322 O
219. bes how to use the CLI and a list of the CLI commands and their arguments The CLI commands described in this document are organized according to feature groups in separate sections This section describes how to use the CLI It contains the following topics e CLI Command Modes e Starting the CLI e CLI Command Conventions ntering Commands e Entering C d CLI Command Modes To configure devices the CLI is divided into various command modes Each command mode has its own set of specific commands Entering a question mark at the console prompt displays a list of commands available for that particular command mode A specific command which varies from mode to mode is used to navigate from one mode to another The standard order to access the modes is as follows User EXEC mode Privileged EXEC mode Global Configuration mode and nterface Configuration modes When starting a session the initial mode for non privileged users is the User EXEC mode Only a limited subset of commands is available in the User EXEC mode This level is reserved for tasks that do not change the configuration Privileged users enter the Privileged EXEC mode directly using a password This mode provides access to the device Configuration modes The modes are described below User EXEC Mode After logging into the device the user is automatically in User EXEC command mode unless the user is defined as a privileged user In general the User EXEC comman
220. bilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Speed 10G EEE not supported Current port speed 1Gbps EEE Remote status enabled EEE Administrate status enabled EEE Operational status enabled EEE LLDP Administrate status enabled EEE LLDP Operational status enabled Resolved Tx Timer 10usec Local Tx Timer 10 usec Remote Rx Timer 5 usec Resolved Timer 25 usec Local Rx Timer 20 usec Remote Tx Timer 25 usec Example 9 EEE is running on the port EEE LLDP enabled but not synchronized with remote link partner Switch gt show eee gil 0 9 Port Status up EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported 374 EEE Commands Speed 1G EEE supported Speed 10G EEE not supported Current port speed 1Gbps EEE Remote status enabled EEE Administrate status enabled EEE Operational status enabled EEE LLDP Administrate status EEE LLDP Operational status Resolved Tx Timer 64 Local Tx Timer 64 Resolved Rx Timer 16 Local Rx Timer 16 enabled disabled Example 10 EEE and EEE LLDP are running on the port Switch gt show eee gil 0 3 Port Status UP EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Speed 10G EEE not supported Current port speed 1Gbps EEE Remote status enabled EEE Administrate status enabled EEE Operational status enabled EEE LL
221. ble password evel level Parameters e level privilege level Level for which the password applies If not specified the level is 15 Range 1 15 e password Password for this level Range 0 159 chars e encrypted password Encrypted password you enter copied from another device configuration Default Default for level is 15 Command Mode Global Configuration mode Example console config enable password level 15 let me in username Use the username Global Configuration mode command to establish a username based authentication system Use the no form to remove a user name Syntax username name nopassword d password password privilege privilege level password encrypted encrypted password username name no username name AAA Commands 229 Parameters e name The name of the user Range 1 20 characters nopassword No password is required for this user to log in e password The authentication password for the user Range 1 159 e password encrypted Encrypted password you enter copied from another device configuration e privilege privilege level Privilege level for which the password applies If not specified the level is 15 Range 1 15 Default No user is defined Command Mode Global Configuration mode Example console config username tom privilege 15 password 1234 show user accounts The show user accounts Privileged EXEC mode command displays informat
222. bled 100 Addresses gil 0 2 Disabled Max 28 8 410 Address Table Commands Addresses gil 0 3 Enabled Lock Discard 8 Disabled Shutdown The following table describes the fields shown above Field Description Port The port number Status The port security status The possible values are Enabled or Disabled Mode The port security mode Action The action taken on violation Maximum The maximum number of addresses that can be associated on this port in the Max Addresses mode Trap The status of SNMP traps The possible values are Enable or Disable Frequency The minimum time interval between consecutive traps show ports security addresses Use the show ports security addresses Privileged EXEC mode command to display the current dynamic addresses in locked ports Syntax show ports security addresses interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode Address Table Commands 411 Example The following example displays dynamic addresses in all currently locked ports Console show ports security addresses Port Status Learning Current Maximum gil 0 1 Enabled Max addresses 2 3 gil 0 2 Disabled Max addresses 128 gil 0 3 Enabled Lock NA NA 412 Address Table Commands Port Monitor Commands port monitor Use the p
223. bled on the port e The port is not a member in any VLAN except for the default VLAN will be automatically removed from the default VLAN e 12 protocols are not active on the copy dest Port LLDP LBD STP LACH The following restrictions apply to ports that are configured to be monitor ports e The port cannot be source port e The port is not a member in port channel Notes 1 In this mode some traffic duplication on the analyzer port may be observed For example e Port 2 is being egress monitored by port 4 e Port 2 amp 4 are members in VLAN 3 e Unknown Unicast packet sent to VLAN 3 will egress from port 4 twice one instance as normal forward and another instance as mirrored from port 2 414 Port Monitor Commands e Moreover if port 2 is an untagged member in VLAN 3 and port 4 is a tagged member then both instances will look different one tagged and the other is not 2 When the port is configured to 802 1X auto mode it will forward any mirrored traffic regardless of the 1X state However it will operate as a normal network port forward traffic only after authorization is done 3 Mirrored traffic is exposed to STP state i e if the port is in STP blocking it will not egress any mirrored traffic Example The following example copies traffic for both directions Tx and Rx from the source port 1 8 to destination port 1 1 Console config interface gil 0 1 Console config if port monitor gil 0 8 Con
224. cancel reporting and leave the group Syntax ipv6 mld join group group address no ipv6 mld join group group address Parameters group address Specifies the IPv6 address of the multicast group Default Configuration Command Mode Interface Configuration Ethernet VLAN Port channel mode User Guidelines The ipv6 mld join group command configures MLD reporting for a specified group The packets that are addressed to a specified group address will be passed up to the client process in the device IPv6 Addressing Commands 639 Example The following example configures MLD reporting for specific groups ipv6 mld join group ff02 10 show ipv6 neighbors Use the show ipv6 neighbors Privileged EXEC mode command to display IPv6 neighbor discovery cache information Syntax show ipv6 neighbors static dynamic ipv6 address 1pv6 address mac address mac address intertace 1d Parameters static Shows static neighbor discovery cash entries e dynamic Shows dynamic neighbor discovery cash entries e ipv6 address Shows the neighbor discovery cache information entry of a specific IPv6 address e mac address Shows the neighbor discovery cache information entry of a specific MAC address e interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port Port channel or VLAN Command Mode Privileged EXEC mode User Guidelines Since the associated interface o
225. ce Commands Example The following example enables the command history function for Telnet Console config line telnet Console config line history history size The history size Line Configuration mode command changes the command history buffer size for a particular line Use the no form of this command to reset the command history buffer size to the default value Syntax history size number ofcommands no history size Parameters number of commands Spcecifies the number of commands the system records in its history buffer Range 0 256 Default Configuration The default command history buffer size is 10 commands Command Mode Line Configuration mode User Guidelines This command configures the command history buffer size for a particular line Use the terminal history size EXEC mode command to configure the command history buffer size for the current terminal session The allocated command history buffer is per terminal user and is taken from a shared buffer If there is not enough space available in the shared buffer the command history buffer size cannot be increased above the default size User Interface Commands 47 Example The following example changes the command history buffer size to 100 entries for a particular line Console config line telnet Console config line history size 100 terminal history The terminal history EXEC mode command enables the command history function for the c
226. ckets to the multicast switches Example The following example enables bridge multicast filtering Console config bridge multicast filtering Address Table Commands 387 bridge multicast address Use the bridge multicast address Interface Configuration VLAN mode command to register a MAC layer multicast address in the bridge table and statically add or remove ports to or from the group Use the no form of this command to unregister the MAC address Syntax bridge multicast address mac multicast address add remove ethernet intertace list port channel port channel list no bridge multicast address mac multicast address Parameters e mac multicast address Specifies the group MAC multicast address e add Adds ports to the group e remove Removes ports from the group e ethernet interface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphen to designate a range of ports e port channel port channel list Specifies a list of port channels Separate nonconsecutive port channels with a comma and no spaces use a hyphen to designate a range of port channels Default Configuration No multicast addresses are defined If ethernet interface list or port channel port channel list is specified without specifying add or remove the default option is add Command Mode Interface Configuration VLAN mode User Guidelines To register the
227. command to disable automatic baud rate detection Syntax autobaud 214 Line Commands no autobaud Default Configuration Automatic baud rate detection is disabled Command Mode Line Configuration mode User Guidelines To start communication using Autobaud press the Enter key twice Example The following example enables autobaud Console config line console Console config line autobaud exec timeout The exec timeout Line Configuration mode command sets the session idle time interval during which the system waits for user input before automatic logoff Use the no form of this command to restore the default configuration Syntax exec timeout minutes seconds no exec timeout Parameters e minutes Spcecifies the number of minutes Range 0 65535 e seconds Specifies the number of seconds Range 0 59 Default Configuration The default idle time interval is 10 minutes Command Mode Line Configuration mode Line Commands 215 User Guidelines To specify no timeout enter the exec timeout 0 0 command Example The following example sets the HTTP session idle time interval before automatic logoff to 20 minutes Console config line console Console config line exec timeout 20 show line The show line EXEC mode command displays line parameters Syntax show line console telnet ssh Parameters e console Displays the console configuration e telnet Displays the Telnet c
228. communication with RADIUS servers Use the no form of this command to restore the default configuration Syntax radius server source ip source no radius server source ip source Parameters source Specifies the source IP address Default Configuration The source IP address is the IP address of the outgoing IP interface Command Mode Global Configuration mode User Guidelines If there is no available IP interface of the configured IP source address an error message is issued when attempting to communicate with the IP address Example The following example configures the source IP address used for communication with all RADIUS servers to 10 1 1 1 console config radius server source ip 10 1 1 1 RADIUS Commands 253 radius server source ipv6 Use the radius server source ipv6 Global Configuration mode command to specify the source IPv6 address used for communication with RADIUS servers Use the no form of this command to restore the default configuration Syntax radius server source ipv6 source no radius server source ipv6 source Parameters source Specifies the source IPv6 address Default Configuration The source IP address is the IP address of the outgoing IP interface Command Mode Global Configuration mode User Guidelines If there is no available IP interface of the configured IP source address an error message is issued when attempting to communicate with the IP address Example The
229. cp excluded address 2 5 672 ip dhcp ping enable a nn 673 ping enable stiri eeetis es Wag wavs ewe 674 ip dhcp ping count cece 675 ip dhcp ping timeout 2 2000 676 clear ip dhcp binding 2 200000 677 show ip den 677 show ip dhcp excluded addresses 678 show ip dhcp pool hast 678 show ip dhcp pool network ssneeeaaa 680 show ip dhcp binding 2 20000 681 show ip dhcp server statistics 683 show ip dhcp allocated 2 005 684 show ip dhcp declined naana 686 show ip dhcp expired nnna 687 show ip dhcp pre allocated 688 43 IP Routing Protocol Independent Commands 691 IP TOUTS Soci era ws esse Wide PE REEN DEA 691 IP FOULING e et N dE EEN A 692 show ip route 692 44 ACLCommands 695 permit IP uge EN NK teers Sek ANEN 696 deny RT A8 keet Delen Ad 698 ipv6 access list cece eee e eee eee 702 permit Ip 703 deny IPO oieee ER get Bee ee 705 Mac access list zisirei sanie n iina naa 708 permit MAC 708 service acl Impnut cece eee eee 710 service acl out 711 service acl input block 712 TT TEE 713 absolute jie fois cee ee eaten cease EE ee EN 714 TEE 715 show Ume range eee eee eens 716 Show access lists eee e eee e eee eeee 717 show interfaces access Jets uuau 719 clear access lists counters
230. cs lsa umich edu 141 211 101 64 1 i2 gateway stanford edu 192 68 191 83 0 msec 0 msec 0 msec 2 STAN POS calren2 NET 171 64 1 213 0 msec 0 msec 0 msec 3 SUNV STAN POS calren2 net 198 32 249 73 1 msec 1 msec 1 msec 4 Abilene QSV POS calren2 net 198 32 249 162 1 msec 1 msec 1 msec 5 kscyng snvang abilene ucaid edu 198 32 8 103 33 msec 35 msec 35 msec 6 iplsng kscyng abilene ucaid edu 198 32 8 80 47 msec 45 msec 45 msec 7 so 0 2 0Oxl aal mich net 192 122 183 9 56 msec 53 msec 54 msec 8 atml 0x24 michnet8 mich net 198 108 23 82 56 msec 56 msec 57 msec 9 x x 10 A ARB3 LSA NG c SEB umnet umich edu 141 211 5 22 58 msec 58 msec 58 msec 11 umaxpl physics lsa umich edu 141 211 101 64 62 msec 63 msec 63 msec Trace completed 76 System Management Commands The following table describes the significant fields shown in the display Description Indicates the sequence number of the router in the path to the host i2 gateway stanford edu Host name of this router 192 68 191 83 IP address of this router 1 msec 1 msec 1 msec Round trip time for each of the probes that are sent The following are characters that can appear in the traceroute command output Description The probe timed out Unknown packet type Administratively unreachable Usually this output indicates that an access list is blocking traffic Fragmentation required and DF is set Host unreachable
231. ction Example The following example enables DHCP Snooping based ARP inspection on VLAN 23 Console config ip arp inspection vlan 23 DHCP Snooping and ARP Inspection Commands 577 ip arp inspection trust Use the ip arp inspection trust Interface Configuration Ethernet Port channel mode command to configure an interface trust state that determines if incoming Address Resolution Protocol ARP packets are inspected Use the no form of this command to restore the default configuration Syntax ip arp inspection trust no ip arp inspection trust Default Configuration The interface is untrusted Command Mode Interface Configuration Ethernet Port channel mode User Guidelines The device does not check ARP packets that are received on the trusted interface it only forwards the packets For untrusted interfaces the device intercepts all ARP requests and responses It verifies that the intercepted packets have valid P to MAC address bindings before updating the local cache and before forwarding the packet to the appropriate destination The device drops invalid packets and logs them in the log buffer according to the logging configuration specified with the ip arp inspection log buffer vlan Global Configuration mode command Example The following example configures gigabitethernet port 1 0 3 as a trusted interface Console config interface gigabitethernet 1 0 3 Console config if ip arp inspection trust 578
232. ction Parameters section Show information for specific session only Available values are management 802 1x port fdb port mirroring spanning tree vlan voice vlan ip addressing network security and qos acl Command Mode EXEC mode Examples console show system defaults System Mode Router Maximum units in stack 8 Management defaults Telnet Enabled Maximum 4 sessions shared with SSH SSH Enabled Maximum 4 sessions shared with Telnet HTTP Enabled port 80 Maximum 27 sessions HTTPS Disabled SNMP Enabled User first SNMP version V3 SNMP Local Engine ID 0000000001 SNMP Notifications Enabled SNMP Authentication Notifications Enabled Console Enabled Cryptographic keys are not generated HTTPS certificate is not generated Management ACL No ACL is defined AAA Telnet authentication login Local user data base System Management Commande 97 AAA HTTP authentication login Local data base AAA HTTPS authentication login Local data base Radius accounting Disabled Radius No server is defined Tacacs No server is defined Syslog No server is defined Logging Enabled Logging to console Informational messages Logging to internal buffer Informational messages Logging to file Error messages Logging to remote server Informational messages Maximum no of syslog messages 200 TP supported TP Port No 123 TP Interface Enabled P Domain Naming System Enabled HCP Server Enabled
233. cumented in RFC 3513 where the address is specified in hexadecimal using 16 bit values between colons e destination prefix length The destination IPv6 network or class of networks about which to set permit conditions This argument must be in the form documented in RFC 3513 where the address is specified in hexadecimal using 16 bit values between colons e dscp number Specifies the DSCP value Range 0 63 703 e precedence number Specities the IP precedence value e icmp type Specifies an ICMP message type for filtering ICMP packets Enter a number or one of the following values destination unreachable 1 packet too big 2 time exceeded 3 parameter problem 4 echo request 128 echo reply 129 mld query 130 mld report 131 mldv2 report 143 mld done 132 router solicitation 133 router advertisement 134 nd ns 135 nd na 136 Range 0 255 icmp code Specifies an ICMP message code for filtering ICMP packets Range 0 255 e destination port Specifies the UDP TCP destination port You can enter a range of ports by using a hyphen E g 20 21 For TCP enter a number or one of the following values bgp 179 chargen 19 daytime 13 discard 9 domain 53 drip 3949 echo 7 finger 79 ftp 21 ftp data 20 gopher 70 hostname 42 ire 194 klogin 543 kshell 544 Ipd 515 nntp 119 pop2 109 pop3 110 smtp 25 sunrpe 1110 syslog 514 tacacs ds 49 t
234. d Mode EXEC mode 286 RMON Commands Example The following example displays the alarms table Console show rmon alarm table Index OID Owner 1 fr EE 7 CLI 2 1 3 6 1 2 1 2 2 1 10 1 Manager 3 ES EE WE ERR CLI The following table describes the significant fields shown in the display Description An index that uniquely identifies the entry Monitored variable OID The entity that configured this entry show rmon alarm Use the show rmon alarm EXEC mode command to display alarm configuration Syntax show rmon alarm number Parameters number Specifies the alarm index Range 1 65535 Command Mode EXEC mode Example The following example displays RMON 1 alarms RMON Commands 287 Console show rmon alarm 1 Alarm 1 OLD Le SvOsl 201 e Ee Bak Last sample Value 878128 Interval 30 Sample Type delta Startup Alarm rising Rising Threshold 8700000 Falling Threshold 78 Rising Event 1 Falling Event Owner CLI The following table describes the significant fields shown in the display Field Description Alarm Alarm index OID Monitored variable OID Last Sample Value The value of the statistic during the last sampling period For example if the sample type is delta this value is the difference between the samples at the beginning and end of the period If the sample type is absolute this value is the sampled value at the end of the period
235. d Mode Global Configuration mode User Guidelines This command takes effect only after resetting the device Example The following example enables jumbo frames on the device Console config port jumbo frame clear counters Use the show interfaces counters EXEC mode command to display traffic seen by all the physical interfaces or by a specific interface Syntax show interfaces counters interface id detailed Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel detailed Displays information for non present ports in addition to present ports Command Mode EXEC mode Example The following example clears the statistics counters for gigabitethernet port 1 0 5 Console clear counters gigabitethernet 1 0 5 338 Ethernet Configuration Commands set interface active Use the set interface active EXEC mode command to reactivate an interface that was shut down Syntax set interface active interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode User Guidelines This command is used to activate interfaces that were configured to be active but were shut down by the system Example The following example reactivates gigabitethernet port 1 0 1 Console set interface active gigabitethernet 1 0 1 show inte
236. d default GW is reachable Reachability state is not verified automatically by the neighbor discovery protocol Router reachability can be confirmed by either receiving Router Advertisement message containing router s MAC address or manually configured by user using the IPv6 neighbor CLI command Another option to force reachability confirmation is to ping the router link local address this will initiate the neighbor discovery process If the egress interface is not specified the default interface is selected Specifying interface zone 0 is equal to not defining an egress interface Example console config ipv6 default gateway fe80 abcd show ipv6 interface Use the show ipv6 interface EXEC command mode to display the usability status of interfaces configured for IPv6 Syntax show ipv6 interface interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port Port channel or VLAN Default Configuration Displays all Pv6 interfaces IPv6 Addressing Commands 631 Command Mode EXEC mode User Guidelines Use the show ipv6 neighbors command in the privileged EXEC mode to display IPv6 neighbor discovery cache information Example Console show ipv6 interface Interface IP addresses VLA 4004 55 64 ANY VLA fe80 200 b0ff fe00 0 VLA FEOD e321 VLA f 02 77 VLA 02 1 ff00 0 VLA f 02 1 ff00 1 VLA E0231 ff00r55 Default Gate
237. d enable v t v4 no Ildp med enable Parameters tlv Specifies the TLV that should be included Available TLVs are network policy location and poe pse inventory The capabilities TLV is always included if LLDP MED is enabled Default Configuration LLDP MED is disabled Command Mode Interface Configuration Ethernet mode Example The following example enables LLDP MED with the location TLV on gigabitethernet port 1 0 3 LLDP Commands 433 Console config interface gigabitethernet 1 0 3 Console config lldp med enable location Ildp med notifications topology change Use the dp med notifications topology change Interface Configuration Ethernet mode command to enable sending LLDP MED topology change notifications Use the no form of this command to restore the default configuration Syntax Ildp med notifications topology change enable disable no Ildp med notifications topology change Parameters e enable Enables sending LLDP MED topology change notifications e disable Disables sending LLDP MED topology change notifications Default Configuration Disable is the default Command Mode Interface Configuration Ethernet mode Example The following example enables sending LLDP MED topology change notifications on gigabitethernet port 1 0 2 Console config interface gigabitethernet 1 0 2 Console config 1ldp med notifications topology change enable 434 LLDP Commands Ildp med fa
238. d if there are private VLAN ports that are members in the secondary VLAN e In MSTP mode all the VLANs that are associated with a private VLAN should be mapped to the same instance switchport private vlan mapping Use the switchport private vlan mapping Interface Configuration mode command to configure the VLANs of the private vlan promiscuous port Use the no form of this command to reset to default Syntax switchport private vlan mapping prmary vlan id add remove secondary vlan list no switchport private vlan mapping 514 VLAN Commands Parameters e primary vlan id The VLAN ID of the primary VLAN e secondary vlan list Specifies one or more secondary VLANs Default Configuration No VLAN is configured Command Mode Interface Configuration Ethernet port channel mode User Guidelines The secondary VLANs should be associated with the primary VLANs otherwise the configuration is not accepted See the command private vlan association switchport private vlan host association Use the switchport private vlan host association Interface Configuration mode command to configure the VLANs of the private vlan host port Use the no form of this command to reset to default Syntax switchport private vlan host association primary vlan id secondary vlan id no switchport private vlan host association Parameters e primary vlan id The VLAN ID of the primary VLAN e secondary vlan list Specifies the secon
239. dary VLANs The secondary VLAN is an isolated port Default Configuration No VLAN is configured Command Mode Interface Configuration Ethernet port channel mode VLAN Commands 515 User Guidelines The secondary VLAN should be associated with the primary VLANs otherwise the configuration is not accepted See the command private vlan association show vlan private vlan Use the show vlan private vlan EXEC mode command to show the private VLANs information Syntax show vlan private vlan tag vlan id Parameters vlan id VLAN ID Command Mode EXEC mode User Guidelines The show command does not include non private vlan ports that are members in private VLANs Example Console show vlan private vlan Primary Secondary Type Ports 150 primary gil 0 15 150 151 isolated gil 0 15 ip internal usage vlan Use the ip internal usage vlan Interface Configuration Ethernet Port channel mode command to reserve a VLAN as the internal usage VLAN of 516 VLAN Commands an interface Use the no form of this command to restore the default configuration Syntax ip internal usage vlan v an id no ip internal usage vlan Parameters vlan id Specifies the internal usage VLAN ID Command Mode Interface Configuration Ethernet Port channel mode It cannot be configured for a range of interfaces range context User Guidelines An internal usage VLAN is required when an IP interface is defined on an Ethernet port
240. data insertion Console config ip dhcp information option DHCP Relay Commands 655 show ip dhcp information option The show ip dhcp information option EXEC mode command displays the DHCP Option 82 configuration Syntax show ip dhcp information option Command Mode EXEC mode Example The following example displays the DHCP Option 82 configuration Console gt show ip dhcp information option Relay agent Information option is Enabled 656 DHCP Relay Commands DHCP Server Commands ip dhcp server Use the ip dhep server Global Configuration mode command to enable the Dynamic Host Configuration Protocol DHCP server features on the device Use the no form of this command to disable the DHCP server Syntax ip dhcp server no ip dhcp server Default Configuration The DHCP server is disabled Command Mode Global Configuration mode Example The following example enables the DHCP server on the device Console config ip dhcp server ip dhcp pool host Use the ip dhcp pool host Global Configuration mode command to configure a Dynamic Host Configuration Protocol DHCP static address on a DHCP Server and enter the DHCP Pool Host Configuration mode Use the no form of this command to remove the address pool DHCP Server Commands 657 Syntax ip dhcp pool host name no ip dhcp pool host name Parameters name Sspccifies the DHCP address pool name It can be either a symbolic string such as Engine
241. ddress Station 172 16 1 11 Client Identifier 01b7 0813 8811 66 Client Identifier 01b7 0813 8811 66 DHCP ServerCommands 679 ask 255223597070 Default router 172 16 1 1 Client name client1 DNS server 10 12 1 99 Domain name yahoo com NetBIOS name server 10 12 1 90 NetBIOS node type h node Next server 10 12 1 99 Next server name 10 12 1 100 Bootfile Bootfile Time server 10 12 1 99 Options Code Value 19 0x01 show ip dhcp pool network The show ip dhcp pool network EXEC mode command displays the DHCP network configuration Syntax show ip dhcp pool network name Parameters name Specifies the DHCP pool name Length 1 32 characters Command Mode EXEC mode Example Router gt show ip dhcp pool network The number of network pools is 2 Name Address range mask Lease 680 DHCP Server Commands marketing 10 1 1 17 10 1 1 178 255 255 255 0 0d 12h 0m finance 10 1 2 8 10 1 2 178 255 255 255 0 O0d 12h 0m Router gt show ip dhcp pool network marketing Name Address range mask Lease marketing 10 1 1 17 10 1 1 178 255 255 255 0 0d 12h 0m Statistics All range Available Free Pre allocated Allocated Expired 162 150 68 50 20 3 9 Default router 10 1 1 1 Ping packets enabled DNS server 10 12 1 99 Domain name yahoo com NetBIOS name server 10 12 1 90 NetBIOS node type h node Next server 10 12 1 99 Next server name 10 12 1 100 Bootfile Bootfile Time server 10 12 1 99 O
242. de Global Configuration mode User Guidelines RSA keys are generated in pairs one public RSA key and one private RSA key If the device already has RSA keys a warning is displayed with a prompt to replace the existing keys with new keys This command is not saved in the router configuration however the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up to another device Example The following example generates RSA key pairs Console config crypto key generate rsa show crypto key mypubkey The show crypto key mypubkey Privileged EXEC mode command displays the device SSH public keys Syntax show crypto key mypubkey Area dsa 184 RSA and Certificate Commands Parameters e rsa Displays the RSA key e dsa Displays the DSA key Command Mode Privileged EXEC mode Example The following example displays the SSH public RSA keys on the device Console show crypto key mypubkey rsa RSA key data 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 O4AEFIBA A54028A6 9YACCO1C5 129D99E4 64CAB820 847EDAD9 DFOB4E4C 73A05DD2 BD62A8A9 FA603DD2 E2A8A6F8 98F76E28 D58AD221 B583D7A4 71020301 87685768 Fingerprint Hex 77 C07 19 85 98 19 27 96 C9 CC 83 C5 78 89 F8 86 Fingerprint Bubble Babble yteriuwt jgkljhglk yewiury hdskjfryt gfhkjglk crypto certificate generate The crypto certificate generate Global Configuration mode comm
243. de VLAN 1 Access Multicast TV VLAN none Trunking Native Mode VLAN 1 Trunking VLANs Enabled 1 General General General General General General General 2 4094 Inactive PVID 1 VLANs Enabled none Egress Tagged VLANs Enabled none Forbidden VLANs none Ingress Filtering enabled Acceptable Frame Type all GVRP status disabled Customer Mode VLAN none Private Private Private Private vlan promiscuous association primary VLAN none vlan promiscuous association Secondary VLANs Enabled none vlan host association primary VLAN none vlan host association Secondary VLAN Enabled none DVA disable 3386 Port Channel Commands Address Table Commands bridge multicast filtering Use the bridge multicast filtering Global Configuration mode command to enable the filtering of multicast addresses Use the no form of this command to disable multicast address filtering Syntax bridge multicast filtering no bridge multicast filtering Default Configuration Multicast address filtering is disabled All multicast addresses are flooded to all ports Command Mode Global Configuration mode User Guidelines If multicast devices exist on the VLAN do not change the unregistered multicast addresses states to drop on the device ports If multicast devices exist on the VLAN and IGMP snooping is not enabled the bridge multicast forward all command should be used to enable forwarding all multicast pa
244. disable the shaper Syntax traffic shape commiutted rate committed burst no traffic shape Parameters e committed rate Specifies the average traffic rate CIR in kbits per second kbps Range GE 6 4kbps maximum port speed 10GE 64Kbps maximum port speed e committed burst Specifies the excess burst size CBS in bytes Range 4KB 16MB Default Configuration The shaper is disabled Command Mode Interface Configuration Ethernet Port channel mode Example The following example sets a shaper on gigabitethernet port 1 0 5 on queue 1 when the average traffic rate exceeds 124000 kbps or the normal burst size exceeds 9600 bytes Console config interface gil 0 5 Console config if traffic shape 1 124000 9600 742 Quality of Service QoS Commands traffic shape queue Use the traffic shape queue Interface Configuration Ethernet Port channel mode command to configure the egress queue shaper Use the no form of this command to disable the shaper Syntax traffic shape queue gucuc id committed rate committed burst no traffic shape queue gueue id Parameters queue id Specifies the queue number to which the shaper is assigned e committed rate Specifies the average traffic rate CIR in kbits per second kbps Range 64 kbps maximum port speed e committed burst Specifies the excess burst size CBS in bytes Range 4 KB 16 MB Default Configuration The shaper is disabled
245. ds enable the user to perform basic tests and display system information The user level prompt consists of the device host name followed by the angle bracket gt console gt The default host name is console unless it has been changed using the hostname command in the Global Configuration mode Privileged EXEC Mode Privileged access is password protected to prevent unauthorized use because many of the privileged commands set operating system parameters The password is not displayed on the screen and is case sensitive Privileged users enter directly into the Privileged EXEC mode Use disable to return to the User EXEC mode Global Configuration Mode Global Configuration mode commands apply to features that affect the system as a whole rather than just a specific interface To enter the Global Configuration mode enter configure in the Privileged EXEC mode and press lt Enter gt The Global Configuration mode prompt is displayed console config Use exit end or ctrl z to return to the Privileged EXEC mode Interface Configuration Modes Commands in the following modes perform specific interface operations A8 Line Interface Contains commands to configure the management connections These include commands such as line speed timeout settings etc The Global Configuration mode command line is used to enter the Line Configuration command mode VLAN Database Contains commands to create a VLAN a
246. duplex Operational MAU type 1000BaseTFD 802 3 Link Aggregation Aggregation capability Capable of being aggregated Aggregation status Not currently in aggregation 444 LLDP Commands Aggregation port ID 1 802 3 Maximum Frame Size 1522 802 3 EEE Local Tx 30 usec Local Rx 25 usec Remote Tx Echo 30 usec Remote Rx Echo 25 usec 802 1 PVID 1 802 1 PPVID 2 supported enabled 802 1 VLAN 2 VLAN2 802 1 Protocol 88 8E 01 LLDP MED capabilities Network Policy Location Identification LLDP MED Device type Network Connectivity LLDP MED Network policy Application type Voice Flags Tagged VLAN VLAN ID 2 Layer 2 priority 0 DSCP 0 LLDP MED Power over Ethernet Device Type Power Sourcing Entity Power source Primary Power Source Power priority High Power value 9 6 Watts LLDP MED Location Coordinates 54 53 c01 7 51 57 50 ba 5b 97 27 80 00 00 67 01 LLDP MED Inventory Hardware Revision Bl Firmware Revision Al LLDP Commands 445 Software Revision 3 8 Serial number 7978399 Manufacturer name Manufacturer Model name Model 1 Asset ID Asset 123 Switch show lldp local gil 0 2 LLDP is disabled show IIdp neighbors Use the show Ildp neighbors Privileged EXEC mode command to display information about neighboring devices discovered using Link Layer Discovery Protocol LLDP The information can be displayed for all interfaces or for a specific interface Syntax show lldp
247. during DAD processing to 2 on gigabitethernet port 1 0 9 Console config interface gigabitethernet 1 0 9 Console config if ipv6 nd dad attempts 2 ipv6 host Use the ipv6 host Global Configuration mode command to define a static host name to address mapping in the host name cache Use the no form of this command to remove the host name to address mapping Syntax ipv6 host name spv6 address ipv6 addressZ 1pv6 address4 no ipv6 host name IPv6 Addressing Commands 635 Parameters nameName of the host Range 1 158 characters ipv6 address1 Associated IPv6 address This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16 bit values between colons When the IPv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the user guidelines for the interface name syntax e ipv6 address2 4 Optional Additional IPv6 addresses that may be associated with the host s name Default Configuration No host is defined Command Mode Global Configuration mode User Guidelines The format of an IPv6Z address is lt ipv6 link local address gt lt interface name gt interface name vlan lt integer gt ch lt integer gt isatap lt integer gt lt physical port name gt integer lt decimal number gt lt integer gt lt decimal number gt decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designat
248. e Example console configure console config line console console config line motd banner console config line exit console config line telnet console config line motd banner console config line ssh console config line exit console config line motd banner show banner Use the show banner command in EXEC mode to display the configuration of banners User Interface Commands 61 Syntax show banner motd show banner login show banner exec Parameters This command has no arguments or keywords Command Mode EXEC mode Examples Device gt show banner motd Banner MOTD Line SSH Enabled Line Telnet Enabled Line Console Enabled 10000 giga ports switch console console show banner login Banner Login Line SSH Enabled Line Telnet Enabled Line Console Enabled console console show banner exec Banner EXEC Line SSH Enabled Line Telnet Enabled Line Console Enabled console 62 User Interface Commands Macro Commands macro name Use the Macro Name Global Configuration mode command to create a user defined macro Use the no form of this command to delete the macro definition Syntax macro name macro name no macro name macro name Parameters macro name Name of the macro Macro names are case sensitive Default Configuration The command has no default setting Command Mode Global Configuration mode User
249. e User Guidelines The configured source IPv4 address is used for forming the tunnel interface identifier The interface identifier is set to the 8 least significant bytes of the SIP field of the encapsulated IPv6 tunneled packets Example console config interface tunnel 1 console config tunnel tunnel source auto tunnel isatap query interval Use the tunnel isatap query interval Global Configuration mode command to set the time interval between Domain Name System DNS queries before the ISATAP router IP address is known for the automatic tunnel router domain name Use the no form of this command to restore the default configuration Syntax tunnel isatap query interval seconds no tunnel isatap query interval 646 Tunnel Commands Parameters seconds sSpecifies the time interval in seconds between DNS queries Range 10 3600 Default Configuration The default time interval between DNS queries is 10 seconds Command Mode Global Configuration mode User Guidelines This command determines the time interval between DNS queries before the ISATAP router IP address is known If the IP address is known the robustness level that is set by the tunnel isatap robustness Global Configuration mode command determines the refresh rate Example The following example sets the time interval between DNS queries to 30 seconds Console config tunnel isatap query interval 30 tunnel isatap solicitation interval Use th
250. e Possible values are B Bridge R Router W WLAN Access Point T Telephone D DOCSIS cable device H Host r Repeater O Other System description The neighbor device s system description Port description The neighbor device s port description Management address The neighbor device s management address Auto negotiation support The auto negotiation support status on the port Supported or Not Supported Auto negotiation status The active status of auto negotiation on the port Enabled or Disabled LLDP Commands 449 Auto negotiation Advertised Capabilities The port speed duplex flow control capabilities advertised by the auto negotiation Operational MAU type The port MAU type LLDP MED Capabilities The sender s LLDP MED capabilities Device type The device type Indicates whether the sender is a Network Connectivity Device or Endpoint Device and if an Endpoint to which Endpoint Class it belongs LLDP MED Network Policy Application type The primary function of the application defined for this network policy Flags Flags The possible values are Unknown policy Policy is required by the device but is currently unknown Tagged VLAN The specified application type is using a Tagged VLAN Untagged VLAN The specified application type is using an Untagged VLAN VLAN ID The VLAN identifier for
251. e released iSCSI Commands 589 Example The following example enables iSCSI awareness globally Console config iscsi enable iscsi target port Use the iscsi target port Global Configuration mode command to configures iSCSI target ports Use the no form of this command to delete the iSCSI target ports Syntax iscsi target port tcp port 1 tcp port Z tcp port 8 address ip address name targetname no iscsi target port cp port 1 tcp port 2 tcp port 8 address ip address Parameters tcp port Specifies the TCP port number or list of TCP port numbers on which iSCSI targets listen to requests Up to 8 TCP ports can be defined in the system in one command or by using multiple commands Range 165536 e address ip address Specifies the iSCSI target IP address If the no form is used and the TCP port to be deleted is one that was bound to a specific IP address the IP address field must be present name targetname Spcecifies the iSCSI target name The name can be statically configured but it can also be obtained from iSNS or from the send largets response The initiator must present both its iSCSI Initiator Name and the iSCSI Target Name to which it wishes to connect in the first login request of a new session or connection The name must comprise valid characters as specified by RFC 3722 Length 1 223 characters Default Configuration iSCSI well known ports 3260 and 860 are configured
252. e time the device adds the port to the guest VLAN Example The following example sets the delay between enabling 802 1x and adding a port to a guest VLAN to 60 seconds Console config dot1lx guest vlan timeout 60 dot1x guest vlan enable Use the dot1x guest vlan enable Interface Configuration Ethernet mode command to enable unauthorized users on the interface access to the guest VLAN Use the no form of this command to disable access Syntax dotlx guest vlan enable no dot1x guest vlan enable Default Configuration The default configuration is disabled Command Mode Interface Configuration Ethernet mode User Guidelines A device can have only one global guest VLAN The guest VLAN is defined using the dot Is guest vlan Interface Configuration mode command 802 1x Commands 317 Example The following example enables unauthorized users on gigabitethernet port 1 0 1 to access the guest VLAN Console config interface gigabitethernet 1 0 15 Console config if dot1x guest vlan enable dot1x mac authentication Use the dotlx mac authentication Interface Configuration Ethernet mode command to enable authentication based on the station s MAC address Use the no form of this command to disable access Syntax dotlx mac authentication mac only mac and 802 1x no dotlx mac authentication Parameters e mac only Enables authentication based on the station s MAC address only 802 1X frames are ignored
253. e Protocol SNTP traffic from servers Use the no form of this command to disable the feature Syntax sntp authenticate no sntp authenticate Default Configuration Authentication is disabled Command Mode Global Configuration mode 112 Clock Commands User Guidelines The command is relevant for both unicast and broadcast Examples The following example enables authentication for received SNTP traffic Console config sntp authenticate Device config sntp authentication key 8 md5 ClkKey Device config sntp trusted key 8 Device config sntp authenticate sntp trusted key The sntp trusted key Global Configuration mode command authenticates the system identity with which Simple Network Time Protocol SNTP synchronizes Use the no form of this command to disable system identity authentication Syntax sntp trusted key key number no sntp trusted key key number Parameters key number Specifies the key number of the authentication key to be trusted Range 14294967295 Default Configuration No keys are trusted Command Mode Global Configuration mode User Guidelines The command is relevant for both received unicast and broadcast Clock Commands 113 Examples The following example authenticates key 8 Console config sntp trusted key 8 Device config sntp authentication key 8 md5 ClkKey Device config sntp trusted key 8 Device config sntp authenticate sntp client poll timer
254. e Rapid Spanning Tree Protocol RSTP is enabled e mst Specifies that the Multiple Spanning Tree Protocol MSTP is enabled Default Configuration The default is RSTP Command Mode Global Configuration mode User Guidelines In RSTP mode the device uses STP when the neighbor device uses STP In MSTP mode the device uses RSTP when the neighbor device uses RSTP and uses STP when the neighbor device uses STP Example The following example configures the spanning tree protocol as RSTP console config spanning tree mode mstp spanning tree forward time Use the spanning tree forward time Global Configuration mode command to configure the spanning tree bridge forward time which is the amount of time a port remains in the listening and learning states before entering the forwarding state Use the no form of this command to restore the default configuration 454 Spanning Tree Commands Syntax spanning tree forward time seconds no spanning tree forward time Parameters seconds Specifies the spanning tree forward time in seconds Range 4 30 Default Configuration The default forwarding time for the IEEE Spanning Tree Protocol STP is 15 seconds Command Mode Global Configuration mode User Guidelines When configuring the forwarding time the following relationship should be maintained 2 Forward Time 1 gt Max Age Example The following example configures the spanning tree bridge forwarding time to
255. e VLAN state is oui enabled Operational Voice VLAN state is oui enabled Best Local Voice VLAN ID is 1 default Best Local VPT is 4 Best Local DSCP is 1 Aging timeout 1440 minutes CoS 6 Remark Yes OUI table MAC Address Prefix Description 00 E0 BB 3COM 00 03 6B Cisco 00 E0 75 Veritel 00 D0 1E Pingtel 00 01 E3 Simens 00 60 B9 NEC Philips 00 0F E2 Huawei 3COM 00 09 6E Avaya Interface Enabled Secure Activated cos Mode Voice VLAN Commands 565 gil 0 1 Yes Yes Yes all gil 0 2 Yes Yes No src gil 0 3 No No src 566 Voice VLAN Commands DHCP Snooping and ARP Inspection Commands ip dhcp snooping Use the ip dhcp snooping Global Configuration mode command to enable Dynamic Host Configuration Protocol DHCP Snooping globally Use the no form of this command to restore the default configuration Syntax ip dhcp snooping no ip dhep snooping Default Configuration DHCP snooping is disabled Command Mode Global Configuration mode User Guidelines For any DHCP Snooping configuration to take effect DHCP Snooping must be enabled globally DHCP Snooping on a VLAN is not active until DHCP Snooping on a VLAN is enabled by using the ip dhcp snooping vlan Global Configuration mode command Example The following example enables DHCP Snooping on the device Console config ip dhcp snooping DHCP Snooping and ARP Inspection Commands 567 ip dhcp snooping vian Use the ip dhcp snooping vlan Glo
256. e command returns an error on one of the interfaces an error message is displayed and command execution continues on the other interfaces VLAN Commands 495 Example The following example groups VLANs 221 through 228 and 889 to receive the same command Console config interface range vlan 221 228 vlan 889 Console config if name Use the name Interface Configuration VLAN mode command to add a name to a VLAN Use the no form of this command to remove the VLAN name Syntax name string no name Parameters string Specifies a unique name associated with this VLAN Length 1 32 characters Default Configuration No name is defined Command Mode Interface Configuration VLAN mode It cannot be configured for a range of interfaces range context User Guidelines The VLAN name must be unique Example The following example gives VLAN number 19 the name Marketing Console config interface vlan 19 Console config if name Marketing 496 VLAN Commands switchport protected port Use the switchport protected port Interface Configuration mode command to isolate unicast multicast and broadcast traffic at Layer 2 from other protected ports on the same switch Use the no form of this command to disable protection on the port Syntax switchport protected port no switchport protected port Parameters This command has no arguments or keywords Default Configuration Unprotected Command Mode
257. e command to specify one or more authentication authorization and accounting AAA methods for use on interfaces running IEEE 802 1x Use the no form of this command to restore the default configuration Syntax aaa authentication dotlx default method method no aaa authentication dot ls default Parameters method method2 Specify at least one method from the following list Keyword Description radius Uses the list of all RADIUS servers for authentication none Uses no authentication Default Configuration The default method is Radius Command Mode Global Configuration mode User Guidelines Additional methods of authentication are used only if the previous method returns an error and not if the request for authentication is denied Specify 802 1x Commands 295 none as the final method in the command line to ensure that authentication succeeds even if all methods return an error Example The following example uses the aaa authentication dot ls default command with no authentication Console config aaa authentication dot1lx default none dot1x system auth control Use the dot1x system auth control Global Configuration mode command to enable 802 1x globally Use the no form of this command to restore the default configuration Syntax dot1x system auth control no dotlx system auth control Default Configuration All the ports are in FORCE_AUTHORIZED state Command Mode Global Configura
258. e images which are displayed in a hexadecimal format pry files cannot be displayed Example The following example displays the running configuration file contents Configuration Image File Commands 135 console more running config no spanning tree interface range gil 0 1 48 speed 1000 exit no lldp run line console exec timeout 0 exit cd Use the ed Privileged EXEC mode command to change the current directory ed new directory Parameters new directory The new directory The new directory path may be specificed as either a Full Clarified Path or a Relative Path Command Mode Privileged EXEC mode User Guidelines When command cd changes the current file system the current directory of the previous file system is saved and when the command specifying only the file system for example cd usb sets the file system as current the current directory is restored Example console cd usb private conf console pwd usb private conf console d 4 console pwd usb private console cd flash 136 Configuration Image File Commands console pwd flash console cd usb console pwd usb private console cd flash console pwd flash console cd usb console pwd usb rename The rename Privileged EXEC mode command renames a file Syntax rename url new url Parameters e url Specifies the file location URL Length 1 160 characters e new url Specifies the
259. e index Specifies the set of samples to display Range 1 65535 e throughput Displays throughput counters RMON Commands _ 281 e errors Displays error counters e other Displays drop and collision counters e period seconds Specifies the period of time in seconds to display Range 1 2147483647 Command Mode EXEC mode Example The following examples display RMON Ethernet history statistics for index Console show rmon history 1 throughput Sample Set 1 Owner CLI Interface gil 0 1 Interval 1800 Requested samples 50 Granted samples 50 Maximum table size 500 Time Octets Packets Broadcast Multicast Util Jan 18 2005 303595962 357568 3289 7287 19 21 57 00 287696304 275686 2789 5878 20 Jan 18 2005 21357230 Console show rmon history 1 errors Sample Set 1 Owner Me Interface gil 0 1 Interval 1800 Requested samples 50 Granted samples 50 Maximum table size 500 800 after reset Time CRC Align Under Oversize Fragments Jabbers size Jan 18 2005 1 l 0 49 0 21257200 Jan 18 2005 1 1 0 25 0 21257230 282 RMON Commands Console show rmon history 1 other Sample Set 1 Owner Me Interface gil 0 1 Interval 1800 Requested samples 50 Granted samples 50 Maximum table size 500 Time Dropped Collisions Jan 18 2005 21 57 00 3 0 Jan 18 2005 21 57 30 3 0 The following table describes significant fields shown in the display Field Description Time Date and Time the entry i
260. e passwords lockout Global Configuration mode command enables user account lockout after a series of authentication failures Use the no form of this command to disable the lockout feature Syntax passwords lockout number no passwords lockout Parameters number Specifies the number of authentication failures before the user account is locked out Range 1 5 Default Configuration Lockout is disabled Command Mode Global Configuration mode User Guidelines The setting is relevant to local users passwords line passwords and enable passwords The account is not locked out for access from the local console A user with privilege level 15 can release accounts that are locked out by using the set username active set enable password active and set line active Privileged EXEC mode commands Disabling lockout unlocks all users Re enabling lockout resets the authentication failures counters Changing the authentication failures threshold does not reset the counters 242 AAA Commands Example The following example enables user account lockout after 3 successive authentication failures Console config passwords lockout 3 aaa login history file The aaa login history file Global Configuration mode command enables writing to the login history file Use the no form of this command to disable writing to the login history file Syntax aaa login history file no aaa login history file Default Configuration Writin
261. e pool parameters such as the IP subnet number and default router list Example The following example configures Pooll as the DHCP address pool Console config ip dhcp pool network pooll Console config dhcp address DHCP Host Use the address DHCP Pool Host Configuration mode command to manually bind an IP address to a Dynamic Host Configuration Protocol DHCP client Use the no form of this command to remove the IP address binding to the client Syntax address ip address mask prefix length client 1dentifier unique identifier hardware address mac address no address DHCP Server Commandes 659 Parameters e address Specifies the client IP address e mask Specifies the client network mask e prefix length Specifies the number of bits that comprise the address prefix The prefix is an alternative way of specifying the client network mask The prefix length must be preceded by a forward slash e unique identifier Specifies the distinct client identification in dotted hexadecimal notation Each byte in a hexadecimal character string is two hexadecimal digits Bytes are separated by a period or colon For example 01b7 0813 8811 66 e hardware address Specifies the MAC address Default Configuration DHCP hosts are not configured Command Mode DHCP Pool Host Configuration mode Example The following example manually binds an IP address to a Dynamic Host Configuration Protocol DHCP client
262. e time interval between tokens being placed in the bucket Each token represents a single ICMP error message The acceptable range is from 0 2147483647 with a default of 100 milliseconds Setting milliseconds to 0 disables rate limiting Range 0 2147483647 e bucketsize Optional The maximum number of tokens stored in the bucket The acceptable range is from 1 200 with a default of 10 tokens IPv6 Addressing Commands 625 Default Configuration The default interval is 100ms and the default bucketsize is 10 i e 100 ICMP error messages per second Command Mode Global Configuration mode User Guidelines To set the average ICMP error rate limit calculate the interval with the following formula Average Packets Per Second 1 interval bucket size Example console config ipv6 icmp error interval 123 45 show ipv6 icmp error interval Use the show ipv6 error interval command in the EXEC mode to display the IPv6 ICMP error interval Syntax show ipv6 icmp error interval Command Mode EXEC mode Example Console gt show ipv6 icmp error interval Rate limit interval 100 ms Bucket size 10 tokens 626 IPv6 Addressing Commands ipv6 address Use the ipv6 address Interface Configuration mode command to configure an IPv6 address for an interface Use the no form of this command To remove the address from the interface Syntax ipv6 address ipv6 address pretix length eut 64 anycast no ipv6 address ipv6
263. e tunnel isatap solicitation interval Global Configuration mode command to set the time interval between ISATAP router solicitation messages Use the no form of this command to restore the default configuration Syntax tunnel isatap solicitation interval seconds no tunnel isatap solicitation interval Parameters seconds Spcecifies the time interval in seconds between ISATAP router solicitation messages Range 10 3600 Tunnel Commands 647 Default Configuration The default time interval between ISATAP router solicitation messages is 10 seconds Command Mode Global Configuration mode User Guidelines This command determines the interval between router solicitation messages when there is no active ISATAP router If there is an active ISATAP router the robustness level set by the tunnel isatap robustness Global Configuration mode command determines the refresh rate Example The following example sets the time interval between ISATAP router solicitation messages to 30 seconds Console config tunnel isatap solicitation interval 30 tunnel isatap robustness Use the tunnel isatap robustness Global Configuration mode command to configure the number of DNS query router solicitation refresh messages that the device sends Use the no form of this command to restore the default configuration Syntax tunnel isatap robustness number no tunnel isatap robustness Parameters number Specifies the number of DNS query router
264. e values are Auto or Never Priority The port inline power management priority The possible values are Critical High or Low Oper State Describes the port inline power operational state The possible values are On Off Test Fail Testing Searching or Fault Power over Ethernet PoE Commands 363 Field Description Classification The power consumption classification of the powered device Overload Counter Counts the number of overload conditions detected Short Counter Counts the number of short conditions detected Denied Counter Counts the number of times power was denied Absent Counter Counts the number of times power was removed because powered device dropout was detected Invalid Signature Counts the number of times an invalid signature of a Counter powered device was detected The following table describes the fields shown in the display Following is a list of port status values Port is on valid capacitor detected Port is on valid resistor detected Port is off main supply voltage is high Port is off main supply voltage is low Port is off disable all ports pin is active Port is off non existing port number Fewer ports are available than the max Port is off Port is yet undefined Port is off internal hardware fault Port is off user setting Port is off detection is in process Port is off non 802 3af powered device Port is off Overlo
265. eason for Failure Radius server rejected authentication because username password mismatch Example 3 802 1x Commands 327 Switch show dotlx monitoring Tom Username Tom Port gil 0 1 Quiet period 60 Seconds Tx period 30 Seconds Max req 2 Supplicant timeout 30 Seconds Server timeout 30 Seconds Session Time HH MM SS 08 19 17 MAC Address 00 08 78 32 98 78 Authentication Method Remote Assigned VLAN 207 Reason for Failure VLAN was not defined on Switch 328 802 1x Commands Ethernet Configuration Commands interface Use the interface Global Configuration mode command to configure an interface and enter interface configuration mode Syntax interface interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel interface range Use the interface range command to execute acommand on multiple ports at the same time Syntax interface range interface id list Parameters interface id list Specify list of interface IDs The interface ID can be one of the following types Ethernet port or Port channel User Guidelines Commands under the interface range context are executed independently on each interface in the range If the command returns an error on one of the interfaces it does not stop the execution of the command on other interfaces Ethernet Configuration Commands 329 Example console config inte
266. ece cece eee eee eee 332 flowcontrl ve SEN E cet ENNEN Heed EE EE 333 flowcontrol Global 334 show flowcontrol ence eee e eens 335 MGI Fee eats enue eae Sea teed eae 336 back pressure 20020eeeeee eee e eee eee 337 port jumbo frame 20 ece cece eee eee ee 337 Clear counters 0 cece cece eee eee e ee eeees 338 Set interface acte 339 show interfaces configuration 45 339 show interfaces status 340 show interfaces advertise 000e0e00e 341 show interfaces description 342 show interfaces counters eae 343 show port jumbo frame n annuae 346 show errdisable interfaces 0ceceeeeeeee 346 storm control broadcast enable aaua 347 storm control broadcast level kbps 348 storm control include multicast aaaea 349 show storm control usunne 350 21 PHY Diagnostics Commands 351 test cable diagnostics nr 351 show cable diagnostics ur 352 show cable diagnostics cable length 353 show fiber ports optical transceiver 353 22 Power over Ethernet PoE Commands 357 power inline cece eee eee eee 357 power inline powered device 358 power inline priority 358 power inline usage threshold 359 power inline traps enahle 360 power inline Im 361 show power inline 00eee eee ee eee 361 show pow
267. ed or an Untagged VLAN e up priority User Priority Layer 2 priority to be used for the specified application e dscp value DSCP value to be used for the specified application Default No Network policy is defined Command Mode Global Configuration mode User Guidelines Use the dp med network policy Interface Configuration command to attach a network policy to a port Up to 32 network policies can be defined Example console config lldp med network policy 1 voice signaling vlan 1 Ildp med network policy interface Use the dp med network policy Interface Configuration Ethernet mode command to attach or remove an LLDP MED network policy on an interface Use the no form of this command to remove all the LLDP MED network policies from the interface 436 LLDP Commands Syntax lldp med network policy fadd remove number no Ildp med network policy number Parameters e number Spccifies the network policy sequential number e add Attaches the specified network policy to the interface e remove Removes the specified network policy from the interface Default Configuration No network policy is attached to the interface Command Mode Interface Configuration Ethernet mode User Guidelines For each port only one network policy per application voice voice signaling etc can be defined Example The following example attaches LLDP MED network policy 1 to gigabitethernet port 1 0 1 Console
268. ed port number for example 1 0 16 Example console config ipv6 host server 3000 a3 1b ipv6 neighbor Use the ipv6 neighbor command to configure a static entry in the Pv6 neighbor discovery cache Use the no form of this command to remove a static IPv6 entry from the IPv6 neighbor discovery cache 636 IPv6 Addressing Commands Syntax ipv6 neighbor org ar intertace id hw_addr no ipv6 neighbor ipv6_addr interface id Parameters e Ipv6_addr Specifies the Pv6 address to map to the specified MAC address e interface id Specifies the interface that is associated with the Pv6 address e hw_addr Specifies the MAC address to map to the specified IPv6 address Command Mode Global Configuration mode User Guidelines The IPv6 neighbor command is similar to the ARP global command If an entry for the specified IPv6 address already exists in the neighbor discovery cache learned through the IPv6 neighbor discovery process the entry is automatically converted to a static entry A new static neighbor entry with a global address can be configured only if a manually configured subnet already exists in the device Use the show IPv6 neighbors command to view static entries in the IPv6 neighbor discovery cache Example console config ipv6 neighbor 3000 a3lb vlan 1 001b 3f 9c 84ea ipv6 set mtu Use the ipv6 mtu Interface Configuration mode command to set the maximum transmission unit MTU size of IPv6 packets
269. ed secure address Interface Configuration Ethernet Port channel mode command to add a MAC layer secure address to a routed port Use the no form of this command to delete a MAC address from a routed port Syntax port security routed secure address mac address no port security routed secure address mac address Parameters mac address Specifies the MAC address 398 Address Table Commands Default Configuration No addresses are defined Command Mode Interface Configuration Ethernet port channel mode It cannot be configured for a range of interfaces range context User Guidelines This command enables adding secure MAC addresses to a routed port in port security mode The command is available when the port is a routed port and in port security mode The address is deleted if the port exits the security mode or is not a routed port This command is required because the bridge address command cannot be executed on internal VLANs Example The following example adds the MAC layer address 66 66 66 66 66 66 to gigabitethernet port 1 0 1 Console config interface gigabitethernet 1 0 1 Console config if port security routed secure address 66 66 66 66 66 66 show mac address table Use the show mac address table EXEC command to view entries in the MAC address table Syntax show mac addtess table dynamic static secure vlan vlan interface intertace 1d address mac address Parameters e dynamic Dis
270. ed user view Console config snmp server group user group v3 priv read user view snmp server user Use the snmp server user Global Configuration mode command to configure a new SNMP Version 3 user Use the no form of the command to remove a user Syntax snmp server user username groupname v1 v2c d remote host v3 encrypted auth md5 sha auth password no snmp server user username remote host Parameters username The name of the user on the host that connects to the agent Range Up to 20 characters e groupname The name of the group to which the user belongs The group should be configured using the command snmp server group with v3 parameters no specific order of the 2 command configurations is imposed on the user Range Up to 30 characters e remote host IP address of the remote SNMP host e vl Specifies that vl is to be used e v2ce Specifies that v2c is to be used SNMP Commands 165 e v3 Specifies that v3 is to be used e encrypted Specifies whether the password appears in encrypted format e auth Specifies which authentication level is to be used e md5 Specifies the HMAC MD5 96 authentication level e Sha Specifies the HMAC SHA 6 authentication level e auth password Spcecifies the authentication password Parameters Range engineid string5 32 characters auth passwordUp to 32 characters Default No group entry exists Command Mode Global configuration
271. eens 259 tacacs server key 260 tacacs server timeout 00 0 cece eee eee 261 tacacs server spuren 262 Show taCacsS 0 cc cce eee ec eee a i 263 17 Syslog Commands 265 logging op 265 Logging host eer ENEE Nee 266 logging Console c ccc eee cence eee eeee 267 logging buffered ccc cece eee eee eeee 268 Clear Jogging 269 logging filen esu EE Ee ae Ee eee 270 Clear logging file 270 aaa logging 271 file system logging 272 management logging 273 show logging 273 show logging le 274 show selon server 276 18 RMON Commands 277 Show rmon statistics cece eee eee eens 271 rmon Collection stats 279 show rmon collection stats 0eeeeeeeeee 280 show rmon ston 281 mon AlarM 0 cece i 284 show rmon alarm table ec eeee eee n eee 286 Show rmon alamm cece eee e een eeee 287 mon event ee See EE EE eee eae vee e 289 Show rmon events 290 show rmon log cece cece eee eee eens 291 rmon table size 0ec0ceeeeeeeeeeeeaaeees 292 19 802 1x Commands 295 aaa authentication dot x cece eee eee 295 dot1x system auth control 0ec eee 296 dotix port control eee eee eee 296 dot1x re authentication 298 dotix timeout reauth period 298 dot1x re authenticate cc cece eee eee ee 299 dot1x timeout quiet period 5 300 dot1x time
272. efault Console_E hentication Method Lists Radius Local Line ogin Line None thentication Method Lists Enable Enable Radius nable None Line Login Method List Enable Method List Console Console_Login Console_Enable Telnet Default Default SSH Default Default HTTP Radius local HTTPS Radius local Dot1x Radius password The password Line Configuration mode command specifies a password on a line also known as access method such as a console or Telnet Use the no form of this 226 AA command to return to the default password A Commands Syntax password password encrypted no password Parameters e password Specifies the password for this line Length 0 159 characters e encrypted Specifies that the password is encrypted and copied from another device configuration Default Configuration No password is defined Command Mode Line Configuration mode Example The following example specifies the password secret on a console Console config line console Console config line password secret service password recovery Use the service password recovery global configuration mode command to enable full functionality of the password recovery mechanism Use the no service password recovery command to allow password recovery mechanism without keeping the configuration and user files Syntax service password recovery no service password recovery Parameters N A
273. efault port CoS value e dscp Specifies that ingress packets are classified with packet DSCP values Default Configuration CoS is the default trust mode Command Mode Global Configuration mode User Guidelines This command can be used only in QoS basic mode Packets entering a quality of service QoS domain are classified at the edge of the QoS domain When the packets are classified at the edge the switch port within the QoS domain can be configured to one of the trusted states 752 Quality of Service Q0S Commands because there is no need to classify the packets at every switch within the domain Use this command to specify whether the port is trusted and which fields of the packet to use to classify traffic When the system is configured with trust DSCP the traffic is mapped to the queue by the DSCP queue map When the system is configured with trust CoS the traffic is mapped to the queue by the CoS queue map Example The following example configures the system to the DSCP trust state Console config qos trust dscp qos trust Interface Use the qos trust Interface Configuration Ethernet Port channel mode command to enable each port trust state while the system is in the basic QoS mode Use the no form of this command to disable the trust state on each port Syntax qos trust no qos trust Default Configuration Each port is enabled while the system is in basic mode Command Mode Interface Conf
274. elay Commands 653 You can use the command regardless if DHCP Relay is enabled on the interface Example The following example defines the DHCP server on VLAN 21 Console config interface vlan 21 Console config if ip dhcp relay address 176 16 1 1 show ip dhcp relay Use the show ip dhcp relay EXEC mode command to display the server addresses on the DHCP relay Syntax show ip dhcp relay Command Mode EXEC mode Example The following example displays the server addresses on the DHCP relay Console gt show ip dhcp relay DHCP relay is globally enabled DHCP relay is enabled on VLANs 1 2 DHCP relay is enabled on ports 1 1 DHCP relay is enabled on port channels Servers 172016 LH 172 16 811 Console gt show ip dhcp relay 654 DHCP Relay Commands DHCP relay is globally enabled DHCP relay is enabled on VLANs 1 2 Servers 172 16 1 11 172 16 8 11 ip dhcp information option Use the ip dhcp information option Global Configuration command to enable DHCP option 82 data insertion Use the no form of this command to disable DHCP option 82 data insertion Syntax ip dhcp information option no ip dhcp information option Parameters N A Default Configuration DHCP option 82 data insertion is disabled Command Mode Global Configuration mode User Guidelines DHCP option 82 would be enabled only if DHCP snooping or DHCP relay are enabled Example The following example enable DHCP option 82
275. emoves the specified MAC address from the voice VLAN OUI table Length 3 bytes Default Configuration The default voice VLAN OUI table is OUI Description 00 e0 bb 3COM Phone 00 03 6b Cisco Phone 00 e0 75 Veritel Polycom Phone 00 d0 1e Pingtel Phone 00 01 e3 Siemens AG Phone 00 60 b9 NEC Philips Phone 00 0f e2 Huawei 3COM Phone 00 09 6e Avaya Phone Command Mode Global Configuration mode 558 Voice VLAN Commands User Guidelines The classification of a packet to Packets from VoIP Equipment Phones is based on the packet s OUI of the source Mac Address In MAC addresses the first three bytes contain a manufacturer ID Organizationally Unique Identifiers OUI and the last three bytes contain a unique station D OUIs are globally assigned administered by the IEEE Since the number of IP phones manufacturers that dominates the market is limited and well known the known OUI values can be configured as a default and user configurable to the switch Example The following example adds an entry to the voice VLAN OUI table Console config voice vlan oui table add 00 AA BB description experimental voice vlan cos mode Use the voice vlan cos mode Interface Configuration mode command to select the OUI Voice VLAN Class Of Service mode Use the no form of this command to return to the default Syntax voice vlan cos mode src all no voice vlan cos mode Parameters e src QoS
276. er e Hardware address The MAC address or client identifier of the host as recorded on the DHCP Server DHCP Server Commands 689 690 DHCP Server Commands IP Routing Protocol Independent Commands ip route Use the ip route Global Configuration mode command to configure static routes Use the no form of this command to remove static routes Syntax ip route prefix mask prefix length 1p address metric distance reject route no ip route prefix mask pretix length ip address Parameters prefix Spccifies the IP address that is the IP route prefix for the destination IP mask Specifies the network subnet mask of the IP address prefix ptefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Range 0 32 ip address Specifies the IP address or IP alias of the next hop that can be used to reach the network metric distance Specifies an administrative distance Range 1 255 reject route Stops routing to the destination network via all gateways Default Configuration The default administrative distance is 1 IP Routing Protocol Independent Commands 691 Command Mode Global Configuration mode Example The following example configures a static route with prefix 172 16 0 0 prefix length 16 and gateway 131 16 1 1 Console config ip route 172 16 0 0 16 131 16 1 1 ip routing Use the ip routing Globa
277. er inline consumption 365 show power inline version 366 23 EEE Commands 369 eee enable global 00cecceeeeeeeee 369 eee enable interface cece eee 369 eee lldp enable eee eee eee 370 SHOW ee EEN eee NENNEN eee alee aioe 370 24 Green Ethernet 377 show green ethernet eee eees 377 green ethernet short reach global 379 green ethernet short reach interface 379 green ethernet short reach force 05 380 green ethernet short reach threshold 381 green ethernet power meter reset 382 25 Port Channel Commands 383 port channel load balance 384 show interfaces port channel 385 26 Address Table Commands 387 bridge multicast filtering c cee eeeee 387 bridge multicast address 388 bridge multicast forbidden address 389 bridge multicast unregistered nuunneannaa 390 bridge multicast forward all 00005 391 bridge multicast forbidden forward all 392 16 mac address table star 393 clear mac address table 394 mac address table aging time 395 port sec 396 port security mode 397 port security man 397 port security routed secure address 398 show mac address table 399 show mac address table co
278. er is defined Command Mode Global Configuration mode User Guidelines Define an aggregate policer if the policer is shared with multiple classes Policers in one port cannot be shared with other policers in another device Traffic from two different ports can be aggregated for policing purposes An aggregate policer can be applied to multiple classes in the same policy map An aggregate policer cannot be applied across multiple policy maps An aggregate policer cannot be deleted if it is being used in a policy map The no police aggregate Policy map Class Configuration mode command must first be used to delete the aggregate policer from all policy maps before using the no mls qos aggregate policer command Policing uses a token bucket algorithm CIR represents the speed with which the token is removed from the bucket CBS represents the depth of the bucket 736 Quality of Service QoS Commands Example The following example defines the parameters of a policer called Policer that can be applied to multiple classes in the same policy map When the average traffic rate exceeds 124 000 kbps or the normal burst size exceeds 9600 bytes the packet is dropped Console config qos aggregate policer policerl 124000 9600 exceed action drop show qos aggregate policer Use the show qos aggregate policer EXEC mode command to display the aggregate policer parameter Syntax show qos aggregate policer ageregate policer name P
279. eral Specitfies a full 802 1q supported VLAN port customer Specifies that the port is connected to customer equipment Used when the switch is in a provider network e private vlan promiscous Private VLAN promiscous port e private vlan host Private VLAN host port Default Configuration Command Mode Interface Configuration Ethernet port channel mode User Guidelines e When the port mode is changed it receives the configuration corresponding to the mode e If the port mode is changed to access and the access VLAN does not exist then the port will not belongs to any VLAN 500 VLAN Commands Example The following example configures gigabitethernet port 1 0 1 as an untagged layer 2 VLAN port Console config interface gigabitethernet 1 0 1 Console config if switchport mode access switchport access vlan Use the switchport access vlan Interface Configuration Ethernet port channel mode command to configure the VLAN ID when the interface is in access mode Use the no form of this command to restore the default configuration Syntax switchport access vlan vlan id none no switchport access vlan Parameters vlan id Specifies the VLAN ID to which the port is configured none Specifies the access port cannot belong to any VLAN Default Configuration If the default VLAN is enabled the VLAN ID is 1 Otherwise it is not a member of any VLAN Command Mode Interface Configuration
280. ering or an integer such as 8 Length 1 32 characters Default Configuration DHCP hosts are not configured Command Mode Global Configuration mode User Guidelines During execution of this command the configuration mode changes to the DHCP Pool Configuration mode which is identified by the config dhcp prompt In this mode the administrator can configure host parameters such as the IP subnet number and default router list Example The following example configures Station as the DHCP address pool Console config ip dhcp pool host station Console config dhcp ip dhcp pool network Use the ip dhcp pool network Global Configuration mode command to configure a Dynamic Host Configuration Protocol DHCP address pool on a DHCP Server and enter DHCP Pool Configuration mode Use the no form of this command to remove the address pool Syntax ip dhcp pool network name 658 DHCP Server Commands no ip dhcp pool network name Parameters name spccifies the DHCP address pool name It can be either a symbolic string such as engineering or an integer such as 8 Length 1 32 characters Default Configuration DHCP address pools are not configured Command Mode Global Configuration mode User Guidelines During execution of this command the configuration mode changes to DHCP Pool Network Configuration mode which is identified by the config dhcp prompt In this mode the administrator can configur
281. ers Syntax show snmp users username Parameters username Specifies the user name Length 1 30 characters Command Mode Privileged EXEC mode SNMP Commands 181 Example The following example displays the configured SNMP users Console show snmp users Auth Name Group name Method Remote John user group md5 John user group md5 08009009020C0B099C075879 182 SNMP Commands RSA and Certificate Commands crypto key generate dsa The crypto key generate dsa Global Configuration mode command generates DSA key pairs Syntax crypto key generate dsa Default Configuration DSA key pairs do not exist Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs one public DSA key and one private DSA key If the device already has DSA keys a warning is displayed with a prompt to replace the existing keys with new keys This command is not saved in the router configuration However the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up to another device Example The following example generates DSA key pairs Console config crypto key generate dsa RSA and Certificate Commands 183 crypto key generate rsa The crypto key generate rsa Global Configuration mode command generates RSA key pairs Syntax crypto key generate rsa Default Configuration RSA key paris do not exist Command Mo
282. ers passwords line passwords and enable passwords Password history is not checked during a configuration download The password history is kept even if the password history check is disabled The password history for a user is kept as long as the user is defined Example The following example sets the number of password changes required before a password can be reused to 10 Console config passwords history 10 240 AAA Commands passwords history hold time The passwords history hold time Global Configuration mode command configures the duration that a password is relevant for tracking passwords history Use the no form of this command to return to the default configuration Syntax passwords history hold time days no passwords history hold time Parameters days Specifies the number of days a password is relevant for tracking passwords history Range 1 365 Default Configuration Command Mode Global Configuration mode User Guidelines The setting is relevant to local users passwords line passwords and enable passwords The passwords are not deleted from the history database when they are not relevant for the password history tracking Increasing the hold time might return back passwords Example The following example configures the duration that a password is relevant for tracking passwords history Console config passwords history hold time 10 AAA Commands 241 passwords lockout Th
283. erver set command Example The following example configures the scalar MIB sysName with the value TechSupp Console config snmp server set sysName sysname TechSupp show snmp Use the show snmp Privileged EXEC mode command to display the SNMP status Syntax show snmp Command Mode Privileged EXEC mode 176 SNMP Commands Example The following example displays the SNMP communications status Console show snmp SNMP is enabled Community Community Access View name IP Address Type String EE read only user view All Router PEIVaE read write Default 172 16 1 1 1 Router private su DefaultSuper 0 Router Ll 164 LA Community Group name IP address Type string public user group All Router raps are enabled Authentication trap is enabled Version 1 2 notifications Target Address Type Community Version UDP Filter TO Retries Port name Sec 92 122 173 42 Trap public 2 162 15 92 122 173 42 Info public 2 162 15 rm Version 3 notifications Target Address Type Username Security UDP Filter TO Retries Level Port name Sec 192 122 173 42 Info Bob Priv 162 ES 3 rm System Contact Robert System Location Marketing SNMP Commands 177 The following table describes the significant fields shown in the display Field Description Community string The community access string permitting access to the SNMP protocol Community access The access type read only read write super access IP Addre
284. es are Telnet SSH HTTP HTTPS and SNMP e spv4 address Specifies the source IPv4 address spv6 address ipvo pretix length Specifies the source IPv6 address and source IPv6 address prefix length The prefix length must be preceded by a forward slash The parameter is optional e mask mask Specifies the source Pv address network mask This parameter is relevant only to IPv4 addresses e mask prefix length Specifies the number of bits that comprise the source IPv4 address prefix The prefix length must be preceded by a forward slash This parameter is relevant only to IPv4 addresses Range 0 32 Command Mode Management Access List Configuration mode User Guidelines Rules with ethernet VLAN and port channel parameters are valid only if an IP address is defined on the appropriate interface Example The following example permits all ports in the access list called mlist Console config management access list mlist Console config macl permit deny Management The deny Management Access List Configuration mode command sets conditions for the management access list Management ACL Commande 153 Syntax deny interface id service service deny ip source 7pv4 address ipv6 address ipv6 prefix length mask mask prefix length intertace 1d service service Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port P
285. es not exist on the switch the supplicant is rejected Example console config interface gil 0 1 console config if dotlx radius attributes vlan dot1x radius attributes filter id Use the dot1x radius attributes filter id Interface Configuration mode command to enable user based ACL Qos Policy assignment Use the no form of this command to disable user based ACL Qos Policy assignment Syntax dot ls radius attributes filter id no dotlx radius attributes filter id Parameters This command has no arguments or keywords Default Disabled Command Mode Interface Configuration Ethernet mode 802 1x Commands 321 User Guidelines User based ACL Qos Policy assignment is supported only in 802 1x multiple sessions The configuration of the parameter is allowed only when the port is Forced Authorized or Forced Unauthorized dot1x radius attributes errors Use the dotls radius attributes errors Global Configuration mode command to specify error handling for the Radius attributes feature Use the no form of this command to return to default Syntax dotlx radius attributes errors A ter 1d resources accept reject no dotlx radius attributes errors f ter id resources Parameters accept If the Filter ID cannot be allocated for resource allocation reasons the user is accepted If the Filter ID canot be allocated for other reasons the user is rejected reject If the Filter ID cannot be assigned the user is re
286. es on the network segment Doing so may cause starvation of some time sensitive protocols like STP The show tech support command may timeout if the configuration file output takes longer to display than the configured session timeout time If this happens enter a set logout timeout value of 0 to disable automatic disconnection of idle sessions or enter a longer timeout value The show tech support command output is continuous it does not display one screen at a time To interrupt the output press Esc If you specify the config keyword the show tech support command displays a list of the commands supported on the device If user specifies the memory keyword the show tech support command displays the output flash info dir if existed or flash mapping show bootvar buffers info like print os buff memory info like print os mem proc info lie print os tasks versions of software components show cpu utilization system fans always on Use the system fans always on Global Configuration command to set the system fans to On regardless of device temperature Use the no form of the command to return to default Syntax system fans always on wt omg no system fans always on Parameters unit unit Unit number or all If unspecified defaults to all Range 1 8 102 System Management Commands Default Configuration Automatic mode The system fan speed depends on the temperature of the device Command Mode Global
287. eters e access list name Name of the IPv4 access list access list name 0 32 characters Use for empty string Default No IPv4 access list is defined Command Mode Global Configuration mode User Guidelines IPv4 ACL is defined by a unique name IPv4 ACL IPv6 ACL MAC ACL or Policy Map cannot have the same name Example console config ip access list extended server 695 permit IP Use the permit IP Access list Configuration mode command to set permit conditions for IPv4 access list Syntax permit protocol any source source wildcard any destination destination wildcard dscp number precedence number time range time range name permit icmp any source source wildcard any destination destination wildcard any icmp type any d icmp code dscp number precedence number time range time range name permit emp any source source wildcard any destination destination wildcard igmp type dscp number d precedence number time range time range name permit tcp fany source source wildcard any source port port range any destination destination wildcard any destination port port range dscp number d precedence number match all list of flags time range time range name permit udp fany source source wildcard any source port port range any destination destination wildcard any destination port port range dscp number d precedence number match
288. eturn to default Syntax green ethernet short reach threshold cab e ength no green ethernet short reach threshold Parameters cable length Specifies the maximum cable length in meters measured by VCT that allows applying short reach mode cable length 0 70 meters Default Configuration The default length is 40 meters Command Mode Global Configuration mode User Guidelines Note that the automatic cable length measurement accuracy is 10 meters i e a cable with a real length of 30 m may be evaluated in the range of 20m 40m Length performance depends on the link partner signal quality cable quality and whether link partner also operates in short reach mode Green Ethernet 381 The recommended default is 50m as recommended by Marvell PHY team for any cable type see appendix However Marvell tests show that link partner can operate error free with an up to 80 m cable cat 5e The user may choose to change the threshold parameter under certain circumstances Setting the threshold to 0 meters basically results in the short reach feature always being disabled because the threshold will always be exceeded green ethernet power meter reset Use the green ethernet power meter reset Privileged EXEC mode command to reset the power save meter Syntax green ethernet power meter reset Command Mode Privileged EXEC mode 382 Green Ethernet Port Channel Commands Use the channel group Interface Configuration
289. evaluated after the absolute end time is reached All time specifications are interpreted as local time To ensure that the time range entries take effect at the desired times the software clock should be set by the user or by SNTP If the software clock is not set by the user or by SNTP the time range ACE are not activated The user cannot delete a time range that is bounded to an ACE or to any other feature Example Console config time range http allowed Console config time range absolute start 12 00 1 jan 2005 end 12 00 31 dec 2005 Console config time range periodic monday 8 00 to friday 20 00 absolute Use the absolute Time range Configuration mode command to specify an absolute time when a time range is in effect Use the no form of this command To remove the time limitation Syntax absolute start hh mm day month year no absolute start absolute end hh mm day month year no absolute end 714 Parameters e start Absolute time and date that the permit or deny statement of the associated access list starts going into effect If no start time and date are specified the permit or deny statement is in effect immediately e end Absolute time and date that the permit or deny statement of the associated access list is no longer in effect If no end time and date are specified the permit or deny statement is in effect indefinitely e hh mm Time in hours military format and minutes Range 0 23 mm
290. evice to send SNMP traps Use the no form of the command to disable SNMP traps Syntax snmp server enable traps no snmp server enable traps Default Configuration SNMP traps are enabled Command Mode Global Configuration mode Example The following example enables SNMP traps Console config snmp server enable traps SNMP Commands 173 snmp server trap authentication Use the snmp server trap authentication Global Configuration mode command to enable the device to send SNMP traps when authentication fails Use the no form of this command to disable SNMP failed authentication traps Syntax snmp server trap authentication no snmp server trap authentication Default Configuration SNMP failed authentication traps are enabled Command Mode Global Configuration mode Example The following example enables SNMP failed authentication traps Console config snmp server trap authentication snmp server contact Use the snmp server contact Global Configuration mode command to configure the system contact sysContact string Use the no form of the command to remove the system contact information Syntax snmp server contact text no snmp server contact Parameters text Specifies the string describing system contact information Length 1 160 characters 174 SNMP Commands Command Mode Global Configuration mode Example The following example configures the system contact point called Technical_Support
291. f a MAC address can be aged out from the FDB table the Interface field can be empty When an ARP entry is associated with an IP interface that is defined on a port or port channel the VLAN field is empty The possible neighbor cash states are 640 IPv6 Addressing Commands e INCMP Incomplete Address resolution is being performed on the entry Specifically a Neighbor Solicitation has been sent to the solicited node multicast address of the target but the corresponding Neighbor Advertisement has not yet been received e REACH Reachable Positive confirmation was received within the last ReachableTime milliseconds that the forward path to the neighbor was functioning properly While REACHABLE no special action takes place as packets are sent e STALE More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly While stale no action takes place until a packet is sent e DELAY More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly and a packet was sent within the last DELAY_FIRST_PROBE_TIME seconds If no reachability confirmation is received within DELAY_FIRST_PROBE_TIME seconds of entering the DELAY state send a Neighbor Solicitation and change the state to PROBE e PROBE A reachability confirmation is actively sought by retransmitting Nei
292. fies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following examples display spanning tree information Console show spanning tree bpdu Global Flooding Interface Admin Mode Oper Mode gil 0 1 Global Flooding gil 0 2 Global STP gi1 0 3 Flooding STP Spanning Tree Commands 491 492 Spanning Tree Commands VLAN Commands vlan database Use the vlan database Global Configuration mode command to enter the VLAN Configuration mode Syntax vlan database Command Mode Global Configuration mode Example The following example enters the VLAN database mode Console config vlan database Console config vlan vlan Use the vlan VLAN Configuration mode command to create a VLAN Use the no form of this command to restore the default configuration or delete a VLAN Syntax vlan vlan range name vlan namej no vlan vlan range The device accepts also the following syntax VLAN Commands 493 vlan v an range name vlan name media ethernet state active no vlan v an range Parameters e vlan range Specifies a list of VLAN IDs to add Separate nonconsecutive VLAN IDs with a comma and no spaces Use a hyphen to designate a range of IDs e name Specifies the VLAN name The option is only valid in cass where only one VLAN is configured by the command Range 1 32 characters Command Mode VLAN
293. fig Download via DHCP enable Next Boot Config Download via DHCP default Auto Config State Opening lt hostname gt config file Auto Update Image Download via DHCP enabled Example 3 console show boot Auto Config Config Download via DHCP enable Next Boot Config Download via DHCP default Auto Config State Downloading configuration file Auto Update 146 Auto Update and Auto Configuration Image Download via DHCP enabled console show boot Auto Config Config Download via DHCP enable Next Boot Config Download via DHCP default Auto Config State Searching hostname in indirect configuration file Auto Update Image Download via DHCP enabled console show boot Auto Config Config Download via DHCP enable Next Boot Config Download via DHCP default Auto Config State Quit failed all steps of finding existing configuration file Auto Update Image Download via DHCP enabled console show boot Auto Config Config Download via DHCP enable Next Boot Config Download via DHCP default Auto Update Image Download via DHCP enabled Auto Update State Downloaded indirect image file Auto Update and Auto Configuration 147 console show boot Auto Config Config Download via DHCP enable Next Boot Config Download via DHCP default Auto Update Image Download via DHCP enabled Auto Update State Downloading image file console show boot Auto Config Config Download via DHCP enab
294. figured no Address 00 02 4b 29 7a 00 Designated path cost 20000 00 02 4b6b 29 89 76 00 02 4b 29 7a 00 Number of topology changes 2 last change occurred 1d9h ago Times hello 2 max age 20 488 Spanning Tree Commands hold 1 topology change 2 notification 2 forward delay 15 Port 1 gil 0 1 State Forwarding Port id 128 1 Type P2p configured Designated bridge Priority 128 1 Number of transitions to forwarding state enabled auto Boundary RSTP 32768 Designated port id BPDU sent 2 received 120638 Port 2 gil 0 2 enabled State Forwarding Port id 128 2 Type Shared configured auto Designated bridge Priority 32768 128 2 Number of transitions to forwarding state BPDU received 170638 Designated port id sent 2 Port 3 gil 0 3 State Blocking Port ids 128 3 Type Shared Designated bridge Priority 128 78 Number of transitions to forwarding state disabled auto Internal 32768 configured Designated port id BPDU sent 2 received 170638 Port 4 gil 0 4 enabled State Forwarding Port id 128 4 Type Shared configured auto Internal Designated bridge Priority 32768 128 2 Number of transitions to forwarding state BPDU received 170638 Designated port id sent 2 Spanning Tree Commands Boundary STPPort Fast No Role Boundary Port cost 20000 Port Fast No configured no Address 00 02 4b 29 7a 00 Designated path cost 2000
295. fine the match criteria for classifying traffic Use the no form of this command to delete the match criteria Syntax match access group ac name no match access group ac name Parameters acl name Specifies the MAC or IP Access Control List ACL name Default Configuration No match criterion is supported Command Mode Class map Configuration mode Example The following example defines the match criterion for classifying traffic as an access group called Enterprise in a class map called Class1 Console config class map classl Console config cmap match access group enterprise policy map Use the policy map Global Configuration mode command to creates a policy map and enter the Policy map Configuration mode Use the no form of this command to delete a policy map Quality of Service QoS Commands 727 Syntax policy map policy map name no policy map policy map name Parameters policy map name Specifies the policy map name Default Configuration The default behavior of the policy map is to set the DSCP value to 0 if the packet is an IP packet and to set the CoS value to 0 if the packet is tagged Command Mode Global Configuration mode User Guidelines Use the policy map Global Configuration mode command to specify the name of the policy map to be created added to or modified before configuring policies for classes whose match criteria are defined in a class map Entering the policy map Global Co
296. flag should be unset it is prefixed oo by Available options are urg tack psh rst syn fin urg 697 ack psh rst syn and fin The flags are concatenated to a one string For example fin ack e time range name Name of the time range that applies to this permit statement Range 1 32 Default No IPv4 access list is defined Command Mode IP Access list Configuration mode User Guidelines You enter IP access list configuration mode by using the IP Access list Global Configuration command After an access control entry ACE is added to an access control list an implied deny any any condition exists at the end of the list That is if there are no matches the packets are denied However before the first ACE is added the list permits all packets The number of TCP UDP ranges that can be defined in ACLs is limited You can define up to ASIC specific ranges for TCP and up to ASIC specific ranges for UDP If a range of ports is used for source port in ACE it would be not be counted again if it is also used for source port in another ACE If a range of ports is used for destination port in ACE it would be not be counted again if it is also used for destination port in another ACE If a range of ports is used for source port it would be counted again if it is also used for destination port Example console config ip access list extended server console config ip al permit ip 1 1 1
297. following example configures the source IP address used for communication with all RADIUS servers to 3ffe 1900 4545 3 200 f8ff fe2 1 67cf console config radius server source ipv6 3ffe 1900 4545 3 200 f8ff fe21 67cf 254 RADIUS Commands radius server timeout Use the radius server timeout Global Configuration mode command to set the time interval during which the device waits for a server host to reply Use the no form of this command to restore the default configuration Syntax radius server timeout timeout no radius server timeout Parameters timeout Specifies the timeout value in seconds Range 1 30 Default Configuration The default timeout value is 3 seconds Command Mode Global Configuration mode Example The following example sets the timeout interval on all RADIUS servers to 5 seconds Console config radius server timeout 5 radius server deadtime Use the radius server deadtime Global Configuration mode command to configure the time interval during which unavailable RADIUS servers are skipped over by transaction requests This improves RADIUS response time when servers are unavailable Use the no form of this command to restore the default configuration Syntax radius server deadtime deadtime no radius server deadtime RADIUS Commands 255 Parameters deadtime Specifies the time interval in minutes during which a RADIUS server is skipped over by transaction requests Range 0 2000
298. following list Keyword Description enable Uses the enable password for authentication line Uses the line password for authentication none Uses no authentication radius Uses the list of all RADIUS servers for authentication Uses username enabx where x is the privilege level tacacs Uses the list of all TACACS servers for authentication Uses username enabx where x is the privilege level AAA Commands _ 221 Default Configuration The enable password command is the default authentication login method This is the same as entering the command aaa authentication enable default enable On a console the enable password is used if a password exists If no password is set authentication still succeeds This is the same as entering the command aaa authentication enable default enable none Command Mode Global Configuration mode User Guidelines The default and additional list names created with the aaa authentication enable command are used with the enable authentication command All aaa authentication enable default requests sent by the device to a RADIUS or TACACS server include the username enabx where x is the requested privilege level Create a list by entering the aaa authentication enable list name method command where list name is any character string used to name this list The method argument identifies the list of methods that the authentication algorithm tries in the given seque
299. g CPU utilization is disabled Command Mode Global Configuration mode User Guidelines Use the show cpu utilization Privileged EXEC command to view information on CPU utilization 86 System Management Commands Example The following example enables measuring CPU utilization Console config service cpu utilization show cpu utilization The show cpu utilization Privileged EXEC mode command displays information about CPU utilization Syntax show cpu utilization Command Mode Privileged EXEC mode User Guidelines Use the service cpu utilization Global Configuration mode command to enable measuring CPU utilization Example The following example displays CPU utilization information Console show cpu utilization CPU utilization service is on CPU utilization clear cpu counters The clear cpu counters EXEC mode command clears traffic counters to and from the CPU Syntax clear cpu counters System Management Commande 87 Command Mode EXEC mode Example The following example clears the CPU traffic counters Console clear cpu counters service cpu counters The service cpu counters Global Configuration mode command enables traffic counting to and from the CPU To disable counting use the no form of this command Syntax service cpu counters no service cpu counters Command Mode Global Configuration mode User Guidelines Use the show cpu counters command to display the CPU traffic counters
300. g is configured on following VLANs 21 DHCP snooping database is Enabled Relay agent Information option 82 is Enabled Option 82 on untrusted port is allowed Verification of hwaddr field is Enabled DHCP snooping file update frequency is configured to 6666 seconds Interface Trusted gil 0 1 Yes gil 0 2 Yes show ip dhcp snooping binding Use the show ip dhcp snooping binding User EXEC mode command to display the DHCP Snooping binding database and configuration information for all interfaces or for a specific interface Syntax show ip dhcp snooping binding mac address mac address ip address ip address vlan vlan 1d intertace 1d Parameters mac address mac address Specifies a MAC address ip address ip address Specifies an IP address e vlan vlan id Specifies a VLAN ID e interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode User EXEC mode DHCP Snooping and ARP Inspection Commands 575 Example The following examples displays the DHCP snooping binding database and configuration information for all interfaces on a device Console show ip dhcp snooping binding Update frequency 1200 Total number of binding 2 Mac Address IP Address Lease Type VLAN Interface EE sec Ee Ee 0060 704C 73 LE RE o sarn snooping 3 1 21 FF 10 1 8 2 7983 snooping 3 1 22 0060 704C 7B 92332 s Cl ip arp inspection Use the
301. g time This is due to a lack of ASIC counters used by the application for aging iSCSI Commands 593 When changing the iSCSI session aging time the following occurs e If the aging time is increased the aging time for the current session is recalculated and increased by the difference between the new aging time and the current aging time e If the aging time is decreased the aging time for the current session is recalculated and decreased by the difference between the new aging time and the current aging time If after recalculation it is determined that the current session idle time is greater than the new aging time the session is immediately terminated Example The following example sets the aging time for iSCSI sessions to 10 minutes Console config iscsi aging time 10 iscsi max tcp connections To set the maximum number of iSCSI sessions that can be supported use the iscsi max tcp connections command in global configuration mode To return to default use the no form of this command Syntax iscsi max tcp connections max connections no iscsi max tcp connections Parameters max connections Specifies the maximum number of iSCSI connections that can be supported 5 1024 Default Configuration 256 TCP connections Command Mode Global Configuration mode 594 iSCSI Commands User Guidelines The new setting will take affect only after reset This command enables the user to define the number of iSCS
302. g to the login history file is enabled Command Mode Global Configuration mode User Guidelines The login history is stored in the device internal buffer Example The following example enables writing to the login history file Console config aaa login history file set username active The set username active Privileged EXEC mode command reactivates a locked out user account AAA Commands 243 Syntax set username name active Parameters name Specifies the user name Length 1 20 characters Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Example The following example reactivates user Bob Console config set username Bob active set line active The set line active Privileged EXEC mode command reactivates a locked out line Syntax set line console telnet ssh active Parameters e console Reactivates the console terminal line e telnet Reactivates the virtual terminal for remote Telnet console access e ssh Reactivates the virtual terminal for secured remote SSH console access Default Configuration There is no default configuration for this command 244 AAA Commands Command Mode Privileged EXEC mode Example The following example reactivates the virtual terminal for remote Telnet console access Console config set line telnet active set enable password active The set enable password ac
303. ganization Specifies the organization name Length 1 64 characters e loc location Specifies the location or city name Length 1 64 characters e st state Spccifies the state or province name Length 1 64 characters cu country Specifies the country name Length 2 characters Command Mode Privileged EXEC mode User Guidelines Use this command to export a certificate request to a Certification Authority The certificate request is generated in Base64 encoded X 509 format RSA and Certificate Commands 187 Before generating a certificate request first generate a self signed certificate using the crypto certificate generate Global Configuration mode command to generate the keys The certificate fields must be re entered After receiving the certificate from the Certification Authority use the crypto certificate import Global Configuration mode command to import the certificate into the device This certificate replaces the self signed certificate Example The following example displays the certificate request for HTTPS Console crypto certificate 1 request BEGIN CERTIFICATE REQUEST MIwTCCASoCAQAwY jELMAkGA1UEBhMCUFAxC zAJBgNVBAgTAkKNDMOQswCOQYDVOQQH EwRDEMMAoGA1UEChMDZGxkMOQwwCgYDVOQLEWNkKbGOxC zAJUBgNVBAMTAmxkMRAw DgKoZIhvcNAQkBFgF sMIG fMANGCSgqGS Ib3DQEBAQUAA4GNADCBiQKBgQC8ecwQ HdMLO831i0fh FOMV Kib6Sz5p 3nUUenbfHp igVPmFM inbgTDekb2ymCu6K aKvEDVLF 9F2LmM7VP jDBb 9bb4 jnxkvwW wzDLvW2rsy5NPmH10V
304. ghbor Solicitations every RetransTimer milliseconds until a reachability confirmation is received Example Console show ipv6 neighbors dynamic Interface IPv6 address HW address State Router VLAN 1 fe80 200 cff fe4a dfa8 00 00 0c 4a df a8 stale yes VLAN 1 fe80 2d0 b7ff feal 264d 00 d0 b7 al 26 4d stale no clear ipv6 neighbors Use the clear ipv6 neighbors Privileged EXEC mode command to delete all entries in the IPv6 neighbor discovery cache except for static entries IPv6 Addressing Commands 641 Syntax clear ipv6 neighbors Parameters This command has no keywords or arguments Command Mode Privileged EXEC mode Example console clear ipv6 neighbors 642 IPv6 Addressing Commands Tunnel Commands interface tunnel Use the interface tunnel Global Configuration mode command to enter the Interface Configuration Tunnel mode Syntax interface tunnel number Parameters number Specifies the tunnel index Command Mode Global Configuration mode Example The following example enters the Interface Configuration Tunnel mode Console config interface tunnel 1 Console config tunnel tunnel mode ipv6ip Use the tunnel mode ipv6ip Interface Configuration Tunnel mode command to configure an Pv6 transition mechanism global support mode Use the no form of this command to remove an Pv6 transition mechanism Syntax tunnel mode ipv6ip 7satap Tunnel Commands 643 no tunnel mode spv6ip
305. gmp snooping multicast tv The show ip igmp snooping multicast tv EXEC mode command displays the IP addresses associated with Multicast TV VLANs Syntax show ip igmp snooping multicast tv v an vlan id Parameters vlan vlan id Specifies the VLAN ID 538 IGMP Snooping Commands Command Mode EXEC mode Example The following example displays the IP addresses associated with all Multicast TV VLANs Console show ip igmp snooping multicast tv VLAN IP Address 295 2295 2295 255 2255 295 22995 299 oa O OGO a 20 4 J On OP WN k CO IGMP Snooping Commands 539 540 IGMP Snooping Commands LACP Commands lacp system priority Use the lacp system priority Global Configuration mode command to set the system priority Use the no form of this command to restore the default configuration Syntax lacp system priority va ue no lacp system priority Parameters value Specifies the system priority value Range 1 65535 Default Configuration The default system priority is 1 Command Mode Global Configuration mode Example The following example sets the system priority to 120 Console config lacp system priority 120 LACP Commands 541 lacp port priority Use the lacp port priority Interface Configuration Ethernet mode command to set the physical port priority Use the no form of this command to restore the default configuration Syntax lacp port priority va ue
306. h therefore the Quality of Service QoS Commands 725 order is important The class map command and its subcommands are used to define packet classification marking and aggregate policing as part of a globally named service policy applied on a per interface basis If there is more than one match statement in a match all class map and if there is a repetitive classification field in the participating ACLs an error message is generated After entering the Quality of Service QoS Class map Configuration mode the following configuration commands are available exit Exits the QoS Class map Configuration mode match Configures classification criteria no Removes a match statement from a class map Example The following example creates a class map called Class and configures it to check that packets match all classification criteria in the class map match statement Console config class map classl match all Console config cmap show class map The show class map EXEC mode command displays all class maps Syntax show class map c ass map name Parameters class map name Specifies the name of the class map to be displayed Command Mode EXEC mode Example The following example displays the class map for Class 726 Quality of Service Q0S Commands Console gt show class map classl Class Map match any classl id4 Match Ip dscp 11 21 match Use the match Class map Configuration mode command to de
307. h gt show eee gil 0 15 Port Status UP EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Speed 10G EEE not supported Current port speed 1Gbps EEE Remote status disabled EEE Administrate status enabled EEE Operational status disabled neighbor does not support EEE LLDP Administrate status enabled EEE Commands EEE LLDP Operational status disabled Example 6 EEE is disabled on the port Switch gt show eee gil 0 10 Port Status UP EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Speed 10G EEE not supported Current port speed 1Gbps EEE Administrate status disabled EEE Operational status disabled EEE LLDP Administrate status enabled EEE LLDP Operational status disabled Example 7 EEE is running on the port EEE LLDP is disabled Switch gt show eee gil 0 12 Port Status UP EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Speed 10G EEE not supported Current port speed 1Gbps EEE Remote status enabled EEE Administrate status enabled EEE Operational status enabled EEE LLDP Administrate status disabled EEE LLDP Operational status disabled Resolved Tx Timer 10usec EEE Commands 373 Local Tx Timer 10 usec Resolved Timer 25 usec Local Rx Timer 20 usec Example 8 EEE and EEE LLDP are running on the port Switch gt show eee gil 0 3 Port Status UP EEE capa
308. hannel mode It cannot be configured for a range of interfaces range context User Guidelines This configuration can be applied only if at least one IP address is defined on a specific interface Example The following example enables the ARP proxy Console config if ip proxy arp clear arp cache Use the clear arp cache Privileged EXEC mode command to delete all dynamic entries from the ARP cache Syntax clear arp cache Command Mode Privileged EXEC mode Example The following example deletes all dynamic entries from the ARP cache Console clear arp cache show arp Use the show arp Privileged EXEC mode command to display entries in the ARP table Syntax show arp ip address 1p address mac address mac address interface id 608 IP Addressing Commands Parameters ip address ip address Specifies the IP address e mac address mac address Specifies the MAC address e interface id_Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode User Guidelines Since the associated interface of a MAC address can be aged out from the FDB table the Interface field can be empty If an ARP entry is associated with an IP interface that is defined on a port or port channel the VLAN field is empty Example The following example displays entries in the ARP table Console show arp ARP timeout 80000 Seconds
309. he banner motd command in Global Configuration mode to specify and enable a message of the day banner Use the no form of this command to delete the existing MOTD banner Syntax banner motd d message text d no banner motd Parameters e d Delimiting character of your choice a pound sign for example You cannot use the delimiting character in the banner message e message text The message must start on a new line You can enter multi line messages You can include tokens in the form of token in the message text Tokens are replaced with the corresponding configuration variable Tokens are described in the User Guidelines The message can contain up to 2000 characters after every 510 characters you must press lt Enter gt to continue User Interface Commands 57 Default Configuration Disabled no MOTD banner is displayed Command Mode Global Configuration mode User Guidelines Follow this command with one or more blank spaces and a delimiting character of your choice Then enter one or more lines of text terminating the message with the second occurrence of the delimiting character When a user connects to a device the message of the day MOTD banner appears first followed by the login banner and prompts After the user logs in to the device the EXEC banner is displayed Use tokens in the form of token in the message text to customize the banner The tokens are described in the table below Inf
310. he day MOTD banner appears first followed by the login banner and prompts After the user logs in to the device the EXEC banner is displayed Use tokens in the form of token in the message text to customize the banner The tokens are described in the table below Information displayed in the banner hostname Displays the host name for the device domain Displays the domain name for the device bold Indicates that the next text is a bold text Using this token again indicates the end of the bold text inverse Indicates that the next text is an inverse text Using this token again indicates the end of the inverse text contact Displays the system contact string location Displays the system location string mac Displays the base MAC address of the device address 56 User Interface Commands Use the no login banner line configuration command to disable the Login banner on a particular line or lines Example The following example sets a Login banner that uses tokens The percent sign is used as a delimiting character Note that the token syntax is replaced by the corresponding configuration variable 2 Device config banner login Enter TEXT message End with the character r You have entered hostname domain 5 When the login banner is executed the user will see the following banner You have entered host123 ourdomain com banner motd Use t
311. he user should also configure the relevant vpt to queue dscp to queue table to complete the setting Setting the VPT DSCP sets the QoS profile that determines the egress queue to which the frame is mapped The switch default setting for egress queues 592 iSCSI Commands scheduling is strict priority The downside of strict priority queuing is that in certain circumstances heavy high priority traffic lower priority traffic may become bandwidth starved In WRR the queue to which the flow is assigned can be set to get the required percentage The user may want to complete the QoS setting by configuring the relevant ports to work in WRR mode with adequate weights Example The following example sets the QoS profile to apply to iSCSI flows by assigning iSCSI frames with DSCP 31 Console config iscsi cos enable Console config iscsi cos dscp 31 iscsi aging time Use the iscsi aging time Global Configuration mode command to set the idle time interval for iSCSI sessions Use the no form of this command to cancel iSCSI session aging Syntax iscsi aging time minutes no iscsi aging time Parameters minutes Spccifies the iSCSI session idle time interval in minutes before the session is terminated Minimum minute Default Configuration The default idle time interval for iSCSI sessions is 120 minutes Command Mode Global Configuration mode User Guidelines iSCSI session aging time may be longer than the defined agin
312. hernet port channel mode command to configure the port priority Use the no form of this command to restore the default configuration Syntax spanning tree port priority priority no spanning tree port priority Parameters ptiority Specifies the port priority Range 0 240 Default Configuration The default port priority for IEEE Spanning Tree Protocol STP is 128 Command Mode Interface Configuration Ethernet port channel mode User Guidelines The priority value must be a multiple of 16 Example The following example configures the spanning priority on gigabitethernet port 1 0 15 to 96 Console config interface gigabitethernet 1 0 15 Console config if spanning tree port priority 96 spanning tree portfast Use the spanning tree portfast Interface Configuration Ethernet port channel mode command to enable the PortFast mode In PortFast mode the interface is immediately put into the forwarding state upon linkup without waiting for the standard forward time delay Use the no form of this command to disable the PortFast mode 460 Spanning Tree Commands Syntax spanning tree portfast auto no spanning tree portfast Parameters auto Specifies that the software waits for 3 seconds with no BPDUs received on the interface before putting the interface into the PortFast mode Default Configuration PortFast mode is disabled Command Mode Interface Configuration Ethernet port channel mode
313. hin a PKCS12 file Syntax crypto certificate number import pkcs12 passphrase Parameters e number Specifies the certificate number Range 1 2 localKeyID 0C 75 81 77 5A 31 53 D1 FF 4E 26 BE 8D 4A FD 8B 22 9F 45 D4 e passphrase Specifies the passphrase used to encrypt the PKCS12 file for export Length 8 96 characters RSA and Certificate Commands 191 Command Mode Privileged EXEC mode User Guidelines Use the passphrase that was exported by the crypto certificate export pkes12 command NOTE This passphrase is saved for later exports Example The following example imports the certificate and the RSA keys within a PKCS12 file Console crypto certificate 1 import pkcs12 passphrase Bag Attributes localKeyID 0C 75 81 77 5A 31 53 D1 FF 4E 26 BE 8D 4A FD 8B 22 9F 45 D4 subject C us ST L CN O OU issuer C us ST L CN O OU MIIBfDCCASYCAQAwDOYJKoZ IhvcNAQEEBOAwS TELMAkGA1UEBhMCdXMxC jAIBgNV BAgTASAxC jAIBgNVBACTASAxC jAIBgNVBAMTASAxC jAIBGNVBAOTASAXC jAIBgNV BAsTASAwHhcNMDQwM jA3MTU1NDQ4WhcNMDUwMjA2MTU1NDO4W4jBIMOswCOYDVOOG EwJ1czEKMAgGA1UECBMBIDEKMAgGA1UEBxMBIDEKMAgGA1UEAxMBIDEKMAgGA1UE ChMBIDEKMAgGA1UECxMBIDBcMA0GCSqGS Ib 3DQEBAQUAA0 sAMEgCQQCZXP tk3e jrulfZw8q8T2o0S5ymrEles sRJE8uahTBJqKul VHGRYJR3VYa 03HSJ741w5MzPI iuWZzrbbuXAxAgMBAAEwDOQYJKoZ IhvcNAQEEBOADQOBO GTLeEN1p1kARxI4C1f TU efig3ff Z t jW5qlt1r5F6zNv GuxXWw7rGzmRyoMxDcYp1TaA4gAIFQOCpFGqiSbAx Bag Attributes localKeyID 0C 7
314. how green ethernet Energy Detect mode Enabled Short Reach mode Disabled Power Consumption 76 3 31W out of maximum 4 33W Cumulative Energy Saved 33 Watt Hour Short Reach cable length threshold 50m Port Energy Detect Short Reach VCT Cable Admin Oper Reason Admin Force Oper Reason Length gil 0 1 on on off off off gil 0 2 on off LU on off off lt 50 gil 0 3 on off LU err Off off 378 Green Ethernet green ethernet short reach global Use the green ethernet short reach Global Configuration mode command to enable green ethernet short reach mode globally Use the no form of this command to disabled it Syntax green ethernet short reach no green ethernet short reach Parameters This command has no arguments or keywords Default Configuration EEE is enabled Command Mode Global Configuration mode Example console config green ethernet short reach green ethernet short reach interface Use the green ethernet short reach Interface Configuration mode command to enable green ethernet short reach mode on an interface Use the no form of this command to disable it on an interface Syntax green ethernet short reach no green ethernet short reach Parameters This command has no arguments or keywords Green Ethernet 379 Default Configuration EFE is enabled Command Mode Interface Configuration mode Ethernet User Guidelines When short reach Mode is enabled and is not forced the VCT Virt
315. ied spanning tree instance Use the no form of this command to restore the default configuration Spanning Tree Commands 467 Syntax spanning tree mst instance id priority priority no spanning tree mst instance id priority Parameters e instance id Specifies the spanning tree instance ID Range 1 15 e priority Specifies the device priority for the specified spanning tree instance This setting affects the likelihood that the switch is selected as the root switch A lower value increases the probability that the switch is selected as the root switch Range 0 61440 Default Configuration The default bridge priority for IEEE Spanning Tree Protocol STP is 32768 Command Mode Global Configuration mode User Guidelines The priority value must be a multiple of 4096 The switch with the lowest priority is the root of the spanning tree Example The following example configures the spanning tree priority of instance to 4096 Console config spanning tree mst 1 priority 4096 spanning tree mst max hops Use the spanning tree mst max hops Global Configuration mode command to configure the number of hops in an MST region before the BDPU is discarded and the port information is aged out Use the no form of this command to restore the default configuration Syntax spanning tree mst max hops Aop count 468 Spanning Tree Commands no spanning tree mst max hops Parameters hop count Specifies the number of hop
316. iguration Ethernet Port channel mode Example The following example configures gigabitethernet port 1 0 15 to the default trust state Quality of Service QoS Commands 753 Console config interface gil 0 15 Console config if qos trust qos cos Use the qos cos Interface Configuration Ethernet Port channel mode command to define the default CoS value of a port Use the no form of this command to restore the default configuration Syntax qos cos default cos no qos COs Parameters default cos Specifies the default CoS value of the port If the port is trusted and the packet is untagged then the default CoS value become the CoS value Range 0 7 Default Configuration The default CoS value of a port is 0 Command Mode Interface Configuration Ethernet Port channel mode User Guidelines Use the default CoS value to assign a CoS value to all untagged packets entering the port Use the qos cos override command to assign this default CoS value to tagged packets Example The following example defines the port gi1 0 15 default CoS value as 3 Console config interface gil 0 15 Console config if qos cos 3 754 Quality of Service QoS Commands qos dscp mutation Use the qos dscp mutation Global Configuration mode command to apply the DSCP Mutation map to system DSCP trusted ports Use the no form of this command to restore the trusted port with no DSCP mutation Syntax qos dscp mutation no q
317. ime 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces 478 Spanning Tree Commands Name State Prio Nbr Cost Sts Role PortFast Type gil 0 1 Enabled 128 1 20000 FWD Desg No P2p RSTP gil 0 2 Enabled 128 2 20000 FWD Desg No Shared STP gil 0 3 Disabled128 3 20000 gil 0 4 Enabled 128 4 20000 FWD Desg No Shared STP gil 0 5 Enabled 128 5 20000 DIS E Console show spanning tree Spanning tree disabled BPDU filtering mode RSTP Default port cost method long Root ID Priority N A Address N A Path Cost N A Root Port N A Hello Time N A Max Age N A Forward Delay N A Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Spanning Tree Commands 479 Name State Prio Nbr Cost Sts Role PortFast Type gil 0 1 Enabled 128 1 20000 KR z KR gil 0 2 Enabled 128 2 20000 KR gil 0 3 Disabled128 3 20000 gil 0 4 Enabled 128 4 20000 gil 0 5 Enabled 128 5 20000 Console show spanning tree active Spanning tree enabled mode RSTP Default port cost method long Root ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port gil 0 1 Hello Time 2 sec Max Age 20 secForward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces 480 Spanning Tree Commands gil 0 1 gil 0 2 gil 0 4 State Prio Nbr Cost Sts Role PortFast Type 20000 F
318. imum length of cable for the TDR test is 120 meters Example The following examples test the copper cables attached to ports 7 and 8 Console test cable diagnostics tdr interface gil 0 7 Cable is open at 64 meters Console test cable diagnostics tdr interface gil 0 8 PHY Diagnostics Commands 351 Can t perform the test on fiber ports show cable diagnostics tdr Use the show cable diagnostics tdr EXEC mode command to display information on the last Time Domain Reflectometry TDR test performed on all copper ports or on a specific copper port Syntax show cable diagnostics tdr nterface interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode EXEC mode User Guidelines The maximum length of cable for the TDR test is 120 meters Example The following example displays information on the last TDR test performed on all copper ports Console gt show cable diagnostics tdr Port Result Length meters Date gil 0 1 OK gil 0 2 Short 50 13 32 00 23 July 2010 gil 0 3 Test has not been performed gil 0 4 Open 64 13 32 00 23 July 2010 gil 0 5 Fiber 352 PHY Diagnostics Commands show cable diagnostics cable length Use the show cable diagnostics cable length EXEC mode command to display the estimated copper cable length attached to all ports or to a specific port Syntax show cable diagnostics cable length snterface interface id
319. in the United States and or other countries Novell is a registered trademark and SUSE is a trademark of Novell Inc in the United States and other countries Oracle is a registered trademark of Oracle Corporation and or its affiliates Citrix Xen XenServer and XenMotion are either registered trademarks or trademarks of Citrix Systems Inc in the United States and or other countries VMware Virtual SMP vMotion vCenter and vSphere are registered trademarks or trademarks of VMWare Inc in the United States or other countries Other trademarks and trade names may be used in this publication to refer to either the entities claiming the marks and names or their products Dell Inc disclaims any proprietary interest in trademarks and trade names other than its own Regulatory Models PC5524 PC5524P PC5548 and PC5548P May 2012 Rev A03 Contents IN EEN 33 2 User Interface Commands 41 enable sire Boies oes ends An E Bees we DENR EE 41 UE TEE 42 UI BEE 42 dl UE 43 exit Configuration cece nnen 43 xit EXEC 6 ARENS EN NNN NN EEN EN eee 44 end osda ord ora E E tigre ea ahh E eee 45 help ed EEN es ete erie 45 history EE 46 O IN EE EE 47 terminal ston 48 terminal history size 49 terminal datadump 0020eeeeeeeee 50 debug mode weed sek ek eS eo 50 show history ccc ec ee eee e eee e eee eens 51 show privilege eee eee eee eee 52 HO si Fins PRS BENE sack Se
320. in the packet Range 0 7 Command Mode Policy map Class Configuration mode User Guidelines This command and the trust Policy map Class Configuration mode command are mutually exclusive within the same policy map Policy maps that contain set or trust Policy map Class Configuration mode commands or that have ACL classifications cannot be attached to an egress interface using the Service policy Interface Configuration mode command To return to the Policy map Configuration mode use the exit command To return to the Privileged EXEC mode use the end command Example The following example creates an ACL places it into a class map places the class map into a policy map and sets the DSCP value in the packet to 56 for classes in policy map called pl console config mac access list extended mi console config mac al permit any any console config mac al exit console config class map cl console config cmap match access group ml console config cmap exit console config policy map pl console config pmap class cl Console config pmap c set dscp 56 police Use the police Policy map Class Configuration mode command to define the policer for classified traffic Use the no form of this command to remove a policer Quality of Service QoS Commands 733 Syntax police committed rate kbps committed burst byte exceed action drop policed dscp transmit no police Parameters e comm
321. including FCS octets but were otherwise well formed Fragments The total number of packets received during this sampling interval that were less than 64 octets in length excluding framing bits but including FCS octets and had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error It is normal for etherHistoryFragments to increment because it counts both runts which are normal occurrences due to collisions and noise hits Jabbers The number of packets received during this sampling interval that were longer than 1518 octets excluding framing bits but including FCS octets and had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Dropped The total number of events in which packets were dropped by the probe due to lack of resources during this sampling interval This number is not necessarily the number of packets dropped it is the number of times this condition has been detected Collisions The best estimate of the total number of collisions on this Ethernet segment during this sampling interval rmon alarm Use the rmon alarm Global Configuration mode command to configure alarm conditions Use the no form of this command to remove an alarm Syntax rmon alarm index mib object id interval rthreshold tthreshold revent
322. ing host global configuration command to log messages to a syslog server Use the no form of this command to delete the syslog server with the specified address from the list of syslogs Syntax logging host 7pv4 address 1pv6 address hostname port port severity level facility facility description text no logging host 7pv4 address 1pv6 address hostname Parameters e ipv4 address IPv4 address of the host to be used as a syslog server ipv6 address Pv6 address of the host to be used as a syslog server When the IPv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the User Guidelines for the interface name syntax e hostname Hostname of the host to be used as a syslog server Only translation to Pv4 addresses is supported Range 1 158 characters Maximum label size 63 e port Port number for syslog messages If unspecified the port number defaults to 514 Range 1 65535 e level Limits the logging of messages to the syslog servers to a specified level emergencies alerts critical errors warnings notifications informational debugging e facility The facility that is indicated in the message It can be one of the following values local0 local local2 local3 local4 local5 local 6 local7 If unspecified the port number defaults to local7 e text Description of the syslog server Range Up to 64 characters 266 S
323. interface list Parameters vlan id Specifies the VLAN IGMP Snooping Commands 525 e interface list Specifies the list of interfaces The interfaces can be one of the following types Ethernet port or Port channel Default No ports defined Command Mode Global Configuration mode User Guidelines A port that is defined as a multicast router port receives all IGMP packets reports and queries as well as all multicast data You can execute the command before the VLAN is created Example console config ip igmp snooping vlan 1 mrouter interface gil 0 1 ip igmp snooping forbidden mrouter interface Use the ip igmp snooping forbidden mrouter interface Global Configuration mode command to forbid a port from being defined as a multicast router port by static configuration or by automatic learning Use the no form of this command to remove the configuration Syntax ip igmp snooping vlan v an id forbidden mrouter interface interface list no ip igmp snooping vlan vlan id forbidden mrouter interface interface list Parameters vlan id Specifies the VLAN e interface list Specifies a list of interfaces The interfaces can be from one of the following types Ethernet port or Port channel Default No ports defined 526 IGMP Snooping Commands Command Mode Global Configuration mode User Guidelines A port that is a forbidden mrouter port cannot be a multicast router port i e cannot be learned dynamically or
324. ion about the users local database Syntax show user accounts Command Mode Privileged EXEC mode 230 AAA Commands Example The following example displays information about the users local database Console show user accounts Username Privilege Bob 15 Robert 15 Smith 15 The following table describes the significant fields shown in the display Field Description Username The user name Privilege The user s privilege level aaa accounting login Use the aaa accounting login command in Global Configuration mode to enable accounting of device management sessions Use the no form of this command to disable accounting Syntax aaa accounting login start stop group radius no aaa accounting login start stop group radius Parameters This command has no arguments or keywords Default Disabled Command Mode Global Configuration mode AAA Commands 231 User Guidelines This command enables the recording of device management sessions Telnet serial and WEB but not SNMP It records only users that were identified with a username e g a user that was logged in with a line password is not recorded If accounting is activated the device sends a start stop messages to a Radius server when a user logs in logs out respectively The device uses the configured priorities of the available Radius servers in order to select the Radius server The following table describes the supported
325. ion are used only if the previous method returns an error not if it fails Specify none as the final method in the command line to ensure that the authentication succeeds even if all methods return an error Example The following example sets the authentication login methods Console config aaa authentication login default radius local enable none 220 AAA Commands aaa authentication enable The aaa authentication enable Global Configuration mode command sets an authentication method for accessing higher privilege levels To restore the default authentication method use the no form of this command Syntax aaa authentication enable default list name method method no aaa authentication enable default list name Parameters e default Uses the listed authentication methods that follow this argument as the default method list when accessing higher privilege levels e list name Specifies a name for the list of authentication methods activated when a user accesses higher privilege levels Length 1 12 characters e method method2 Specifies a list of methods that the authentication algorithm tries in the given sequence The additional authentication methods are used only if the previous method returns an error not if it fails Specify none as the final method in the command line to ensure that the authentication succeeds even if all methods return an error Select one or more methods from the
326. ip default gateway ip address no ip default gateway Parameters ip address Specifies the default gateway IP address Command Mode Global Configuration mode Default Configuration No default gateway is defined Example The following example defines default gateway 192 168 1 1 Console config ip default gateway 192 168 1 1 show ip interface Use the show ip interface EXEC mode command to display the usability status of configured IP interfaces IP Addressing Commands 603 Syntax show ip interface rntertace id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port Port channel or VLAN Command Mode EXEC mode Example The following example displays the configured IP interfaces and their types console show ip interface IP Address I F Type Directed Precedence Status Broadcast 10 5 234 232 24 vlan 1 Static disable No Valid Use the arp Global Configuration mode command to add a permanent entry to the Address Resolution Protocol ARP cache Use the no form of this command to remove an entry from the ARP cache Syntax arp ip address mac address intertace 1d no arp ip address Parameters e ip address IP address or IP alias to map to the specified MAC address e mac address MAC address to map to the specified IP address or IP alias e interface id interface ID Can be Ethernet port Port channel or VLAN 604 IP Addressing C
327. ipv6 mld join group 639 show ipv6 neighbors uaan 640 clear ipv6 neighbors 2 20 eeeeeeeee 641 40 Tunnel Commands 643 interface tunnel 0 0 cece eee eee eee eens 643 tunnel mode ppm 643 tunnel isatap router cece eee 644 tunnel source 645 tunnel isatap query interval auaa 646 tunnel isatap solicitation interval 647 tunnel isatap robustness aaan 648 show ipv6 wunne 649 41 DHCP Relay Commands 651 ip dhcp relay enable Global 651 ip dhcp relay enable Interface 651 ip dhcp relay address Global 05 652 ip dhcp relay address Interface 653 show ip dhcp rela 654 ip dhcp information option 655 show ip dhcp information option 656 42 DHCP Server Commands 657 ip dhcp server 657 ip dhcp pool host cee ee eee eee es 657 ip dhcp pool network ee eee ee 658 address DHCP Host 659 address DHCP Network 660 CASO eeh eee AANER E 661 client name 663 default router cece eee eee eee eee eens 663 CS inoaii i ai i a Ea Ea 664 28 pnetbigos name spner 666 netbios node type 20e eee eee eee 667 NEXU SOMVEN ee EEN ENNEN EE de eee ae 667 MEXt SErVEr MAME 6 cece ee teens 668 HOOUNG 2 5 04 cetceeesedeers a pesin EGU 669 tIMe SOrVer 1 eee a a eee E ee tens 670 TL 671 ip dh
328. is the best source address to use Range Valid IP address tos tos The Type Of Service byte in the IP Header of the packet Range 0 255 Command Mode EXEC mode User Guidelines The traceroute command works by taking advantage of the error messages generated by routers when a datagram exceeds its time to live TTL value The traceroute command starts by sending probe datagrams with a TTL value of one This causes the first router to discard the probe datagram and send back an error message The traceroute command sends several probes at each TTL level and displays the round trip time for each System Management Commande 75 The traceroute command sends out one probe at a time Each outgoing packet can result in one or two error messages A time exceeded error message indicates that an intermediate router has seen and discarded the probe A destination unreachable error message indicates that the destination node has received the probe and discarded it because it could not deliver the packet If the timer goes off before a response comes in the traceroute command prints an asterisk The traceroute command terminates when the destination responds when the maximum TTL is exceeded or when the user interrupts the trace with Esc The traceroute command is not relevant to IPv6 link local addresses Example Router gt traceroute ip umaxpl physics 1lsa umich edu Type Esc to abort Tracing the route to umaxpl physi
329. isable the forwarding of broadcast packets to a specific helper address 612 IP Addressing Commands Syntax ip helper address zp snterface all address udp port Iist no ip helper address ip intertace all address Parameters e ip interface Specifies the IP interface e all Specifies all IP interfaces e address Specifies the destination broadcast or host address to which to forward UDP broadcast packets A value of 0 0 0 0 specifies that UDP broadcast packets are not forwarded to any host e udp port list Specifies the destination UDP port number to which to forward broadcast packets Range 1 65535 Default Configuration Forwarding of User Datagram Protocol UDP broadcast packets received on an interface to a specific helper address is disabled If udp port list is not specified packets for the default services are forwarded to the helper address Command Mode Global Configuration mode User Guidelines The ip helper address command forwards specific UDP broadcast packets from one interface to another Many helper addresses may be defined However the total number of address port pairs is limited to 128 for the device The setting of a helper address for a specific interface has precedence over the setting of a helper address for all the interfaces Forwarding of BOOTP DHCP ports 67 68 cannot be enabled with this command Use the DHCP relay commands to relay BOOTP DHCP packets The ip hel
330. isplays the statically configured multicast addresses Console show bridge multicast address table static MAC GROUP table Vlan MAC Address Ports 1 0100 9923 8787 gil 0 1 gil 0 2 Forbidden ports for multicast addresses Vlan MAC Address Ports IPv4 GROUP Table Vlan IP Address Ports ld 23122223 gil 0 1 gil 0 2 19 231 2 2 8 gil 0 1 8 19 231 2 2 8 gil 0 9 11 Forbidden ports for multicast addresses Vlan IP Address Ports 1 23132253 gil 0 8 19 231427278 gil 0 8 IPv4 SRC GROUP Table 406 Address Table Commands Vian Group Address Source Ports address Forbidden ports for multicast addresses Vlan Group Address Source Ports address IPv6 GROUP Table Vlan IP Address Ports 191 FF12 8 gil 0 1 8 Forbidden ports for multicast addresses Vlan IP Address Ports 11 FF12 3 gil 0 8 191 FF12 8 gil 0 8 IPv6 SRC GROUP Table Vlan Group Address Source Ports address 192 ie Oe Sn Se E E r gil 0 1 FE80 201 C9A9 FE40 8988 8 Address Table Commands 407 Forbidden ports for multicast addresses Vlan Group Address Source Ports Ses 0 See eet address ee 192 ERTAS SS e eer ER gil 0 8 FE80 201 C9A9 FE40 28988 show bridge multicast filtering Use the show bridge multicast filtering EXEC mode command to display the multicast filtering configuration Syntax show bridge multicast filtering v an id Parameters vlan id Specifies the VLAN ID Range Valid VLAN Command Mode EXEC
331. itted rate kbps Specifies the average traffic rate CIR in kbits per second bps Range 3 12582912 e committed burst byte Specifies the normal burst size CBS in bytes Range 3000 19173960 e exceed action drop policed dscp transmit Specifies the action taken when the rate is exceeded The possible values are e drop Drops the packet e policed dscp transmit Remarks the packet DSCP according to the policed DSCP map as configured by the qos map policed dscp Global Configuration mode command Command Mode Policy map Class Configuration mode User Guidelines Policing uses a token bucket algorithm CIR represents the speed with which the token is removed from the bucket CBS represents the depth of the bucket Example The following example defines a policer for classified traffic When the traffic rate exceeds 124 000 kbps or the normal burst size exceeds 9600 bytes the packet is dropped The class is called Class and is in a policy map called Policy1 Console config policy map policyl Console config pmap class classl Console config pmap c police 124000 9600 exceed action drop 734 Quality of Service QoS Commands service policy Use the service policy Interface Configuration Ethernet VLAN Port channel mode command to apply a policy map to the input of a particular interface Use the no form of this command to detach a policy map from an interface Syntax service policy input policy map
332. jected Default Reject Command Mode Global Configuration mode dot1x legacy supp mode Use the dot1x legacy supp mode Interface Configuration mode command in multiple session mode to enable 802 1x switch to send a periodic EAPOL request identity frame according to tx timeout period in order to verify authentication in multiple session mode of clients that do not follow 802 1x standard behavior Use the no form of this command to return to the default setting 322 802 1x Commands Syntax dot ls legacy supp mode no dotlx legacy supp mode Parameters This command has no arguments or keywords Default Legacy support is disabled Command Mode Interface Configuration Ethernet mode User Guidelines The command causes 802 1x switch to send an Extensible Authentication Protocol EAP request identity frame from the authenticator switch each tx period automatically when in multiple session mode The command should be activated onlywhen all devices connected to that port do not follow 802 1x standard behavior to send EAPOL start packets when the client link goes up for example some Windows OS with pre Service Pack 3 show dot1x advanced Use the show dot1x advanced Privileged EXEC mode command to display 802 1x advanced features for the device or specified interface Syntax show dot1x advanced rnterface id Parameters nterface id Specify an interface ID The interface ID must be an Ethernet port Command Mode
333. l Configuration mode command to enable Pv4 Routing Use the no format of the command to disable IPv Routing Syntax ip routing no ip routing Default Configuration Enabled by default Command Mode Global Configuration mode Default Configuration No routing is defined show ip route Use the show ip route EXEC mode command to display the current routing table state Syntax show ip route connected static address address mask d prefix length longer pretixes 692 IP Routing Protocol Independent Commands Parameters e connected Displays connected routing entries only static Displays static routing entries only e address address Specities the address for which routing information is displayed e mask Specifies the network subnet mask of the IP address e prefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Range 1 32 e longer prefixes Specifies that the address and mask pair becomes a prefix and any routes that match that prefix are displayed Command Mode EXEC mode Example The following example displays the current routing table state Console gt show ip route console show ip route Maximum Parallel Paths 1 1 after reset IP Forwarding enabled Codes C connected S static D DHCP S 0 0 0 0 0 1 1 via 10 5 234 254 119 9 27 vlan 1 C 10 5 234 0 24 is directly connected vlan 1 C
334. lan creation forbid Default Configuration Dynamic VLAN creation or modification is enabled Command Mode Interface Configuration Ethernet Port channel mode Example The following example disables dynamic VLAN creation on gigabitethernet port 1 0 3 Console config interface gigabitethernet 1 0 3 Console config if gvrp vlan creation forbid gvrp registration forbid Use the gvrp registration forbid Interface Configuration Ethernet Port channel mode command to deregister all dynamic VLANs on a port and 550 GVRP Commands prevent VLAN creation or registration on the port Use the no form of this command to allow dynamic registration of VLANs on a port Syntax gvrp registration forbid no gvrp registration forbid Default Configuration Dynamic registration of VLANs on the port is allowed Command Mode Interface Configuration Ethernet Port channel mode Example The following example forbids dynamic registration of VLANs on gigabitethernet port 1 0 2 Console config interface gigabitethernet 1 0 2 Console config if gvrp registration forbid clear gvrp statistics Use the clear gvrp statistics Privileged EXEC mode command to clear GVRP statistical information for all interfaces or for a specific interface Syntax clear gvrp statistics interface id Parameters Interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command M
335. lays a brief description of the Help system Syntax help Command Mode All command modes Example The following example describes the Help system Console help User Interface Commands 45 Help may be requested at any point in a command by entering a question mark If nothing matches the currently entered incomplete command the help list is empty This indicates that there is no command matching the input as it currently appears If the request is within a command press the Backspace key and erase th ntered characters to a point where the request results in a match Help is provided when 1 There is a valid command and a help request is made for entering a parameter or argument e g show All possible parameters or arguments for the entered command are then displayed 2 An abbreviated argument is entered and a help request is made for arguments matching the input e g show pr history The history Line Configuration mode command enables the command history function Use the no form of this command to disable the command history function Syntax history no history Default Configuration The history command is enabled Command Mode Line Configuration mode User Guidelines This command enables the command history function for a specified line Use the terminal history EXEC mode command to enable or disable the command history function for the current terminal session 46 User Interfa
336. le Next Boot Config Download via DHCP default Auto Config State Finished TFTP Server IP address 1 2 20 2 Configuration filename config configfilel cfg Auto Update Image Download via DHCP enabled Auto Update State Downloading image file ip dhcp tftp server ip addr Use the ip dhep tftp server ip addr Global Configuration mode command to set the TFTP server s IP address used by a switch when it has not been received from the DHCP server Use the no form of this command to remove the address Syntax ip dhep tftp server ip addr ip addr no ip dhcp tftp server ip addr 148 Auto Update and Auto Configuration Parameters ip addr P Adadress of TFTP server Default Configuration No IP address Command Mode Global Configuration mode ip dhcp tftp server file Use the ip dhep tftp server file Global Configuration mode command to set the full file name on the TFTP server by a switch when it has not been received from the DHCP server Use the no form of this command to remove the name Syntax ip dhcp tftp server file f e path no ip dhcp tftp server file Parameters file path tull file name on TFTP server Default Configuration No file name Command Mode Global Configuration mode show ip dhcp tftp server Use the show ip dhcp tftp server EXEC mode command to display information about the TFTP server Syntax show ip dhcp tftp server Auto Update and Auto Configuration 149 Command Mode EXEC E
337. le configures DHCP option 72 which specifies the World Wide Web servers for DHCP clients World Wide Web servers 172 16 3 252 and 172 16 3 253 are configured in the following example Console config dhcp option ip list 72 172 16 3 252 E ER ER ip dhcp excluded address Use the ip dhcp excluded address Global Configuration mode command to specify the IP addresses that a Dynamic Host Configuration Protocol DHCP Server should not assign to DHCP clients Use the no form of this command to remove the excluded IP addresses Syntax ip dhcp excluded address ow address high address no ip dhcp excluded addtess ow address high address 672 DHCP Server Commands Parameters e low address Specifies the excluded IP address or first IP address in an excluded address range e high address Specifies the last IP address in the excluded address range Default Configuration All IP pool addresses are assignable Command Mode Global Configuration mode User Guidelines The DHCP Server assumes that all pool addresses can be assigned to clients Use this command to exclude a single IP address or a range of IP addresses Example The following example configures an excluded IP address range from 172 16 1 100 through 172 16 1 199 Console config ip dhcp excluded address 172 16 1 100 172 16 1 199 ip dhcp ping enable Use the ip dhcp ping enable Global Configuration mode command to enable the Dynamic Host Configuration Pro
338. le for daylight saving time e From 2007 e Start Second Sunday in March e End First Sunday in November e Time 2 am local time e Before 2007 e Start First Sunday in April e End Last Sunday in October e Time 2 am local time Example console config clock summer time abc date apr 1 2010 09 00 aug 2 2010 09 00 EU rule for daylight saving time e Start Last Sunday in March e End Last Sunday in October e Time 1 00 am 01 00 Greenwich Mean Time GMT sntp authentication key The sntp authentication key Global Configuration mode command defines an authentication key for Simple Network Time Protocol SNTP Use the no form of this command to remove the authentication key for SNTP Syntax sntp authentication key key numbermd5 key value no sntp authentication key key number Clock Commands 111 Parameters e key number Specifies the key number Range 14294967295 e key value Specifies the key value Length 1 8 characters Default Configuration No authentication key is defined Command Mode Global Configuration mode Examples The following example defines the authentication key for SNTP Console config sntp authentication key 8 md5 ClkKey Device config sntp authentication key 8 md5 ClkKey Device config sntp trusted key 8 Device config sntp authenticate sntp authenticate The sntp authenticate Global Configuration mode command enables authentication for received Simple Network Tim
339. ll Specifies that the RADIUS server is used for user login parameters authentication and 802 1x port authentication Default Configuration No RADIUS host is specified the global radius server command values are the default values The default authentication port number is 1812 If timeout is not specified the global value is used 250 RADIUS Commands If retransmit is not specified the global value is used If key string is not specified the global value is used If the source value is not specified the global value is used The default usage type is all Command Mode Global Configuration mode User Guidelines To specify multiple hosts multiple radius server host commands can be used If no host specific timeout retries deadtime or key string values are specified the global values apply to each RADIUS server host The source parameter address type must be the same as that of the host parameter Example The following example specifies a RADIUS server host with IP address 192 168 10 1 authentication request port number 20 and a 20 second timeout period Console config radius server host 192 168 10 1 auth port 20 timeout 20 radius server key Use the radius server key Global Configuration mode command to set the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon Use the no form of this command to restore the default configuration Syntax radius se
340. lue is mapped to the same DSCP value Command Mode Global Configuration mode User Guidelines This is the only map that is not globally configured It is possible to have several maps and assign each one to a different port Example The following example changes DSCP values 1 2 4 5 and 6 to DSCP Mutation Map value 63 Console config qos map dscp mutation 1 2 4 5 6 to 63 show gos map Use the show qos map EXEC mode command to display the QoS mapping information Syntax show qos map dscp queue dscp dp policed dscp dscp mutation 756 Quality of Service Q0S Commands Parameters e dscp queue Displays the DSCP to queue map e dscp dp Displays the DSCP to Drop Precedence map e policed dsep Displays the DSCP to DSCP remark table e dscp mutation Displays the DSCP DSCP mutation table Command Mode EXEC mode Example The following example displays the QoS mapping information Console gt show qos map Dscp queue map dl d2 0 1 2 3 4 5 6 7 8 9 0 01 01 01 01 01 01 01 01 02 02 1 02 02 02 02 02 02 03 03 03 03 2 03 03 03 03 04 04 04 04 04 04 3 04 04 05 05 05 05 05 05 05 05 4 06 06 06 06 06 06 06 06 07 07 5 07 07 07 07 07 07 08 08 08 08 6 08 08 08 08 The following table appears Dscp DP map dl d2 0 I 2 3 4 5 6 F 8 9 0 00 00 00 00 00 00 00 00 00 00 00 1 00 00 00 00 00 00 00 00 00 00 00 2 00 00 00 00 00 00 00 00 00 00 00 3 00 00 00 00 00 00 00 00 00 00 00 4 00 00 00 00 0
341. ly Use the no format of the command to disable the mode Syntax eee enable no eee enable Default Configuration EEE is enabled Command Mode Global Configuration mide User Guidelines Since EEE uses the Auto Negotiation to negotiate the EEE support on both sides of the link if Auto Negotiation is not enabled on the port the EEE Operational status is disabled eee enable interface Use the eee enable Interface Configuration command to enable the EEE mode on an Ethernet port Use the no format of the command to disable the mode Syntax eee enable EEECommands 369 no eee enable Default Configuration EFE is enabled Command Mode Interface Configuration mode Ethernet User Guidelines Since EEE uses the Auto Negotiation to negotiate the EEE support on both sides of the link if Auto Negotiation is not enabled on the port the EEE Operational status is disabled eee Iidp enable Use the eee Ildp enable Interface Configuration command to enable EEE support by LLDP on an Ethernet port Use the no format of the command to disable the support Syntax eee Ildp enable no eee lldp enable Default Configuration Enabled Command Mode Interface Configuration mode Ethernet User Guidelines Enabling EEE LLDP advertisement allows devices to choose and change system wake up times in order to get the optimal energy saving mode show eee Use the show eee EXEC command to display EEE information 370 EEE C
342. m a remote Telnet or console Use the no form of this command to restore the default authentication method AAA Commands 223 Syntax enable authentication default list name no enable authentication Parameters e default Uses the default list created with the aaa authentication enable command e list name Uses the specified list created with the aaa authentication enable command Length 1 12 characters Default Configuration The default is the aaa authentication enable command default Command Mode Line Configuration mode Example The following example specifies the authentication method when accessing a higher privilege level from a console Console config line console Console config line enable authentication default ip http authentication The ip http authentication Global Configuration mode command specifies authentication methods for HTTP server access Use the no form of this command to restore the default authentication method Syntax ip http authentication aaa login authentication method method2 no ip http authentication aaa login authentication Parameters method method2 Specifies a list of methods that the authentication algorithm tries in the given sequence The additional authentication 224 AAA Commands methods are used only if the previous method returns an error not if it fails Specify none as the final method in the command line to ensure that the authentic
343. mal domain name Use the no form of this command to remove the default domain name 616 IP Addressing Commands Syntax ip domain name name no ip domain name Parameters name Spcecifies the default domain name used to complete unqualified host names Do not include the initial period that separates an unqualified name from the domain name Length 1 158 characters Maximum label length 63 characters Default Configuration A default domain name is not defined Command Mode Global Configuration mode User Guidelines Domain names and host names are restricted to the ASCII letters A through Z case insensitive the digits 0 through 9 the underscore and the hyphen A period is used to separate labels The maximum size of a label is 63 characters The maximum name size is 158 bytes Example The following example defines the default domain name as www website com Console config ip domain name www website Com ip name server Use the ip name server Global Configuration mode command to define the available name servers Use the no form of this command to remove a name server IP Addressing Commands 617 Syntax ip name server server ipv address d serverl ipv6 address server address2 server address8 no ip name server server address server address6 Parameters server address IP addresses of the name server Up to 8 servers can be defined in one command or by using multiple command
344. mand Mode Global Configuration mode TACACS Commands 261 Example The following example sets the timeout value to 30 for all TACACS servers Console config tacacs server timeout 30 tacacs server source ip Use the tacacs server source ip Global Configuration mode command to configure the source IP address to be used for communication with TACACS servers Use the no form of this command to restore the default configuration Syntax tacacs server source ip source no tacacs server source ip source Parameters source Specifies the source IP address Range Valid IP address Default Configuration The default source IP address is the outgoing IP interface address Command Mode Global Configuration mode User Guidelines If the configured IP source address has no available IP interface an error message is issued when attempting to communicate with the IP address Example The following example specifies the source IP address for all TACACS Servers Console config tacacs server source ip 172 16 8 1 262 TACACS Commands show tacacs Use the show tacacs Privileged EXEC mode command to display configuration and statistical information for a TACACS server Syntax show tacacs ip address Parameters ip address Specifies the TACACS server name or IP address Default Configuration If ip address is not specified information for all TACACS servers is displayed Command Mode Privileged E
345. master to all units mage specify in the member field unit member Boot file on one of the units To copy from the master to all units boot specify in the member field unit member Configuration file used during initialization startup on one of the units startup config null Null destination for copies or files A remote file can be copied to null to determine its size mirror config Mirrored configuration file WORD lt 1 128 gt Specify URL prefixes Command Mode Privileged EXEC mode User Guidelines The location of a file system dictates the format of the source or destination URL The entire copying process may take several minutes and differs from protocol to protocol and from network to network If the IPv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified The format of an IPv6Z address is ipv6 Link local address t intertace name The subparameters are e ipv6 link local address Specifies the IPv6 Link Local address 128 Configuration Image File Commands e interface name Spcecifies the outgoing interface name The interface name has the format vlan integer ch integer isataptinteger physical port name The subparameter integer has the format decimal digit integer decimal digit decimal digit has the range 0 9 If the egress interface is not specified the default interface is selected Specifying interface zo
346. meout seconds no arp timeout Parameters seconds Time in seconds that an entry remains in the ARP cache It is recommended not to set it to less than 3600 Range 1 0000000 Default Defined by the arp timeout Global Configuration command Command Mode Interface Configuration Ethernet VLAN Port channel mode It cannot be configured for a range of interfaces range context User Guidelines This configuration can be applied only if at least one IP address defined on specific interface Example Console config interface vlan 1 Console config if arp timeout 12000 606 IP Addressing Commands ip arp proxy disable Use the ip arp proxy disable Global Configuration mode command to globally disable proxy Address Resolution Protocol ARP Use the no form of this command reenable proxy ARP Syntax ip arp proxy disable no ip arp proxy disable Parameters This command has no arguments or key words Default Enabled by default Command Mode Global Configuration mode User Guidelines The ip arp proxy disable command overrides any proxy ARP interface configuration ip proxy arp Use the ip proxy arp Interface Configuration mode command to enable an ARP proxy on specific interfaces Use the no form of this command disable it Syntax ip proxy arp no ip proxy arp Default Configuration ARP Proxy is disabled IP Addressing Commands 607 Command Mode Interface Configuration Ethernet VLAN Port c
347. message code for filtering ICMP packets Range 0 255 igmp type IGMP packets can be filtered by IGMP message type Enter a number or one of the following values host query host report demm pim cisco trace host report v2 host leave v2 host report v3 Range 0 255 destination port Specifies the UDP TCP destination port You can enter range of ports by using hyphen E g 20 21 For TCP enter a number or one of the following values bgp 179 chargen 19 daytime 13 discard 9 domain 53 drip 3949 echo 7 finger 79 ftp 21 ftp data 20 gopher 70 hostname 42 ire 194 login 543 kshell 544 Ipd 515 nntp 119 pop2 109 pop3 110 smtp 25 sunrpce 1110 syslog 514 tacacs ds 49 talk 517 telnet 23 time 37 uucp 117 whois 43 www 80 For UDP enter a number or one of the following values biff 512 bootpc 68 bootps 67 discard 9 dnsix 90 domain 53 echo 7 mobile ip 434 nameserver 42 netbios dgm 138 netbios ns 137 on500 isakmp 4500 ntp 123 rip 520 snmp 161 snmptrap 162 sunrpe 111 syslog 514 tacacs ds 49 talk 517 tftp 69 time 37 who 513 xdmep 177 Range 0 65535 source port Specifies the UDP TCP source port Predefined port names are defined in the destination port parameter Range 0 65535 match all list of flags List of TCP flags that should occur If a flag should be set it is prefixed by If a
348. mmand Mode Global Configuration mode show switch The show switch EXEC mode command displays stack status information for the stack or stack member Syntax show switch stack member number Parameters stack member number Specifies the unit number Range 1 6 Command Mode EXEC mode Example The following examples display the stack status information Console gt show switch Unit MAC Address SW aster Up Down Status link link bech 1 00 00 b0 87 12 11 3 30 Enabled 2 3 Slave 3 00 00 b0 87 12 13 3 30 Forced 1 4 Master 4 00 00 b0 87 12 14 3 30 Enabled 3 5 Slave 5 00 00 b0 87 12 15 3 30 Enabled 4 6 Slave 6 00 00 b0 87 12 16 3 30 Enabled 95 7 Slave 7 00 00 b0 87 12 17 3 30 Enabled 6 8 Slave 8 00 00 b0 87 12 18 3 30 Enabled 7 2 Slave 2 00 00 b0 87 12 12 3 30 Enabled 8 1 Slave System Management Commande 85 Configured order Unit 1 at Top Unit 2 at bottom Console gt show switch 1 Unit 1 MAC address 00 00 b0 87 12 11 Master Forced Product Fonseca 48 Software 3 30 Uplink unit 8 Downlink unit 2 Status Master Active image image 1 Selected for next boot image 2 service cpu utilization The service cpu utilization Global Configuration mode command enables measuring CPU utilization Use the no form of this command to restore the default configuration Syntax service cpu utilization no service cpu utilization Default Configuration Measurin
349. mmand to disable port security on an interface Syntax port security forward discard discard shutdown trap seconds no port security Parameters e forward Forwards packets with unlearned source addresses but does not learn the address e discard Discards packets with unlearned source addresses e discard shutdown Discards packets with unlearned source addresses and shuts down the port trap seconds Sends SNMP traps and specifies the minimum time interval in seconds between consecutive traps Range 1 1000000 Default Configuration The feature is disabled The default mode is discard Command Mode Interface Configuration Ethernet port channel mode Example The following example forwards all packets to port gil 0 1 without learning addresses of packets from unknown sources and sends traps every 100 seconds if a packet with an unknown source address is received console config gigabitethernet 1 0 1 Console config if port security forward trap 100 396 Address Table Commands port security mode Use the port security mode Interface Configuration Ethernet port channel mode command configures the port security learning mode Use the no form of this command to restore the default configuration Syntax port security mode lock max addresses no port security mode Parameters e lock Saves the current dynamic MAC addresses associated with the port and disables learning relearning
350. mode Default Default mode is multi host Command Mode Interface Configuration Ethernet mode User Guidelines In multiple hosts mode only one of the attached hosts must be successfully authorized for all hosts to be granted network access If the port becomes unauthorized all attached clients are denied access to the network In multiple sessions mode each host must be successfully authorized in order to grant network access Please note that packets are NOT encrypted and 802 1x Commands 313 after success full authentication filtering is based on the source MAC address only Port security on a port can t be enabled in single host mode and in multiple sessions mode It is recommended to enable reauthentication when working in multiple sessions mode in order to detect User Logout for users that hadn t sent Logoff Example console config interface gigabitethernet 1 0 1 console config if dotlx host mode multi host console config if dotlx host mode single host console config if dotlx host mode multi sessions dot1x violation mode Use the dot1x violation mode Interface Configuration Ethernet mode command to configure the action to be taken when a station whose MAC address is not the supplicant MAC address attempts to access the interface Use the no form of this command to return to default Syntax dotlx violation mode restrict protect shutdown no dotlx violation mode Parameters
351. mpty string Default No MAC access list is defined Command Mode Global Configuration mode User Guidelines MAC ACL is defined by a unique name IPv4 ACL IPv6 ACL MAC ACL or Policy Map cannot have the same name Example console config mac access list extended serverl permit MAC Use the permit command in MAC Access List Configuration mode to set permit conditions for an MAC access list 708 Syntax permit fany source source wildcard any destination destination wildcard eth type Of aarp amber dec spanning decnet iv diagnostic dsm etype 6000 vlan vlan id cos cos cos wildcard time range time range name Parameters e source Source MAC address of the packet e source wildcard Wildcard bits to be applied to the source MAC address Use 1s in the bit position that you want to be ignored e destination Destination MAC address of the packet e destination wildcard Wildcard bits to be applied to the destination MAC address Use 1s in the bit position that you want to be ignored e eth type The Ethernet type in hexadecimal format of the packet e vlan id The VLAN ID of the packet Range 1 4094 e cos The Class of Service of the packet Range 0 7 e cos wildcard Wildcard bits to be applied to the CoS e time range name Name of the time range that applies to this permit statement Range 1 32 Default No MAC access list is defined Command Mode MAC
352. n Statistics on all ports are cleared Command Mode Privileged EXEC mode Example The following example displays how to clear 802 1x statistics on all ports Console clear dotlx statistics dot1x auth not req Use the dot1x auth not req Interface Configuration VLAN mode command to enable unauthorized devices access to the VLAN Use the no form of this command to disable access to the VLAN Syntax dotlx auth not req no dotlx auth not req Default Configuration Access is enabled Command Mode Interface Configuration VLAN mode User Guidelines An access port cannot be a member in an unauthenticated VLAN The native VLAN of a trunk port cannot be an unauthenticated VLAN 312 802 1x Commands For a general port the PVID can be an unauthenticated VLAN although only tagged packets are accepted in the unauthorized state Example The following example enables unauthorized devices access to VLAN 5 Console config interface vlan 5 Console config if dot1ix auth not req dot1x host mode Use the dotls host mode Interface Configuration mode command to allow a single host client or multiple hosts on an IEEE 802 1x authorized port Use the no form of this command to return to the default setting Syntax dot1lx host mode mu ti host single host d multi sessions Parameters e multi host Enable multiple hosts mode e single host Enable single hosts mode e multi sessions Enable multiple sessions
353. n URL flas h startup config 15 Sep 2010 11 27 50 ZCOPY N TRAP The copy operation was completed successfully Copy succeeded delete The delete Privileged EXEC mode command deletes a file from a flash memory device Syntax delete uz 132 Configuration Image File Commands Parameters url Specifies the location URL or reserved keyword of the file to be deleted Length 1 160 characters The following table displays keywords and URL prefixes Keyword Source or Destination flash URL of the flash memory This is the default URL if a URL is specified without a prefix usb URL of the USB memory startup config Startup configuration file WORD Specify URL prefixes Command Mode Privileged EXEC mode User Guidelines sys prv image 1 and image 2 files cannot be deleted Example The following example deletes the file called test from the flash memory Console delete flash test Delete flash test confirm pwd Use the pwd Privileged EXECmode command to display a full clarified path to the current directory Parameters This command has no arguments or keywords Command Mode EXEC mode Configuration Image File Commands 133 dir The dir Privileged EXEC mode command displays the list of files on a flash file system Syntax dir dir directory path Command Mode Privileged EXEC mode Example The following example displays the list of files on a flash file
354. n to designate a range of ports Address Table Commands 389 e port channel port channel list Specifies a list of port channels Separate nonconsecutive port channels with a comma and no spaces Use a hyphen to designate a range of port channels Default Configuration No forbidden addresses are defined Command Mode Interface Configuration VLAN mode User Guidelines Before defining forbidden ports the multicast group should be registered You can execute the command before the VLAN is created Example The following example forbids MAC address 0100 5e02 0203 on port 2 9 within VLAN 8 Console config interface vlan 8 Console config if bridge multicast address 0100 5e 02 0203 Console config if bridge multicast forbidden address 0100 5e 02 0203 add gil 0 9 bridge multicast unregistered Use the bridge multicast unregistered Interface Configuration Ethernet Port Channel mode command to configure the forwarding state of unregistered multicast addresses Use the no form of this command to restore the default configuration Syntax bridge multicast unregistered forwarding filtering no bridge multicast unregistered Parameters e forwarding Forwards unregistered multicast packets 390 Address Table Commands e filtering Filters unregistered multicast packets Default Configuration Unregistered multicast addresses are forwarded Command Mode Interface Configuration Ethernet Port Cha
355. n Cause The reason for the session termination State The current value of the Authenticator PAE state machine and of the Backend state machine Authentication success The number of times the state machine received a Success message from the Authentication Server Authentication fails The number of times the state machine received a Failure message from the Authentication Server 802 1x Commands 307 show dot1x users Use the show dot 1x users Privileged EXEC mode command to display active 802 1x authenticated users for the device Syntax show dotlx users username username Parameters username Specifies the supplicant username Length 1 160 characters Command Mode Privileged EXEC mode 308 802 1x Commands Example The following example displays 802 1x users Switch show dot1x users Port Username Session Auth MAC VLAN Filter Time Method Address gil 0 1 Bob 1d 03 08 58 Remote 0008 3b79 8787 3 gil 0 2 John 08 19 17 None 0008 3b89 3127 2 OK Port Username Session Auth MAC VLAN Filter Time Method Address gil 0 1 Bob 1d 09 07 38 Remote 0008 3b79 8787 3 OK gil 0 1 Bernie 03 08 58 Remote 0008 3b79 3232 9 OK gil 0 2 John 0851 9317 Remote 0008 3b89 3127 2 gil 0 3 Paul 02 12 48 Remote 0008 3b89 8237 8 Warning Switch show dotlx users username Bob Port Username Session Auth MAC VLAN Filter Time Method Address gil 0 1 Bob 1d 09 07 38 Remote 0008 3b79 8787 3 OK Filter ID 1 Su
356. n configuration Command Mode MST Configuration mode 474 Spanning Tree Commands Example The following example displays a pending MST region configuration Console config mst show pending Pending MST configuration Name Regionl Revision 1 Instance Vlans Mapped State 0 1 9 21 4094 Enabled 1 10 20 Enabled exit MST Use the exit MST Configuration mode command to exit the MST region Configuration mode and appy all configuration changes Syntax exit Command Mode MST Configuration mode Example The following example exits the MST Configuration mode and saves changes Console config spanning tree mst configuration Console config mst exit Console config Spanning Tree Commands 475 abort MST Use the abort MST Configuration mode command to exit the MST Configuration mode without applying the configuration changes Syntax abort Command Mode MST Configuration mode Example The following example exits the MST Configuration mode without saving changes Console config spanning tree mst configuration Console config mst abort show spanning tree Use the show spanning tree Privileged EXEC mode command to display the spanning tree configuration Syntax show spanning tree interface id instance instance id show spanning tree detail active blockedports instance instance id show spanning tree mst contiguration Parameters e instance insta
357. n mode command identifies a specific line for configuration and enters the Line Configuration command mode Syntax line console d telnet ssh Parameters e console Enters the console terminal line mode e telnet Contfigures the device as a virtual terminal for remote console access Telnet e ssh Configures the device as a virtual terminal for secured remote console access SSH Command Mode Global Configuration mode Example The following example configures the device as a virtual terminal for remote Telnet console access Console config line telnet Console config line Line Commands 213 speed The speed Line Configuration mode command sets the line baud rate Use the no form of this command to restore the default configuration Syntax speed bps no speed Parameters bps Specifies the baud rate in bits per second bps Possible values are 2400 4800 9600 19200 38400 57600 and 115200 Default Configuration The default speed is 9600 bps Command Mode Line Configuration console mode User Guidelines The configured speed is applied when Autobaud is disabled This configuration applies to the current session only Example The following example configures the line baud rate as 9600 bits per second Console config line speed 9600 autobaud The autobaud Line Configuration mode command sets the line for automatic baud rate detection autobaud Use the no form of this
358. n of the SQE detection mechanism in the PLS Carrier Sense Function as described in IEEE Std 802 3 2000 Edition section 7 2 4 6 Deferred Transmissions The number of frames for which the first transmission attempt is delayed because the medium is busy Late Collisions The number of times that a collision is detected later than one slotTime into the transmission of a packet Excessive Collisions The number of frames for which transmission fails due to excessive collisions Oversize Packets The number of frames received that exceed the maximum permitted frame size Ethernet Configuration Commands 345 Field Description Internal MAC Rx Errors The number of frames for which reception fails due to an internal MAC sublayer receive error Received Pause Frames The number of MAC Control frames received with an opcode indicating the PAUSE operation Transmitted Pause Frames The number of MAC Control frames transmitted on this interface with an opcode indicating the PAUSE operation show port jumbo frame Use the show port jumbo frame EXEC mode command to display the configuration of jumbo frames Syntax show port jumbo frame Command Mode EXEC mode Example The following example displays the configuration of jumbo frames on the device Console show port jumbo frame Jumbo frames are disabled Jumbo frames will b nabled after reset show errdisable interfaces Use the sho
359. nable the IPv6 addressing mode on an interface Use the no form of this command to disable the IPv6 addressing mode on an interface Syntax ipv6 enable no autocontig no ipv6 enable Parameters no autoconfig EnableS processing of IPv6 on an interface without stateless address autoconfiguration procedure Default Configuration IPv6 addressing is disabled Unless you are using the no autoconfig parameter when the interface is enabled stateless address autoconfiguration procedure is enabled Command Mode Interface Configuration Ethernet VLAN Port channel mode It cannot be configured for a range of interfaces range context User Guidelines The ipv6 enable command automatically configures an Pv6 link local unicast address on the interface while also enabling the interface for IPv6 IPv6 Addressing Commands 623 processing The no ipv6 enable command removes the entire Pv6 interface configuration To enable stateless address autoconfiguration on an enabled IPv6 interface use the IPv6 address autoconfig command Example The following example enables VLAN 1 for the IPv6 addressing mode Console config interface vlan 1 Console config if ipv6 enable ipv6 address autoconfig Use the ipv6 address autoconfig Interface Configuration mode command to enable automatic configuration of IPv6 addresses using stateless autoconfiguration on an interface Addresses are configured depending on the prefixes received in
360. nce The additional methods of authentication are used only if the previous method returns an error not if it fails Specify none as the final method in the command line to ensure that the authentication succeeds even if all methods return an error Example The following example sets the enable password for authentication for accessing higher privilege levels Console config aaa authentication enable default enable 222 AAA Commands login authentication The login authentication Line Configuration mode command specifies the login authentication method list for a remote Telnet or console session Use the no form of this command to restore the default authentication method Syntax login authentication default list name no login authentication Parameters e default Uses the default list created with the aaa authentication login command e list name Uses the specified list created with the aaa authentication login command Length 1 12 characters Default Configuration The default is the aaa authentication login command default Command Mode Line Configuration mode Example The following example specifies the login authentication method for a console session Console config line console Console config line login authentication default enable authentication The enable authentication Line Configuration mode command specifies the authentication method for accessing a higher privilege level fro
361. nce id Specifies the spanning tree instance ID Range 0 15 e detail Displays detailed information e active Displays active ports only e blockedports Displays blocked ports only 476 Spanning Tree Commands e mst configuration Displays the MST configuration identifier e interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode Example The following examples display spanning tree information Console show spanning tree Spanning tree enabled mode RSTP Default port cost method long Loopback guard Disabled Root ID Bridge ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port gil 0 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Spanning Tree Commands 477 Interfaces gil 0 1 gil 0 2 gil 0 3 gil 0 4 gil 0 5 State Prio Cost Sts Role PortFast Type So de Nbr Sien BEE S ES EE ees Enabled 128 1 20000 FWD Root No P2p RSTP Enabled 128 2 20000 FWD Desg No Shared STP Disabled128 3 20000 Enabled 128 4 20000 BLK Altn No Shared STP Enabled 128 5 20000 DIS e Console show spanning tree Spanning tree enabled mode RSTP Default port cost method long Root ID Priority 36864 Address 00 02 4b 29 7a 00 This switch is the Root Hello T
362. nd Mode Privileged EXEC mode Example The following example clears messages from the internal logging buffer Console clear logging Clear logging buffer confirm Syslog Commands 269 logging file Use the logging file Global Configuration mode command to limit syslog messages sent to the logging file to messages with a specific severity level Use the no form of this command to cancel using the buffer Syntax logging file eve no logging file Parameters level Specifies the severity level of syslog messages sent to the logging file The possible values are emergencies alerts critical errors warnings notifications informational and debugging Default Configuration The default severity level is errors Command Mode Global Configuration mode Example The following example limits syslog messages sent to the logging file to messages with severity level alerts Console config logging file alerts clear logging file Use the clear logging file Privileged EXEC mode command to clear messages from the logging file Syntax clear logging file 270 Syslog Commands Command Mode Privileged EXEC mode Example The following example clears messages from the logging file Console clear logging file Clear Logging File y n aaa logging Use the aaa logging Global Configuration mode command to enable logging AAA login events Use the no form of this command to disable logging AAA login events Syn
363. nd to configure the maximum rate of broadcast Use the no form of this command to return to default Syntax storm control broadcast level kbps kbps no storm control broadcast level Parameters kbps Maximum of kilo bits per second of broadcast traffic on a port Range GE 3 5M 1G 10GE 8 5M 10G Default Configuration 1000 Command Mode Interface Configuration mode Ethernet 348 Ethernet Configuration Commands User Guidelines Use the storm control broadcast enable Interface Configuration command to enable storm control The calculated rate includes the 20 bytes of Ethernet framing overhead preamble SFD IPG Example console config interface gigabitethernet 1 0 1 console config if storm control broadcast level kbps 12345 storm control include multicast Use the storm control include multicast Interface Configuration mode command to count multicast packets in the broadcast storm control Use the no form of this command to disable counting of multicast packets in the broadcast storm control Syntax storm control include multicast no storm control include multicast Parameters Default Configuration Disabled Command Mode Interface Configuration mode Ethernet User Guidelines Example console config interface gigabitethernet 1 0 1 console config if storm control include multicast Ethernet Configuration Commands 349 show storm control Use the show storm control EXEC mode command
364. nd to identify the policy map and to enter the Policy map Configuration mode before using the class command After specifying a policy map a policy for new classes can be configured or a policy for any existing classes in that policy map can be modified Use the service policy Interface Configuration Ethernet Port channel mode command to attach a policy map to an interface Use an existing class map to attach classification criteria to the specified policy map and use the access group parameter to modify the classification criteria of the class map If this command is used to create a new class map the name of an IP or MAC ACL must also be specified with the access group parameter Quality of Service QoS Commands 729 Example The following example defines a traffic classification called Class with an access group called Enterprise The class is in a policy map called policy Console config policy map policyl Console config pmap class classl access group enterprise show policy map Use the show policy map EXEC mode command to display all policy maps or a specific policy map Syntax show policy map policy map name Parameters policy map name Specifies the policy map name Command Mode EXEC mode Example The following example displays all policy maps Console gt show policy map Policy Map policyl class class1l set Ip dscp 7 Policy Map policy2 class class 2 police 96000 4800 exceed action drop cla
365. nd to load a configuration file from a network server to the running device configuration file The commands in the loaded configuration file are added to those in the running configuration file as if the commands were typed in the command line interface CLI The resulting configuration file is a combination of the previous running configuration and the loaded configuration files with the loaded configuration file taking precedence Copying a Configuration File from a Server to the Startup Configuration Use the copy source ur startup config command to copy a configuration file from a network server to the device startup configuration file The startup configuration file is replaced by the copied configuration file Storing the Running or Startup Configuration on a Server Use the copy running config destination url command to copy the current configuration file to a network server using TFTP Use the copy startup config destination url command to copy the startup configuration file to a network server Saving The Running Configuration To The Startup Configuration Use the copy running config startup config command to copy the running configuration to the startup configuration file Backing Up the Running Configuration or Startup Configuration to a Backup Configuration file Use the copy running config file command to back up the running configuration to a backup configuration file Use the copy startup config fle command to back
366. nding traps when MAC address was failed in authentication of the 802 1X MAC authentication access control Use the no form of this command to disable the traps 802 1x Commands 319 Syntax dotlx traps mac authentication failure no dotlx traps mac authentication failure Parameters This command has no arguments or keywords Default Default is disabled Command Mode Global Configuration mode dot1x radius attributes vlan Use the dot1x radius attributes vlan Interface Configuration mode command to enable user based VLAN assignment Use the no form of this command to disable user based VLAN assignment Syntax dot1x radius attributes vlan no dotlx radius attributes vlan Parameters This command has no arguments or keywords Default Disabled Command Mode Interface Configuration Ethernet mode User Guidelines The configuration of this command is allowed only when the port is Forced Authorized 320 802 1x Commands Radius attributes are supported only in the multiple sessions mode multiple hosts with authentication When Radius attributes are enabled and the Radius Accept message does not contain the supplicant s VLAN as an attribute then the supplicant is rejected Packets to the supplicant are sent untagged After successful authentication the port remains member in the unauthenticated VLANs and in the Guest VLAN Other static VLAN configuration is not applied on the port If the supplicant VLAN do
367. nds Command Mode Global Configuration mode User Guidelines When configuring the maximum age the following relationships should be maintained 2 Forward Time 1 gt Max Age Max Age gt 2 Hello Time 1 Example The following example configures the spanning tree bridge maximum age to 10 seconds Console config spanning tree max age 10 spanning tree priority Use the spanning tree priority Global Configuration mode command to configure the device spanning tree priority which is used to determine which bridge is selected as the root bridge Use the no form of this command to restore the default device spanning tree priority Syntax spanning tree priority priority no spanning tree priority Parameters ptiority Specifies the bridge priority Range 0 61440 Default Configuration The default bridge priority for IEEE Spanning Tree Protocol STP is 32768 Spanning Tree Commands 457 Command Mode Global Configuration mode User Guidelines The priority value must be a multiple of 4096 The switch with the lowest priority is the root of the spanning tree Example The following example configures the spanning tree priority to 12288 Console config spanning tree priority 12288 spanning tree disable Use the spanning tree disable Interface Configuration Ethernet port channel mode command to disable the spanning tree on a specific port Use the no form of this command to enable the spanning tree
368. ne 0 is equal to not defining an egress interface Understanding Invalid Combinations of Source and Destination Some invalid combinations of source and destination exist Specifically if one of the following conditions exists e The source file and destination file are the same file e xmodem is the destination file The source file can be copied to image boot and null only e tftp is the source file and destination file on the same copy e pry files cannot be copied e The source or destination is a slave unit except for image and boot files mirror config cannot be used as a destination The following table describes the copy characters Character Description For network transfers indicates that the copy process is taking place Each exclamation point indicates successful transfer of ten packets 512 bytes each For network transfers indicates that the copy process timed out Generally several periods in a row means that the copy process may fail s Copying an Image File from a Server to Flash Memory Use the copy source ur image command to copy an image file from a server to flash memory Copying a Boot File from a Server to Flash Memory Use the copy source ur boot command to copy a boot file from a server to flash memory Copying a Configuration File from a Server to the Running Configuration File Configuration Image File Commands 129 Use the copy source ur running config comma
369. nes When multiple global macros are applied to a switch the global description text is a concatenation of texts from a number of previously applied macros You can verify your settings by entering the show parser macro description privileged EXEC mode command show parser macro Use the show parser macro User EXEC mode command to display the parameters for all configured macros or for one macro on the switch Syntax show parser macro brief description interface interface id name macro name Parameters e brief Optional Display the name of each macro e description interface Optional Display all macro descriptions e interface id Or the description of a specific interface e name macro name Optional Display information about a single macro identified by the macro name Command Mode User EXEC mode 70 Macro Commands System Management Commands ping Use the ping command to send ICMP echo request packets to another node on the network Syntax ping ip f7pv4 address hostname size packet_size count packet_count timeout time_out ping ipv6 7pv6 address hostname size packet_size count packet_count timeout time_out Parameters ip Use IPv4 to check the network connectivity ipv Use IPv6 to check the network connectivity ipv4 address IPv4 address to ping ipv6 address Unicast or multicast IPv6 address to ping When the Pv6 address is a Link Local address IPv6Z addres
370. net Port channel mode command to enable the secure mode for the OUI Voice VLAN Use the no form of this command to disable the secure mode Syntax voice vlan secure no voice vlan secure Default Configuration The voice VLAN secure mode is disabled Command Mode Interface Configuration Ethernet Port channel mode 562 Voice VLAN Commands User Guidelines Use this command to specify that packets that are classified to the voice VLAN with a source MAC address that is not a telephony MAC address defined by the voice vlan oui table Global Configuration mode command are discarded This command is relevant only to ports that were added to the voice VLAN automatically Example The following example enables the secure mode for the OUI Voice VLAN on gigabitethernet port 1 0 8 Console config interface gigabitethernet 1 0 8 Console config if voice vlan secure show voice vlan Use the show voice vlan EXEC mode command to display the voice VLAN status for all interfaces or for a specific interface Syntax show voice vlan type oui auto znterface id Parameters type oui auto Specifies which information is printed oui common and the OUI Voice VLAN specific parameters are printed auto common and the Auto Voice VLAN specific parameters are printed If the parameter is omitted the current Voice VLAN type is applied interface id Specifies an interface ID If the parameter is omitted than information
371. nfiguration mode command also enables configuring or modifying the class policies for that policy map Class policies in a policy map can be configured only if the classes have match criteria defined for them Use the class map Global Configuration mode and match Class map Configuration mode commands to configure the match criteria for a class The match criteria is for a class Only one policy map per interface per direction is supported The same policy map can be applied to multiple interfaces and directions Example The following example creates a policy map called Policy and enters the Policy map Configuration mode Console config policy map policyl Console config pmap 728 Quality of Service QoS Commands class The class Policy map Configuration mode command defines a traffic classification and enters the Policy map Class Configuration mode Use the no form of this command to detach a class map from the policy map Syntax class c ass map name access group acl name no class c ass map name Parameters e class map name Specities the name of an existing class map If the class map does not exist a new class map is created under the specified name e acl name Spcecifies the name of an IP or MAC Access Control List ACL Default Configuration No class map is defined for the policy map Command Mode Policy map Configuration mode User Guidelines Use the policy map Global Configuration mode comma
372. nfigure the maximum interval of a specific port Use the no form of this command to disable sFlow Counters sampling Syntax sflow counters sampling terval receiver index no sflow counters sampling Parameters interval Specifies the maximum number of seconds between successive samples of the interface counters Range 1 15 86400 m receiver index lndex of the receiver collector Range 1 8 Default Disabled Command Mode Interface Configuration Ethernet mode clear sflow statistics Use the clear sFlow statistics EXEC mode command to clear sFlow statistics Syntax clear sflow statistics interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode EXEC mode sFlow Commands 419 User Guidelines If no interface is specified by the user the command clears all the sFlow statistics counters including datagrams sent If an interface is specified by the user the command clears only the counter of the specific interface show sflow configuration Use the show sflow configuration EXEC mode command to display the sFlow configuration for ports that are enabled for Flow sampling or Counters sampling Syntax show sflow configuration nterface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode EXEC mode Example Console show sflow configuration Recei
373. ng example displays QoS attributes when QoS is enabled in basic mode on the device and the advanced mode is not supported Console gt show qos 724 Quality of Service Q0S Commands Qos disable Trust dscp class map Use the class map Global Configuration mode command to create or modify a class map and enters the Class map Configuration mode Use the no form of this command todelete a class map Syntax class map class map name match all match any no class map c ass map name Parameters e class map name Specifies the class map name e match all Performs a logical AND of all the matching statements under this class map All match criteria in this class map must be matched e match any Performs a logical OR of all the matching statements under this class map One or more match criteria in this class map must be matched Default Configuration If neither match all nor match any is specified the match all parameter is selected by default Command Mode Global Configuration mode User Guidelines The class map Global Configuration mode command specifies the name of the class map for which class map match criteria are to be created or modified and enters class map configuration mode In this mode up to two match commands can be entered to configure the match criteria for this class When using two match commands each has to point to a different type of ACL one IP and one MAC The classification is by first matc
374. nnel mode User Guidelines Do not enable unregistered multicast filtering on ports that are connected to routers because the 224 0 0 x address range should not be filtered Note that routers do not necessarily send IGMP reports for the 224 0 0 x range You can execute the command before the VLAN is created Example The following example specifies that unregistered multicast packets are filtered on gigabitethernet port 1 0 1 Console config interface gil 0 1 Console config if bridge multicast unregistered filtering bridge multicast forward all Use the bridge multicast forward all Interface Configuration VLAN mode command to enable forwarding all multicast packets for a range of ports or port channels Use the no form of this command to restore the default configuration Syntax bridge multicast forward all add remove ethernet intertace list port channel port channel list no bridge multicast forward all Parameters e add Forces forwarding of all multicast packets e remove Does not force forwarding of all multicast packets Address Table Commands 391 e ethernet interface list Spccifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphen to designate a range of ports e port channel port channel list Specifies a list of port channels Separate nonconsecutive port channels with a comma and no spaces Use a hyphen to designate a range of p
375. nnel load balancing is based on the source and destination of MAC and IP addresses Default Configuration src dst mac is the default option Command Mode Global Configuration mode User Guidelines In sre dst mac ip port load balancing policy fragmented packets might be reordered Example console console configure console config port channel load balance src dst mac console config port channel load balance src dst ip 384 Port Channel Commands console config port channel load balance src dst mac ip console config port channel load balance src dst mac ip port console config show interfaces port channel Use the show interfaces port channel EXEC mode command to display port channel information for all port channels or for a specific port channel Syntax show interfaces port channel interface id Parameters interface id Specify an interface ID The interface ID must be a Port Channel Command Mode EXEC mode Example The following example displays information on all port channels console console show interfaces port channel Load balancing src dst mac Gathering information Channel Ports Pol Active gil 0 1 Inactive gil 0 2 3 Po2 Active gil 0 25 Inactive gil 0 24 Po3 console show interfaces switchport gil 0 10 Gathering information Name gil 0 10 Switchport enable Port Channel Commands 385 Administrative Mode access Operational Mode down Access Mo
376. none Private vlan host association primary VLAN none Private vlan host association Secondary VLAN Enabled none DVA disable Protected Enabled Uplink is gil 0 1 Classification rules Classification type Group ID VLAN ID Protocol 1 19 Protocol 1 20 Protocol 2 72 Subnet 1 15 MAC 6 11 522 VLAN Commands IGMP Snooping Commands ip igmp snooping Global Use the ip igmp snooping Global Configuration mode command to enable Internet Group Management Protocol IGMP snooping Use the no form of this command to disable IGMP snooping Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled Command Mode Global Configuration mode Example The following example enables IGMP snooping Console config ip igmp snooping ip igmp snooping vlan Use the ip igmp snooping vlan Global Configuration mode command to enable Internet Group Management Protocol IGMP snooping on a specific VLAN Use the no form of this command to disable IGMP snooping on a VLAN interface IGMP Snooping Commands 523 Syntax ip igmp snooping vlan vlan id no ip igmp snooping vlan v an id Parameters vlan id Specifies the VLAN Default Disabled Command Mode Global Configuration mode User Guidelines IGMP snooping can be enabled only on static VLANs IGMPv1 IGMPv2 and IGMPv3 are supported To activate IGMP snooping the bridge multicast filtering should be enabled The User Guidelines of
377. nonetheless applied to the remaining interfaces Example Switch config interface gigabitethernet 1 0 2 Switch config if macro trace dup Applying command duplex full Applying command speed auto Switch config interface gigabitethernet 1 0 2 Switch config if macro apply duplex SDUPLEX full SSPEED auto Switch config if exit Switch config interface gigabitethernet 1 0 3 Switch config if macro apply dup Switch config if exit 66 Macro Commands macro description Use the macro description Interface Configuration mode command to enter a description about which macros are applied to an interface Use the no form of this command to remove the description Syntax macro description text no macro description Parameters text Description text The text can contain up to 160 characters Default Configuration The command has no default setting Command Mode Interface Configuration mode User Guidelines When multiple macros are applied on a single interface the description text is a concatenation of texts from a number of previously applied macros You can verify your setting by entering the show parser macro description privileged EXEC modecommand Example Switch config interface gigabitethernet 1 0 2 Switch config if macro apply dup Switch config if end Switch config interface gil 0 3 Switch config if macro apply duplex DUPLEX full SSPEED auto Switch config if
378. ns are enabled or disabled show IIdp med configuration Use the show lldp med configuration Privileged EXEC mode command to display the Link Layer Discovery Protocol LLDP Media Endpoint Discovery MED configuration for all interfaces or for a specific interface Syntax show Ildp med configuration nterface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port LLDP Commands 441 Command Mode Privileged EXEC mode Example The following examples display the LLDP MED configuration for all interfaces and for gigabitethernet port 1 0 1 console show lldp med configuration Fast Start Repeat Count 4 Network policy 1 Application type voiceSignaling VLAN ID 1 untagged Layer 2 priority 0 DSCP 0 Port Capabilities Network Location Notifications Inventory policy gil 0 1 Yes Yes Yes Enabled Yes gil 0 2 Yes Yes No Enabled No gil 0 3 No No No Enabled No console show lldp med configuration gigabitethernet 1 0 1 gil 0 1 Yes Yes Yes Enabled Yes Network policies Location Civic address 61 62 63 64 65 66 442 LLDP Commands show Ildp local tlvs overloading Use the show Ildp local tlvs overloading EXEC mode command to display the status of TLVs overloading of the Link Layer Discovery Protocol LLDP Syntax show Ildp local tlvs overloading interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port
379. nsole config pubkey key key string row AAAAB3NzaC 1lyc2EAAAADAQABAAABAQCvTnRwPW1 key string The key string SSH Public Key string Configuration mode command manually specifies an SSH public key Syntax key string row key string Parameters e row Specifies the SSH public key row by row e key string Specifies the key in UU encoded DER format UU encoded DER format is the same format as in the authorized_keys file used by OpenSSH Length 0 160 Default Configuration Keys do not exist Command Mode SSH Public Key string Configuration mode User Guidelines Use the key string SSH Public Key string Configuration mode command without the row parameter to specify which SSH public key is to be 208 Telnet SSH and Slogin Commands interactively configured next Enter a row with no characters to complete the command Use the key string row SSH Public Key string Configuration mode command to specify the SSH public key row by row Each row must begin with a key string row command The UU encoded DER format is the same format as in the authorized_keys file used by OpenSSH Example The following example enters public key strings for SSH public key client bob Console config crypto key pubkey chain ssh Console config pubkey chain user key bob rsa Console config pubkey key key string AAAAB3NzaClyc2EAAAADAQABAAABAQOCVTnRwPW1 Al4kpqIw9GBRonZQZx jHKcqKL6rM10 ZNX ZSkvHG QusIZ 76ILmFT34v7u7ChFAEt Vu4GR
380. nspection Commands Example The following example configures a device to verify that the source MAC address in a DHCP packet received on an untrusted port matches the client hardware address Console config ip dhcp snooping verify ip dhcp snooping database Use the ip dhcp snooping database Global Configuration mode command to enable the DHCP Snooping binding database file Use the no form of this command to delete the DHCP Snooping binding database file Syntax ip dhcp snooping database no ip dhep snooping database Default Configuration The DHCP Snooping binding database file is not defined Command Mode Global Configuration mode User Guidelines The DHCP Snooping binding database file resides on Flash To ensure that the lease time in the database is accurate the Simple Network Time Protocol SNTP must be enabled and configured The device writes binding changes to the binding database file only if the device system clock is synchronized with SNTP Example The following example enables the DHCP Snooping binding database file Console config ip dhcp snooping database DHCP Snooping and ARP Inspection Commands 571 ip dhcp snooping database update freq Use the ip dhcp snooping database update freq Global Configuration mode command to set the update frequency of the DHCP Snooping binding database file Use the no form of this command to restore the default configuration Syntax ip dhcp snooping databa
381. nterface gil 0 1 Console config if switchport trunk native vlan 123 switchport general allowed vian Use the switchport general allowed vlan Interface Configuration mode command to set the general characteristics when the interface is in general mode Use the no form of this command to reset a general characteristic to the default Syntax switchport general allowed vlan add remove v an ist tagged untagged no switchport general allowed vlan Parameters e add vlan list List of VLAN IDs to add Separate nonconsecutive VLAN IDs with a comma and no spaces Use a hyphen to designate a range of IDs Range 1 4094 VLAN Commands 505 e remove vlan list List of VLAN IDs to remove Separate nonconsecutive VLAN IDs with a comma and no spaces Use a hyphen to designate a range of IDs tagged Specify that packets would be transmitted tagged for the configured VLANs e untagged Specify that packets would be transmitted untagged for the configured VLANs this is the default Default Configuration The port s PVID equals to the Default VLAN ID and belongs to the Default VLAN as untagged one Command Mode Interface Configuration mode Example console config if interface gigabitethernet 1 0 1 console config if switchport mode general console config if switchport general allowed vlan add 2 3 tagged switchport general pvid Use the switchport general pvid Interface Configuration Ethernet Port
382. number of packets received less than 64 octets long excluding framing bits but including FCS octets and otherwise well formed Oversize Pkts The total number of packets received longer than 1518 octets excluding framing bits but including FCS octets and otherwise well formed 278 RMON Commands Field Description Fragments The total number of packets received less than 64 octets in length excluding framing bits but including FCS octets and either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Jabbers The total number of packets received longer than 1518 octets excluding framing bits but including FCS octets and either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error 64 Octets The total number of packets including bad packets received that are 64 octets in length excluding framing bits but including FCS octets 65 to 127 Octets The total number of packets including bad packets received that are between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets 128 to 255 Octets The total number of packets including bad packets received that are between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets 256 to 511 Octets
383. ode EXEC mode User Guidelines The buffer includes executed and unexecuted commands Commands are listed from the first to the most recent command The buffer remains unchanged when entering into and returning from configuration modes Example The following example displays all the commands entered while in the current Privileged EXEC mode Console show version SW version 3 131 date 23 Jul 2005 time 17 34 19 HW version 1 0 0 Console show clock User Interface Commands 51 15 29 03 Jun 17 2005 Console show history show version show clock show history 3 commands were logged buffer size is 10 show privilege The show privilege EXEC mode command displays the current privilege level Syntax show privilege Command Mode EXEC mode Example The following example displays the current privilege level for the Privileged EXEC mode Console show privilege Current privilege level is 15 do The do command executes an EXEC level command from Global Configuration mode or any configuration submode Syntax do command Parameters command Specifies the EXEC level command to execute 52 User Interface Commands Command Mode All configuration modes Example The following example executes the show vlan Privileged EXEC mode command from Global Configuration mode Example Console Config do show vlan Vlan Name Ports Type Authorization 1 1 gil 0 1 39 Po1 Po2 other Required Po3 P04 P05 P0
384. ode Privileged EXEC mode GVRP Commands 551 Example The following example clears all GVRP statistical information on gigabitethernet port 1 0 5 Console clear gvrp statistics ethernet 1 5 show gvrp configuration Use the show gvrp configuration EXEC mode command to display GVRP configuration information including timer values whether GVRP and dynamic VLAN creation are enabled and which ports are running GVRP Syntax show gvrp configuration interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays GVRP configuration information console show gvrp configuration GVRP Feature is currently Enabled on the device Maximum VLANs 4094 Port s GVRP Status Regist Dynamic Timers ms ration VLAN Leave Creation Join Leave All gil 0 1 Enabled Forbidden Disabled 200 600 10000 gil 0 2 Enabled Normal Enabled 400 1200 20000 552 GVRP Commands show gvrp statistics Use the show gvrp statistics EXEC mode command to display GVRP statistics for all interfaces or for a specific interface Syntax show gvrp statistics interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays GVRP statistical info
385. olicer type single Commited rate 192000 bps Commited burst 9600 bytes Exceed action drop Class map C Policer type none Commited rate N A Commited burst N A Exceed action N A This is an example of the output from the show qos interface rate limit command Console gt show qos interface rate limit gil 0 1 Port rate limit kbps Burst KBytes gil 0 1 1000 512K qos wrr queue threshold Use the qos wrr queue threshold Global Configuration mode command to assign queue thresholds globally Use the no form of this command to restore the default configuration 748 Quality of Service QoS Commands Syntax qos wrr queue threshold gigabitethernet queue id threshold percentage no qos wir queue threshold gigabitethemnet queue id Parameters e gigabitethernet Specifies that the thresholds are to be applied to Gigabit Ethernet ports e queue id Specifies the queue number to which the tail drop threshold is assigned e threshold percentage Specifies the queue threshold percentage value Default Configuration The default threshold is 80 percent Command Mode Global Configuration mode User Guidelines If the threshold is exceeded packets with the corresponding DP are dropped until the threshold is no longer exceeded Example The following example assigns a threshold of 80 percent to WRR queue 1 Console config qos wrr queue threshold gigabitethernet 1 80 qos map policed dscp Use the qo
386. ollowing example displays the active system image file that is loaded by the device at startup Console show bootvar Unit Wem Image Filename 1 filel 2 file2 di filel 2 file2 3 2 19 3 1 31 Sided 23 Jul 2002 7 34 19 22 Jan 2003 9 22 32 23 Jul 2002 7 34 19 22 Jan 2003 9222732 Not active Not active Active Designates that the image was selected for the next boot Configuration Image File Commands 141 142 Configuration Image File Commands Auto Update and Auto Configuration boot host auto config Use the boot host auto config Global Configuration mode command to enable the support of auto configuration via DHCP Use the no form of this command to disable DHCP auto configuration Syntax boot host auto config no boot host auto config Parameters This command has no arguments or key words Command Mode Global Configuration mode Default Configuration Enabled by default boot host auto update Use the boot host auto update Global Configuration mode command to enable the support of auto updated via DHCP Use the no form of this command to disable DHCP auto configuration Auto Update and Auto Configuration 143 Syntax boot host auto update no boot host auto update Parameters This command has no arguments or key words Command Mode Global Configuration mode Default Configuration Enabled by default boot host dhcp Use the boot host dhcp Global Configu
387. ommands Command Mode Global Configuration mode Default Configuration No permanent entry is defined User Guidelines The software uses ARP cache entries to translate 32 bit IP addresses into 48 bit hardware MAC addresses Because most hosts support dynamic address resolution static ARP cache entries generally do not need to be specified Example The following example adds IP address 198 133 219 232 and MAC address 00 00 0c 40 0f be to the ARP table Console config arp 198 133 219 232 00 00 0c 40 0f bc ethernet 1 6 arp timeout Global Use the arp timeout Global Configuration mode command to set the time interval during which an entry remains in the ARP cache Use the no form of this command to restore the default configuration Syntax arp timeout seconds no arp timeout Parameters seconds Specifies the time interval in seconds during which an entry remains in the ARP cache Range 140000000 Default Configuration The default ARP timeout is 60000 seconds in Router mode and 300 seconds in Switch mode IP Addressing Commands 605 Command Mode Global Configuration mode Example The following example configures the ARP timeout to 12000 seconds Console config arp timeout 12000 arp timeout Use the arp timeout inTerface Configuration command to configure how long an entry remains in the ARP cache for specific interface Use the no form of this command restore the default value Syntax arp ti
388. ommands Syntax show eee interface id Parameters interface id Specify an interface ID The interface ID must be an Ethernet port Command Mode EXEC Examples Example 1 Brief Information about all ports Switch gt show eee EEE globally enabled EEE Administrate status is enabled on ports gil 0 1 6 gi1 0 12 EEE Operational status is enabled on ports gil 0 1 gi1 0 3 6 gil 0 12 gil 0 15 EEE LLDP Administrate status is enabled on ports gil 0 1 10 EEE LLDP Operational status is enabled on ports gil 0 3 5 Example 2 Port in state notPresent no information if port supports EEE Switch gt show eee gil 0 10 Port Status notPresent EEE Administrate status enabled EEE LLDP Administrate status enabled EEE LLDP Administrate status enabled Example 3 Port in status DOWN Switch gt show eee gil 0 10 Port Status DOWN EEE capabilities Speed 10M EEE not supported EEE Commands 371 372 Speed 100M EEE supported Speed 1G EEE supported Speed 10G EEE not supported EEE Administrate status enabled EEE LLDP Administrate status enabled Example 4 Port in status UP and does not support EEE Switch gt show eee gil 0 20 Port Status UP EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Speed 10G EEE not supported Current port speed 1Gbps EEE Administrate status enabled EEE LLDP Administrate status enabled Example 5 Neighbor does not support EEE Switc
389. ommands clock set The clock set Privileged EXEC mode command manually sets the system clock Syntax clock set bb anze day month month day year Parameters e hh mm ss Specifies the current time in hours military format minutes and seconds Range hh 0 23 mm 0 59 ss 0 59 e day Specifies the current day of the month Range 1 31 e month Specifies the current month using the first three letters of the month name Range Jan Dec e year Specifies the current year Range 2000 2037 Command Mode Privileged EXEC mode User Guidelines The user should enter the local clock time and date Example The following example sets the system time to 13 32 00 on March 7th 2005 Console clock set 13 32 00 7 Mar 2005 Clock Commands 107 clock source The clock source Global Configuration mode command configures an external time source for the system clock Use the no form of this command to disable the external time source Syntax clock source sntp no clock source Parameters sntp Specifies that an SNTP server is the external clock source Default Configuration There is no external clock source Command Mode Global Configuration mode Example The following example configures an SNTP server as an external time source for the system clock Console config clock source sntp clock timezone Use the clock timezone Global Configuration command to set the time zone for display pur
390. on Applicable only to the SNMP Version 3 security model e auth Specifies packet authentication without encryption Applicable only to the SNMP Version 3 security model e priv Specifies packet authentication with encryption Applicable only to the SNMP Version 3 security model e notify notifyview Specifies the view name that enables specifying an inform or a trap Applicable only to the SNMP Version 3 security model Length 1 30 characters e read readview Specifies the view name that enables viewing only the agent contents Length 1 30 characters e write writeview Specifies the view name that enables entering data and configuring the agent contents Length 1 30 characters Default Configuration No group entry exists If notifyview is not specified nothing is defined for the notify view If readview is not specified all objects except for the community table and SNMPv3 user and access tables are available If writeview is not specified nothing is defined for the write view Command Mode Global Configuration mode 164 SNMP Commands User Guidelines The command logical key is groupname snmp version security level For snmp version v1 v2 the security level is always noauth The Router context is translated to context in the MIB Example The following example attaches a group called user group to SNMPv3 and assigns to the group the privacy security level and read access rights to a view call
391. on ID 44 A unique accounting identifier Acct Authentic 45 Indicates how the supplicant was authenticated Acct Session Time 46 Indicated how long the supplicant was logged in Acct Terminate Cause 49 Reports why the session was terminated Nas Port Type 61 Indicates the supplicant physical port type Example console config aaa accounting dot1x start stop group radius 234 AAA Commands show accounting The show accounting EXEC mode command displays information about the accounting status Syntax show accounting Command Mode EXEC mode Example The following example displays information about the accounting status Console show accounting Login Radius 802 1x Disabled passwords min length The passwords min length Global Configuration mode command configures the minimal password length in the local database Use the no form of this command to remove the restriction Syntax passwords min length ength no passwords min length Parameters length Specifies the minimal length required for passwords Range 8 64 Default Configuration There is no minimal length requirement until this command is executed AAA Commands _ 235 Command Mode Global Configuration mode User Guidelines The setting is relevant to local user passwords line passwords and enable passwords The software checks the minimum length requirement when defining a password in an unencrypted format or
392. on is not required for synchronization No trusted keys Unicast Clients Enabled Unicast Clients Polling Enabled Server Polling Encryption Key ee eee sb Disabled Disabled Broadcast Clients disabled Anycast Clients disabled No Broadcast Interfaces console show sntp status The show sntp status Privileged EXEC mode command displays the Simple Network Time Protocol SNTP servers status 124 Clock Commands Syntax show sntp status Command Mode Privileged EXEC mode Example The following examples display the SNTP servers status Console show sntp status Clock is synchronized stratum 4 reference is 176 1 1 8 unicast Reference time is AFE2525E 70597B34 00 10 22 438 PDT Jul 5 1993 Unicast servers Server Status Last response offset Delay mSec mSec LIS teh lt 8 Up 19 58 22 289 Valo ENITI PDT Feb 19 2005 KAS 38517 Unknown LZ DP LEE IB 8 98 189 19 PDT Feb 19 2005 Anycast server Server Interface Status Last response Offset Delay mSec mSec 176 111 838 VLAN 118 Up 939332147389 TL9 119 89 PDT Feb 19 2005 Broadcast Server Interface Last response 176 29 1 51 VLAN 119 LOL TY eZ PDT Feb 19 2002 Device show sntp status Clock is synchronized stratum 4 reference is 176 1 1 8 unicast Reference time is AFE2525E 70597B34 00 10 22 438 PDT Jul 5 1993 Clock Commands 125 126 Clock Commands Configuration Image File Commands copy The copy Privileged EXEC mode command
393. on the interface While DAD is performed on the Link Local address of an interface the state of the other IPv6 addresses is still set to TENTATIVE When DAD is completed on the Link Local address DAD is performed on the remaining IPv6 addresses 634 IPv6 Addressing Commands When DAD identifies a duplicate address the address state is set to DUPLICATE and the address is not used If the duplicate address is the Link Local address of the interface the processing of IPv6 packets is disabled on the interface and an error message is displayed All configuration commands associated with the duplicate address remain as configured while the address state is set to DUPLICATE If the Link Local address for an interface changes DAD is performed on the new Link Local address and all of the other IPv6 address associated with the interface are regenerated DAD is performed only on the new Link Local address Configuring a value of 0 with the ipv6 nd dad attempts Interface Configuration mode command disables duplicate address detection processing on the specified interface A value of 1 configures a single transmission without follow up transmissions The default is 1 message Until the DAD process is completed an IPv6 address is in the tentative state and cannot be used for data transfer It is recommended to limit the configured value Example The following example configures the number of consecutive neighbor solicitation messages sent
394. onfiguration e ssh Displays the SSH configuration Default Configuration If the line is not specified all line configuration parameters are displayed Command Mode EXEC mode Example The following example displays the line configuration Console gt show line Console configuration 216 Line Commands Interactive timeout History 10 Baudrate 9600 Databits 8 Parity none Stopbits 1 Telnet is enabled Interactive timeout History 10 SSH configuration SSH is enabled Interactive timeout History 10 Telnet configuration Disabled 10 minutes 10 seconds 10 minutes 10 seconds Line Commands 217 218 Line Commands AAA Commands aaa authentication login The aaa authentication login Global Configuration mode command sets an authentication method applied during login Use the no form of this command to restore the default authentication method Syntax aaa authentication login default list name method method no aaa authentication login default list name Parameters e default Uses the listed authentication methods that follow this argument as the default method list when a user logs in e list name Specifies a name for a list of authentication methods activated when a user logs in Length 1 12 characters e method method2 Specifies a list of methods that the authentication algorithm tries in the given sequence The additional au
395. onsole gt show ip route address 172 1 1 0 255 255 255 0 Codes C connected S static E OSPF external candidate default S 172 1 1 0 24 5 3 via 10 0 2 1 17 12 19 Ethernetl IP Routing Protocol Independent Commands 693 Console gt show i prefixes p route address 172 1 1 0 255 255 255 0 longer Codes C connected S static E OSPF external S 172 1 1 0 24 E Kar e 5 3 via 10 0 2 1 17 12 19 Ethernetl 5 3 via 10 0 3 1 19 51 18 Ethernetl The following table describes the significant fields shown in the display Field Description o The protocol that derived the route 10 8 1 0 24 The remote network address 30 2000 The first number in the brackets is the administrative distance of the information source the second number is the metric for the route via 10 0 1 2 The address of the next router to the remote network 00 39 08 The last time the route was updated in hours minutes seconds Ethernet 1 The interface through which the specified network can be reached 694 IP Routing Protocol Independent Commands ACL Commands Use the ip access list global configuration mode command to define an Pv4 access list and to place the device in IPv4 access list configuration mode Use the no form of this command to remove the access list Syntax ip access list extended access list name no ip access list extended access list name Param
396. or Port channel Use this command to define the internal usage VLAN of a port If an internal usage VLAN is not defined for a port the software chooses one of the unused VLANs If a VLAN ID was chosen by the software for internal usage but it is desired to use that VLAN ID for a static or dynamic VLAN do one of the following e Remove the IP interface create the VLAN and recreate the IP interface e Use this command to explicitly define the internal usage VLAN Example The following example reserves unused VLAN 200 as the internal usage VLAN of Ethernet port 1 3gigabitethernet port 1 0 3 Console config interface gigabitethernet 1 0 3 Console config if ip internal usage vlan 200 VLAN Commands 517 show vlan Use the show vlan Privileged EXEC mode command to display VLAN information for all VLANs or for a specific VLAN Syntax show vlan tag vlan id name vlan name Parameters e tag vlan id Specifies a VLAN ID name vlan name Specifies a VLAN name string Length 1 32 characters Command Mode Privileged EXEC mode Example The following example displays information for all VLANs Console show vlan VLAN Name Ports Type Authorization 1 default gil 0 1 2 Other Required 10 VLAN0010 gil 0 3 4 dynamic Required 11 VLANO011 GE static Required i1 0 3 4 GE 20 VLAN0020 SC static Required 21 VLAN0021 static Required 30 VLAN0030 static j J Vir Required di VLAN0031 gi1
397. or duplicate tables configure the router tables This is the default e type oob Specifies that SNMP requests for duplicate tables configure the oob tables Default No community is defined Command Mode Global Configuration mode User Guidelines You can t specify view name for su which has access to the whole MIB You can use the view name to restrict the access rights of a community string The logical key of the command is the pair community ip address If ip address is omitted then the key is community All Ips By specifying the view name parameter the software e Generates an internal security name e Maps the internal security name for SNMPv1 and SNMPv2 security models to an internal group name e Maps the internal group name for SNMPv1 and SNMPv2 security models to view name read view and notify view always and for rw for write view also You can use the group name to restrict the access rights of a community string By specifying the group name parameter the software e Generates an internal security name e Maps the internal security name for SNMPv1 and SNMPv2 security models to the group name SNMP Commands 161 The snmp server community group command and snmp server user command for vl and v2 are equivalent You should use the snmp server community group command when you want to configure the ipv4t address ipv6 address management addresses The Type keyword is used for a different purpose
398. orm of this command to restore the default configuration Syntax source precedence no source precedence Default Configuration Source precedence is not defined for the address Command Mode IP Interface Configuration mode User Guidelines For relayed DHCP messages the source IP address selected is 1 The lowest of the IP addresses defined as source precedence IP addresses 2 The lowest of the IP addresses if there are no source precedence IP addresses IP Addressing Commands 615 Example The following example defines a preference for an IP address as a source IP address for DHCP relayed messages on an interface Console config ip source precedence ip domain lookup Use the ip domain lookup Global Configuration mode command to enable the IP Domain Name System DNS based host name to address translation Use the no form of this command to disable DNS based host name to address translation Syntax ip domain lookup no ip domain lookup Default Configuration IP Domain Name System DNS based host name to address translation is enabled Command Mode Global Configuration mode Example The following example enables IP Domain Name System DNS based host name to address translation Console config ip domain lookup ip domain name Use the ip domain name Global Configuration mode command to define a default domain name used by the software to complete unqualified host names names without a dotted deci
399. ormation displayed in the banner hostname Displays the host name for the device domain Displays the domain name for the device bold Indicates that the next text is a bold text Using this token again to indicates the end of the bold text inverse Indicates that the next text is an inverse text Using this token again indicates the end of the inverse text contact Displays the system contact string location Displays the system location string mac address Displays the base MAC address of the device Use the no motd banner line configuration command to disable the MOTD banner on a particular line or lines Example The following example sets an MOTD banner that uses tokens The percent sign is used as a delimiting character Note that the token syntax is replaced by the corresponding configuration variable 58 User Interface Commands Device config banner motd ror Enter TEXT message End with the character bold Upgrade bold to all devices begins at March 12 2 When the login banner is executed the user will see the following banner Upgrade to all devices begins at March 12 exec banner Use the exec banner command in Line Configuration mode to enable the display of exec banners Use the no form of this command to disable the display of exec banners Syntax exec banner no exec banner Parameters This command has no arguments or keywords
400. ort channel or VLAN service service Spccifies the service type Possible values are Telnet SSH HTTP HTTPS and SNMP ipv4 address Specifies the source IPv4 address ipv6 address ipv6 prefix length sS pecifies the source IPv6 address and source IPv6 address prefix length The prefix length must be preceded by a forward slash The parameter is optional mask mask Specifies the source IPv4 address network mask The parameter is relevant only to IPv4 addresses mask prefix length Specifies the number of bits that comprise the source IPv4 address prefix The prefix length must be preceded by a forward slash The parameter is relevant only to IPv4 addresses Range 0 32 Command Mode Management Access List Configuration mode User Guidelines Rules with ethernet VLAN and port channel parameters are valid only if an IP address is defined on the appropriate interface Example The following example denies all ports in the access list called mlist Console config management access list mlist Console config macl deny 154 Management ACL Commands management access class The management access class Global Configuration mode command restricts management connections by defining the active management access list To disable management connection restrictions use the no form of this command Syntax management access class console only name no management access class Parameters e console only
401. ort channels Default Configuration Forwarding of all multicast packets is disabled Command Mode Interface Configuration VLAN mode Example The following example enables all multicast packets on port gil 0 8 to be forwarded Console config interface vlan 2 Console config if bridge multicast forward all add gi1 0 8 bridge multicast forbidden forward all Use the bridge multicast forbidden forward all Interface Configuration VLAN mode command to forbid a port to dynamically join multicast groups Use the no form of this command to restore the default configuration Syntax bridge multicast forbidden forward all add remove ethernet interface list port channel port channel list no bridge multicast forbidden forward all Parameters e add Forbids forwarding of all multicast packets e remove Does not forbid forwarding of all multicast packets 392 Address Table Commands e ethernet interface list Spccifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphen to designate a range of ports e port channel port channel list Specifies a list of port channels Separate nonconsecutive port channels with a comma and no spaces use a hyphen to designate a range of port channels Default Configuration Ports are not forbidden to dynamically join multicast groups Command Mode Interface Configuration VLAN mode User Guidelines Use this command to
402. ort monitor Interface Configuration Ethernet mode command to start a port monitoring session Use the no form of this command to stop a port monitoring session Syntax port monitor src interface id rx tx no port monitor src intertace id Parameters e rx Monitors received packets only If no option is specified it monitors both rx and tx e tx Monitors transmitted packets only If no option is specified it monitors both rx and tx e src interface id Specifies an interface ID The interface ID must be and Ethernet port Default Configuration Monitors both received and transmitted packets Command Mode Interface Configuration Ethernet mode It cannot be configured for a range of interfaces range context Port Monitor Commands 413 User Guidelines This command enables port copy between Source Port src interface to a Destination Port The port in context The analyzer port for port ingress traffic mirroring should be the same port for all mirrored ports The analyzer port for port egress traffic mirroring should be the same port for all mirrored ports Following are restrictions apply for ports that are configured to be source ports e The port cannot be a destination port The following restrictions apply to ports that are configured to be monitor ports e The port can t be source port e The port isn t member in port channel e IP interface is not configured on the port e GVRP is not ena
403. orts is used for destination port in ACE it would be not be counted again if it is also used for destination port in another ACE If a range of ports is used for source port it would be counted again if it is also used for destination port Example console config ipv6 access list server console config ipv6 al permit tcp 3001 2 64 any any 80 deny IPv6 Use the deny command in IPv6 access list configuration mode to set permit conditions for IPv6 access list Syntax deny protocol any source pretixJength any destination prefix length dscp number precedence number time range time range name disable port log input deny icmp any source pretix length any destination pretix length fany icmp type fany icmp code dscp number d precedence number time range time range name disable port log imput deny tcp any source prefix ength any d source port port range any destination pretix length any destination port port range dscp number d precedence number match all list of flags time range time range name disable port log input 705 deny udp any source prefixJength any source port port range Hany destination pretixfength any destination port port range dscp number precedence number time range time range name disable port log input Parameters 706 protocol The name or the number of an IP protocol Available protocol names are icm
404. os dscp mutation Command Mode Global Configuration mode User Guidelines Apply the DSCP to DSCP mutation map to a port at the boundary of a Quality of Service QoS administrative domain If two QoS domains have different DSCP definitions use the DSCP to DSCP mutation map to translate a set of DSCP values to match the definition of another domain Apply the map to ingress and to DSCP trusted ports only Applying this map to a port causes IP packets to be rewritten with newly mapped DSCP values at the ingress ports If applying the DSCP mutation map to an untrusted port to class of service CoS or to an IP precedence trusted port the command has no immediate effect until the port becomes DSCP trusted Example The following example applies the DSCP Mutation map to system DSCP trusted ports Console config qos dscp mutation qos map dscp mutation Use the qos map dscp mutation Global Configuration mode command to configure the DSCP to DSCP Mutation table Use the no form of this command to restore the default configuration Quality of Service QoS Commands 755 Syntax qos map dscp mutation in dscp to out dscp no qos map dscp mutation 77 dscp Parameters in dscp Spccifies up to 8 DSCP values to map separated by spaces Range 0 63 e out dscp Specifies up to 8 DSCP mapped values separated by spaces Range 0 63 Default Configuration The default map is the Null map which means that each incoming DSCP va
405. ost report v3 Range 0 255 destination port Specifies the UDP TCP destination port You can enter range of ports by using hyphen E g 20 21 For TCP enter a number or one of the following values bgp 179 chargen 19 daytime 13 discard 9 domain 53 drip 3949 echo 7 finger 79 ftp 21 ftp data 20 gopher 70 hostname 42 ire 194 login 543 kshell 544 Ipd 515 nntp 119 pop2 109 pop3 110 smtp 25 sunrpe 1110 syslog 514 tacacs ds 49 talk 517 telnet 23 time 37 uucp 117 whois 43 www 80 For UDP enter a number or one of the following values biff 512 bootpc 68 bootps 67 discard 9 dnsix 90 domain 53 echo 7 mobile ip 434 nameserver 42 netbios dgm 138 netbios ns 137 non500 isakmp 4500 ntp 123 rip 520 snmp 161 snmptrap 162 sunrpe 111 syslog 514 tacacs ds 49 talk 517 tftp 69 time 37 who 513 xdmcp 177 Range 0 65535 source port Specifies the UDP TCP source port Predefined port names are defined in the destination port parameter Range 0 65535 match all list of flags List of TCP flags that should occur If a flag should be set it is prefixed by If a flag should be unset it is prefixed by Available options are urg tack psh rst syn fin urg ack psh rst syn and fin The flags are concatenated to a one string For example fin ack time range name Name of the time r
406. out tx period naana 301 dottx max ren 22 0c eee eee eee 302 dot1x timeout supp timeout 303 dot1x timeout server timeout 00 c eee eee 304 Show dote Seege ven be eee ee Ee 305 Show dotix users 0c cece eee eee eee nee 308 show dot1x statistics 0 cece eee eee eee 310 Clear dot1x statistics 0 0 cece cece eee eee ees 311 dot1x auth not req 20 0 cee eee eee eee 312 dot1x host mode 0 ccc cece eee e eens 313 dot1x violation mode 314 dot1x guest vlan 0 cece eee eee eee 315 dot1x guest vian timeout cece eee eee 316 dot1x guest vlan enable ccc cece e eee 317 dot1x mac authenttcatton cece eens 318 dot1x traps mac authentication success 319 13 14 dot1x traps mac authentication failure 319 dot1x radius attributes vlan 0 e cece eee eee 320 dot1x radius attributes filter id 000 ee 321 dot1x radius attributes errors 00 0 cece eee eee 322 dotix legacy supp mode 2 5 322 show dottx advanced cceeeeeeeeeeneneee 323 dot1x system auth control monitor 324 show dot1x monitoring result 0eeaee 325 20 Ethernet Configuration Commands 329 EE 329 interface range ccc eee eee e eee eee eens 329 description ecse regenen tpa d eee 330 IT EE 330 plett eds eos See vee 331 negotiation c
407. p address 10 12 1 0 255 255 255 0 lease Use the lease DHCP Pool Network Configuration mode command to configure the time duration of the lease for an IP address that is assigned from a Dynamic Host Configuration Protocol DHCP Server to a DHCP client Use the no form of this command to restore the default value DHCP Server Commandes 661 Syntax lease days hours minutes d infinite no lease Parameters e days Specifies the number of days in the lease e hours Specifies the number of hours in the lease A days value must be supplied before configuring an ours value e minutes Specifies the number of minutes in the lease A days value and an hours value must be supplied before configuring a minutes value e infinite Spccifies that the duration of the lease is unlimited Default Configuration The default lease duration is day Command Mode DHCP Pool Network Configuration mode Examples The following example shows a 1 day lease Console config dhcp lease 1 The following example shows a one hour lease Console config dhcp lease 0 1 The following example shows a one minute lease Console config dhcp lease 0 0 1 The following example shows an infinite unlimited lease Console config dhcp lease infinite 662 DHCP Server Commands client name Use the client name DHCP Pool Host Configuration mode command to define the name of a DHCP client The client name should not include
408. p 58 tcp 6 and udp 17 To match any protocol use the ipv6 keyword Range 0 255 source prefix length The source IPv6 network or class of networks about which to set permit conditions This argument must be in the form documented in RFC 3513 where the address is specified in hexadecimal using 16 bit values between colons destination prefix length The destination IPv6 network or class of networks about which to set permit conditions This argument must be in the form documented in RFC 3513 where the address is specified in hexadecimal using 16 bit values between colons dscp number Specifies the DSCP value Range 0 63 precedence number Specitfies the IP precedence value icmp type Specifies an ICMP message type for filtering ICMP packets Enter a number or one of the following values destination unreachable 1 packet too big 2 time exceeded 3 parameter problem 4 echo request 128 echo reply 129 mld query 130 mld report 131 mldv2 report 143 mld done 132 router solicitation 133 router advertisement 134 nd ns 135 nd na 136 Range 0 255 icmp code Specifies an ICMP message code for filtering ICMP packets Range 0 255 destination port Specifies the UDP TCP destination port You can enter a range of ports by using a hyphen E g 20 21 For TCP enter a number or one of the following values bgp 179 chargen 19 daytime 13 discard 9 domain 53 drip 3949 echo 7 finge
409. p eigrp ospf ipinip pim 2tp isis To match any protocol use the Ip keyword Range 0 255 source Soutce IP address of the packet e source wildcard Wildcard bits to be applied to the source IP address Use 1s in the bit position that you want to be ignored e destination Destination IP address of the packet e destination wildcard Wildcard bits to be applied to the destination IP address Use 1s in the bit position that you want to be ignored e dscp number Specifies the DSCP value e precedence number Specitfies the IP precedence value icmp type Specifies an ICMP message type for filtering ICMP packets Enter a number or one of the following values echo reply destination unreachable source quench redirect alternate host address echo request router advertisement router solicitation time exceeded 699 700 parameter problem timestamp timestamp reply information request information reply address mask request address mask reply traceroute datagram conversion error mobile host redirect mobile registration request mobile registration reply domain name request domain name reply skip photuris Range 0 255 icmp code Specifies an ICMP message code for filtering ICMP packets Range 0 255 igmp type IGMP packets can be filtered by IGMP message type Enter a number or one of the following values host query host report demm pim cisco trace host report v2 host leave v2 h
410. p name Default Configuration Counting in profile and out of profile is disabled Command Mode Interface Configuration Ethernet Port channel mode Example The following example enables counting in profile and out of profile on the interface Console config if qos statistics policer policyl class1l Quality of Service QoS Commands 759 qos statistics aggregate policer Use the qos statistics aggregate policer Global Configuration mode command to enable counting in profile and out of profile Use the no form of this command to disable counting Syntax qos statistics aggregate policer ageregate policer name no qos statistics aggregate policer aggregate policer name Parameters ageregate policer name Spcecifies the aggregate policer name Default Configuration Counting in profile and out of profile is disabled Command Mode Global Configuration mode Example The following example enables counting in profile and out of profile on the interface Console config qos statistics aggregate policer policerl qos statistics queues Use the qos statistics queues Global Configuration mode command to enable OoS statistics for output queues Use the no form of this command to disable OoS statistics for output queues Syntax qos statistics queues set queue all dp all interface all no qos statistics queues set 760 Quality of Service QoS Commands Parameters e set Specifies the counter set num
411. pability Example The following example configures the speed of gigabitethernet port 1 0 5 to 100 Mbps operation Console config interface gigabitethernet 1 0 5 Console config if speed 100 duplex Use the duplex Interface Configuration Ethernet Port channel mode command to configure the full half duplex operation of a given Ethernet interface when not using auto negotiation Use the no form of this command to restore the default configuration Ethernet Configuration Commands 331 Syntax duplex half full no duplex Parameters e half Forces half duplex operation e full Forces full duplex operation Default Configuration The interface operates in full duplex mode Command Mode Interface Configuration Port channel mode Example The following example configures gigabitethernet port 1 0 5 to operate in full duplex mode Console config interface gigabitethernet 1 0 5 Console config if duplex full Console config if negotiation Use the negotiation Interface Configuration Ethernet Port channel mode command to enable auto negotiation operation for the speed and duplex parameters and master slave mode of a given interface where the preferred default mode is master mode Use the no form of this command to disable auto negotiation Syntax negotiation capability capability2 capability gt preferred master slave no negotiation 332 Ethernet Configuration Commands
412. parameters for this command are displayed The following describes features that assist in using the CLI Terminal Command Buffer Every time a command is entered in the CLI it is recorded on an internally managed Command History buffer Commands stored in the buffer are maintained on a First In First Out FIFO basis These commands can be recalled reviewed modified and reissued This buffer is not preserved across device resets The keys that can be used to access the history buffer are described in Table 1 By default the history buffer system is enabled but it can be disabled at any time For information about the command syntax to enable or disable the history buffer see the history command There is a standard default number of commands that are stored in the buffer The standard number of 10 commands can be increased to 256 By configuring 0 the effect is the same as disabling the history buffer system For information about the command syntax for configuring the command history buffer see the history size command To display the history buffer see show history command Negating the Effect of Commands For many configuration commands the prefix keyword no can be entered to cancel the effect of a command or reset the configuration to the default value This guide describes the negation effect for all applicable commands Command Completion If the command entered is incomplete invalid or has missing or invalid par
413. path cost for multiple spanning tree MST calculations If a loop occurs the spanning tree considers path cost when selecting an interface to put in the forwarding state Use the no form of this command to restore the default configuration Syntax spanning tree mst nstance id cost cost no spanning tree mst nstance id cost Parameters e instance id Specifies the spanning tree instance ID Range 1 15 e cost Specifies the port path cost Range 1 200000000 Default Configuration Default path cost is determined by the port speed and path cost method long or short as shown below Interface Long Port channel 20 000 Gigabit Ethernet 1000 Mbps 20 000 470 Spanning Tree Commands Fast Ethernet 100 Mbps 200 000 Ethernet 10 Mbps 2 000 000 Command Mode Interface Configuration Ethernet port channel mode Example The following example configures the MSTP instance path cost for gigabitethernet port 1 0 9 to 4 Console config interface gigabitethernet 1 0 9 Console config if spanning tree mst 1 cost 4 spanning tree mst configuration Use the spanning tree mst configuration Global Configuration mode command to enable configuring an MST region by entering the Multiple Spanning Tree MST mode Syntax spanning tree mst configuration Command Mode Global Configuration mode User Guidelines For two or more switches to be in the same MST region they need to contain the same VLAN ma
414. pe e p node Specifies the Peer to peer NetBIOS node type m node Specifies the Mixed NetBIOS node type e h node Specifies the Hybrid NetBIOS node type Command Mode DHCP Pool Host Configuration mode DHCP Pool Network Configuration mode Default Configuration No bios node type is defined Example The following example specifies the client s NetBIOS type as hybrid Console config dhcp netbios node type h node next server Use the next server DHCP Pool Configuration mode command to configure the next server in the boot process of a Dynamic Host Configuration Protocol DHCP client Use the no form of this command to remove the boot server DHCP Server Commands 667 Syntax next server ip address no next server Parameters ip address Specifies the IP address of the next server in the boot process which is typically a Trivial File Transfer Protocol TFTP server Default Configuration If the next server command is not used to configure a boot server list the DHCP Server uses inbound interface helper addresses as boot servers Command Mode DHCP Pool Host Configuration mode DHCP Pool Network Configuration mode Example The following example specifies 10 12 1 99 as the IP address of the next server in the boot process Console config dhcp next server 10 12 1 99 next server name Use the next server name DHCP Pool Configuration mode command to configure the next server name in the boot process of a
415. per address command specifies a UDP port number to which UDP broadcast packets with that destination port number are forwarded By IP Addressing Commands 613 default if no UDP port number is specified the device forwards UDP broadcast packets for the following six services JEN 116 Name Service port 42 e DNS port 53 e NetBIOS Name Server port 137 e NetBIOS Datagram Server port 138 e TACACS Server port 49 e Time Service port 37 Example The following example enables the forwarding of User Datagram Protocol UDP broadcasts received on all interfaces to specific UDP ports of a destination IP address Console config ip helper address all 172 16 9 9 49 53 show ip helper address Use the show ip helper address Privileged EXEC mode command to display the IP helper addresses configuration on the system Syntax show ip helper address Parameters This command has no arguments or key words Command Mode Privileged EXEC mode 614 IP Addressing Commands Example The following example displays the IP helper addresses configuration on the system Console show ip helper address Interface Helper Address Udp ports 192 168 1 1 172 16 8 8 Sch 42 49 Bien TS LE 192 168 2 1 LI2C16 2929 37 49 source precedence Use the source precedence IP Interface Configuration mode command to define a preference for an IP address as a source IP address for DHCP relayed messages on an interface Use the no f
416. ping or DHCP relay are enabled Example console config ip dhcp information option show ip dhcp information option The show ip dhcp information option EXEC mode command displays the DHCP Option 82 configuration Syntax show ip dhcp information option 586 DHCP Snooping and ARP Inspection Commands Command Mode EXEC mode Example The following example displays the DHCP Option 82 configuration console show ip dhcp information option Relay agent Information option is Enabled DHCP Snooping and ARP Inspection Commands 587 588 DHCP Snooping and ARP Inspection Commands iSCSI Commands iscsi enable Use the iscsi enable Global Configuration mode command to globally enable Internet Small Computer System Interface iSCSI awareness This command changes the Flow Control global mode to receive only enables Flow Control on all interfaces and enables jumbo frames Use the no form of this command to globally disable iSCSI awareness This version of the command does not affect the Flow Control global mode does not disable Flow Control on all interfaces and does not disable jumbo frames Syntax iscsi enable no iscsi enable Default Configuration Disabled Command Mode Global Configuration mode User Guidelines An iSCSI VLAN must be configured by using the iscsi vlan command before the device can assign a specific VLAN to iSCSI flows When executing the no iscsi enable command iSCSI resources TAM ar
417. plays only dynamic MAC address table entries e static Displays only static MAC address table entries e secure Displays only secure MAC address table entries Address Table Commands 399 e yvlan Specifies VLAN such as VLAN 1 e interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or port channel e mac address MAC address Default Command Mode EXEC mode User Guidelines Internal usage VLANs VLANs that are automatically allocated on routed ports are presented in the VLAN column by a port number and not by a VLAN ID Example Console show mac address table Aging time is 300 sec VLAN MAC Address Port Type d 00 00 26 08 13 23 0 self A 00 3f bd 45 5a bl gil 0 1 static q 00 a1 b0 69 63 f3 gil 0 24 dynamic 2 00 al b0 69 63 3 gil 0 24 dynamic Console show mac address table 00 3f bd 45 5a bl Aging time is 300 sec 1 00 3f bd 45 5a bl static gil 0 9 400 Address Table Commands show mac address table count Use the show mac address table count EXEC mode command to display the number of addresses present in the Forwarding Database Syntax show mac address table count v an vlan interface interface id Parameters e ylan Specifies VLAN e interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or port channel Command Mode EXEC mode Example Console show mac address t
418. pology change 434 Ildp med fast start repeat count 435 Ildp med network policy global 435 Ildp med network policy interface 436 Clear Ildptable 437 lidp med location eee eee ee 438 show Ildp configuration aaa 439 show Ildp med configuration 441 show Ildp local tlvs overloading 443 show Ildp local 444 show Ildp neighbors naonnana 446 show Ildp statistics 0 cece eee eee eens 451 30 Spanning Tree Commands 453 spanning tree 020 cece eee eee eee 453 spanning tree mode 453 spanning tree forward time 454 spanning tree hello time 2 2 5 455 spanning tree max age 2 2 eeeee eee 456 spanning tree priori 457 spanning tree disable 20 eeeeee 458 spanning tree ost 459 spanning tree port priority 00 460 spanning tree portlast eee 460 spanning tree link type nsneeennnaaa n 461 spanning tree pathcost method 462 spanning tree bpdu Global 463 spanning tree bpdu Interface 464 spanning tree guard root 465 spanning tree bpduguard 5 466 clear spanning tree detected protocols 467 spanning tree mst priori 467 spanning tree mst max hops
419. poses Use the no form of this command to set the time to Coordinated Universal Time UTC or Greenwich Mean Time GMT which is the same Syntax clock timezone zone hours oftset minutes offset 108 Clock Commands no clock timezone Parameters e zone The acronym of the time zone Range Up to 4 characters e hours offset Hours difference from UTC Range 12 13 e minutes offset Minutes difference from UTC Range 0 59 Default Configuration Offset is 0 Acronym is empty Command Mode Global Configuration mode User Guidelines The system internally keeps time in UTC so this command is used only for display purposes and when the time is manually set Example console config clock timezone abc 2 minutes 32 clock summer time Use one of the formats of the clock summer time Global Configuration command to configure the system to automatically switch to summer time daylight saving time Use the no form of this command to configure the software not to automatically switch to summer time Syntax clock summer time zone recurring usa eu week day month hh mm week day month hh mm offset clock summer time zone date date month year hh mm date month year hh mm ottset Clock Commands 109 clock summer time zone date month date year hh mm month date year hh mm offset no clock summer time Parameters e zone The acronym of the time zone to be displayed when summer time is in effect
420. pping the same configuration revision number and the same name Example The following example configures an MST region Console config spanning tree mst configuration Console config mst instance 1 vlan 10 20 Console config mst name regionl Spanning Tree Commands 471 Console config mst revision 1 instance MST Use instance MST Configuration mode command to map VLANs to an MST instance Use the no form of this command to restore default mapping Syntax instance instance id vlan vlan range no instance instance id vlan vlan range Parameters e instance id MST instance Range 1 15 e vlan range The specified range of VLANs is added to the existing ones To specify a range use a hyphen To specify a series use a comma Range 1 4094 Default Configuration All VLANs are mapped to the common and internal spanning tree CIST instance instance 0 Command Mode MST Configuration mode User Guidelines All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree CIST instance instance 0 and cannot be unmapped from the CIST For two or more devices to be in the same MST region they must have the same VLAN mapping the same configuration revision number and the same name Example The following example maps VLANs 10 20 to MST instance 1 Console config spanning tree mst configuration 472 Spanning Tree Commands Console config m
421. pplicant IPv4 Filter ID 2 Supplicant IPv6 Switch show dotlx users username Bernie Port Username Session Auth MAC VLAN Filter Time Method Address gil 0 1 Bernard 03 08 58 Remote 0008 3b79 3232 9 OK Filter ID 1 Supplicant IPv4 802 1x Commands 309 show dot1x statistics Use the show dot 1x statistics Privileged EXEC mode command to display 802 1x statistics for the specified interface Syntax show dotlx statistics interface interface rd Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode Privileged EXEC mode Example The following example displays 802 1x statistics for gigabitethernet port 1 0 1 Console show dot1x statistics interface gigabitethernet 1 0 1 EapolFramesRx 11 EapolFramesTx 12 EapolStartFramesRx 1 EapolLogoffFramesRx 1 EapolRespIdFramesRx 3 EapolRespFramesRx 6 EapolReqIidFramesTx 3 EapolReqFramesTx 6 InvalidEapolFramesRx 0 RapLengthErrorFramesRx 0 astEapolFrameVersion 1 astEapolFrameSource 00 08 78 32 98 78 310 802 1x Commands The following table describes the significant fields shown in the display Field Description EapolFramesRx The number of valid EAPOL frames of any type that have been received by this Authenticator EapolFramesTx The number of EAPOL frames of any type that have been transmitted by this Authenticator EapolStartFramesRx
422. ps Privileged EXEC mode command displays the HTTPS server configuration Syntax show ip https Command Mode Privileged EXEC mode Example The following example displays the HTTPS server configuration Console show ip https HTTPS server enabled 200 Web Server Commands Port 443 Interactive timeout Follows the HTTP interactive 10 minutes Certificate 1 is active Issued by www verisign com Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C Finger print DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by self signed Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C Finger print 1873B936 88DC3411 BC8932EF 782134BA timeout US US Web Server Commands 201 202 Web Server Commands Telnet SSH and Slogin Commands ip telnet server The ip telnet server Global Configuration mode command enables the device to be configured from a Telnet server Use the no form of this command to disable the device configuration from a Telnet server Syntax ip telnet server no ip telnet server Default Configuration Device configuration from a Telnet server is enabled Command Mode Global Configuration mode User Guidelines To control the device configuration by SSH use the ip ssh server Global Configuration mode command Example The following example enables the device to be configured from a Telnet se
423. ptions Code Value show ip dhcp binding Use the show ip dhcp binding EXEC mode command to display the specific one or all the address bindings on the Dynamic Host Configuration Protocol DHCP Server Syntax show ip dhcp binding ip address Parameters ip address Specifies the IP address DHCP Server Commands 681 Command Mode EXEC mode Example The following example displays the DHCP Server binding address parameters Router gt show ip dhcp binding DHCP server enabled The number of used all types entries is 5 The number of pre allocated entries is 1 The number of allocated entries is 1 The number of expired entries is 1 The number of declined entries is 2 16 1 11 00a0 9802 32de Feb 01 1998 16 3 23 02c7 801 0422 12 00AM 16 3 24 02c7 802 0422 16 3 25 02c7 803 0422 16 3 26 02c7 804 0422 Router gt show ip dhcp binding 1 16 1 11 DHCP server enabled The number of used all types entries is 5 The number of pre allocated entries is 1 The number of allocated entries is 1 The number of expired entries is 1 The number of declined entries is 2 P address Hardware Address Lease Expiration P address Hardware Address Lease Expiration Type dynamic dynamic dynamic dynamic dynamic Type State allocated expired declined pre allocated declined State 16 1 11 00a0 9802 32de Feb 01 1998 12 00 AM Router gt show ip dhcp binding 1 16 3 24 682 DH
424. queue cos map Global Configuration mode command maps Class of Service CoS values to a specific egress queue Use the no form of this command to restore the default configuration Syntax wit queue cos map gucuc id cosh cos7 738 Quality of Service QoS Commands no wrr queue cos map gucuc id Parameters e queue id Specifies the queue number to which the CoS values are mapped e cosl cos7 Specifies up to 7 CoS values to map to the specified queue number Range 1 7 Default Configuration The default CoS value mapping to 8 queues is as follows CoS value 0 is mapped to queue 3 CoS value 1 is mapped to queue 1 CoS value 2 is mapped to queue 2 CoS value 3 is mapped to queue 4 CoS value 4 is mapped to queue 5 CoS value 5 is mapped to queue 6 CoS value 6 is mapped to queue 7 CoS value 7 is mapped to queue 8 Command Mode Global Configuration mode User Guidelines Use this command to distribute traffic to different queues where each queue is configured with different weighted round robin WRR and Weighted Random Early Detection WRED parameters The expedite queues are enabled using the priority queue out Interface Configuration mode commans Example The following example maps CoS value 7 to queue 2 Console config wrr queue cos map 2 7 Quality of Service QoS Commands 739 wrr queue bandwidth Use the wir queue bandwidth global Configuration command to assign Weighted Round Robin WRR
425. r 79 ftp 21 ftp data 20 gopher 70 hostname 42 irc 194 klogin 543 kshell 544 Ipd 515 nntp 119 pop2 109 pop3 110 smtp 25 sunrpe 1110 syslog 514 tacacs ds 49 talk 517 telnet 23 time 37 uucp 117 whois 43 www 80 For UDP enter a number or one of the following values biff 512 bootpe 68 bootps 67 discard 9 dnsix 90 domain 53 echo 7 mobile ip 434 nameserver 42 netbios dgm 138 netbios ns 137 non500 isakmp 4500 ntp 123 rip 520 snmp 161 snmptrap 162 sunrpe 111 syslog 514 tacacs 49 talk 517 tftp 69 time 37 who 513 xdmep 177 Range 065535 e source port Specifies the UDP TCP source port Predefined port names are defined in the destination port parameter Range 0 65535 e match all list of flags List of TCP flags that should occur If a flag should be set it is prefixed by If a flag should be unset it is prefixed by Available options are urg tack psh rst syn fin urg ack psh rst syn and fin The flags are concatenated to a one string For example fin ack e time range name Name of the time range that applies to this permit statement Range 1 32 e disable port The Ethernet interface would be disabled if the condition is matched e log input Specifies to send an informational syslog message about the packet that matches the entry Because forwarding is done in hardw
426. r Global Configuration mode command The format of an IPv6Z address is lt spv6 Link local address gt lt intertace name gt interface name vlan lt integer gt ch lt integer gt isatap lt integer gt lt physical port name gt 0 integer lt decimal number gt lt integer gt lt decimal number gt decimal number 0 2 3 4 5 6 7 8 9 physical port name Designated port number for example gil 0 16 If the egress interface is not specified the default interface is selected Specifying interface zone 0 is equal to not defining an egress interface Example The following example configures the device to accept SNTP traffic from the server on 192 1 1 1 Console config sntp server 192 1 1 1 sntp port The sntp port Global Configuration mode command specifies a Simple Network Time Protocol SNTP User Datagram Protocol UDP port Use the no form of this command to use the SNTP server default port Syntax sntp port port number no sntp port Parameters port number Specifies the UDP port number used by an SNTP server Range 1 65535 Default Configuration The default port number is 123 Clock Commands 121 Command Mode Global Configuration mode Example The following example specifies that port 321 of the SNTP server is the UDP port Console config sntp port 321 show clock The show clock EXEC mode command displays the time and date from the system clock Syntax show clock defai
427. r host name Translation to IPv4 addresses only is supported Length 1 158 characters Maximum label length 63 characters e auth port auth port number Spcecifies the port number for authentication requests If the port number is set to 0 the host is not used for authentication Range 0 65535 timeout timeout Specifies the timeout value in seconds Range 1 30 e retransmit retries Specifies the retransmit value Range 1 10 e deadtime deadtime Specifies the length of time in minutes during which a RADIUS server is skipped over by transaction requests Range 0 2000 e key key string Specifies the authentication and encryption key for all RADIUS communications between the device and the RADIUS server This key must match the encryption used on the RADIUS daemon To specify an empty string enter Length 0 128 characters e source ipv4 address ipv6 address Specifies the source IPv4 or IPv6 address to use for communication 0 0 0 0 is interpreted as a request to use the IP address of the outgoing IP interface e priority priority Spccifies the order in which servers are used where 0 has the highest priority Range 0 65535 e usage login 802 1x all Specifies the RADIUS server usage type The possible values are e login Specifies that the RADIUS server is used for user login parameters authentication e 802 1x Specifies that the RADIUS server is used for 802 1x port authentication e a
428. r size The maximum number of commands in all buffers is 256 Example The following example sets the command history buffer size to 20 commands for the current terminal session Console gt terminal history size 20 User Interface Commands 49 terminal datadump The terminal datadump EXEC mode command enables dumping all the output of a show command without prompting Use the no form of this command to disable dumping Syntax terminal datadump terminal no datadump Default Configuration Dumping is disabled Command Mode EXEC mode User Guidelines By default a More prompt is displayed when the output contains more lines than can be displayed on the screen Pressing the Enter key displays the next line pressing the Spacebar displays the next screen of output The terminal datadump command enables dumping all output immediately after entering the show command This command is relevant only for the current session Example The following example dumps all output immediately after entering a show command Console gt terminal datadump debug mode The debug mode Privileged EXEC mode command mode switches to debug mode 50 User Interface Commands Syntax debug mode Command Mode Privileged EXEC mode Example The following example enters Debug mode Console debug mode show history The show history EXEC mode command lists commands entered in the current session Syntax show history Command M
429. r the querier s VLAN the querier is disabled 530 IGMP Snooping Commands Example console config ip igmp snooping vlan 1 querier address 1 2 3 4 ip igmp robustness Use the ip igmp robustness Interface Configuration mode command to change a value of the IGMP robustness variable Use the no format of the command to return to default Syntax ip igmp robustness count no ip igmp robustness Parameters count The number of expected packet loss on a link Parameter range Range 1 7 Default 2 Command Mode Interface Configuration VLAN mode User Guidelines You can execute the command before the VLAN is created console config interface vlan 1 console config if ip igmp robustness 3 ip igmp query interval Use the ip igmp query interval Interface Configuration mode command to configure the Query interval Use the no format of the command to return to default IGMP Snooping Commands 531 Syntax ip igmp query interval seconds no ip igmp query interval Parameters seconds F requency in seconds at which IGMP query messages are sent on the interface Range 30 18000 Default 125 Command Mode Interface Configuration VLAN mode User Guidelines You can execute the command before the VLAN is created Example ip igmp query max response time Use the ip igmp query max response time Interface Configuration mode command to configure the Query Maximum Response time Use the no format
430. racter of your choice Then enter one or more lines of text terminating the message with the second occurrence of the delimiting character When a user connects to a device the message of the day MOTD banner appears first followed by the login banner and prompts After the user logs in to the device the EXEC banner is displayed Use tokens in the form of token in the message text to customize the banner The tokens are described in the table below Information displayed in the banner hostname Displays the host name for the device domain Displays the domain name for the device bold Indicates that the next text is a bold text Using this token again indicates the end of the bold text inverse Indicates that the next text is an inverse text Using this token again indicates the end of the inverse text contact Displays the system contact string 54 User Interface Commands location Displays the system location string mac Displays the base MAC address of the device address Use the no exec banner line configuration command to disable the EXEC banner on a particular line or lines Example The following example sets an EXEC banner that uses tokens The percent sign is used as a delimiting character Note that the token syntax is replaced by the corresponding configuration variable o Device config banner exec Enter TEXT message End with the character r
431. raps are used 2c SNMPv2 traps are used 3 SNMPv2 traps are used community string Password like community string sent with the notification operation Range 1 20 characters noauth Specifies no authentication of a packet auth Specifies authentication of a packet without encrypting it priv Specifies authentication of a packet with encryption udp port port UDP port of the host to use The default is 162 Range 1 65535 filter filtermame A string that is the name of the filter that defines the filter for this host If unspecified nothing is filtered The filter should be defined using the command snmp server filter no specific order of the command configurations is imposed on the user Range Up to 30 characters SNMP Commands 169 timeout seconds Number of seconds to wait for an acknowledgment before resending informs The default is 15 seconds The parameter is relevant only for informs Range 1 300 e retries retries Maximum number of times to resend an inform request when a response is not received for a generated message The default is 3 The parameter is relevant only for informs Range 0 255 Command Mode Global Configuration mode User Guidelines The logical key of the command is the pair ip address hostname traps informs version When configuring snmp v1 or v2 notifications recipient the software would automatically generate a notification view for that recipient for all the M
432. rate only if the port is authorized Example console config interface gigabitethernet 1 0 1 console config if lldp receive Iidp timer Use the lldp timer Global Configuration mode command to specify how often the software sends Link Layer Discovery Protocol LLDP updates Use the no form of this command to restore the default configuration Syntax lldp timer seconds no lldp timer Parameters seconds Specifies in seconds how often the software sends LLDP updates Range 5 32768 seconds LLDP Commands 425 Default Configuration The default update interval is 30 seconds Command Mode Global Configuration mode Example The following example sets the interval for sending LLDP updates to 60 seconds Console config lldp timer 60 dp hold multiplier Use the dp hold multiplier Global Configuration mode command to set the time interval during which the receiving device holds a Link Layer Discovery Protocol LLDP packet before discarding it Use the no form of this command to restore the default configuration Syntax dp hold multiplier number no lldp hold multiplier Parameters number Specifies the LLDP packet hold time interval as a multiple of the LLDP timer value Range 2use the no form of this command10 Default Configuration The default LLDP hold multiplier is 4 Command Mode Global Configuration mode User Guidelines The actual Time To Live TTL value of LLDP frames is expressed by the
433. ration VLAN mode User Guidelines e The VLAN type cannot be changed if there is a private VLAN port that is a member in the VLAN e The VLAN type cannot be changed if it is associated with other private VLANs e The VLAN type is not kept as a property of the VLAN when it is deleted private vlan association Use the private vlan association Interface VLAN Configuration mode command to configure the association between the primary VLAN and the secondary VLANs Use the no form of this command to remove the association Syntax ptivate vlan association add remove secondary vlan list no private vlan association Parameters e add Associates a secondary VLAN to a primary VLAN This is the default action VLAN Commands 513 e remove Clears the association between a secondary VLAN and a primary VLAN e secondary vlan list Specifies one or more secondary VLANs to be associated with a primary VLAN in a private VLAN Default Configuration No private VLANs are configured Command Mode Interface Configuration VLAN mode User Guidelines e The command can only be executed in the context of the primary VLAN e Private VLAN cannot be removed or change its type if it is associated with other private VLANs e Primary VLAN can be associated with only single isolated VLAN e A secondary VLAN can be associated with only one primary VLAN e The association of secondary VLANs with a primary VLAN cannot be remove
434. ration mode command to force the mechanism used to download a configuration file at the next system startup Use the no form of this command to restore the host configuration file to the default Syntax boot host dhcp no boot host dhcp Parameters This command has no arguments or key words Command Mode Global Configuration mode User Guidelines Configuring boot host dhep does not take effect until the next reboot 144 Auto Update and Auto Configuration boot host auto save Use the boot host auto save Global Configuration mode command to enable automatic saving Running in Startup after download Use the no form of this command restore default behavior Syntax boot host auto save no boot host auto save Parameters This command has no arguments or key words Command Mode Global Configuration mode Default Configuration Disable show boot Use the show boot Privilege EXEC mode command to show the status of the IP DHCP Auto Config process Syntax show boot Parameters This command has no keywords or arguments Command Mode Privilege EXEC mode Examples console show boot Auto Update and Auto Configuration 145 Auto Config Config Download via DHCP enable Next Boot Config Download via DHCP force Auto Config State Finished TFTP Server IP address 1 2 20 2 Configuration filename config configfilel cfg Auto Update Image Download via DHCP enabled console show boot Auto Config Con
435. rectly attached hosts e interfaces Specifies the maximum number of IP interfaces Default Configuration Hosts 200 Routes 64 IP Interfaces 32 Command Mode Global Configuration mode User Guidelines The settings are effective after reboot Example The following example configures the routing table maximum size Console system resources routing 20 23 5 show system resources routings The show system resources routings EXEC mode command displays system routing resources information Syntax show system resources routings Command Mode EXEC mode System ManagementCommands 95 Example The following example displays the system routing resources information Console gt show system resources routings Parameters Current value After reboot Value Hosts 100 100 Routes 32 32 IP Interfaces 32 32 show system tcam utilization The show system tcam utilization EXEC mode command displays the Ternary Content Addressable Memory TCAM utilization Syntax show system tcam utilization wit unit Parameters unit unit Specifies the unit number Range 1 8 Command Mode EXEC mode Example The following example displays TCAM utilization information Console gt show system tcam utilization System 75 Unit TCAM utilization 1 58 2 57 96 System Management Commands show system defaults Use the show system defaults command to display system defaults Syntax show system defaults se
436. regation Disabled Aggregation aging time 300 Sec 01 Jan 2010 05 29 46 SINIT I Startup Warm Startup 01 Jan 2010 05 29 02 SLINK I Up Vlan 1 01 Jan 2010 05 29 02 LINK I Up gil 0 48 01 Jan 2010 05 29 02 LINK I Up gil 0 47 01 Jan 2010 05 29 00 LINK W Down gil 0 48 show logging file Use the show logging file Privileged EXEC mode command to display the logging status and the syslog messages stored in the logging file 274 Syslog Commands Syntax show logging file Command Mode Privileged EXEC mode Example The following example displays the logging status and the syslog messages stored in the logging file Logging is enabled Console Logging Level info Console Messages 0 Dropped Buffer Logging Level info Buffer Messages 61 Logged 61 Displayed 200 Max File Logging Level error File Messages 898 Logged 64 Dropped 4 messages were not logged Application filtering control Application Event Status AAA Login Enabled File system Copy Enabled File system Delete Rename Enabled Management ACL Deny Enabled Aggregation Disabled Aggregation aging time 300 Sec Jan 2010 05 57 00 SSHD E ERROR SSH error key_read type mismatc encoding error Jan 2010 05 56 36 SSHD E ERROR SSH error key_read type mismatc encoding error 01 Jan 2010 05 55 37 SSHD E ERROR SSH error key_read type mismatc encoding error Syslog Commands 275 01 Jan 2010 05 55
437. rface use the ip http secure port Global Configuration mode command To use the default port use the no form of this command Syntax ip http secure port port number no ip http secure port Parameters port number Port number for use by the HTTPS server Range 0 65534 Default The default port number is 443 Command Mode Global Configuration mode 198 Web Server Commands Example console config ip http secure port 1234 ip https certificate The ip https certificate Global Configuration mode command configures the active certificate for HTTPS Use the no form of this command to restore the default configuration Syntax ip https certificate number no ip https certificate Parameters number Specifies the certificate number Range 1 2 Default Configuration The default certificate number is 1 Command Mode Global Configuration mode User Guidelines Use the crypto certificate generate command to generate a HTTPS certificate Example The following example configures the active certificate for HTTPS Console config ip https certificate 2 Web Server Commands 199 show ip http The show ip http EXEC mode command displays the HTTP server configuration Syntax show ip http Command Mode EXEC mode Example The following example displays the HTTP server configuration Console show ip http HTTP server enabled Port 80 Interactive timeout 10 minutes show ip https The show ip htt
438. rface range gil 0 1 20 description Use the description Interface Configuration Ethernet Port channel mode command to add a description to an interface Use the no form of this command to remove the description Syntax description string no description Parameters string Specifies a comment or a description of the port to assist the user Length 1 64 characters Default Configuration The interface does not have a description Command Mode Interface Configuration Ethernet Port channel mode Example The following example adds the description SW 3 to gigabitethernet port 1 0 5 Console config interface gigabitethernet 1 0 5 Console config if description SW 3 speed Use the speed Interface Configuration Ethernet Port channel mode command to configure the speed of a given Ethernet interface when not 330 Ethernet Configuration Commands using auto negotiation Use the no form of this command to restore the default configuration Syntax speed 70 100 1000 10000 no speed Parameters e 10 Forces10 Mbps operation e 100 Forces 100 Mbps operation e 1000 Forces 1000 Mbps operation e 10000 Forces 10000 Mbps operation Default Configuration The port operates at its maximum speed capability Command Mode Interface Configuration Ethernet Port channel mode User Guidelines The no speed command in a Port channel context returns each port in the Port channel to its maximum ca
439. rfaces configuration Use the show interfaces configuration EXEC mode command to display the configuration for all configured interfaces or for a specific interface Syntax show interfaces configuration interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Ethernet Configuration Commands 339 Command Mode EXEC mode Example The following example displays the configuration of all configured interfaces console show interfaces configuration Flow Admin Back Mdix Port Type Duplex Speed Neg control State Pressure Mode gil 0 1 1G Copper Full 10000 Disabled Off Up Disabled Off gil 0 2 1G Copper Full 1000 Disabled Off Up Disabled Off Flow Admin Ch Type Speed Neg Control State Pol Disabled Off Up show interfaces status Use the show interfaces status EXEC mode command to display the status of all configured interfaces or of a specific interface Syntax show interfaces status interface id detailed Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel detailed Displays information for non present ports in addition to present ports Command Mode EXEC mode 340 Ethernet Configuration Commands Example The following example displays the status of all configured interfaces console show interfaces status Flow Link Back Mdix Port Type
440. ries is 1 f automatic entries is 1 f expired entries is 1 f declined entries is 2 show ip dhcp allocated Use the show ip dhcp allocated EXEC mode command to display the specific one or all the allocated address on the Dynamic Host Configuration Protocol DHCP Server Syntax show ip dhcp allocated ip address Parameters ip address Specifies the IP address Command Mode EXEC mode Example The following example displays the DHCP Server allocated IP addresses Router gt show ip dhcp allocated DHCP server enabled 684 l DHCP Server Commands The number of allocated entries is 3 The number of static entries is 1 The number of dynamic entries is 1 The number of automatic entries is 1 IP address Hardware address Lease expiration Type 172 16 1 11 00a0 9802 32de Feb 01 1998 12 00 AM Dynamic 172 16 3 253 02c7 800 0422 Infinite Automatic 172 16 3 254 02c7 800 0422 Infinite Static Router gt show ip dhcp allocated 172 16 1 11 DHCP server enabled The number of allocated entries is 2 The number of static entries is 0 The number of dynamic entries is 2 IP address Hardware address Lease expiration Type 172 16 1 11 00a0 9802 32de Feb 01 1998 12 00 AM Dynamic Router gt show ip dhcp allocated 172 16 3 254 DHCP server enabled The number of allocated entries is 2 The number of static entries is 0 The number of dynamic entries is 2 IP address Hardware address Lease expiration Type 172 16 3 254 02c
441. rk respectively The device uses the configured priorities of the available Radius servers in order to select the Radius server If a new replaces an old supplicant even if the port state remains authorized the software sends a stop message for the old supplicant and a start message for the new supplicant In multiple sessions mode dot lx multiple hosts authentication the software sends start stop messages for each authenticated supplicant In multiple hosts mode dot1x multiple hosts the software sends start stop messages only for the supplicant that has been authenticated AAA Commands 233 The software does not send start stop messages if the port is force authorized The software does not send start stop messages for hosts that are sending traffic on the guest VLAN or on the unauthenticated VLANs The following table describes the supported Radius accounting Attributes Values and when they are sent by the switch Name Description User Name 1 Supplicant s identity NAS IP Address 4 The switch IP address that is used for the session with the Radius server NAS Port 5 The switch port from where the supplicant has logged in Class 25 Arbitrary value is included in all accounting packets for a specific session Called Station ID 30 The switch MAC address Calling Station ID 31 The supplicant MAC address Acct Sessi
442. rmation GVRP statistics rJE Join Empty rEmp Received TLE Empty Received SJE Leave Empty sEmp Received ISLE Join Empty Sent Empty Sent Leave Empty Sent Console show gvrp statistics PILNS CLIT rLA sdIn SLIN sLA Join In Received Leave In Received Leave All Received Join In Sent Leave In Sent Leave All Sent GVRP Commands 553 Port rJE rJIn rEmp rLIn rLE rLA sJE sJIn sEmp sLIn sLE sLA T ol Oo Oo Oo Ovo CO OO OO CO CO CH ES EN EN Ces EE GC EH E EI EE E O E SO Om OD CH CH ECH KEE E SS RER Ek SS oO OOo Cc CH CH EH 3 CO CO CO CO CO CO CO CH ET EE ET E ET E E Sooo EX EH oO oS oS Oo Sa SES St Oo oOo EH Oo a oOo 2 show gvrp error statistics Use the show gvrp error statistics EXEC mode command to display GVRP error statistics for all interfaces or for a specific interface Syntax show gvrp error statistics interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays GVRP error statistics console show gvrp error statistics GVRP Error Statistics Legend INVPROT Invalid Protocol Id INVATYP Invalid Attribute Type INVALEN Invalid Attribute Length INVAVAL Invalid Attribute Value INVEVENT Invalid Event 554 GVRP Commands Port INVPROT INVATYP INVAVAL INVALEN INVEVENT gil 0 1 0
443. rns on stream processing which enables a raw TCP stream with no Telnet control sequences A stream connection does not process Telnet options and can be appropriate for connections to ports running UNIX to UNIX Copy Program UUCP and other non Telnet protocols Ctrl shift 6 x Returns to the System Command Prompt Ports Table Keyword Description Port Number BGP Border Gateway Protocol 179 chargen Character generator 19 cmd Remote commands 514 daytime Daytime 13 discard Discard 9 domain Domain Name Service 53 echo Echo 7 exec Exec finger Finger 79 ftp File Transfer Protocol 21 ftp data FTP data connections 20 gopher Gopher 70 hostname NIC hostname server ident Ident Protocol irc Internet Relay Chat klogin Kerberos login kshell Kerberos shell login Login Ipd Printer service nntp Network News Transport Protocol 80 System Management Commands Keyword Description Port Number pim auto rp PIM Auto RP 496 pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 110 smtp Simple Mail Transport Protocol 25 sunrpc Sun Remote Procedure Call 111 syslog Syslog tacacs TAC Access Control System 49 talk Talk telnet Telnet 23 time Time 37 uucp Unix to Unix Copy Program whois Nickname 43 www World Wide Web 80 Example The following example displays logging in to IP address
444. rver Console config ip telnet server Telnet SSH and Slogin Commands 203 ip ssh port The ip ssh port Global Configuration mode command specifies the port used by the SSH server Use the no form of this command to restore the default configuration Syntax ip ssh port port number no ip ssh port Parameters port number Specifies the port number to be used by the SSH server Range 1 65535 Default Configuration The default port number is 22 Command Mode Global Configuration mode Example The following example specifies that port number 8080 is used by the SSH SeIvel Console config ip ssh port 8080 ip ssh server The ip ssh server Global Configuration mode command enables the device to be configured from an SSH server Use the no form of this command to disable the device configuration from a SSH server Syntax ip ssh server no ip ssh server 204 Telnet SSH and Slogin Commands Default Configuration Device configuration from an SSH server is enabled Command Mode Global Configuration mode User Guidelines If encryption keys are not generated the SSH server is in standby until the keys are generated To generate SSH server keys use the crypto key generate dsa and crypto key generate rsa Global Configuration mode commands Example The following example enables configuring the device from a SSH server Console config ip ssh server ip ssh pubkey auth The ip ssh pubkey auth
445. rver key key string no radius server key RADIUS Commands 251 Parameters key string Specifies the authentication and encryption key for all RADIUS communications between the device and the RADIUS server This key must match the encryption used on the RADIUS daemon Range 0 128 characters Default Configuration The key string is an empty string Command Mode Global Configuration mode Example The following example defines the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon Console config radius server key enterprise server radius server retransmit Use the radius server retransmit Global Configuration mode command to specify the number of times the software searches the list of RADIUS server hosts Use the no form of this command to restore the default configuration Syntax radius server retransmit retries no radius server retransmit Parameters retries Specifies the retransmit value Range 1 10 Default Configuration The software searches the list of RADIUS server hosts 3 times Command Mode Global Configuration mode 252 RADIUS Commands Example The following example configures the number of times the software searches all RADIUS server hosts as 5 console config radius server retransmit 5 radius server source ip Use the radius server source ip Global Configuration mode command to specify the source IP address used for
446. s FWD FWD FWD FWD Role Root Desg Desg Desg Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Forward Delay 15 sec PortFast Type No No No No Spanning Tree Commands P2p Bound RSTP Shared Bound STP P2p P2p 485 MST 1 Vlans Mapped 10 20 Root ID Priority 24576 Address 00 02 4b 29 89 76 Path 20000 Cost gil 0 4 Root 19 Port Rem hops Bridge ID Priority 32768 Address 00 02 4b 29 7a 00 Interfaces Name State Prio Nbr Cost Sts Role gil 0 1 Enabled 128 1 20000 FWD Boun gil 0 2 Enabled 128 2 20000 FWD Boun gil 0 3 Enabled 128 3 20000 BLK Altn gil 0 4 Enabled 128 4 20000 FWD Root Console show spanning tree detail Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST Root ID Priority 32768 Address 00 01 42 97 e0 00 Path 20000 Cost gil 0 1 Root Port 486 PortFast No No No No P2p Bound RSTP Shared Bound STP P2p P2p Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Spanning Tree Commands IST Master ID Priority 32768 Address 00 02 4b 29 7a 00 This switch is the IST master Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Number of topology changes 2 last change occurred 2d18h ago Times hold 1 topology change 35 notification 2 hello 2 max age 20 forward delay 15 Port 1 gil 0 1 enabled State Forwarding Role Root Port id 128 1 Port cost 20000 Type P2p configured
447. s the outgoing interface name must be specified Refer to the User Guidelines for the interface name syntax hostname Hostname to ping 160 characters Maximum label size 63 packet_size Number of bytes in the packet not including the VLAN tag The default is 64 bytes IPv4 64 1518 Pv6 68 1518 packet_count Number of packets to send from 1 to 65535 packets The default is 4 packets If 0 is entered it pings until stopped 0 65535 time out Timeout in milliseconds to wait for each reply from 50 to 65535 milliseconds The default is 2000 milliseconds 50 65535 System Management Commande 71 Command Mode EXEC mode User Guidelines Press Esc to stop pinging Following are sample results of the ping command e Destination does not respond If the host does not respond a no answer from host appears within 10 seconds e Destination unreachable The gateway for this destination indicates that the destination is unreachable e Network or host unreachable The switch found no corresponding entry in the route table The format of an IPv6Z address is lt spv6 link local address gt lt intertace name gt e interface name vlan lt integer gt ch lt integer gt isatap lt integer gt lt physical port name gt 0 e integer lt decimal number gt lt integer gt lt decimal number gt e decimal number 0 2 3 4 5 6 7 8 9 e physical port name Designated port number for example gil 0
448. s The IP address can be IPv4 address or Pv6 address When the Pv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the User Guidelines for the interface name syntax Default Configuration No name server IP addresses are defined Command Mode Global Configuration mode User Guidelines The preference of the servers is determined by the order in which they were entered Up to 8 servers can be defined using one command or using multiple commands The format of an IPv6Z address is lt ipv6 link local address gt lt interface name gt interface name vlan lt integer gt ch lt integer gt isatap lt integer gt lt physical port name gt 0 integer lt decimal number gt lt integer gt lt decimal number gt decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example 1 0 16 If the egress interface is not specified the default interface is selected Specifying interface zone 0 is equal to not defining an egress interface 618 IP Addressing Commands Example The following example defines the available name server Console config ip name server 176 16 1 18 ip host Use the ip host Global Configuration mode command to define the static host name to address mapping in the host cache Use the no form of this command to remove the static host name to address mapping Syntax ip host name address address2 address3
449. s a whole The Global Configuration mode command vlan database is used to enter the VLAN Database Interface Configuration mode Management Access List Contains commands to define management access lists The Global Configuration mode command management access list is used to enter the Management Access List Configuration mode Port Channel Contains commands to configure port channels for example assigning ports to a VLAN or port channel The G oba Configuration mode command interface port channel is used to enter the Port Channel Interface Configuration mode SSH Public Key Chain Contains commands to manually specify other device SSH public keys The Global Configuration mode command crypto key pubkey chain ssh is used to enter the SSH Public Key chain Configuration mode Interface Contains commands that configure the interface The Global Configuration mode command interface is used to enter the nterface Configuration mode Starting the CLI The switch can be managed over a direct connection to the switch console port or via a Telnet connection The switch is managed by entering command keywords and parameters at the prompt Using the switch CLI commands is similar to entering commands on a UNIX system If access is via a Telnet connection ensure the device has an IP address defined corresponding management access is granted and the workstation used to access the device is connected to the device prior to using CL
450. s are specified the global values apply to each host Example The following example specifies a TACACS host Console config tacacs server host 172 16 1 1 tacacs server key Use the tacacs server key Global Configuration mode command to ses the authentication encryption key used for all TACACS communications between the device and the TACACS daemon Use the no form of this command to disable the key Syntax tacacs server key key string no tacacs server key 260 TACACS Commands Parameters key string Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the encryption used on the TACACS daemon Length 0 128 characters Default Configuration The default key is an empty string Command Mode Global Configuration mode Example The following example sets Enterprise as the authentication encryption key for all TACACS servers Console config tacaes server key enterprise tacacs server timeout Use the tacacs server timeout Global Configuration mode command to set the interval during which the device waits for a TACACS server to reply Use the no form of this command to restore the default configuration Syntax tacacs server timeout timeout no tacacs server timeout Parameters timeout Specifies the timeout value in seconds Range 1 30 Default Configuration The default timeout value is 5 seconds Com
451. s command is used the interface is reconfigured with the standard link local address the same Pv6 link local address that is set automatically when the enable ipv6 command is used The system automatically generates a link local address for an interface when IPv6 processing is enabled on the interface To manually specify a link local address to be used by an interface use the ipv6 link local address command The system supports only 64 bits prefix length for link local addresses Example console config interface vlan 1 console config if ipv6 address fe80 123 64 link local ipv6 unreachables Use the ipv6 unreachables Interface Configuration mode command to enable the generation of Internet Control Message Protocol for IPv6 ICMPv6 unreachable messages for any packets arriving on a specified interface Use the no form of this command To prevent the generation of unreachable messages Syntax ipv6 unreachables no ipv6 unreachables Parameters This command has no arguments or keywords Default Configuration ICMP unreachable messages are sent by default Command Mode Interface Configuration Ethernet VLAN Port channel mode IPv6 Addressing Commands 629 User Guidelines When ICMP unreachable messages are enabled when receiving a packet addressed to one of the interface s IP address with TCP UDP port not assigned the device sends ICMP unreachable messages Use the no ipv6 unreachables command to disable sending
452. s in an MST region before the BDPU is discarded Range 1 40 Default Configuration The default number of hops is 20 Command Mode Global Configuration mode Example The following example configures the maximum number of hops that a packet travels in an MST region before it is discarded to 10 Console config spanning tree mst max hops 10 spanning tree mst port priority Use the spanning tree mst port priority Interface Configuration Ethernet port channel mode command to configure the priority of a port Use the no form of this command to restore the default configuration Syntax spanning tree mst instance id port priority priority no spanning tree mst nstance id port priority Parameters e instance id Specifies the spanning tree instance ID Range 1 15 e priority Specifies the port priority Range 0 240 in multiples of 16 Default Configuration The default port priority for IEEE Spanning Tree Protocol STP is 128 Spanning Tree Commands 469 Command Mode Interface Configuration Ethernet port channel mode User Guidelines The priority value must be a multiple of 16 Example The following example configures the port priority of port gil 0 1 to 144 Console config interface gigabitethernet 1 0 1 Console config if spanning tree mst 1 port priority 144 spanning tree mst cost Use the spanning tree mst cost Interface Configuration Ethernet Port channel mode command to configure the
453. s map policed dscp Global Configuration mode command to configure the policed DSCP map for remarking purposes Use the no form of this command to restore the default configuration Syntax qos map policed dscp dscp list to dscp mark down no qos map policed dscp dscp s Quality of Service QoS Commands 749 Parameters e dscp list Specifies up to 8 DSCP values separated by spaces Range 0 63 e dscp mark down Specifies the DSCP value to mark down Range 0 63 Default Configuration The default map is the Null map which means that each incoming DSCP value is mapped to the same DSCP value Command Mode Global Configuration mode Example The following example marks incoming DSCP value 3 as DSCP value 43 on the policed DSCP map Console config qos map policed dscp 3 to 43 Reserved DSCP DSCP 3 was not configured qos map dscp queue Use the qos map dscp queue Global Configuration mode command to configure the DSCP to CoS map Use the no form of this command to restore the default configuration Syntax qos map dscp queue dscp ist to queue id no qos map dscp queue dscp is Parameters e dscp list Specifies up to 8 DSCP values separated by spaces Range 0 63 e queue id Specities the queue number to which the DSCP values are mapped 750 Quality of Service QoS Commands Default Configuration The default map for 8 queues is as follows DSCP 0 7 8 15 16 23 24 31
454. s recorded Octets The total number of octets of data including those in bad packets and excluding framing bits but including FCS octets received on the network Packets The number of packets including bad packets received during this sampling interval Broadcast The number of good packets received during this sampling interval that were directed to the broadcast address Multicast The number of good packets received during this sampling interval that were directed to a multicast address This number does not include packets addressed to the broadcast address Utilization The best estimate of the mean physical layer network utilization on this interface during this sampling interval in hundredths of a percent CRC Align The number of packets received during this sampling interval that had a length excluding framing bits but including FCS octets between 64 and 1518 octets inclusive but had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Undersize The number of packets received during this sampling interval that were less than 64 octets long excluding framing bits but including FCS octets and were otherwise well formed RMON Commands 283 Field Description Oversize The number of packets received during this sampling interval that were longer than 1518 octets excluding framing bits but
455. s strength minimum character classes 3 passwords strength minimum character classes Use the passwords strength minimum character classes Global Configuration mode command to configure the minimal classes required for passwords in the local database Use the no form to remove the requirement Syntax passwords strength minimum character classes number no passwords strength minimum character classes Parameters number The minimal length required for passwords Range 0 4 Default 0 AAA Commands 237 Command Mode Global Configuration mode User Guidelines The setting is relevant to local users passwords line passwords and enable passwords The software checks the minimum length requirement when you define a password in an unencrypted format The classes are upper case letters lower case letters numbers and special characters passwords strength max limit repeated characters Use the passwords strength max limit repeated characters Global Configuration mode command to configure the maximum number of characters in the new password that can be repeated consecutively Use the no form to remove the requirement Syntax passwords strength max limit repeated characters number no passwords strength max limit repeated characters Parameters number The maximum number of characters in the new password that can be repeated consecutively Range 1 16 Default Command Mode Global Configuration mode 238
456. s to apply the remaining commands to the interface Use the parameter value keywords to designate values specific to the switch when creating a macro that requires the assignment of unique value Keyword matching is case sensitive All matching occurrences of the keyword are replaced with the corresponding value Any full match of a keyword even if it is part of a large string is considered a match and replaced by the corresponding value Some macros might contain keywords that require a parameter value You can use the macro global apply macro name command to display a list of any required values in the macro If you apply a macro without entering the keyword values the commands are considered invalid and are not applied When you apply a macro to the switch the macro name is automatically added to the switch You can display the applied commands and macro names by using the show running configuration interface user EXEC mode command macro global description Use the macro global description Global Configuration command to enter a description about which macros are applied to the switch Use the no form of this command to remove the description Syntax macro global description text no macro global description Parameters text Description text The text can contain up to 160 characters Macro Commands 69 Default Configuration The command has no default setting Command Mode Global Configuration mode User Guideli
457. s used internally by the device Syntax show vlan internal usage Command Mode Privileged EXEC mode 520 VLAN Commands Example The following example displays VLANs used internally by the device Console show vlan internal usage VLAN Usage IP address Reserved 1007 Eth 1 21 Active No 1008 BER Inactive Yes Eth 1 2 1009 tie Active Yes show interfaces switchport Use the show interfaces switchport Privileged EXEC command to display the administrative and operational status of all interfaces or a specific interface Syntax show interfaces switchport interface id Parameters Interface id Specifies an interface ID The interface ID can be one of the following types Ehernet port or Port channel Example console show interfaces switchport gi2 0 1 Gathering information Name gil 0 1 Switchport enable Administrative Mode access Operational Mode down Access Mode VLAN 1 Access Multicast TV VLAN none VLAN Commands 521 Trunking Native Mode VLAN 1 Trunking VLANs Enabled 1 2 4094 Inactive General PVID 1 General VLANs Enabled none General Egress Tagged VLANs Enabled none General Forbidden VLANs none General Ingress Filtering enabled General Acceptable Frame Type all General GVRP status disabled General GVRP VLANs none Customer Mode VLAN none Private vlan promiscuous association primary VLAN none Private vlan promiscuous association Secondary VLANs Enabled
458. se the no form of this command to remove servers from the list Syntax ip dhcp relay address ip address no ip dhcp relay address ip address Parameters ip address Specifies the DHCP server IP address Up to 8 servers can be defined Default Configuration No server is defined 652 DHCP Relay Commands Command Mode Global Configuration mode Example The following example defines the DHCP server on the device Console config ip dhcp relay address 176 16 1 1 ip dhcp relay address Interface Use the ip dhep relay address Interface Configuration VLAN Ethernet Port channel command to define the DHCP servers available by the DHCP relay for DHCP clients connected to the interface Use the no form of this command to remove the server from the list Syntax ip dhcp relay address ip address no ip dhcp relay address ip address Parameters ip address Specifies the DHCP server IP address Up to 8 servers can be defined Default Configuration No server is defined Command Mode Interface Configuration VLAN Ethernet Port channel mode User Guidelines Use the ip dhcp relay address command to define a DHCP Server IP address per the interface To define a few DHCP Servers use the command a few times To remove a DHCP Server use the no form of the command with the ip address argument The no form of the command without the ip address argument deletes all DHCP servers defined per the interface DHCP R
459. se update freq seconds no ip dhcp snooping database update freq Parameters seconds Specifies the update frequency in seconds Range 600 86400 Default Configuration The default update frequency value is 1200 seconds Command Mode Global Configuration mode Example The following example sets the DHCP Snooping binding database file update frequency to hour Console config ip dhcp snooping database update freq 3600 ip dhcp snooping binding Use the ip dhcp snooping binding Privileged EXEC mode command to configure the DHCP Snooping binding database and add binding entries to the database Use the no form of this command to delete entries from the binding database Syntax ip dhcp snooping binding mac address vlan id 1p address interface id expiry seconds infinite 572 DHCP Snooping and ARP Inspection Commands no Ip dhcp snooping binding mac address vlan id Parameters e mac address pecifies a MAC address vlan id Specifies a VLAN number ip address Specifies an IP address e interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel e expiry seconds Specifies the time interval in seconds after which the binding entry is no longer valid Range 10 4294967295 e expiry infinite Specifies infinite lease time Default Configuration No static binding exists Command Mode Privileged EXEC mode User Guidelines After
460. sent on an interface Use the default parameter to restore the default MTU size IPv6 Addressing Commands 637 Syntax ipv6 set mtu interface id bytes default Parameters e interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel e bytes Specifies the MTU in bytes e default Sets the default MTU size 1500 bytes Minimum is 1280 bytes Default Configuration 1500 bytes Command Mode Privileged EXEC mode User Guidelines This command is intended for debugging and testing purposes and should be used only by technical support personnel Example console ipv6 set mtu gil 0 1 default ipv6 mid version Use the ipv6 mld version Interface Configuration mode command to change the version of the Multicast Listener Discovery Protocol MLD Use the no form of this command to change to the default version Syntax ipv6 mld version 2 no ipv6 mld version Parameters 1 Specifies MLD version 1 2 Specifies MLD version 2 638 IPv6 Addressing Commands Default Configuration MLD version 1 Command Mode Interface Configuration Ethernet VLAN Port channel mode console config interface vlan 1 console config if ipv6 mld version 2 ipv6 mid join group Use the ipv6 mld join group Interface Configuration mode command to configure Multicast Listener Discovery MLD reporting for a specified group Use the no form of this command to
461. sions to remote hosts opened by other Telnet sessions to the local device 90 System Management Commands Example The following example displays open Telnet sessions Console show sessions Connection Host Address Port Byte 1 Remote router EIZ ke 23 89 2 LIZ e De TT AZ ER 8 The following table describes significant fields shown above Field Description Connection The connection number Host The remote host to which the device is connected through a Telnet session Address The remote host IP address Port The Telnet TCP port number Byte The number of unread bytes for the user to see on the connection show system The show system EXEC mode command displays system information Syntax show system unit ong Parameters unit unit Specifies the unit number Range 1 8 Command Mode EXEC mode System Management Commande 91 Example The following example displays the system information console show system Unit Type PowerConnect 5524 PowerConnect 5524 PowerConnect 5524 PowerConnect 5524 PowerConnect 5524 PowerConnect 5524 PowerConnect 5524 o A o Ui e WHY FB PowerConnect 5524 Unit Main Power Supply Redundant Power Supply OK OK OK OK OK OK OK OK NOT OPERATIONAL Unit Fans Status o A DO e W NY FB OK OK OK OK IDLE OK OK FAILURE OY o oO e UNB 92 System Management Commands Unit Celsius Temper Status ature Sensor
462. snooping Syntax show ip igmp snooping groups vlan vlan id address 1p multicast address source 1p address Parameters vlan vlan id Specifies the VLAN ID address ip multicast address Specities the IP multicast address source ip address Specifies the IP source address Command Mode EXEC mode IGMP Snooping Commands 537 User Guidelines To see the full multicast address table including static addresses use the show bridge multicast address table command The Include list contains the ports which are in forwarding state for this group according to the snooping database In general the Exclude list contains the ports that have issued an explicit Exclude for that specific source in a multicast group The Reporters That Are Forbidden Statically list contains the list of ports which have asked to receive a multicast flow but were defined as forbidden for that multicast group in multicast bridge Note under certain circumstances the Exclude list may not contain accurate information For example in the case when two Exclude reports were received on the same port for the same group but for different sources the port will not be in the Exclude list but rather in the Include list Example The following example shows the output for IGMP version 2 Console show ip igmp snooping groups Vian IP Querier Ports Address S 5o t l Rn 1 23162422 Yes gil 0 1 1 23762423 No gil 0 2 19 231 2 2 4 Yes gil 0 9 show ip i
463. sole config interface gigabitethernet 1 0 1 Console config if port monitor 1 8 show ports monitor Use the show ports monitor EXEC mode command to display the port monitoring status Syntax show ports monitor Command Mode EXEC mode Example The following example displays the port monitoring status Console show ports monitor Source port Destination Port Type Status gil 0 8 gil 0 1 RX TX Active Port Monitor Commands 415 gil 0 2 gil 0 1 RX TX Active gil 0 18 gil 0 1 Rx Active gil 0 416 Port Monitor Commands sFlow Commands sflow receiver Use the sflow receiver Global Configuration mode command to define sFlow collector Use the no form of this command to remove the definition of the collector Syntax sflow receiver index ipvt address ipv6 address hostname port port max datagram size bytes no sflow receiver index Parameters index The index of the receiver Range 1 8 ipv address Pv 4 address of the host to be used as an sFlow Collector ipv6 address IPv6 address of the host to be used as an sFlow Collector When the IPv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the User Guidelines for the interface name syntax hostname Hostname of the host to be used as an sFlow Collector Only translation to Pv addresses is supported port Port number for syslog messages If unspecified the port number
464. solicitation refresh messages that the device sends Range 1 20 Default Configuration The default number of DNS query router solicitation refresh messages that the device sends is 3 648 Tunnel Commands Command Mode Global Configuration mode User Guidelines The DNS query interval after the ISATAP router IP address is known is the Time lIo Live TTL that is received from the DNS divided by Robustness 1 The router solicitation interval when there is an active ISATAP router is the minimum router lifetime that is received from the ISATAP router divided by Robustness 1 Example The following example sets the number of DNS query router solicitation refresh messages that the device sends to 5 Console config tunnel isatap robustness D show ipv6 tunnel Use the show ipv6 tunnel EXEC mode command to display information on the ISATAP tunnel Syntax show ipv6 tunnel Command Mode EXEC mode Example The following example displays information on the ISATAP tunnel Console gt show ipv6 tunnel Tunnel 1 Tunnel status DOWN Tunnel Commands 649 Tunnel Tunnel Tunnel Router Router protocol Local address type Local Ipv4 address DNS name IPv4 address DNS Query interval Min DNS Query interval Router Solicitation interval Min Router Solicitation interval Robustness 650 Tunnel Commands NONE auto 0 0 0 0 ISATAP 0 0 0 0 300 seconds 0 seconds 10 seconds 0
465. ss The management station IP Address Trap Rec Address The targeted recipient Trap Rec Community The statistics sent with the notification operation Version The SNMP version 1 or 2 for the sent trap show snmp enginelD Use the show snmp engineID Privileged EXEC mode command to display the local Simple Network Management Protocol SNMP engine ID Syntax show snmp engineID Command Mode Privileged EXEC mode Example The following example displays the SNMP engine ID Console show snmp engineID Local SNMP engineID 08009009020C0B099C075878 Editor If snmp server engineID remote command is supported add the following line P address Remote SNMP engineID 72 16 1 1 08009009020C0B099C075879 178 SNMP Commands show snmp views Use the show snmp views Privileged EXEC mode command to display the configured SNMP views Syntax show snmp views viewname Parameters viewname Specifies the view name Length 1 30 characters Command Mode Privileged EXEC mode Example The following example displays the configured SNMP views Console show snmp views Name OID Tree Type Default iso Included Default snmpNotificationMIB Excluded show snmp groups Use the show snmp groups Privileged EXEC mode command to display the configured SNMP groups Syntax show snmp groups groupname Parameters groupname Specifies the group name Length 1 30 characters SNMP Commands 179 Command
466. ss class3 police 124000 96000 exceed action policed dscp transmit 730 Quality of Service QoS Commands trust Use the trust Policy map Class Configuration mode command to configure the trust state which selects the value that QoS uses as the source of the internal DSCP value Use the no form of this command to return to the default trust state Syntax trust cos dscp no trust Parameters cos dscp Specifies that if the packet is IP then QoS acts as for dscp otherwise QoS acts as for cos Default Configuration The default state is untrusted If the trust command is specified with no parameters the default mode is dscp Command Mode Policy map Class Configuration mode User Guidelines Use this command to distinguish the Quality of Service QoS trust behavior for certain traffic from others For example incoming traffic with certain DSCP values can be trusted A class map can be configured to match and trust the DSCP values in the incoming traffic Trust values set with this command supersede trust values set on specific interfaces with the qos trust Interface Configuration mode command The trust command and the set Policy map Class Configuration mode command are mutually exclusive within the same policy map Policy maps that contain set or trust Policy map Class Configuration mode commands cannot be attached or that have Access Control List ACL classification to an egress interface by using the service policy
467. ssage logging time interval to 60 seconds Console config ip arp inspection logging interval 60 show ip arp inspection Use the show ip arp inspection EXEC mode command to display the ARP inspection configuration for all interfaces or for a specific interface Syntax show ip arp inspection 7nterface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays the ARP inspection configuration console show ip arp inspection IP ARP inspection is Enabled IP ARP inspection is configured on following VLANs 1 Verification of packet header is Enabled IP ARP inspection logging interval is 222 seconds Interface Trusted gil 0 1 Yes gil 0 2 Yes DHCP Snooping and ARP Inspection Commands 583 show ip arp inspection list Use the show ip arp inspection list Privileged EXEC mode command to display the static ARP binding list Syntax show ip arp inspection list Command Mode Privileged EXEC mode Example The following example displays the static ARP binding list Console show ip arp inspection list List name servers Assigned to VLANs 1 2 IP ARP L Ted 0060 704C 7322 1724 RE 0060 704C 7322 show ip arp inspection statistics Use the show ip arp inspection statistics EXEC command to display Statistics For The Following Types Of Packets That Have Been Processed By
468. st instance 1 vlan 10 20 name MST Use the name MST Configuration mode command to define the MST configuration name Use the no form of this command to restore the default setting Syntax name string no name Parameters string Specifies the MST configuration name Length 1 32 characters Default Configuration The default name is the bridge address Command Mode MST Configuration mode Example The following example defines the configuration name as Region Console config spanning tree mst configuration Console config mst name regionl revision MST Use the revision MST Configuration mode command to define the MST configuration revision number Use the no form of this command to restore the default configuration Syntax revision value no revision Spanning Tree Commands 473 Parameters value Specifies the MST configuration revision number Range 0 65535 Default Configuration The default configuration revision number is 0 Command Mode MST Configuration mode Example The following example sets the configuration revision to 1 Console config spanning tree mst configuration Console config mst revision 1 show MST Use the show MST Configuration mode command to displays the current or pending MST region configuration Syntax show current pending Parameters e current Displays the current MST region configuration e pending Displays the pending MST regio
469. st start repeat count Use the dp med fast start repeat count Global Configuration mode command to configure the number of times the fast start LLDPDU is being sent during the activation of the fast start mechanism defined by LLDP MED Use the no form of this command return to default Syntax Ildp med fast start repeat count number no lldp med fast start repeat count Parameters number Specifies the number of times the fast start LLDPDU is being sent during the activation of the fast start mechanism Default 3 Command Mode Global Configuration mode Example console config lldp med fast start repeat count 4 Ildp med network policy global Use the dp med network policy Global Configuration mode command to define LLDP MED network policy Use the no form of this command to remove LLDP MED network policy Syntax Ildp med network policy number application vlan id vlan type tagged untagged up priority dscp value no Ildp med network policy number LLDP Commands 435 Parameters e number Network policy sequential number e application The name or the number of the primary function of the application defined for this network policy Available application names are voice voice signaling guest voice guest voice signaling softphone voice video conferencing streaming video video signaling vlan id VLAN identifier for the application e vlan type Specities if the application is using a Tagg
470. t Pv ACLs implicitly allow ARP packets to be sent and received on an interface Example 702 Switch config ipv6 access list acll Switch config ipv6 acl permit tcp 2001 0DB8 0300 0201 64 any any 80 permit IPv6 Use the permit command in IPv6 Access list Configuration mode to set permit conditions for IPv6 access list Syntax permit protocol any source prefix length any destination pretix length dscp number precedence number time range time range Dame permit zemp any source prefix length any destination pretix length fany icmp type any icmp code dscp number precedence number time range time range name permit tcp any source pretix length any source port port range Hany destination pretix length any destination port port range dscp number d precedence number match all list of flags time range time range name permit udp any source prefix length any source port port range Hany destination pretix length any destination port port range dscp number precedence number time range time range name Parameters e protocol The name or the number of an IP protocol Available protocol names are icmp 58 tcp 6 and udp 17 To match any protocol use the ipv6 keyword Range 0 255 e source prefix length The source Pv6 network or class of networks about which to set permit conditions This argument must be in the form do
471. tax aaa logging login no aaa logging doe Parameters login Enables logging messages related to successful AAA login events unsuccessful AAA login events and other AAA login related events Default Configuration Logging of AAA login events is enabled Command Mode Global Configuration mode User Guidelines This command enables logging messages related to successful login events unsuccessful login events and other login related events Other types of AAA events are not subject to this command Syslog Commands 271 Example The following example enables logging messages related to AAA login events Console config aaa logging login file system logging Use the file system logging Global Configuration mode command to enable the logging of file system events Use the no form of this command to disable logging file system events Syntax file system logging copy delete rename no file system logging copy delete rename Parameters copy Specifies logging messages related to file copy operations e delete rename Specities logging messages related to file deletion and renaming operations Default Configuration Logging file system events is enabled Command Mode Global Configuration mode Example The following example enables logging messages related to file copy operations Console config file system logging copy 272 Syslog Commands management logging Use the management logging Glo
472. tchport customer vlan Parameters vlan id Specifies the customer VLAN ID Default Configuration No VLAN is configured Command Mode Interface Configuration Ethernet Port channel mode Example The following example defines gigabitethernet port 1 0 5 as a member of customer VLAN 5 Console config interface gigabitethernet 1 0 5 Console config if switchport mode custmer Console config if switchport customer vlan isolated D switchport general forbidden vian Use the switchport general forbidden vlan Interface Configuration Ethernet Port channel mode command to forbid adding or removing specific VLANs to or from a port Use the no form of this command to restore the default configuration VLAN Commands 509 Syntax switchport general forbidden vlan add vlan list remove vlan list no switchport general forbidden vlan add vian list remove vlan list Parameters e add vlan list Specifies a list of VLAN IDs to add Separate nonconsecutive VLAN IDs with a comma and no spaces Use a hyphen to designate a range of IDs e remove vlan list Specifies a list of VLAN IDs to remove Separate nonconsecutive VLAN IDs with a comma and no spaces Use a hyphen designate a range of IDs Default Configuration All VLANs are allowed Command Mode Interface Configuration Ethernet Port channel mode Example The following example forbids adding VLAN IDs 234 to 256 to gigabitethernet port 1 0 7 Console config
473. ted and so on default CoS value DSCP to DSCP map if any attached to the port and policy map if any attached to the interface are displayed If a specific interface is not specified the information for all interfaces is displayed Example This is an example of the output from the show qos interface buffers command for 8 queues Console gt show qos interface buffers gil 0 1 gil 0 1 Notify Q depth buffers gi2 0 1 Ethernet gi2 0 1 qid threshO threshl thresh2 d 100 00 80 2 100 00 80 3 100 00 80 4 100 00 80 5 100 00 80 6 100 00 80 7 100 00 80 8 100 00 80 746 Quality of Service QoS Commands This is an example of the output from the show qos interface shapers command for 8 queues Console gt show qos interface shapers gil 0 1 gigabitethernet 1 0 1 Port shaper enable Committed rate 192000 bps Committed burst 9600 bytes Target Target QID Status Committed Committed Rate bps Burst bytes 1 Enable 100000 17000 2 Disable A N A S Enable 200000 19000 E Disable A N A Disable ID N A i Disable ID N A 8 Enable 178000 8000 Enable 23000 1000 Quality of Service QoS Commands 747 This is an example of the output from the show qos interface policer command Console gt show qos interface policer gil 0 1 Ethernet gil 0 1 Class map A Policer type aggregate Commited rate 192000 bps Commited burst 9600 bytes Exceed action policed dscp transmit Class map B P
474. ter macro description duplex duplex DUPLEX speed SSPEED macro keywords DUPLEX SPEED The following example shows how to apply the macros to an interface Switch config if macro apply duplex SDUPLEX full SPEED auto Switch config if macro apply duplex WORDkeyword to replace with value e g S DUPLEX SSPEED lt cr gt 64 Macro Commands Switch config if macro apply duplex SDUPLEX WORDValue of the first keyword to replace lt cr gt Switch config if macro apply duplex DUPLEX full SSPEED WORDValue of the second keyword to replace macro apply Use the macro apply interface configuration command to apply a macro to an interface or to apply and trace a macro configuration on an interface Syntax macro apply trace macro name parameter value parameter value parameter value Parameters e apply Apply a macro to the specific interface e trace Apply and trace a macro to the specific interface e macro name Specify the name of the macro e parameter Optional Specify unique parameter values that are specific to the interface You can enter up to three keyword value pairs Parameter keyword matching is case sensitive All matching occurrences of the keyword are replaced with the corresponding value Default Configuration The command has no default setting Command Mode Interface Configuration mode User Guidelines You can use the macro trace macro name Interface
475. tes localKeyID 0C 75 81 77 5A 31 53 D1 FF 4E 26 BE 8D 4A FD 8B 22 9F 45 D4 subject C us ST L CN O OU issuer C us ST L CN O OU MIIB DCCASYCAQAWDOY JKoZ IhvcNAQEEBOQAwWS TELMAkGA1UEBhMCdXMxC JAIBgNV 190 RSA and Certificate Commands BAgTASAxC jAIBgNVBACTASAxC jAIBGNVBAMTASAXC jAIBgNVBAoTASAxC jAIBGNV BAs TASAWHhcNMDQwWM jJA3MTULNDO4WhcNMDUWM jJA2MTULNDO4W jBIMOswCOYDVOOG EwJ1czEKMAgGA1UECBMBIDEKMAgGA1UEBxMBIDEKMAgGA1UEAxMBIDEKMAgGA1UE ChMBIDEKMAgGA1UECxMBIDBcMA0GCSgGS Ib3DQEBAQUAA0 sAMEgCQQCZXP tk3e jrulfZw8q8T2oS5ymrEIes sRJE8uahTBJqKul VHGRYJR3VYa 03HSJ741w5MzPI iuWZzrbbuXAxAgMBAAEwDOQYJKoZ IhvcNAQEEBOADQOBO GTLeEN1p1kARxI4C1f TU efig3ff Z t jW5qlt1lr5F6zNv GuxXWw7rGzmRyoMXxDcYp1TaA4gAIFQOCpFGqiSbAx Bag Attributes ey Attributes lt No Attributes gt Proc Type 4 ENCRYPTED DEK Info DES EDE3 CBC 085DCBF3A41D2669 dac0m94jqEp1DM50sIDb8Jq1 jxW 1P0kqSxuMhc250dBE 1 PBg9VSVVIARaYt16W bX67UyJ8t 7HHF 3Aow jcWzZE1O05GJUgSQ0VemsqsRQz jpCTb090rx cNwVfIvjoedgQ Mt15 f KIAcqs fEgEGINXO4 jEzsXAkwfOLFfgt 4703 IpkUn0AxrQzutJDOcC28Uxp raMVIVS1SkJIvaPuXJxdZ27 9tDMwZffILB KCIGACT5V5 4WEgDkrFtuuF9 oxm2 5SVL8TvUmXB 3hxX4Uoaxt xAhuyOdhhlkyyZSpw9BPPR 8bc wUYERh7 7JXLKHpd ueeu3znfIX4dDeti8B3xYvvE8kGZjxFN1cC3zc3JsD0IVulLkyiAa93P4LPEVAwG FwlLqmGiiqw9JM tzc6kYkZXylFzCrSVf2exP tEvM crypto certificate import pkcs12 The crypto certificate import pkcs12 Privileged EXEC mode command imports the certificate and the RSA keys wit
476. th 63 characters e single connection Specifies that a single open connection is maintained between the device and the daemon instead of the device opening and closing a TCP connection to the daemon each time it communicates e port port number Specifies the server port number If the port number is 0 the host is not used for authentication Range 0 65535 timeout timeout Specifies the timeout value in seconds Range 1 30 e key key string Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the encryption used on the TACACS daemon To specify an empty string enter Length 0 128 characters TACACS Commands 259 e source source Spcecifies the source IP to use for the communication 0 0 0 0 indicates a request to use the outgoing IP interface IP address e priority priority Specifies the order in which the TACACS servers are used where 0 is the highest priority Range 0 65535 Default Configuration No TACACS host is specified The default port number is 49 If timeout is not specified the global value is used If key string is not specified the global value is used If source is not specified the global value is used Command Mode Global Configuration mode User Guidelines Multiple tacacs server host commands can be used to specify multiple hosts If no host specific timeout key or source value
477. that were defined via bridge multicast forbidden forward all command are displayed in all forbidden MC entries Example The following example displays bridge multicast address information Console show bridge multicast address table 402 Address Table Commands Multicast address table for VLANs in MAC GROUP bridging mode Vlan MAC Address Type Ports 8 01 00 5e 02 02 03 Static 1 2 Forbidden ports for multicast addresses 8 01 00 5e 02 02 03 gil 0 9 Multicast address table for VLANs in IPv4 GROUP bridging mode d 224 0 0 251 Dynamic gil 0 12 Forbidden ports for multicast addresses Vlan MAC Address Ports 1 232 5 6 5 1 293 2262 6 Multicast address table for VLANs in IPv4 SRC GROUP bridging mode Vlan Group Address Source address Type Ports 1 224 2 2 251 11 2 2 3 Dynamic gil 0 11 Forbidden ports for multicast addresses Address Table Commands 403 Vlan Group Address Source Address Ports 8 239 222 x gil 0 9 8 239 2 2 2 EGRET gil 0 9 Multicast address table for VLANs in IPv6 GROUP bridging mode VLAN IP MAC Address Type Ports e aeii ee ON US Forbidden ports for multicast addresses VLAN IP MAC Address Ports 8 02 4 4 4 gil 0 9 Multicast address table for VLANs in IPv6 SRC GROUP bridging mode Vlan Group Address Source address Type Ports 8 02 4 4 4 ZS Static gil 0 1 2 gi1 0 7 Pol1 8 02 4 4 4 fe80 200 7ff Static fe00 200 Forbidden ports for multicast addresses Vlan Group
478. the spanning tree disabled and BPDU handling mode of flooding Tagged BPDU packets are filtered Spanning Tree Commands 463 Default Configuration The default setting is flooding Command Mode Global Configuration mode User Guidelines The filtering and flooding modes are relevant when the spanning tree is disabled globally or on a single interface Example The following example defines the BPDU packet handling mode as flooding when the spanning tree is disabled on an interface Console config spanning tree bpdu flooding spanning tree bpdu Interface Use the spanning tree bpdu Interface Configuration Ethernet Port channel mode command to define BPDU handling when the spanning tree is disabled on a single interface Use the no form of this command to restore the default configuration Syntax spanning tree bpdu Altering flooding no spanning tree bpdu Parameters e filtering Specifies that BPDU packets are filtered when the spanning tree is disabled on an interface e flooding Specifies that untagged BPDU packets are flooded unconditionally without applying VLAN rules to ports with the spanning tree disabled and BPDU handling mode of flooding Tagged BPDU packets are filtered 464 Spanning Tree Commands Default Configuration The spanning tree bpdu Global command determines the default configuration Command Mode Interface Configuration Ethernet Port channel mode Example The follo
479. the application Layer 2 priority The Layer 2 priority used for the specified application DSCP The DSCP value used for the specified application LLDP MED Power Over Ethernet Power type The device power type The possible values are Power Sourcing Entity PSE or Power Device PD Power Source The power source utilized by a PSE or PD device A PSE device advertises its power capability The possible values are Primary power source and Backup power source A PD device advertises its power source The possible values are Primary power Local power Primary and Local power 450 Power priority LLDP Commands The PD device priority A PSE device advertises the power priority configured for the port A PD device advertises the power priority configured for the device The possible values are Critical High and Low Power value The total power in watts required by a PD device from a PSE device or the total power a PSE device is capable of sourcing over a maximum length cable based on its current configuration LLDP MED Location Coordinates Civic The location information raw data address ECS ELIN show Ildp statistics Use the show Ildp statistics EXEC mode command to display the Link Layer Discovery Protocol LLDP statistics Syntax show Ildp statistics interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port
480. the bridge multicast mode Interface VLAN Configuration command describes the configuration that is written into the FDB as a function of the FDB mode and the IGMP version that is used in the network Example console config ip igmp snooping vlan 2 ip igmp snooping mrouter Use the ip igmp snooping mrouter Global Configuration mode command to enable automatic learning of multicast router ports Use the no form of this command to remove the configuration Syntax ip igmp snooping vlan v an id mrouter learn pim dvmrp no ip igmp snooping vlan vian id mrouter learn pim dvmrp 524 IGMP Snooping Commands Parameters vlan id Specifies the VLAN Default Learning pim dvmzrp is enabled Command Mode Global Configuration mode User Guidelines Multicast router ports are learned based on e Queries received on the port e PIM PIM 2 received on the port e DVMRP received on the port e MRDISC received on the port m MOSPF received on the port You can execute the command before the VLAN is created Example console config ip igmp snooping vlan 1 mrouter learn pim dvmrp ip igmp snooping mrouter interface Use the ip igmp snooping mrouter interface Global Configuration mode command to define a port that is connected to a multicast router port Use the no form of this command to remove the configuration Syntax ip igmp snooping vlan v an id mrouter interface interface list no ip igmp snooping vlan vian id mrouter interface
481. the power inline powered device Interface Configuration mode command to add a description of the powered device type Use the no form of this command to remove the description Syntax power inline powered device pd type no power inline powered device Parameters pd type Enters a comment or a description to assist in recognizing the type of the powered device attached to this interface Length 1 24 characters Default Configuration There is no description Command Mode Interface Configuration Ethernet mode Example The following example adds the description ip phone of the device connected to port 4 Console config interfacegigabitethernet 1 0 4 Console config if power inline powered device ip phone power inline priority Use the power inline priority Interface Configuration Ethernet mode command to configure the interface inline power management priority Use the no form of this command to restore the default configuration Syntax power inline priority critical high low 358 Power over Ethernet PoE Commands no power inline priority Parameters e critical Specifies that the powered device operation is critical e high Specifies that the powered device operation is high priority e low Specifies that the powered device operation is low priority Default Configuration The default configuration is set to low priority Command Mode Interface Configuration Ethernet mode Example
482. thentication methods are used only if the previous method returns an error not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line Select one or more methods from the following list Keyword Description enable Uses the enable password for authentication line Uses the line password for authentication local Uses the local username database for authentication AAA Commands _ 219 none Uses no authentication radius Uses the list of all RADIUS servers for authentication tacacs Uses the list of all TACACS servers for authentication Default Configuration The local user database is the default authentication method This is the same as entering the command aaa authentication login local NOTE If an authentication method is not defined console users can log in without any authentication verification Command Mode Global Configuration mode User Guidelines The default and additional list names created with the aaa authentication login command are used with the login authentication command Create a list by entering the aaa authentication login list name method command for a particular protocol where list name is any character string used to name this list The method argument identifies the list of methods that the authentication algorithm tries in the given sequence The additional methods of authenticat
483. tic ARP binding list toa VLAN Use the no form of this command to delete the assignment Syntax ip arp inspection list assign v an id name no ip arp inspection list assign v an Parameters vlan id Specifies the VLAN ID e name Spccifies the static ARP binding list name Default Configuration No static ARP binding list assignment exists DHCP Snooping and ARP Inspection Commands 581 Command Mode Global Configuration mode Example The following example assigns the static ARP binding list Servers to VLAN 37 Console config ip arp inspection list assign 37 servers ip arp inspection logging interval Use the ip arp inspection logging interval Global Configuration mode command to set the minimum time interval between successive ARP SYSLOG messages Use the no form of this command to restore the default configuration Syntax ip arp inspection logging interval seconds infinite no ip arp inspection logging interval Parameters e seconds Specifies the minimum time interval between successive ARP SYSLOG messages A 0 value means that a system message is immediately generated Range 0 86400 e infinite Specifies that SYSLOG messages are not generated Default Configuration The default minimum ARP SYSLOG message logging time interval is 5 seconds Command Mode Global Configuration mode 582 DHCP Snooping and ARP Inspection Commands Example The following example sets the minimum ARP SYSLOG me
484. tication requests The default value of this command should only be changed to adjust to unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers To provide faster response time to the user a smaller number than the default value should be entered Example The following example sets the time interval that the device remains in the quiet state following a failed authentication exchange to 3600 seconds 300 802 1x Commands Console config interface gigabitethernet 1 0 15 Console config if dot1x timeout quiet period 3600 dot1x timeout tx period Use the dot1x timeout tx period Interface Configuration Ethernet mode command to set the time interval during which the device waits for a response to an Extensible Authentication Protocol EAP request identity frame from the client before resending the request Use the no form of this command to restore the default configuration Syntax dotlx timeout tx period seconds no dot 1x timeout tx period Parameters seconds Specifies the time interval in seconds during which the device waits for a response to an EAP request identity frame from the client before resending the request Range 165535 seconds Default Configuration The default timeout period is 30 seconds Command Mode Interface Configuration Ethernet mode User Guidelines The default value of this command should be changed only to adjust
485. timeout Parameters milliseconds Specifies the amount of time in milliseconds that the DHCP server waits for a ping reply before it stops attempting to reach a pool address for client assignment The timeout range is 300 10000 milliseconds Default Configuration The default timeout is 500 milliseconds Command Mode Global Configuration mode User Guidelines This command specifies how long to wait for a ping reply in milliseconds Example The following example specifies that a DHCP Server waits 1 second for a ping reply from an address pool before it stops attempting to reach a pool address for client assignment Console config ip dhcp ping timeout 1000 676 DHCP Server Commands clear ip dhcp binding The clear ip dhep binding Privileged EXEC mode command deletes the dynamic address binding from the Dynamic Host Configuration Protocol DHCP Server database Syntax clear ip dhep binding address Parameters e address Specifies the binding address to delete from the DHCP database e Clears all automatic bindings Command Mode Privileged EXEC mode User Guidelines Typically the address denotes the client IP address If the asterisk character is specified as the address parameter DHCP clears all dynamic bindings Use the no ip dhcp pool Global Configuration mode command to delete a manual binding Example The following example deletes the address binding 10 12 1 99 from a DHCP
486. timer The GARP leaveall timer value specifies the time interval between leaveall messages for a GARP entity which prompt other GARP entities to re reregister all attribute information on this entity e timer value Specifies the timer value in milliseconds in multiples of 10 Range 10 2147483640 Default Configuration The following are the default timer values e Join timer 200 milliseconds e Leave timer 600 milliseconds e Leaveall timer 10000 milliseconds Command Mode Interface Configuration Ethernet Port channel mode User Guidelines The timer value value must be a multiple of 10 The following relationship must be maintained between the timers e The leave time must be greater than or equal to three times the join time e The leave all time must be greater than the leave time Set the same GARP timer values on all Layer 2 connected devices to ensure proper operation of the GARP application GVRP Commands 549 Example The following example sets the leave timer for gigabitethernet port 1 0 6 to 900 milliseconds Console config interface gigabitethernet 1 0 6 Console config if garp timer leave 900 gvrp vian creation forbid Use the gvrp vlan creation forbid Interface Configuration Ethernet Port channel mode command to disable dynamic VLAN creation or modification Use the no form of this command to enable dynamic VLAN creation or modification Syntax gvrp vlan creation forbid no gvrp v
487. tion allowed untrusted Use the ip dhcp snooping information option allowed untrusted Global Configuration mode command to allow a device to accept DHCP packets with option 82 information from an untrusted port Use the no form of this command to drop these packets from an untrusted port Syntax ip dhcp snooping information option allowed untrusted no ip dhcp snooping information option allowed untrusted DHCP Snooping and ARP Inspection Commands 569 Default Configuration DHCP packets with option 82 information from an untrusted port are discarded Command Mode Global Configuration mode Example The following example allows a device to accept DHCP packets with option 82 information from an untrusted port Console config ip dhcp snooping information option allowed untrusted ip dhcp snooping verify Use the ip dhcp snooping verify Global Configuration mode command to configure a device to verify that the source MAC address in a DHCP packet received on an untrusted port matches the client hardware address Use the no form of this command to disable MAC address verification in a DHCP packet received on an untrusted port Syntax ip dhcp snooping verify no ip dhep snooping verify Default Configuration The switch verifies that the source MAC address in a DHCP packet received on an untrusted port matches the client hardware address in the packet Command Mode Global Configuration mode 570 DHCP Snooping and ARP I
488. tion mode Example The following example enables 802 1x globally Console config dot1lx system auth control dot1x port control Use the dot1x port control Interface Configuration Ethernet mode command to enable manual control of the port authorization state Use the no form of this command to restore the default configuration 296 802 1x Commands Syntax dotlx port control auto force authorized force unauthorized no dot 1x port control Parameters e auto Enables 802 1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802 1x authentication exchange between the device and the client e force authorized Disables 802 1x authentication on the interface and causes the port to transition to the authorized state without any authentication exchange required The port resends and receives normal traffic without 802 1x based client authentication e force unauthorized Denies all access through this interface by forcing the port to transition to the unauthorized state and ignoring all attempts by the client to authenticate The device cannot provide authentication services to the client through the interface Default Configuration The port is in the force authorized state Command Mode Interface Configuration Ethernet mode User Guidelines It is recommended to disable spanning tree or to enable spanning tree PortFast mode on 802 1x edge ports
489. tive Privileged EXEC mode command reactivates a locked out local password Syntax set enable password eve active Parameters level Specifies the privilege level to which the password applies Range 1 15 Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Example The following example reactivates a local password that applies to privilege level 1 Console config set enable password 1 active AAA Commands 245 show passwords configuration The show passwords configuration Privileged EXEC mode command displays information about the password management configuration Syntax show passwords configuration Parameters Command Mode Privileged EXEC mode Example Console show passwords configuration Passwords aging is enabled with aging time 180 days inimal length 8 inimum character classes 4 aximal number of repeated characters 2 History 10 History hold time 365 days Lockout control Disabled Enable Passwords Level Lockout Line Passwords Line Lockout Console Telnet LOCKOUT SSH 0 246 AAA Commands The following table describes the significant fields shown in the display Field Description Minimal length The minimal length required for passwords in the local database Minimal character classes The minimal number of different types of characters special characters integers and so on required
490. to unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers Example The following command sets the time interval during which the device waits for a response to an EAP request identity frame to 3600 seconds Console config interface gigabitethernet 1 0 15 Console config if dot1lx timeout tx period 3600 802 1x Commands 301 dot1x max req Use the dotlx max req Interface Configuration mode command to set the maximum number of times that the device sends an Extensible Authentication Protocol EAP request identity frame assuming that no response is received to the client before restarting the authentication process Use the no form of this command to restore the default configuration Syntax dotlx max req count no dot1x max req Parameters count Specifies the maximum number of times that the device sends an EAP request identity frame before restarting the authentication process Range 1 10 Default Configuration The default maximum number of attempts is 2 Command Mode Interface Configuration Ethernet mode User Guidelines The default value of this command should be changed only to adjust to unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers Example The following example sets the maximum number of times that the device sends an EAP request identity frame
491. to 6 Console config interface gigabitethernet 1 0 15 Console config if dotlx max req 6 302 802 1x Commands dot1x timeout supp timeout Use the dot1x timeout supp timeout Interface Configuration Ethernet mode command to set the time interval during which the device waits for a response to an Extensible Authentication Protocol EAP request frame from the client before resending the request Use the no form of this command to restore the default configuration Syntax dotlx timeout supp timeout seconds no dotlx timeout supp timeout Parameters seconds Specitfies the time interval in seconds during which the device waits for a response to an EAP request frame from the client before resending the request Range 1 65535 seconds Default Configuration The default timeout period is 30 seconds Command Mode Interface Configuration Ethernet mode User Guidelines The default value of this command should be changed only to adjust to unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers Example The following example sets the time interval during which the device waits for a response to an EAP request frame from the client before resending the request to 3600 seconds Console config interface gigabitethernet 1 0 15 Console config if dot1x timeout supp timeout 3600 802 1x Commands 303 dot1x timeout server timeout Use the dot1x
492. to be part of the password Maximum number of repeated characters The maximum number of times a singe character can be repeated in the password History The number of password changes required before a password in the local database can be reused History hold time The duration that a password is relevant for tracking password history Lockout control The user account lockout control status after a series of authentication failures Level The applied password privilege level Aging The password aging time in days Expiry date The password expiration date Lockout If lockout control is enabled the specific number of times a user failed to enter the correct password since the last successful login is displayed If the user is locked out LOCKOUT is displayed The applied password line type show users login history The show users login history Privileged EXEC mode command displays information about the user s login history Syntax show users login history username name Parameters name Name of the user Range 1 20 characters AAA Commands 247 Command Mode Privileged EXEC mode Example The following example displays information about the users login history Console show users login history File save Enabled Login Time Username Protocol Location Jan 18 2004 23 58 17 Robert HTTP 172 16 1 8 Jan 19 2004 07 59 23 Robert HTTP 172 16 0 8
493. to display the configuration of storm control Syntax show storm control interface id Parameters interface id Specifies the interface Command Mode EXEC mode Example console show storm control Port State Rate Kbits Sec Included gil 0 1 Enabled 12345 Broadcast Multicast Unknown unicast gil 0 2 Disabled 100000 Broadcast User Guidelines Use the storm control broadcast enable Interface Configuration command to enable storm control The calculated rate includes the 20 bytes of Ethernet framing overhead preamble SFD IPG If the suppression level in percentage is translated for the current port s speed to a rate that is lower then the minimum rate the minimum rate would be set Example console config interface gil 0 1 console config if storm control broadcast level kbps 12345 350 Ethernet Configuration Commands PHY Diagnostics Commands test cable diagnostics tdr Use the test cable diagnostics tdr Privileged EXEC mode command to use Time Domain Reflectometry TDR technology to diagnose the quality and characteristics of a copper cable attached to a port Syntax test cable diagnostics tdr interface interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode Privileged EXEC mode User Guidelines The port to be tested should be shut down during the test unless it is a combination port with fiber port active The max
494. tocol DHCP Server to send ping packets before assigning the address to a requesting client Use the no form of this command to prevent the server from pinging pool addresses Syntax ip dhcp ping enable no ip dhep ping enable Default Configuration DHCP pinging is disabled DHCP Server Commandes 673 Command Mode Global Configuration mode User Guidelines The DHCP Server pings a pool address before assigning the address to a requesting client If the ping is unanswered the DHCP Server assumes with a high probability that the address is not in use and assigns the address to the requesting client Example The following example enables the DHCP Server to send ping packets before assigning the address to a requesting client Console config ip dhcp ping enable ping enable Use the ping enable DHCP Pool Network Configuration mode command to enable the Dynamic Host Configuration Protocol DHCP Server to send ping packets before assigning the address to a requesting client Use the no form of this command to prevent the server from pinging pool addresses Syntax ping enable no ping enable Default Configuration The default configuration is set to enable Command Mode DHCP Pool Network Configuration mode User Guidelines The DHCP Server pings a pool address before assigning the address to a requesting client If the ping is unanswered the DHCP Server assumes with a high probability that the address is not in use
495. tp sessions before automatic logoff Use the no form of this command to return to the default value 196 Web Server Commands Syntax ip http timeout policy idle seconds no ip http timeout policy Parameters seconds Spccifies the maximum number of seconds that a connection is kept open if no data is received or response data cannot be sent out Range 086400 Default 600 seconds Command Mode Global Configuration mode User Guidelines This command also configures the timeout policy for HTTPS To specify no timeout enter the ip http timeout policy 0 command Example The following example configures the http port number as 100 Console config ip http timeout policy 0 ip http secure server Use the ip http secure server Global Configuration mode command to enable the device to be configured securely from a browser and to also enable the device to be monitored or have its configuration modified securely from a browser Use the no form of this command to disable this function Syntax ip http secure server no ip http secure server Web Server Commands 197 Parameters This command has no arguments or keywords Default Disabled Command Mode Global Configuration mode User Guidelines Use the crypto certificate generate command to generate an HTTPS certificate Example console config ip http secure server ip http secure port To specify the TCP port to be used by the secure web browser inte
496. transmitting Link Layer Discovery Protocol LLDP on an interface Use the no form of this command to stop transmitting LLDP on an interface LLDP Commands 423 Syntax lldp transmit no lldp transmit Parameters This command has no arguments or keywords Default Enabled Command Mode Interface Configuration Ethernet mode User Guidelines LLDP manages LAG ports individually LLDP sends separate advertisements on each port in a LAG LLDP operation on a port is not dependent on the STP state of a port Le LLDP frames are sent on blocked ports If a port is controlled by 802 1X LLDP would operate only if the port is authorized Example console config interface gigabitethernet 1 0 1 console config if lldp transmit Ildp receive Use the Ildp receive Interface Configuration mode command to enable receiving Link Layer Discovery Protocol LLDP on an interface Use the no form of this command to stop receiving LLDP on an interface Syntax lldp receive no lldp receive 424 LLDP Commands Parameters This command has no arguments or keywords Default Enabled Command Mode Interface Configuration Ethernet mode User Guidelines LLDP manages LAG ports individually LLDP data received through LAG ports is stored individually per port LLDP operation on a port is not dependent on the STP state of a port Le LLDP frames are received on blocked ports If a port is controlled by 802 1X LLDP would ope
497. trol Global Use the flowcontrol Global Configuration mode command to configure the Flow Control global mode Syntax flowcontrol receive only send receive Parameters e receive only The interfaces with enabled Flow Control will receive pause frames but will not send Flow Control pause frames e send receive The interfaces with enabled Flow Control will receive and send pause frames Default Configuration receive only Command Mode Global Configuration mode 334 Ethernet Configuration Commands User Guidelines This command only determines the global mode and does not enable disable Flow Control on any interface Flowcontrol must also be enabled on the specific interfaces required they are enabled by default Example The following example enables Flow Control in the mode of only receiving pause frames and not sending them Console config flowcontrol receive only show flowcontrol Use the show flowcontrol Exec mode command to display the Flow Control global mode Syntax show flowcontrol Parameters N A Default Configuration N A Command Mode Exec mode Example The following example displays the global Flow Control mode when it is receive only Console show flowcontrol Global Flow Control mode is receive only Ethernet Configuration Commands 335 mdix Use the mdix Interface Configuration Ethernet mode command to enable cable crossover on a given interface Use the no form of
498. u wish to continue Y N y console config snmp server user tom acbd v3 snmp server filter The snmp server filter Global Configuration mode command creates or updates a Simple Network Management Protocol SNMP server filter entry Use the no form of this command to remove the specified SNMP server filter entry Syntax snmp server filter A ter name ord tree included excluded no snmp server filter A ter name o1d tree Parameters e filter name Spcecifies the label for the filter record that is being updated or created The name is used to reference the record Length 1 30 characters SNMP Commands 167 e oid tree Specifies the ASN 1 subtree object identifier to be included or excluded from the view To identify the subtree specify a text string consisting of numbers such as 1 3 6 2 4 or a word such as System Replace a single sub identifier with the asterisk wildcard to specify a subtree family for example 1 3 4 e included Specifies that the filter type is included e excluded Specifies that the filter type is excluded Default Configuration No view entry exists Command Mode Global Configuration mode User Guidelines This command can be entered multiple times for the same filter record If an object identifier is included in two or more lines later lines take precedence The command s logical key is the pair filter name oid tree Example The following example creates a filter
499. uaannnaenanaa 184 crypto certificate generate unnur 185 crypto certificate request uann 187 crypto certificate Import 188 crypto certificate export pkes12 190 crypto certificate import pkcs12 191 show crypto certificate mycertificate 193 11 Web Server Commands 195 ip http server 00sec e eee eee eee eee 195 Ip http Hart 24000 ENKE e Sie AER d 196 ip http timeout policy 196 ip http secure server 20 eeeee cece ee es 197 ip http secure port 20 cece eee eee ees 198 ip https Certificate 199 Show ip htt psc Zeene e EN EE Es 200 show Ip https iig eid Beedle es 200 ip telnet server 0 2 0c e eee eee eee eee 203 IP SSM POM EE 204 IP SSW server eaaa sy ae eee ee ees aie 204 ip ssh pubkey auth cece eee 205 crypto key pubkey chain ssh 2 206 US I K y ee eg MeN Soe Sees awed 207 key stinga Ee ed SEENEN E eee 208 Show mech ei Age ence ea ae 210 show crypto key pubkey chain ssh 211 13 Line Commands e de r E ear ees 213 10 AUTO AU EE 214 X C tIMOOUT crees cece eee eee eee eee E aa 215 SHOW Ins 216 14 AAA Commandes anaana aana 219 aaa authentication Login 219 aaa authentication enable scenes 221 login authentication cc cece eee eee 223 enable authentication eee eens 223 ip http authentication
500. ual Cable Tester length check must be performed The VCT length check can be performed only on a copper port operating at a speed of 1000 Mbps If the media is not copper or the link speed is not 1000 Mbps and short reach mode is not forced by green ethernet short reach force short reach mode is not applied When the interface is set to enhanced mode after the VCT length check has completed and set the power to low an active monitoring for errors is done continuously In the case of errors crossing a certain threshold the PHY will be reverted to long reach Example console config interface gil 0 1 console config if green ethernet short reach green ethernet short reach force Use the green ethernet short reach force Interface Configuration mode command to force short reach mode on an interface Use the no form of this command to return to default Syntax green ethernet short reach force no green ethernet short reach force Parameters This command has no arguments or keywords 380 Green Ethernet Default Configuration Short reach mode is not forced Command Mode Interface Configuration mode Ethernet Example console config interface gil 0 1 console config if green ethernet short reach force green ethernet short reach threshold Use the green ethernet short reach threshold Global Configuration mode command to set the maximum cable length for applying short reach Use the no form of this command to r
501. uld be counted again if it is also used for destination port Example console config ip access list extended server console config ip al deny ip 1 1 1 0 0 0 0 255 1 1 2 0 0 0 0 0 701 ipv6 access list Use the ipv6 access list global configuration mode command to define an IPv6 access list and to place the device in IPv6 access list configuration mode Use the no form of this command to remove the access list Syntax ipv6 access list access ist name no ipv6 access list access ist name Parameters e access list name Name of the IPv6 access list access list name 0 32 characters use for empty string Default No IPv6 access list is defined Command Mode Global Configuration mode User Guidelines IPv6 ACL is defined by a unique name Pv4 ACL IPv6 ACL MAC ACL or Policy Map cannot have the same name Every IPv6 ACL has implicit permit icmp any any nd ns any permit icmp any any nd na any and deny ipv6 any any statements as its last match conditions The former two match conditions allow for ICMPv6 neighbor discovery The IPv6 neighbor discovery process makes use of the Pv6 network layer service therefore by default Pv6 ACLs implicitly allow IPv6 neighbor discovery packets to be sent and received on an interface In IPv4 the Address Resolution Protocol ARP which is equivalent to the IPv6 neighbor discovery process makes use of a separate data link layer protocol therefore by defaul
502. ule stack member number Parameters Interface id Specifies an interface ID The interface ID must be an Ethernet port Power over Ethernet PoE Commands 365 stack member number Specifies the switch member in a stack Default Configuration There is no default configuration for this command Command Mode EXEC mode Example The following example displays information about the inline power consumption Console show power inline consumption Port Power Power W Voltage V Current E Timite W Ee geb mA rt Grasse ae 4 115 50s 8 DN gil 0 1 15 4 4 157 50 7 81 gil 0 1 15 4 4 021 50 9 82 15 4 79 show power inline version Use the show power inline version EXEC mode command to display the power inline microcontroller s software version for all the stacking units or for a specific unit Syntax show power inline version unit unit Parameters unit unit Specifies the stacking unit number Default Configuration There is no default configuration for this command 366 Power over Ethernet PoE Commands Command Mode EXEC mode Example The following example displays information about the inline power consumption Console show power inline version Unit Software version 1 112 2 1 12 Power over Ethernet PoE Commands 367 368 l Power over Ethernet PoE Commands EEE Commands eee enable global Use the eee enable Global Configuration command to enable the EEE mode global
503. umt 401 show bridge multicast address table 401 show bridge multicast address table static 405 show bridge multicast filtering 08 408 show bridge multicast unregistered 409 show ports security 2 0 e0ee eee eee 410 show ports security addresses 411 27 Port Monitor Commands 413 port monitor 413 show ports monitor 415 28 sFlow Commands 417 Sflow receiver cece eee e eee eeeeeeenaee 417 sflow flow sampling 2 0 eeeeeeeee 418 sflow counters sampling 0 2 00 419 Clear sflow statistics 0 0 cece e eee eee eens 419 show sflow configuration aanas 420 18 show sflow statistics 00c0ceeeeeeeeees 421 29 LLDP Commands cvs teed oe heed 423 dp run 22 0285 See Ge a ee ieee 423 Ildp transmit 20 cece eee eee 423 ld p receive ass i aerer eer ad a on 424 TO 425 lidp hold multiplier 02 ee eee eee 426 Nd p reinit ENEE cetera aac eee age eels 427 Ildp tx delay 0c cece eee eee eee ee 428 Ildp optional tly e cece eee eee ee 428 Ildp management address 429 Ildp notifications 00 eee eee eee 430 Ildp notifications Internal 431 Ildp optional du D 1 ee eee 432 Ildp med enable 0000cee cece eee eee 433 Ildp med notifications to
504. up the startup configuration to a backup configuration file Examples The following example copies system image file from the TF TP server 172 16 101 101 to a non active image file Console copy tftp 172 16 101 101 filel image Accessing file filel on 172 16 101 101 130 Configuration Image File Commands Loading filel from 172 16 101 101 PEPEPEEPEP EP EE PEP eed ee er ee here eee eee tad Copy took 0 01 11 hh mm ss Copying an Image from a Server to Flash Memory The following example copies a system image named file from the TFTP server with an IP address of 172 16 101 101 to a non active image file Router copy tftp 172 16 101 101 filel image Accessing file filel on 172 16 101 101 Loading filel from 172 16 101 101 RA ee Pee Roe ea a Se ESE Bh deh dete eee Po Eee PERSE EENE REEE LE Copy took 0 01 11 hh mm ss Configuration Image File Commands 131 write memory Use the write memory Privileged EXEC mode command to save the running configuration to the startup configuration file Syntax write memory Parameters This command has no arguments or keywords Command Mode Privileged EXEC mode Examples The following example copies system image file from the TF TP server 172 16 101 101 to a non active image file Console write memory Overwrite file startup config Yes press any key for no 15 Sep 2010 11 27 48 COPY I FILECPY Files Copy source URL running config destinatio
505. urrent terminal session Use the no form of this command to disable the command history function Syntax terminal history terminal no history Default Configuration The default configuration for all terminal sessions is defined by the history Line Configuration mode command Command Mode EXEC mode User Guidelines The command enables the command history for the current session The default is determined by the history Line Configuration mode command Example The following example disables the command history function for the current terminal session Console gt terminal no history 48 User Interface Commands terminal history size The terminal history size EXEC mode command changes the command history buffer size for the current terminal session Use the no form of this command to reset the command history buffer size to the default value Syntax terminal history size number ofcommands terminal no history size Parameters number of commands Spcecifies the number of commands the system maintains in its history buffer Range 10 256 Default Configuration The default configuration for all terminal sessions is defined by the history size Line Configuration mode command Command Mode EXEC mode User Guidelines The terminal history size EXEC command changes the command history buffer size for the current terminal session Use the history Line Configuration mode command to change the default command history buffe
506. utput Queues Interface Queue DP Total packets STD packets gil 0 1 2 High 799921 1 2 gil 0 2 All High 5387326 0 2 Quality of Service QoS Commands 763
507. value Console config snmp server engineID local default snmp server enginelD remote To specify the Simple Network Management Protocol SNMP engine ID of a remote SNMP device use the snmp server engineID remote Global Configuration mode command Use the no form of this command to remove the configured engine ID Syntax snmp server engineID remote ipv4 sp address 1pv6 address engineid string no snmp server engineID remote ipv4 ip address 1pv6 address Parameters e ipv4 ip address ipv6 address Pv or IPv6 address of the remote device e engineid string The character string that identifies the engine ID The engine ID is a concatenated hexadecimal string Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by 172 SNMP Commands a period or colon If the user enters an odd number of hexadecimal digits the system automatically prefixes the hexadecimal string with a zero Range engineid string5 32 characters 9 64 hexadecimal digits Default Configuration The EnginelD is not configured Command Mode Global Configuration mode User Guidelines A remote engine ID is required when an SNMP version 3 inform is configured The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host snmp server enable traps Use the snmp server enable traps Global Configuration mode command to enable the d
508. ver the routes that packets will take when traveling to their destination use the traceroute EXEC command Syntax traceroute ip 7pv4 address hostname size packet_size ttl max ttl count packet_count timeout time_out source ip address tos tos traceroute ipv6 ipv6 address hostname size packet_stze tt max ttl count packet_count timeout time_out source 1p address tos tos 74 System Management Commands Parameters ip Use IPv4 to discover the route ipv Use IPv6 to discover the route ipv4 address IPv4 address of the destination host Range Valid IP address ipv6 address IPv6 address of the destination host hostname Hostname of the destination host Range 1 160 characters Maximum label size 63 packet_size Number of bytes in the packet not including the VLAN tag The default is 64 bytes Pv 64 1518 IPv6 68 1518 ttl max ttl The largest TTL value that can be used The default is 30 The traceroute command terminates when the destination is reached or when this value is reached Range 1 255 count packet_count The number of probes to be sent at each TTL level The default count is 3 Range 1 10 timeout time_out The number of seconds to wait for a response to a probe packet The default is 3 seconds Range 1 60 source ip address One of the interface addresses of the device to use as a source address for the probes The device will normally pick what it feels
509. vers Index IP Address Port Max Datagram Size 1 0 0 0 0 6343 1400 2 EE RE 6343 1400 3 0 0 0 0 6343 1400 4 0 0 0 0 6343 1400 5 0 0 0 0 6343 1400 6 0 0 0 0 6343 1400 7 0 0 0 0 6343 1400 8 0 0 0 0 6343 1400 Interfaces 420 sFlow Commands Inter Flow Counters Max Header Flow Counters Collector face Sampling Sampling Size Collector Index Index gil 0 1 1 2048 60 sec 128 1 I gil 0 2 1 4096 Disabled 128 0 2 show sflow statistics Use the show sflow statistics EXEC mode command to display the sFlow statistics for ports that are enabled for Flow sampling or Counters sampling Syntax show sflow statistics nterface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode EXEC mode Example Console show sflow statistics Total sFlow datagrams sent to collectors 100 Packets datagrams sent Interface sampled to collector 1 1 30 50 1 2 10 10 sFlow Commands 421 422 1 1 1 2 sFlow Commands 10 LLDP Commands Iidp run Use the dp run Global Configuration mode command to enable Link Layer Discovery Protocol LLDP To disable LLDP use the no form of this command Syntax lldp run no lldp run Parameters This command has no arguments or keywords Default Enabled Command Mode Global Configuration mode Example console config lldp run Ildp transmit Use the Ildp transmit Interface Configuration mode command to enable
510. vice Q0S Commands Example The followin 7 WRR queues Console config wrr queue bandwidth 6 6 6 6 6 6 6 6 priority queue out num of queues Use the priority queue out num of queues Global Configuration mode command to configure the number of expedite queues Use the no form of this command to restore the default configuration Syntax priority queue out num of queues number of queues no priority queue out num of queues Parameters number of queues Specifies the number of expedite queues Expedite queues have higher indexes Range 0 8 If number of queues 0 all queues are assured forwarding If number of queues 8 all queues are expedited Default Configuration All queues are expedite queues Command Mode Global Configuration mode User Guidelines While configuring the priority queue num of queues command the weighted round robin WRR weight ratios are affected because there are fewer queues participating in WRR This indicates that the corresponding weight in the wrr queue bandwidth Interface Configuration mode command is ignored not used in the ratio calculation Quality of Service QoS Commands 741 Example The following example configures the number of expedite queues as 2 Console config priority queue out num of queues 2 traffic shape Use the traffic shape Interface Configuration Ethernet Port channel mode command to configure the egress port shaper Use the no form of this command to
511. w protected ports configuration Syntax show interfaces protected ports sntertace id 498 VLAN Commands Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ehernet port or Port channel Command Mode EXEC mode Example console show interfaces protected ports Interface State Community gil 0 1 Protected 1 gil 0 2 Protected Isolated gil 0 3 Unprotected 20 gil 0 4 Unprotected Isolated Note The Community column for unprotected ports is relevant only when_the port state is_ changed to Protected switchport Use the switchport Interface Configuration mode command with no keywords to put an interface that is in Layer 3 mode into Layer 2 mode for Layer 2 configuration Use the no form of this command to put an interface in Layer 3 mode Syntax switchport no switchport Default Configuration Layer 2 mode VLAN Commands 499 Command Mode Interface Configuration Ethernet port channel mode switchport mode Use the switchport mode Interface Configuration Ethernet port channel mode command to configure the VLAN membership mode of a port Use the no form of this command to restore the default configuration Syntax switchport mode access trunk general private vlan promiscuous host customer no switchport mode Parameters e access Specifies an untagged layer 2 VLAN port e trunk Specifies a trunking layer 2 VLAN port e gen
512. w errdisable interfaces EXEC mode command to display the Err Disable state of all interfaces or of a specific interface 346 Ethernet Configuration Commands Syntax show errdisable interfaces Parameters e Interface Interface number e port channel number Port channel index Command Mode EXEC mode Example The following example displays the Err Disable state of all interfaces Console show errdisable interfaces Interface Reason gil 1 50 stp bpdu guard storm control broadcast enable Use the storm control broadcast enable Interface Configuration mode command to enable storm control Use the no form of this command to disable storm control Syntax storm control broadcast enable no storm control broadcast enable Parameters This command has no arguments or keywords Default Configuration Disabled Ethernet Configuration Commands 347 Command Mode Interface Configuration mode Ethernet User Guidelines e Use the storm control broadcast level Interface Configuration command to set the maximum rate e Use the storm control include multicast Interface Configuration command to also count multicast packets and optionally unknown unicast packets in the storm control calculation Example console config interface gigabitethernet 1 0 1 console config if storm control broadcast enable storm control broadcast level kbps Use the storm control broadcast levelInterface Configuration mode comma
513. wO2VydGlmaWVyLENOPXN1icnZ1 Issued by www verisign com Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US RSA and Certificate Commands 193 Finger print DC789788 DC88A988 127897BC BB789788 194 RSA and Certificate Commands Web Server Commands ip http server The ip http server Global Configuration mode command enables configuring and monitoring the device from a web browser Use the no form of this command to disable this function Syntax ip http server no ip http server Default Configuration HTTP server is enabled Command Mode Global Configuration mode Web Server Commands 195 Example The following example enables configuring the device from a web browser Console config ip http server ip http port The ip http port Global Configuration mode command specifies the TCP port used by the web browser interface Use the no form of this command to restore the default configuration Syntax ip http port port number no ip http port Parameters port numberPort number For use by the HTTP server Range 0 65534 Default Configuration The default port number is 80 Command Mode Global Configuration mode Example The following example configures the http port number as 100 Console config ip http port 100 ip http timeout policy Use the ip http timeout policy Global Configuration mode command to set the interval for the system to wait for user input in ht
514. wY JKwY BBAGCNxQCBAY e BABDAEEw CwROPBAQDAgF GMA8GA1UdEWEB wOQFMAMBAf 8wHQYDVROOBBYEFAf 4MT9BRD47 ZVKBAEL9Ggp EMT IBNgYDVRO BI IBLTCCASkwgdKggctggcyGgclsZGFwOi8v LOVByb3h5JTIwU2 9mdHdhcmU1MjBSb2 90JTIwO2VydGlmaWVyLENOPXNicnZ1 Certificate imported successfully Issued to router gm com Issued by www verisign com Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US RSA and Certificate Commands 189 Finger print DC789788 DC88A988 127897BC BB789788 crypto certificate export pkcs12 The crypto certificate export pkcs12 Privileged EXEC mode command exports the certificate and the RSA keys within a PKCS12 file Syntax crypto certificate number export pkcs12 Parameters number Specifies the certificate number Range 1 2 Command Mode Privileged EXEC mode User Guidelines The crypto certificate export pkcs12 command creates a PKCS 12 file that contains the certificate and an RSA key pair The passphrase for the export is determined when the key is generated The certificate and key pair are exported in a standard PEM format PKCS12 file This format can be converted to and from the binary PFX file used by Windows and Linux by using the openssl command line tool See an open source OpenSSL user manual man pkcs12 for more information Example The following example exports the certificate and the RSA keys within a PKCS12 file Console crypto certificate 1 export pkcs12 Bag Attribu
515. way IP address Type fe80 77 Static fe80 200 cff feda dfa8 Dynamic Console show ipv6 interface Vlan 15 IPv6 is disabled Console show ipv6 interface Vlan 1 Number of ND DAD attempts 1 MTU size 1500 Stateless Address Autoconfiguration state enabled ICMP unreachable message state enabled MLD version 2 IP addresses 632 IPv6 Addressing Commands Interface VLAN 1 VLAN 1 Type manual linklayer linklayer manual manual manual manual unreachable stale DAD State 4004 55 64 ANY manual Active fe80 200 b0ff fe00 0 linklayer Active 02 1 linklayer 02 77 manual 02 1 00 0 manual f 02 1 00 1 manual 02 1 00 55 manual show IPv6 route Use the show ipv6 route command to display the current state of the IPv6 routing table Syntax show ipv6 route Command Mode EXEC mode Example Console gt show ipv6 route Codes L Local S Static I ICMP ND Router Advertisment The number in the brackets is the metric S 0 via fe80 77 0 VLAN 1 Lifetime Infinite ND 0 via fe80 200 cff fe4a dfa8 0 VLAN 1 Lifetime 1784 sec 2001 64 is directly connected g2 Lifetime Infinite 2002 1 1 1 64 is directly connected VLAN 1 Lifetime 2147467 sec 3001 64 is directly connected VLAN Lifetime Infinite 4004 64 is directly connected VLAN Lifetime Infinite EZ Et P SE E 6001 64 is directl
516. wing example defines the BPDU packet as flooding when the spanning tree is disabled on gigabitethernet port 1 0 3 Console config interface gigabitethernet 1 0 3 Console config if spanning tree bpdu flooding spanning tree guard root use the spanning tree guard root Interface Configuration Ethernet Port channel mode command to enable root guard on all spanning tree instances on the interface Root guard prevents the interface from becoming the root port of the device Use the no form of this command to disable the root guard on the interface Syntax spanning tree guard root no spanning tree guard root Default Configuration Root guard is disabled Command Mode Interface Configuration Ethernet Port channel mode User Guidelines Root guard can be enabled when the device operates in STP RSTP and MSTP modes Spanning Tree Commands 465 When root guard is enabled the port changes to the alternate state if the spanning tree calculations select the port as the root port Example The following example prevents gigabitethernet port 1 0 1 from being the root port of the device Console config interface gigabitethernet 1 0 1 Console config if spanning tree guard root spanning tree bpduguard Use the spanning tree bpduguard Interface Configuration Ethernet port channel mode command to shut down an interface when it receives a bridge protocol data unit BPDU Use the no form of this command to restore
517. x directed broadcast no directed broadcast Default Configuration Translation of a directed broadcast to physical broadcasts is disabled All IP directed broadcasts are dropped Command Mode IP Interface Configuration mode Example The following example enables the translation of a directed broadcast to physical broadcasts Console config interface ip 192 168 1 1 Console config ip directed broadcast IP Addressing Commands 611 broadcast address Use the broadcast address IP Interface Configuration mode command to define a broadcast address for an interface Use the no form of this command to restore the default IP broadcast address Syntax broadcast address 255 255 255 255 0 0 0 0 no broadcast address Parameters e 255 255 255 255 Specifies 255 255 255 255 as the broadcast address e 0 0 0 0 Specifies 0 0 0 0 as the broadcast address Default Configuration The default broadcast address is 255 255 255 255 Command Mode IP Interface Configuration mode Example The following example enables the translation of a directed broadcast to physical broadcasts Console config interface ip 192 168 1 1 Console config ip broadcast address 255 255 255 255 ip helper address Use the ip helper address Global Configuration mode command to enable the forwarding of User Datagram Protocol UDP broadcast packets received on an interface to a specific helper address Use the no form of this command to d
518. x used when a rising threshold is crossed Falling Event The event index used when a falling threshold is crossed Owner The entity that configured this entry rmon event Use the rmon event Global Configuration mode command to configure an event Use the no form of this command to remove an event Syntax rmon event index none log trap log trap community text description text owner name no rmon event index Parameters e index Specifies the event index Range 1 65535 e none pecifies that no notification is generated by the device for this event e log Specifies that a notification entry is generated in the log table by the device for this event RMON Commands _ 289 e trap Specifies that an SNMP trap is sent to one or more management stations by the device for this event e log trap Specifies that an entry is generated in the log table and an SNMP trap is sent to one or more management stations by the device for this event community text Specifies the SNMP community to which an SNMP trap is sent Octet string length 0 127 characters e description text Specifies a comment describing this event Length 0 127 characters e owner name Specifies the name of the person who configured this event Valid string Default Configuration If the owner name is not specified it defaults to an empty string Command Mode Global Configuration mode Example The following e
519. xample console show ip dhcp tftp server tftp server address active 1 1 1 1 from sname manual ee eee file path on tftp server active conf conf file from option 67 150 Auto Update and Auto Configuration Management ACL Commands management access list The management access list Global Configuration mode command configures a management access list and enters the Management Access List Configuration command mode Use the no form of this command to delete an access list Syntax management access list name no management access list name Parameters name Specifies the access list name Length 1 32 characters Command Mode Global Configuration mode User Guidelines Use this command to configure a management access list This command enters the Management Access List Configuration mode where the denied or permitted access conditions are defined with the deny and permit commands If no match criteria are defined the default value is deny When re entering the access list context the new rules are entered at the end of the access list Use the management access class command to select the active access list The active management list cannot be updated or removed Management ACL Commande _ 151 For IPv6 management traffic that is tunneled in IPv4 packets the management ACL is applied first on the external Pv header rules with service field are ignored and then again on the inner Pv6 header Example
520. xample configures an event identified as index 10 for which the device generates a notification in the log table Console config rmon event 10 log show rmon events Use the show rmon events EXEC mode command to display the RMON event table Syntax show rmon events Command Mode EXEC mode 290 RMON Commands Example The following example displays the RMON event table Console show rmon events Index Descrip Type Community Owner Last time tion sent 1 Errors Log CLI Janl8 2006 23258201 2 High Log Router Manager Jan18 2006 Broadcast Trap 23 59 48 The following table describes significant fields shown in the display Field Description Index A unique index that identifies this event Description A comment describing this event Type The type of notification that the device generates about this event Can have the following values none log trap log trap In the case of log an entry is made in the log table for each event In the case of trap an SNMP trap is sent to one or more management stations Community If an SNMP trap is to be sent it is sent to the SNMP community specified by this octet string Owner The entity that configured this event Last time sent The time this entry last generated an event If this entry has not generated any events this value is zero show rmon log Use the show rmon log EXEC mode command to display the RMON log table RMON Commands 291
521. y Command Mode EXEC mode LACP Commands 543 Example The following example displays LACP information for gigabitethernet port 1 0 1 Console gt show lacp ethernet gil 0 1 Port gil 0 1 LACP parameters Actor system priority 1 system mac addr 00 00 12 34 56 78 port Admin key 30 port Oper key 30 port Oper number 21 port Admin priority 1 port Oper priority 1 port Admin timeout LONG port Oper timeout LONG LACP Activity ACTIVE Aggregation AGGREGATABLE synchronization FALSE collecting FALSE distributing FALSE expired FALSE Partner 544 LACP Commands Port LACP LACP Port system priority system mac addr port Admin key port Oper key port Oper number port Admin priority port Oper priority port Admin timeout port Oper timeout LACP Activity Aggregation synchronization collecting distributing expired gil 0 1 LACP Statistics PDUs sent PDUs received gil 0 1 LACP Protocol State LACP State Machines Control Receive FSM Mux FSM Variables BEGIN LACP_Enabled Ready_N Selected Port_moved NNT Port_enabled Timer counters periodic tx timer current while timer wait while timer 0 00 0 et Et ER CA PA De FAI TRUE FAI UNSELECTED FAI FAI 00 00 00 00 00 LONG LONG SSIVE AGGREGATABLE FAI FAI FAI FAI LSE LSE LSE LSE Port Disabled State tached State LSE LSE LSE LSE
522. y connected g2 Lifetime Infinite IPv6 Addressing Commands 633 ipv6 nd dad attempts Use the ipv6 nd dad attempts Interface Configuration Ethernet VLAN Port channel mode command to configure the number of consecutive neighbor solicitation messages that are sent on an interface while Duplicate Address Detection DAD is performed on the unicast Pv6 addresses of the interface Use the no form of this command to restore the number of messages to the default value Syntax ipv6 nd dad attempts attempts Parameters attempts Specifies the number of neighbor solicitation messages A value of 0 disables DAD processing on the specified interface A value of 1 configures a single transmission without follow up transmissions Range 0 600 Default Configuration Duplicate Address Detection on unicast IPv6 addresses with the sending of one neighbor solicitation message is enabled Command Mode Interface Configuration Ethernet VLAN Port channel mode It cannot be configured for a range of interfaces range context User Guidelines Duplicate Address Detection DAD verifies the uniqueness of new unicast IPv6 addresses before the addresses are assigned to interfaces the new addresses remain in a tentative state while DAD is performed DAD uses neighbor solicitation messages to verify the uniqueness of unicast IPv6 addresses An interface returning to the administrative Up state restarts DAD for all of the unicast IPv6 addresses
523. ycle If unspecified defaults to 1800 Range 1 3600 Command Mode Interface Configuration Ethernet Port channel mode Cannot be configured for a range of interfaces range context show rmon collection stats Use the show rmon collection stats EXEC mode command to display the requested RMON history group statistics Syntax show rmon collection stats interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel 280 RMON Commands Command Mode EXEC mode Example The following example displays all RMON history group statistics Console show rmon collection stats Index Interface Interval Requested Granted Owner Samples Samples 1 gil 0 1 30 50 50 CLI 2 gil 0 1 1800 50 50 Manager The following table describes the significant fields shown in the display Field Description Index An index that uniquely identifies the entry Interface The sampled Ethernet interface Interval The interval in seconds between samples Requested Samples The requested number of samples to be saved Granted Samples The granted number of samples to be saved Owner The entity that configured this entry show rmon history Use the show rmon history EXEC mode command to display RMON Ethernet history statistics Syntax show rmon history index throughput errors other period seconds Parameters
524. yslog Commands Default No messages are logged to a syslog server host Command Mode Global Configuration mode User Guidelines You can use multiple syslog servers The format of an IPv6Z address is lt spv6 link local address gt lt intertace name gt interface name vlan lt integer gt ch lt integer gt isatap lt integer gt lt physical port name gt 0 integer lt decimal number gt lt integer gt lt decimal number gt decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example 1 0 16 If the egress interface is not specified the default interface is selected Specifying interface zone 0 is equal to not defining an egress interface Examples console config logging host 1 1 1 121 console config logging host 3000 100 logging console Use the logging console Global Configuration mode command to limit messages logged to the console to messages with a specific severity level Use the no form of this command to disable logging limiting to the console Syntax logging console eve no logging console Syslog Commands 267 Parameters level Specifies the severity level of logged messages displayed on the console The possible values are emergencies alerts critical errors warnings notifications informational and debugging Default Configuration The default severity level is informational Command Mode Global Configuration mode Example
Download Pdf Manuals
Related Search