3Com 3CRUS2475 Bedienungsanleitung

www.3Com.com Part No. 10015248 Rev . AA Published October 2006 3Com ® Unified Gigabit Wir eless PoE Switch 24 Command Refer ence Guide 3CRUS2475[...]

3Com Corporati on 350 Campus Drive Marlborough, MA 01752-3064 Copyright © 2 006, 3Com Corporation. All rights reserved . No part of this documen tation may be reproduced in any form or by any means or used to make any derivative work (such as tran slation, transformation , or adaptation) without writt e n permission fr om 3Com Corporation. 3Com Co[...]

C ONTENTS U SING THE CLI Overview 19 CLI Command Modes 19 Introduction 19 User EXEC Mode 20 Privileged EXEC 20 Global Configuration Mode 21 Interface Configuration and Specific Configur ation Modes 21 Starting the CLI 22 Editing Features 23 Entering Comman ds 23 T erminal Command Buffer 24 Negating the Eff ect of Commands 25 Command Completion 25 N[...]

ACL C OMMANDS ip access-list 41 permit (ip) 41 deny (IP) 4 5 mac access-list 47 permit (MAC) 48 deny (MAC) 49 service-acl 50 show access-lists 51 show interfaces access- lists 52 A DDRESS T ABLE C OMMANDS bridge address 55 bridge multicast filtering 56 bridge multicast addr ess 57 bridge multicast forbidden address 58 bridge multicast forwar d-all [...]

description 79 speed 80 duplex 81 negotiation 8 1 flowcontr ol 82 mdix 83 clear counters 84 set interface active 85 show interfaces advertise 85 show interfaces configur ation 87 show interfaces status 88 show interfaces desc ription 90 show interfaces counters 91 port storm-co ntrol include-multicast (GC) 94 port storm-cont rol include-multicast ([...]

P ORT C HANNEL C OMMANDS interface port-channel 113 interface rang e port-chan nel 1 13 channel-group 114 show interfaces port-channel 115 Q O S C OMMANDS qos 117 show qos 118 class-map 118 show class-map 120 match 120 policy-map 121 class 122 show policy-map 123 trust cos-dscp 124 set 125 police 126 service-policy 127 qos aggregate-policer 128 sho[...]

security-suite do s protect 145 security-suite deny martian-addr esses 146 C LOCK C OMMANDS clock set 149 clock sour ce 150 clock timezon e 150 clock summer -time 151 sntp authentication-key 153 sntp authenticate 154 sntp trusted-key 155 sntp client poll timer 156 sntp anycast client enable 157 sntp client en able (Interface) 157 sntp unicast clien[...]

IGMP S NOOPING C OMMANDS ip igmp snooping (Global) 185 ip igmp snooping (Inter face) 185 ip igmp snooping mr outer lear n-pim-dvmrp 186 ip igmp snoop ing host-time-out 1 87 ip igmp snooping mr outer -time-out 188 ip igmp snooping leave-time-ou t 189 show ip igmp snooping mr outer 189 show ip igmp sn ooping interface 190 show ip igmp snooping gr oup[...]

spanning-tree cost 214 spanning-tr ee port-priority 215 spanning-tr ee portfast 216 spanning-tree link-type 217 spanning-tr ee pathcost method 217 spanning-tr ee bpdu 218 clear spanning-tree de tected-protocols 219 spanning-tr ee mst priority 220 spanning-tr ee mst max-hops 220 spanning- tree mst port-prio rity 221 spanning-tr ee mst cost 222 spann[...]

show radius-servers 276 P ORT M ONITOR C OMMANDS port monito r 279 show ports monitor 280 SNMP C OMMANDS snmp-server commun ity 283 snmp-server view 284 snmp-server group 2 86 snmp-server user 287 snmp-server engineID local 289 snmp-server enable traps 291 snmp-server filter 291 snmp-server host 292 snmp-server v3-host 294 snmp-server trap auth ent[...]

show arp 313 ip domain-name 314 ip name-server 315 M ANAGEMENT ACL C OMMANDS management acce ss-list 317 permit (Management) 318 deny (Management) 319 management acce ss-class 320 show manage ment access- list 321 show manage ment access-class 322 W IRELESS R OGUE AP C OMMANDS rogu e-detect enable (Radio) 323 rogu e-detect ro gue-scan-interval 324 [...]

wpa2 pre-authentication 343 show wlan ess 344 show wlan ess mac-filtering lists 347 show wlan ess counters 348 W IRELESS AP G ENERAL C OMMANDS clear wlan ap 351 wlan ap active 352 wlan ap key 352 wlan ap config 353 name 354 tunnel priority 355 wan enable 355 interface ether net 356 vlan allowed 357 vlan native 358 wlan template ap configur e 358 se[...]

show crypto key pubkey -chain ssh 380 W EB S ERVER C OMMANDS ip http server 383 ip http port 383 ip http exec-time out 384 ip https server 385 ip https port 385 crypto certificate generate 386 crypto certificate request 388 crypto certificate import 389 ip https certificate 390 show crypto certific ate mycertificate 391 show ip http 392 show ip htt[...]

show logging 409 show logging file 411 show syslog-server s 413 W IRELESS AP BSS C OMMANDS bss 415 bss enable 415 advertise-ssid 416 data-rate s 417 S YSTEM M ANAGEMENT C OMMANDS ping 419 traceroute 421 telnet 424 re su m e 4 2 7 re lo a d 4 2 8 hostname 429 show users 429 show sessions 430 show system 431 show version 432 service cpu-utilization 4[...]

show history 442 show privilege 443 GVRP C OMMANDS gvrp enable (Global) 445 gvrp enable (Interface) 446 garp time r 44 6 gvrp vlan-creation-forbid 448 gvrp registration-forb id 448 clear gvrp statistics 449 show gvrp configur ation 450 show gvrp statistics 451 show gvrp error -statistics 452 VLAN C OMMANDS vlan database 455 vlan 455 interface vlan [...]

dot1x port-con trol 470 dot1x re -authentication 471 dot1x timeout r e-authperiod 472 dot1x re -authenticate 473 dot1x timeout quiet-perio d 473 dot1x timeout tx-period 475 dot1x max-r eq 475 dot1x timeout supp-tim e out 476 dot1x timeout server -timeout 477 show dot1x 478 show dot1x users 481 show dot1x statistics 483 dot1x auth-no t-req 485 dot1x[...]

wlan tx -power au to signal -loss 506 wlan station idle-timeout 507 clear wlan station 508 show wlan 509 show wlan au to-tx-power 510 show wlan logging con figuration 511 show wlan stations 512 show wlan stations cou nters 513 T R OUBLESHOOTING Problem Management 515 T roubleshooting Solution s 515[...]

[...]

1 U SING THE CLI Overview This document describes the Comman d Line Interface (CLI) used to manage the 3Com Unified Gi gabit W ireless PoE switch. Most of the CLI commands ar e applicable to all devices. This chapter describes how to start using the CLI and the CLI command editing features. CLI Command Modes Introduction T o assist in configuring t[...]

20 C HAPTER 1: U SING THE CL I User EXEC Mode After logging into the device, the user is automatically in User EXEC command mode unless the user is define d as a privileged user . In general, the User EXEC commands allow the user to perform basic tests, and list system information. The user -level prompt consists of th e device host name followed b[...]

Overview 21 Global Configuration Mode Global Configuratio n mode commands apply to features that af f ect the system as a whole, r ather than just a specific interface. The configure Privileged EXEC mode command is used to enter the Global Configuration mode. T o enter the Global Configurat ion mode perform the following steps: 1 At the Privileged [...]

22 C HAPTER 1: U SING THE CL I ■ Ethern et — Contains commands to manage port configuratio n. The interface ethernet Global Configuration mode command is u sed to enter the Interface Configuration mode to configure an Ether net type interface. ■ Port Channel — Contains commands to configure port-channels, for example, assigning ports to a p[...]

Editing Features 23 T o start using the CLI, perform the following steps: 1 Connect the DB9 null-modem or cross over cable to the RS-232 serial port of the device to the RS-232 serial port of the terminal or computer running the termin al emulation application. a Set the data format to 8 data bits, 1 stop bit, and no parity . b Set Flow Co ntro l t[...]

24 C HAPTER 1: U SING THE CL I T o enter commands that requir e parameters, enter the required parameters a fter the command keywo rd. For examp le, to set a pa ssword for the administrator , enter: When working with the CLI, the comm and options are not displayed. The command is not selected from a menu, but is manually enter ed. T o see what comm[...]

Editing Features 25 By default, the history buffer system is enabled, but it can be disabled at any time. For informa tion about the command synta x to enable or disabl e the history buffer , see history . There is a standar d default number of commands th at are stor e d in the buffer . The standard number of 10 commands can be increased to 216. B[...]

26 C HAPTER 1: U SING THE CL I The ports may be described on an indi vidual basis or within a ra nge. Use format port number -port number to specify a set of consecutive po rts and port number , port number to indicat es a set of non-consecutive ports. For example, g1-3 stands fo r Gi gabit Ethern et ports 1, 2 and 3, and g1,5 stands for Gigabit Et[...]

Editing Features 27 CLI Command Conventions When entering commands ther e are certain command entry standar ds that apply to all commands. The following table describ es the command conventions. Copying and Pasting Te x t Up to 1000 lines of text (or commands) can be copied and pasted into the device. It is the user’ s responsibility to ensure th[...]

28 C HAPTER 1: U SING THE CL I ■ A device Configu ration mode has been accessed. ■ The commands contain no encryp te d data, like encrypted passwords or keys. Encrypted data cannot be c opied and pasted into the device.[...]

2 AAA C OMMANDS aaa authentication login The aaa authentication login Global Configuration mode command defines login authentication. T o restore defaults, use the no form of this command. Syntax aaa authentication login { default | list-name } method1 [ metho d2 ...] no aaa authentication login { default | list-name } Parameters ■ default — Us[...]

30 C HAPTER 2: AAA C OMMANDS On the console, login succ eeds withou t any authenticati on check if the authenticatio n method is not defined. Command Mode Global Configurat ion mode User Guidelines The default and optional list names created with the aaa authentication login command are used with the login authentication command. Create a list by e[...]

aaa authentication enable 31 ■ list-name — Character string used to name the list of authentication methods activated, when using acce ss higher privilege levels. (Range: 1-12 characters) ■ method1 [ method2 ...] — Specify at least one method fr om the following list: Default Configuration I If the default list is not set, only the enable p[...]

32 C HAPTER 2: AAA C OMMANDS The following example sets the en able password for authentication when accessing higher privilege levels. login authentication The login authentication Line Configu ration mode command specifies the login authentication method list for a remote telnet or console. T o restor e the default co nfiguration specified by the[...]

enable authentication 33 enable authentication The enable authentication Line Config uration mode command specifies the authenticat ion method list when accessing a higher privilege level from a re mote T elnet or console. T o restore the default configurat ion specified by the aaa authentication enable command, use the no form of this command. Syn[...]

34 C HAPTER 2: AAA C OMMANDS Syntax ip http authentication method1 [ method2 ...] no ip http authen tication Parameters ■ Method1 [ metho d2 ...] — Specify at least one method from the following list: Default Configuration The local user database is checked . This has the same effect as the command ip http authentication local. Command Mode Glo[...]

show authentication methods 35 Syntax ip https authentication method1 [ method2 ...] no ip https authentication Parameters ■ method1 [ method2 ...] — Specify at least one method fr om the following list: Default Configuration The local user database is checked . This has the same effect as the command ip https authentication local . Command Mod[...]

36 C HAPTER 2: AAA C OMMANDS Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example displays t he authentication configu ration. Console# show authentication methods Login Authentication Method Lists ---------[...]

password 37 password The passwor d Line Configuration mode command specifies a password on a line. T o r emo ve the password, use the no form of this command. Syntax password pa ssword [ encrypted ] no password Parameters ■ password — Password for this level. (Range: 1-159 characters) ■ encrypted — Encrypted password to be entered, copied f[...]

38 C HAPTER 2: AAA C OMMANDS Parameters ■ password — Password for this level. (Range: 1-159 characters) ■ level — Level for which the password a pplies. If not specified the level is 15 (Range: 1-15). ■ encrypted — Encrypted password enter ed, copied from another device configuration. Default Configuration No enable password is defined.[...]

username 39 ■ encrypted — Encrypted password enter ed, copied from another device configuration. Default Configuration No user is defined. Command Mode Global Configurat ion mode User Guidelines User account can be cr eated without a passwor d . Example The following example configures us er called bob with password ‘lee’ and user level 15 [...]

40 C HAPTER 2: AAA C OMMANDS[...]

3 ACL C OMMANDS ip access-list The ip access-list Global Configuration mode command enables the IP-Access Configuration mode and crea tes Layer 3 ACLs. T o delete an ACL, use the no form of th is command. Syntax ip access-list name no ip access-list name Parameters ■ name — Specifies the name of the ACL. (Range: 0-32 characters) Default Configu[...]

42 C HAPTER 3: ACL C OMMANDS Syntax permit { any | protoc ol } { any | { source source-wildcard }} { any | { destination destin ation-wildcard }} [ dscp dscp numbe r | ip-pr ecedence ip-precedence ] permit-icmp { any | { source source-wildcard }} { any | { destination destination-wildcard }} { any | icmp-type } { any | icmp-code } [ dscp number | i[...]

permit (ip) 43 The following table lists the protocols that can be specified: ■ dscp — Indicates matchin g the dscp number wi th the packet dscp value. ■ ip-pr ecedence — Indi cates matchi ng ip-p r ecedence with th e packet ip-precedence value. ■ icmp-type — Specifies an ICMP message type for filtering ICMP packets. Enter a value or on[...]

44 C HAPTER 3: ACL C OMMANDS alternate-host-address, echo-re quest, r outer -advertisement, router -solicitation, time- exceeded, parameter -problem, timestamp, timest amp-reply , information-request, information-re ply , address-mask-r equest, address-mask-r eply , traceroute, datagram-conversion-err or , mobile-host-redir ect, ipv6-where-ar e-you[...]

deny (IP) 45 Example The following ex ample shows how to define a permit statement for an IP ACL. deny (IP) The deny IP-Access List Configuration mo de command denies traffic if the conditions defined in the deny statement match. Syntax deny [ disable-port ] { any | protocol } { any | { source source-wildcard }} { any | { destination destination-wi[...]

46 C HAPTER 3: ACL C OMMANDS ■ dscp — Indicates matchin g the dscp number wi th the packet dscp value. ■ ip-pr ecedence — Indicat es matching i p -p r ecedence with the packet ip-precedence value. IP Protoc ol Abbreviated Name Protocol Number Internet Control Me ssage Protocol icmp 1 Internet Group Management Protoc ol igmp 2 IP in IP (enca[...]

mac access-list 47 Default Configuration This command has no default configurat ion Command Mode IP-Access List Config uration mode User Guidelines Use the ip access-list Global Configuration mode command to enable the IP-Access List Configuration mode. Before an Access Contr ol Element (A CE) is added to an ACL, all packets are permitted. After an[...]

48 C HAPTER 3: ACL C OMMANDS User Guidelines There ar e no user guideline s for this command. Example The following example shows how to create a MAC ACL. permit (MAC) The permit MAC-Access List Configuration mode command def ines permit conditions of an MAC ACL. Syntax permit { any | { host s ource source-wildcar d} any | { destination destination[...]

deny (MAC) 49 User Guidelines Before an Access Contr ol Element (A CE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packet s that do not match the conditions defined in the permit statement are denied. If the VLAN ID is specified, the policy map canno[...]

50 C HAPTER 3: ACL C OMMANDS ■ cos-wildcard — Specifies wildcard bits to be applied to the CoS. ■ eth-type — Specifies the packet ’ s Ethernet type. Default Configuration This command has no default configurat ion. Command Mode MAC-Access List Configuration mode User Guidelines MAC BPDU packets cannot be denied. This command defin es an A[...]

show access-lists 51 Parameters ■ acl-name —Specifies the ACL to be a pplied to the input interface. Default Configuration This command has no default configurat ion. Command Mode Interface (Ethernet, port-ch annel) Configur ation mode. User Guidelines In advanced mode, when an ACL is bound to an interface, the port trust mode is set to trust 1[...]

52 C HAPTER 3: ACL C OMMANDS Example The following example displays access list s defined on a device. show interfaces access-lists The show interfaces access-lists Privileged EXEC mode command displays access lists applied on interfaces. Syntax show interfaces access-lists [ ethernet interface | port-channel port-channel-number ] Parameters ■ in[...]

show interfaces access-lists 53 Example The following example displays ACLs applied t o the interfaces of a device: Console# show interfaces access-lists Interface Input ACL --------- --------- g1 ACL1 g1 ACL3[...]

54 C HAPTER 3: ACL C OMMANDS[...]

4 A DDR ESS T ABLE C OMMANDS bridge address The bridge address Interface Configuration (VLAN) mode command adds a MAC-layer station source addre ss to the bridge table. T o delete the MAC address, use the no fo rm of this command. Syntax bridge addr ess mac-ad dress { ether net interface | port-channel port-channel-number } [ permanent | delete-on-[...]

56 C HAPTER 4: A DDRESS T ABLE C OMMA NDS Command Mode Interface Configur ation (VLAN) mo de User Guidelines Using the no form of the command without specifying a MAC address deletes all static MAC addre sses belonging to this VLAN). Example The following example adds a permanen t static MAC-layer station sour ce address 3aa2.64b3.a245 on port 1 to[...]

bridge multicast address 57 If multicast devices exist on the VL AN and IGMP-snooping is not en abled, the bridge multicast forwar d-all command should be used to enable forwarding all multicast packet s to the multicast switches. Example In the folowing example, bridge multicast filtering is enabled. bridge multicast address The bridge multicast a[...]

58 C HAPTER 4: A DDRESS T ABLE C OMMA NDS Default Configuration No multicast addr esses are def ined. Command Mode Interface Configur ation (VLAN) mo de User Guidelines If the command is executed without add or re mo v e , the command only registers the gr o up in the bridge database. Static multicas t addresses can only be defined on static VLANs.[...]

bridge multicast forward-all 59 Parameters ■ add — Adds ports to the group. ■ rem o ve — Removes ports from the group. ■ mac-multicast-address — A valid MA C multicast address. ■ ip- multicast-address — A valid IP multicast addr ess. ■ interface-list — Separate nonconsecutive Et her net ports with a comma and no spaces; hyphen i[...]

60 C HAPTER 4: A DDRESS T ABLE C OMMA NDS Syntax bridge multicast forward-all { add | remo v e } { ether net int erface-list | port-channel port-cha nnel-numbe r -list } no bridge multicast f orward-all Parameters ■ add — Force forwar ding all multicast packets. ■ rem o ve — Do not force forwarding all multicast packets. ■ interface-list [...]

bridge multicast forbidden fo rward-all 61 Syntax bridge multicast forbidden forward-all { add | re m ov e } { ether net interface-list | port-channel port-channel-number -list } no bridge multicast f orbidden forward-all Parameters ■ add — Forbids forwarding all multicast packets. ■ rem o ve — Does not forbid forwar ding all multicast pack[...]

62 C HAPTER 4: A DDRESS T ABLE C OMMA NDS bridge aging-time The bridge aging-time Global Configuration mode command sets the address table aging time. T o restor e the default configuration, use the no form of this comma nd. Syntax bridge aging-time seconds no bridge aging-time Parameters ■ seconds — Time in second s. (Range: 10-630 seconds) De[...]

port security 63 Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example In the following example, the bridge tables are cleared. port security The port security Interface Configuration mode command locks the port to block unknown traffic and pr event the port from learning new addresses. T o rest[...]

64 C HAPTER 4: A DDRESS T ABLE C OMMA NDS Default Configuration This setting is disabled. Command Mode Interface Configuration (Eth ernet, port-chan nel) mode User Guidelines There ar e no user guideline s for this command. Example In this example, port g1 forwards all packets without learning addresses of packets from unknown sources and sends tra[...]

port security routed secure-addr ess 65 Command Mode Interface Configuration (Eth ernet, port -channel) mode User Guidelines There ar e no user guideline s for this command. Example In this example, port security mode is set to dynamic for Ether net interface g7. port security routed secure-addr ess The port security routed secur e-addr ess Interfa[...]

66 C HAPTER 4: A DDRESS T ABLE C OMMA NDS The command enable s adding secure MAC addr esses to a r outed port in port security mode. The command is available when the port is a routed port and in port security mode. The addr ess is deleted if the port exits the security mo de or is not a r outed port. Example In this example, the MAC-layer a ddress[...]

show bridge address-table static 67 User Guidelines Internal usage VLANs (VLANs that are automatically allocated on ports with a defined Layer 3 interface) ar e presented in the VLAN co lumn by a port number and not by a VLAN ID. "Special" MAC addresses that wer e not statically defined or dynamically learned are displayed in the MAC addr[...]

68 C HAPTER 4: A DDRESS T ABLE C OMMA NDS Parameters ■ vlan — Specifies a valid VLAN, such as VLAN 1. ■ interface — A valid Ethernet po rt. ■ port-channel-number — A valid port-channel number . Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guidel[...]

show bridge address-table count 69 Syntax show bridge address-table count [ vlan vlan ] [ ether net interface-number | port-channel port- channel-number ] Parameters ■ vlan — Specifi es a valid VLAN, such as VLAN 1. ■ interface — A valid Ethernet po rt. ■ port - channel-number — A valid port-channel numb er . Default Configuration This [...]

70 C HAPTER 4: A DDRESS T ABLE C OMMA NDS show bridge multicast address-table The show bridge multicast address-table Privileged EXEC mode command displays multicast MAC address or IP address table information. Syntax show bridge multicast address-table [ vlan vlan-id ] [ address mac-multicast-address | ip-multicast-address ] [ format ip | format m[...]

show bridge multicast address-table 71 A multicast MAC address m aps to multipl e IP addr esses as shown above . 19 01:00:5e:02:02 :08 static g1-8 19 00:00:5e:02:02 :08 dynamic g9-11 Forbidden ports for multica st addresses: Vlan MAC Address Ports ---- -------------- ----- 1 01:00:5e:02:02 :03 8 19 01:00:5e:02:02 :08 8 Console# show bridge multicas[...]

72 C HAPTER 4: A DDRESS T ABLE C OMMA NDS show bridge multicast filtering The show bridge multicast filtering Privileged EXEC mode c o mmand displays the multicast filtering configuration. Syntax show bridge multicas t filtering vlan-id Parameters ■ vlan-id — Indicates the VLAN ID. This ha s to be a valid VLAN ID value. Default Configuration Th[...]

show ports security 73 show ports security The show ports security Privileged EXEC mode co mmand displ ays the port-lock status. Syntax show ports secu rity [ ethernet interface | port-channel port-channel-number ] Parameters ■ interface — A valid Ethernet po rt. ■ port-channel-number — A valid port-channel nu mber . Default Configuration T[...]

74 C HAPTER 4: A DDRESS T ABLE C OMMA NDS The following table describes the f ields shown above. show ports security addresses The show ports security addresses Privileged EXEC mode command displays the current dynamic addr esses in locked ports. Syntax show ports security addr esses [ ether net interface | port-channel port-channel-number ] Parame[...]

show ports security addresses 75 User Guidelines There ar e no user guideline s for this command. Example This example displays dynamic addresses in all currently locked ports. This example displays dynamic addresses in the currently locked port 1. Console# show ports security addresses Port Status Learning Current Maximum ---- -------- -------- --[...]

76 C HAPTER 4: A DDRESS T ABLE C OMMA NDS[...]

5 E THER NET C ONFIGURATION C OMMANDS interface ether net The interface ether net Global Configuration mode command enter s the interface configu ration mode to configure an Ethernet t ype interface. Syntax interface ethernet interface Parameters ■ interface — V alid Ether net port. Elana Default Configuration This command has no default config[...]

78 C HAPTER 5: E THE RNET C ONFIGURA TION C OMMANDS Parameters ■ port-list — List of valid ports. Where more than one port is listed, separate the nonco nsecutive ports with a comma and no spaces, use a hyphen to designate a range of po rts and group a list separated by commas in brackets. ■ all — All Ether net ports. Default Configuration [...]

description 79 Command Mode Interface Configuration (Eth ernet, port -channel) mode User Guidelines There ar e no user guideline s for this command. Example The following example disables Ether net port g5 operations. The following example restarts the disabled Ether net port. description The description Interface Config uration (E thernet, por t-c[...]

80 C HAPTER 5: E THE RNET C ONFIGURA TION C OMMANDS Example The following example adds a description to Ethernet port g5. speed The speed Inter face Configuration (Ether net, port-ch annel) mode command configures the speed of a given Ether net interface when not using auto-negotiation. T o restore the default configuration, use the no form of this[...]

duplex 81 duplex The duplex Interface Conf iguration (Ether net) mode command configures the full/half duplex opera tion of a given Ethernet interface when not using auto-negotiation. T o restore the default configuration, use the no form of this command. Syntax duplex {half | full} Parameters ■ no duplex ■ half — Forces half-duplex operation[...]

82 C HAPTER 5: E THE RNET C ONFIGURA TION C OMMANDS Syntax negotiation [ capability1 [cap ability2…capability5 ]] no negotiation Parameters ■ capability — Specifies the ca pa bilities to advertise. (Possible values: 10h, 10f, 100h,100f, 1000f ) Default Configuration Auto-negotiation is enabled. If unspecified, the default setting is to enable[...]

mdix 83 Parameters ■ auto — Indicates auto-negotiation ■ on — Enables flow control. ■ off — Disables flow control. Default Configuration Flow contr ol is off. Command Mode Interface Configuration (Eth ernet, port -channel) mode User Guidelines Negotiation should be enabled for flow control auto. Example In the following example, flow co[...]

84 C HAPTER 5: E THE RNET C ONFIGURA TION C OMMANDS User Guidelines Auto : All possibilities to connect a PC with cross or normal cables ar e supported and are automatically detected. On : It is possible to connect to a PC only with a normal cable and to connect to another device only with a cross cable. No : It is possible to connect to a PC only [...]

set interface active 85 Example In the following example, the counters for interface 1 are clear ed. set interface active The set interface active Privileged EXEC mode command reactiva tes an interface that was shutdown. Syntax set interface active { ether net interface | port-channel port-channel-number } Parameters ■ interface — V alid Ether [...]

86 C HAPTER 5: E THE RNET C ONFIGURA TION C OMMANDS Syntax show interfaces advertise [ ethe rnet interface | port-channel port-channel-number ] Parameters ■ interface — V alid Ether net port.Elana ■ port-channel-number — V alid port-channel number . Default Configuration This command has no default configurat ion. Command Modes Privileged E[...]

show interfaces con figuration 87 show interfaces configuration The show interfaces configuration Privileged EXEC mode command displays the configuration for all configured interfaces. Syntax show interfaces configuration [ ethernet interface | port-channel port-channel-number ] Parameters ■ interface — V alid Ether net port.Elana ■ port-chan[...]

88 C HAPTER 5: E THE RNET C ONFIGURA TION C OMMANDS show interfaces status The s how interfaces status Privileged EXEC mode command displays the status of all configured interfaces. ---- ---- ---- --- ---- -- ---- - ---- --- ---- ---- - ---- ---- ---- 1 100M -Cop per Full 100 Enab led Off Up Disa bled Auto 2 100M -Cop per Full 100 Enab led Off Up D[...]

show interfaces status 89 Syntax show interfaces status [ ether net interface | port-channe l port-channel-number |] Parameters ■ interface — A valid Ethernet po rt. Elana ■ port-channel-number — A valid port-channel numb er . Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guideline[...]

90 C HAPTER 5: E THE RNET C ONFIGURA TION C OMMANDS show interfaces description The show interfaces description Privileged EXEC mode command displays the description for all configured interfaces. Syntax show interfaces description [ ethernet interface | port-channel port-channel-number ] Parameters ■ interface — V alid Ether net port. ( Full s[...]

show interfaces counters 91 Default Configuration This command has no default configurat ion. Command Modes Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example displays descri ptions of configured interfaces. show interfaces counters The show interfaces counters Privileged EXEC m ode [...]

92 C HAPTER 5: E THE RNET C ONFIGURA TION C OMMANDS Default Configuration This command has no default configurat ion. Command Modes Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following ex ample displays traffi c seen by the phys ical interface. Console# show interfaces counters Port InOctets I[...]

show interfaces counters 93 The following table describes the fields shown in the display . The following table describes the fields shown in the display . Ch OutOctets OutUcastPkt s OutMcastPkt s OutBcastPkt s --- --------- ----------- - ----------- - ----------- - 1 23739 0 0 0 Console# show interfaces counters ethernet 1 Port InOctets InUcastPkt[...]

94 C HAPTER 5: E THE RNET C ONFIGURA TION C OMMANDS port storm-control include-multicast (GC) The port storm-control include-multicast Interface Configuration mode command enables counting multicast packets in the port storm-control br oadcast rate command. T o disable counting multicast packets, use the no form of this command. Syntax port storm-c[...]

port storm-control in clude-multicast (IC) 95 User Guidelines T o control multicasts storms, use the port storm-control br oadcast enable and port storm-control broadcast rate commands. Example The following example enab les counting multica st packets. port storm-control include-multicast (IC) The port storm-control include-multicast Interface Con[...]

96 C HAPTER 5: E THE RNET C ONFIGURA TION C OMMANDS Example The following example e nables counti ng broadcast and multicast packets on Ethernet port 2. port storm-control broadcast enable The port storm-control b roadcast enable Interface Configuration (Ethern et) mode command enables br o adcast storm control. T o disable broadcast storm control,[...]

port storm-control broadcast rate 97 port storm-control broadcast rate The port storm-control br oadcast rate Interface Conf iguration (Ethern et) mode command configures the maximum br oadcast rate. T o restor e the default co nfiguration, use the no form of this command. Syntax port storm-control broadcast rate rate no port storm-control broadcas[...]

98 C HAPTER 5: E THE RNET C ONFIGURA TION C OMMANDS Default Configuration This command has no default configurat ion. Command Modes Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example displays the sto rm control configuration. Console# show ports storm-control Port State Rate [Kbits/S[...]

6 L INE C OMMANDS line The line Global Configu ration mode command identifies a specific line for configuration and enters the Line Configuration command mode. Syntax line { console | telnet | ssh } Parameters ■ console — Console terminal line. ■ telnet — Virtual terminal for remo te console access (T elnet). ■ ssh — Virtual terminal fo[...]

100 C HAPTER 6: L IN E C OMMANDS Syntax speed bps Parameters ■ bps — Baud rate in bits per second (bps). Possible values are 2400, 4800, 9600, 19200, 3 8400, 57600 and 11 5200. Default Configuration The default speed is 19200 bps. Command Mode Line Configuration (console) mode User Guidelines This command is available only on the line console. [...]

exec-timeout 101 User Guidelines This command is available only on the line console. T o start communication using Autobaud , pr ess < Enter > twice. This configuration applies only to the current session. Example The following example enables autoba ud.l exec-timeout The exec- timeout Line Configuration mo de command sets the interval that t[...]

102 C HAPTER 6: L IN E C OMMANDS Example The following example configures the interval that the system waits until user input is detected to 20 minutes. history The history Line Configuration mode command enables the command history function. T o disable the command history function, use the no form of this comma nd. Syntax history no history Defau[...]

terminal history 103 Syntax history size number -of-commands no history size Parameters ■ number -of-commands —Number of commands that the system recor ds in its history buffer . (Range: 10-20 0) Default Configuration The default history buffer size is 10. Command Mode Line Configuration mode User Guidelines This command configures the command [...]

104 C HAPTER 6: L IN E C OMMANDS Command Mode User EXEC mode User Guidelines There ar e no user guideline s for this command. Example The following example disables the command history function for the current terminal session. terminal history size The terminal history size User EXEC mode command configures the command history buffer size for the [...]

show line 105 Example The following example configures the command history buffer size to 20 commands for the current terminal session. show line The show line Privileged EXEC mode command displays line parameters. Syntax show line [console | telnet | ssh] Parameters ■ console — Console terminal line. ■ telnet — Virtual terminal for remo te[...]

106 C HAPTER 6: L IN E C OMMANDS Parity: none Stopbits: 1 Telnet configuration: Interactive timeout: 10 minutes 10 seconds History: 10 SSH configuration: Interactive timeout: 10 minutes 10 seconds History: 10[...]

7 PHY D IAGNOSTICS C OMMANDS test copper -port tdr The test copper -port tdr Privileged EXEC mode command uses T ime Domain Reflectometry (T DR) technology to diagno se the quality and characteristics of a copper cable attached to a port. Syntax test copper -port tdr interface Parameters ■ interface — A valid Ethernet po rt. Elana Default Confi[...]

108 C HAPTER 7: PHY D IA GNOSTICS C OMMANDS Example The following example results in a report on the cable attached to port g3. show copper -ports tdr The show copper -ports tdr Privileg ed EXEC mode command displays information on the last T ime Domain Reflectometry (TDR) test performed on copper ports. Syntax show copper -ports tdr [ inter face ][...]

show copper-ports cable-length 109 show copper -ports cable-length The show copper -ports cable-length Privileged EXEC mode command displays the estimated copper cable length at tached to a port. Syntax show copper -ports cable-length [ interface ] Parameters ■ interface — A valid Ethernet po rt. Elana Default Configuration This command has no [...]

110 C HAPTER 7: PHY D IA GNOSTICS C OMMANDS Example The following example displays th e estimated coppe r cable length attached to all ports. show fiber -ports optical-transceiver The show fiber -ports optical-transceiver Privileged EXEC mode command displays the optica l t ransceiver diagnostics. Syntax s how fiber - ports optical-transceiver [ in[...]

show fiber-ports optical-transceiver 111 Example The following ex ample displays the optical transce iver diagnosti cs results. Console# show fiber-ports optical-transceive r 21 Curre nt Output Port Temp Volta ge Power Power Input LOS ---- ---- ----- -- ----- -- ----- - ----- --- 21 OK OK OK OK OK No Temp – Internally measured transceiver tempera[...]

112 C HAPTER 7: PHY D IA GNOSTICS C OMMANDS Console# show fiber-ports optical-transceive r 21 detailed Current Output Port Temp Voltage Power Power Input LOS [C] [Volt] [mA] [mWatt] [mWatt] ---- ---- ------- ------- ------ ----- ------- 21 34 3.35 8.4 3 2.72 7.71 No Temp – Internally measured transceiver temperature. Voltage - Internally measur e[...]

8 P ORT C HANNEL C OMMANDS interface port-channel The interface port-channel Global Configuration mode command enters the Global Configu ration mode to configure a specific port-channel. Syntax i nterface port-channel port-channel-number Parameters ■ port-channel-numbe r — A valid port-channel nu mber . (R ange: 1-8) Default Configuration This [...]

114 C HAPTER 8: P ORT C HANNEL C OMMANDS Syntax interface range port-channel { port-channel-range | all } Parameters ■ port-channel-range — List of v alid port-c hannels to add. Sepa rate nonconsecutive port-channels with a comma and no spaces. A hyphen designates a range of port-channels. (Range: 1-8) ■ all — All valid port-channels. Defau[...]

show interfac es port-channel 115 ■ auto — Allows the port to join a ch annel as a r esult of an LACP operation. Default Configuration The port is not assigned to a port-channel. Command Mode Interface Configuration (Ether net) mode User Guidelines There ar e no user guideline s for this command. Example The following example forces port 1 to j[...]

116 C HAPTER 8: P ORT C HANNEL C OMMANDS The following example displays inf ormation on all port-channels. Console# show interfaces port-channel Channel Ports ------- ------------------- ------------ -- 1 Active: g1, g2 2 Active: g2, g7 Inactive: g1 3 Active: g3, g8[...]

9 Q O S C OMMANDS qos The qos Global Configur ation mode comma nd enables quality of service (QoS) on the device. T o disa ble QoS on the device, use the no form of this command. Syntax qos [basic | advanced ] no qos Parameters ■ basic — QoS basic mode. ■ advanced — QoS advanced mode, which enables the full range of QoS configuration. Defau[...]

118 C HAPTER 9: Q O S C OMMANDS show qos The show qos Privileged EXEC mode command displays the quality of service (QoS) mode for the device. Syntax show qos Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines T rust mode is displayed if QoS is enabled in basic mode. Example The follo[...]

class-map 119 ■ match-any — Checks that the packet matches one or more classification criteria in the class map match statement. Default Configuration By default, the match-all parameter is selected. Command Mode Global Configurat ion mode User Guidelines The class-map Global Configuration mode co mmand is used to d efine packet classification,[...]

120 C HAPTER 9: Q O S C OMMANDS show class-map The show class-map Privileged EXEC mode comm and displays all class maps. Syntax show class-map [ class-map-name ] Parameters ■ class-map-name — Specifies the name of the class map to be displayed. Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode [...]

policy-map 121 Default Configuration No match criterion is suppor ted. Command Mode Class-map Configuration mo de. User Guidelines There ar e no user guideline s for this command. Example The following example defines the mat ch criterion for class ifying traffic as an access group called ‘enterprise’ in a class map called ‘class1’. policy-[...]

122 C HAPTER 9: Q O S C OMMANDS Configuration and match Class-map Configuration commands to def ine the match criteria of a class. Only one policy map per interface pe r direction is supported. A policy map can be applied to multiple interfaces and directions. Example The following example creates a polic y map called ‘policy1’ and enters the P[...]

show policy-map 123 Use the service-policy (Ethernet, Port-channel) Interface Configuration mode command to attach a policy ma p to an interface. Use an existing class map to attach classification crit eria to the specified policy map and use the access-group parameter to modify the cl assification criteria of the class map. If this command is used[...]

124 C HAPTER 9: Q O S C OMMANDS Example The following example displays all policy maps. trust cos-dscp The trust co s-dscp Policy- map Class Configuration mode command configures the trust state. The trust state determines the source of the internal DSCP value used by Qualit y of Service (QoS). T o restore the default configuration, use the no for [...]

set 125 Example The following example con figures the trust state for a class called ‘class1’ in a policy map called ‘policy1’. set The set Policy-map Class Configuration mo de command sets new values in the IP packet. Syntax set { dscp new-dscp | queue queue-id | cos new-cos } no set Parameters ■ new-dscp — Specifies a new DSCP value f[...]

126 C HAPTER 9: Q O S C OMMANDS T o r eturn to the Policy-map Configuration mode, use the exit command. T o return to the Privileged EXEC mode, use the end command. Example The following example sets the DS CP value in the packet to 56 for classes in policy map called ‘policy1’. police The police Policy-map Class Configuration mo de command def[...]

service-polic y 127 User Guidelines Policing uses a token bucket algorit hm. CIR repr esents the speed with which the token is removed from the bucket. CBS r ep resents the depth of the bucket. Example The following example defines a policer for classif ied traffic. When the traffic rate exceeds 124,000 bps or the normal burst size exceeds 96000 bp[...]

128 C HAPTER 9: Q O S C OMMANDS Example The following example attaches a polic y map called ‘poli cy1’ to the input interface. qos aggregate-policer The qos aggregate-policer Global Configuration mo de command defines the policer parameters that can be applied to multiple traf fic classes within the same policy map. T o remove an existing aggre[...]

show qos aggregate- policer 129 Define an aggregate policer if the polic er is shared with multiple classes. Policers in one port cannot be shared with other policers in another device; traffic fr om two differ ent ports can b e aggregated for policing purposes. An aggr egate policer can be applied to multi ple classes in the same policy map; An ag[...]

130 C HAPTER 9: Q O S C OMMANDS User Guidelines There are no user guideline s. Example The following ex ample displays the pa rameters of the aggregate policer called ‘policer1’. police aggregate The police aggregate Policy-map Class Configuration mode command applies an aggregate policer to mult iple classes within the same policy map. T o r e[...]

wrr-queue cos-map 131 Example The following exam ple applies the aggregate policer called ‘policer’1 to a class called ‘class1’ in po licy map call ed ‘policy1’. wrr -queue cos-map The wrr -queue cos-map Global Configurat ion mode command maps Class of Service (CoS) va lues to a specific egr ess queue. T o restor e the default configura[...]

132 C HAPTER 9: Q O S C OMMANDS User Guidelines This command can be used to distribute traffic into d iffer ent qu eues, where each queue is configur ed with differ ent Weighted Round Rob in (WRR) and Weighted Random Early Det ection (WRED) parameters. It is r ecommended to specifically map a single VPT to a queue, rather than mapping multiple VPT [...]

priority-queue out num-of-queues 133 User Guidelines Use the priority-queue out num-of-queues Global Config uration mode command to configure a queue as WRR or Strict Priority . Use this command to define a W RR weight per interface. The weight ratio for each queue is defined by the queue weight divided by the sum of all queue weights (i.e., the no[...]

134 C HAPTER 9: Q O S C OMMANDS Command Mode Global Configurat ion mode User Guidelines Configuring the number of expedite queues affects the Weighted Round Robin (WRR) weight ratio because fe wer queues participate in the WRR. Example The following example configures th e number of expedite queues as 0. traffic-shape The traffic-shape Interface Co[...]

rate-limit interface con figurat ion 135 T o activat e the shaper on an egress port, enter the Interface Configuration mode and specify th e por t number . T he CIR and the CBS will be applied to the specified port. Example The following example sets a shaper on Ether net port g5 when the average traffic rate exceeds 124 kbps or the normal bu rst s[...]

136 C HAPTER 9: Q O S C OMMANDS Examples The following example limits the rate of the incoming tr affic to 62. show qos interface The show qos interface Privileged EXEC mode command displays Quality of Service (QoS) in format ion on the interface. Syntax show qos interface [ ethernet interface-number | port-channel number | port-channel number] [ q[...]

show qos interface 137 Example The following example disp lays the buffer settings for queues on Ether net port 1. Console# show qos interface ether- net g1 buffers Ethernet g1 Notify Q depth qi d Si ze 11 2 5 21 2 5 31 2 5 41 2 5 51 2 5 61 2 5 71 2 5 81 2 5 qi d Threshold 11 0 0 21 0 0 31 0 0[...]

138 C HAPTER 9: Q O S C OMMANDS qos map policed-dscp The qos map policed-dscp Global Configurat ion mode command modifies the policed-DSCP map for remarking purposes. T o r estore the default map, use the no form of this command . Syntax qos map policed-dscp dscp-list to dscp-mar k-down no qos map policed-dscp 41 0 0 5N / A 6N / A 7N / A 8N / A qi [...]

qos map dscp-queue 139 Parameters ■ dscp- list — Specifies up to 8 DSCP va lues separated by a space. (Range: 0-63) ■ dscp-mark-down — Specifies the DS CP value to mark down. (Range: 0-63) Default Configuration The default map is the Null map, whic h means that each incoming DSCP value is mapped to the same DS CP value. Command Mode Global [...]

140 C HAPTER 9: Q O S C OMMANDS Default Configuration The following table describes the d efault map. Command Mode Global Configurat ion mode User Guidelines There ar e no user guideline s for this command. Example The following ex ample maps DSCP values 33, 40 and 41 to queue 1. qos trust (Global) The qos trust Global Configuration mode command co[...]

qos trust (Interface) 141 Command Mode Global Configurat ion mode User Guidelines Packets entering a quality of service (QoS) domain are classified at the edge of the QoS domain. Whe n packets are classified at the edge, the switch port within the QoS domain can be configur ed to on e of the trusted states because there is no need to classify the p[...]

142 C HAPTER 9: Q O S C OMMANDS User Guidelines There ar e no user guideline s for this command. Example The following example configures Et hern et port 15 to the default trust state. qos cos The qos cos Interface Configu ration (Eth er net, port-channel) mode command defines the default CoS value of a port. T o restor e the default configuration,[...]

qos dscp-mutation 143 qos dscp-mutation The qos dscp-mutation Global Config uration mode command ap plies the DSCP Mutation map to a system DSCP trusted port. T o restor e th e trust state with no DSCP mutation, use the no form of this command. Syntax qos dscp-mutation no qos dscp-mutation Default Configuration This command has no default configura[...]

144 C HAPTER 9: Q O S C OMMANDS Syntax qos map dscp-mutation in-dscp to out -dscp no qos map dscp-mutation Parameters ■ in-dscp — Specifies up to 8 DSCP va lues separated by spa ces. (Range: 0-63) ■ out-dscp — Specifies up to 8 DSCP values separate d by spaces. (Range: 0-63) Default Configuration The default map is the Null map, whic h mean[...]

security-suite dos protect 14 5 Parameters ■ global-rules-only — Specifies that all the se curity suites commands would be only global commands. This setting saves space in the T er nary Conten t Addressable Memory (TCAM). Default Configuration No protection is configur ed. Command Mode Global Configurat ion mode User Guidelines MAC ACLs should[...]

146 C HAPTER 9: Q O S C OMMANDS Command Mode Global Configurat ion mode User Guidelines The following table describes a list of Do S attacks and the protection type: Example The following example protects the system from the Invasor T rojan. security-suite deny martian-addresses The security-suite deny martian-addresses Global Configuration mode co[...]

security-suite deny martian-addresses 147 ■ res e rv e d — Specify to discard packets with source address or destination address in the block of the reserved IP addr esses. See the usage guidelines for a list of r eserved addresses. Default Configuration Martian addresses ar e allowed. Command Mode Global Configurat ion mode User Guidelines The[...]

148 C HAPTER 9: Q O S C OMMANDS Example The following example discard all packets with a source addr ess or a destination address in the block of the reserved IP addresses. 192.168.0.0/16 Privat e-Use Networks. 198.18.0.0/15 This block has been allocated for use in benchmark tests of network interconnect devices. Address bloc k Pre sent use Console[...]

10 C LOCK C OMMANDS clock set The clock se t Privileged EXEC mode command manually sets the system clock. Syntax clock set hh:mm:ss day month year or clock set hh:mm:ss month day year Parameters ■ hh:mm:ss — Current time in hours (mil itary format), minutes, and seconds. (hh: 0-23, mm: 0- 59, ss: 0-59) ■ day — Current day (by date) in the m[...]

150 C HAPTER 10: C LOCK C OMMANDS Example The following example sets the system time to 13:32:00 on March 7th, 2005. clock source The clock source Global Configuration mode command configures an external time source for the system clock. Use no form of this command to disable external time source. Syntax clock source {sntp} no clock source Paramete[...]

clock summer-time 151 Syntax clock timezone hours-offset [ minutes minu tes-offset] [ zone acronym ] no clock timezone Parameters ■ hours-offset — Hours difference fr om UTC. (Ran ge: –12 hours to +13 hours) ■ minutes-offset — Minutes differ ence from UTC. (Range: 0-59) ■ acronym — The acronym of the time zone. (Range: Up to 4 charact[...]

152 C HAPTER 10: C LOCK C OMMANDS clock summer -time date month date year hh:mm month date year hh:mm [ offset offset ] [ zone acronym ] no clock summer -time recurring Parameters ■ recurring — Indicates that su mmer time should start and end on the corresponding specified days every year . ■ date — Indicates that summer time s hould start [...]

sntp authentication-key 153 User Guidelines In both the date and recurring forms of the command, the first part of the command specifies when sum m er time begins, and the second part specifies when it ends. All times ar e relative to the local t ime zone. T he start time is r elative to st andar d time . The end time is relative to summer time. If[...]

154 C HAPTER 10: C LOCK C OMMANDS ■ value — Key value (Range: 1-8 characters) Default Configuration No authentication key is defined. Command Mode Global Configurat ion mode User Guidelines Multiple keys can be generated. Example The following example defines th e auth entication key for SNTP . sntp authenticate The sntp authenticate Global Con[...]

sntp trusted-key 155 Example The following example defines the auth entication key for SNTP and grants authentication. sntp trusted-key The sntp trusted-key Global Configuration mo de command authenticates the identity of a syst em to which Sim ple Network Time Protocol (SNTP) will synchronize. T o disable authenticati on of the identity of the sys[...]

156 C HAPTER 10: C LOCK C OMMANDS Example The following example authenticates key 8. sntp client poll timer The sntp client poll timer Global Configuration mode command sets the polling time for the Simple Networ k Time Protocol (SNTP) client. T o restor eT o restoreT o restor e default configuration, use the no form of this command. Syntax sntp cl[...]

sntp anycast client enable 157 sntp anycast client enable The sntp anycast client enable Global Configuration mod e command enables SNTP anycast client. T o disa ble the SNTP anycast c lient, use the no form of this command. Syntax sntp anycast client enable no sntp anycast client enable Default Configuration The SNTP anycast client is disabled. Co[...]

158 C HAPTER 10: C LOCK C OMMANDS Default Configuration The SNTP client is disabled on an interface. Command Mode Interface Configuration (Ether net, port-channel, VLAN) mode User Guidelines Use the sntp anycast client enable Global Configuration mode command to enable anycast clients globally . Example The following example enables the S NTP clien[...]

sntp unicast client poll 159 Example The following example enables the device to use the Simple Network T ime Protocol (SNTP) to re quest and accept SNTP tr affic fr om servers. sntp unicast client poll The sntp unicast client poll Global Configuration mod e command enables polling for the Simple Network T ime Protocol (SNTP) pr edefined unicast se[...]

160 C HAPTER 10: C LOCK C OMMANDS Syntax sntp server { ip-address | hostname }[ poll ] [ key keyid ] no sntp server host Parameters ■ ip-address — IP addr ess of the server . ■ hostname — Hostname of the server . (Range: 1-158 characters) ■ poll — Enable polling. ■ keyid — Authentication key to use wh en sending packet s to this pee[...]

show clock 161 Syntax show clock [detail] Parameters ■ detail — Shows timezone and summertime configuration. Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines The symbol that precedes the show clock disp lay indicates th e following: Example The following example displays the ti[...]

162 C HAPTER 10: C LOCK C OMMANDS show sntp configuration The show sntp configuration Privileged EXEC mode command shows the configuration of the Simple Netwo rk T ime Pr otocol (SNTP). Syntax show sntp configuration Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no us[...]

show sntp status 163 show sntp status The show sntp status Privileged EXEC mode command shows the status of the Simple Network T ime Protocol (SNTP). Syntax show sntp status Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Authentica[...]

164 C HAPTER 10: C LOCK C OMMANDS Example The following example shows the status of the SNTP . Console# show sntp status Clock is synchronized, stra tum 4, reference is 176.1.1.8, u nicast Reference time is AFE2525E. 70597B34 (00:10:22.438 PDT Jul 5 1993) Unicast servers: Server Status Last response Offset [mSec] Delay [mSec] -------- --- ------- -[...]

show sntp status 165 g13 0.0.0.0 00:00:00.0 Feb 19 2005 vlan 1 16.1.1.2 00 15:15:16 .0 LLBG Feb 19 2006[...]

166 C HAPTER 10: C LOCK C OMMANDS[...]

11 RMON C OMMANDS show rmon statistics The show rmon statistics Privileged EXEC mode command displays RMON Ethernet statistics. Syntax show rmon statistics { ethernet interface numbe r | port-channe l port-channel-number } Parameters ■ interface number — V alid Eth ernet port. ■ port-channel-number — V alid port-channel number . Default Con[...]

168 C HAPTER 11: RMON C OMMAND S The following table describes the significant fields shown in the display . Console# show rmon statisti cs ethernet 1 Port: 1 Octets: 878128 Packets: 978 Broadcast: 7 Multicast: 1 CRC Align Errors: 0 Collisions: 0 Undersize Pkts: 0 Oversize Pkts: 0 Fragments: 0 Jabbers: 0 64 Octets: 98 65 to 127 Octets: 0 128 to 255[...]

rmon collection history 169 rmon collection history The rmon collection history Interface Configuration (Ether net, port-channel) mode command enable s a Remote Monito ring (RMON) MIB history statisti cs group on an inte rface. T o remove a specified RMON history statistics group, use the no form of this co mmand. Syntax rmon collection history ind[...]

170 C HAPTER 11: RMON C OMMAND S Parameters ■ index — Specifies the statistics group index . (Range: 1-65535) ■ ownername — Specifies the RMON statistics gro up owner na me. (Range: 0-160 characters) ■ bucket-number — Number of buckets specified for the RMON collection history group of statisti cs. If unspecified, d efaults to 50. (Rang[...]

show rmon collection history 171 Parameters ■ interface — V alid Ether net port. Elana ■ port-channel-number — V alid port-channel number . Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example displa[...]

172 C HAPTER 11: RMON C OMMAND S show rmon history The show rmon history Pr ivileged EXEC mode command displays RMON Ethernet history statistics. Syntax show rmon history index { throu ghput | errors | other } [ period seconds ] Parameters ■ index — Specifies the requested set of samples. (Range: 1-65535) ■ throughput — Indicates throughput[...]

show rmon history 173 Time Octets Packets Broadcas t Multicas t Util -------- -------- ---- -------- - ------- -------- -- -------- - ----- Jan 18 2005 21:57:00 30359596 2 357568 3289 7287 19% Jan 18 2005 21:57:30 28769630 4 275686 2789 5 878 20% Console# show rmon history 1 errors Sample Set: 1 Owner: Me Interface: g1 Interval: 1800 Requested samp[...]

174 C HAPTER 11: RMON C OMMAND S The following tabl e describes signifi cant fields shown in the examp le: Sample Set: 1 Owner: Me Interface: g1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 500 Time Dropped Collisio ns ------------------- - -------- -------- -- Jan 18 2005 21:57:00 30 Jan 18 2005 21:57:30 30 Field De[...]

rmon alarm 175 rmon alarm The rmon alarm Global Configuration mode command configures alarm conditions. T o remove an alarm, use the no form o f this command . Syntax rmon alarm index variable interv al rthre shold fthreshold revent fevent [ type type ] [ startup direction ] [ owner name ] no rmon alarm index Parameters ■ index — Specifies the [...]

176 C HAPTER 11: RMON C OMMAND S ■ rthreshold — Specifies the rising threshold. (Range: 0-214748364 7) ■ fthreshold — Specifies the falling threshold. (Range: 0-2147483647) ■ revent — Specifies the event ind ex used when a rising threshold is crossed.(Range: 1-65535) ■ fevent — Specifies the eve nt index us ed when a falling thresho[...]

show rmon alarm-table 177 ■ Sample interval — 360000 seconds ■ Rising threshold — 1000000 ■ Falling threshold — 1000000 ■ Rising threshold event index — 10 ■ Falling thr eshold event index — 20 show rmon alarm-table The show rmon alarm-table Privileged EXEC mode command displays the alarms table. Syntax show rmon alarm -table De[...]

178 C HAPTER 11: RMON C OMMAND S The following tabl e describes signifi cant fields shown in the examp le: show rmon alarm The show rmon alarm Privileged EXEC mode command displays alarm configuration. Syntax show rmon alarm number Parameters ■ number — Specifies the alarm index. (Range: 1-65535) Default Configuration This command has no defaul[...]

show rmon alarm 179 The following table describes the significant fields shown in the display: Console# show rmon alarm 1 Alarm 1 ------- OID: 1.3.6.1.2.1.2.2.1.10.1 Last sample Value: 878128 Interval: 30 Sample Type: delta Startup Alarm: rising Rising Threshold: 8700000 Falling Threshold: 78 Rising Event: 1 Falling Event: 1 Owner: CLI Field Descri[...]

180 C HAPTER 11: RMON C OMMAND S rmon event The rmon event Global Configuration mode command co nfigures an event. T o remove an event, use the no form of this command. Syntax rmon event index type [ community text ] [ description text ] [ owner name ] no rmon event index Parameters ■ index — Specifies the event index. (Range: 1-65535) ■ type[...]

show rmon events 181 User Guidelines If log is specified as the notification type, an entry is made in the log table for each event. If trap is specified, an SNMP trap is sent to one or more management stations. Example The following example co nfigures an event identified as in dex 10 and for which the device generates a notification in the log ta[...]

182 C HAPTER 11: RMON C OMMAND S The following tabl e describes signifi cant fields shown in the examp le: show rmon log The show rmon log Privileged EXEC mode comm and displays the RMON log table. Syntax show rmon log [ event ] Parameters ■ event — Specifies the event index. (Range: 0-65535) Default Configuration This command has no default co[...]

rmon table-size 183 Example The following example displays the RM ON log table. The following table describes the significant fields shown in the display: rmon table-size Th e rmon table-size Global Configurat ion mode command configures the maximum size of RMON tabl es. T o return to the default configuration, use the no f orm of this command. Syn[...]

184 C HAPTER 11: RMON C OMMAND S ■ history entries — Maximum number of history table ent ries. (Range: 20 -32767) ■ log entries — Maximum number of lo g table entries. (Range: 20-32767) Default Configuration History table size is 270. Log table size is 200. Command Mode Global Configurat ion mode User Guidelines The configured table size ta[...]

12 IGMP S NOOPING C OMMANDS ip igmp snooping (Global) The ip igmp snooping Global Configuration mode command enables Internet Group Management Protocol (IGMP) snooping. T o disable IGMP snooping, use the no form of this command. Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled. Command Mode Global Configur[...]

186 C HAPTER 12: IGMP S NOOPING C OMMANDS specific VLAN. T o disable IGMP snooping on a VLAN interface, use the no form of this comma nd. Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled . Command Mode Interface Configurat ion (VLAN) mo de User Guidelines IGMP snooping can only be enabled on static VLANs. [...]

ip igmp snooping host-time-out 187 User Guidelines Multicast device ports can be configured statically using the bridge multicast forwar d-all Interface Conf iguration (VLAN) mode command. Example The following example enables au tomatic lear ning of multicast device ports on VLAN 2. ip igmp snooping host-time-out The ip igmp snooping host-time-out[...]

188 C HAPTER 12: IGMP S NOOPING C OMMANDS Example The following example configures the host timeou t to 300 seconds. ip igmp snooping mrouter -time-out The ip igmp snooping mrouter -time-out Interface Configuratio n (VLAN) mode comma nd configur es the mrouter -time-out. The ip igmp snooping mrouter -time-out Interface Configuration (VLAN) mode com[...]

ip igmp snooping leave-time-out 189 ip igmp snooping leave-time-out The ip igmp snooping leave-time-out Interface Configuration (VLAN) mode command configures the leave-time-out. If an IGMP report for a multicast group was not r eceived for a leav e-time-out period after an IGMP Leave was received fr om a specif ic port, this port is deleted from t[...]

190 C HAPTER 12: IGMP S NOOPING C OMMANDS Syntax show ip igmp snooping mr outer [ interface vlan-id ] Parameters ■ vlan-id — Specifies the VLAN number . Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following examp[...]

show ip igmp snooping groups 191 Parameters ■ vlan-id — Specifies the VLAN number . Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example displays IG MP snooping information on VLAN 1000. show ip igmp sno[...]

192 C HAPTER 12: IGMP S NOOPING C OMMANDS Command Mode Privileged EX EC mode User Guidelines T o see the full multicast address table (including static addr esses) use the show bridge multic ast address-table Pri vileged EXEC comma nd. Example The following example shows IGMP snooping infor mation on multicast groups. Console# show ip igmp snooping[...]

13 LACP C OMMANDS lacp system-priority The lacp system-priority Global Configu ration mode command configures the system priority . T o restor e the default configur ation, use the no form of t his command. Syntax lacp system-priority value no lacp system-priority Parameters ■ value — Specifies system priori ty value. (Range: 1-65535) Default C[...]

194 C HAPTER 13: LACP C OMMANDS Syntax lacp port-priority value no lacp port-priority Parameters ■ value — Specifies port priority . (R ange: 1-65535) Default Configuration The default port prio rity is 1. Command Mode Interface Configurat ion (Ether net) mode User Guidelines There ar e no user guideline s for this command. Example The followin[...]

show lacp ethernet 195 Command Mode Interface Configuration (Ether net) mode User Guidelines There ar e no user guideline s for this command. Example The following example assigns a long administrative LACP timeout to Ethernet port g6 . show lacp ethernet The show lacp ethernet Privileged EXEC mode comma nd displays LACP information for Et her net [...]

196 C HAPTER 13: LACP C OMMANDS Console# show lacp ethernet g1 1 LACP parameters: Actor system priority: 1 system mac addr: 00:00:12:34:56 :78 port Admin key: 30 port Oper key: 30 port Oper number: 21 port Admin priority: 1 port Oper priority: 1 port Admin timeout: LONG port Oper timeout: LONG LACP Activity: ACTIVE Aggregation: AGGREGATABLE collect[...]

show lacp ethernet 197 port Oper key: 0 port Oper number: 0 port Admin priority: 0 port Oper priority: 0 port Oper timeout: LONG LACP Activity: PASSIVE Aggregation: AGGREGATABLE synchronizatio n: FALSE collecting: FALSE distributing: FALSE expired: FALSE g1 LACP Statistics: LACP PDUs sent: 2 LACP PDUs received: 2 g1 LACP Protocol State: LACP State [...]

198 C HAPTER 13: LACP C OMMANDS show lacp port-channel The show lacp port-channel Privileged EXEC mode command displ a ys LACP information for a port-ch annel. Syntax show lacp port-channel [ port_channel_number ] Parameters ■ port_channel_number — V alid port-channel num ber . Default Configuration This command has no default configurat ion. C[...]

show lacp port-channel 199 Port Type Gigabit Ethernet Attached Lag id: Actor System Priority: 1 MAC Address: 00:02:85:0E:1C :00 Admin Key: 1000 Oper Key: 1000 Partner System Priority: 0 MAC Address: 00:00:00:00:00 :00 Oper Key: 14[...]

200 C HAPTER 13: LACP C OMMANDS[...]

14 P OWER OVER E THER NET COMMANDS power inline The power inline Interface Configurat ion mode command configures the administrative mode of the inline power on an interface. Syntax power inline {auto | never} Parameters ■ auto — T ur ns on the device discov ery protocol and applies power to the device. ■ never — T ur ns off the device disc[...]

202 C HAPTER 14: P OWER OVER E THERNET COMMANDS power inline powered-device The power inline powered-device Interf ace Configura tion mode command adds a description of the powered device type. Use the no form of this command to remove the description. Syntax power inline powered-device pd-type no power inline powered-device Parameters ■ pd-type [...]

power inline usage-threshold 203 Parameters ■ critical — The operation of the powered device is critical. ■ high — The operation of the powered device is in high priority . ■ low — The operation of the powered is in low priority . Default Configuration Low priority Command Mode Interface Configuration (Ether net) mode User Guidelines Th[...]

204 C HAPTER 14: P OWER OVER E THERNET COMMANDS Global Configurat ion mode User Guidelines There are no user guidelines for this command. Example The following example co nfigures the threshold for initiating inline power usage alarms to 90 percent. power inline traps enable The power inline traps enable Global Configuration mode co mmand enable in[...]

show power inline 20 5 Syntax show power inline [ ethernet interface ] Parameters ■ interface — V alid Ether net port. Elana Default Configuration There is no default configuration for this command. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example displays informat[...]

206 C HAPTER 14: P OWER OVER E THERNET COMMANDS The following table describes the f ields shown in the display: 1 Auto Search ing low class0 2 Auto Search ing low class0 3 Auto Search ing low class0 Console# show power inline ethernet 1 Admin Oper Port Powere d Device State Priori ty State Class ---- ------ ------ ------ -- ------ ------ -- ------ [...]

show power inline 20 7 Usage Threshold The usage threshold expressed in percents for comparing the measured power and initiating an alarm if threshold is exceeded. Traps Indicates if inline power traps are enabled. Port The Ethernet port number. Powered device A description of the powered device type. Admin State Indicates if the port is enabled to[...]

208 C HAPTER 14: P OWER OVER E THERNET COMMANDS[...]

15 S PANNING -T RE E C OMMANDS spanning-tree The spanning-tr ee Global Configuration mode command enables spanning-tree functionality . T o disabl e the spannin g-tree functionality , use the no form of t his command. Syntax spanning-tree no spanning-tree Default Configuration Spanning-tree is enabled. Command Modes Global Configurat ion mode User [...]

210 C HAPTER 15: S PANNING -T REE C OMMANDS no spanning-tree mode Parameters ■ stp — Indicates that the Spanning T ree Pr otocol (STP) is enabled. ■ rstp — Indicates that the Rapid Spanning T ree Pr oto col (RSTP) is enabled. ■ mstp — Indicates that the Multiple Sp anning T ree Protocol (RSTP) is enabled. Default Configuration STP is en[...]

spanning-tree hello-time 211 Default Configuration The default forwarding time for the IE EE Spanning T ree Protocol (STP) is 15 seconds. Command Modes Global Configurat ion mode User Guidelines When configuring the forwarding time, the following relationship should be kept: 2*(Forward-Time - 1) >= Max-Age Example The following example configure[...]

212 C HAPTER 15: S PANNING -T REE C OMMANDS When configuring the hello time, the following relationship should be kept: Max-Age >= 2*(Hello-T ime + 1) Example The following example configures span ning tree bridge hello time to 5 seconds. spanning-tree max-age The spanning-tr ee max-age Global Configuratio n mode command configures the spanning [...]

spanning-tree priority 213 Example The following example configures the spanning tree bridge maximum-age to 10 seconds. spanning-tree priority The spanning-tree priority Global Configuration mode command configures the spanning tree p riority of the device. The priority value is used to determine which bridge is elected as the root bridge. T o rest[...]

214 C HAPTER 15: S PANNING -T REE C OMMANDS Syntax spanning-tree disable no spanning-tree disable Default Configuration Spanning tree is enabled on all ports. Command Modes Interface Configuration (Eth ernet, port-chan nel) mode User Guidelines There ar e no user guideline s for this command. Example The following example disables spann ing-tree on[...]

spanning-tree port-priority 215 Command Modes Interface Configuration (Eth ernet, port -channel) mode User Guidelines The path cost method is configured using the spanning-tree pathcost method Global Configuration mode command. Example The following example configures the spanning-tree cost on Ether net port g15 to 35000. spanning-tree port-priorit[...]

216 C HAPTER 15: S PANNING -T REE C OMMANDS Example The following example configures the spanning priority on Ethernet port g15 to 96. spanning-tree portfast The spanning-tree portfas t Interface Configuration mode command enables PortFast mode . In PortFast mode , the interface is immediately put into the forwarding state upon linkup withou t wait[...]

spanning-tree link-type 217 spanning-tree link-type The spanning-tree link-type Interface Configurat ion mode command overrides the def ault link-type setti ng determined by the duplex mode of the port and enables Rapid Spanning T r ee Pr otocol (RSTP) transitions to the forwarding state. T o restore the default configuration, use the no form of th[...]

218 C HAPTER 15: S PANNING -T REE C OMMANDS Syntax spanning-tree pathcost method {long | short} no spanning-tree pathcost method Parameters ■ long — Specifies port path costs with a range of 1-200 ,000,000 . ■ short — Specifies port path costs with a range of 0- 65,535. Default Configuration Short path cost method. Command Mode Global Confi[...]

clear spanning-tree detected-protocols 219 ■ flooding — Flood BPDU packets when the spanning tree is disabled on an interface. Default Configuration The default setting is flooding. Command Modes Global Configurat ion mode User Guidelines There ar e no user guideline s for this command. Example The following example defines BPDU packet flooding[...]

220 C HAPTER 15: S PANNING -T REE C OMMANDS Example The following example restarts the protocol migration process on Ether net port g11. spanning-tree mst priority The spanning-tree mst priority Global Configuration mode command configures the device priority for th e specified spanning-t ree instance. T o restor e the default co nfiguration, use t[...]

spanning-tree mst port-priority 221 discarded and the port information is aged out. T o restore the default configuration, use the no form of this command. Syntax spanning-tree mst max-hops hop-count no spanning-tree mst max-hops Parameters ■ hop-count —Number o f hops in an MST region before the BDPU is discarded .(Range: 1-40) Default Configu[...]

222 C HAPTER 15: S PANNING -T REE C OMMANDS Default Configuration The default port priority for IEEE Mu ltiple Spanning T ree Pr otocol (MSTP) is 128. Command Modes Interface Configuration (Eth ernet, port-chan nel) mode User Guidelines There ar e no user guideline s for this command. Example The following example configures the port prio rity of p[...]

spanning-tree mst configuration 223 Command Modes Interface Configuration (Eth ernet, port -channel) mode User Guidelines There ar e no user guideline s for this command. Example The following example configures the MSTP instance 1 path cost for Ethernet port 9 t o 4. spanning-tree mst configuration The spanning-tree mst configuration Global Config[...]

224 C HAPTER 15: S PANNING -T REE C OMMANDS instance (mst) The instance MST Configuration mode co mmand maps VLANS to an MST instance. Syntax instance instance-id { add | re m ov e } vlan vlan-range Parameters ■ instance-ID —ID of the MST instance (Range: 1-15). ■ vlan-range —VLANs to be added to or removed from the specified MST instance. [...]

revision (mst) 225 Syntax name string Parameters ■ string — MST configuration name. The na me is case-sen sitive. (Range : 1-32 characters) Default Configuration The default name is the MAC address. Command Mode MST Configuration mode User Guidelines There ar e no user guideline s for this command. Example The following example defines the conf[...]

226 C HAPTER 15: S PANNING -T REE C OMMANDS User Guidelines There ar e no user guideline s for this command. Example The following example sets the configuration revision to 1. show (mst) The show MST Configuration mo de command displays the current or pending MST region configuration. Syntax show {current | pending} Parameters ■ curr ent —Indi[...]

exit (mst) 227 exit (mst) The exit MST Configuration mode command exits the MST Configuration mode, and applies all configuratio n changes. Syntax exit Default Configuration This command has no default configurat ion. Command Mode MST Configuration mode User Guidelines There ar e no user guideline s for this command. Example The following ex ample [...]

228 C HAPTER 15: S PANNING -T REE C OMMANDS Command Mode MST Configuration mode User Guidelines There ar e no user guideline s for this command. Example The following example exits th e MST Configuration mode wit hout saving changes. spanning-tree guard r oot The spanning-tree guar d root Interface Configuration (Ether net, port-channel) mode comma[...]

show spanning-tree 229 Example The following example prevents Ethernet port g1 from being the root port of the device. show spanning-tree Th e show spanning-tree Privileged EXEC mode command displays spanning-tree configuration. Syntax show spanning-tree [ ether net in terface -number | port-channel port-channel-number ] [ instance instance-id ] sh[...]

230 C HAPTER 15: S PANNING -T REE C OMMANDS Example The following example displays spanni ng-tree information. Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: s hort CST Root ID Prior ity 32768 Addre ss 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (1) Bridg e ID Prior ity 36864 Addre ss 00:02:4b:29:7a:00 Hello[...]

show spanning-tree 231 g2 Enabl ed 128.2 20000 FWD Desg No Share d (STP) g3 Disab led 128.3 20000 ---- g4 Enabl ed 128.4 20000 BLK ALTN No Share d (STP) g5 Enabl ed 128.5 20000 DIS - - - Console# s how spanning-tree Spanning tree enabled mode RSTP Default port cost method: l ong Root ID Prior ity 36864 Addre ss 00:02:4b:29:7a:00 This switch is the [...]

232 C HAPTER 15: S PANNING -T REE C OMMANDS g3 Disab led 128.3 20000 ---- g4 Enabl ed 128.4 20000 FWD Desg No Share d (STP) g5 Enabl ed 128.5 20000 DIS - - - Console# show spanning-tree Spanning tree disabled (BPD U filtering) mode RSTP Default port cost method: l ong Root ID Prior ity N/A Addre ss N/A Path Cost N/A Root Port N/A Hello Time N/A Max[...]

show spanning-tree 233 g1 Enabl ed 128.1 20000 ---- g2 Enabl ed 128.2 20000 ---- g3 Disab led 128.3 20000 ---- g4 Enabl ed 128.4 20000 ---- g5 Enabl ed 128.5 20000 ---- Console# show spanning-tree active Spanning tree enabled mode RSTP Default port cost method: l ong Root ID Prior ity 32768 Addre ss 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (1)[...]

234 C HAPTER 15: S PANNING -T REE C OMMANDS Name State Prio. Nbr Cost Sts Role PortF ast Type ---- ----- -- ----- --- ----- --- ---- ----- --- ----- ----- g1 Enabl ed 128.1 20000 FWD Root No P2p (RSTP ) g2 Enabl ed 128.2 20000 FWD Desg No Share d (STP) g4 Enabl ed 128.4 20000 BLK ALTN No Share d (STP) Console# show spanning-tree blockedports Spanni[...]

show spanning-tree 235 Interfaces Name State Prio. Nbr Cost Sts Role PortF ast Type ---- ----- -- ----- --- ----- --- ---- ----- --- ----- ----- g4 Enabl ed 128.4 20000 BLK ALTN No Share d (STP) Console# show spanning-tree detail Spanning tree enabled mode RSTP Default port cost method: l ong Root ID Prior ity 32768 Addre ss 00:01:42:97:e0:00 Path [...]

236 C HAPTER 15: S PANNING -T REE C OMMANDS Times : hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Port 1 (1) enabled State: Forwarding Role: Root Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto ) RSTP Port Fast: No (config ured:no) Designated bridge Priority: 32768 Address: 00:01:42:97: e0:00 Designate[...]

show spanning-tree 237 Number of transitions to fo rwarding state: N/A BPDU: sent N/A, received N/ A Port 4 (4) enabled State: Blocking Role: Alternate Port id: 128.4 Port cost: 20000 Type: Shared (configured:au to) STP Port Fast: No (configured:no) Designated bridge Priority: 28672 Address: 00:30:94:41: 62:c8 Designated port id: 128.25 Designated [...]

238 C HAPTER 15: S PANNING -T REE C OMMANDS Console# show spanning-tree ethernet 1 Port 1 (1) enabled State: Forwarding Role: Root Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto ) RSTP Port Fast: No (config ured:no) Designated bridge Priority: 32768 Address: 00:01:42:97: e0:00 Designated port id: 128.25 Designated path cost: 0 Number o[...]

show spanning-tree 239 Addre ss 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio. Nbr Cost Sts Role PortF ast Type ---- ----- -- ----- --- ----- --- ---- ----- --- ----- ----- g1 Enabl ed 128.1 20000 FWD Root No P2p Bound (RSTP ) g2 Enabl ed 128.2 20000 FWD Desg No Sha[...]

240 C HAPTER 15: S PANNING -T REE C OMMANDS Rem hops 19 Bridge ID Prior ity 32768 Addre ss 00:02:4b:29:7a :00 Interfaces Name State Prio. Nbr Cost Sts Role PortF ast Type ---- ----- -- ----- --- ----- --- ---- ----- --- ----- ----- g1 Enabl ed 128.1 20000 FWD Boun No P2p Bound (RSTP ) g2 Enabl ed 128.2 20000 FWD Boun No Share d Bound (STP) g3 Enabl[...]

show spanning-tree 241 Path Cost 20000 Root Port 1 (g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Port 1 (g1) enabled State: Forwarding Role: Root Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto ) Boundary RSTP Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:01:42:97:e0:00 Designated port id: 128.2[...]

242 C HAPTER 15: S PANNING -T REE C OMMANDS Port 3 (g3) enabled State: Forwarding Role: Designated Port id: 128.3 Port cost: 20000 Type: Shared (configured: aut o) Internal Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.3 Designated path cost: 20000 Number of transitions to fo rwar[...]

show spanning-tree 243 Bridge ID Prior ity 32768 Addre ss 00:02:4b:29:7a:00 Number of topology changes 2 last change occurred 1d9h ago Times: hold 1, topology c hange 2, notification 2 hello 2, max age 20, forward delay 15 Port 1 (g1) enabled State: Forwarding Role: Boundary Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto ) Boundary RST[...]

244 C HAPTER 15: S PANNING -T REE C OMMANDS Port 3 (g3) disabled State: Blocking Role: Alternate Port id: 128.3 Port cost: 20000 Type: Shared (configured: aut o) Internal Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:1a:19 Designated port id: 128.78 Designated path cost: 20000 Number of transitions to fo rward[...]

show spanning-tree 245 Path Cost 20000 Root Port 1 (g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridg e ID Prior ity 32768 Addre ss 00:02:4b:29:7a :00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: l ong ###### MST 0 Vlans Mapped: 1-[...]

246 C HAPTER 15: S PANNING -T REE C OMMANDS Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: s hort CST Root ID Prior ity 32768 Addre ss 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (1) Bridg e ID Prior ity 36864 Addre ss 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Interfa[...]

show spanning-tree 247 g4 Enabl ed 128.4 20000 BLK ALTN No Share d (STP) g5 Enabl ed 128.5 20000 DIS - - - Console# s how spanning-tree Spanning tree enabled mode RSTP Default port cost method: l ong Root ID Prior ity 36864 Addre ss 00:02:4b:29:7a:00 This switch is the root. Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State[...]

248 C HAPTER 15: S PANNING -T REE C OMMANDS g5 Enabl ed 128.5 20000 DIS - - - Console# show spanning-tree Spanning tree disabled (BPD U filtering) mode RSTP Default port cost method: l ong Root ID Prior ity N/A Addre ss N/A Path Cost N/A Root Port N/A Hello Time N/A Max Age N/A Forward Delay N/A Bridg e ID Prior ity 36864 Addre ss 00:02:4b:29:7a:00[...]

show spanning-tree 249 g3 Disab led 128.3 20000 ---- g4 Enabl ed 128.4 20000 ---- g5 Enabl ed 128.5 20000 ---- Console# show spanning-tree active Spanning tree enabled mode RSTP Default port cost method: l ong Root ID Prior ity 32768 Addre ss 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (g1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bri[...]

250 C HAPTER 15: S PANNING -T REE C OMMANDS g1 Enabl ed 128.1 20000 FWD Root No P2p (RSTP ) g2 Enabl ed 128.2 20000 FWD Desg No Share d (STP) g4 Enabl ed 128.4 20000 BLK ALTN No Share d (STP) Console# show spanning-tree blockedports Spanning tree enabled mode RSTP Default port cost method: l ong Root ID Prior ity 32768 Addre ss 00:01:42:97:e0:00 Pa[...]

show spanning-tree 251 ---- ----- -- ----- --- ----- --- ---- ----- --- ----- ----- 4 Enabl ed 128.4 20000 BLK ALTN No Share d (STP) Console# show spanning-tree detail Spanning tree enabled mode RSTP Default port cost method: l ong Root ID Prior ity 32768 Addre ss 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (g1) Hello Time 2 sec Max Age 20 sec Fo[...]

252 C HAPTER 15: S PANNING -T REE C OMMANDS State: Forwarding Role: Root Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto ) RSTP Port Fast: No (config ured:no) Designated bridge Priority: 32768 Address: 00:01:42:97: e0:00 Designated port id: 128.25 Designated path cost: 0 Number of transitions to fo rwarding state: 1 BPDU: sent 2, receiv[...]

show spanning-tree 253 Port id: 128.4 Port cost: 20000 Type: Shared (configured:au to) STP Port Fast: No (configured:no) Designated bridge Priority: 28672 Address: 00:30:94:41: 62:c8 Designated port id: 128.25 Designated path cost: 20000 Number of transitions to fo rwarding state: 1 BPDU: sent 2, received 1206 38 Port 5 (g5) enabled State: Disabled[...]

254 C HAPTER 15: S PANNING -T REE C OMMANDS Console# show spanning-tree mst-configuratio n Name: Region1 Revision: 1 Instance Vlans mapped State -------- ------------ ----- -- g0 1-9, 21-4094 Enabl ed g1 10-20 Enabl ed Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: l ong ###### MST 0 Vlans Mapped: 1-9, 21-4094[...]

show spanning-tree 255 g1 Enabl ed 128.1 20000 FWD Root No P2p Bound (RSTP ) g2 Enabl ed 128.2 20000 FWD Desg No Share d Bound (STP) g3 Enabl ed 128.3 20000 FWD Desg No P2p g4 Enabl ed 128.4 20000 FWD Desg No P2p ###### MST 1 Vlans Mapped: 10-20 CST Root ID Prior ity 24576 Addre ss 00:02:4b:29:89:76 Path Cost 20000 Root Port 4 (g4) Rem hops 19 Brid[...]

256 C HAPTER 15: S PANNING -T REE C OMMANDS g1 Enabl ed 128.1 20000 FWD Boun No P2p Bound (RSTP ) g2 Enabl ed 128.2 20000 FWD Boun No Share d Bound (STP) g3 Enabl ed 128.3 20000 BLK Altn No P2p g4 Enabl ed 128.4 20000 FWD Desg No P2p Console# show spanning-tree detail Spanning tree enabled mode MSTP Default port cost method: l ong ###### MST 0 Vlan[...]

show spanning-tree 257 Designated bridge Priority: 32768 Address: 00:01:42:97:e0:00 Designated port id: 128.25 Designated path cost: 0 Number of transitions to fo rwarding state: 1 BPDU: sent 2, received 1206 38 Port 2 (g2) enabled State: Forwarding Role: Designated Port id: 128.2 Port cost: 20000 Type: Shared (configured: auto) Boundary STP Port F[...]

258 C HAPTER 15: S PANNING -T REE C OMMANDS Type: Shared (configured: aut o) Internal Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.2 Designated path cost: 20000 Number of transitions to fo rwarding state: 1 BPDU: sent 2, received 1706 38 ###### MST 1 Vlans Mapped: 10-20 Root ID P[...]

show spanning-tree 259 Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.1 Designated path cost: 20000 Number of transitions to fo rwarding state: 1 BPDU: sent 2, received 1206 38 Port 2 (g2) enabled State: Forwarding Role: Designated Port id: 128.2 Port cost: 20000 Type: Shared (configured: auto) Boundary STP Por[...]

260 C HAPTER 15: S PANNING -T REE C OMMANDS Type: Shared (configured: aut o) Internal Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.2 Designated path cost: 20000 Number of transitions to fo rwarding state: 1 BPDU: sent 2, received 1706 38 Console# show spanning-tree Spanning tree [...]

show spanning-tree 261 Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: l ong ###### MST 0 Vlans Mapped: 1-9, 21-4094 CST Root ID Prior ity 32768 Addre ss 00:01:42:97:e0:00[...]

262 C HAPTER 15: S PANNING -T REE C OMMANDS[...]

16 C ONFIGURATION AND I MAGE F ILE C OMMANDS copy The copy Privileged EXEC mode command copies files from a sour ce to a destination. Syntax copy source-url destination-ur l Parameters ■ source-url — The source file location URL or reserved keyword of the source file to be copied . (Range: 1- 160 characters) ■ destination-url — The destinat[...]

264 C HAPTER 16: C ONFIGURATION AND I MAGE F ILE C OMMANDS Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines The location of a file system dictates the format of the source or destination URL. The entire copying pr oc ess may take several mi nutes and differs fr om protocol to proto[...]

copy 265 Copying an Image File from a Server to Flash Memory T o copy an image file fr om a server to flash memory , use the copy source-url im age command. Copying a Boot File from a Server to Flash Memory T o copy a boot file from a server to flash memory , enter the copy source-url boot command. Copying a Configuration File from a Server to the [...]

266 C HAPTER 16: C ONFIGURATION AND I MAGE F ILE C OMMANDS Example The following example copies system image file1 fr om the TF TP server 172.16.101.101 to a non-active imag e file. delete The delete Privileged EXEC mode c ommand deletes a file fr om a flas h memory device. Syntax delete url Parameters ■ url — The location URL or re served keyw[...]

boot system 26 7 User Guidelines *.sys, *.prv , image- 1 and im age-2 files cannot be deleted. Example The following examp le deletes the file called ‘t est’ from the flash memory . boot system The boot system Privileged EXEC mode command specifies the system image that the dev ice loads at startup. Syntax boot system { image-1 | image-2 } Para[...]

268 C HAPTER 16: C ONFIGURATION AND I MAGE F ILE C OMMANDS show running-config The show running-config Privilege d EXEC mode command displays the contents of the currently running configuration file. Syntax show running-conf ig Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There[...]

show bootvar 269 Syntax show startup-config Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example d isplays the contents of the running configuration file. show bootvar The show bootvar Privileged EXEC mode c[...]

270 C HAPTER 16: C ONFIGURATION AND I MAGE F ILE C OMMANDS Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example displays the active system image file that is loaded by the device at startup. Elana Console# s[...]

17 RADIUS C OMMAND radius-server host The radius-server host Global Configuration mode command specifies a RADIUS server h ost. T o delete the specified RADIUS ho st, use the no form of this comma nd. Syntax radius-server host { ip-address | hostname } [ auth-port auth-port-number ] [ timeout timeout ] [ retransmit retries ] [ dead time deadtime ] [...]

272 C HAPTER 17: RADIUS C OMMA ND ■ source — Specifies the source IP address to use for communication. 0.0.0.0 is interpreted as re quest to use the IP address of the outgoing IP interface. ■ priority — Determines the order in which servers ar e used, where 0 has the highest priority . (Range: 0-65535) ■ type — Specifies the usage type [...]

radius-server retransmit 273 Syntax radius-server key [ key-string ] no radius-server key Parameters ■ key-string — Specifies the authentication and encryption key for all RADIUS communications between the device and the RADIUS server . This key must match the encrypti o n used on the RADIUS da emon. (Range: 0-128 characters) Default Configurat[...]

274 C HAPTER 17: RADIUS C OMMA ND Default Configuration The software searches the list of RADIUS server hosts 3 times. Command Mode Global Configurat ion mode User Guidelines There ar e no user guideline s for this command. Example The following example configures th e number of times the software searches all RADIUS server hosts to 5 times. radius[...]

radius-server timeout 275 Example The following example configures the source IP addr ess used for communication with all RA DIUS servers to 10.1.1.1. radius-server timeout The radius-server timeout Global Configu ration mode command sets the interval during which the device waits for a server hos t to reply . T o restor e the default co nfiguratio[...]

276 C HAPTER 17: RADIUS C OMMA ND Syntax radius-server deadtime deadtime no radius-server deadtime Parameters ■ deadtime — Length of time in minute s during which a RADIUS server is skipped over by transaction requests. (Range: 0-2000) Default Configuration The deadtime se tting is 0. Command Mode Global Configurat ion mode User Guidelines Ther[...]

show radius-servers 277 Example The following example displays RADIUS server settings. Console# show radius-servers IP addre ss Port Auth TimeO ut Retra nsmit DeadT ime Sourc e IP Prior ity Usage ----- ---- ---- ----- -- ----- ----- ----- - ----- --- ----- --- ----- 172.1 6.1.1 1645 Globa l Globa l Globa l - 1 All 172.1 6.1.2 1645 11 8 Globa l Glob[...]

278 C HAPTER 17: RADIUS C OMMA ND[...]

18 P ORT M ONITOR C OMMANDS port monitor The port monitor Interface Configu ration mode command starts a port monitoring session. T o stop a port monitoring session, use the no form of this command. Syntax port monitor src-interface [ rx | tx ] no port monitor src-interface Parameters ■ src-interface — V alid Ether net port.Elana ■ rx — Mon[...]

280 C HAPTER 18: P ORT M ONITOR C OMMANDS GVRP is not enabled on the port. The port is not a member of a VLAN, except for the default VLAN (will automatically be removed from the default VLAN). The f ollowing restrictio ns apply to ports configured to be source po rts: The port cannot be already conf igured as a destination port. Maximum number of [...]

show ports monito r 28 1 ---------- - ---------- ------ ----- ------- g1 8 RX,TX Act ive g2 8 RX,TX Act ive g18 8 RX Act ive[...]

282 C HAPTER 18: P ORT M ONITOR C OMMANDS[...]

19 SNMP C OMMANDS snmp-server community The snmp-server community Global Configuration mode command configures the community access string to permit access to the SNMP protocol. T o remove the specified community string, use the no form of this command. Syntax snmp-server community community [ ro | rw | su ] [ ip-address ] [ view view-name ] snmp-s[...]

284 C HAPTER 19: SNMP C OMMANDS Default Configuration No communitie s are de fined. Command Mode Global Configurat ion mode User Guidelines The view-name parameter cannot be specified for su, which has access to the whole MIB. The view-name parameter can be used to restrict the access rights of a community string. When it is specified: An internal [...]

snmp-ser ver view 285 Syntax snmp-server view view-name oid-tree { included | excluded } no snmp-server view view-name [ oid-tree ] Parameters ■ view-name — Specifies the label for the view recor d that is being created or updated. The name is used to reference the r ecord. (Range: 1-30 characters) ■ oid-tree — Specifies the object identifi[...]

286 C HAPTER 19: SNMP C OMMANDS snmp-server group The snmp-server group Global Configuration mode command configures a new Simple Management Pr otocol (SNMP) group or a table that maps SNMP users to SNMP views. T o remove a specified S NMP group, use the no form o f this command. Syntax snmp-server gr oup gro upname { v1 | v2 | v3 { noauth | auth |[...]

snmp-server use r 287 Default Configuration No group entry exists. Command Mode Global Configurat ion mode User Guidelines There ar e no user guideline s for this command. Example The following example attach es a group called user -group to SNMPv3 and assigns to the group the privacy security level and r e ad access rights to a view called user -v[...]

288 C HAPTER 19: SNMP C OMMANDS ■ auth-md5 password — Indicates the HMAC-MD5-96 authentication level. The user should enter a password for authentication an d generation of a DES key for privacy . (Range: 1-32 ch aracters) ■ auth-sha password —Indicates the HMAC-SHA -96 authentication level. The user should enter a password for authenticati[...]

snmp-server engine ID local 289 The remote engineid designate s the remote management statio n and should be defined to enable the device to r e ceive informs. Example The following example config ures an SNMPv3 user John in a group called user -group. snmp-server engineID local The snmp-server engineID local Global Configuration mode command speci[...]

290 C HAPTER 19: SNMP C OMMANDS User Guidelines T o use SNMPv3, you have to specif y an engine ID for the device. Y ou can specify your own ID or use a default string that is generated using the MAC address of the device. If the SNMPv3 engine ID is deleted or the configuration file is erased, SNMPv3 cannot be used. By defaul t, SNMPv1/v2 ar e enabl[...]

snmp-server enable traps 291 snmp-server enable traps The snmp-server enable traps Global Configurat ion mode command enables the device to send SNMP traps. T o disabl e SNMP traps, use the no form of the command. Syntax snmp-server enable traps no snmp-server enable traps Default Configuration SNMP traps ar e enabled. Command Mode Global Configura[...]

292 C HAPTER 19: SNMP C OMMANDS text string consisting of numbers, such as 1.3.6.2.4, or a wo rd, such as system. Replace a single subidentifier with the asterisk (*) wildcard to specify a subtr ee family; for example, 1.3.*. 4. ■ included — Indicates that the filter type is included. ■ excluded — Indicates that the filter type is excluded.[...]

snmp-server host 293 Parameters ■ ip-address — Specifies the IP addr ess of the host (targeted recipient) . ■ hostname — Specif ies the name of the host. (Range:1-158 characters) ■ community-string — Specifies a password-like community string sent with the notification operation . ■ (Range: 1-20) ■ traps — Indicates that SNMP t ra[...]

294 C HAPTER 19: SNMP C OMMANDS User Guidelines When config uring an SNMPv1 or SNMPv2 notif ication r ecipient, a notificatio n view for that r ecipient is automaticall y generated for all the MIB. When configuring an SNMPv1 notifica tio n recipient, the Inform option cannot be selected. If a trap and inform are defined on the same target, and an i[...]

snmp-server trap authentication 295 ■ priv — Indicates authentication of a pack et with encryption. ■ port — Specifies the UDP port of the ho st to use. If unspecified, the default UDP port number is 162. (Range: 1-65535) ■ filtername —Specifies a string that defines the filter for this host. If unspecified, nothing is filtered. (Range:[...]

296 C HAPTER 19: SNMP C OMMANDS Default Configuration SNMP failed authentica tion traps are enabled. Command Mode Global Configurat ion mode User Guidelines There ar e no user guideline s for this command. Example The following example enables SNMP failed authentica tion traps. snmp-server contact The snmp-server contact Global Con figuration mode [...]

snmp-server locat ion 297 The following example configures the system contact point called 3Com_T echnical_Support . snmp-server location The snmp-server location Global Config uration mode command configures the system location string. T o remove the location string, use the no form of t his command. Syntax snmp-server location text no snmp-server[...]

298 C HAPTER 19: SNMP C OMMANDS Parameters ■ variable-name — MIB variable name (Range 1-160 characters). ■ name value — List of name and value pairs. In the case of scalar MIBs, only a single pair of name values. In th e case of an entry in a table, at least one pair of name and value followed by one or more fields (Range 1-160 characters).[...]

show snmp 299 User Guidelines There ar e no user guideline s for this command. Example The following example displays the S NMP communications statu s. Console# show snmp Commu nity- Stri ng Community-Ac cess View name IP addre ss ----- ----- ---------- ----- ---- ----- --- publi c read only user- view All priva te read write Defau lt 172.16.1.1 pr[...]

300 C HAPTER 19: SNMP C OMMANDS The following table describes the significant fields shown in the display . show snmp engineid The show snmp engineID Privileged EXEC mode command displays the ID of the local Simple Network Management Protocol (SNMP) engine. Version 1,2 notifications Target Address Type Commu nity Versi on UDP Port Filte r Name TO S[...]

show snmp views 301 Syntax show snmp engineID Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following ex ample displays the SNMP engine ID. show snmp views The show snmp views Privileged EXEC mode command displays the [...]

302 C HAPTER 19: SNMP C OMMANDS Example The following example displays the config uration of views. show snmp groups The show snmp groups Privileged EXEC mode command displays the configuration of groups. Syntax s how snmp gr oups [ groupname ] Parameters ■ groupname —Specifies the name of the group. (Range: 1-30) Default Configuration This com[...]

show snmp filters 30 3 The following table describes significant fields shown above. show snmp filters The show snmp filters Privileged EXEC mode command displays the configuration of filters. Syntax show snmp filters [ filtername ] Parameters ■ filtername —Specifies the name of the filter . (Range: 1-30) Default Configuration This command has [...]

304 C HAPTER 19: SNMP C OMMANDS Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example displays t he configuration of filters. show snmp users The show snmp users Privileged EXEC mode command displays the configuration of users. Syntax show snmp users [ username ] Parameters[...]

show snmp users 305 Example The following example displays t he configuration of users. Console# show snmp users Name Group name Auth Method Remote ------ ------------ --------- -------------- ----------- John user-group md5 John user-group md5 08009009020C0B 099C075879[...]

306 C HAPTER 19: SNMP C OMMANDS[...]

20 IP A DDR ESS C OMMANDS ip address The ip address Interface Configuration (default VLAN) mode command sets an IP address. T o remove an IP address, use the no form of this command. Syntax ip addr ess ip-address { mask | prefix-length } no ip address ip-address Parameters ■ ip-address — Specifies the valid IP addr ess. ■ mask — Specifies t[...]

308 C HAPTER 20: IP A DDRESS C OMMA NDS Example The following example configures VL AN 1 with IP address 131.108.1.27 and subnet mask 255.255.255.0. ip address dhcp The ip address dhcp Interface Configuration (defau lt VLAN) mode command acquires an IP address for an Ethernet interf ace from the Dynamic Host Configuration Protocol (DHCP) server . T[...]

ip default-gateway 309 If the device is configured to obtain its IP address fr om a DHCP server , it sends a DHCPDISCOVER me ssage to pr ovide info rm ation about itself to the DHCP server on the network. If the ip addr ess dhcp command is used with or without the optional keyword, the DHCP option 12 field (hos t name option) is included in the DIS[...]

310 C HAPTER 20: IP A DDRESS C OMMA NDS This command is only operational in Swit ch mode. Example The following example define s def ault gateway 192.168.1.1. show ip interface The show ip interface Privileged EXEC mode command displays the usability status of conf igured IP interfaces. Syntax show ip interface [ ethernet interface-number | vlan vl[...]

arp 311 arp The arp Global Configuration mode comman d adds a permanent entry in the Addr ess Resolution Prot ocol (ARP) cache. T o remove an entry fr om the ARP cache, use the no form of this command. Syntax arp ip_addr hw_addr { ether net interface-number | vlan vlan-id | port-channel port-channel number .} no arp ip_addr { ethernet interface-num[...]

312 C HAPTER 20: IP A DDRESS C OMMA NDS Example The following example adds IP address 198.133.219.232 and MAC address 00:00:0c:40:0f:bc to the ARP table. arp timeout The arp timeout Global Configuration mode command conf igures how long an entry r emains in the AR P cach e. T o restore the default configuration, use the no form of this command. Syn[...]

show arp 313 clear arp-cache Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example deletes all dy namic entries from the ARP cache. show arp The show arp Privileged E XEC mode command displays entries in the [...]

314 C HAPTER 20: IP A DDRESS C OMMA NDS ip domain-name The ip domain-name Global Configuration mode command defines a default domain name used by the software to complete unqualified host names (names without a dotted-decima l domain name). T o remove the default doma in name, use the no form of this co mmand. Syntax ip domain-name name no ip domai[...]

ip name-server 315 ip name-server The ip name-s erver Global Configuration mode command defines the available name serv ers. T o remove a na me server , use the no form of this command. Syntax ip name-server server -address [s erver -address2 … server -address8] no ip name-server [ ser ver -address1 … server -address8 ] Parameters ■ serv er -[...]

316 C HAPTER 20: IP A DDRESS C OMMA NDS[...]

21 M ANAGEMENT ACL C OMMANDS management access-list The management access-list Global Configuration mode command configur es a management access li st and enters the Management Access-list Configuration co mmand mo de. T o delete an access list, use the no form of t his command. Syntax management access-list name no management access-list name Para[...]

318 C HAPTER 21: M ANAGEMENT ACL C OMMANDS Management ACL requires a valid mana gement interface, which is a port, VLAN, or port-chann nel with an IP add ress or console interface. Management ACL only r estricts access to the device for management configuration or viewing. Example The following example creates a mana gement access list called ‘ml[...]

deny (Management) 319 ■ vlan-id — A valid VLAN number . ■ port-channel-number — A valid port channel index. ■ ip-address — A valid source IP address. ■ mask — A valid network mask of the sour ce IP ad dress. ■ prefix-length — Number of bits that comp rise the source IP addr ess prefix. The pr efix len gth must be preceded by a f[...]

320 C HAPTER 21: M ANAGEMENT ACL C OMMANDS Parameters ■ interface -number — A valid Ether net port number . ■ vlan-id — A valid VLAN number . ■ port-channel-number — A valid port-channel number . ■ ip-address — A valid source IP address. ■ mask — A valid network mask of the sour ce IP ad dress. ■ mask pref ix-length — Specif[...]

show management access-list 321 Parameters ■ console-only — Indicates that the device can be managed only from the console. ■ name — Specifies the name o f the access list to b e used. (Range: 1-32 characters) Default Configuration If no access list is specified, an empty access list is used. Command Mode Global Configurat ion mode User Gui[...]

322 C HAPTER 21: M ANAGEMENT ACL C OMMANDS There ar e no user guideline s for this command. Example The following example displays th e ‘mlist’ management access list. show management access-class The show manageme nt access-class Privileged EXE C mode command displays the active management access list. Syntax show management access-class Defau[...]

22 W IR ELESS R OGUE AP C OMMANDS rogue-detect enable (Radio) The rogue-detect enable AP Interface Radi o Configuratio n mode command enables detection of ro gue APs. T o disable rouge APs detection, use the no form of this command. Syntax rogue-detect enable no rogue-detect enable Parameters This command has no keywords or arguments. Default Confi[...]

324 C HAPTER 22: W IRELESS R OGUE AP C OMMANDS Example The following example enables the detection of rogue APs. rogue-detect rogue-scan-interval The rogue-detect r ogue-scan-interval AP Interface Radio Configuration mode command defines the scanning interval for rogue APs. T o restore defaults, use the no form of this command. Syntax rogue-detect [...]

wlan rogue-detect rogue-ap 32 5 The following example defines the scanning interval for rogue APs at 150 seconds. wlan rogue-detect rogue-ap The wlan rogue-detect r ogue-ap Global Co nfiguration mode command sets the status of rouge APs. T o restore defaults, use the no form of this comma nd. Syntax wlan rogue-detect r ogue-ap mac-address state { k[...]

326 C HAPTER 22: W IRELESS R OGUE AP C OMMANDS clear wlan r ogue-ap The clear wlan rogue-ap Privileged EXEC mode command delete s a rogue AP fr om the rogue APs list. Syntax clear wlan rogue-ap mac-address Parameters ■ mac-address — The rogue AP MAC addr ess. Default Configuration This command has no default configurat ion. Command Mode Privile[...]

show wlan rogue-aps list 327 ■ name — Specify the AP name. (Range: 1-32 characters) ■ mac-address — Specify the AP MAC address. Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example displays info rmat[...]

328 C HAPTER 22: W IRELESS R OGUE AP C OMMANDS Parameters ■ mac-address — The rogue AP MAC addr ess. Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines The show wlan rogue-aps list command displays each rogue at one entry , even if it was discover ed by mor e than one Radio. Exam[...]

show wlan rogue-aps neighborhood 32 9 Parameters ■ mac-address — The AP MAC address detecting r ogue APs. Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example displays a list of AP s that has detected a [...]

330 C HAPTER 22: W IRELESS R OGUE AP C OMMANDS[...]

23 W IR ELESS ESS C OMMANDS wlan ess create The wlan ess create Global Configuration mode command creates an ESS. T o remove the ESS, use the no form of this command. Syntax wlan ess create index ssid no wlan ess create index Parameters ■ index — The ESS index. (Range: 2-65535) ■ ssid — The ESS SS ID string. (Range: 1-32 characte rs) Defaul[...]

332 C HAPTER 23: W IRELESS ESS C OMMAND S Syntax wlan ess configure { id index | ssid ssid } Parameters ■ index — The ESS index. (Range: 1-65535) ■ ssid — The ESS SS ID string. (Range: 1-32 characte rs) Default Configuration This command has no default configurat ion. Command Mode Global Configurat ion mode User Guidelines There ar e no use[...]

open vlan 333 User Guidelines The SSID string must be a uniqu e string in the system. The command f ails if there alr e ady exists an SSID with the same name. Example The following example configures the SSID name of an ESS as ‘enterprise’. open vlan The open vlan ESS Configuration mode co mmand configures the ESS VLAN when there is no se curit[...]

334 C HAPTER 23: W IRELESS ESS C OMMAND S qos The qos ESS Configuration mode command enables QoS in an ESS. T o disable QoS, use the no form of this command. Syntax qos { wmm | svp } no qos Parameters ■ wmm — W i-Fi WMM mode. ■ ssid — The ESS SS ID string. (Range: 1-32 characte rs) Default Configuration QoS in an ESS is disabled. Command Mo[...]

mac-filtering action 335 no load-balancing Parameters ■ association — Load balancing calculations are performed when a station attempts to associa te with an AP in the ESS. The associating station can be moved to an adjacent AP in the ESS pr ior to association. ■ periodically — Load bala ncing ca lculations ar e performed at a fixed interva[...]

336 C HAPTER 23: W IRELESS ESS C OMMAND S ■ deny — Deny stations where their MAC address is in the MAC-address-filtering list. ■ ssid — The ESS SS ID string. (Range: 1-32 characte rs) Default Configuration Disabled. Command Mode ESS Configuration mode User Guidelines ■ The decision to allow a station to access the ESS is done only during [...]

security s u it e create 337 Default Configuration Empty list. Command Mode ESS Configuration mode User Guidelines Use the mac-filter ing action ESS con figuration command t o enable the MAC-address-filtering list and to de fine the MAC-address-filtering list type. Example The following example adds the MA C address 00-9E-92-4C-73-FC to t he MAC ad[...]

338 C HAPTER 23: W IRELESS ESS C OMMAND S ■ 802.1x — 802.1x auth entication with WEP . ■ wpa — W i-Fi Protected Access (WP A and WP A2) are systems to secure wireless (W i-Fi) networks. WP A implements the majority of the IEEE 802.1 1i standard, and was intended as an intermediate measure to take the pla ce of WEP while 802.1 1i was prepare[...]

security suite configure 339 ■ WP A2 security s uite and WP A2-PSK security suite cannot exist simultaneously . ■ At one time, only one securi ty-suit e per ESS can exist. ■ Open-WEP security suite and WE P security suite cannot exist simultaneously . ■ For Open-WEP and WEP keys you sho uld enter one of the following options: 40 bits or 104[...]

340 C HAPTER 23: W IRELESS ESS C OMMAND S ■ wpa — W i-Fi Protected Access (WP A and WP A2) are systems to secure wireless (W i-Fi) networks. WP A implements the majority of the IEEE 802.1 1i standard, and was intended as an intermediate measure to take the pla ce of WEP while 802.1 1i was prepared. WP A is designed to work with all wireless ne [...]

timer (Security-Suite ESS) 341 Default Configuration VLAN #1 Command Mode Security-Suite ESS Configuration mode User Guidelines There ar e no user guideline s for this command. Example The following example configures the policy VLAN for a security-suite to VLAN ID 5. timer (Security-Suite ESS) The timer Security-Suite ESS Configuration mode comman[...]

342 C HAPTER 23: W IRELESS ESS C OMMAND S ■ reauth-time seconds — Re-authentication ti meout period. (Range: 1-4294967295) ■ idle-time seconds — DLE timeout period. (Range: 1-9676800) ■ never — There is an unlimited r ekeying timeout period. Default Configuration ■ rekey-time-unicast — Never ■ rekey-time-multicast — Never ■ re[...]

wpa2 pre-authentication 34 3 No key is de fined. Command Mode Security-Suite ESS Configuration mode User Guidelines There ar e no user guideline s for this command. Example The following example defines that a gr oup key should be updated after a station leaves the A P . wpa2 pre-authentication The wpa2 pre-authentication ESS Configuration mode com[...]

344 C HAPTER 23: W IRELESS ESS C OMMAND S Example The following example enables WP A2 pre-authenti cation in an ESS. show wlan ess The show wlan Priv ileged EXEC mode command displays information on the ESS configu ration. Syntax show wlan ess configuration [ id 1-65535 | ssid 1-32 ] show wlan ess vlans [ id 1-65535 | ssid 1-32 ] show wlan ess radi[...]

show wlan ess 345 Example The following example configures the display of the WLAN ESS configuration. The following example configures the display of the defined ESS configurations. console # show wlan ess con figuration Index SSID Securit y Suite Load Bal. QoS MAC Filter ----- ---- ------- - ------- -- --- ------ 1 Enterpr ise WPA, WPA2 Assoc. WMM[...]

346 C HAPTER 23: W IRELESS ESS C OMMAND S Console # show wlan ess con figuration 1 Index: 1 SSID: Enterprise Load Balancing: Association QoS: WMM Mac Filter: Disabled WPA2 Preauthentication: Ena bled Open VLAN: 1 Security Suite: WPA VLAN: 8 Unicast Rekeying Timeout: N ever Multicast Rekeying Timeout: Never Update Group Key On Leave: Enabled Securit[...]

show wlan ess mac-filtering lists 347 The following example configures the display of WLAN ESS rad ios’ configuration. show wlan ess mac-filtering lists The show wlan Privileged EXEC mode command displays the ESS MAC filtering lists. Syntax show wlan ess mac-filtering lists { id index | ssi d ssid } Parameters ■ index — The ESS index. (Range:[...]

348 C HAPTER 23: W IRELESS ESS C OMMAND S show wlan ess counters The show wlan ess counters Pr ivileged EXEC mode command displays the number of stations at each ESS. Syntax show wlan ess counters [ index | ssid ] Parameters ■ index — The ESS index. (Range: 1-65535) ■ ssid — The SSID string of the ESS. (Range: 1-32 characters) Default Confi[...]

show wlan ess counters 34 9 The following example displays station numbe rs at ESS ‘enterprise’. Console# show wlan ess coun ters Index SSID Stations ----- ---- ------- 1 Enterprise 182 2 Guest 3 Console# show wlan ess coun ters ssid enterprise AP Radio Stations -- ---- -------- AP1 a 32 AP1 g 29 AP2 a 12 AP2 g 42 AP3 a 31[...]

350 C HAPTER 23: W IRELESS ESS C OMMAND S[...]

24 W IR ELESS AP G ENERAL C OMMANDS clear wlan ap The clea r wlan ap Privileged EXEC mode command deactivates an AP . Syntax clear wlan ap { name | mac-addres s} Parameters ■ name — The AP name. (Range: 1-32 characters) ■ mac-address — The AP MAC addre ss. Default Configuration This command has no default configurat ion. Command Mode Privil[...]

352 C HAPTER 24: W IRELESS AP G ENERAL C OMMANDS wlan ap active The wlan ap active Global Configuration mode command activates an AP . Syntax wlan ap active mac-address [ template temp late-name ] Parameters ■ mac-address — MAC address of the AP to be activated. ■ template-name — Specify a temp late AP to be used. If unspecified the device [...]

wlan ap config 353 ■ mac-address — The AP MAC addre ss. ■ hex hex-number — The secur e key in hexadecimal format. 32 hexadecimal characters must be entered. ■ ascii string — The secure key in hexa d ecimal format. From 1-16 characters can be entered. If less than 16 c haracters ar e entered, the software completes the key to 16 char act[...]

354 C HAPTER 24: W IRELESS AP G ENERAL C OMMANDS Command Mode Global Configurat ion mode User Guidelines Only active APs can be placed in AP Configuration mode. Example The following example sets the de vice in AP Configuration mode. name The name AP Configuration mod e command configures a wireless AP name. T o restore the default configuration, u[...]

tunnel priority 355 tunnel priority The tunnel priority AP Configuration mode command configures a wireless AP priority for VLAN tunneling. T o restore default settings, use the no form of t his command. Syntax tunnel priority priori ty no priority Parameters ■ priority — The relative priority of the wireless AP as a source for VLANs. The numbe[...]

356 C HAPTER 24: W IRELESS AP G ENERAL C OMMANDS Syntax wan enable no wan enable Parameters This command has no keywords or arguments. Default Configuration Disabled Command Mode AP Configuration mode User Guidelines There ar e no user guideline s for this command. Example The following example accommodates certain t iming constrains in th e commun[...]

vlan allowed 357 User Guidelines There ar e no user guideline s for this command. Example The following example enters th e Interface Conf iguration mode. vlan allowed The vlan allowed AP interface Ether net Conf ig uration mode command adds or removes VLANs to the Ethernet port of a wireless AP . T o restore the default configuration, use the no f[...]

358 C HAPTER 24: W IRELESS AP G ENERAL C OMMANDS The following ex ample adds VLANs 1,2, 3 and 4 to the Ether net port of a wireless AP . vlan native Th e vlan native AP interface Ethernet Configuration mode command sets the native VLAN of the Ethernet port of a wireless AP . T o restor e the default configuration, use the no form of this command. S[...]

set wlan copy 35 9 Syntax wlan template ap conf igure name Parameters ■ name — The name of the AP te mplate. (Range: 1-32 characters) Default Configuration This command has no default configurat ion. Command Mode Global Configurat ion mode User Guidelines All AP configuration commands are rele v ant to templa te APs, except for the name AP conf[...]

360 C HAPTER 24: W IRELESS AP G ENERAL C OMMANDS Default Configuration This command has no default configurat ion. Command Mode Wireless AP template configuration mode User Guidelines Copying the template to an AP overri des the entire AP configuration with the template configuration. Example The following example co pies a wirle ss AP config urati[...]

show wlan aps 361 ■ name ■ ssid Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example displays information on active APs. Consol e # show wlan aps Name MAC Address T ype St ate ------ ----------------- ------ -------- AP1 00-9E-92-4C-73- FC a, g Enabled AP2 00-9E-92-4C-[...]

362 C HAPTER 24: W IRELESS AP G ENERAL C OMMANDS The following example displays detaile d information on a specific active AP: The following example displays impo rtant radio information on all the active APs. Console # show wlan aps AP1 Name: AP1 MAC Address: 00-9E-92-4C-73 -FC Type: a, g State: Enabled Status: Disabled 802.11a Radio: Enabled 802.[...]

show wlan aps 363 The following ex ample displays the SSIDs that are associated with each active AP . The following example displays: 1) Station VLANs: List all the VLANs r equired for the stations that are associated with that A P . 2) Ethernet VLANs: The VLANs c onfigured on the AP Ethernet port. 3) Priority: The priority of the AP as a source fo[...]

364 C HAPTER 24: W IRELESS AP G ENERAL C OMMANDS The following example displays th e AP model, serial number and software versions. show wlan ap interface radio The show wlan ap interface radio Privileged EXEC mode command displays information on an AP radio interface. Syntax show wlan ap { name | mac-address } interface radio { a | g } [ ess ssid [...]

show wlan ap interface ethernet 365 Example The following example displays info rmation on an AP radio interface. show wlan ap interface ether net The s how wlan ap interface ether net Privileged EXEC mode command displays information on an AP radio interface. Syntax show wlan ap { name | mac-address } interface ethernet Parameters ■ name — The[...]

366 C HAPTER 24: W IRELESS AP G ENERAL C OMMANDS Example The following example displays info rmation on an AP radio interface. show wlan aps counters The show wlan aps counters Privileged EXEC mode command displays information on the AP tr affic. Syntax show wlan aps counters [ radio a | g ] [ ap name ] Parameters ■ radio a | b — Specified Radi[...]

show wlan aps counters 367 The following example displays in formation on the AP traffic. Console# show wlan aps coun ters Name Stations Name Stations ------ ----------- -- ------ ----------- -- AP1 19 AP1 19 AP2 23 AP2 23 Name InUcastPk ts InPkts InOctets In Errors ------ ----------- -- ---------- ----------- ------ ----------- --- AP1 756857 8691[...]

368 C HAPTER 24: W IRELESS AP G ENERAL C OMMANDS show wlan aps discovered The show wlan aps discovered Privileged EXEC mode command displays wireless APs that wer e discovered bu t not activated . Syntax show wlan aps discover ed [ mac-address ] Parameters ■ mac-address — MAC addr ess of the AP . Default Configuration This command has no defaul[...]

show wlan template aps 369 The following example displays wire less APs that were discover ed but were not activated. show wlan template aps The show wlan template aps Privileged EXEC mode command displays the template AP configuration. Syntax s how wlan template aps [ name ] Parameters ■ name — Specify the AP name. Default Configuration This c[...]

370 C HAPTER 24: W IRELESS AP G ENERAL C OMMANDS Console # show wlan templat e aps Name Radio a Radio g ------- -------- -------- default Enabled Enabled indoor Enabled Enabled outdoor Enabled Enabled Console # show wlan aps indoor NAME: vivi MAC Address: 00:f0:00:00:06 :25 802.11a Radio: Enabled 802.11g Radio: Enabled Type: a, g State: Enabled VLA[...]

25 SSH C OMMANDS ip ssh port The ip ssh port Gl obal Configuration mode command specifies the port to be used by the SSH se rver . T o restore the default configuration, use the no form of this command. Syntax ip ssh port port-number no ip ssh port Parameters ■ port-number — Port number for use by t he SSH server (Ra nge: 1-65535). Default Conf[...]

372 C HAPTER 25: SSH C OMMANDS ip ssh server Th e ip ssh server Global Configuration mode command enables the device to be configured fr o m a SSH server . T o disable th is function, use the no form of t his command. Syntax ip ssh server no ip ssh server Default Configuration Device configuration from a SSH server is disabled. Command Mode Global [...]

crypto key generate rsa 373 User Guidelines DSA keys are generated in pairs: one public DSA key and one private DSA key . If the device alr eady has DSA keys, a warning and prompt to r eplace the existing keys with new keys ar e displayed. This command is not saved in the device co nfiguration; however , the keys generated by this command are saved[...]

374 C HAPTER 25: SSH C OMMANDS Example The following example generates RSA key pairs. ip ssh pubkey-auth The ip ssh pubkey-auth Global Configuration mode command enab les public key authentication for incoming SSH sessions. T o disable this functi on, use the no form of this command. Syntax ip ssh pubkey-auth no ip ssh pubkey-auth Default Configura[...]

user-key 375 Default Configuration No keys are specified. Command Mode Global Configurat ion mode User Guidelines There ar e no user guideline s for this command. Example The following example enters the SS H Public Key-chain Co nfiguration mode and manually configures the RS A key pair for SSH public key-chain bob . user -k ey The user -key SSH Pu[...]

376 C HAPTER 25: SSH C OMMANDS Parameters ■ username — Specifies the user name of the remote SSH client. (Range: 1-48 characters) ■ rsa — Indicates the RSA key pair . ■ dsa — Indicates the DSA key pair . Default Configuration No SSH public keys exist. Command Mode SSH Public Key-string Configuration mod e User Guidelines Follow this com[...]

key-string 377 Default Configuration No keys exist. Command Mode SSH Public Key-string Configuration mod e User Guidelines Use the key-string SSH Public Key- string Configuration mode command to specify which SSH public key is to be interactively configur ed next . T o complete the command, you must en ter a r ow with no characters. Use the key-str[...]

378 C HAPTER 25: SSH C OMMANDS show ip ssh The show ip ssh Privileged EXEC mode command displays the SSH server configuration. Syntax show ip ssh Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example displays[...]

show crypto key mypubkey 379 show crypto key mypubkey The show crypto key mypubkey Privileged EXEC mode command displays the SSH public keys on the device. Syntax show crypto key mypubkey [ rsa | dsa ] Parameters ■ rsa — Indicates the RSA key . ■ dsa — Indicates the DSA key . Default Configuration This command has no default configurat ion.[...]

380 C HAPTER 25: SSH C OMMANDS show crypto key pubkey-chain ssh The show crypto key pubkey-chain ssh Privileged EXEC mode command displays SSH public keys stored on the device. Syntax show crypto key pubkey-chain ssh [ username username ] [ fingerprint { bubble-babble | hex }] Parameters ■ username — Specifies the remote SSH client use rname. ?[...]

show crypto key pubkey-chain ssh 381 Key: 005C300D 06092A86 4886 F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 Fingerprint: 9A:CC:01:C5:78 :39:27:86:79:CC:23:C5:98:59:F1:8 6[...]

382 C HAPTER 25: SSH C OMMANDS[...]

26 W EB S ERVER C OMMANDS ip http server The ip http server Global Configu ration mode command enables configuring the device from a browser . T o disable this function, use the no form of this command. Syntax ip http server no ip http server Default Configuration HTTP server is enabled. Command Mode Global Configurat ion mode User Guidelines Only [...]

384 C HAPTER 26: W EB S ERVER C OMMANDS no ip http port Parameters ■ port-number — Port number for use by the HTTP server . (Range: 1-65535) Default Configuration The default port number is 80. Command Mode Global Configurat ion mode User Guidelines Specifying 0 as the port number effectively disables HTTP access to the device. Example The foll[...]

ip https server 385 Command Mode Global Configurat ion mode User Guidelines This command also configu res the exec-timeout for HTTPS in case th e HTTPS timeout was not set. T o specify no timeout, enter the ip https exec-timeout 0 0 co mmand. ip https server The ip https server Global Configuration mode command enables configuring the device from a[...]

386 C HAPTER 26: W EB S ERVER C OMMANDS Syntax i p https port port-number no ip https port Parameters ■ port-number — Port number to be used by the HTTP server . (Rang e: 1-65535) Default Configuration The default port number is 443. Command Mode Global Configurat ion mode User Guidelines Specifying 0 as the port number effectively disables HTT[...]

crypto certifi cat e gener ate 387 ■ common- name — Specifies the fully qualified URL or IP address of the device. (Range: 1-64) ■ organization — Specifies the organization name. (Range: 1-64) ■ organization-unit — Specifies the organization-unit or department name.(Range: 1-64) ■ location — Specifies the location or city name. (Ran[...]

388 C HAPTER 26: W EB S ERVER C OMMANDS crypto certificate re quest The crypto certificate request Privileged EXEC mode command generates and displays certificate requests for HTTPS. Syntax crypto certificate number request [ cn common- name ][ ou organization-unit ] [ or organization ] [ loc location ] [ st state ] [ cu countr y ] Parameters ■ n[...]

crypto certificat e import 389 Example The following example generates and displays a certificate request for HTTPS. crypto certificate import The crypto certificate import Global Configuration mod e command imports a certificate signed by th e Certification Auth ority for HTTPS. Syntax crypto certificate number import Parameters ■ number — Spe[...]

390 C HAPTER 26: W EB S ERVER C OMMANDS The imported certif icate must be base d on a cer tificate request cr eated by the crypto certificate r equest Privileged EXEC m ode command. If the public key found in the certif icate does not match the device's SSL RSA key , the command fails. This command is not saved in the device configuratio n; ho[...]

show crypto certificat e myc ertificate 39 1 Parameters ■ number — Specifies the certificate number . (Range: 1-2) Default Configuration There is no default configuration for this command. Command Mode Global Configurat ion mode User Guidelines The crypto certif icate generat e comm and should be used to generate HTTPS certificates. Example The[...]

392 C HAPTER 26: W EB S ERVER C OMMANDS The following example displays the cert ificate. show ip http The show ip http Privileged EXEC mode command displays the HTTP server configuration. Syntax show ip http Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guidel[...]

show ip https 39 3 Example The following example displays the HTT P server configuration. show ip https The show ip https Pr ivileged EXEC mode command displays the HTTPS server configuration. Syntax show ip https Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user [...]

394 C HAPTER 26: W EB S ERVER C OMMANDS Console# show ip https HTTPS server enabled. Port: 443 Certificate 1 is not active . Issued by : C= , ST= , L= , CN=10.6.41.138, O= , OU= Valid From: Apr 30 20:51:5 4 2003 GMT Valid to: Apr 29 20:51:54 2004 GMT Subject: C= , ST= , L= , CN=10.6.41.138, O= , OU= SHA1 Fingerprint: B3536E86 9487B229 C0A44199 DAB9[...]

27 T ACACS+ C OMMANDS tacacs-server host Th e tacacs-server host Global Configuration mode command specifies a T ACACS+ host. T o delete the spec ified name or address, use the no form of this command. Syntax tacacs-server host { ip-address | hostname } [ sing le-connection ] [ port port-number ] [ timeout timeou t ] [ key key-string ] [ source sou[...]

396 C HAPTER 27: TACACS+ C OMMAND S ■ source — Specifies the source IP address to use for the communication. 0.0.0.0 indicates a request to use the IP address of the outgoing IP interface. ■ priority — Determines the order in which the T ACACS+ servers are used, where 0 is the highest priority . (Rang e: 0-65535) Default Configuration No T [...]

tacacs-server t imeout 397 server . This key must match the encrypt ion used on the T ACACS+ daemon. (Range: 0-128 charact ers) Default Configuration Empty string. Command Mode Global Configurat ion mode User Guidelines There ar e no user guideline s for this command. Example The following example sets the authentication encryption key for all T AC[...]

398 C HAPTER 27: TACACS+ C OMMAND S Example The following example sets the timeout value to 30 for all T ACACS+ servers. tacacs-server source-ip The tacacs-server sour ce-ip Global Configu ration mode command configures the source IP address to be used for communication with T ACACS+ servers. T o restor e the default configuration, use the no form [...]

show tacacs 399 show tacacs The show tacacs Privileged EXEC mode comm and displays configuration and statistical information about a T ACACS+ ser ver . Synt ax show tacacs [ ip-address ] Parameters ■ ip-address — Name or IP address of the T ACACS+ server . Default Configuration This command has no default configurat ion. Command Mode Privileged[...]

400 C HAPTER 27: TACACS+ C OMMAND S Global values ------------- TimeOut: 3[...]

28 S YSLOG C OMMANDS logging on The logging on Global Configuration mode command controls err or message logging. This command se nds debug or error messages to a logging process, which logs messages to designated locations asynchronously to the process that generated the messages. T o disable the logging process, use the no form of this co mmand. [...]

402 C HAPTER 28: S YSLOG C OMMANDS logging The logging Global Configuration mode command lo gs messages to a syslog server . T o delete the syslog se rver with the spe cified ad dress from the list of syslogs, use the no form of this command. Syntax logging { ip-address | hostname } [ port port ] [ severity level ] [ facility facility ] [ descripti[...]

logging console 403 Example The following example limits logged me ssages sent to the syslog server with IP address 10.1.1 .1 to seve rity level critical . logging console The logging console Glob al Configuratio n mode command limits messages logged to the console based on severity . T o disable logging to the console, use the no form of this comm[...]

404 C HAPTER 28: S YSLOG C OMMANDS Syntax l ogging buf fered level no logging buffered Parameters ■ level — Specifies the severity le vel of messages logged in the buf fer . The possible values are: emergencies , alerts , critic al , errors , warnings , notifications , informational , debugging . Default Configuration The default severity level[...]

clear loggin g 405 Default Configuration The defaul t number of messages is 200. Command Mode Global Configurat ion mode User Guidelines This comman d takes ef fect only after Reset. Example The following example chang es the number of syslog messages stored in the internal buffer to 300. clear logging The clear logging Privileged EXEC mode command[...]

406 C HAPTER 28: S YSLOG C OMMANDS logging file The logging file Global Configuration mode command limits syslog messages sent to the logging file based on severity . T o cancel using the buffer , use the no form of this command. Syntax logging file level no logging file Parameters ■ level — Specifies the severity le vel of syslog messages sent[...]

aaa logging 40 7 Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example clears me ssages from the logging file. aaa logging The aaa logging Global Co nfiguration mode command enables loggin g AAA login events. T o disable logging AAA login events, use the no form of this com[...]

408 C HAPTER 28: S YSLOG C OMMANDS file-system logging The file-system logging Global Conf iguration mode command enables logging file system events. T o disable logging file system events, use the no form of this command. Syntax file-system logging copy no file-system logging copy file-system l ogging delete-r ename no file-system logging delete-r[...]

show logging 40 9 no management logging deny Parameters ■ deny — Indicates logging mess ages related to deny actions of management ACLs. Default Configuration Logging management ACL events is en abled. Command Mode Global Configurat ion mode User Guidelines Other types of management ACL events are not subject to this command. Example The follow[...]

410 C HAPTER 28: S YSLOG C OMMANDS The following example displays the state of logging and the syslog messages stored in the internal buffer . Console# show logging Logging is enabled. Console logging: level debu gging. Console Messages: 0 Dropp ed (severity). Buffer logging: level debug ging. Buffer Messages: 11 Logged , 200 Max. File logging: lev[...]

show logging file 411 show logging file The show logging file Privileged EXEC mode command displays the state of logging and the syslog messages stored in the log ging file. Syntax show logging file Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for[...]

412 C HAPTER 28: S YSLOG C OMMANDS Example The following example disp lays the logging state and the syslog messa ges stored in the logging file. Console# show logging file Logging is enabled. Console logging: level debu gging. Console Messages: 0 Dropp ed (severity). Buffer logging: level debug ging. Buffer Messages: 11 Logged , 200 Max. File logg[...]

show syslog-servers 413 show syslog-servers The show syslog-servers Privileged EXEC mode command displays the settings of the syslog servers. Syntax s how syslog-servers Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The fo[...]

414 C HAPTER 28: S YSLOG C OMMANDS IP address Port Severity Facility Description ----------- - ---- ----------- -- -------- ----------- 192.180.2.2 7 514 Information al local7 192.180.2.2 8 514 Warning local7[...]

29 W IR ELESS AP BSS C OMMANDS bss The bss Interface Radio Config uration mode command adds or removes ESS to/from a radio interf ace. Syntax bss { add { ess-index | ssid } | rem o ve { ess-index | ssid }} Parameters ■ ess-index — The ESS index. (Range: 1-65535) ■ ssid — The SSID string of the ESS. (Range: 1-32 cha racters) Default Configur[...]

416 C HAPTER 29: W IRELESS AP BSS C OMMA NDS Syntax bss enable { index | ssid } Parameters ■ index — The ESS index. (Range: 1-65535) ■ ssid — The SSID string of the ESS. (Range: 1-32 characters) Default Configuration This command has no default configurat ion. Command Mode AP Interface Ra dio Configuration mode User Guidelines There ar e no[...]

data-rates 417 Command Mode BSS Configuration mode User Guidelines There ar e no user guideline s for this command. Example The following example advertises the BSS SSID. data-rates The data-rates BSS Configurat ion mode command configures the data rates used in a BSS. T o restore defaults, use the no f orm of this command. Syntax data-rates {[ man[...]

418 C HAPTER 29: W IRELESS AP BSS C OMMA NDS User Guidelines There ar e no user guideline s for this command. Example The following example co nfigures the data rates us ed in a BSS to 2 while complying with 802.11g. Console (Config-ap-radio)# bss configure enterprise Console (Config-wlan-ap-r adio-bss-if)# data-rates mandatory add 2[...]

30 S YSTEM M ANAGEMENT C OMMANDS ping The ping User EXEC mode command send s ICMP echo request packets to another node on the network. Syntax ping { ip-address | hostname }[ size packet_size ] [ count packet_count ] [ timeout time_out ] Parameters ■ ip-address — IP addr ess to ping. ■ hostname — Host name to ping. (Range: 1-158 ch aracters)[...]

420 C HAPTER 30: S YSTEM M ANAGEMENT C OMMANDS Following are examples of unsuccessful pinging: Destination does not respond. If the host does n ot respond, a “no answer from host” appears in ten seconds. Destination un reac hable. The gat eway for this destinatio n indicates that the destinat ion is unreachable. Network or host unreachable. The[...]

traceroute 421 traceroute The tracer oute User EXEC mode command discovers routes that packets actually take w hen traveling t o their destin ation. Syntax traceroute { ip-address | hostname }[ si ze packet_size ] [ ttl max-ttl ] [ count packet_count ] [ timeout time_out ] [ source i p-address ] [ tos tos ] Parameters ■ ip-address — IP address [...]

422 C HAPTER 30: S YSTEM M ANAGEMENT C OMMANDS User Guidelines The traceroute command takesadvantage of the error messa ges generated by the devices when a data gram exceeds its time- to-live (TTL) value. The traceroute command starts by sending probe datagrams with a TTL value of one. This causes the first device to discard the pr obe datagram and[...]

traceroute 423 Example The following example discovers the rout es that packets will actually tak e when traveling to their destination. The following table describes significant fields shown above. Console> traceroute umaxp1.physics.lsa.umich .edu Type Esc to abort. Tracing the route to umaxp1 .physics.lsa.umich.edu (141.211.101.64) 1 i2-gatewa[...]

424 C HAPTER 30: S YSTEM M ANAGEMENT C OMMANDS The following tab le describes chara cters that may appear in t he tracer oute command out put. telnet The telnet User EXEC mode command enables logging on to a host that supports T elnet. Syntax telnet { ip-address | hostname } [ port ] [ keyword1...... ] Parameters ■ ip-address — IP address of th[...]

telnet 425 User Guidelines T elnet software supports special T eln et commands in the form of T elnet sequences that map generic terminal co ntrol functions to operating system-specific functions. T o enter a T e lnet sequence, pr ess the escape sequence keys (Ctrl-shift-6) followe d by a T elnet command character . Special T elnet Sequences At any[...]

426 C HAPTER 30: S YSTEM M ANAGEMENT C OMMANDS Keywords T able Ports T able Options Descr iption /echo Enables local ech o. /quiet Prevents onscreen display of all messages from the software. /source-interface Specifies the source interface. /stream Turns on stream processing, which enables a raw TCP stream with no Telnet control sequences. A strea[...]

resume 427 This command lists concurrent telnet connections to remote hosts that were opened by the current telnet session to the local device. It does not list telnet connections to remote hosts that wer e opened by other telnet sessions. Example The following example displays conn ecting to 176.213.10.50 via T elnet. res u m e The re s um e User [...]

428 C HAPTER 30: S YSTEM M ANAGEMENT C OMMANDS Default Configuration The default connection number is that of the most recent connection. Command Mode User EXEC mode User Guidelines There ar e no user guideline s for this command. Example The following command switches to open T elnet session number 1. rel o a d The re l oa d Privileged EXEC mode c[...]

hostname 429 hostname The hostname Global Configuration mode command specifies or modifies the device host name. T o remove the existing host name, use the no form of t he command. Syntax hostname name no hostname Parameters ■ name — The host name. of the device. (Range: 1-160 characters) Default Configuration This command has no default config[...]

430 C HAPTER 30: S YSTEM M ANAGEMENT C OMMANDS User Guidelines There ar e no user guideline s for this command. Example The following example displays info rmation about the active users. show sessions The show sessions Privileged EXEC mode command lists open T e lnet sessions. Syntax show sessions Default Configuration There is no default configur[...]

show system 431 The following table describes significant fields shown above. show system The show system Privileged EXEC mode command displays system information. Syntax show system Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. E[...]

432 C HAPTER 30: S YSTEM M ANAGEMENT C OMMANDS show version Th e show version Privileg ed EXEC mode command displays system version information. Syntax show version [ unit unit ] Parameters ■ unit — Specifies the number of the unit. (Ran ge: 1-8) Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mod[...]

service cpu-utilization 433 Example The following example displays syst em version information (only for demonstration purp oses). service cpu-utilization The service cpu-utilization Global Configuration mo de command enables measuring CPU utiliza tion. T o restor e the defau lt configuration, use the no form o f this command. Syntax service cpu-ut[...]

434 C HAPTER 30: S YSTEM M ANAGEMENT C OMMANDS show cpu utilization The show cpu utilization Privileged EXEC mode comma nd displays information about CPU utilization. Syntax show cpu utilization Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines Use the service cpu-utilization Global[...]

31 U SER I NTERFACE C OMMANDS enable The enable Privileged EXEC mode comma nd enter s the Privileged EX EC mode. Syntax enable [ privilege-level ] Parameters ■ privilege-level — Privilege level to enter the system. (Range: 1-15) Default Configuration The default privilege level is 15. Command Mode Privileged EX EC mode User Guidelines There ar [...]

436 C HAPTER 31: U SER I N TERFACE C OMMANDS disable The disable Privileged EXEC mode command r etur ns to the User EXEC mode. Syntax disable [ privilege-level] Parameters ■ privilege-level — Privilege level to enter the system. (Range: 1-15) Default Configuration The default privilege level is 1. Command Mode Privileged EX EC mode User Guideli[...]

configure 437 User EXEC mode User Guidelines There ar e no user guideline s for this command. Example The following example enters Privileged EXEC mode and logs in with username admin . configure The configur e Privileged EXEC mode command enters the Glob al Configuration mode. Syntax configure Default Configuration This command has no default conf[...]

438 C HAPTER 31: U SER I N TERFACE C OMMANDS exit (Configuration) The exit command exits any config urati on mode to the next highest mode in the CLI mode hierarchy . Syntax exit Default Configuration This command has no default configurat ion. Command Mode All configuration modes User Guidelines There ar e no user guideline s for this command. Exa[...]

end 439 User Guidelines There ar e no user guideline s for this command. Example The following example closes an active terminal session . end The end command ends the current config uration session and returns to the Privileged EXEC mode. Syntax end Default Configuration This command has no default configurat ion. Command Mode All configuration mo[...]

440 C HAPTER 31: U SER I N TERFACE C OMMANDS Syntax help Default Configuration This command has no default configurat ion. Command Mode All command modes User Guidelines There ar e no user guideline s for this command. Example The following example describes the help system. terminal data-dump The terminal data-dump User EXEC mode command enables d[...]

debug-mode 441 no terminal data-dump Default Configuration Dumping is disabled. Command Mode User EXEC mode User Guidelines By default, a More prompt is displayed when the output contains more lines than ca n be displaye d on the scr een. Pressing the Enter key displays the next line; pressing the Spacebar displays the next screen of output. The da[...]

442 C HAPTER 31: U SER I N TERFACE C OMMANDS User Guidelines There ar e no user guideline s for this command. show history The show history Privileged EXEC mode co mmand lists the commands entered in the curr en t session. Syntax show history Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User G[...]

show privilege 443 show privilege The show privilege Privileged/User EXEC mode command displays the current privilege level. Syntax show privilege Default Configuration This command has no default configurat ion. Command Mode Privileged and User EXEC modes User Guidelines There ar e no user guideline s for this command. Example The following exampl[...]

444 C HAPTER 31: U SER I N TERFACE C OMMANDS[...]

32 GVRP C OMMANDS gvrp enable (Global) GARP VLAN Registration Protocol (GVRP) is an industry-standard pr otocol designed to propagate VLAN informat ion fr om device to device. W ith GVRP , a single device is manually configured with all desir ed VLANs for the network, and all other devices on the network lear n these VLANs dynamically . The gvrp en[...]

446 C HAPTER 32: GVRP C OMMAND S gvrp enable (Interface) The gvrp enable Interface Conf iguration (Ethernet, port-cha nnel) mode command enables GVRP on an in terface. T o disable GVRP on an interface, use the no form of this command. Syntax gvrp enable no gvrp enable Default Configuration GVRP is disabled on all interfaces. Command Mode Interface [...]

garp timer 447 Syntax garp timer {join | leave | leaveall } timer_value no garp timer Parameters ■ { join | leave | leaveall } — Indicates the type of timer . ■ timer_value — Timer values in milliseconds in multiples of 10. (Range: 10-2147483640) Default Configuration Following are the default timer values: ■ Join timer — 200 millisecon[...]

448 C HAPTER 32: GVRP C OMMAND S gvrp vlan-cr eation-forbid The gvrp vlan-creation-forbid Interface Configuration (Ethernet, port-channel) mode command disabl es dynamic VLAN creation or modification. T o enable dynamic VLAN creation or modification, use the no form of this command. Syntax gvrp vlan-creation-forbid no gvrp vlan-creation-forbid Defa[...]

clear gvrp stati stics 449 Default Configuration Dynamic registration of VLANs on the port is allowed. Command Mode Interface Configuration (Eth ernet, port -channel) mode User Guidelines There ar e no user guideline s for this command. Example The following example forbids dynamic registration of VLANs on Ethernet port g1. clear gvrp statistics Th[...]

450 C HAPTER 32: GVRP C OMMAND S Example The following e xample clears all GV RP statistical information on Ethernet port g1. show gvrp configuration The show gvrp configuration Privieged EXEC mode co mmand displays GVRP configuration information, including timer values, whether GVRP and dynamic VLAN creation is enabled, and which ports ar e ru nni[...]

show gvrp statistics 451 show gvrp statistics The show gvrp statistics Privieged EXEC mode command displays GVRP statistics. Syntax show gvrp statistics [ ethernet interface | port-channel port-channel-number ] Parameters ■ interface — A valid Ethernet po rt. Elana ■ port-channel-number — A valid port-channel nu mber . Default Configuration[...]

452 C HAPTER 32: GVRP C OMMAND S show gvrp error -statistics The show gvrp error -statistics Privieged EXEC mode command d isplays GVRP error statistics. Syntax show gvrp err or -statistics [ ether net interface | port-channel port-channel-number ] Parameters ■ interface — A valid Ethernet po rt. Elana ■ port-channel-number — A valid port-c[...]

show gvrp error-statistics 453 Example The following example displays GVRP statistical information. Console# show gvrp error-statistics GVRP Error Statistics: Legend: INVPROT : Invalid Protocol Id INVALEN : Invalid Attribute Length INVATYP : Invalid Attribute Type INVEVENT: Invalid Event INVAVAL : Invalid Attribute Value Port INVPROT INVATYP INVAV [...]

454 C HAPTER 32: GVRP C OMMAND S[...]

33 VLAN C OMMANDS vlan database The vlan da tabase Global Configuratio n mode command enters the VLAN Configuratio n mode. Syntax vlan database Default Configuration This command has no default configurat ion. Command Mode Global Configurat ion mode User Guidelines There ar e no user guideline s for this command. Example The following example enter[...]

456 C HAPTER 33: VLAN C OMMANDS Parameters ■ vlan-range — Specifie s a list of VLAN IDs to be added. Separate nonconsecutive VLAN IDs with a comma and no spaces; a hyphen designates a range of IDs. (Range: 2-4094) Default Configuration This command has no default configurat ion. Command Mode VLAN Databa se mode User Guidelines There ar e no use[...]

interface range vlan 457 Example The following example configures VL AN 1 with IP a ddress 131.108.1.27. interface range vlan The interface range vlan Global Configuration mode command enables simultaneously config uring multiple VLANs. Syntax interface range vlan { vlan-range | all } Parameters ■ vlan-range — Specifies a list of VLAN ID s to b[...]

458 C HAPTER 33: VLAN C OMMANDS name The name Interface Configuration mod e command adds a name to a VLAN. T o remove the VLAN name, use the no form of this command. Syntax name string no name Parameters ■ string — Unique name to be as sociated with this VLAN. (Range: 1-32 characters) Default Configuration No name is defined. Command Mode Inter[...]

switchport trunk allowed vlan 45 9 Parameters ■ vlan-id — Specifies the ID of the VLAN to which the port is co nfigured. Default Configuration All ports belong to VLAN 1. Command Mode Interface configuration (Eth ernet, port-chan nel) mode User Guidelines The command automa tically removes the port fr om the previous VLAN and adds it to the new[...]

460 C HAPTER 33: VLAN C OMMANDS Command Mode Interface Configuration (Eth ernet, port-chan nel) mode User Guidelines There ar e no user guideline s for this command. Example The following example add s VLANs 1, 2, 5 to 6 to the allowed list of the 1 Ethernet port 1. switchport trunk native vlan The switchport trunk native vlan Interface Configurat [...]

switchport general allowed vlan 46 1 The command adds the po rt as a member in native VLAN 2. If the port is already configur ed as a na tive VLAN 3 it will automa tically change the last entry (VLAN 2). Only one native VLAN can be configured to the port. Example The following example configures VL AN number 123 as the native VLAN when Ether net po[...]

462 C HAPTER 33: VLAN C OMMANDS User Guidelines This command enables changing th e egress rule (for example fr om tagged to untagged) without first re moving the VLAN from the list. Example The following example adds VLANs 2, 5, and 6 to the allowed list of Ethernet port 1. switchport general pvid The switchport general pvid Interface Configur atio[...]

switchport general ingr ess-filtering disable 46 3 Example The following example config ures the PVID for Ethernet por t 1, when the interface is in general mode. switchport general ingress-filtering disable The switchport general ingress-filtering disable Interface Configuration mode command disables port ingress filtering. T o restor e the defaul[...]

464 C HAPTER 33: VLAN C OMMANDS Syntax switchport general accept able-frame-typ e tagged-only no switchport general accept able-frame-type tagged-o nly Default Configuration All frame types ar e accepted at ingress. Command Mode Interface Configuration (Eth ernet, port-chan nel) mode User Guidelines There ar e no user guideline s for this command. [...]

show vlan 465 All VLANs ar e allowed. Command Mode Interface Configuration (Eth ernet, port -channel) mode User Guidelines This command can be used to prevent GVRP fr om au tomatically making the specified VLANs active on the selected ports. Example The following example forbids adding VLAN IDs 234 to 256 to Ether net port 1. show vlan The show vla[...]

466 C HAPTER 33: VLAN C OMMANDS Example The following ex ample displa ys all VLAN information. show vlan internal usage The show vlan inte rnal usage Privileged EXEC mode command d isplays a list of VLANs used internally by the device. Syntax show vlan inter nal usage Default Configuration This command has no default configurat ion. Command Mode Pr[...]

show interfaces switchport 467 Example The following example displ ays VLANs used internally by the device. show interfaces switchport The show interfaces switchport Privileged EXEC mode command displays the switchport configurat ion. Syntax show interfaces switchport { ethernet interface | port-channel port-channel-number} Parameters ■ interface[...]

468 C HAPTER 33: VLAN C OMMANDS Example The following example displays the switchport configu ration for Ether net port. Console# show interfaces sw itchport ethernet g5 Port: g5 Port Mode: General Gvrp Status: enabled Ingress Filtering: true Acceptable Frame Type: admi tAll Ingress UnTagged VLAN < NAT IVE >: 1 Port is member in: Vlan Name En[...]

34 802.1 X C OMMANDS aaa authentication dot1x The aaa authentication dot1x Global Configuration mode co mmand specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 80 2.1x. T o re store the default configuration, use the no form of this command. Syntax aaa authentication dot1x default m[...]

470 C HAPTER 34: 802.1 X C OMMA NDS Example The following example uses the aaa authentication dot1x default command with no authen tication. dot1x system-auth-contro l The dot1x system-auth-control Global Configuration mo de command enables 802.1x globally . T o restore the default configuration, use the no form of this comma nd. Syntax dot1x syste[...]

dot1x re-authentication 47 1 Parameters ■ auto — Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unaut horized state based on the 802.1x authenticat ion exchange between the por t and the client. ■ forc e-authorized — Disables 802.1x authen tication on the interface and causes the po rt [...]

472 C HAPTER 34: 802.1 X C OMMA NDS Syntax dot1x re-authentication no dot1x re-authentication Default Configuration Periodic re-authentication is disabled. Command Mode Interface Configurat ion (Ether net) mode User Guidelines There ar e no user guideline s for this command. Example The following example enables periodi c re-authentication of the c[...]

dot1x re-authenticate 473 User Guidelines There ar e no user guideline s for this command. Example The following example sets the number of seconds betw een re-authentication attempts, to 300. dot1x re-authenticate The dot1x re-authenticate Privileged EXEC mode command manually initiates a re-authentication of all 802.1x-enabled ports or the specif[...]

474 C HAPTER 34: 802.1 X C OMMA NDS quiet state following a failed aut hentication exchange (for example , the client provided an invalid passwor d). T o restore the default configuration, use the no form of this command. Syntax dot1x timeout quiet-period seconds no dot1x timeout quiet-period Parameters ■ seconds — Specifies the time in seconds[...]

dot1x timeout tx-period 475 dot1x timeout tx-period The dot1x timeout tx-period Interface Configuration mo de command sets the number of seconds that th e device waits for a response to an Extensible Authentication Protocol (E AP)-request/identity frame fr om the client before r esending the request. T o restore the default configuration, use the n[...]

476 C HAPTER 34: 802.1 X C OMMA NDS process. T o restor e the default configuration, use th e no form of this command. Syntax dot1x max-req count no dot1x max-req Parameters ■ count — Number of times that the device sends an EAP-request/identity frame before r estarting the authentication process. (Range: 1-10) Default Configuration The default[...]

dot1x timeout server-timeout 477 Parameters ■ seconds — T ime in seconds that the device waits for a response to an EAP-request frame from the client before r esending the request. (Range: 1-65535 seconds) Default Configuration Default timeout period is 30 seconds. Command Mode Interface Configuration (Ether net) mode User Guidelines The defaul[...]

478 C HAPTER 34: 802.1 X C OMMA NDS The timeout period is 30 seconds. Command Mode Interface Configurat ion (Ether net) mode User Guidelines The actual timeout can be determined by comparing the dot1x timeout server -timeout value and the r esult of multiplying the radius-server retransmit value with the radius-server timeout value and selecting th[...]

show dot1x 479 The following example displays the st atus of 802.1x-enabled Ether net ports. Console# show dot1x 802.1x is enabled Port Admin Mode Oper Mode Reauth Control Reauth Period Username ---- -------- -- -------- - ------- ------ -------- g1 Auto Authoriz ed Ena 3600 Bob g2 Auto Authoriz ed Ena 3600 John g3 Auto Unauthor ized Ena 3600 Clark[...]

480 C HAPTER 34: 802.1 X C OMMA NDS fThe following table describes the sig n ificant fields shown in the display . Quiet period: 60 Seconds Tx period:30 Seconds Max req: 2 Supplicant timeout: 30 Seco nds Server timeout: 30 Seconds Session Time (HH:MM:SS): 08 :19:17 MAC Address: 00:08:78:32:98 :78 Authentication Method: Remo te Termination Cause: Su[...]

show dot1x users 481 show dot1x users Th e show dot1x users Privileged EXEC mode command displays active 802.1x authenticated users for the device. Syntax Quiet period The number of seconds that the devi ce remains in the quiet state following a failed authentication exchange (for example, the client provided an invalid password). Tx period The num[...]

482 C HAPTER 34: 802.1 X C OMMA NDS show dot1x users [ usern ame username ] Parameters ■ username — Supplicant user name (Range: 1-160 characters) Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command. Example The following example dis[...]

show dot1x statistics 483 The following table describes the significant fields shown in the displa y . show dot1x statistics The show dot1x statistics Privileged EXEC mode command displays 802.1x statistics for the specified inter face. Syntax show dot1x statistics ether net interfac e Parameters ■ interface — V alid Ether net port. Default Con[...]

484 C HAPTER 34: 802.1 X C OMMA NDS The following table describes the significant fields shown in the display . Console# show dot1x statist ics ethernet 1 EapolFramesRx: 11 EapolFramesTx: 12 EapolStartFramesRx: 12 EapolLogoffFramesRx: 1 EapolRespIdFramesRx: 3 EapolRespFramesRx: 6 EapolReqIdFramesTx: 3 EapolReqFramesTx: 6 InvalidEapolFramesRx: 0 Eap[...]

dot1x auth-not-req 485 dot1x auth-not-req The dot1x auth-not-req Interface Configuration (VLAN) mode command enables unauthorized device s access to the VLAN. T o disable access to the VLAN, use the no form of this command. Syntax dot1x auth-not-req no dot1x auth-not-req Default Configuration Access is enabled. Command Mode Interface Configurat ion[...]

486 C HAPTER 34: 802.1 X C OMMA NDS Example The following example enables access to the VLAN to una uthorized devices. dot1x multiple-hosts The dot1x multiple-hosts Interface Configuratio n mode command enables multiple hosts (clients) on an 802.1x-authorized port, where the authorization state of the port is set to auto . T o restor e th e default[...]

dot1x single-host-violation 487 dot1x single-host-violatio n The dot1x single-host-violation Interface Configuration mode command configures the action to be taken, when a station whose MAC address is not the supplicant MAC addr ess, attempts to access the interface. Use the no form of this command to restore defaults. Syntax dot1x single-host-viol[...]

488 C HAPTER 34: 802.1 X C OMMA NDS Example The following example forwards frame s with source addr esses that are not the supplicant address and sends co nsecutive traps at intervals of 10 0 seconds. dot1x guest-vlan The dot1x guest-vlan Interface Configuration (VLAN) mode command defines a guest VLAN. T o restor e the default configuration , use [...]

dot1x guest-vlan enable 48 9 Example The following example defines VLAN 2 as a guest VLAN. dot1x guest-vla n enable The dot1x vlans guest-vlan enable Interface Config uration mode command enables unauthorized user s on the interface access to the Guest VLAN. T o disable access, use the no form of this command Syntax dot1x guest-vlan en able no dot1[...]

490 C HAPTER 34: 802.1 X C OMMA NDS show dot1x advanced The show dot1x advanced Privileged EXEC mode command displays 802.1x advanced features for the device or specified interface. Syntax show dot1x advanced [ ethernet interface ] Parameters ■ interface — V alid Ether net port. ( Full syntax: unit/port) Default Configuration This command has n[...]

show dot1x advanced 491 Interface Multiple Hosts Guest VLAN --------- -------------- ---------- g1 Disabled Enabled Single host parameters Violation action: Discard Trap: Enabled Trap frequency: 100 Status: Single-host locked Violations since last trap: 9[...]

492 C HAPTER 34: 802.1 X C OMMA NDS[...]

35 W IR ELESS AP R ADIO C OMMANDS interface radio The interface radio AP Configuration mode co mmand places the device in Radio Configuration mode. Syntax interface radio { 802.11a | 802.11g } Parameters ■ 802.11a — In accordance with 802.11a protocol. ■ 802.11g — In accordance with 802.11g protocol. Default Configuration This command has n[...]

494 C HAPTER 35: W IRELESS AP R ADIO C OMMAND S enable (ap radio) The enable AP Interface Radio Conf iguration mode command administratively enables the ra dio. T o administratively disable the radio, use the no form of this command. Syntax enable no enable Parameters This command has no keywords or arguments. Default Configuration Enable. Command [...]

channel 495 Syntax channel { number | frequ ency | least-congested } no channel Parameters ■ number — Specifies a channel number . The ranges are as follows: ■ 802.1 1 g — 1 – 14. ■ 802.1 1a — 34, 36, 3 8, 40 , 42, 44, 46, 4 8, 52 , 56, 60, 6 4, 14 9, 153, 157, 161. ■ frequency — Specifies the center frequency for the radio channe[...]

496 C HAPTER 35: W IRELESS AP R ADIO C OMMAND S power The power AP Interface Radio Configurat ion mode command configures the power level. T o restore the default configuration, use the no form of this command. Syntax power { max | half | quarter | eighth | min } no power Parameters ■ max — Maximum power . ■ half — Half of the maximu m powe[...]

allow traffic 497 allow traffic The allow traffic AP Interface Radio Conf iguration mode command allows users traffic. T o disallow users traffic, use the no form of this command. Syntax allow traffic no allow tr af fic Parameters This command has no keywords or arguments. Default Configuration Users traffic is allowed. Command Mode AP Interface Ra[...]

498 C HAPTER 35: W IRELESS AP R ADIO C OMMAND S Parameters ■ long — The AP supports long and short preambles. ■ short — The AP supports short preambles. Command Mode AP Interface Ra dio configuration mode User Guidelines This command is only relevant for 802.11g transceivers. Example The following example configures the preamble support for[...]

antenna 499 Command Mode AP Interface Ra dio Configuration mode User Guidelines There ar e no user guideline s for this command. Example The following example configures the RTS th reshold to 2300 bytes. antenna The antenna AP Interface Radio Configur ation mode command configures an antenna for the transce iver . T o restore defaults, use the no f[...]

500 C HAPTER 35: W IRELESS AP R ADIO C OMMAND S Example The following example configures antenna 1 for the transceiver . beacon period The beacon period AP Interface Radio Configuration mod e command configures the beacon period. T o restore defaults, use the no form of this command. Syntax beacon period milliseconds no beacon period Parameters ■[...]

36 W IR ELESS WLAN C OMMANDS wlan tx-power off The wlan tx-power off Global Configuration mo de command tur ns off all APs transmitters. T o enable transmi t Power , use the no form of this command. Syntax wlan tx-power off no wlan tx-power off Parameters This command has no keywords or arguments. Default Configuration Auto Command Mode Global Conf[...]

502 C HAPTER 36: W IRELESS WLAN C OMMAND S wlan country-code The wlan country-code G lobal Configurat ion mode co mmand configures the country code in wh ich the device is lo cated and the physical location of AP connected to the device. T o restor e defau lts, use the no form of t his command. Syntax wlan country-code code no wlan country-code Par[...]

wlan country-code 503 Belarus BY Iran IR Russian Federation RU Belgium BE Ireland IE San Marino SM Belize BZ Israel IL Saudi Arabia SA Bolivia BO Italy IT Serbia and Monteneg ro CS Bosnia and Herzogovi na BA Japan JP Singapo re SG Brazil BR Jordan JO Slovakia SK Brunei Darussala m BN Kazakhsta n KZ Slovenia SI Bulgaria BG North Korea KP South Afric[...]

504 C HAPTER 36: W IRELESS WLAN C OMMAND S Example The following example configures the co untr y code in which the device is located, as the US. wlan tx-power auto enable The wlan tx-power auto enable Global Configuration mode command enables Auto T ransmit Power . T o disable Auto T ran smit Power , use the no form of this comma nd. Syntax wlan t[...]

wlan tx-power auto interval 505 User Guidelines The Auto T r ansmit Power al gorithm adjusts the transmit power of APs, so the signal str e ngth heard at the second-closest access point is as close as possible to the target signal-strength configured by the wlan tx-power auto signal-strengt h Global Configuration command. Example The following exam[...]

506 C HAPTER 36: W IRELESS WLAN C OMMAND S wlan tx-power auto signal-strength The wlan tx-power auto signal-strength Global Configuration mode command configures the target signal stre ngth heard at the second-closest AP . T o restor e defaults, use the no form of this command. Syntax wlan tx-power auto signal-stre ngth dbm no wlan tx-power auto si[...]

wlan station idle-timeout 50 7 Parameters ■ db — Specifies the signal loss, in dB. (Range: 20-80 dB) Default Configuration The default minimum signal loss difference is 60 dB. Command Mode Global Configurat ion mode User Guidelines The Auto T r ansmit Power algorithm adjusts AP power due to another AP which is very close, because it is im possi[...]

508 C HAPTER 36: W IRELESS WLAN C OMMAND S Command Mode Global Configurat ion mode User Guidelines There ar e no user guideline s for this command. Example The following example configures the length of time befor e an idle station is removed fr om the sys tem and requir ed to login, to 10 min utes. clear wlan station The clear wlan station Privile[...]

show wlan 509 show wlan The show wlan Privileged EXEC mode displa ys information on the WLAN configuration. Syntax show wlan Parameters This command has no arguments or keywords. Default Configuration This command has no default configurat ion. Command Mode Privileged EX EC mode User Guidelines There ar e no user guideline s for this command.[...]

510 C HAPTER 36: W IRELESS WLAN C OMMAND S Example The following example specifies th e WLAN in formation for user called ‘Device’. show wlan auto-tx-power The show wlan auto-tx-power Privileged EXEC mode command displays information on the WL AN automatic power transmission configuration. Syntax show wlan auto-tx-power Parameters This command [...]

show wlan logging configuration 511 User Guidelines There ar e no user guideline s for this command. Example The following example displays in formation on the WLAN automatic power transmission configuration . show wlan logging configuration The show wlan logging configuration Privileged EXEC mode command displays information on the WLAN lo gging c[...]

512 C HAPTER 36: W IRELESS WLAN C OMMAND S Example The following example displays information on the WLAN logging configuration. show wlan stations The show wlan stations Privileged EXEC mode command displa ys information on WLAN stations. Syntax show wlan stations [ mac mac-addres s | ap name ] Parameters ■ mac mac-address — The station’ s M[...]

show wlan stations counters 513 Example The following example displays information on WLANs. show wlan stations counters The show wlan stations counters Privileged EXEC mode command displays information on WLAN stations traffic. Syntax show wlan stations counters [ mac mac-addres s] Parameters ■ mac mac-address — The station’ s MAC address. D[...]

514 C HAPTER 36: W IRELESS WLAN C OMMAND S Example The following example displays information on WLAN stations. Console# show wlan stations counters Number of stations: 2 MAC Address InPkts OutPkts MIC Errors ---------- ------ ------- --------- 00-9E-93-82-83-91 183892 1289 0 00-9E-93-82-83-92 128977 5327 0 console# show wlan stations counters mac [...]

37 T R OUBLESHOOTING This section describes problems that may arise when installing the device and how to resolve these issues. This section includes the following topics: ■ Problem Managemen t — Pr ovides informatio n about problem management with the devices. ■ T roubleshooting Solutions — Pr ovides a list of troubleshooting issues and so[...]

516 C HAPTER 37: T RO UBLESHOOTI NG ■ No connec tion and the port L ED is off ■ Add and Edit pages do n ot open. ■ Lost password Problem Possible Ca use Soluti on Cannot connect to management using RS-232 serial co nnection Ensure the terminal emulator program is set to VT-100 compatible, 9600 baud rate, no parity, 8 data bits and one stop bi[...]

Troubleshooting Solutions 517 Software settings Reconfigure the emulation software connection settings. Response from the terminal emulations software is not readable. Faulty serial cable Replace the serial cable. Software settings Reconfigure the emulation software connection settings. Self-test exceeds 15 seconds. The device may not be correctly [...]

518 C HAPTER 37: T RO UBLESHOOTI NG No connection and the port LED is off Incorrect ethernet cable, e.g., crossed rather than straight cable, or vice versa, split pair (incorrect twisting of pairs). Check pinout and replace if necessary. Fiber optical cable connection is reversed. Change if necessary. Check Rx and Tx on the fiber-optic cable. Bad c[...]

Troubleshooting Solutions 519 Add and Edit pages do not open. A pop-up blocker is enabled. Disable pop-up blockers. Problem Possible Ca use Soluti on[...]

520 C HAPTER 37: T RO UBLESHOOTI NG Lost password The Passwor d Recovery Procedure enables the user to override the current password configuration, and disables the need for a password to access the console. The password recovery is effective until the device is reset. If the password/user name has been forgotten or lost, the password must be recon[...]

Troubleshooting Solutions 521[...]

522 C HAPTER 37: T RO UBLESHOOTI NG[...]