DL manuals
3Com
Switch
3CRUS2475 24
Command Reference Manual

3Com 3CRUS2475 24 Command Reference Manual

Other manuals for 3CRUS2475 24: Quick Start Manual, Declaration Of Conformity, User Manual

Manual is about: Unified Gigabit Wireless PoE Switch 24

Page of 522

Download

Print this page

Bookmark us

www.3Com.com

Part No. 10015248 Rev. AA

Published October 2006

3Com

Unified Gigabit Wireless

PoE Switch 24

Command Reference Guide

3CRUS2475

1 2 3 4 5 6 7 Next › »

Summary of 3CRUS2475 24

Page 1
Www.3com.Com part no. 10015248 rev. Aa published october 2006 3com ® unified gigabit wireless poe switch 24 command reference guide 3crus2475.
Page 2
3com corporation 350 campus drive marlborough, ma 01752-3064 copyright © 2006, 3com corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written p...
Page 3: Ontents
C ontents u sing the cli overview 19 cli command modes 19 introduction 19 user exec mode 20 privileged exec 20 global configuration mode 21 interface configuration and specific configuration modes 21 starting the cli 22 editing features 23 entering commands 23 terminal command buffer 24 negating the...
Page 4: Acl C
Acl c ommands ip access-list 41 permit (ip) 41 deny (ip) 45 mac access-list 47 permit (mac) 48 deny (mac) 49 service-acl 50 show access-lists 51 show interfaces access-lists 52 a ddress t able c ommands bridge address 55 bridge multicast filtering 56 bridge multicast address 57 bridge multicast forb...
Page 5: Phy D
Description 79 speed 80 duplex 81 negotiation 81 flowcontrol 82 mdix 83 clear counters 84 set interface active 85 show interfaces advertise 85 show interfaces configuration 87 show interfaces status 88 show interfaces description 90 show interfaces counters 91 port storm-control include-multicast (g...
Page 6: S C
P ort c hannel c ommands interface port-channel 113 interface range port-channel 113 channel-group 114 show interfaces port-channel 115 q o s c ommands qos 117 show qos 118 class-map 118 show class-map 120 match 120 policy-map 121 class 122 show policy-map 123 trust cos-dscp 124 set 125 police 126 s...
Page 7: Rmon C
Security-suite dos protect 145 security-suite deny martian-addresses 146 c lock c ommands clock set 149 clock source 150 clock timezone 150 clock summer-time 151 sntp authentication-key 153 sntp authenticate 154 sntp trusted-key 155 sntp client poll timer 156 sntp anycast client enable 157 sntp clie...
Page 8: Igmp S
Igmp s nooping c ommands ip igmp snooping (global) 185 ip igmp snooping (interface) 185 ip igmp snooping mrouter learn-pim-dvmrp 186 ip igmp snooping host-time-out 187 ip igmp snooping mrouter-time-out 188 ip igmp snooping leave-time-out 189 show ip igmp snooping mrouter 189 show ip igmp snooping in...
Page 9: Radius C
Spanning-tree cost 214 spanning-tree port-priority 215 spanning-tree portfast 216 spanning-tree link-type 217 spanning-tree pathcost method 217 spanning-tree bpdu 218 clear spanning-tree detected-protocols 219 spanning-tree mst priority 220 spanning-tree mst max-hops 220 spanning-tree mst port-prior...
Page 10: Snmp C
Show radius-servers 276 p ort m onitor c ommands port monitor 279 show ports monitor 280 snmp c ommands snmp-server community 283 snmp-server view 284 snmp-server group 286 snmp-server user 287 snmp-server engineid local 289 snmp-server enable traps 291 snmp-server filter 291 snmp-server host 292 sn...
Page 11: Acl C
Show arp 313 ip domain-name 314 ip name-server 315 m anagement acl c ommands management access-list 317 permit (management) 318 deny (management) 319 management access-class 320 show management access-list 321 show management access-class 322 w ireless r ogue ap c ommands rogue-detect enable (radio)...
Page 12: Ap G
Wpa2 pre-authentication 343 show wlan ess 344 show wlan ess mac-filtering lists 347 show wlan ess counters 348 w ireless ap g eneral c ommands clear wlan ap 351 wlan ap active 352 wlan ap key 352 wlan ap config 353 name 354 tunnel priority 355 wan enable 355 interface ethernet 356 vlan allowed 357 v...
Page 13: Tacacs+ C
Show crypto key pubkey-chain ssh 380 w eb s erver c ommands ip http server 383 ip http port 383 ip http exec-timeout 384 ip https server 385 ip https port 385 crypto certificate generate 386 crypto certificate request 388 crypto certificate import 389 ip https certificate 390 show crypto certificate...
Page 14: Ap Bss C
Show logging 409 show logging file 411 show syslog-servers 413 w ireless ap bss c ommands bss 415 bss enable 415 advertise-ssid 416 data-rates 417 s ystem m anagement c ommands ping 419 traceroute 421 telnet 424 resume 427 reload 428 hostname 429 show users 429 show sessions 430 show system 431 show...
Page 15: Gvrp C
Show history 442 show privilege 443 gvrp c ommands gvrp enable (global) 445 gvrp enable (interface) 446 garp timer 446 gvrp vlan-creation-forbid 448 gvrp registration-forbid 448 clear gvrp statistics 449 show gvrp configuration 450 show gvrp statistics 451 show gvrp error-statistics 452 vlan c omman...
Page 16: Ap R
Dot1x port-control 470 dot1x re-authentication 471 dot1x timeout re-authperiod 472 dot1x re-authenticate 473 dot1x timeout quiet-period 473 dot1x timeout tx-period 475 dot1x max-req 475 dot1x timeout supp-timeout 476 dot1x timeout server-timeout 477 show dot1x 478 show dot1x users 481 show dot1x sta...
Page 17
Wlan tx-power auto signal-loss 506 wlan station idle-timeout 507 clear wlan station 508 show wlan 509 show wlan auto-tx-power 510 show wlan logging configuration 511 show wlan stations 512 show wlan stations counters 513 t roubleshooting problem management 515 troubleshooting solutions 515.
Page 19: Sing
1 u sing the cli overview this document describes the command line interface (cli) used to manage the 3com unified gigabit wireless poe switch. Most of the cli commands are applicable to all devices. This chapter describes how to start using the cli and the cli command editing features. Cli command ...
Page 20
20 c hapter 1: u sing the cli user exec mode after logging into the device, the user is automatically in user exec command mode unless the user is defined as a privileged user. In general, the user exec commands allow the user to perform basic tests, and list system information. The user-level promp...
Page 21
Overview 21 global configuration mode global configuration mode commands apply to features that affect the system as a whole, rather than just a specific interface. The configure privileged exec mode command is used to enter the global configuration mode. To enter the global configuration mode perfo...
Page 22
22 c hapter 1: u sing the cli ■ ethernet — contains commands to manage port configuration. The interface ethernet global configuration mode command is used to enter the interface configuration mode to configure an ethernet type interface. ■ port channel — contains commands to configure port-channels...
Page 23
Editing features 23 to start using the cli, perform the following steps: 1 connect the db9 null-modem or cross over cable to the rs-232 serial port of the device to the rs-232 serial port of the terminal or computer running the terminal emulation application. A set the data format to 8 data bits, 1 ...
Page 24
24 c hapter 1: u sing the cli to enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter: when working with the cli, the command options are not displayed. The command is not selected from a menu, bu...
Page 25
Editing features 25 by default, the history buffer system is enabled, but it can be disabled at any time. For information about the command syntax to enable or disable the history buffer, see history . There is a standard default number of commands that are stored in the buffer. The standard number ...
Page 26
26 c hapter 1: u sing the cli the ports may be described on an individual basis or within a range. Use format port number-port number to specify a set of consecutive ports and port number, port number to indicates a set of non-consecutive ports. For example, g1-3 stands for gigabit ethernet ports 1,...
Page 27
Editing features 27 cli command conventions when entering commands there are certain command entry standards that apply to all commands. The following table describes the command conventions. Copying and pasting text up to 1000 lines of text (or commands) can be copied and pasted into the device. It...
Page 28
28 c hapter 1: u sing the cli ■ a device configuration mode has been accessed. ■ the commands contain no encrypted data, like encrypted passwords or keys. Encrypted data cannot be copied and pasted into the device..
Page 30
30 c hapter 2: aaa c ommands on the console, login succeeds without any authentication check if the authentication method is not defined. Command mode global configuration mode user guidelines the default and optional list names created with the aaa authentication login command are used with the log...
Page 31
Aaa authentication enable 31 ■ list-name — character string used to name the list of authentication methods activated, when using access higher privilege levels. (range: 1-12 characters) ■ method1 [ method2 ...] — specify at least one method from the following list: default configuration i if the de...
Page 32
32 c hapter 2: aaa c ommands the following example sets the enable password for authentication when accessing higher privilege levels. Login authentication the login authentication line configuration mode command specifies the login authentication method list for a remote telnet or console. To resto...
Page 33
Enable authentication 33 enable authentication the enable authentication line configuration mode command specifies the authentication method list when accessing a higher privilege level from a remote telnet or console. To restore the default configuration specified by the aaa authentication enable c...
Page 34
34 c hapter 2: aaa c ommands syntax ip http authentication method1 [ method2 ...] no ip http authentication parameters ■ method1 [ method2 ...] — specify at least one method from the following list: default configuration the local user database is checked. This has the same effect as the command ip ...
Page 35
Show authentication methods 35 syntax ip https authentication method1 [ method2 ...] no ip https authentication parameters ■ method1 [ method2 ...] — specify at least one method from the following list: default configuration the local user database is checked. This has the same effect as the command...
Page 36
36 c hapter 2: aaa c ommands default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there are no user guidelines for this command. Example the following example displays the authentication configuration. Console# show authentication methods...
Page 37
Password 37 password the password line configuration mode command specifies a password on a line. To remove the password, use the no form of this command. Syntax password password [ encrypted ] no password parameters ■ password — password for this level. (range: 1-159 characters) ■ encrypted — encry...
Page 38
38 c hapter 2: aaa c ommands parameters ■ password — password for this level. (range: 1-159 characters) ■ level — level for which the password applies. If not specified the level is 15 (range: 1-15). ■ encrypted — encrypted password entered, copied from another device configuration. Default configur...
Page 39
Username 39 ■ encrypted — encrypted password entered, copied from another device configuration. Default configuration no user is defined. Command mode global configuration mode user guidelines user account can be created without a password. Example the following example configures user called bob wi...
Page 40
40 c hapter 2: aaa c ommands.
Page 41: Acl C
3 acl c ommands ip access-list the ip access-list global configuration mode command enables the ip-access configuration mode and creates layer 3 acls. To delete an acl, use the no form of this command. Syntax ip access-list name no ip access-list name parameters ■ name — specifies the name of the ac...
Page 43
Permit (ip) 43 the following table lists the protocols that can be specified: ■ dscp — indicates matching the dscp number with the packet dscp value. ■ ip-precedence — indicates matching ip-precedence with the packet ip-precedence value. ■ icmp-type — specifies an icmp message type for filtering icm...
Page 44
44 c hapter 3: acl c ommands alternate-host-address, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-problem, timestamp, timestamp-reply, information-request, information-reply, address-mask-request, address-mask-reply, traceroute, datagram-conversion-error, mobile-...
Page 46
46 c hapter 3: acl c ommands ■ dscp — indicates matching the dscp number with the packet dscp value. ■ ip-precedence — indicates matching ip-precedence with the packet ip-precedence value. Ip protocol abbreviated name protocol number internet control message protocol icmp 1 internet group management...
Page 47
Mac access-list 47 default configuration this command has no default configuration command mode ip-access list configuration mode user guidelines use the ip access-list global configuration mode command to enable the ip-access list configuration mode. Before an access control element (ace) is added ...
Page 49
Deny (mac) 49 user guidelines before an access control element (ace) is added to an acl, all packets are permitted. After an ace is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied. If...
Page 50
50 c hapter 3: acl c ommands ■ cos-wildcard — specifies wildcard bits to be applied to the cos. ■ eth-type — specifies the packet’s ethernet type. Default configuration this command has no default configuration. Command mode mac-access list configuration mode user guidelines mac bpdu packets cannot ...
Page 51
Show access-lists 51 parameters ■ acl-name —specifies the acl to be applied to the input interface. Default configuration this command has no default configuration. Command mode interface (ethernet, port-channel) configuration mode. User guidelines in advanced mode, when an acl is bound to an interf...
Page 53
Show interfaces access-lists 53 example the following example displays acls applied to the interfaces of a device: console# show interfaces access-lists interface input acl --------- --------- g1 acl1 g1 acl3.
Page 54
54 c hapter 3: acl c ommands.
Page 56
56 c hapter 4: a ddress t able c ommands command mode interface configuration (vlan) mode user guidelines using the no form of the command without specifying a mac address deletes all static mac addresses belonging to this vlan). Example the following example adds a permanent static mac-layer statio...
Page 57
Bridge multicast address 57 if multicast devices exist on the vlan and igmp-snooping is not enabled, the bridge multicast forward-all command should be used to enable forwarding all multicast packets to the multicast switches. Example in the folowing example, bridge multicast filtering is enabled. B...
Page 58
58 c hapter 4: a ddress t able c ommands default configuration no multicast addresses are defined. Command mode interface configuration (vlan) mode user guidelines if the command is executed without add or remove , the command only registers the group in the bridge database. Static multicast address...
Page 59
Bridge multicast forward-all 59 parameters ■ add — adds ports to the group. ■ remove — removes ports from the group. ■ mac-multicast-address — a valid mac multicast address. ■ ip- multicast-address — a valid ip multicast address. ■ interface-list — separate nonconsecutive ethernet ports with a comma...
Page 62
62 c hapter 4: a ddress t able c ommands bridge aging-time the bridge aging-time global configuration mode command sets the address table aging time. To restore the default configuration, use the no form of this command. Syntax bridge aging-time seconds no bridge aging-time parameters ■ seconds — ti...
Page 63
Port security 63 command mode privileged exec mode user guidelines there are no user guidelines for this command. Example in the following example, the bridge tables are cleared. Port security the port security interface configuration mode command locks the port to block unknown traffic and prevent ...
Page 64
64 c hapter 4: a ddress t able c ommands default configuration this setting is disabled. Command mode interface configuration (ethernet, port-channel) mode user guidelines there are no user guidelines for this command. Example in this example, port g1 forwards all packets without learning addresses ...
Page 65
Port security routed secure-address 65 command mode interface configuration (ethernet, port-channel) mode user guidelines there are no user guidelines for this command. Example in this example, port security mode is set to dynamic for ethernet interface g7. Port security routed secure-address the po...
Page 66
66 c hapter 4: a ddress t able c ommands the command enables adding secure mac addresses to a routed port in port security mode. The command is available when the port is a routed port and in port security mode. The address is deleted if the port exits the security mode or is not a routed port. Exam...
Page 67
Show bridge address-table static 67 user guidelines internal usage vlans (vlans that are automatically allocated on ports with a defined layer 3 interface) are presented in the vlan column by a port number and not by a vlan id. "special" mac addresses that were not statically defined or dynamically ...
Page 68
68 c hapter 4: a ddress t able c ommands parameters \ ■ vlan — specifies a valid vlan, such as vlan 1. ■ interface — a valid ethernet port. ■ port-channel-number — a valid port-channel number. Default configuration this command has no default configuration. Command mode privileged exec mode user gui...
Page 70
70 c hapter 4: a ddress t able c ommands show bridge multicast address-table the show bridge multicast address-table privileged exec mode command displays multicast mac address or ip address table information. Syntax show bridge multicast address-table [ vlan vlan-id ] [ address mac-multicast-addres...
Page 71
Show bridge multicast address-table 71 a multicast mac address maps to multiple ip addresses as shown above. 19 01:00:5e:02:02 :08 static g1-8 19 00:00:5e:02:02 :08 dynamic g9-11 forbidden ports for multicast addresses: vlan mac address ports ---- -------------- ----- 1 01:00:5e:02:02 :03 8 19 01:00...
Page 72
72 c hapter 4: a ddress t able c ommands show bridge multicast filtering the show bridge multicast filtering privileged exec mode command displays the multicast filtering configuration. Syntax show bridge multicast filtering vlan-id parameters ■ vlan-id — indicates the vlan id. This has to be a vali...
Page 74
74 c hapter 4: a ddress t able c ommands the following table describes the fields shown above. Show ports security addresses the show ports security addresses privileged exec mode command displays the current dynamic addresses in locked ports. Syntax show ports security addresses [ ethernet interfac...
Page 75
Show ports security addresses 75 user guidelines there are no user guidelines for this command. Example this example displays dynamic addresses in all currently locked ports. This example displays dynamic addresses in the currently locked port 1. Console# show ports security addresses port status le...
Page 76
76 c hapter 4: a ddress t able c ommands.
Page 77: Thernet
5 e thernet c onfiguration c ommands interface ethernet the interface ethernet global configuration mode command enters the interface configuration mode to configure an ethernet type interface. Syntax interface ethernet interface parameters ■ interface — valid ethernet port. Elana default configurat...
Page 78
78 c hapter 5: e thernet c onfiguration c ommands parameters ■ port-list — list of valid ports. Where more than one port is listed, separate the nonconsecutive ports with a comma and no spaces, use a hyphen to designate a range of ports and group a list separated by commas in brackets. ■ all — all e...
Page 79
Description 79 command mode interface configuration (ethernet, port-channel) mode user guidelines there are no user guidelines for this command. Example the following example disables ethernet port g5 operations. The following example restarts the disabled ethernet port. Description the description ...
Page 80
80 c hapter 5: e thernet c onfiguration c ommands example the following example adds a description to ethernet port g5. Speed the speed interface configuration (ethernet, port-channel) mode command configures the speed of a given ethernet interface when not using auto-negotiation. To restore the def...
Page 82
82 c hapter 5: e thernet c onfiguration c ommands syntax negotiation [ capability1 [capability2…capability5 ]] no negotiation parameters ■ capability — specifies the capabilities to advertise. (possible values: 10h, 10f, 100h,100f, 1000f) default configuration auto-negotiation is enabled. If unspeci...
Page 83
Mdix 83 parameters ■ auto — indicates auto-negotiation ■ on — enables flow control. ■ off — disables flow control. Default configuration flow control is off. Command mode interface configuration (ethernet, port-channel) mode user guidelines negotiation should be enabled for flow control auto. Exampl...
Page 84
84 c hapter 5: e thernet c onfiguration c ommands user guidelines auto : all possibilities to connect a pc with cross or normal cables are supported and are automatically detected. On : it is possible to connect to a pc only with a normal cable and to connect to another device only with a cross cabl...
Page 88
88 c hapter 5: e thernet c onfiguration c ommands show interfaces status the s how interfaces status privileged exec mode command displays the status of all configured interfaces. ---- ---- ---- --- ---- -- ---- - ---- --- ---- ---- - ---- ---- ---- 1 100m -cop per full 100 enab led off up disa bled...
Page 91
Show interfaces counters 91 default configuration this command has no default configuration. Command modes privileged exec mode user guidelines there are no user guidelines for this command. Example the following example displays descriptions of configured interfaces. Show interfaces counters the sh...
Page 92
92 c hapter 5: e thernet c onfiguration c ommands default configuration this command has no default configuration. Command modes privileged exec mode user guidelines there are no user guidelines for this command. Example the following example displays traffic seen by the physical interface. Console#...
Page 93
Show interfaces counters 93 the following table describes the fields shown in the display. The following table describes the fields shown in the display. Ch outoctets outucastpkt s outmcastpkt s outbcastpkt s --- --------- ----------- - ----------- - ----------- - 1 23739 0 0 0 console# show interfa...
Page 94
94 c hapter 5: e thernet c onfiguration c ommands port storm-control include-multicast (gc) the port storm-control include-multicast interface configuration mode command enables counting multicast packets in the port storm-control broadcast rate command. To disable counting multicast packets, use th...
Page 95
Port storm-control include-multicast (ic) 95 user guidelines to control multicasts storms, use the port storm-control broadcast enable and port storm-control broadcast rate commands. Example the following example enables counting multicast packets. Port storm-control include-multicast (ic) the port ...
Page 96
96 c hapter 5: e thernet c onfiguration c ommands example the following example enables counting broadcast and multicast packets on ethernet port 2. Port storm-control broadcast enable the port storm-control broadcast enable interface configuration (ethernet) mode command enables broadcast storm con...
Page 97
Port storm-control broadcast rate 97 port storm-control broadcast rate the port storm-control broadcast rate interface configuration (ethernet) mode command configures the maximum broadcast rate. To restore the default configuration, use the no form of this command. Syntax port storm-control broadca...
Page 98
98 c hapter 5: e thernet c onfiguration c ommands default configuration this command has no default configuration. Command modes privileged exec mode user guidelines there are no user guidelines for this command. Example the following example displays the storm control configuration. Console# show p...
Page 100
100 c hapter 6: l ine c ommands syntax speed bps parameters ■ bps — baud rate in bits per second (bps). Possible values are 2400, 4800, 9600, 19200, 38400, 57600 and 115200. Default configuration the default speed is 19200 bps. Command mode line configuration (console) mode user guidelines this comm...
Page 101
Exec-timeout 101 user guidelines this command is available only on the line console. To start communication using autobaud , press enter > twice. This configuration applies only to the current session. Example the following example enables autobaud.L exec-timeout the exec-timeout line configuration ...
Page 102
102 c hapter 6: l ine c ommands example the following example configures the interval that the system waits until user input is detected to 20 minutes. History the history line configuration mode command enables the command history function. To disable the command history function, use the no form o...
Page 103
Terminal history 103 syntax history size number-of-commands no history size parameters ■ number-of-commands —number of commands that the system records in its history buffer. (range: 10-200) default configuration the default history buffer size is 10. Command mode line configuration mode user guidel...
Page 104
104 c hapter 6: l ine c ommands command mode user exec mode user guidelines there are no user guidelines for this command. Example the following example disables the command history function for the current terminal session. Terminal history size the terminal history size user exec mode command conf...
Page 106
106 c hapter 6: l ine c ommands parity: none stopbits: 1 telnet configuration: interactive timeout: 10 minutes 10 seconds history: 10 ssh configuration: interactive timeout: 10 minutes 10 seconds history: 10
Page 107: Phy D
7 phy d iagnostics c ommands test copper-port tdr the test copper-port tdr privileged exec mode command uses time domain reflectometry (tdr) technology to diagnose the quality and characteristics of a copper cable attached to a port. Syntax test copper-port tdr interface parameters ■ interface — a v...
Page 108
108 c hapter 7: phy d iagnostics c ommands example the following example results in a report on the cable attached to port g3. Show copper-ports tdr the show copper-ports tdr privileged exec mode command displays information on the last time domain reflectometry (tdr) test performed on copper ports....
Page 109
Show copper-ports cable-length 109 show copper-ports cable-length the show copper-ports cable-length privileged exec mode command displays the estimated copper cable length attached to a port. Syntax show copper-ports cable-length [ interface ] parameters ■ interface — a valid ethernet port. Elana d...
Page 110
110 c hapter 7: phy d iagnostics c ommands example the following example displays the estimated copper cable length attached to all ports. Show fiber-ports optical-transceiver the show fiber-ports optical-transceiver privileged exec mode command displays the optical transceiver diagnostics. Syntax s...
Page 111
Show fiber-ports optical-transceiver 111 example the following example displays the optical transceiver diagnostics results. Console# show fiber-ports optical-transceiver 21 curre nt output port temp volta ge power power input los ---- ---- ----- -- ----- -- ----- - ----- --- 21 ok ok ok ok ok no te...
Page 112
112 c hapter 7: phy d iagnostics c ommands console# show fiber-ports optical-transceiver 21 detailed current output port temp voltage power power input los [c] [volt] [ma] [mwatt] [mwatt] ---- ---- ------- ------- ------ ----- ------- 21 34 3.35 8.43 2.72 7.71 no temp – internally measured transceiv...
Page 113: Ort
8 p ort c hannel c ommands interface port-channel the interface port-channel global configuration mode command enters the global configuration mode to configure a specific port-channel. Syntax i nterface port-channel port-channel-number parameters ■ port-channel-numbe r — a valid port-channel number...
Page 115
Show interfaces port-channel 115 ■ auto — allows the port to join a channel as a result of an lacp operation. Default configuration the port is not assigned to a port-channel. Command mode interface configuration (ethernet) mode user guidelines there are no user guidelines for this command. Example ...
Page 116
116 c hapter 8: p ort c hannel c ommands the following example displays information on all port-channels. Console# show interfaces port-channel channel ports ------- ------------------------------- -- 1 active: g1, g2 2 active: g2, g7 inactive: g1 3 active: g3, g8.
Page 118
118 c hapter 9: q o s c ommands show qos the show qos privileged exec mode command displays the quality of service (qos) mode for the device. Syntax show qos default configuration this command has no default configuration. Command mode privileged exec mode user guidelines trust mode is displayed if ...
Page 119
Class-map 119 ■ match-any — checks that the packet matches one or more classification criteria in the class map match statement. Default configuration by default, the match-all parameter is selected. Command mode global configuration mode user guidelines the class-map global configuration mode comma...
Page 120
120 c hapter 9: q o s c ommands show class-map the show class-map privileged exec mode command displays all class maps. Syntax show class-map [ class-map-name ] parameters ■ class-map-name — specifies the name of the class map to be displayed. Default configuration this command has no default config...
Page 121
Policy-map 121 default configuration no match criterion is supported. Command mode class-map configuration mode. User guidelines there are no user guidelines for this command. Example the following example defines the match criterion for classifying traffic as an access group called ‘enterprise’ in ...
Page 122
122 c hapter 9: q o s c ommands configuration and match class-map configuration commands to define the match criteria of a class. Only one policy map per interface per direction is supported. A policy map can be applied to multiple interfaces and directions. Example the following example creates a p...
Page 123
Show policy-map 123 use the service-policy (ethernet, port-channel) interface configuration mode command to attach a policy map to an interface. Use an existing class map to attach classification criteria to the specified policy map and use the access-group parameter to modify the classification cri...
Page 124
124 c hapter 9: q o s c ommands example the following example displays all policy maps. Trust cos-dscp the trust cos-dscp policy-map class configuration mode command configures the trust state. The trust state determines the source of the internal dscp value used by quality of service (qos). To rest...
Page 126
126 c hapter 9: q o s c ommands to return to the policy-map configuration mode, use the exit command. To return to the privileged exec mode, use the end command. Example the following example sets the dscp value in the packet to 56 for classes in policy map called ‘policy1’. Police the police policy...
Page 127
Service-policy 127 user guidelines policing uses a token bucket algorithm. Cir represents the speed with which the token is removed from the bucket. Cbs represents the depth of the bucket. Example the following example defines a policer for classified traffic. When the traffic rate exceeds 124,000 b...
Page 128
128 c hapter 9: q o s c ommands example the following example attaches a policy map called ‘policy1’ to the input interface. Qos aggregate-policer the qos aggregate-policer global configuration mode command defines the policer parameters that can be applied to multiple traffic classes within the sam...
Page 129
Show qos aggregate-policer 129 define an aggregate policer if the policer is shared with multiple classes. Policers in one port cannot be shared with other policers in another device; traffic from two different ports can be aggregated for policing purposes. An aggregate policer can be applied to mul...
Page 130
130 c hapter 9: q o s c ommands user guidelines there are no user guidelines. Example the following example displays the parameters of the aggregate policer called ‘policer1’. Police aggregate the police aggregate policy-map class configuration mode command applies an aggregate policer to multiple c...
Page 131
Wrr-queue cos-map 131 example the following example applies the aggregate policer called ‘policer’1 to a class called ‘class1’ in policy map called ‘policy1’. Wrr-queue cos-map the wrr-queue cos-map global configuration mode command maps class of service (cos) values to a specific egress queue. To r...
Page 132
132 c hapter 9: q o s c ommands user guidelines this command can be used to distribute traffic into different queues, where each queue is configured with different weighted round robin (wrr) and weighted random early detection (wred) parameters. It is recommended to specifically map a single vpt to ...
Page 133
Priority-queue out num-of-queues 133 user guidelines use the priority-queue out num-of-queues global configuration mode command to configure a queue as wrr or strict priority. Use this command to define a wrr weight per interface. The weight ratio for each queue is defined by the queue weight divide...
Page 134
134 c hapter 9: q o s c ommands command mode global configuration mode user guidelines configuring the number of expedite queues affects the weighted round robin (wrr) weight ratio because fewer queues participate in the wrr. Example the following example configures the number of expedite queues as ...
Page 135
Rate-limit interface configuration 135 to activate the shaper on an egress port, enter the interface configuration mode and specify the port number. The cir and the cbs will be applied to the specified port. Example the following example sets a shaper on ethernet port g5 when the average traffic rat...
Page 137
Show qos interface 137 example the following example displays the buffer settings for queues on ethernet port 1. Console# show qos interface ether- net g1 buffers ethernet g1 notify q depth qi d si ze 1 12 5 2 12 5 3 12 5 4 12 5 5 12 5 6 12 5 7 12 5 8 12 5 qi d threshold 1 10 0 2 10 0 3 10 0
Page 138
138 c hapter 9: q o s c ommands qos map policed-dscp the qos map policed-dscp global configuration mode command modifies the policed-dscp map for remarking purposes. To restore the default map, use the no form of this command. Syntax qos map policed-dscp dscp-list to dscp-mark-down no qos map police...
Page 139
Qos map dscp-queue 139 parameters ■ dscp- list — specifies up to 8 dscp values separated by a space. (range: 0-63) ■ dscp-mark-down — specifies the dscp value to mark down. (range: 0-63) default configuration the default map is the null map, which means that each incoming dscp value is mapped to the...
Page 140
140 c hapter 9: q o s c ommands default configuration the following table describes the default map. Command mode global configuration mode user guidelines there are no user guidelines for this command. Example the following example maps dscp values 33, 40 and 41 to queue 1. Qos trust (global) the q...
Page 141
Qos trust (interface) 141 command mode global configuration mode user guidelines packets entering a quality of service (qos) domain are classified at the edge of the qos domain. When packets are classified at the edge, the switch port within the qos domain can be configured to one of the trusted sta...
Page 142
142 c hapter 9: q o s c ommands user guidelines there are no user guidelines for this command. Example the following example configures ethernet port 15 to the default trust state. Qos cos the qos cos interface configuration (ethernet, port-channel) mode command defines the default cos value of a po...
Page 143
Qos dscp-mutation 143 qos dscp-mutation the qos dscp-mutation global configuration mode command applies the dscp mutation map to a system dscp trusted port. To restore the trust state with no dscp mutation, use the no form of this command. Syntax qos dscp-mutation no qos dscp-mutation default config...
Page 144
144 c hapter 9: q o s c ommands syntax qos map dscp-mutation in-dscp to out-dscp no qos map dscp-mutation parameters ■ in-dscp — specifies up to 8 dscp values separated by spaces. (range: 0-63) ■ out-dscp — specifies up to 8 dscp values separated by spaces. (range: 0-63) default configuration the de...
Page 145
Security-suite dos protect 145 parameters ■ global-rules-only — specifies that all the security suites commands would be only global commands. This setting saves space in the ternary content addressable memory (tcam). Default configuration no protection is configured. Command mode global configurati...
Page 146
146 c hapter 9: q o s c ommands command mode global configuration mode user guidelines the following table describes a list of dos attacks and the protection type: example the following example protects the system from the invasor trojan. Security-suite deny martian-addresses the security-suite deny...
Page 147
Security-suite deny martian-addresses 147 ■ reserved — specify to discard packets with source address or destination address in the block of the reserved ip addresses. See the usage guidelines for a list of reserved addresses. Default configuration martian addresses are allowed. Command mode global ...
Page 148
148 c hapter 9: q o s c ommands example the following example discard all packets with a source address or a destination address in the block of the reserved ip addresses. 192.168.0.0/16 private-use networks. 198.18.0.0/15 this block has been allocated for use in benchmark tests of network interconn...
Page 149: Lock
10 c lock c ommands clock set the clock set privileged exec mode command manually sets the system clock. Syntax clock set hh:mm:ss day month year or clock set hh:mm:ss month day year parameters ■ hh:mm:ss — current time in hours (military format), minutes, and seconds. (hh: 0-23, mm: 0-59, ss: 0-59)...
Page 150
150 c hapter 10: c lock c ommands example the following example sets the system time to 13:32:00 on march 7th, 2005. Clock source the clock source global configuration mode command configures an external time source for the system clock. Use no form of this command to disable external time source. S...
Page 151
Clock summer-time 151 syntax clock timezone hours-offset [ minutes minutes-offset] [ zone acronym ] no clock timezone parameters ■ hours-offset — hours difference from utc. (range: –12 hours to +13 hours) ■ minutes-offset — minutes difference from utc. (range: 0-59) ■ acronym — the acronym of the ti...
Page 152
152 c hapter 10: c lock c ommands clock summer-time date month date year hh:mm month date year hh:mm [ offset offset ] [ zone acronym ] no clock summer-time recurring parameters ■ recurring — indicates that summer time should start and end on the corresponding specified days every year. ■ date — ind...
Page 153
Sntp authentication-key 153 user guidelines in both the date and recurring forms of the command, the first part of the command specifies when summer time begins, and the second part specifies when it ends. All times are relative to the local time zone. The start time is relative to standard time. Th...
Page 154
154 c hapter 10: c lock c ommands ■ value — key value (range: 1-8 characters) default configuration no authentication key is defined. Command mode global configuration mode user guidelines multiple keys can be generated. Example the following example defines the authentication key for sntp. Sntp aut...
Page 155
Sntp trusted-key 155 example the following example defines the authentication key for sntp and grants authentication. Sntp trusted-key the sntp trusted-key global configuration mode command authenticates the identity of a system to which simple network time protocol (sntp) will synchronize. To disab...
Page 156
156 c hapter 10: c lock c ommands example the following example authenticates key 8. Sntp client poll timer the sntp client poll timer global configuration mode command sets the polling time for the simple network time protocol (sntp) client. To restoreto restoreto restore default configuration, use...
Page 157
Sntp anycast client enable 157 sntp anycast client enable the sntp anycast client enable global configuration mode command enables sntp anycast client. To disable the sntp anycast client, use the no form of this command. Syntax sntp anycast client enable no sntp anycast client enable default configu...
Page 158
158 c hapter 10: c lock c ommands default configuration the sntp client is disabled on an interface. Command mode interface configuration (ethernet, port-channel, vlan) mode user guidelines use the sntp anycast client enable global configuration mode command to enable anycast clients globally. Examp...
Page 159
Sntp unicast client poll 159 example the following example enables the device to use the simple network time protocol (sntp) to request and accept sntp traffic from servers. Sntp unicast client poll the sntp unicast client poll global configuration mode command enables polling for the simple network...
Page 161
Show clock 161 syntax show clock [detail] parameters ■ detail — shows timezone and summertime configuration. Default configuration this command has no default configuration. Command mode privileged exec mode user guidelines the symbol that precedes the show clock display indicates the following: exa...
Page 162
162 c hapter 10: c lock c ommands show sntp configuration the show sntp configuration privileged exec mode command shows the configuration of the simple network time protocol (sntp). Syntax show sntp configuration default configuration this command has no default configuration. Command mode privileg...
Page 163
Show sntp status 163 show sntp status the show sntp status privileged exec mode command shows the status of the simple network time protocol (sntp). Syntax show sntp status default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there are no...
Page 164
164 c hapter 10: c lock c ommands example the following example shows the status of the sntp. Console# show sntp status clock is synchronized, stratum 4, reference is 176.1.1.8, unicast reference time is afe2525e.70597b34 (00:10:22.438 pdt jul 5 1993) unicast servers: server status last response off...
Page 165
Show sntp status 165 g13 0.0.0.0 00:00:00.0 feb 19 2005 vlan 1 16.1.1.2 00 15:15:16 .0 llbg feb 19 2006.
Page 166
166 c hapter 10: c lock c ommands.
Page 168
168 c hapter 11: rmon c ommands the following table describes the significant fields shown in the display. Console# show rmon statistics ethernet 1 port: 1 octets: 878128 packets: 978 broadcast: 7 multicast: 1 crc align errors: 0 collisions: 0 undersize pkts: 0 oversize pkts: 0 fragments: 0 jabbers:...
Page 169
Rmon collection history 169 rmon collection history the rmon collection history interface configuration (ethernet, port-channel) mode command enables a remote monitoring (rmon) mib history statistics group on an interface. To remove a specified rmon history statistics group, use the no form of this ...
Page 170
170 c hapter 11: rmon c ommands parameters ■ index — specifies the statistics group index . (range: 1-65535) ■ ownername — specifies the rmon statistics group owner name. (range: 0-160 characters) ■ bucket-number — number of buckets specified for the rmon collection history group of statistics. If u...
Page 171
Show rmon collection history 171 parameters ■ interface — valid ethernet port. Elana ■ port-channel-number — valid port-channel number. Default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there are no user guidelines for this command. Ex...
Page 173
Show rmon history 173 time octets packets broadcas t multicas t util -------- -------- ---- -------- - ------- -------- -- -------- - ----- jan 18 2005 21:57:00 30359596 2 357568 3289 7287 19% jan 18 2005 21:57:30 28769630 4 275686 2789 5878 20% console# show rmon history 1 errors sample set: 1 owne...
Page 174
174 c hapter 11: rmon c ommands the following table describes significant fields shown in the example: sample set: 1 owner: me interface: g1 interval: 1800 requested samples: 50 granted samples: 50 maximum table size: 500 time dropped collisio ns ------------------- - -------- -------- -- jan 18 200...
Page 175
Rmon alarm 175 rmon alarm the rmon alarm global configuration mode command configures alarm conditions. To remove an alarm, use the no form of this command. Syntax rmon alarm index variable interval rthreshold fthreshold revent fevent [ type type ] [ startup direction ] [ owner name ] no rmon alarm ...
Page 176
176 c hapter 11: rmon c ommands ■ rthreshold — specifies the rising threshold. (range: 0-2147483647) ■ fthreshold — specifies the falling threshold. (range: 0-2147483647) ■ revent — specifies the event index used when a rising threshold is crossed.(range: 1-65535) ■ fevent — specifies the event inde...
Page 177
Show rmon alarm-table 177 ■ sample interval — 360000 seconds ■ rising threshold — 1000000 ■ falling threshold — 1000000 ■ rising threshold event index — 10 ■ falling threshold event index — 20 show rmon alarm-table the show rmon alarm-table privileged exec mode command displays the alarms table. Syn...
Page 178
178 c hapter 11: rmon c ommands the following table describes significant fields shown in the example: show rmon alarm the show rmon alarm privileged exec mode command displays alarm configuration. Syntax show rmon alarm number parameters ■ number — specifies the alarm index. (range: 1-65535) defaul...
Page 179
Show rmon alarm 179 the following table describes the significant fields shown in the display: console# show rmon alarm 1 alarm 1 ------- oid: 1.3.6.1.2.1.2.2.1.10.1 last sample value: 878128 interval: 30 sample type: delta startup alarm: rising rising threshold: 8700000 falling threshold: 78 rising...
Page 180
180 c hapter 11: rmon c ommands rmon event the rmon event global configuration mode command configures an event. To remove an event, use the no form of this command. Syntax rmon event index type [ community text ] [ description text ] [ owner name ] no rmon event index parameters ■ index — specifies...
Page 181
Show rmon events 181 user guidelines if log is specified as the notification type, an entry is made in the log table for each event. If trap is specified, an snmp trap is sent to one or more management stations. Example the following example configures an event identified as index 10 and for which t...
Page 182
182 c hapter 11: rmon c ommands the following table describes significant fields shown in the example: show rmon log the show rmon log privileged exec mode command displays the rmon log table. Syntax show rmon log [ event ] parameters ■ event — specifies the event index. (range: 0-65535) default con...
Page 183
Rmon table-size 183 example the following example displays the rmon log table. The following table describes the significant fields shown in the display: rmon table-size the rmon table-size global configuration mode command configures the maximum size of rmon tables. To return to the default configu...
Page 184
184 c hapter 11: rmon c ommands ■ history entries — maximum number of history table entries. (range: 20 -32767) ■ log entries — maximum number of log table entries. (range: 20-32767) default configuration history table size is 270. Log table size is 200. Command mode global configuration mode user g...
Page 185: Igmp S
12 igmp s nooping c ommands ip igmp snooping (global) the ip igmp snooping global configuration mode command enables internet group management protocol (igmp) snooping. To disable igmp snooping, use the no form of this command. Syntax ip igmp snooping no ip igmp snooping default configuration igmp s...
Page 186
186 c hapter 12: igmp s nooping c ommands specific vlan. To disable igmp snooping on a vlan interface, use the no form of this command. Syntax ip igmp snooping no ip igmp snooping default configuration igmp snooping is disabled . Command mode interface configuration (vlan) mode user guidelines igmp ...
Page 187
Ip igmp snooping host-time-out 187 user guidelines multicast device ports can be configured statically using the bridge multicast forward-all interface configuration (vlan) mode command. Example the following example enables automatic learning of multicast device ports on vlan 2. Ip igmp snooping ho...
Page 188
188 c hapter 12: igmp s nooping c ommands example the following example configures the host timeout to 300 seconds. Ip igmp snooping mrouter-time-out the ip igmp snooping mrouter-time-out interface configuration (vlan) mode command configures the mrouter-time-out. The ip igmp snooping mrouter-time-o...
Page 189
Ip igmp snooping leave-time-out 189 ip igmp snooping leave-time-out the ip igmp snooping leave-time-out interface configuration (vlan) mode command configures the leave-time-out. If an igmp report for a multicast group was not received for a leave-time-out period after an igmp leave was received fro...
Page 190
190 c hapter 12: igmp s nooping c ommands syntax show ip igmp snooping mrouter [ interface vlan-id ] parameters ■ vlan-id — specifies the vlan number. Default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there are no user guidelines for t...
Page 191
Show ip igmp snooping groups 191 parameters ■ vlan-id — specifies the vlan number. Default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there are no user guidelines for this command. Example the following example displays igmp snooping in...
Page 192
192 c hapter 12: igmp s nooping c ommands command mode privileged exec mode user guidelines to see the full multicast address table (including static addresses) use the show bridge multicast address-table privileged exec command. Example the following example shows igmp snooping information on multi...
Page 193: Lacp C
13 lacp c ommands lacp system-priority the lacp system-priority global configuration mode command configures the system priority. To restore the default configuration, use the no form of this command. Syntax lacp system-priority value no lacp system-priority parameters ■ value — specifies system pri...
Page 194
194 c hapter 13: lacp c ommands syntax lacp port-priority value no lacp port-priority parameters ■ value — specifies port priority. (range: 1-65535) default configuration the default port priority is 1. Command mode interface configuration (ethernet) mode user guidelines there are no user guidelines...
Page 195
Show lacp ethernet 195 command mode interface configuration (ethernet) mode user guidelines there are no user guidelines for this command. Example the following example assigns a long administrative lacp timeout to ethernet port g6. Show lacp ethernet the show lacp ethernet privileged exec mode comm...
Page 196
196 c hapter 13: lacp c ommands console# show lacp ethernet g1 1 lacp parameters: actor system priority: 1 system mac addr: 00:00:12:34:56 :78 port admin key: 30 port oper key: 30 port oper number: 21 port admin priority: 1 port oper priority: 1 port admin timeout: long port oper timeout: long lacp ...
Page 197
Show lacp ethernet 197 port oper key: 0 port oper number: 0 port admin priority: 0 port oper priority: 0 port oper timeout: long lacp activity: passive aggregation: aggregatable synchronizatio n: false collecting: false distributing: false expired: false g1 lacp statistics: lacp pdus sent: 2 lacp pd...
Page 198
198 c hapter 13: lacp c ommands show lacp port-channel the show lacp port-channel privileged exec mode command displays lacp information for a port-channel. Syntax show lacp port-channel [ port_channel_number ] parameters ■ port_channel_number — valid port-channel number. Default configuration this ...
Page 199
Show lacp port-channel 199 port type gigabit ethernet attached lag id: actor system priority: 1 mac address: 00:02:85:0e:1c :00 admin key: 1000 oper key: 1000 partner system priority: 0 mac address: 00:00:00:00:00 :00 oper key: 14.
Page 200
200 c hapter 13: lacp c ommands.
Page 202
202 c hapter 14: p ower over e thernet commands power inline powered-device the power inline powered-device interface configuration mode command adds a description of the powered device type. Use the no form of this command to remove the description. Syntax power inline powered-device pd-type no pow...
Page 203
Power inline usage-threshold 203 parameters ■ critical — the operation of the powered device is critical. ■ high — the operation of the powered device is in high priority. ■ low — the operation of the powered is in low priority. Default configuration low priority command mode interface configuration...
Page 204
204 c hapter 14: p ower over e thernet commands global configuration mode user guidelines there are no user guidelines for this command. Example the following example configures the threshold for initiating inline power usage alarms to 90 percent. Power inline traps enable the power inline traps ena...
Page 205
Show power inline 205 syntax show power inline [ ethernet interface ] parameters ■ interface — valid ethernet port. Elana default configuration there is no default configuration for this command. Command mode privileged exec mode user guidelines there are no user guidelines for this command. Example...
Page 206
206 c hapter 14: p ower over e thernet commands the following table describes the fields shown in the display: 1 auto search ing low class0 2 auto search ing low class0 3 auto search ing low class0 console# show power inline ethernet 1 admin oper port powere d device state priori ty state class ----...
Page 207
Show power inline 207 usage threshold the usage threshold expressed in percents for comparing the measured power and initiating an alarm if threshold is exceeded. Traps indicates if inline power traps are enabled. Port the ethernet port number. Powered device a description of the powered device type...
Page 208
208 c hapter 14: p ower over e thernet commands.
Page 209: Panning
15 s panning -t ree c ommands spanning-tree the spanning-tree global configuration mode command enables spanning-tree functionality. To disable the spanning-tree functionality, use the no form of this command. Syntax spanning-tree no spanning-tree default configuration spanning-tree is enabled. Comm...
Page 210
210 c hapter 15: s panning -t ree c ommands no spanning-tree mode parameters ■ stp — indicates that the spanning tree protocol (stp) is enabled. ■ rstp — indicates that the rapid spanning tree protocol (rstp) is enabled. ■ mstp — indicates that the multiple spanning tree protocol (rstp) is enabled. ...
Page 211
Spanning-tree hello-time 211 default configuration the default forwarding time for the ieee spanning tree protocol (stp) is 15 seconds. Command modes global configuration mode user guidelines when configuring the forwarding time, the following relationship should be kept: 2*(forward-time - 1) >= max...
Page 212
212 c hapter 15: s panning -t ree c ommands when configuring the hello time, the following relationship should be kept: max-age >= 2*(hello-time + 1) example the following example configures spanning tree bridge hello time to 5 seconds. Spanning-tree max-age the spanning-tree max-age global configur...
Page 213
Spanning-tree priority 213 example the following example configures the spanning tree bridge maximum-age to 10 seconds. Spanning-tree priority the spanning-tree priority global configuration mode command configures the spanning tree priority of the device. The priority value is used to determine whi...
Page 214
214 c hapter 15: s panning -t ree c ommands syntax spanning-tree disable no spanning-tree disable default configuration spanning tree is enabled on all ports. Command modes interface configuration (ethernet, port-channel) mode user guidelines there are no user guidelines for this command. Example th...
Page 215
Spanning-tree port-priority 215 command modes interface configuration (ethernet, port-channel) mode user guidelines the path cost method is configured using the spanning-tree pathcost method global configuration mode command. Example the following example configures the spanning-tree cost on etherne...
Page 216
216 c hapter 15: s panning -t ree c ommands example the following example configures the spanning priority on ethernet port g15 to 96. Spanning-tree portfast the spanning-tree portfas t interface configuration mode command enables portfast mode. In portfast mode, the interface is immediately put int...
Page 217
Spanning-tree link-type 217 spanning-tree link-type the spanning-tree link-type interface configuration mode command overrides the default link-type setting determined by the duplex mode of the port and enables rapid spanning tree protocol (rstp) transitions to the forwarding state. To restore the d...
Page 219
Clear spanning-tree detected-protocols 219 ■ flooding — flood bpdu packets when the spanning tree is disabled on an interface. Default configuration the default setting is flooding. Command modes global configuration mode user guidelines there are no user guidelines for this command. Example the fol...
Page 220
220 c hapter 15: s panning -t ree c ommands example the following example restarts the protocol migration process on ethernet port g11. Spanning-tree mst priority the spanning-tree mst priority global configuration mode command configures the device priority for the specified spanning-tree instance....
Page 221
Spanning-tree mst port-priority 221 discarded and the port information is aged out. To restore the default configuration, use the no form of this command. Syntax spanning-tree mst max-hops hop-count no spanning-tree mst max-hops parameters ■ hop-count —number of hops in an mst region before the bdpu...
Page 222
222 c hapter 15: s panning -t ree c ommands default configuration the default port priority for ieee multiple spanning tree protocol (mstp) is 128. Command modes interface configuration (ethernet, port-channel) mode user guidelines there are no user guidelines for this command. Example the following...
Page 223
Spanning-tree mst configuration 223 command modes interface configuration (ethernet, port-channel) mode user guidelines there are no user guidelines for this command. Example the following example configures the mstp instance 1 path cost for ethernet port 9 to 4. Spanning-tree mst configuration the ...
Page 225
Revision (mst) 225 syntax name string parameters ■ string — mst configuration name. The name is case-sensitive. (range: 1-32 characters) default configuration the default name is the mac address. Command mode mst configuration mode user guidelines there are no user guidelines for this command. Examp...
Page 226
226 c hapter 15: s panning -t ree c ommands user guidelines there are no user guidelines for this command. Example the following example sets the configuration revision to 1. Show (mst) the show mst configuration mode command displays the current or pending mst region configuration. Syntax show {cur...
Page 227
Exit (mst) 227 exit (mst) the exit mst configuration mode command exits the mst configuration mode, and applies all configuration changes. Syntax exit default configuration this command has no default configuration. Command mode mst configuration mode user guidelines there are no user guidelines for...
Page 228
228 c hapter 15: s panning -t ree c ommands command mode mst configuration mode user guidelines there are no user guidelines for this command. Example the following example exits the mst configuration mode without saving changes. Spanning-tree guard root the spanning-tree guard root interface config...
Page 230
230 c hapter 15: s panning -t ree c ommands example the following example displays spanning-tree information. Console# show spanning-tree spanning tree enabled mode mstp default port cost method: short cst root id prior ity 32768 addre ss 00:01:42:97:e0:00 path cost 20000 root port 1 (1) bridg e id ...
Page 231
Show spanning-tree 231 g2 enabl ed 128.2 20000 fwd desg no share d (stp) g3 disab led 128.3 20000 - - - - g4 enabl ed 128.4 20000 blk altn no share d (stp) g5 enabl ed 128.5 20000 dis - - - console# show spanning-tree spanning tree enabled mode rstp default port cost method: long root id prior ity 3...
Page 232
232 c hapter 15: s panning -t ree c ommands g3 disab led 128.3 20000 - - - - g4 enabl ed 128.4 20000 fwd desg no share d (stp) g5 enabl ed 128.5 20000 dis - - - console# show spanning-tree spanning tree disabled (bpdu filtering) mode rstp default port cost method: long root id prior ity n/a addre ss...
Page 233
Show spanning-tree 233 g1 enabl ed 128.1 20000 - - - - g2 enabl ed 128.2 20000 - - - - g3 disab led 128.3 20000 - - - - g4 enabl ed 128.4 20000 - - - - g5 enabl ed 128.5 20000 - - - - console# show spanning-tree active spanning tree enabled mode rstp default port cost method: long root id prior ity ...
Page 234
234 c hapter 15: s panning -t ree c ommands name state prio. Nbr cost sts role portf ast type ---- ----- -- ----- --- ----- --- ---- ----- --- ----- ----- g1 enabl ed 128.1 20000 fwd root no p2p (rstp ) g2 enabl ed 128.2 20000 fwd desg no share d (stp) g4 enabl ed 128.4 20000 blk altn no share d (st...
Page 235
Show spanning-tree 235 interfaces name state prio. Nbr cost sts role portf ast type ---- ----- -- ----- --- ----- --- ---- ----- --- ----- ----- g4 enabl ed 128.4 20000 blk altn no share d (stp) console# show spanning-tree detail spanning tree enabled mode rstp default port cost method: long root id...
Page 236
236 c hapter 15: s panning -t ree c ommands times : hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 port 1 (1) enabled state: forwarding role: root port id: 128.1 port cost: 20000 type: p2p (configured: auto) rstp port fast: no (configured:no) designated bridge prior...
Page 237
Show spanning-tree 237 number of transitions to forwarding state: n/a bpdu: sent n/a, received n/a port 4 (4) enabled state: blocking role: alternate port id: 128.4 port cost: 20000 type: shared (configured:auto) stp port fast: no (configured:no) designated bridge priority: 28672 address: 00:30:94:4...
Page 238
238 c hapter 15: s panning -t ree c ommands console# show spanning-tree ethernet 1 port 1 (1) enabled state: forwarding role: root port id: 128.1 port cost: 20000 type: p2p (configured: auto) rstp port fast: no (configured:no) designated bridge priority: 32768 address: 00:01:42:97:e0:00 designated p...
Page 239
Show spanning-tree 239 addre ss 00:01:42:97:e0:00 path cost 20000 root port 1 (1) hello time 2 sec max age 20 sec forward delay 15 sec interfaces name state prio. Nbr cost sts role portf ast type ---- ----- -- ----- --- ----- --- ---- ----- --- ----- ----- g1 enabl ed 128.1 20000 fwd root no p2p bou...
Page 240
240 c hapter 15: s panning -t ree c ommands rem hops 19 bridge id prior ity 32768 addre ss 00:02:4b:29:7a :00 interfaces name state prio. Nbr cost sts role portf ast type ---- ----- -- ----- --- ----- --- ---- ----- --- ----- ----- g1 enabl ed 128.1 20000 fwd boun no p2p bound (rstp ) g2 enabl ed 12...
Page 241
Show spanning-tree 241 path cost 20000 root port 1 (g1) hello time 2 sec max age 20 sec forward delay 15 sec port 1 (g1) enabled state: forwarding role: root port id: 128.1 port cost: 20000 type: p2p (configured: auto) boundary rstp port fast: no (configured:no) designated bridge priority: 32768 add...
Page 242
242 c hapter 15: s panning -t ree c ommands port 3 (g3) enabled state: forwarding role: designated port id: 128.3 port cost: 20000 type: shared (configured: auto) internal port fast: no (configured:no) designated bridge priority: 32768 address: 00:02:4b:29:7a:00 designated port id: 128.3 designated ...
Page 243
Show spanning-tree 243 bridge id prior ity 32768 addre ss 00:02:4b:29:7a:00 number of topology changes 2 last change occurred 1d9h ago times: hold 1, topology change 2, notification 2 hello 2, max age 20, forward delay 15 port 1 (g1) enabled state: forwarding role: boundary port id: 128.1 port cost:...
Page 244
244 c hapter 15: s panning -t ree c ommands port 3 (g3) disabled state: blocking role: alternate port id: 128.3 port cost: 20000 type: shared (configured: auto) internal port fast: no (configured:no) designated bridge priority: 32768 address: 00:02:4b:29:1a:19 designated port id: 128.78 designated p...
Page 245
Show spanning-tree 245 path cost 20000 root port 1 (g1) hello time 2 sec max age 20 sec forward delay 15 sec bridg e id prior ity 32768 addre ss 00:02:4b:29:7a :00 hello time 2 sec max age 20 sec forward delay 15 sec max hops 20 console# show spanning-tree spanning tree enabled mode mstp default por...
Page 246
246 c hapter 15: s panning -t ree c ommands console# show spanning-tree spanning tree enabled mode mstp default port cost method: short cst root id prior ity 32768 addre ss 00:01:42:97:e0:00 path cost 20000 root port 1 (1) bridg e id prior ity 36864 addre ss 00:02:4b:29:7a:00 hello time 2 sec max ag...
Page 247
Show spanning-tree 247 g4 enabl ed 128.4 20000 blk altn no share d (stp) g5 enabl ed 128.5 20000 dis - - - console# show spanning-tree spanning tree enabled mode rstp default port cost method: long root id prior ity 36864 addre ss 00:02:4b:29:7a:00 this switch is the root. Hello time 2 sec max age 2...
Page 248
248 c hapter 15: s panning -t ree c ommands g5 enabl ed 128.5 20000 dis - - - console# show spanning-tree spanning tree disabled (bpdu filtering) mode rstp default port cost method: long root id prior ity n/a addre ss n/a path cost n/a root port n/a hello time n/a max age n/a forward delay n/a bridg...
Page 249
Show spanning-tree 249 g3 disab led 128.3 20000 - - - - g4 enabl ed 128.4 20000 - - - - g5 enabl ed 128.5 20000 - - - - console# show spanning-tree active spanning tree enabled mode rstp default port cost method: long root id prior ity 32768 addre ss 00:01:42:97:e0:00 path cost 20000 root port 1 (g1...
Page 250
250 c hapter 15: s panning -t ree c ommands g1 enabl ed 128.1 20000 fwd root no p2p (rstp ) g2 enabl ed 128.2 20000 fwd desg no share d (stp) g4 enabl ed 128.4 20000 blk altn no share d (stp) console# show spanning-tree blockedports spanning tree enabled mode rstp default port cost method: long root...
Page 251
Show spanning-tree 251 ---- ----- -- ----- --- ----- --- ---- ----- --- ----- ----- 4 enabl ed 128.4 20000 blk altn no share d (stp) console# show spanning-tree detail spanning tree enabled mode rstp default port cost method: long root id prior ity 32768 addre ss 00:01:42:97:e0:00 path cost 20000 ro...
Page 252
252 c hapter 15: s panning -t ree c ommands state: forwarding role: root port id: 128.1 port cost: 20000 type: p2p (configured: auto) rstp port fast: no (configured:no) designated bridge priority: 32768 address: 00:01:42:97:e0:00 designated port id: 128.25 designated path cost: 0 number of transitio...
Page 253
Show spanning-tree 253 port id: 128.4 port cost: 20000 type: shared (configured:auto) stp port fast: no (configured:no) designated bridge priority: 28672 address: 00:30:94:41:62:c8 designated port id: 128.25 designated path cost: 20000 number of transitions to forwarding state: 1 bpdu: sent 2, recei...
Page 254
254 c hapter 15: s panning -t ree c ommands console# show spanning-tree mst-configuration name: region1 revision: 1 instance vlans mapped state -------- ------------ ----- -- g0 1-9, 21-4094 enabl ed g1 10-20 enabl ed console# show spanning-tree spanning tree enabled mode mstp default port cost meth...
Page 255
Show spanning-tree 255 g1 enabl ed 128.1 20000 fwd root no p2p bound (rstp ) g2 enabl ed 128.2 20000 fwd desg no share d bound (stp) g3 enabl ed 128.3 20000 fwd desg no p2p g4 enabl ed 128.4 20000 fwd desg no p2p ###### mst 1 vlans mapped: 10-20 cst root id prior ity 24576 addre ss 00:02:4b:29:89:76...
Page 256
256 c hapter 15: s panning -t ree c ommands g1 enabl ed 128.1 20000 fwd boun no p2p bound (rstp ) g2 enabl ed 128.2 20000 fwd boun no share d bound (stp) g3 enabl ed 128.3 20000 blk altn no p2p g4 enabl ed 128.4 20000 fwd desg no p2p console# show spanning-tree detail spanning tree enabled mode mstp...
Page 257
Show spanning-tree 257 designated bridge priority: 32768 address: 00:01:42:97:e0:00 designated port id: 128.25 designated path cost: 0 number of transitions to forwarding state: 1 bpdu: sent 2, received 120638 port 2 (g2) enabled state: forwarding role: designated port id: 128.2 port cost: 20000 typ...
Page 258
258 c hapter 15: s panning -t ree c ommands type: shared (configured: auto) internal port fast: no (configured:no) designated bridge priority: 32768 address: 00:02:4b:29:7a:00 designated port id: 128.2 designated path cost: 20000 number of transitions to forwarding state: 1 bpdu: sent 2, received 17...
Page 259
Show spanning-tree 259 designated bridge priority: 32768 address: 00:02:4b:29:7a:00 designated port id: 128.1 designated path cost: 20000 number of transitions to forwarding state: 1 bpdu: sent 2, received 120638 port 2 (g2) enabled state: forwarding role: designated port id: 128.2 port cost: 20000 ...
Page 260
260 c hapter 15: s panning -t ree c ommands type: shared (configured: auto) internal port fast: no (configured:no) designated bridge priority: 32768 address: 00:02:4b:29:7a:00 designated port id: 128.2 designated path cost: 20000 number of transitions to forwarding state: 1 bpdu: sent 2, received 17...
Page 261
Show spanning-tree 261 console# show spanning-tree spanning tree enabled mode mstp default port cost method: long ###### mst 0 vlans mapped: 1-9, 21-4094 cst root id prior ity 32768 addre ss 00:01:42:97:e0:00
Page 262
262 c hapter 15: s panning -t ree c ommands.
Page 263: Onfiguration
16 c onfiguration and i mage f ile c ommands copy the copy privileged exec mode command copies files from a source to a destination. Syntax copy source-url destination-url parameters ■ source-url — the source file location url or reserved keyword of the source file to be copied. (range: 1-160 charac...
Page 264
264 c hapter 16: c onfiguration and i mage f ile c ommands default configuration this command has no default configuration. Command mode privileged exec mode user guidelines the location of a file system dictates the format of the source or destination url. The entire copying process may take severa...
Page 265
Copy 265 copying an image file from a server to flash memory to copy an image file from a server to flash memory, use the copy source-url image command. Copying a boot file from a server to flash memory to copy a boot file from a server to flash memory, enter the copy source-url boot command. Copyin...
Page 266
266 c hapter 16: c onfiguration and i mage f ile c ommands example the following example copies system image file1 from the tftp server 172.16.101.101 to a non-active image file. Delete the delete privileged exec mode command deletes a file from a flash memory device. Syntax delete url parameters ■ ...
Page 267
Boot system 267 user guidelines *.Sys, *.Prv, image-1 and image-2 files cannot be deleted. Example the following example deletes the file called ‘test’ from the flash memory. Boot system the boot system privileged exec mode command specifies the system image that the device loads at startup. Syntax ...
Page 268
268 c hapter 16: c onfiguration and i mage f ile c ommands show running-config the show running-config privileged exec mode command displays the contents of the currently running configuration file. Syntax show running-config default configuration this command has no default configuration. Command m...
Page 269
Show bootvar 269 syntax show startup-config default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there are no user guidelines for this command. Example the following example displays the contents of the running configuration file. Show bo...
Page 270
270 c hapter 16: c onfiguration and i mage f ile c ommands default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there are no user guidelines for this command. Example the following example displays the active system image file that is loa...
Page 272
272 c hapter 17: radius c ommand ■ source — specifies the source ip address to use for communication. 0.0.0.0 is interpreted as request to use the ip address of the outgoing ip interface. ■ priority — determines the order in which servers are used, where 0 has the highest priority. (range: 0-65535) ...
Page 273
Radius-server retransmit 273 syntax radius-server key [ key-string ] no radius-server key parameters ■ key-string — specifies the authentication and encryption key for all radius communications between the device and the radius server. This key must match the encryption used on the radius daemon. (r...
Page 274
274 c hapter 17: radius c ommand default configuration the software searches the list of radius server hosts 3 times. Command mode global configuration mode user guidelines there are no user guidelines for this command. Example the following example configures the number of times the software search...
Page 275
Radius-server timeout 275 example the following example configures the source ip address used for communication with all radius servers to 10.1.1.1. Radius-server timeout the radius-server timeout global configuration mode command sets the interval during which the device waits for a server host to ...
Page 276
276 c hapter 17: radius c ommand syntax radius-server deadtime deadtime no radius-server deadtime parameters ■ deadtime — length of time in minutes during which a radius server is skipped over by transaction requests. (range: 0-2000) default configuration the deadtime setting is 0. Command mode glob...
Page 277
Show radius-servers 277 example the following example displays radius server settings. Console# show radius-servers ip addre ss port auth timeo ut retra nsmit deadt ime sourc e ip prior ity usage ----- ---- ---- ----- -- ----- ----- ----- - ----- --- ----- --- ----- 172.1 6.1.1 1645 globa l globa l ...
Page 278
278 c hapter 17: radius c ommand.
Page 280
280 c hapter 18: p ort m onitor c ommands gvrp is not enabled on the port. The port is not a member of a vlan, except for the default vlan (will automatically be removed from the default vlan). The f ollowing restrictions apply to ports configured to be source ports: the port cannot be already confi...
Page 281
Show ports monitor 281 ---------- - ---------- ------ ----- ------- g1 8 rx,tx active g2 8 rx,tx active g18 8 rx active.
Page 282
282 c hapter 18: p ort m onitor c ommands.
Page 284
284 c hapter 19: snmp c ommands default configuration no communities are defined. Command mode global configuration mode user guidelines the view-name parameter cannot be specified for su, which has access to the whole mib. The view-name parameter can be used to restrict the access rights of a commu...
Page 286
286 c hapter 19: snmp c ommands snmp-server group the snmp-server group global configuration mode command configures a new simple management protocol (snmp) group or a table that maps snmp users to snmp views. To remove a specified snmp group, use the no form of this command. Syntax snmp-server grou...
Page 287
Snmp-server user 287 default configuration no group entry exists. Command mode global configuration mode user guidelines there are no user guidelines for this command. Example the following example attaches a group called user-group to snmpv3 and assigns to the group the privacy security level and r...
Page 288
288 c hapter 19: snmp c ommands ■ auth-md5 password — indicates the hmac-md5-96 authentication level. The user should enter a password for authentication and generation of a des key for privacy. (range: 1-32 characters) ■ auth-sha password —indicates the hmac-sha-96 authentication level. The user sh...
Page 289
Snmp-server engineid local 289 the remote engineid designates the remote management station and should be defined to enable the device to receive informs. Example the following example configures an snmpv3 user john in a group called user-group. Snmp-server engineid local the snmp-server engineid lo...
Page 290
290 c hapter 19: snmp c ommands user guidelines to use snmpv3, you have to specify an engine id for the device. You can specify your own id or use a default string that is generated using the mac address of the device. If the snmpv3 engine id is deleted or the configuration file is erased, snmpv3 ca...
Page 291
Snmp-server enable traps 291 snmp-server enable traps the snmp-server enable traps global configuration mode command enables the device to send snmp traps. To disable snmp traps, use the no form of the command. Syntax snmp-server enable traps no snmp-server enable traps default configuration snmp tr...
Page 292
292 c hapter 19: snmp c ommands text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system. Replace a single subidentifier with the asterisk (*) wildcard to specify a subtree family; for example, 1.3.*.4. ■ included — indicates that the filter type is included. ■ excluded — indi...
Page 293
Snmp-server host 293 parameters ■ ip-address — specifies the ip address of the host (targeted recipient). ■ hostname — specifies the name of the host. (range:1-158 characters) ■ community-string — specifies a password-like community string sent with the notification operation. ■ (range: 1-20) ■ trap...
Page 294
294 c hapter 19: snmp c ommands user guidelines when configuring an snmpv1 or snmpv2 notification recipient, a notification view for that recipient is automatically generated for all the mib. When configuring an snmpv1 notification recipient, the inform option cannot be selected. If a trap and infor...
Page 295
Snmp-server trap authentication 295 ■ priv — indicates authentication of a packet with encryption. ■ port — specifies the udp port of the host to use. If unspecified, the default udp port number is 162. (range: 1-65535) ■ filtername —specifies a string that defines the filter for this host. If unspe...
Page 296
296 c hapter 19: snmp c ommands default configuration snmp failed authentication traps are enabled. Command mode global configuration mode user guidelines there are no user guidelines for this command. Example the following example enables snmp failed authentication traps. Snmp-server contact the sn...
Page 297
Snmp-server location 297 the following example configures the system contact point called 3com_technical_support . Snmp-server location the snmp-server location global configuration mode command configures the system location string. To remove the location string, use the no form of this command. Sy...
Page 298
298 c hapter 19: snmp c ommands parameters ■ variable-name — mib variable name (range 1-160 characters). ■ name value — list of name and value pairs. In the case of scalar mibs, only a single pair of name values. In the case of an entry in a table, at least one pair of name and value followed by one...
Page 299
Show snmp 299 user guidelines there are no user guidelines for this command. Example the following example displays the snmp communications status. Console# show snmp commu nity- stri ng community-ac cess view name ip addre ss ----- ----- ---------- ----- ---- ----- --- publi c read only user- view ...
Page 300
300 c hapter 19: snmp c ommands the following table describes the significant fields shown in the display. Show snmp engineid the show snmp engineid privileged exec mode command displays the id of the local simple network management protocol (snmp) engine. Version 1,2 notifications target address ty...
Page 301
Show snmp views 301 syntax show snmp engineid default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there are no user guidelines for this command. Example the following example displays the snmp engine id. Show snmp views the show snmp vie...
Page 302
302 c hapter 19: snmp c ommands example the following example displays the configuration of views. Show snmp groups the show snmp groups privileged exec mode command displays the configuration of groups. Syntax s how snmp groups [ groupname ] parameters ■ groupname —specifies the name of the group. ...
Page 303
Show snmp filters 303 the following table describes significant fields shown above. Show snmp filters the show snmp filters privileged exec mode command displays the configuration of filters. Syntax show snmp filters [ filtername ] parameters ■ filtername —specifies the name of the filter. (range: 1...
Page 304
304 c hapter 19: snmp c ommands command mode privileged exec mode user guidelines there are no user guidelines for this command. Example the following example displays the configuration of filters. Show snmp users the show snmp users privileged exec mode command displays the configuration of users. ...
Page 305
Show snmp users 305 example the following example displays the configuration of users. Console# show snmp users name group name auth method remote ------ ------------ --------- -------------- ----------- john user-group md5 john user-group md5 08009009020c0b 099c075879.
Page 306
306 c hapter 19: snmp c ommands.
Page 308
308 c hapter 20: ip a ddress c ommands example the following example configures vlan 1 with ip address 131.108.1.27 and subnet mask 255.255.255.0. Ip address dhcp the ip address dhcp interface configuration (default vlan) mode command acquires an ip address for an ethernet interface from the dynamic...
Page 309
Ip default-gateway 309 if the device is configured to obtain its ip address from a dhcp server, it sends a dhcpdiscover message to provide information about itself to the dhcp server on the network. If the ip address dhcp command is used with or without the optional keyword, the dhcp option 12 field...
Page 310
310 c hapter 20: ip a ddress c ommands this command is only operational in switch mode. Example the following example defines default gateway 192.168.1.1. Show ip interface the show ip interface privileged exec mode command displays the usability status of configured ip interfaces. Syntax show ip in...
Page 312
312 c hapter 20: ip a ddress c ommands example the following example adds ip address 198.133.219.232 and mac address 00:00:0c:40:0f:bc to the arp table. Arp timeout the arp timeout global configuration mode command configures how long an entry remains in the arp cache. To restore the default configu...
Page 313
Show arp 313 clear arp-cache default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there are no user guidelines for this command. Example the following example deletes all dynamic entries from the arp cache. Show arp the show arp privilege...
Page 314
314 c hapter 20: ip a ddress c ommands ip domain-name the ip domain-name global configuration mode command defines a default domain name used by the software to complete unqualified host names (names without a dotted-decimal domain name). To remove the default domain name, use the no form of this co...
Page 315
Ip name-server 315 ip name-server the ip name-server global configuration mode command defines the available name servers. To remove a name server, use the no form of this command. Syntax ip name-server server-address [s erver-address2 … server-address8] no ip name-server [ server-address1 … server-...
Page 316
316 c hapter 20: ip a ddress c ommands.
Page 317: Anagement
21 m anagement acl c ommands management access-list the management access-list global configuration mode command configures a management access list and enters the management access-list configuration command mode. To delete an access list, use the no form of this command. Syntax management access-l...
Page 318
318 c hapter 21: m anagement acl c ommands management acl requires a valid management interface, which is a port, vlan, or port-channnel with an ip address or console interface. Management acl only restricts access to the device for management configuration or viewing. Example the following example ...
Page 319
Deny (management) 319 ■ vlan-id — a valid vlan number. ■ port-channel-number — a valid port channel index. ■ ip-address — a valid source ip address. ■ mask — a valid network mask of the source ip address. ■ prefix-length — number of bits that comprise the source ip address prefix. The prefix length ...
Page 320
320 c hapter 21: m anagement acl c ommands parameters ■ interface -number — a valid ethernet port number. ■ vlan-id — a valid vlan number. ■ port-channel-number — a valid port-channel number. ■ ip-address — a valid source ip address. ■ mask — a valid network mask of the source ip address. ■ mask pre...
Page 321
Show management access-list 321 parameters ■ console-only — indicates that the device can be managed only from the console. ■ name — specifies the name of the access list to be used. (range: 1-32 characters) default configuration if no access list is specified, an empty access list is used. Command ...
Page 322
322 c hapter 21: m anagement acl c ommands there are no user guidelines for this command. Example the following example displays the ‘mlist’ management access list. Show management access-class the show management access-class privileged exec mode command displays the active management access list. ...
Page 323: Ireless
22 w ireless r ogue ap c ommands rogue-detect enable (radio) the rogue-detect enable ap interface radio configuration mode command enables detection of rogue aps. To disable rouge aps detection, use the no form of this command. Syntax rogue-detect enable no rogue-detect enable parameters this comman...
Page 324
324 c hapter 22: w ireless r ogue ap c ommands example the following example enables the detection of rogue aps. Rogue-detect rogue-scan-interval the rogue-detect rogue-scan-interval ap interface radio configuration mode command defines the scanning interval for rogue aps. To restore defaults, use t...
Page 325
Wlan rogue-detect rogue-ap 325 the following example defines the scanning interval for rogue aps at 150 seconds. Wlan rogue-detect rogue-ap the wlan rogue-detect rogue-ap global configuration mode command sets the status of rouge aps. To restore defaults, use the no form of this command. Syntax wlan...
Page 326
326 c hapter 22: w ireless r ogue ap c ommands clear wlan rogue-ap the clear wlan rogue-ap privileged exec mode command deletes a rogue ap from the rogue aps list. Syntax clear wlan rogue-ap mac-address parameters ■ mac-address — the rogue ap mac address. Default configuration this command has no de...
Page 327
Show wlan rogue-aps list 327 ■ name — specify the ap name. (range: 1-32 characters) ■ mac-address — specify the ap mac address. Default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there are no user guidelines for this command. Example th...
Page 328
328 c hapter 22: w ireless r ogue ap c ommands parameters ■ mac-address — the rogue ap mac address. Default configuration this command has no default configuration. Command mode privileged exec mode user guidelines the show wlan rogue-aps list command displays each rogue at one entry, even if it was...
Page 329
Show wlan rogue-aps neighborhood 329 parameters ■ mac-address — the ap mac address detecting rogue aps. Default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there are no user guidelines for this command. Example the following example disp...
Page 330
330 c hapter 22: w ireless r ogue ap c ommands.
Page 331: Ireless
23 w ireless ess c ommands wlan ess create the wlan ess create global configuration mode command creates an ess. To remove the ess, use the no form of this command. Syntax wlan ess create index ssid no wlan ess create index parameters ■ index — the ess index. (range: 2-65535) ■ ssid — the ess ssid s...
Page 333
Open vlan 333 user guidelines the ssid string must be a unique string in the system. The command fails if there already exists an ssid with the same name. Example the following example configures the ssid name of an ess as ‘enterprise’. Open vlan the open vlan ess configuration mode command configur...
Page 335
Mac-filtering action 335 no load-balancing parameters ■ association — load balancing calculations are performed when a station attempts to associate with an ap in the ess. The associating station can be moved to an adjacent ap in the ess prior to association. ■ periodically — load balancing calculat...
Page 336
336 c hapter 23: w ireless ess c ommands ■ deny — deny stations where their mac address is in the mac-address-filtering list. ■ ssid — the ess ssid string. (range: 1-32 characters) default configuration disabled. Command mode ess configuration mode user guidelines ■ the decision to allow a station t...
Page 337
Security suite create 337 default configuration empty list. Command mode ess configuration mode user guidelines use the mac-filtering action ess configuration command to enable the mac-address-filtering list and to define the mac-address-filtering list type. Example the following example adds the ma...
Page 338
338 c hapter 23: w ireless ess c ommands ■ 802.1x — 802.1x authentication with wep. ■ wpa — wi-fi protected access (wpa and wpa2) are systems to secure wireless (wi-fi) networks. Wpa implements the majority of the ieee 802.11i standard, and was intended as an intermediate measure to take the place o...
Page 339
Security suite configure 339 ■ wpa2 security suite and wpa2-psk security suite cannot exist simultaneously. ■ at one time, only one security-suite per ess can exist. ■ open-wep security suite and wep security suite cannot exist simultaneously. ■ for open-wep and wep keys you should enter one of the ...
Page 340
340 c hapter 23: w ireless ess c ommands ■ wpa — wi-fi protected access (wpa and wpa2) are systems to secure wireless (wi-fi) networks. Wpa implements the majority of the ieee 802.11i standard, and was intended as an intermediate measure to take the place of wep while 802.11i was prepared. Wpa is de...
Page 341
Timer (security-suite ess) 341 default configuration vlan #1 command mode security-suite ess configuration mode user guidelines there are no user guidelines for this command. Example the following example configures the policy vlan for a security-suite to vlan id 5. Timer (security-suite ess) the ti...
Page 342
342 c hapter 23: w ireless ess c ommands ■ reauth-time seconds — re-authentication timeout period. (range: 1-4294967295) ■ idle-time seconds — dle timeout period. (range: 1-9676800) ■ never — there is an unlimited rekeying timeout period. Default configuration ■ rekey-time-unicast — never ■ rekey-ti...
Page 343
Wpa2 pre-authentication 343 no key is defined. Command mode security-suite ess configuration mode user guidelines there are no user guidelines for this command. Example the following example defines that a group key should be updated after a station leaves the ap. Wpa2 pre-authentication the wpa2 pr...
Page 345
Show wlan ess 345 example the following example configures the display of the wlan ess configuration. The following example configures the display of the defined ess configurations. Console # show wlan ess configuration index ssid securit y suite load bal. Qos mac filter ----- ---- ------- - -------...
Page 346
346 c hapter 23: w ireless ess c ommands console # show wlan ess configuration 1 index: 1 ssid: enterprise load balancing: association qos: wmm mac filter: disabled wpa2 preauthentication: enabled open vlan: 1 security suite: wpa vlan: 8 unicast rekeying timeout: never multicast rekeying timeout: ne...
Page 349
Show wlan ess counters 349 the following example displays station numbers at ess ‘enterprise’. Console# show wlan ess counters index ssid stations ----- ---- ------- 1 enterprise 182 2 guest 3 console# show wlan ess counters ssid enterprise ap radio stations -- ---- -------- ap1 a 32 ap1 g 29 ap2 a ...
Page 350
350 c hapter 23: w ireless ess c ommands.
Page 352
352 c hapter 24: w ireless ap g eneral c ommands wlan ap active the wlan ap active global configuration mode command activates an ap. Syntax wlan ap active mac-address [ template template-name ] parameters ■ mac-address — mac address of the ap to be activated. ■ template-name — specify a template ap...
Page 353
Wlan ap config 353 ■ mac-address — the ap mac address. ■ hex hex-number — the secure key in hexadecimal format. 32 hexadecimal characters must be entered. ■ ascii string — the secure key in hexadecimal format. From 1-16 characters can be entered. If less than 16 characters are entered, the software ...
Page 354
354 c hapter 24: w ireless ap g eneral c ommands command mode global configuration mode user guidelines only active aps can be placed in ap configuration mode. Example the following example sets the device in ap configuration mode. Name the name ap configuration mode command configures a wireless ap...
Page 355
Tunnel priority 355 tunnel priority the tunnel priority ap configuration mode command configures a wireless ap priority for vlan tunneling. To restore default settings, use the no form of this command. Syntax tunnel priority priority no priority parameters ■ priority — the relative priority of the w...
Page 356
356 c hapter 24: w ireless ap g eneral c ommands syntax wan enable no wan enable parameters this command has no keywords or arguments. Default configuration disabled command mode ap configuration mode user guidelines there are no user guidelines for this command. Example the following example accomm...
Page 357
Vlan allowed 357 user guidelines there are no user guidelines for this command. Example the following example enters the interface configuration mode. Vlan allowed the vlan allowed ap interface ethernet configuration mode command adds or removes vlans to the ethernet port of a wireless ap. To restor...
Page 358
358 c hapter 24: w ireless ap g eneral c ommands the following example adds vlans 1,2,3 and 4 to the ethernet port of a wireless ap. Vlan native the vlan native ap interface ethernet configuration mode command sets the native vlan of the ethernet port of a wireless ap. To restore the default configu...
Page 359
Set wlan copy 359 syntax wlan template ap configure name parameters ■ name — the name of the ap template. (range: 1-32 characters) default configuration this command has no default configuration. Command mode global configuration mode user guidelines all ap configuration commands are relevant to tem...
Page 360
360 c hapter 24: w ireless ap g eneral c ommands default configuration this command has no default configuration. Command mode wireless ap template configuration mode user guidelines copying the template to an ap overrides the entire ap configuration with the template configuration. Example the foll...
Page 361
Show wlan aps 361 ■ name ■ ssid command mode privileged exec mode user guidelines there are no user guidelines for this command. Example the following example displays information on active aps. Console # show wlan aps name mac address type state ------ ----------------- ------ -------- ap1 00-9e-92...
Page 362
362 c hapter 24: w ireless ap g eneral c ommands the following example displays detailed information on a specific active ap: the following example displays important radio information on all the active aps. Console # show wlan aps ap1 name: ap1 mac address: 00-9e-92-4c-73-fc type: a, g state: enabl...
Page 363
Show wlan aps 363 the following example displays the ssids that are associated with each active ap. The following example displays: 1) station vlans: list all the vlans required for the stations that are associated with that ap. 2) ethernet vlans: the vlans configured on the ap ethernet port. 3) pri...
Page 367
Show wlan aps counters 367 the following example displays information on the ap traffic. Console# show wlan aps counters name stations name stations ------ ----------- -- ------ ----------- -- ap1 19 ap1 19 ap2 23 ap2 23 name inucastpk ts inpkts inoctets in errors ------ ----------- -- ---------- --...
Page 368
368 c hapter 24: w ireless ap g eneral c ommands show wlan aps discovered the show wlan aps discovered privileged exec mode command displays wireless aps that were discovered but not activated. Syntax show wlan aps discovered [ mac-address ] parameters ■ mac-address — mac address of the ap. Default ...
Page 369
Show wlan template aps 369 the following example displays wireless aps that were discovered but were not activated. Show wlan template aps the show wlan template aps privileged exec mode command displays the template ap configuration. Syntax s how wlan template aps [ name ] parameters ■ name — speci...
Page 370
370 c hapter 24: w ireless ap g eneral c ommands console # show wlan template aps name radio a radio g ------- -------- -------- default enabled enabled indoor enabled enabled outdoor enabled enabled console # show wlan aps indoor name: vivi mac address: 00:f0:00:00:06:25 802.11a radio: enabled 802....
Page 371: Ssh C
25 ssh c ommands ip ssh port the ip ssh port global configuration mode command specifies the port to be used by the ssh server. To restore the default configuration, use the no form of this command. Syntax ip ssh port port-number no ip ssh port parameters ■ port-number — port number for use by the s...
Page 372
372 c hapter 25: ssh c ommands ip ssh server the ip ssh server global configuration mode command enables the device to be configured from a ssh server. To disable this function, use the no form of this command. Syntax ip ssh server no ip ssh server default configuration device configuration from a s...
Page 373
Crypto key generate rsa 373 user guidelines dsa keys are generated in pairs: one public dsa key and one private dsa key. If the device already has dsa keys, a warning and prompt to replace the existing keys with new keys are displayed. This command is not saved in the device configuration; however, ...
Page 374
374 c hapter 25: ssh c ommands example the following example generates rsa key pairs. Ip ssh pubkey-auth the ip ssh pubkey-auth global configuration mode command enables public key authentication for incoming ssh sessions. To disable this function, use the no form of this command. Syntax ip ssh pubk...
Page 375
User-key 375 default configuration no keys are specified. Command mode global configuration mode user guidelines there are no user guidelines for this command. Example the following example enters the ssh public key-chain configuration mode and manually configures the rsa key pair for ssh public key...
Page 376
376 c hapter 25: ssh c ommands parameters ■ username — specifies the username of the remote ssh client. (range: 1-48 characters) ■ rsa — indicates the rsa key pair. ■ dsa — indicates the dsa key pair. Default configuration no ssh public keys exist. Command mode ssh public key-string configuration mo...
Page 377
Key-string 377 default configuration no keys exist. Command mode ssh public key-string configuration mode user guidelines use the key-string ssh public key-string configuration mode command to specify which ssh public key is to be interactively configured next. To complete the command, you must ente...
Page 378
378 c hapter 25: ssh c ommands show ip ssh the show ip ssh privileged exec mode command displays the ssh server configuration. Syntax show ip ssh default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there are no user guidelines for this c...
Page 381
Show crypto key pubkey-chain ssh 381 key: 005c300d 06092a86 4886f70d 01010105 00034b00 30480241 00c5e23b 55d6ab22 04aef1ba a54028a6 9acc01c5 129d99e4 fingerprint: 9a:cc:01:c5:78:39:27:86:79:cc:23:c5:98:59:f1:86.
Page 382
382 c hapter 25: ssh c ommands.
Page 383: Erver
26 w eb s erver c ommands ip http server the ip http server global configuration mode command enables configuring the device from a browser. To disable this function, use the no form of this command. Syntax ip http server no ip http server default configuration http server is enabled. Command mode g...
Page 384
384 c hapter 26: w eb s erver c ommands no ip http port parameters ■ port-number — port number for use by the http server. (range: 1-65535) default configuration the default port number is 80. Command mode global configuration mode user guidelines specifying 0 as the port number effectively disables...
Page 385
Ip https server 385 command mode global configuration mode user guidelines this command also configures the exec-timeout for https in case the https timeout was not set. To specify no timeout, enter the ip https exec-timeout 0 0 command. Ip https server the ip https server global configuration mode ...
Page 386
386 c hapter 26: w eb s erver c ommands syntax i p https port port-number no ip https port parameters ■ port-number — port number to be used by the http server. (range: 1-65535) default configuration the default port number is 443. Command mode global configuration mode user guidelines specifying 0 ...
Page 387
Crypto certificate generate 387 ■ common- name — specifies the fully qualified url or ip address of the device. (range: 1-64) ■ organization — specifies the organization name. (range: 1-64) ■ organization-unit — specifies the organization-unit or department name.(range: 1-64) ■ location — specifies ...
Page 388
388 c hapter 26: w eb s erver c ommands crypto certificate request the crypto certificate request privileged exec mode command generates and displays certificate requests for https. Syntax crypto certificate number request [ cn common- name ][ ou organization-unit ] [ or organization ] [ loc locatio...
Page 389
Crypto certificate import 389 example the following example generates and displays a certificate request for https. Crypto certificate import the crypto certificate import global configuration mode command imports a certificate signed by the certification authority for https. Syntax crypto certifica...
Page 390
390 c hapter 26: w eb s erver c ommands the imported certificate must be based on a certificate request created by the crypto certificate request privileged exec mode command. If the public key found in the certificate does not match the device's ssl rsa key, the command fails. This command is not s...
Page 391
Show crypto certificate mycertificate 391 parameters ■ number — specifies the certificate number. (range: 1-2) default configuration there is no default configuration for this command. Command mode global configuration mode user guidelines the crypto certificate generate command should be used to ge...
Page 392
392 c hapter 26: w eb s erver c ommands the following example displays the certificate. Show ip http the show ip http privileged exec mode command displays the http server configuration. Syntax show ip http default configuration this command has no default configuration. Command mode privileged exec...
Page 393
Show ip https 393 example the following example displays the http server configuration. Show ip https the show ip https privileged exec mode command displays the https server configuration. Syntax show ip https default configuration this command has no default configuration. Command mode privileged ...
Page 394
394 c hapter 26: w eb s erver c ommands console# show ip https https server enabled. Port: 443 certificate 1 is not active. Issued by : c= , st= , l= , cn=10.6.41.138, o= , ou= valid from: apr 30 20:51:54 2003 gmt valid to: apr 29 20:51:54 2004 gmt subject: c= , st= , l= , cn=10.6.41.138, o= , ou= s...
Page 396
396 c hapter 27: tacacs+ c ommands ■ source — specifies the source ip address to use for the communication. 0.0.0.0 indicates a request to use the ip address of the outgoing ip interface. ■ priority — determines the order in which the tacacs+ servers are used, where 0 is the highest priority. (range...
Page 397
Tacacs-server timeout 397 server. This key must match the encryption used on the tacacs+ daemon. (range: 0-128 characters) default configuration empty string. Command mode global configuration mode user guidelines there are no user guidelines for this command. Example the following example sets the ...
Page 398
398 c hapter 27: tacacs+ c ommands example the following example sets the timeout value to 30 for all tacacs+ servers. Tacacs-server source-ip the tacacs-server source-ip global configuration mode command configures the source ip address to be used for communication with tacacs+ servers. To restore ...
Page 399
Show tacacs 399 show tacacs the show tacacs privileged exec mode command displays configuration and statistical information about a tacacs+ server. Syntax show tacacs [ ip-address ] parameters ■ ip-address — name or ip address of the tacacs+ server. Default configuration this command has no default ...
Page 400
400 c hapter 27: tacacs+ c ommands global values ------------- timeout: 3.
Page 401: Yslog
28 s yslog c ommands logging on the logging on global configuration mode command controls error message logging. This command sends debug or error messages to a logging process, which logs messages to designated locations asynchronously to the process that generated the messages. To disable the logg...
Page 403
Logging console 403 example the following example limits logged messages sent to the syslog server with ip address 10.1.1.1 to severity level critical . Logging console the logging console global configuration mode command limits messages logged to the console based on severity. To disable logging t...
Page 404
404 c hapter 28: s yslog c ommands syntax l ogging buffered level no logging buffered parameters ■ level — specifies the severity level of messages logged in the buffer. The possible values are: emergencies , alerts , critical , errors , warnings , notifications , informational , debugging . Default...
Page 405
Clear logging 405 default configuration the default number of messages is 200. Command mode global configuration mode user guidelines this command takes effect only after reset. Example the following example changes the number of syslog messages stored in the internal buffer to 300. Clear logging th...
Page 406
406 c hapter 28: s yslog c ommands logging file the logging file global configuration mode command limits syslog messages sent to the logging file based on severity. To cancel using the buffer, use the no form of this command. Syntax logging file level no logging file parameters ■ level — specifies ...
Page 407
Aaa logging 407 command mode privileged exec mode user guidelines there are no user guidelines for this command. Example the following example clears messages from the logging file. Aaa logging the aaa logging global configuration mode command enables logging aaa login events. To disable logging aaa...
Page 408
408 c hapter 28: s yslog c ommands file-system logging the file-system logging global configuration mode command enables logging file system events. To disable logging file system events, use the no form of this command. Syntax file-system logging copy no file-system logging copy file-system logging...
Page 409
Show logging 409 no management logging deny parameters ■ deny — indicates logging messages related to deny actions of management acls. Default configuration logging management acl events is enabled. Command mode global configuration mode user guidelines other types of management acl events are not s...
Page 410
410 c hapter 28: s yslog c ommands the following example displays the state of logging and the syslog messages stored in the internal buffer. Console# show logging logging is enabled. Console logging: level debugging. Console messages: 0 dropped (severity). Buffer logging: level debugging. Buffer me...
Page 411
Show logging file 411 show logging file the show logging file privileged exec mode command displays the state of logging and the syslog messages stored in the logging file. Syntax show logging file default configuration this command has no default configuration. Command mode privileged exec mode use...
Page 412
412 c hapter 28: s yslog c ommands example the following example displays the logging state and the syslog messages stored in the logging file. Console# show logging file logging is enabled. Console logging: level debugging. Console messages: 0 dropped (severity). Buffer logging: level debugging. Bu...
Page 413
Show syslog-servers 413 show syslog-servers the show syslog-servers privileged exec mode command displays the settings of the syslog servers. Syntax s how syslog-servers default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there are no us...
Page 414
414 c hapter 28: s yslog c ommands ip address port severity facility description ----------- - ---- ----------- -- -------- ----------- 192.180.2.2 7 514 information al local7 192.180.2.2 8 514 warning local7.
Page 417
Data-rates 417 command mode bss configuration mode user guidelines there are no user guidelines for this command. Example the following example advertises the bss ssid. Data-rates the data-rates bss configuration mode command configures the data rates used in a bss. To restore defaults, use the no f...
Page 418
418 c hapter 29: w ireless ap bss c ommands user guidelines there are no user guidelines for this command. Example the following example configures the data rates used in a bss to 2 while complying with 802.11g. Console (config-ap-radio)# bss configure enterprise console (config-wlan-ap-radio-bss-if...
Page 420
420 c hapter 30: s ystem m anagement c ommands following are examples of unsuccessful pinging: destination does not respond. If the host does not respond, a “no answer from host” appears in ten seconds. Destination unreachable. The gateway for this destination indicates that the destination is unrea...
Page 422
422 c hapter 30: s ystem m anagement c ommands user guidelines the traceroute command takesadvantage of the error messages generated by the devices when a datagram exceeds its time-to-live (ttl) value. The traceroute command starts by sending probe datagrams with a ttl value of one. This causes the ...
Page 423
Traceroute 423 example the following example discovers the routes that packets will actually take when traveling to their destination. The following table describes significant fields shown above. Console> traceroute umaxp1.Physics.Lsa.Umich.Edu type esc to abort. Tracing the route to umaxp1.Physics...
Page 425
Telnet 425 user guidelines telnet software supports special telnet commands in the form of telnet sequences that map generic terminal control functions to operating system-specific functions. To enter a telnet sequence, press the escape sequence keys (ctrl-shift-6) followed by a telnet command chara...
Page 426
426 c hapter 30: s ystem m anagement c ommands keywords table ports table options description /echo enables local echo. /quiet prevents onscreen display of all messages from the software. /source-interface specifies the source interface. /stream turns on stream processing, which enables a raw tcp st...
Page 427
Resume 427 this command lists concurrent telnet connections to remote hosts that were opened by the current telnet session to the local device. It does not list telnet connections to remote hosts that were opened by other telnet sessions. Example the following example displays connecting to 176.213....
Page 428
428 c hapter 30: s ystem m anagement c ommands default configuration the default connection number is that of the most recent connection. Command mode user exec mode user guidelines there are no user guidelines for this command. Example the following command switches to open telnet session number 1....
Page 429
Hostname 429 hostname the hostname global configuration mode command specifies or modifies the device host name. To remove the existing host name, use the no form of the command. Syntax hostname name no hostname parameters ■ name — the host name. Of the device. (range: 1-160 characters) default conf...
Page 430
430 c hapter 30: s ystem m anagement c ommands user guidelines there are no user guidelines for this command. Example the following example displays information about the active users. Show sessions the show sessions privileged exec mode command lists open telnet sessions. Syntax show sessions defau...
Page 431
Show system 431 the following table describes significant fields shown above. Show system the show system privileged exec mode command displays system information. Syntax show system default configuration this command has no default configuration. Command mode privileged exec mode user guidelines th...
Page 432
432 c hapter 30: s ystem m anagement c ommands show version the show version privileged exec mode command displays system version information. Syntax show version [ unit unit] parameters ■ unit — specifies the number of the unit. (range: 1-8) default configuration this command has no default configu...
Page 433
Service cpu-utilization 433 example the following example displays system version information (only for demonstration purposes). Service cpu-utilization the service cpu-utilization global configuration mode command enables measuring cpu utilization. To restore the default configuration, use the no f...
Page 434
434 c hapter 30: s ystem m anagement c ommands show cpu utilization the show cpu utilization privileged exec mode command displays information about cpu utilization. Syntax show cpu utilization default configuration this command has no default configuration. Command mode privileged exec mode user gu...
Page 435: Ser
31 u ser i nterface c ommands enable the enable privileged exec mode command enters the privileged exec mode. Syntax enable [ privilege-level ] parameters ■ privilege-level — privilege level to enter the system. (range: 1-15) default configuration the default privilege level is 15. Command mode priv...
Page 436
436 c hapter 31: u ser i nterface c ommands disable the disable privileged exec mode command returns to the user exec mode. Syntax disable [ privilege-level] parameters ■ privilege-level — privilege level to enter the system. (range: 1-15) default configuration the default privilege level is 1. Comm...
Page 437
Configure 437 user exec mode user guidelines there are no user guidelines for this command. Example the following example enters privileged exec mode and logs in with username admin . Configure the configure privileged exec mode command enters the global configuration mode. Syntax configure default ...
Page 438
438 c hapter 31: u ser i nterface c ommands exit (configuration) the exit command exits any configuration mode to the next highest mode in the cli mode hierarchy. Syntax exit default configuration this command has no default configuration. Command mode all configuration modes user guidelines there a...
Page 439
End 439 user guidelines there are no user guidelines for this command. Example the following example closes an active terminal session. End the end command ends the current configuration session and returns to the privileged exec mode. Syntax end default configuration this command has no default con...
Page 440
440 c hapter 31: u ser i nterface c ommands syntax help default configuration this command has no default configuration. Command mode all command modes user guidelines there are no user guidelines for this command. Example the following example describes the help system. Terminal data-dump the termi...
Page 441
Debug-mode 441 no terminal data-dump default configuration dumping is disabled. Command mode user exec mode user guidelines by default, a more prompt is displayed when the output contains more lines than can be displayed on the screen. Pressing the enter key displays the next line; pressing the spac...
Page 442
442 c hapter 31: u ser i nterface c ommands user guidelines there are no user guidelines for this command. Show history the show history privileged exec mode command lists the commands entered in the current session. Syntax show history default configuration this command has no default configuration...
Page 443
Show privilege 443 show privilege the show privilege privileged/user exec mode command displays the current privilege level. Syntax show privilege default configuration this command has no default configuration. Command mode privileged and user exec modes user guidelines there are no user guidelines...
Page 444
444 c hapter 31: u ser i nterface c ommands.
Page 445: Gvrp C
32 gvrp c ommands gvrp enable (global) garp vlan registration protocol (gvrp) is an industry-standard protocol designed to propagate vlan information from device to device. With gvrp, a single device is manually configured with all desired vlans for the network, and all other devices on the network ...
Page 446
446 c hapter 32: gvrp c ommands gvrp enable (interface) the gvrp enable interface configuration (ethernet, port-channel) mode command enables gvrp on an interface. To disable gvrp on an interface, use the no form of this command. Syntax gvrp enable no gvrp enable default configuration gvrp is disabl...
Page 448
448 c hapter 32: gvrp c ommands gvrp vlan-creation-forbid the gvrp vlan-creation-forbid interface configuration (ethernet, port-channel) mode command disables dynamic vlan creation or modification. To enable dynamic vlan creation or modification, use the no form of this command. Syntax gvrp vlan-cre...
Page 449
Clear gvrp statistics 449 default configuration dynamic registration of vlans on the port is allowed. Command mode interface configuration (ethernet, port-channel) mode user guidelines there are no user guidelines for this command. Example the following example forbids dynamic registration of vlans ...
Page 450
450 c hapter 32: gvrp c ommands example the following example clears all gvrp statistical information on ethernet port g1. Show gvrp configuration the show gvrp configuration privieged exec mode command displays gvrp configuration information, including timer values, whether gvrp and dynamic vlan cr...
Page 453
Show gvrp error-statistics 453 example the following example displays gvrp statistical information. Console# show gvrp error-statistics gvrp error statistics: legend: invprot : invalid protocol id invalen : invalid attribute length invatyp : invalid attribute type invevent: invalid event invaval : i...
Page 454
454 c hapter 32: gvrp c ommands.
Page 455: Vlan C
33 vlan c ommands vlan database the vlan database global configuration mode command enters the vlan configuration mode. Syntax vlan database default configuration this command has no default configuration. Command mode global configuration mode user guidelines there are no user guidelines for this c...
Page 456
456 c hapter 33: vlan c ommands parameters ■ vlan-range — specifies a list of vlan ids to be added. Separate nonconsecutive vlan ids with a comma and no spaces; a hyphen designates a range of ids. (range: 2-4094) default configuration this command has no default configuration. Command mode vlan data...
Page 458
458 c hapter 33: vlan c ommands name the name interface configuration mode command adds a name to a vlan. To remove the vlan name, use the no form of this command. Syntax name string no name parameters ■ string — unique name to be associated with this vlan. (range: 1-32 characters) default configura...
Page 459
Switchport trunk allowed vlan 459 parameters ■ vlan-id — specifies the id of the vlan to which the port is configured. Default configuration all ports belong to vlan 1. Command mode interface configuration (ethernet, port-channel) mode user guidelines the command automatically removes the port from ...
Page 460
460 c hapter 33: vlan c ommands command mode interface configuration (ethernet, port-channel) mode user guidelines there are no user guidelines for this command. Example the following example adds vlans 1, 2, 5 to 6 to the allowed list of the 1 ethernet port 1. Switchport trunk native vlan the switc...
Page 461
Switchport general allowed vlan 461 the command adds the port as a member in native vlan 2. If the port is already configured as a native vlan 3 it will automatically change the last entry (vlan 2). Only one native vlan can be configured to the port. Example the following example configures vlan num...
Page 462
462 c hapter 33: vlan c ommands user guidelines this command enables changing the egress rule (for example from tagged to untagged) without first removing the vlan from the list. Example the following example adds vlans 2, 5, and 6 to the allowed list of ethernet port 1. Switchport general pvid the ...
Page 463
Switchport general ingress-filtering disable 463 example the following example configures the pvid for ethernet port 1, when the interface is in general mode. Switchport general ingress-filtering disable the switchport general ingress-filtering disable interface configuration mode command disables p...
Page 464
464 c hapter 33: vlan c ommands syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only default configuration all frame types are accepted at ingress. Command mode interface configuration (ethernet, port-channel) mode user guidelines there ...
Page 465
Show vlan 465 all vlans are allowed. Command mode interface configuration (ethernet, port-channel) mode user guidelines this command can be used to prevent gvrp from automatically making the specified vlans active on the selected ports. Example the following example forbids adding vlan ids 234 to 25...
Page 466
466 c hapter 33: vlan c ommands example the following example displays all vlan information. Show vlan internal usage the show vlan internal usage privileged exec mode command displays a list of vlans used internally by the device. Syntax show vlan internal usage default configuration this command h...
Page 468
468 c hapter 33: vlan c ommands example the following example displays the switchport configuration for ethernet port. Console# show interfaces switchport ethernet g5 port: g5 port mode: general gvrp status: enabled ingress filtering: true acceptable frame type: admitall ingress untagged vlan : 1 po...
Page 469: 802.1
34 802.1 x c ommands aaa authentication dot1x the aaa authentication dot1x global configuration mode command specifies one or more authentication, authorization, and accounting (aaa) methods for use on interfaces running ieee 802.1x. To restore the default configuration, use the no form of this comm...
Page 470
470 c hapter 34: 802.1 x c ommands example the following example uses the aaa authentication dot1x default command with no authentication. Dot1x system-auth-contro l the dot1x system-auth-control global configuration mode command enables 802.1x globally. To restore the default configuration, use the...
Page 471
Dot1x re-authentication 471 parameters ■ auto — enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.1x authentication exchange between the port and the client. ■ force-authorized — disables 802.1x authentication on...
Page 472
472 c hapter 34: 802.1 x c ommands syntax dot1x re-authentication no dot1x re-authentication default configuration periodic re-authentication is disabled. Command mode interface configuration (ethernet) mode user guidelines there are no user guidelines for this command. Example the following example...
Page 473
Dot1x re-authenticate 473 user guidelines there are no user guidelines for this command. Example the following example sets the number of seconds between re-authentication attempts, to 300. Dot1x re-authenticate the dot1x re-authenticate privileged exec mode command manually initiates a re-authentic...
Page 474
474 c hapter 34: 802.1 x c ommands quiet state following a failed authentication exchange (for example, the client provided an invalid password). To restore the default configuration, use the no form of this command. Syntax dot1x timeout quiet-period seconds no dot1x timeout quiet-period parameters ...
Page 475
Dot1x timeout tx-period 475 dot1x timeout tx-period the dot1x timeout tx-period interface configuration mode command sets the number of seconds that the device waits for a response to an extensible authentication protocol (eap)-request/identity frame from the client before resending the request. To ...
Page 476
476 c hapter 34: 802.1 x c ommands process. To restore the default configuration, use the no form of this command. Syntax dot1x max-req count no dot1x max-req parameters ■ count — number of times that the device sends an eap-request/identity frame before restarting the authentication process. (range...
Page 477
Dot1x timeout server-timeout 477 parameters ■ seconds — time in seconds that the device waits for a response to an eap-request frame from the client before resending the request. (range: 1-65535 seconds) default configuration default timeout period is 30 seconds. Command mode interface configuration...
Page 478
478 c hapter 34: 802.1 x c ommands the timeout period is 30 seconds. Command mode interface configuration (ethernet) mode user guidelines the actual timeout can be determined by comparing the dot1x timeout server-timeout value and the result of multiplying the radius-server retransmit value with the...
Page 479
Show dot1x 479 the following example displays the status of 802.1x-enabled ethernet ports. Console# show dot1x 802.1x is enabled port admin mode oper mode reauth control reauth period username ---- -------- -- -------- - ------- ------ -------- g1 auto authoriz ed ena 3600 bob g2 auto authoriz ed en...
Page 480
480 c hapter 34: 802.1 x c ommands fthe following table describes the significant fields shown in the display. Quiet period: 60 seconds tx period:30 seconds max req: 2 supplicant timeout: 30 seconds server timeout: 30 seconds session time (hh:mm:ss): 08:19:17 mac address: 00:08:78:32:98:78 authentic...
Page 481
Show dot1x users 481 show dot1x users the show dot1x users privileged exec mode command displays active 802.1x authenticated users for the device. Syntax quiet period the number of seconds that the device remains in the quiet state following a failed authentication exchange (for example, the client ...
Page 482
482 c hapter 34: 802.1 x c ommands show dot1x users [ username username ] parameters ■ username — supplicant username (range: 1-160 characters) default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there are no user guidelines for this com...
Page 483
Show dot1x statistics 483 the following table describes the significant fields shown in the display. Show dot1x statistics the show dot1x statistics privileged exec mode command displays 802.1x statistics for the specified interface. Syntax show dot1x statistics ethernet interface parameters ■ inter...
Page 484
484 c hapter 34: 802.1 x c ommands the following table describes the significant fields shown in the display. Console# show dot1x statistics ethernet 1 eapolframesrx: 11 eapolframestx: 12 eapolstartframesrx: 12 eapollogoffframesrx: 1 eapolrespidframesrx: 3 eapolrespframesrx: 6 eapolreqidframestx: 3 ...
Page 485
Dot1x auth-not-req 485 dot1x auth-not-req the dot1x auth-not-req interface configuration (vlan) mode command enables unauthorized devices access to the vlan. To disable access to the vlan, use the no form of this command. Syntax dot1x auth-not-req no dot1x auth-not-req default configuration access i...
Page 486
486 c hapter 34: 802.1 x c ommands example the following example enables access to the vlan to unauthorized devices. Dot1x multiple-hosts the dot1x multiple-hosts interface configuration mode command enables multiple hosts (clients) on an 802.1x-authorized port, where the authorization state of the ...
Page 487
Dot1x single-host-violation 487 dot1x single-host-violatio n the dot1x single-host-violation interface configuration mode command configures the action to be taken, when a station whose mac address is not the supplicant mac address, attempts to access the interface. Use the no form of this command t...
Page 488
488 c hapter 34: 802.1 x c ommands example the following example forwards frames with source addresses that are not the supplicant address and sends consecutive traps at intervals of 100 seconds. Dot1x guest-vlan the dot1x guest-vlan interface configuration (vlan) mode command defines a guest vlan. ...
Page 489
Dot1x guest-vlan enable 489 example the following example defines vlan 2 as a guest vlan. Dot1x guest-vlan enable the dot1x vlans guest-vlan enable interface configuration mode command enables unauthorized users on the interface access to the guest vlan. To disable access, use the no form of this co...
Page 490
490 c hapter 34: 802.1 x c ommands show dot1x advanced the show dot1x advanced privileged exec mode command displays 802.1x advanced features for the device or specified interface. Syntax show dot1x advanced [ ethernet interface ] parameters ■ interface — valid ethernet port. (full syntax: unit/port...
Page 491
Show dot1x advanced 491 interface multiple hosts guest vlan --------- -------------- ---------- g1 disabled enabled single host parameters violation action: discard trap: enabled trap frequency: 100 status: single-host locked violations since last trap: 9.
Page 492
492 c hapter 34: 802.1 x c ommands.
Page 494
494 c hapter 35: w ireless ap r adio c ommands enable (ap radio) the enable ap interface radio configuration mode command administratively enables the radio. To administratively disable the radio, use the no form of this command. Syntax enable no enable parameters this command has no keywords or arg...
Page 497
Allow traffic 497 allow traffic the allow traffic ap interface radio configuration mode command allows users traffic. To disallow users traffic, use the no form of this command. Syntax allow traffic no allow traffic parameters this command has no keywords or arguments. Default configuration users tr...
Page 498
498 c hapter 35: w ireless ap r adio c ommands parameters ■ long — the ap supports long and short preambles. ■ short — the ap supports short preambles. Command mode ap interface radio configuration mode user guidelines this command is only relevant for 802.11g transceivers. Example the following exa...
Page 499
Antenna 499 command mode ap interface radio configuration mode user guidelines there are no user guidelines for this command. Example the following example configures the rts threshold to 2300 bytes. Antenna the antenna ap interface radio configuration mode command configures an antenna for the tran...
Page 500
500 c hapter 35: w ireless ap r adio c ommands example the following example configures antenna 1 for the transceiver. Beacon period the beacon period ap interface radio configuration mode command configures the beacon period. To restore defaults, use the no form of this command. Syntax beacon perio...
Page 501: Ireless
36 w ireless wlan c ommands wlan tx-power off the wlan tx-power off global configuration mode command turns off all aps transmitters. To enable transmit power, use the no form of this command. Syntax wlan tx-power off no wlan tx-power off parameters this command has no keywords or arguments. Default...
Page 502
502 c hapter 36: w ireless wlan c ommands wlan country-code the wlan country-code global configuration mode command configures the country code in which the device is located and the physical location of ap connected to the device. To restore defaults, use the no form of this command. Syntax wlan co...
Page 503
Wlan country-code 503 belarus by iran ir russian federation ru belgium be ireland ie san marino sm belize bz israel il saudi arabia sa bolivia bo italy it serbia and monteneg ro cs bosnia and herzogovi na ba japan jp singapore sg brazil br jordan jo slovakia sk brunei darussala m bn kazakhsta n kz s...
Page 504
504 c hapter 36: w ireless wlan c ommands example the following example configures the country code in which the device is located, as the us. Wlan tx-power auto enable the wlan tx-power auto enable global configuration mode command enables auto transmit power. To disable auto transmit power, use th...
Page 505
Wlan tx-power auto interval 505 user guidelines the auto transmit power algorithm adjusts the transmit power of aps, so the signal strength heard at the second-closest access point is as close as possible to the target signal-strength configured by the wlan tx-power auto signal-strengt h global conf...
Page 506
506 c hapter 36: w ireless wlan c ommands wlan tx-power auto signal-strength the wlan tx-power auto signal-strength global configuration mode command configures the target signal strength heard at the second-closest ap. To restore defaults, use the no form of this command. Syntax wlan tx-power auto ...
Page 507
Wlan station idle-timeout 507 parameters ■ db — specifies the signal loss, in db. (range: 20-80 db) default configuration the default minimum signal loss difference is 60 db. Command mode global configuration mode user guidelines the auto transmit power algorithm adjusts ap power due to another ap w...
Page 508
508 c hapter 36: w ireless wlan c ommands command mode global configuration mode user guidelines there are no user guidelines for this command. Example the following example configures the length of time before an idle station is removed from the system and required to login, to 10 minutes. Clear wl...
Page 509
Show wlan 509 show wlan the show wlan privileged exec mode displays information on the wlan configuration. Syntax show wlan parameters this command has no arguments or keywords. Default configuration this command has no default configuration. Command mode privileged exec mode user guidelines there a...
Page 510
510 c hapter 36: w ireless wlan c ommands example the following example specifies the wlan information for user called ‘device’. Show wlan auto-tx-power the show wlan auto-tx-power privileged exec mode command displays information on the wlan automatic power transmission configuration. Syntax show w...
Page 511
Show wlan logging configuration 511 user guidelines there are no user guidelines for this command. Example the following example displays information on the wlan automatic power transmission configuration. Show wlan logging configuration the show wlan logging configuration privileged exec mode comma...
Page 513
Show wlan stations counters 513 example the following example displays information on wlans. Show wlan stations counters the show wlan stations counters privileged exec mode command displays information on wlan stations traffic. Syntax show wlan stations counters [ mac mac-addres s] parameters ■ mac...
Page 514
514 c hapter 36: w ireless wlan c ommands example the following example displays information on wlan stations. Console# show wlan stations counters number of stations: 2 mac address inpkts outpkts mic errors ---------- ------ ------- --------- 00-9e-93-82-83-91 183892 1289 0 00-9e-93-82-83-92 128977...
Page 515: Roubleshooting
37 t roubleshooting this section describes problems that may arise when installing the device and how to resolve these issues. This section includes the following topics: ■ problem managemen t — provides information about problem management with the devices. ■ troubleshooting solutions — provides a ...
Page 516
516 c hapter 37: t roubleshooting ■ no connection and the port led is off ■ add and edit pages do not open. ■ lost password problem possible cause solution cannot connect to management using rs-232 serial connection ensure the terminal emulator program is set to vt-100 compatible, 9600 baud rate, no...
Page 517
Troubleshooting solutions 517 software settings reconfigure the emulation software connection settings. Response from the terminal emulations software is not readable. Faulty serial cable replace the serial cable. Software settings reconfigure the emulation software connection settings. Self-test ex...
Page 518
518 c hapter 37: t roubleshooting no connection and the port led is off incorrect ethernet cable, e.G., crossed rather than straight cable, or vice versa, split pair (incorrect twisting of pairs). Check pinout and replace if necessary. Fiber optical cable connection is reversed. Change if necessary....
Page 519
Troubleshooting solutions 519 add and edit pages do not open. A pop-up blocker is enabled. Disable pop-up blockers. Problem possible cause solution.
Page 520
520 c hapter 37: t roubleshooting lost password the password recovery procedure enables the user to override the current password configuration, and disables the need for a password to access the console. The password recovery is effective until the device is reset. If the password/user name has bee...
Page 521
Troubleshooting solutions 521.
Page 522
522 c hapter 37: t roubleshooting.