Manuals / 3Com / Computer Equipment / Switch

3Com 4500 PWR 50-PORT, 4500 PWR 26-PORT To enable 802.1x on Ethernet 1/0/1, enter the following

Models: 4500 26-PORT 4500 PWR 26-PORT 4500 PWR 50-PORT 4500 50-PORT

1 466

Page 244

238CHAPTER 11: USING AAA AND RADIUS COMMANDS

dot1x authentication-method

enabled globally, if the parameters are not configured globally or for a specified port, they will maintain the default values.

After the global 802.1x performance is enabled, only when port 802.1x performance is enabled will the configuration of 802.1x become effective on the port.

Related commands: display dot1x.

Example

To enable 802.1x on Ethernet 1/0/1, enter the following.

<4500>system-view

System View: return to User View with Ctrl-Z

[4500]dot1x interface ethernet 1/0/1

To enable 802.1x globally, enter the following.

[4500]dot1x

Syntax

dot1x authentication-method { chap pap eap }

undo dot1x authentication-method

View

System View

Parameter

Chap: Use CHAP authentication method.

Pap: Use PAP authentication method.

eap: Use EAP authentication method.

Description

Use the dot1x authentication-methodcommand to configure the authentication method for the 802.1x user. Use the undo dot1x authentication-methodcommand to restore the default authentication method of the 802.1x user.

By default, CHAP authentication is used for 802.1x user authentication.

Password Authentication Protocol (PAP) is a kind of authentication protocol with two handshakes. It sends the password in the form of simple text.

Challenge Handshake Authentication Protocol (CHAP) is a kind of authentication protocol with three handshakes. It only transmits the username, not the password. CHAP is more secure and reliable.

In EAP authentication, a Switch authenticates supplicant systems by encapsulating 802.1x authentication information in EAP packets and sending the packets to the RADIUS server, instead of converting the packets into RADIUS packets before

Page 244

Image 244

3Com 4500 PWR 50-PORT manual To enable 802.1x on Ethernet 1/0/1, enter the following, 4500dot1x interface ethernet 1/0/1

Contents

3Com Switch 4500 Family 3Com Corporation Campus Drive Marlborough, MA USA Contents Igmp Snooping Configuration Commands 184 QoS Configuration Commands List 190Stack Commands 207 Rstp Configuration CommandsAccessing the Bootrom Interface 455 Boot Menu Page Alphabetical Listing of Commands Page Page Page Page Page Page Page Page Page Page Page About this Guide Icons This guide uses the following conventionsText conventions Related About this Guide Using System Access Commands Authentication-mode Syntax ViewParameter DescriptionAuto-execute command Syntax Text Specifies the command to be run automaticallyCommand-privilege level Syntax System View4500command-privilege level 0 view system interface Databits SyntaxSets the data bits to Databits 7 Undo databitsSyntax Display user-interface SyntaxOutput description of the display user-interfacecommand Summary Display the summary of a user interfaceInformation is displayed in the following format Display the summary information of user interfaceOutput description of the display users command Display users SyntaxAll Enter to display information on all user interfaces Information displays in the following formatFree user-interface Syntax Flow-control SyntaxUser view Header Syntax 4500free user-interface auxMode 2 Input in several lines Initial character % is not the header contentsPress the Enter key Initial character % is the header contents Idle-timeout Syntax4500user-interface aux Ui-aux0history-command max-size Idle-timeout minutes seconds Undo idle-timeoutLanguage-mode Syntax Lock SyntaxLanguage-mode chinese english Ui-aux0language-mode chineseTo lock the current user interface, enter the following Parity SyntaxProtocol inbound Syntax Parity even mark none odd space Undo parityConfigure SSH protocol supported by VTY0 user interface VTY user interface viewQuit Syntax 4500user-interface vty Ui-vty0protocol inbound sshSystem view or higher Return SyntaxScreen-length Syntax Service-type Syntax Send SyntaxView Local-user View Send all number type4500local-user zbr Luser-zbrservice-type telnet level Shell Syntax Shell Undo shellSpeed Syntax Stopbits Syntax4500user-interface vty 0 Speed speed-value Undo speedSets the stop bits to Super SyntaxTo change to user level 3 from the current user level Super levelSuper password Syntax To set the password for level 3 to zbr, type the following4500super password level 3 simple zbr Sysname SyntaxSystem-view Syntax To enter system view from user view, enter the followingTelnet Syntax 4500sysname 3ComUser-interface Syntax User privilege level Syntax SW4500system-viewSW4500user-interface 0 User privilege level level Undo user privilege levelUsing Port Commands Ethernet Port Link Aggregation CommandsUsing Port Commands Ports on your Switch Copy configuration SyntaxInterface command Port to other ports, to ensure consistent configurationEthernet Port View Description SyntaxUndo broadcast-suppression Ethernet1/0/1broadcast-suppression ppsDisplay interface Syntax 4500display interface Ethernet 1/0/1Output Description of the Display Interface Command VlanDisplay loopback-detection 4500display loopback-detectionDetails display in the following format Display port SyntaxDisplay unit Syntax Any viewRelated command speed Display the port information for all ports on UnitDuplex Syntax ParametersInterface Syntax Flow-control Undo flow-controlLoopback Syntax External External loop test Internal Internal loop test4500interface ethernet1/0/1 Loopback external internalEthernet1/0/1loopback-detection control enable Enable port loopback detection controlLoopback-detection Syntax Related commands display loopback-detection To enable port loopback detection, enter the following4500loopback-detection interval-time Mdi Syntax Ethernet1/0/1loopback-detection per-vlan enableMdi across auto normal Undo mdi Multicast-suppression Syntax To assign Ethernet port 1/0/1 to VLAN3, enter the following Port access vlan SyntaxPort hybrid pvid vlan Syntax Port hybrid vlan Syntax Port link-type Syntax 4500interface e1/0/1Port trunk permit vlan Syntax All Enter to add the trunk port to all VLANsPort trunk pvid vlan Syntax Ethernet1/0/1port trunk permit vlan 2 4 50 toReset counters interface Syntax Ethernet1/0/1port trunk pvid vlanUndo form of this command is Shutdown SyntaxUnicast-suppression Syntax Related command duplexUnicast-suppression ratio pps pps Undo unicast-suppression Ethernet1/0/1unicast-suppression Debugging lacp packet Syntax 4500debugging link-aggregation error4500debugging link-aggregation event Debugging lacp state Syntax 4500debugging lacp packet interface ethernet1/0/1To enable all Lacp state machines debugging 4500debugging lacp state allDisplay link-aggregation summary 4500display link-aggregation summaryDisplay link-aggregation verbose aggid 4500display link-aggregation verbose4500display link-aggregation interface ethernet4/0/1 Display lacp system-id Syntax Lacp enable SyntaxTo display the local system ID To enable Lacp at Ethernet1/0/1, enter the following Lacp port-priority SyntaxTo set port priority as 64, enter the following Lacp system-priority SyntaxAggid Aggregation group ID, in the range of 1 to To set system priority as 64, enter the following4500lacp system-priority 4500link-aggregation group 22 mode manual Related command display link-aggregation summaryTo create manual aggregation group 22, enter the following Related command display link-aggregation interface Reset lacp statistics Syntax4500reset lacp statistics Using Port Commands Using Vlan Commands Voice Vlan CommandsVlan view VLANs and Vlan interfaces on your systemTo give VLAN1 the description RESEARCH, enter the following Related command interface Vlan-interface Display vlan Syntax4500display interface vlan-interface Display vlan vlanid all static dynamicTo display information about Vlan ExamplesInterface VLAN-interface Syntax For the related command, see display vlan Related command display interface vlan-interfaceTo enter the interface view of VLAN1, enter the following Port SyntaxAdd Ethernet1/0/2 through Ethernet1/0/4 to Vlan Vlan Interface ViewRestart interface after shutting down the interface Vlan2port ethernet1/0/2 to ethernet1/0/4Is default Vlan and cannot be deleted Related commands display vlanVlan Syntax 4094 All Delete all VLANsDisplay voice vlan status Syntax Display voice vlan statusVoice vlan enable Syntax Voice vlan aging SyntaxVoice vlan vlanid enable Undo voice vlan enable 4500voice vlan 2 enableVoice vlan Syntax Voice vlan macaddress SyntaxFor the related command, see display voice vlan oui Voice vlan mode SyntaxVoice vlan mode auto Undo voice vlan mode auto To set the Voice Vlan in manual mode, enter the followingBy default, the Voice Vlan security mode is enabled 4500undo voice vlan mode auto4500undo voice vlan enable 4500undo voice vlan mode auto Voice vlan security enable Undo voice vlan security enableCommands PoE on your Switch 4500 PWR Port or all ports on the SwitchDisplay poe interface Syntax Any viewDisplay the power information of port Ethernet1/0/10 Display poe power Syntax4500display poe interface power ethernet1/0/10 Display the power information of all ports Display poe Syntax Powersupply4500display poe power Display poe powersupply ViewPoe enable Syntax Enable the PoE feature on the current portPoe legacy enable Syntax Display the PSE parametersDisable the nonstandard-PD detect function Enable the nonstandard-PD detect functionPoe max-power Syntax Set the maximum power supplied by current port Restore the default maximum power on the current portPoe mode Syntax Set the PoE mode on current port to signalRestore the default management mode Configure the PoE management mode on port to autoPoe priority Syntax Poe update Syntax Poe update refresh full filenameSet the port priority to critical Ethernet1/0/3poe priority criticalUpdate the PSE processing software online 4500poe update refresh 0290021.s19ARP Configuration Commands Dhcp Client Configuration CommandsDhcp Relay Configuration Commands Access Management Configuration CommandsUDP Helper Configuration Commands IP Performance Configuration CommandsDisplay ip host Syntax Addressing on your SwitchCorresponding IP addresses Ip address Syntax Configure the IP address of interface Vlan interface 1 asVlan Interface view Related command display ip host Address Resolution Protocol ARP operations on your SwitchArp check enable Syntax Ip host SyntaxArp static Syntax 4500undo arp check enableUndo arp static ipaddress Related commands reset arp, display arp, debugging arp 4500arp static 202.38.0.10 00e0-fc01-0000 1 Ethernet1/0/14500arp static 202.38.0.10 00e0-fc01-0000 1 arp timer aging Arp timer aging agingtime Undo arp timer agingRelated commands display arp timer aging 4500arp timer agingTo enable ARP packet debugging, enter the following For the related commands, seeOutput Description of the debugging arp packet Command Display arp SyntaxDisplay arp timer aging Syntax Output Description of the display arp CommandDisplay arp timer aging 4500display arpReset arp Syntax Reset arp dynamic static interface interfacetypeRelated command arp static, display arp 4500reset arp staticDebugging dhcp xrn xha Syntax Display dhcp client Syntax Ip address dhcp-alloc Syntax4500debugging dhcp xrn xha Display dhcp client verboseAddress using Dhcp Debugging. By default, Dhcp relay debugging is disabledTo enable Dhcp relay debugging, enter the following Debugging dhcp-relayDhcp-server Syntax Dhcp-server groupNo Undo dhcp-serverDisplay dhcp-server Syntax Dhcp-server ip SyntaxGroupNo Enter a Dhcp Server group number, in the range 0 to Views Vlanid Enter the Vlan interface number4500display dhcp-server Display dhcp-server interface vlan-interface vlanidAm enable Syntax Am enable Undo am enable4500am enable Am ip-pool SyntaxAm trap enable Syntax Am trap enable Undo am trap enableBy default, the access management trap is disabled To enable the access management trap, enter the following4500am trap enable Display am SyntaxOutput Description of the display am Command Display isolate port SyntaxTo display port isolation information, enter the following Port isolate SyntaxUDP Helper Configuration operations on your Switch By default, UDP Helper debugging is disabledTo enable UDP Helper packet debugging, enter the following Not availableTo enable the UDP Helper function Syntax ServerInterface 1, enter the following Udp-helper port SyntaxIp-addressEnter the IP address of the destination server Udp-helper server Syntax4500udp-helper port dns Display fib Syntax Performance Configuration operations on your SwitchHop, current flag, timestamp and outbound interface Display fib ipaddress Syntax Longer All FIB entries matched in the natural mask rangeDisplay fib acl Syntax Number Enter the ACL in number form, in the range 2000 toDisplay fib ip-prefix Syntax 4500display fib aclDisplay fib begin include exclude text 4500display fib beginDisplay fib statistics Syntax Display icmp statistics SyntaxOutput Description of the display icmp statistics Command To view statistics about Icmp packets, enter the followingDisplay ip socket Syntax Sock-typeEnter the type of a socket tcp1, udp 2, raw ip4500display ip socket socktype Display ip statistics SyntaxDisplay ip statistics Output Description of the display ip statistics Command Related commands display ip interface, reset ip statisticsTo view statistics about IP packets, enter the following 4500display ip statisticsRelated commands display tcp status, reset tcp statistics Display tcp statistics SyntaxTo view statistics about TCP packets, enter the following Display tcp statisticsDisplay tcp status Syntax Output Description of the display tcp status CommandDisplay udp statistics Syntax Reset tcp statistics Syntax Reset ip statistics SyntaxTo clear the IP statistics information, enter the following Tcp timer fin-timeout Syntax Reset udp statistics SyntaxTcp timer syn-timeout Syntax Undo tcp timer syn-timeout Related commands tcp timer fin-timeout,tcp window4500tcp timer syn-timeout Tcp window Syntax4500tcp window Using Network Protocol Commands Static Route Configuration Command RIP Configuration CommandsDisplay ip routing-table Syntax IP Routing Policy CommandsDisplay ip routing-table 4500display ip routing-table Output Description of the display ip routing-tableCommandDisplay ip routing-table acl aclnumber verbose Acl-basic-2000display ip routing-table acl 4500acl number Acl-basic-2000rule permit source 10.1.1.14500display ip routing-table acl 2000 verbose Display ip routing-table ipaddress mask longer-match IpaddressVerbose View 4500display ip routing- .1.1.0 24 2.2.2.0 Ip-prefixDisplay ip routing-table ip-prefix ipprefixname verbose 4500display ip routing-table ip-prefix abc2 verbose 4500display ip routing-table protocol direct Display ip routing-table protocol protocol inactive verbose4500display ip routing-table protocol static To display the route information, enter the following Display ip routing-table radix4500display ip routing-table radix Display ip routing-table statistics4500display ip routing-table statistics CommandDisplay ip routing-table verbose 4500display ip routing-table verbose Descriptor MeaningDelete all the static routes in the router Delete static-routes all SyntaxIp route-static Syntax Description Default cost Syntax Checkzero SyntaxUndo default cost Ripdefault costDisplay rip Syntax Display ripOutput Description of the display rip Command Filter-policy export SyntaxFilter-policy import Syntax Related commands acl, filter-policy import, ip ip-prefixRipfilter-policy 2000 export Host-route Syntax Import-route SyntaxRelated commands default cost Network SyntaxNetworkaddress Enter the IP network address of an interface Ripimport-route static costPeer Syntax Ipaddress Enter the interface IP address of the peer routerRipnetwork Undo peer ipaddressReset Syntax Reset the RIP systemPreference Syntax To specify a RIP preference of 20, enter the followingTo enable RIP, and enter RIP view, enter the following Rip authentication-mode SyntaxRip Syntax Interface ViewRelated command rip version MD5 cipher text authentication key for RIP-2Vlan-interface1rip authentication-mode simple aaa Vlan-interface1rip authentication-mode md5 usual aaa Rip input SyntaxRip metricin Syntax Rip input Undo rip inputRip metricout Syntax Rip output SyntaxRip metricout value Undo rip metricout Rip output Undo rip outputRip split-horizon Syntax Rip split-horizon Undo rip split-horizonRip version Syntax Rip work Syntax Summary SyntaxUndo timers update timeout Timers SyntaxRipundo summary Riptimers update 10 timeout These commands operate across all routing protocols Related command ip ip-prefixApply cost Syntax Route Policy ViewOutput Description of the display ip-ip prefix Command Output Description of the display route-policyCommandDisplay route-policy Syntax Routepolicyname Specify displayed Route-policy nameIf-match acl ip-prefix Syntax Route policy viewIf-match cost Syntax If-match cost value Undo if-match costBy default, no match sub-statement is defined If-match interface SyntaxUndo if-match interface Route-policyif-match interface Vlan-interfaceIp ip-prefix Syntax If-match ip next-hop SyntaxRoute-policyif-match ip next-hop ip-prefix p1 Description Route-policy Syntax 4500route-policy policy permit nodeRoute-policy Using Routing Protocol Commands Using Multicast Protocol Igmp configuration commands on your Switch Display igmp-snooping Syntax ConfigurationSnooping configuration information Member port timeoutDisplay the multicast group information about VLAN2 Display statistics information about Igmp Snooping4500display igmp-snooping group vlan Display igmp-snooping statisticsIgmp-snooping enable disable Enable Igmp Snooping on VlanIgmp-snooping Syntax Set the aging time to 300 seconds Configure to respond to the Igmp Snooping packet within 20s4500igmp-snooping host-aging-time Reset igmp-snooping statistics Clear Igmp Snooping statistics information4500igmp-snooping max-response-time 4500igmp-snooping router-aging-time4500reset igmp-snooping statistics Using Multicast Protocol Commands QoS Configuration Commands List Logon user’s ACL Control CommandAcl Syntax Display the content of all the ACLs Display acl SyntaxAll Displays all ACLs Number chosen from 2000 toPacket-filter Syntax 4500display packet-filter unitidReset acl counter Syntax Define or cancel the subrules of user-defined ACLRule Syntax Define or delete the subrules of a basic ACL Define or delete the subrules of an advanced ACLParameters specific to basic ACLs Corresponding ACL ViewParameters specific to advanced ACLs Parameters specific to Layer 2 ACL Parameter for user-defined ACLDisplay mirror Syntax Display COS and Local-precedence map Unit-id Unit ID of the SwitchDisplay qos-interface all Syntax Display all the configurations of QoS parameters for unit Unit-idUnit ID of the SwitchDisplay qos-interface 1 all Display qos-interface line-rateRelated command mirrored-to Display the traffic limit settingsLine-rate Syntax Undo line-rateMirrored-to Syntax 4500interface Ethernet 1/0/1 4500line-rate outboundMirroring-port Syntax Related command display qos-interface mirrored-toMirroring-port inbound outbound both Undo mirroring-port Monitor-port Syntax Priority SyntaxMonitor-port Undo monitor-port 4500interface Ethernet 1/0/4Priority trust Syntax Set the priority of Ethernet1/0/1 port toPriority trust Undo priority Default CoS and Local-precedence table Following is the default CoS and Local Precedence tableUndo qos cos-local-precedence-map Configure CoS and Local Precedence table 4500qos cos-local-precedence-map 0 1 2 3 4 5 6Wred Syntax Queue-indexindex of output queue, in the range of 0~7Use the undo wred command to restore the default settings By default, the wred function is disabledSwitch Local Switch using TelnetIp http acl Syntax Snmp-agent community SyntaxIp http acl acl-number Undo ip http acl 4500ip http aclSnmp-agent group Syntax 4500snmp-agent community read MyCompany aclSnmp-agent usm-user Syntax 4500snmp-agent group v1 MyCompany aclParameter Using QOS/ACL Commands Using Stack Commands 4500system-view 4500change self-unit toChange unit-id Syntax To change the unit ID from6 to 4, enter the followingChange unit-id to 1-8 1-8 auto-numbering 4500display ftm topology-databaseDisplay xrn-fabric Syntax Display ftm SyntaxPort display the stacking port information Fabric save-unit-id Syntax 4500display xrn-fabricFabric save-unit-id Undo fabric save-unit-id 4500fabric save-unit-idFabric-port enable Syntax 4500fabric-port gigabitEthernet1/0/51 enableFtm stacking-vlan Syntax Ftm stacking-vlan vlan-id Undo ftm stacking-vlan4500xrn-fabric authentication-mode simple hello Set Vlan 2 as stacking VlanSet unit name Syntax 4500ftm stacking-vlanYou can use this command to set a name for a device Sysname sysname Undo sysnameUnit Name Unit ID First Second Using Rstp Commands Configuration commands on your Switch To the port command in this guideState of the Switch Related command reset stpReset stp interface interfacelist Reset stp SyntaxDisplay information Stp enable disable Undo stp 4500reset stp interface Ethernet1/0/1 to Ethernet1/0/3Stp Syntax Related command stp mode To enable Rstp on a Switch, enter the followingTo disable Rstp on Ethernet1/0/1, enter the following Stp bpdu-protection SyntaxStp cost Syntax Cost Specifies the path cost, ranging from 1 toStp edged-port Syntax Path cost for ports at different link speedsStp loop-protection Syntax Stp loop-protection Undo stp loop-protectionStp mode Syntax Stp mode stp rstp Undo stp modeStp mcheck Syntax Stp mcheck4500stp mode stp Stp pathcost-standard SyntaxStp point-to-point Syntax Stp port priority Syntax4500stp pathcost-standard dot1d-1998 4500stp pathcost-standard dot1tUndo stp priority Stp priority Syntax4500stp priority Stp root primary Syntax Stp root secondary SyntaxStp root primary Undo stp root 4500stp root primary4500stp root secondary Stp root-protection SyntaxStp root-protection Undo stp root-protection Stp timeout-factor Syntax Stp timer forward-delay SyntaxStp timeout-factor number Undo stp timeout-factor 4500stp timeout-factorStp timer hello Syntax Undo stp timer forward-delayRelated commands stp timer hello, stp timer max-age 4500stp timer forward-delayStp timer max-age Syntax Stp transmit-limit SyntaxEthernet1/0/1stptransmit-limit Using Rstp Commands Using AAA and Radius AAA Configuration CommandsRadius Protocol Configuration Commands 235 Switch Display the configuration informationDisplay dot1x Syntax Sessions Displays the session connection informationDot1x Syntax To enable 802.1x globally, enter the following To enable 802.1x on Ethernet 1/0/1, enter the following4500dot1x interface ethernet 1/0/1 Related command display dot1x Configure 802.1x user to use PAP authenticationDot1x dhcp-launch Syntax Dot1x max-user SyntaxDot1x port-control Syntax 4500dot1x max-user 32 interface ethernet 1/0/2Dot1x port-method Syntax 4500dot1x port-method portbased interface ethernet 1/0/3 Dot1x quiet-period CommandDot1x quiet-period Undo dot1x quiet-period To enable quiet-period timer, enter the following Related command display dot1x, dot1x timerDot1x retry Syntax 4500dot1x quiet-periodDot1x supp-proxy-check Syntax 4500dot1x retryDot1x timer Syntax 4500dot1x timer server-timeout Reset dot1x statistics SyntaxReset dot1x statistics interface interface-list Clear the 802.1x statistics on Ethernet 1/0/2 4500reset dot1x statistics interface ethernet 1/0/2Debugging Syntax Display mac-authentication 4500display mac-authenticationMac-authentication Syntax Offline detect period4500mac-authentication 4500mac-authentication interface Ethernet 1/0/1Undo mac-authentication authmode 4500mac-authentication authmode usernamefixed 4500mac-authentication authusername vipuser 4500mac-authentication authpassword mac4500undo mac-authentication authusername 4500mac-authentication domain Cams 4500mac-authentication timer server-timeoutOn your Switch Access-limit SyntaxISP Domain View Current ISP domain, ranging from 1 toCut connection Syntax 4500local-user JohnQDisplay connection Syntax All Configures to disconnect all connection4500cut connection domain marlboro.net 4500display connection Display domain Syntax Display local-user SyntaxDisplay domain isp-name 4500display domain4500display local-user Output description of the display local-usercommand Domain SyntaxIdle-cut Syntax Idle-cut disable enable minute flowISP Domain View Related command domain Level SyntaxLocal User View Local-user SyntaxRelated commands display local-user,server-type By default, no local userTo add a local user named 3Com1, enter the following 4500local-user password-display-mode cipher-force Related commands display local-user,passwordMessenger Syntax Password Syntax 4500domain system Isp-systemmessenger time enable 30Password simple cipher password Undo password 4500local-user 3Com1 Luser-3Com1password simpleRelated commands radius scheme, display radius Scheme SyntaxSelf-service-url Syntax Change user password on thisRelated command radius scheme, display radius Self-service-url enable url-stringself-service-url disableService-type Syntax ISP Domain View Local User View State SyntaxState active block Accounting optional Syntax Selection of Radius accounting optionOtherwise, the user will be disconnected Accounting that uses this Radius schemeRadius Scheme View Undo data-flow format4500radius scheme 3Com Display local-server statistics4500display local-server statistics Display radius Syntax4500display radius Troubleshooting Related command radius scheme Display radius statistics SyntaxDisplayed packet information can help with Radius diagnosis Display radius statisticsDisplay stop-accounting-buffer 4500radius scheme 3Com Radius-3Comkey authentication hello Key SyntaxLocal-server Syntax Nas-ip SyntaxRadiuskey accounting ok 4500local-server nas-ip 10.110.1.2 key 3ComIp-addressIP address in dotted decimal format Primary accounting SyntaxPrimary authentication Syntax Related commands key, radius scheme, stateRadius Server Group View Radius nas-ip ip-address Undo radius nas-ip Radius nas-ip Syntax4500radius nas-ip Reset radius statistics Syntax Reset radius statisticsRadius scheme Syntax Undo radius scheme radius-scheme-name4500reset radius statistics To clear the Radius protocol statistics, enter the followingRetry Syntax Undo retryRetry stop-accounting Syntax 4500radius scheme 3Com Radius-3Comretry realtime-accountingSecondary accounting Syntax 4500radius scheme 3Com Radius-3Comretry stop-accountingServer-type Syntax Server-type 3com standardUndo server-type Stop-accounting-buffer enable Timer Syntax Timer seconds Undo timerTimer quiet Syntax Related commands radius scheme, retryTime quiet minutes Undo timer quiet Timer response-timeout Syntax Related commands retry realtime-accounting,radius scheme4500radius scheme 3Com Radius-3Comtimer realtime-accounting Timer response-timeout seconds Undo timer response-timeoutUser-name-format Syntax 4500radius scheme 3Com Radius-3Comtimer response-timeoutUser-name-format with-domain without-domain Related command radius scheme Configuration File Management Commands FTP Server Configuration CommandsTftp Configuration Commands FTP Client CommandsMAC Address Table Management Commands Device Management Commands Basic System Configuration and Management CommandsSystem Status and System Information Display Commands System Debug CommandsSnmp Configuration Commands NTP Configuration Commands Rmon Configuration CommandsSSH Terminal Service Configuration Commands Sftp Server Configuration Commands SSH Client Configuration CommandsSftp Client Configuration Commands Copy Syntax Display current directory information Copy the file test.txt and save it as test.bakDelete Syntax Delete the file flash/test/test.txtDisplay the information for file flash/test/test.txt Dir SyntaxDisplay information for directory flash/test Execute Syntax Configure the prompt mode of file operation as quietFile prompt Syntax Format Syntax Format flashMkdir Syntax Directory Directory nameMove Syntax Display contents of file test.txtDisplay the current directory information Pwd Syntax Rename SyntaxReset recycle-bin Syntax File-pathName of the file to be deletedDelete the file from the recycle bin Rmdir SyntaxFile-pathName of the file to be recovered Recover the deleted file sample.bakDelete the directory test Undelete SyntaxFiles on your Switch Display Syntax Current-configurationDisplay current-configuration controller interface 4500dir /allConfiguration File Management Commands 4500display current-configuration include user Unit unit-idSpecify the Unit ID of switchDisplay saved-configuration unit unit-id Display this Display this Syntax4500display this Reset saved-configuration Display startup SyntaxDisplay startup 4500display startupSave Syntax 4500reset saved-configurationSave filename safely Get the current configuration files stored in flash memory To enable Bootrom access function, enter the followingStartup saved Syntax Configuration 4500startup bootrom-access enableDisplay ftp-server Syntax Display ftp-user SyntaxShow the configuration of FTP user parameters Enable Start FTP ServerFtp timeout Syntax Ftp server SyntaxSet the connection timeout to 36 minutes 4500ftp timeoutRelated commands display local-user,service-type New local user added Configure to transmit data in the Ascii mode Ascii SyntaxFTP Client view Binary SyntaxConfigure to transmit data in the binary mode Bye SyntaxCd Syntax ByeChange the working path to flash/temp Cdup SyntaxChange working path to the upper level directory CdupClose Syntax Delete the file temp.cClose Delete remotefileDisconnect Syntax DisconnectFtp Syntax Connect to FTP Server at the IP addressGet Syntax Download the file temp1.c and saves it as temp.cLcd Syntax Show local working pathLs Syntax Query file temp.cSet the data transmission to passive mode Ftpmkdir flash/lanswitchPathname Directory name Passive SyntaxPut Syntax FtppassiveShow the current directory on the remote FTP Server Protocol-commandFTP protocol commandRemotehelp Syntax Show the syntax of the protocol command user Pathname Directory name of remote FTP ServerDelete the directory flash/temp1 from FTP Server User SyntaxUsername Logon username Password Logon password Use the user command to register an FTP userLog in the FTP Server with username tom and password hello Enable verboseTftp server and save it with a different name on the switch Related command tftp putVxWorks.app on the local switch Tftp get SyntaxInterface-nameSpecify the interface name Display mac-address SyntaxSW5500tftp 1.1.3.214 put sw5500cfg.txt temp.txt Mac-address Syntax SW4500display mac-address 00e0-fc01-0101Display mac-address aging-time SW4500display mac-address aging-timeUndo mac-address static dynamic blackhole mac-address Max-mac-countmac-address max-mac-count countMac-address timer Syntax Undo mac-address max-mac-countBoot boot-loader Syntax Boot bootrom SyntaxDisplay boot-loader Syntax Display cpu SyntaxShow device information Display device SyntaxDisplay fan Syntax Display power Syntax Display memory SyntaxDisplay schedule reboot Syntax Show power stateReboot Syntax Schedule reboot at Syntax Reboots the SwitchSchedule reboot at hhmm yyyy/mm/dd Undo schedule reboot Schedule reboot delay Syntax SW4500schedule reboot atSchedule reboot delay hhhmm mmm Undo schedule reboot SW4500schedule reboot delayDevice Management Commands Commands available on your Switch Default is 235552, 2000/4/1Related command display clock Clock datetime SyntaxClock timezone Syntax Clock timezone zonename add minus Hhmmss Undo clock timezoneSet the hostname of the Switch to be LANSwitch Display clock SyntaxUnit-idUnit ID of current switch, in the range of 1 to Display config-agent SyntaxView the current system date and clock Show all the enabled debugging Display debugging SyntaxDisplay version Syntax Display the information about the system versionInformation that can be displayed on your Switch For the related commands, see display debugging Enable IP Packet debuggingRequiring periodic testing End-station polling Syntax Ip-addressConfigure 202.38.160.244 requiring periodical testing Ping SyntaxSW4500end-station polling ip-address Ping -a ip-address -c count -d -h tllDescription Remote-ping Purpose Related Commands Display remote-ping PurposeDisplays the latest test results Displays the test historyNumber Test Connection fail number This command can be used in the following views Any view Remote-ping-agent Purpose enableEnable remote-ping client Remote-ping-agent enable Undo remote-ping-agent enableTracert Syntax Tracert -a source-ip -f first-TTL -m max-TTL -p portPort is SW4500tracertShow details about the information channel Display info-center SyntaxSW4500display channel Display info-centerShow the system log information Undo info-center channel channel-numberRename channel 0 as execconsole ChannelInfo-center console channel channel-number channel-name Undo info-center console channelSW4500info-center enable Enable the system log functionInfo-center logbuffer Syntax Info-center loghost Syntax SW4500info-center logbufferRelated commands info-center enable, display info-center SW4500info-center loghostSW4500info-center loghost source vlan-interface Info-center monitor channel channel-number channel-nameConfigure channel 6 as the Snmp information channel SW4500info-center monitor channelInfo-center source Syntax Channel-numberChannel number to be setSW4500info-center snmp channel Level LevelIP module FTP server moduleModule names in logging information Information Channel in Each Output Direction by Default Info-center switch-on Syntax SW4500info-center switch-on 2 trapping Info-center timestamp SyntaxReset logbuffer Syntax SW4500info-center timestamp debugging bootReset logbuffer Info-center trapbuffer SyntaxReset trapbuffer Syntax Clear information in log bufferClear information in trap buffer Terminal debugging SyntaxEnable the terminal display debugging Disable the terminal log displayTerminal logging Syntax terminal logging Terminal monitor Syntax terminal monitorDisable the terminal monitor Enable trap information displayCommands available on your Switch Terminal trapping SyntaxDisplay the engine ID of current device Display the currently configured community namesGroup Display Snmp group name and safe mode Output description of the display snmp-agent group commandGroupname Group name, ranging from 1 to 32 bytes Following table describes the output fieldsDisplay snmp-agent statistics Display the current state of Snmp communicationSW4500display snmp-agent statistics Total number of the input Snmp packets Display the character string sysContact system contact Display the system locationDisplay the version information of running Snmp Display the information of all the current usersEnable snmp trap Syntax Enable snmp trap updown Undo enable snmp trap updownDisplay snmp-proxy unit Syntax View statistics information of Snmp proxy on unitSW4500snmp-agent community read comaccess SW4500undo snmp-agent community comaccess Delete the community name comaccessSW4500snmp-agent community write mgr Configure the ID of a local or remote device as To create an Snmp group named 3Com, enter the followingSnmp-agent mib-view Syntax SW4500snmp-agent group v3 3ComCreate a view that consists of all the objects of MIB-II SW4500snmp-agent mib-view included mib2Location command to restore the default value Set the size of Snmp packet to 1042 bytesSnmp-agent sys-info Syntax Set system location as Building 3/RoomSW4500snmp-agent trap enable Snmp-agent trap enable Syntax Standard authentication coldstart linkdown linkup warmstartConfigure the timeout interval of Trap packet as 60 seconds Snmp-agent trap life SyntaxSnmp-agent trap life seconds Undo snmp-agent trap life SW4500snmp-agent trap lifeConfigure the queue length to Snmp-agent trap source SyntaxVlan-idSpecify the Vlan interface ID, ranging from 1 to SW4500snmp-agent trap queue-sizeSnmp-agent usm-user Syntax Disable the running Snmp agents of all Snmp versions Undo snmp-agent SyntaxUndo snmp-agent SW4500undo snmp-agentDisplay rmon alarm Syntax Display rmon event SyntaxDisplay rmon eventlog Syntax For the related commands, see rmon history Output description of the display rmon eventlog commandDisplay rmon history Syntax Port-numEthernet port nameDisplay rmon prialarm Syntax Prialarm-table-entryentry of extended alarm tableDisplay alarm information about extended Rmon Output description of the display rmon history commandOutput description of the display rmon prialarm command Display rmon statistics SyntaxPort-numEthernet port number Show Rmon statisticsRmon alarm Syntax Undo rmon alarm entry-numberSW4500undo rmon alarm Delete the information of entry 15 from the alarm tableRmon event Syntax Rmon history Syntax Delete the entry 15 from the history control tableSW4500rmon event 10 log Undo rmon history entry-numberRmon prialarm Syntax Undo rmon prialarm entry-numberEntry-numberSpecifies the entry number, ranging from 1 to SW4500interface Ethernet1/0/1Delete line 10 from the extended Rmon alarm table Switch 4500 Family provides the following functionsUDP port 123 is opened only when the NTP feature is enabled UDP port 123 is closed as the NTP feature is disabledView the status of all sessions maintained by NTP services Display ntp-service sessions verboseSW4500 display ntp-service sessions Verbose Displays detailed NTP session informationDisplay ntp-service status Display ntp-service trace Syntax Ntp-service access SyntaxSW4500 ntp-service access server SW4500 ntp-service access peerSW4500 system-view SW4500 ntp-service authentication enable Enable the NTP authenticationUndo ntp-service authentication-keyid key-id By default, no switch operates in the broadcast client mode Ntp-service Syntax Disable Vlan-interface1 from receiving NTP messagesMax-dynamic-sessionsntp-service max-dynamic-sessions number Undo ntp-service max-dynamic-sessions SW4500-Vlan-interface1ntp-service multicast-client Key-id Authentication key ID, in the range of 1 to By default, no trusted authentication key is configuredNtp-service unicast-peer Syntax Ntp-service unicast-server SW4500 ntp-service unicast-server 128.108.22.44 version Debugging ssh server Syntax SW4500debug ssh server all SW4500term debugDisplay rsa local-key-pair public Related command rsa local-key-pair createSW4500display rsa local-key-pair public Display rsa peer-public-key Display rsa peer-public-key brief name keynameDisplay ssh server Syntax SW4500display rsa peer-public-keySW4500display rsa peer-public-key name candy2 Display ssh server status sessionPeer-public-key end Syntax To display SSH sessionsPublic key view Related command user-interface vty Related commands rsa peer-public-key,public-key-code beginTo quit public key view, enter the following SW4500user-interface vty 0Public key edit view Public-key-code begin SyntaxPublic-key-code end Syntax Rsa local-key-pair create Syntax To generate the local RSA key pair, enter the followingRsa peer-public-key Syntax CharactersProgram supporting SSH1.5 Ssh server SyntaxSsh server timeout Syntax By default, it is Related command display ssh serverSsh user assign rsa-key Syntax To associate the key 1 with jsmith, enter the following Related command display ssh user-informationSW4500ssh user jsmith assign rsa-key key1 Display ssh server-info Syntax At the next logonKeys, enter the following Related commands rsa peer-public-key, public-key-code begin Related commands rsa peer-public-key, public-key-code endTo exit the public key view, enter the following SW4500rsa peer-public-key SW4500003Public-key-code end Syntax Ssh client assign rsa-key Syntax SW4500rsa peer-public-key SW4500002Enable SW4500ssh client first-time enable Ssh2 SyntaxMd596 Hmac algorithm hmac-md5-96 Sftp server enable Syntax Use the sftp server enable command to start the Sftp serverBy default, the Sftp server is shutdown Ssh user service-type SyntaxBy default, the service type is stelnet Particular userType Sftp Client ViewTo change the current path to d/temp, enter the following Remote-pathThe name of a path on the serverRemote-fileThe name of a file on the server Remote-pathThe name of the directory to view To view the directory, flash/, enter the followingExit Syntax exit View Sftp-clientdelete temp.cCommand The name of a command Help commandHelp Syntax Sftp-clientget temp1.c temp.cTo view the directory flash/, enter the following FlashSftp-clientput temp.c temp1.c Oldname Original file name Remove SyntaxSftp-clientremove temp.c Newname New file name Sftp SyntaxSftp-clientrename temp1 temp2 Sftp-clientrmdir D/temp1SW4500sftp Configuring Password Control Display password-controlFields in Display Password- Control Command Display SyntaxPassword-control Syntax # Configure the system login password for user test toPassword System view Password-control enable Syntax System View return to User View with Ctrl+ZPassword-control super Syntax # Delete the history password records of all users Reset password-control history-record username username# Delete the history password records of user test Reset password-control blacklist username usernameBlacklist Username username Specifies a user name# Delete user test from the blacklist Configuring Password Control Bootrom Interface Five second countdown timer allowing access to the bootromBoot Boot MenuEnter Option 1 at the prompt to display the following Current mode is enable bootrom password recovery Download Commands Selecting a Tftp download Selecting a FTP download Selecting an XModem download