802.1X Port Authentication | Accton Technology ES3552XA, ES3526XA

Authentication Commands 4

Command Usage

•If you enable port security, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number. Only incoming traffic with source addresses already stored in the dynamic or static address table will be accepted.

•First use the port security max-mac-countcommand to set the number of addresses, and then use the port security command to enable security on the port.

•Use the no port security max-mac-countcommand to disable port security and reset the maximum number of addresses to the default.

•You can also manually add secure addresses with the mac-address-table static command.

•A secure port has the following restrictions:

-Cannot use port monitoring.

-Cannot be a multi-VLAN port.

-Cannot be connected to a network interconnection device.

-Cannot be a trunk port.

•If a port is disabled due to a security violation, it must be manually re-enabled using the no shutdown command.

Example

The following example enables port security for port 5, and sets the response to a security violation to issue a trap message:

Console(config)#interface ethernet 1/5

Console(config-if)#port security action trap

Related Commands

shutdown (4-136)mac-address-table static (4-157) show mac-address-table(4-158)

802.1X Port Authentication

The switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication. Client authentication is controlled centrally by a RADIUS server using EAP (Extensible Authentication Protocol).

Table 4-32 802.1X Port Authentication

Command	Function	Mode	Page
dot1x system-auth-control	Enables dot1x globally on the switch.	GC	4-86

dot1x default	Resets all dot1x parameters to their default values	GC	4-86

dot1x max-req	Sets the maximum number of times that the switch	IC	4-87
	retransmits an EAP request/identity packet to the client
	before it times out the authentication session
dot1x port-control	Sets dot1x mode for a port interface	IC	4-87

4-85

Image 327

Accton Technology ES3552XA, ES3526XA manual 32 802.1X Port Authentication Command Function Mode

Contents

Powered by Accton Page Fast Ethernet Switch ES3526XA ES3552XA F2.2.6.3 E122006-CS-R02 149100005500H Contents Page Iii Page Command Line Interface Page Vii Viii Contents Page Contents Xii Xiii Appendix a Software SpecificationsAppendix B Troubleshooting Glossary Index Xiv Tables Xvi Xvii Xviii Xix Figures Figures Xxi Xxii Supports standard STP and Rapid Spanning Tree Protocol Rstp Key FeaturesKey Features Feature Description Description of Software Features Description of Software Features Introduction Password super System DefaultsSystem Defaults Function Parameter Default Client Enabled System Defaults Function Parameter Clock Synchronization Disabled Introduction Configuration Options Connecting to the Switch Required Connections Initial Configuration Basic Configuration Remote ConnectionsConsole Connection Setting Passwords Setting an IP AddressManual Configuration Dynamic Configuration Community Strings for Snmp version 1 and 2c clients Enabling Snmp Management Access Trap Receivers 118120 126 Saving Configuration SettingsConfiguring Access for Snmp Version 3 Clients 125 Managing System Files Initial Configuration Using the Web Interface Configuring the Switch Home Navigating the Web Browser Interface Panel Display Configuration Options Menu Description System System Information ConfigurationMain Menu Main Menu ACL Menu Description 148 139Current Table 143 Dscp Priority Status Both IP Precedence Priority Class-of-service value IP Dscp Priority155 164 Configuration Settings Menu Description Igmp Snooping 170 Igmp ConfigurationQuery Igmp Filter Configuration Configuration Settings Igmp Filter/Throttling Trunk Main Menu Field Attributes Displaying System Information Expansion Slot Displaying Switch Hardware/Software VersionsMain Board Management Software Displaying Switch Information Displaying Bridge Extension Capabilities Bridge Extension Configuration 195 Setting the Switch’s IP AddressCLI Enter the following command Command Attributes 131 244245 246 Using DHCP/BOOTP Dhcp Relay and Option 82 Information Command Usage 242 241 Managing Firmware Operation Code Image File Transfer Downloading System Software from a Server 11 Deleting Files Saving or Restoring Configuration Settings 12 Copy Configuration Settings Downloading Configuration Settings from a Server Console Port Settings 14 Console Port Settings Telnet Settings 15 Enabling Telnet System Log Configuration Configuring Event Logging Level Severity Name Description Logging Levels 17 Remote Logs Remote Log Configuration CLI This example shows the event message stored in RAM Displaying Log Messages Sending Simple Mail Transfer Protocol Alerts 19 Enabling and Configuring Smtp Alerts 20 Resetting the System Resetting the System Configuring Sntp Setting the System Clock Configuring NTP 22 NTP Client Configuration Simple Network Management Protocol Setting the Time Zone SNMPv3 Security Models and Levels Level Group Read View Write View Notify View SecurityUser defined 117 Setting Community Access StringsCLI The following example enables Snmp on the switch Enabling the Snmp Agent Specifying Trap Managers and Trap Types 25 Configuring Snmp Community Strings Configuring the Switch 122 Configuring SNMPv3 Management Access 123 Setting a Local Engine IDSpecifying a Remote Engine ID CLI This example sets an SNMPv3 engine ID CLI This example specifies a remote SNMPv3 engine ID Configuring SNMPv3 Users 29 Configuring SNMPv3 Users 130 Configuring Remote SNMPv3 Users 30 Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Supported Notification Messages This trap is sent when the fan failure has Private Traps SwPowerStatusThis trap is sent when the fan fails SwFanRecoverTrap 127 31 Configuring SNMPv3 Groups 32 Configuring SNMPv3 Views Setting SNMPv3 Views Configuring User Accounts User Authentication 33 Access Levels Configuring Local/Remote Logon Authentication Tacacs Settings Radius Settings 34 Authentication Settings Https System Support Configuring Https Address server ip-address Replacing the Default Secure-site Certificate Configuring the Secure Shell Configuring the Switch Generating the Host Key Pair 36 SSH Host-Key Settings SSH server includes basic settings for authentication Configuring the SSH Server Configuring Port Security 38 Configuring Port Security Configuring 802.1X Port Authentication Web Click Security, 802.1X, Information Displaying 802.1X Global Settings802.1X protocol provides client authentication CLI This example shows the default global setting for Configuring 802.1X Global Settings Configuring Port Settings forCLI This example enables 802.1X globally for the switch Authorized 41 802.1X Port Configuration Consoleconfig#interface ethernet 1/2 802.1X Statistics Displaying 802.1X Statistics CLI This example displays the 802.1X statistics for port MAC Address Authentication Configuring the MAC Authentication Reauthentication Time Web Click Security, Network Access, Configuration Configuring MAC Authentication for Ports Web Click Security, Network Access, Port Configuration CLI This example configures MAC authentication for portDisplaying Secure MAC Address Information 45 Network Access MAC Address Information 100 Configuring MAC Address Filters Filtering Addresses for Management Access 47 Creating a Web IP Filter List CLI This example allows Snmp access for a specific client Configuring Access Control Lists Access Control Lists Setting the ACL Name and Type CLI This example creates a standard IP ACL named david103 104 Configuring a Standard IP ACL Configuring an Extended IP ACL 105 50 ACL Configuration Extended IP 111 Configuring a MAC ACL 52 Binding a Port to an ACL Binding a Port to an Access Control List 107 Port ConfigurationDisplaying Connection Status Field Attributes Web Configuration Web Click Port, Port Information or Trunk InformationBasic Information Configuring Interface Connections Current Status138 54 Port/Trunk Configuration Creating Trunk Groups 136135 55 Configuring Port Trunks Statically Configuring a Trunk 147 Enabling Lacp on Selected Ports 148 56 Lacp Configuration Dynamically Creating a Port Channel Configuring Lacp Parameters 57 Lacp Aggregation Port Displaying Lacp Port Counters You can display statistics for Lacp protocol messagesLacp Port Counters LACPDUs Illegal Pkts Protocols Ethernet Type Displaying Lacp Settings and Status for the Local Side Lacp Internal Configuration InformationField Description 59 Lacp Port Internal Information 10 Lacp Neighbor Configuration Information Displaying Lacp Settings and Status for the Remote Side Console#show lacp 1 neighbors 61 Port Broadcast Control Setting Broadcast Storm Thresholds Configuring Port Mirroring 137140 Configuring Rate Limits Rate Limit Granularity142 145 Rate Limit Configuration 144 Showing Port Statistics Protocol Transmit ErrorsErrors FCS Errors 11 Port Statistics Parameter DescriptionRmon Statistics Fragments Or alignment error 65 Port Statistics 139 Address Table SettingsSetting Static Addresses CLI This example shows statistics for port 157 Displaying the Address Table 158 67 Dynamic Addresses 159 Spanning Tree Algorithm ConfigurationChanging the Aging Time CLI This example sets the aging time to 300 seconds Designated Root Port Bridge For this Region Displaying Global Settings 120 69 STA Information Mstp 176 Configuring Global Settings Global settings apply to the entire switchBasic Configuration of Global Settings Configuration Settings for Rstp Root Device Configuration Configuration Settings for Mstp 70 STA Global Configuration Displaying Interface Settings AD B 71 STA Port Information CLI This example shows the STA attributes for port Configuring Interface Settings 131 CLI This example sets STA attributes for port Configuring Multiple Spanning Trees 133 178 73 Mstp Vlan Configuration 167 74 Mstp Port Information Displaying Interface Settings for Mstp Configuring Interface Settings for Mstp CLI This example sets the Mstp attributes for port 175174 Vlan Configuration Ieee 802.1Q VLANsAssigning Ports to VLANs VA Vlan Aware VU Vlan Unaware Forwarding Tagged/Untagged Frames 194 Enabling or Disabling Gvrp Global SettingCLI This example enables Gvrp for the switch Displaying Basic Vlan Information Displaying Current VLANs Command Attributes Web 78 Vlan Current Table Command Attributes CLI 187 Creating VLANs CLI This example creates a new Vlan 179180 Adding Static Members to VLANs Vlan Index 185 Adding Static Members to VLANs Port Index 81 Vlan Static Membership by Port Configuring Vlan Behavior for Interfaces 82 Vlan Port Configuration 184 Private VLANs182 183 153 Displaying Current Private VLANs Configuring Private VLANs Associating VLANs189 190 Displaying Private Vlan Interface Information 193 Configuring Private Vlan Interfaces 191 87 Private Vlan Port Configuration Class of Service Configuration Layer 2 Queue SettingsSetting the Default Priority for Interfaces CLI This example assigns a default priority of 5 to port 88 Port Priority Configuration Mapping CoS Values to Egress Queues 12 Egress Queue Priority Mapping13 CoS Priority Levels 203 201 90 Queue Mode Selecting the Queue Mode Setting the Service Weight for Traffic Classes 200202 204 Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP Priority 14 Mapping IP Precedence Mapping IP Precedence 209 Mapping Dscp Priority15 Mapping Dscp Priority Values 206 210 207 95 IP Port Priority Status Mapping IP Port Priority Mapping CoS Values to ACLs 16 Egress Queue Priority Mapping205 108 Multicast Filtering Layer 2 Igmp Snooping and Query Configuring Igmp Snooping and Query Parameters 98 Igmp Configuration Enabling Igmp Immediate Leave 100 Displaying Multicast Router Port Information Displaying Interfaces Attached to a Multicast Router Specifying Static Interfaces for a Multicast Router 220219 215 Displaying Port Members of Multicast Services 103 Igmp Member Port Table Assigning Ports to Multicast Services Enabling Igmp Filtering and Throttling Igmp Filtering and Throttling 104 Enabling Igmp Filtering and Throttling Configuring Igmp Filter Profiles 105 Igmp Profile Configuration Configuring Igmp Filtering and Throttling for Interfaces 106 Igmp Filter and Throttling Port Configuration Multicast Vlan Registration General Configuration Guidelines for MVR 107 MVR Global Configuration Configuring Global MVR Settings 108 MVR Port Information Displaying MVR Interface Status 109 MVR Group IP Information Displaying Port Members of Multicast Groups MVR Vlan Configuring MVR Interface Status Assigning Static Multicast Groups to Interfaces Web Click MVR, Port or Trunk Configuration Configuring General DNS Service Parameters Configuring Domain Name Service 190 237 234235 236 113 DNS Static Host Table Configuring Static DNS Host to Address Entries Displaying the DNS Cache 233238 Cluster Configuration Switch Clustering 250 Cluster Member ConfigurationAdds Candidate switches to the cluster as Members 249 Web Click Cluster, Member Configuration Displays current cluster Member switch informationCluster Member Information 253 Cluster Candidate Information Configuring the Switch 198 Using the Command Line Interface Accessing the CLITelnet Connection Command Line Interface Keywords and Arguments Entering CommandsCommand Completion Getting Help on Commands CLIMSGPRIVILEGEEXECCMDW2SHOWMVR Showing Commands Partial Keyword Lookup Negating the Effect of CommandsUsing Command History Understanding Command Modes Command Modes Exec Commands Spanning-tree mst-configuration Consoleconfig-mstp# 160 Configuration CommandsConfiguration Modes Command Prompt Consoleconfig-if# 131 Command Line Processing Command Line ProcessingKeystroke Function Command Groups Description Command Groups Command Line Interface Line Line Commands Example LoginRelated Commands Syntax Login local no login No password is specified PasswordUsername 4-27 password Syntax Password 0 7 password no password Timeout login response Exec-timeoutSyntax Exec-timeout seconds no exec-timeout Default value is three attempts Password-threshSilent-time4-16 Timeout login response Syntax Password-thresh threshold no password-thresh Syntax Databits 7 8 no databits Silent-timeDatabits Syntax Silent-time seconds no silent-time Syntax Parity none even odd no parity Parity Syntax Stopbits 1 SpeedStopbits Syntax Speed bps no speed Syntax Show line console vty DisconnectShow line Syntax Disconnect session-id General Commands Function Mode General CommandsEnable To show all lines, enter this command Level DisableDisable Enable password Enable Show history Configure End Reload Quit This command exits the configuration programThis example shows how to quit a CLI session Exit System Management Commands Device Designation CommandsPrompt Syntax Hostname name no hostname User Access CommandsUser Access Commands Function Mode Hostname 10 Default Login Settings Username Access-level Password Guest AdminUsername Enable password Default is level Default password is superEnable 4-20 authentication enable Management IP Filter Commands11 IP Filter Commands Function Mode Management Show management Web Server Commands Ip http portIp http server 13 Https System Support Web Browser Operating System Syntax No ip http secure-server Default SettingIp http secure-server Ip http port Ip http secure-server4-32 Ip http secure-portIp http secure-port4-33 Copy tftp https-certificate Portnumber The UDP port used for HTTPS/SSL. Range Telnet Server Commands Ip telnet portIp telnet server Sets the SSH server key size Copy tftp public-key Secure Shell Commands15 SSH Commands Function Mode Ip telnet port Command Line Interface Syntax No ip ssh server Default Setting Ip ssh serverIp ssh crypto host-key generate 4-40 show ssh Exec-timeout4-14 show ip ssh Ip ssh timeoutIp ssh authentication-retries Syntax Ip ssh timeout seconds no ip ssh timeout Ip ssh server-key size Delete public-keySyntax Delete public-key username dsa rsa Syntax Ip ssh crypto zeroize dsa rsa Ip ssh crypto host-key generateIp ssh crypto zeroize Syntax Ip ssh crypto host-key generate dsa rsa Ip ssh save host-key Show ip sshSyntax Ip ssh save host-key dsa rsa Show ssh 16 show ssh display descriptionTerminology Shows all public keys Show public-keySyntax Show public-key user username host Username Name of an SSH user. Range 1-8 characters Logging on Event Logging Commands17 Event Logging Commands Function Mode Syntax No logging on Default Setting Flash errors level 3 RAM warnings level 6 Logging history18 Logging Levels Hostipaddress The IP address of a syslog server Logging hostLogging facility Syntax No logging host hostipaddress Syntax Clear logging flash ram Logging trapClear logging Syntax Logging trap level no logging trap Show logging Syntax Show logging flash ram sendmail trap19 show logging flash/ram display description Show log Facility commandLogging trap command Syntax Show log flash ram login tail Following example shows sample messages stored in RAM Smtp Alert Commands21 Smtp Alert Commands Function Mode Logging sendmail host Syntax Logging sendmail level level Logging sendmail level This example will set the source email john@acme.com Logging sendmail source-emailLogging sendmail destination-email Syntax No logging sendmail source-email email-address Syntax No logging sendmail Default Setting Logging sendmailShow logging sendmail Sntp client Time Commands22 Time Commands Function Mode Syntax No sntp client Default Setting Ip IP address of an NTP time server. Range 1-3 addresses Sntp serverSntp server 4-55 sntp poll 4-56 show sntp Syntax Sntp server ip1 ip2 ip3 Sntp poll Show sntpSyntax Sntp poll seconds no sntp poll Sntp client 4-54 ntp poll 4-58 ntp server Syntax No ntp client Default SettingNtp client Ntp server Syntax Ntp poll seconds no ntp poll Ntp pollVersion number Ntp client 4-57 ntp poll 4-58 show ntp Ntp authentication-key4-59 Ntp authenticateNtp authentication-key Syntax No ntp authenticate Default Setting Show ntp Clock timezone Calendar set hour min sec day month year month day year This command displays the system clockCalendar set Show calendar System Status Commands Show startup-config23 System Status Commands Function Mode Show running-config4-65 Show running-config Show startup-config4-63 This command displays system information Show systemShow users Show version Syntax No jumbo frame Default Setting Frame Size Commands24 Frame Size Commands Jumbo frame Enables support for jumbo frames Flash/File Commands 25 Flash/File CommandsCommand Function Mode Copy Flash/File Commands Following example shows how to download a configuration file Delete filename Syntax Dir boot-rom config opcode filenameDelete Dir Column Heading Description WhichbootSyntax whichboot Default Setting 26 File Directory Information Boot system Syntax Boot system boot-romconfig opcode filenameDir 4-73 whichboot 27 Authentication Commands Command Group Function Authentication CommandsAuthentication Sequence Authentication login Username for setting the local user names and passwords Authentication enable Radius-server host 29 Radius Client Commands Function ModeShow radius-server Shows the current Radius settings Radius Client Radius-server key Radius-server port Radius-server retransmit Radius-server timeout 30 Tacacs Commands Function Mode TACACS+ ClientShow radius-server Syntax Tacacs-server port portnumber no tacacs-server port Tacacs-server hostTacacs-server port Tacacs-server key Syntax Tacacs-server key keystring no tacacs-server key Show tacacs-server Interface Configuration Ethernet Port Security Commands31 Port Security Commands Function Mode Status Disabled Action None Maximum Addresses 32 802.1X Port Authentication Command Function Mode 802.1X Port Authentication Syntax No system-auth-control Default Setting Dot1x defaultAcquire a new client Dot1x timeout re-authperiod Be re-authenticated Dot1x timeout tx-period Syntax Dot1x max-req count no dot1x max-req Default Command ModeDot1x max-req Dot1x port-control Interface Dot1x re-authenticateSyntax Dot1x re-authenticate interface Dot1x operation-mode Seconds The number of seconds. Range Dot1x re-authenticationDot1x timeout quiet-period Syntax No dot1x re-authentication Command Mode Dot1x timeout re-authperiod Dot1x timeout tx-periodShow dot1x Statistics Displays dot1x status for each port Syntax Show dot1x statistics interface interface Backend State Machine Authenticator State MachineReauthentication State Machine State Current state including initialize, reauthenticate Example Network Access Network-access mode33 Network Access Command Function Mode 1024 Network-access max-mac-count Syntax No network-access mac-filter filter-idmac-address Network-access mac-filter Filter-id- The number that identifies the filter. Range Network-access port-mac-filterNetwork-access dynamic-vlan Syntax No network-access dynamic-vlan Default Setting Mac-authentication reauth-time Following example enables dynamic Vlan assignment on port1800 Displays the settings for all interfaces Clear network-accessShow network-access Syntax Show network-access interface interface Displays all filters Show network-access mac-filterShow network-access mac-address-table Use this command to display MAC authentication filters 101 Access Control Lists Access Control List Commands Syntax No access-list ip standard extended aclname Access-list ip34 Access Control Lists Command Groups Function 35 IP ACLs Command Function Mode Permit, deny Ip access-group4-107 show ip access-list4-107 Syntax No permit deny any source bitmask host sourceStandard ACL No permit deny tcp Access-list ip Extended ACL Syntax No ip access-group aclname Show ip access-listIp access-group Syntax Show ip access-list standard extended aclname This command shows the ports assigned to IP ACLs Show ip access-groupMap access-list ip Show ip access-list4-107 36 Egress Queue Priority Mapping Example Show map access-list ipQueue cos-map4-201 Show map access-list ip Syntax Show map access-list ip interface MAC ACLs Access-list mac37 MAC ACLs Command Function Mode Syntax No access-list mac aclname Syntax No permit deny Permit, deny MAC ACL Syntax Mac access-group aclname Show mac access-listMac access-group Syntax Show mac access-list aclname This command shows the ports assigned to MAC ACLs Show mac access-groupMap access-list mac Show mac access-list4-112 38 Egress Queue Priority Mapping Show map access-list macQueue cos-map4-201 Show map access-list mac Syntax Show map access-list mac interface ACL Information Show access-listShow access-group 39 ACL Information Command Function Mode 40 Snmp Commands Function Mode Snmp Commands Syntax No snmp-server Default Setting Snmp-serverShow snmp Snmp-server community Syntax Snmp-server location text no snmp-server location Snmp-server contactSnmp-server location Syntax Snmp-server contact string no snmp-server contact Host Address None Notification Type Traps Snmp-server host Snmp Version UDP Port Snmp-server enable traps Snmp-server enable trapsIssue authentication and link-up-down traps Snmp-server engine-id This command shows the Snmp engine ID This example shows the default engine IDShow snmp engine-id This view includes MIB-2 Defaultview includes access to the entire MIB treeSnmp-server view Examples 42 show snmp view display description This command shows information on the Snmp viewsShow snmp view Snmp-server group Show snmp group 43 show snmp group display description Snmp-server user 129 This command shows information on Snmp users Show snmp user44 show snmp user display description Port-channel channel-idRange Interface Commands45 Interface Commands Function Mode Interface Description Speed-duplexSyntax Description string no description Syntax No negotiation Default Setting NegotiationNegotiation 4-133 capabilities Following example configures port 11 to use autonegotiation CapabilitiesCapabilities 4-134speed-duplex4-132 Syntax No flowcontrol Default Setting FlowcontrolNegotiation 4-133speed-duplex4-132 flowcontrol Shutdown Syntax No shutdown Default Setting Clear counters Switchport broadcast packet-rateThis command clears statistics on an interface Port-channel channel-idRange Default Setting Syntax Show interfaces status interface This command displays the status for an interfaceShow interfaces status Following example clears statistics on port Shows the counters for all interfaces This command displays interface statisticsShow interfaces counters Syntax Show interfaces counters interface Show interfaces switchport Syntax Show interfaces switchport interfaceShows all interfaces Interfaces Switchport Statistics Interface ethernet unit/port source port Mirror Port Commands47 Mirror Port Commands Function Mode Port monitor Syntax Show port monitor interface This command displays mirror informationFollowing shows mirroring configured from port 6 to port Show port monitor Fast Ethernet255 Gigabit Ethernet30 Rate Limit Commands48 Rate Limit Commands Function Mode Rate-limit Show rate-limit Global Configuration Ethernet, Port ChannelUse this command to display the rate limit granularity Rate-limit granularity 138 Link Aggregation Commands49 Link Aggregation Commands 151 Dynamically Creating a Port Channel Channel-groupGuidelines for Creating Trunks General Guidelines Syntax No lacp Default Setting LacpFollowing example creates trunk 1 and then adds port 32768 Lacp system-priority Lacp admin-keyEthernet Interface Interface Configuration Port Channel Lacp admin-key Port Channel This command displays Lacp information Lacp port-priorityShow lacp Badly formed PDU or an illegal value of Protocol Subtype Port Channel all50 show lacp counters display description Type 51 show lacp internal display description 52 show lacp neighbors display description Address Table Commands 54 Address Table Commands Function Mode53 show lacp sysid display description Action Mac-address-table staticMac-address- MAC address Vlan-id- Vlan ID Range Clear mac-address-table dynamic Show mac-address-tableMac-address- MAC address Mask Bits to match in the address Show mac-address-table aging-time Mac-address-table aging-time 55 Spanning Tree Commands Function Mode Spanning Tree Commands Spanning-tree Spanning-tree modeSyntax No spanning-tree Default Setting Spanning tree is enabled Spanning-tree forward-time Spanning-tree forward-time 4-162spanning-tree max-age Spanning-tree hello-time Spanning-tree max-age Spanning-tree prioritySpanning-tree forward-time 4-162spanning-tree hello-time Long method Spanning-tree pathcost method Count The transmission limit in seconds. Range Spanning-tree mst-configurationThis command limits the maximum transmission rate for BPDUs Spanning-tree transmission-limit MST Configuration Mst vlanNo mst instanceid vlan vlan-range Syntax Name name Mst priorityName Mst instanceid priority priority no mst instanceid priority Max-hopshop-number RevisionMax-hops Syntax Revision number Spanning-tree cost Spanning-tree spanning-disabledSyntax No spanning-tree spanning-disabled Default Setting This example disables the spanning tree algorithm for port Priority The priority for a port. Range 0-240, in steps Spanning-tree port-priority Spanning-tree edge-port Syntax No spanning-tree edge-port Default Setting Spanning-treeedge-port4-172 Syntax No spanning-tree portfast Default SettingSpanning-tree portfast Spanning-tree link-type Auto Spanning-tree mst cost Spanning-tree mst port-priority4-175 Spanning-tree mst port-priority Syntax Spanning-tree protocol-migration interface Port-channel channel-idRange Command ModeSpanning-tree protocol-migration Show spanning-tree 177 Show spanning-tree mst configuration Editing Vlan Groups Vlan Commands56 VLANs Command Groups Function 57 Editing Vlan Groups Command Function Mode Show vlan By default only Vlan 1 exists and is activeVlan Database Configuration Vlan Interface vlan Configuring Vlan Interfaces58 Configuring Vlan Interfaces Command Function Mode Interface vlan Switchport acceptable-frame-types4-182 Switchport modeSwitchport acceptable-frame-types All ports are in hybrid mode with the Pvid set to Vlan Syntax No switchport ingress-filtering Default Setting Switchport ingress-filtering Switchport native vlan Switchport allowed vlan Switchport forbidden vlan 59 Show Vlan Commands Function ModeDisplaying Vlan Information Shows all VLANs This command shows Vlan informationFollowing example shows how to display information for Vlan Show vlan 60 Private Vlan Commands Configuring Private VLANs Private-vlan Vlan Configuration No private-vlan primary-vlan-idassociation Private vlan association Secondary-vlan-id- ID of secondary VLAN. Range Switchport mode private-vlanSwitchport private-vlan host-association Normal Vlan Isolated-vlan-id- ID of isolated VLAN. Range Switchport private-vlan isolated Switchport private-vlan mapping Show vlan private-vlanSyntax Show vlan private-vlan community isolated primary Bridge-ext gvrp Gvrp and Bridge Extension Commands61 Gvrp and Bridge Extension Commands Function Mode Syntax No bridge-ext gvrp Default Setting Switchport gvrp Syntax No switchport gvrp Default SettingShow bridge-ext Syntax Show gvrp configuration interface Show gvrp configurationGarp timer This command shows if Gvrp is enabled Show garp timer Syntax Show garp timer interfaceShows all Garp timers 63 Priority Commands Layer Function Mode Priority CommandsPriority Commands Layer 62 Priority Commands Command Groups Function Queue mode Switchport priority defaultSyntax Queue mode strict wrr no queue mode Queue bandwidth Queue bandwidth weight1...weight4 no queue bandwidth Queue cos-mapqueueid cos1 ... cosn no queue cos-map Queue cos-map Show queue cos-map4-203 Show queue modeThis command shows the current queue mode Show queue bandwidth This command shows the class of service priority map Show queue cos-mapSyntax Show queue cos-map interface Priority Commands Layer 3 65 Priority Commands Layer 3 Function ModeSyntax No map ip port Default Setting Syntax No map ip precedence Default Setting Following example shows how to map Http traffic to CoS value 66 Mapping IP Precedence Values CoS Value Command Mode List below shows the default priority mapping Map ip dscp dscp-value cos cos-value no map ip dscp Syntax No map ip dscp Default Setting 10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40 Use this command to show the IP port priority mapShow map ip port 67 IP Dscp to CoS Vales IP Dscp Value CoS Value This command shows the IP precedence priority map Show map ip precedenceSyntax Show map ip precedence interface This command shows the IP Dscp priority map Show map ip dscpSyntax Show map ip dscp interface 69 Igmp Snooping Commands Function Mode Multicast Filtering CommandsIgmp Snooping Commands 68 Multicast Filtering Commands Command Groups Function Ip igmp snooping vlan static Syntax No ip igmp snooping Default SettingFollowing example enables Igmp snooping Ip igmp snooping Igmp Version Following configures the switch to use Igmp VersionIp igmp snooping version Ip igmp snooping immediate-leave Show mac-address-table multicast Show ip igmp snooping 215 Ip igmp snooping querier Igmp Query Commands Layer70 Igmp Query Commands Layer Function Mode Syntax No ip igmp snooping querier Default Setting Ip igmp snooping query-max-response-time4-218 Following shows how to configure the query count toIp igmp snooping query-interval Times Seconds The report delay advertised in Igmp queries. Range Ip igmp snooping query-max-response-timeIp igmp snooping router-port-expire-time Syntax No ip igmp snooping vlan vlan-idmrouter interface Static Multicast Routing Commands71 Static Multicast Routing Commands Function Mode Ip igmp snooping vlan mrouter Multicast router port types displayed include Static Displays multicast router ports for all configured VLANsShow ip igmp snooping mrouter Syntax Show ip igmp snooping mrouter vlan vlan-id 223 Igmp Filtering and Throttling Commands72 Igmp Filtering and Throttling Commands Function Mode Syntax No ip igmp filter Default Setting Syntax No ip igmp profile profile-number Syntax Permit deny Default SettingIp igmp profile Permit, deny Range No range low-ip-address high-ip-addressSyntax No ip igmp filter profile-number Syntax Ip igmp max-groups number No ip igmp max-groups Ip igmp max-groups Syntax Show ip igmp filter interface Ip igmp max-groups actionShow ip igmp filter Syntax Ip igmp max-groups action replace deny Syntax Show ip igmp throttle interface interface Show ip igmp profileShow ip igmp throttle interface Syntax Show ip igmp profile profile-number Multicast groups assigned to the MVR Vlan Multicast Vlan Registration Commands73 Multicast Vlan Registration Commands Function Mode 229 No mvr group ip-address count vlan vlan-id Command Line Interface Mvr Global Configuration Multicast Filtering Commands Mvr Interface Configuration Show mvr Syntax Show mvr interface interface members ip-addressUnit Stack unit. Range Port Port number. Range 75 show mvr interface display description Following shows the global MVR settings74 show mvr display description Are satisfied Domain Name Service Commands 77 DNS Commands Function Mode76 show mvr members display description Syntax Clear host name Ip hostClear host No ip host name address1 address2 … address8 Syntax Ip domain-name name no ip domain-name Ip domain-nameRemoves all entries This example clears all static entries from the DNS table Ip domain-list Syntax No ip domain-list nameIp domain-name4-234 Ip domain-name4-234 ip domain-lookup4-236 Ip name-serverIp domain-lookup Server-address1- IP address of domain-name server Ip domain-name4-234 ip name-server4-236 Show hosts Show dns Show dns cache78 show dns cache display description Clear dns cache This command clears all entries in the DNS cache Ip dhcp relay information option Dhcp Commands79 Dhcp Commands Function Mode Syntax No ip dhcp relay information option Default Setting Ip dhcp relay server address1 address2 address3 Ip dhcp relay information policyIp dhcp relay server Syntax Ip dhcp relay information policy drop keep replace Usage Guidelines Show ip dhcp-relay IP Interface Commands 80 IP Interface Commands Function ModeIp address No static route is established Ip default-gatewaySyntax Ip default-gateway gateway no ip default-gateway Gateway IP address of the default gateway Show ip interface Ip dhcp restart Ping Ip default-gateway4-244This command has no default for the host Show ip redirects 247 Cluster Switch Cluster Commands81 Switch Cluster Commands Function Mode Syntax No cluster Default Setting Syntax Cluster ip-pool ip-addressno cluster ip-pool Cluster commanderSyntax No cluster commander Default Setting Cluster ip-pool Cluster member RcommandSyntax Rcommand id member-id Member-id- The ID number of the Member switch. Range Show cluster members This command shows the switch clustering configurationThis command shows the current switch cluster members Show cluster Show cluster candidates Software Features Appendix a Software Specifications Management Features Groups 1, 2, 3, 9 Statistics, History, Alarm, EventStandards Management Information Bases Software Specifications Symptom Action Table B-1 Troubleshooting Chart Using System Logs Differentiated Services Code Point Service Dscp Access Control List ACLBoot Protocol Bootp Class of Service CoS Group Attribute Registration Protocol Garp Garp Vlan Registration Protocol GvrpGeneric Attribute Registration Protocol Garp Generic Multicast Registration Protocol Gmrp In-Band Management Igmp SnoopingIgmp Query Internet Group Management Protocol Igmp MD5 Message-Digest Algorithm Multicast SwitchingPort Authentication Remote Authentication Dial-in User Service Radius Simple Network Management Protocol Snmp Remote Monitoring RmonRapid Spanning Tree Protocol Rstp Secure Shell SSH User Datagram Protocol UDP Virtual LAN VlanXModem Numerics Index Garp Vlan Registration Protocol See Gateway, default 3-14,4-245 Index-3 Index-4 Page ES3526XA ES3552XA E122006-CS-R02D 149100005500H