Radius Settings, Tacacs Settings | Accton Technology ES3528M-SFP

3 Configuring the Switch

Command Attributes

•Authentication – Select the authentication, or authentication sequence required:

-Local – User authentication is performed only locally by the switch.

-Radius – User authentication is performed using a RADIUS server only.

-TACACS – User authentication is performed using a TACACS+ server only.

-[authentication sequence] – User authentication is performed by up to three authentication methods in the indicated sequence.

•RADIUS Settings

-Global – Provides globally applicable RADIUS settings.

-ServerIndex – Specifies one of five RADIUS servers that may be configured. The switch attempts authentication using the listed sequence of servers. The process ends when a server either approves or denies access to a user.

-Server IP Address3 – Address of authentication server. (Default: 10.1.0.1)

-Authentication Port Number – Network (UDP) port of authentication server used for authentication messages. (Range: 1-65535; Default: 1812)

-Accounting Port Number – UDP port on authentication server used for accounting messages. (Range: 1-65535; Default: 1813)

-Number of Server Transmits – Number of times the switch tries to authenticate logon access via the authentication server. (Range: 1-30; Default: 2)

-Timeout for a reply – The number of seconds the switch waits for a reply from the RADIUS server before it resends the request. (Range: 1-65535; Default: 5)

•TACACS Settings

-Server IP Address4 – Address of the TACACS+ server. (Default: 10.11.12.13)

-Server Port Number – Network (TCP) port of TACACS+ server used for authentication messages. (Range: 1-65535; Default: 49)

-Number of Server Transmits – Number of times the switch tries to authenticate logon access via the authentication server. (Range: 1-30; Default: 2)

-Timeout for a reply – The number of seconds the switch waits for a reply from the RADIUS server before it resends the request. (Range: 1-540; Default: 5)

Note: The local switch user database has to be set up by manually entering user names and passwords using the Web or CLI. (See “Configuring User Accounts” on page 3-51or “username” on page 4-38)

3.A Server Index must be selected to display this item.

4.A Server Index must be selected to display this item.

3-54

Page 104

Image 104

Accton Technology ES3528M-SFP manual Radius Settings, Tacacs Settings

Contents

Powered by Accton Page Fast Ethernet Switch ES3528M-SFP E122007-DG-R01 149100035500A Installation Guide About This GuidePage Contents Page Iii Page Contents Command Line Interface Vii Viii Contents Page Contents Xii Xiii Xiv Contents Appendix a Software Specifications Xvi Xvii Appendix B TroubleshootingGlossary Index Xviii Tables XixPage Xxi Xxii Figures Xxiii Figures Xxiv Xxv Xxvi Feature Description Key FeaturesKey Features Description of Software Features Introduction Description of Software Features Introduction Description of Software Features System Defaults System DefaultsFunction Parameter Default Password super System Defaults Function Parameter Client Enabled Clock Synchronization Disabled NTP Connecting to the Switch Configuration Options Initial Configuration Required Connections Console Connection Basic ConfigurationRemote Connections Manual Configuration Setting PasswordsSetting an IP Address Dynamic Configuration Enabling Snmp Management Access 154 Trap Receivers152 Saving Configuration Settings Configuring Access for Snmp Version 3 Clients159 160 Managing System Files Initial Configuration Configuring the Switch Using the Web Interface Navigating the Web Browser Interface Home Configuration Options Action Panel DisplayButton Revert Apply Help System System Information Main MenuMain Menu Description Https Settings Configures secure Http settings Radius Group SettingsTACACS+ Group Settings 107 116 802.1Q Vlan 155 149155 159 Current Table164 176 Port on this switch Remote Trunk Information Remote Port Information187 190 Static Multicast Router Port 217225 233 245 Configuration Enables Upnp and defines timeout values Displaying System Information Field Attributes Displaying Switch Hardware/Software Versions CLI Specify the hostname, location and contact informationMain Board Management Software Web Click System, Switch Information Switch Information Bridge Extension Configuration Displaying Bridge Extension Capabilities Setting the Switch’s IP Address CLI Enter the following commandCommand Attributes 239 310 166309 Using DHCP/BOOTP 311 Enabling Jumbo Frames Managing Firmware Downloading System Software from a Server Copy Firmware Saving or Restoring Configuration Settings 11 Deleting Files Downloading Configuration Settings from a Server 12 Downloading Configuration Settings for Startup Console Port Settings 13 Setting the Startup Configuration Settings 14 Console Port Settings Telnet Settings 15 Enabling Telnet Basic Configuration Configuring Event Logging System Log ConfigurationDisplaying Log Messages CLI This example shows the event message stored in RAM Level Severity Name Description Error resource exhaustedLogging Levels Remote Log Configuration Simple Mail Transfer Protocol 18 Remote Logs 19 Enabling and Configuring Smtp Resetting the System 20 Resetting the System Configuring Sntp Setting the System ClockSetting the Time Manually Configuring NTP 21 Sntp Configuration 22 NTP Client Configuration Setting the Time Zone 23 Setting the System Clock Simple Network Management Protocol Setting Community Access Strings SNMPv3 Security Models and LevelsLevel Group Read View Write View Notify View Security User defined Access Mode Specifying Trap Managers and Trap Types Enabling Snmp Agent Status 156 Web Click SNMP, Agent Status Configuring SNMPv3 Management AccessSetting the Local Engine ID Web Click SNMP, SNMPv3, Engine ID Configuring SNMPv3 UsersSpecifying a Remote Engine ID Configuring the Switch Configuring Remote SNMPv3 Users 29 Configuring SNMPv3 Users Configuring SNMPv3 Groups 30 Configuring Remote SNMPv3 Users Supported Notification Messages SwPowerStatus 6.1.4.1.259.8.1.4.2.1.0.1 Rmon EventsPrivate Traps ChangeTrap SwIpFilterRejectTrap 6.1.4.1.259.8.1.4.2.1.0.40 Setting SNMPv3 Views 31 Configuring SNMPv3 Groups 32 Configuring SNMPv3 Views User Authentication Configuring User Accounts 33 Access Levels Configuring Local/Remote Logon Authentication Command Usage Radius Settings Tacacs Settings 34 Authentication Settings 100 101 TACACS+ Settings Configuring Encryption KeysCommand Attributes Radius Settings AAA Authorization and Accounting Configuring AAA Radius Group Settings Configuring AAA TACACS+ Group Settings102 103 Configuring AAA Accounting 37 AAA TACACS+ Group Settings 38 AAA Accounting Settings 106 AAA Accounting UpdateAAA Accounting 802.1X Port Settings AAA Accounting Exec Command Privileges 107 41 AAA Accounting Exec Command Privileges 108 AAA Accounting Exec Settings AAA Accounting SummaryAAA Accounting Summary AAA Accounting Statistics Summary Web Click Security, AAA, Summary 110 Authorization Settings 44 AAA Authorization Settings 109 Authorization Exec SettingsAuthorization Summary Configuring Https Https System Support Web Browser Operating System Replacing the Default Secure-site Certificate 47 Https Settings Configuring the Secure Shell Address server ip-address Command Usage Authenticating SSH v1.5 Clients Authenticating SSH v2 Clients Configuring the SSH Server SSH server includes basic settings for authentication Generating the Host Key Pair 50 SSH Host-Key Settings Importing User Public Keys User Authentication 51 SSH User Public-Key Settings END SSH2 Public KEY Configuring Port Security Configuring 802.1X Port Authentication 111 Configuring the Switch Displaying 802.1X Global Settings Configuring 802.1X Global Settings802.1X protocol provides client authentication CLI This example shows the default global setting for 113 Configuring Port Settings forCLI This example enables 802.1X globally for the switch 55 802.1X Port Configuration 117 114116 Parameter Description Displaying 802.1X Statistics802.1X Statistics Web Authentication CLI This example displays the 802.1X statistics for port Configuring Web Authentication 57 Web Authentication Configuration Configuring Web Authentication for Ports Displaying Web Authentication Port Information 137 Re-authenticating Web Authenticated Ports Web Click Security, Web Authentication, Port Information Network Access MAC Address Authentication 136 Configuring the MAC Authentication Reauthentication Time Configuring MAC Authentication for PortsWeb Click Security, Network Access, Configuration Mode Enables MAC authentication on a port. Default None 62 Network Access Port Configuration Configuring Port Link Detection CLI This example configures MAC authentication for port 63 Network Access Port Link Detection Configuration Displaying Secure MAC Address Information MAC Authentication Configuring MAC authentication parameters for portsPort Indicates the port being configured 129 Access Control Lists 123 Configuring Access Control Lists Setting the ACL Name and Type 140 Configuring a Standard IP ACLCLI This example creates a standard IP ACL named david Configuring an Extended IP ACL 141 103 68 Configuring Extended IP ACLs Configuring a MAC ACL Binding a Port to an Access Control List 146 Filtering IP Addresses for Management Access 143 108 CLI This example allows Snmp access for a specific client 71 Creating an IP Filter List Field Attributes Web Port ConfigurationDisplaying Connection Status Configuration Field Attributes CLIBasic Information Current Status 173 Configuring Interface ConnectionsCLI This example shows the connection status for Port 167 171168 170 Creating Trunk Groups Statically Configuring a Trunk 74 Configuring Static Trunks Enabling Lacp on Selected Ports 181 75 Lacp Trunk Configuration 182 Configuring Lacp ParametersDynamically Creating a Port Channel 76 Lacp Port Configuration Displaying Lacp Port Counters You can display statistics for Lacp protocol messagesLacp Port Counters Field Description 77 Lacp Port Counters Information CLI The following example displays Lacp counters Displaying Lacp Settings and Status for the Local Side Lacp Internal Configuration Information 78 Lacp Port Internal Information Displaying Lacp Settings and Status for the Remote Side 79 Lacp Port Neighbors Information Setting Broadcast Storm Thresholds 172 175 Configuring Port Mirroring 177 179 Configuring Rate LimitsRate Limit Configuration Showing Port Statistics Rmon Statistics 11 Port StatisticsEtherlike Statistics Formed Oversize Frames Formed Fragments 83 Port Statistics Address Table Settings Setting Static AddressesCLI This example shows statistics for port 174 Displaying the Address Table 190 85 Configuring a Dynamic Address Table 191 Spanning Tree Algorithm Configuration Changing the Aging TimeCLI This example sets the aging time to 300 seconds 192 Designated Root Port Bridge Displaying Global Settings 139 87 Displaying Spanning Tree Information 235 Basic Configuration of Global Settings Configuring Global SettingsGlobal settings apply to the entire switch Root Device Configuration Configuration Settings for Rstp Configuration Settings for Mstp 88 Configuring Spanning Tree Displaying Interface Settings AD B 89 Displaying Spanning Tree Port Information Configuring Interface Settings CLI This example shows the STA attributes for port 148 Configuring Multiple Spanning Trees CLI This example sets STA attributes for port 224 223225 Displaying Interface Settings for Mstp MST Instance ID Instance identifier to configure. Default 92 Displaying Mstp Interface Settings Configuring Interface Settings for Mstp 154 CLI This example sets the Mstp attributes for port Vlan ConfigurationIeee 802.1Q VLANs Assigning Ports to VLANs Port-based Vlan Forwarding Tagged/Untagged Frames Enabling or Disabling Gvrp Global SettingCLI This example enables Gvrp for the switch Displaying Current VLANs Command Attributes WebDisplaying Basic Vlan Information 96 Displaying Current VLANs Command Attributes CLI Creating VLANs 250 Adding Static Members to VLANs Vlan Index CLI This example creates a new Vlan242 243 163 Adding Static Members to VLANs Port Index 248 Configuring Vlan Behavior for Interfaces 100 Configuring VLANs per Port Configuring Ieee 802.1Q Tunneling Layer 2 Flow for Packets Coming into a Tunnel Access Port QinQ Tunneling Layer 2 Flow for Packets Coming into a Tunnel Uplink Port General Configuration Guidelines for QinQ Enabling QinQ Tunneling on the SwitchConfiguration Limitations for QinQ 101 802.1Q Tunnel Status and Ethernet Type CLI This example sets the switch to operate in QinQ mode Adding an Interface to a QinQ Tunnel251 253 Private VLANs 252 Displaying Current Private VLANs Configuring Private VLANs 103 Private Vlan Information 256 Associating VLANsEach community Vlan must be associated with a primary Vlan Displaying Private Vlan Interface Information 106 Private Vlan Port Information Configuring Private Vlan Interfaces 259 Protocol Vlan Group Configuration Protocol VLANs257 258 Protocol Vlan System Configuration 261 Setting Lldp Timing Attributes Web Click VLAN, Protocol VLAN, System ConfigurationLink Layer Discovery Protocol 262 182 Configuring Lldp Interface Attributes 195197 198 184 111 Lldp Port Configuration Displaying Lldp Local Device Information Displaying Lldp Remote Port Information 212 Displaying Lldp Remote Information Details 213 Displaying Device Statistics 115 Lldp Device Statistics Displaying Detailed Device Statistics 116 Lldp Device Statistics Details Setting the Default Priority for Interfaces Class of Service ConfigurationLayer 2 Queue Settings Port Priority Configuration CLI This example assigns a default priority of 5 to portMapping CoS Values to Egress Queues 265 12 Mapping CoS Values to Egress Queues 13 CoS Priority LevelsPriority Level Traffic Type Background 269 Enabling CoS267 Selecting the Queue Mode Setting the Service Weight for Traffic ClassesWeb Click Priority, Traffic Classes Status 268 Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values Switch allows you to enable or disable the IP Dscp priority Enabling IP Dscp Priority Mapping Dscp Priority 14 Mapping Dscp Priority ValuesIP Dscp Value CoS Value 10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40 271 Quality of Service270 Configuring Quality of Service Parameters Configuring a Class MapClass map is used for matching packets to a specified class Class Map Class Configuration Match Class Settings 273 274 Policy Map Policy ConfigurationCreating QoS Policies Policy Rule Settings Class Settings Policy Options 125 Configuring Policy Maps Attaching a Policy Map to Ingress Queues 275276 277 VoIP Traffic Configuration Configuring VoIP Traffic 282 Configuring VoIP Traffic Port281 128 VoIP Traffic Port Configuration Configuring Telephony OUI 283284 285 129 Telephony OUI List Multicast Filtering Layer 2 Igmp Snooping and Query Configuring Igmp Snooping and Query Parameters 214 Enabling Igmp Immediate Leave Displaying Interfaces Attached to a Multicast Router 290 Specifying Static Interfaces for a Multicast Router 132 Displaying Multicast Router Port Information Displaying Port Members of Multicast Services 133 Static Multicast Router Port Configuration Assigning Ports to Multicast Services 134 IP Multicast Registration Table Igmp Filtering and Throttling 291 Enabling Igmp Filtering and Throttling 136 Enabling Igmp Filtering and Throttling 302 Configuring Igmp Filter Profiles298 299 Configuring Igmp Filtering and Throttling for InterfacesOnly one profile can be assigned to an interface 138 Igmp Filter and Throttling Port Configuration Multicast Vlan Registration 300301 303 Configuring Global MVR Settings General Configuration Guidelines for MVR Displaying MVR Interface Status 304 Displaying Port Members of Multicast Groups 307 Configuring MVR Interface Status Web Click MVR, Group IP Information 142 MVR Port Configuration Assigning Static Multicast Groups to Interfaces 305 Dhcp Snooping Dhcp Snooping Configuration Dhcp Snooping Vlan ConfigurationWeb Click Dhcp Snooping, Configuration Enables Dhcp snooping on the specified Vlan Dhcp Snooping Information Option Configuration Web Click Dhcp Snooping, Vlan ConfigurationCLI This example first enables Dhcp Snooping for Vlan 319 322 Dhcp Snooping Port ConfigurationWeb Click Dhcp Snooping, Information Option Configuration 324 Dhcp Snooping Binding Information320 IP Source Guard Port Configuration IP Source Guard 316 Static IP Source Guard Binding Configuration313 Web Click IP Source Guard, Static Configuration Dynamic IP Source Guard Binding Information IP Clustering Web Click IP Source Guard, Dynamic Information Cluster Configuration 152 Cluster Member Choice Cluster Member Configuration Web Click Cluster, ConfigurationAdds Candidate switches to the cluster as Members 325 Displays current cluster Member switch information Cluster Member InformationCluster Candidate Information 328 Web Click Cluster, Candidate Information 156 Cluster Candidate Information UPnP 217 215216 Using the Command Line Interface Accessing the CLI Telnet Connection Entering Commands Command CompletionGetting Help on Commands Keywords and Arguments Showing Commands Lldp Negating the Effect of Commands Using Command HistoryUnderstanding Command Modes Partial Keyword Lookup Exec Commands Command Modes Configuration Commands Configuration Modes Command PromptConsoleconfig-if# 166 Vlan database Consoleconfig-vlan 242 Consoleconfig#interface ethernet 1/5 Consoleconfig-if#exit Keystroke Function Command Line ProcessingCommand Line Processing Command Groups Command Groups Description Line Commands Line Commands Function Mode Login Line Password Username 4-38 passwordSyntax Password 0 7 password no password No password is specified Timeout login response Exec-timeout Syntax Password-thresh threshold no password-thresh Password-threshSyntax Exec-timeout seconds no exec-timeout Syntax Silent-time seconds no silent-time Silent-timeDatabits Syntax Parity none even odd no parity ParitySyntax Databits 7 8 no databits Speed StopbitsSyntax Speed bps no speed Syntax Stopbits 1 Disconnect Show lineSyntax Disconnect session-id Syntax Show line console vty General Commands EnableGeneral Commands Function Mode Syntax Enable level Disable Disable Enable passwordEnable Level End ConfigureShow history Reload cancel Syntax Reload cancelReload Syntax Reload in hour hours minute minutes Syntax Show reload Default Setting This command returns to Privileged Exec modeShow reload End This command exits the configuration program This example shows how to quit a CLI sessionExit Quit Prompt System Management CommandsDevice Designation Commands Banner Commands Function Mode BannerHostname Syntax Hostname name no hostname Banner configure Syntax Banner configure Default Setting Banner configure company Name The name of the company. Maximum length 32 characters Banner configure dc-power-info Banner configure department Banner configure equipment-info Banner configure equipment-location Banner configure ip-lan Banner configure lp-number Lp-num- The LP number. Maximum length 32 characters Syntax Banner configure mux muxinfo Banner configure manager-infoBanner configure mux Banner configure note No banner configure mux Show banner This command displays all banner informationSyntax Show banner Default Setting User Access Commands 10 User Access Commands Function Mode11 Default Login Settings Username Access-level Password Username Enable password Default is level Default password is super Management IP Filter Commands12 IP Filter Commands Function Mode Show management Ip http server Web Server CommandsIp http port Syntax No ip http secure-server Default Setting Ip http secure-serverIp http port 14 Https System Support Web Browser Operating System Ip http secure-port Ip http secure-port4-44 Copy tftp https-certificatePortnumber The UDP port used for HTTPS. Range Ip http secure-server4-43 Ip telnet server Telnet Server CommandsIp telnet port Secure Shell Commands 16 SSH Commands Function ModeIp telnet port Sets the SSH server key size Copy tftp public-key System Management Commands Ip ssh crypto host-key generate 4-51 show ssh Syntax No ip ssh server Default SettingIp ssh server Ip ssh timeout Ip ssh authentication-retriesSyntax Ip ssh timeout seconds no ip ssh timeout Exec-timeout4-15 show ip ssh Syntax Delete public-key username dsa rsa Ip ssh server-key sizeDelete public-key Ip ssh crypto host-key generate Ip ssh crypto zeroizeSyntax Ip ssh crypto host-key generate dsa rsa Syntax Ip ssh crypto zeroize dsa rsa Syntax Ip ssh save host-key dsa rsa Ip ssh save host-keyShow ip ssh Terminology Show ssh17 show ssh display description Show public-key Syntax Show public-key user username hostUsername Name of an SSH user. Range 1-8 characters Shows all public keys Event Logging Commands 18 Event Logging Commands Function ModeSyntax No logging on Default Setting Logging on 19 Logging Levels Flash errors level 3 RAM warnings level 6Logging history Logging host Logging facilitySyntax No logging host hostipaddress Hostipaddress The IP address of a syslog server Logging trap Clear loggingSyntax Logging trap level no logging trap Syntax Clear logging flash ram 20 show logging flash/ram display description Show loggingSyntax Show logging flash ram sendmail trap Facility command Logging trap commandSyntax Show log flash ram login tail Show log Smtp Alert Commands 22 Smtp Alert Commands Function ModeLogging sendmail host Following example shows sample messages stored in RAM Logging sendmail level Syntax Logging sendmail level level Logging sendmail source-email Logging sendmail destination-emailSyntax No logging sendmail source-email email-address This example will set the source email john@acme.com Show logging sendmail Syntax No logging sendmail Default SettingLogging sendmail Time Commands 23 Time Commands Function ModeSyntax No sntp client Default Setting Sntp client Syntax Sntp server ip1 ip2 ip3 Sntp serverSntp server 4-66 sntp poll 4-67 show sntp Sntp poll Show sntpSntp client 4-65 sntp poll 4-67 show sntp Syntax Sntp poll seconds no sntp poll Sntp client 4-65 ntp poll 4-70 ntp server Syntax No ntp client Default SettingNtp client Ntp server SyntaxVersion number Ntp client 4-68 ntp poll 4-70 show ntp Ntp authenticate Syntax No ntp authenticate Default SettingNtp poll Syntax Ntp poll seconds no ntp poll Ntp authentication-key Ntp authentication-key4-71 GMT-Greenwich-Mean-Time-Dublin,Edinburgh,Lisbon,London Show ntpClock timezone-predefined Clock timezone Clock summer-time date No clock summer-time Clock summer-time predefined Australia235959, Sunday, Week 5 of March 60 min Europe 235959, Sunday, Week 3 of March 60 min Clock summer-time recurring This command displays the system clock Calendar setShow calendar Calendar set hour min sec day month year month day year 25 System Status Commands Function Mode System Status CommandsShow startup-config Show running-config Show running-config4-79 Command Line Interface Show startup-config4-78 Show users This command displays system informationShow system Show version Frame Size Commands 26 Frame Size Commands Function ModeJumbo frame Enables support for jumbo frames Syntax No jumbo frame Default Setting Flash/File Commands 27 Flash/File Commands Function ModeCopy Copy None Following example shows how to download a configuration file This command deletes a file or image DeleteDelete unit filename Dir Delete public-key4-50 Syntax Dir unit boot-rom config opcode filename Dir28 File Directory Information Column Heading Description Whichboot Boot systemSyntax whichboot unit Syntax Boot system unit boot-romconfig opcode filename Authentication Commands Authentication SequenceDir 4-89 whichboot 29 Authentication Commands Command Group Function Local Authentication loginUsername for setting the local user names and passwords Authentication enable Enable password sets the password for changing command modes Radius Client 31 Radius Client Commands Function ModeShow radius-server Shows the current Radius settings Default Setting Auth-port Retransmit Command ModeRadius-server host Radius-server acct-port Syntax Radius-server key keystring no radius-server key Radius-server auth-portRadius-server key Show radius-server Radius-server timeoutRadius-server retransmit 32 Tacacs Commands Function Mode Show tacacs-server Shows the current TACACS+ settings 101TACACS+ Client Tacacs-server host Default Setting Port Tacacs-server portTacacs-server key Syntax Tacacs-server port portnumber no tacacs-server port Syntax Tacacs-server key keystring no tacacs-server key Tacacs-server timeoutTacacs-server retransmit Show tacacs-server AAA Commands 33 AAA Commands Function ModeAaa group server Syntax No aaa group server radius tacacs+ group-name Server Group Configuration ServerAaa accounting dot1x No server index ip-address Aaa accounting exec Accounting is not enabled No servers are specifiedCommand Usage Example Aaa accounting commands Minute Interface Configuration Syntax Accounting exec default list-nameno accounting execAccounting dot1x Accounting exec Accounting commands Aaa authorization exec Authorization exec Authorization is not enabled No servers are specified Show accounting InterfaceEthernet unit/port Unit Stack unit. Range Port Port number. Range Port Security Commands 34 Port Security Commands Function ModeStatus Disabled Action None Maximum Addresses Interface Configuration Ethernet 802.1X Port Authentication 35 802.1X Port Authentication Command Function Mode Dot1x default Acquire a new client Dot1x timeout re-authperiod117 Be re-authenticated Dot1x timeout tx-period Syntax No dotx system-auth-control Default Setting Default Command Mode Dot1x max-reqDot1x port-control Syntax Dot1x max-req count no dot1x max-req Dot1x re-authenticate Syntax Dot1x re-authenticate interfaceDot1x operation-mode Single-host Dot1x re-authentication Dot1x timeout quiet-periodSyntax No dot1x re-authentication Command Mode Seconds The number of seconds. Range Dot1x timeout re-authperiod Dot1x timeout tx-period Dot1x intrusion-action Show dot1xBlock-traffic Syntax Show dot1x statistics interface interface Authenticator State Machine Backend State Machine Reauthentication State Machine State Current state including initialize, reauthenticate Network-access mode 36 Network Access Command Function ModeMax-mac-count Interface Mac-authentication Syntax No network-access mode mac-authentication Network-access max-mac-count Mac-authentication intrusion-action Mac-authentication max-mac-countInterface Config 2048 Network-access dynamic-qos Network-access dynamic-vlanSyntax No network-access dynamic-qos Default Setting Syntax No network-access dynamic-vlan Default Setting Network-access guest-vlan Network-access link-detectionFollowing example enables dynamic Vlan assignment on port No network-access link-detection Network-access link-detection link-down Network-access link-detection link-up 1800 Network-access link-detection link-up-downMac-authentication reauth-time Clear network-access Show network-accessSyntax Show network-access interface interface Unit This is unit Port Port number. Range Displays all filters Show network-access mac-address-tableDisplays the settings for all interfaces 37 Web Authentication Command Function Mode Login-success-page-url Successful web authentication Login attempts Web-auth login-attemptsWeb-auth login-fail-page-url Switch-generated login Web-auth login-page-urlWeb-auth login-success-page-url Web-auth session-timeout Web-auth quiet-period Web-auth system-auth-control Web-authNo web-auth system-auth-control No web-auth Show web-auth interface This command displays global web authentication parametersShow web-auth Web-auth re-authenticate Port Web-auth re-authenticate IP Show web-auth summary Show web-auth summary 138 38 Access Control Lists Command Groups Function Access Control List CommandsAccess Control Lists Access-list ip 39 IP ACLs Command Function ModeSyntax No access-list ip standard extended aclname IP ACLs Permit, deny Ip access-group4-143 show ip access-list4-143 Access-list ipSyntax No permit deny any source bitmask host source Standard ACL Extended ACL Any destination address-bitmask host destinationSource-port sport end destination-port dport end Show ip access-list Ip access-groupSyntax Show ip access-list standard extended aclname Syntax No ip access-group aclname Show ip access-group Show ip access-list4-143This command shows the ports assigned to IP ACLs 40 MAC ACL Commands Function Mode Aclname Name of the ACL. Maximum length 16 characters Access-list macSyntax No access-list mac aclname Permit, deny MAC ACL Show mac access-list This command displays the rules for configured MAC ACLsSyntax Show mac access-list aclname Permit, deny Mac access-group4-148 Mac access-group Show mac access-groupSyntax Mac access-group aclname Show mac access-list4-147 Show access-list Show access-group41 ACL Information Command Function Mode ACL Information Snmp Commands 42 Snmp Commands Function Mode Show snmp Syntax No snmp-server Default SettingSnmp-server Snmp-server community Snmp-server contact Snmp-server locationSyntax Snmp-server contact string no snmp-server contact Syntax Snmp-server location text no snmp-server location Snmp-server host Host Address None Notification Type Traps Snmp Version UDP Port Issue authentication and link-up-down traps Snmp-server enable trapsSnmp-server enable traps Snmp-server engine-id Show snmp engine-id This command shows the Snmp engine IDThis example shows the default engine ID Defaultview includes access to the entire MIB tree Snmp-server viewExamples This view includes MIB-2 This command shows information on the Snmp views Show snmp viewSnmp-server group 44 show snmp view display description Show snmp group 162 Snmp-server user 45 show snmp group display description 164 46 show snmp user display description This command shows information on Snmp usersShow snmp user Interface Commands 47 Interface Commands Function ModeInterface Port-channel channel-idRange Syntax Description string no description DescriptionSpeed-duplex Negotiation 4-168 capabilities Syntax No negotiation Default SettingNegotiation Capabilities 4-169speed-duplex4-167 Following example configures port 11 to use autonegotiationCapabilities Negotiation 4-168speed-duplex4-167 flowcontrol Syntax No flowcontrol Default SettingFlowcontrol Syntax No shutdown Default Setting Shutdown Switchport packet-rate Port-channel channel-idRange Default SettingClear counters Syntax Clear counters interface This command displays the status for an interface Show interfaces statusFollowing example clears statistics on port Syntax Show interfaces status interface This command displays interface statistics Show interfaces countersSyntax Show interfaces counters interface Shows the counters for all interfaces Shows all interfaces Show interfaces switchportSyntax Show interfaces switchport interface 48 Interfaces Switchport Statistics Mirror Port Commands 49 Mirror Port Commands Function ModePort monitor Interface ethernet unit/port source port This command displays mirror information Following shows mirroring configured from port 6 to portShow port monitor Syntax Show port monitor interface Rate Limit Commands 50 Rate Limit Commands Function ModeRate-limit Configures the maximum input rate for a port 179 Rate-limit Link Aggregation Commands 51 Link Aggregation Commands185 173 Channel-group Guidelines for Creating TrunksGeneral Guidelines Dynamically Creating a Port Channel Following example creates trunk 1 and then adds port Syntax No lacp Default SettingLacp Lacp system-priority 32768 Lacp admin-keyEthernet Interface Lacp admin-key Port Channel Interface Configuration Port Channel Show lacp This command displays Lacp informationLacp port-priority Port Channel all 52 show lacp counters display descriptionType LACPDUs Illegal Pkts 53 show lacp internal display description 54 show lacp neighbors display description 55 show lacp sysid display description Address Table Commands 56 Address Table Commands Function ModeMac-address-table static Action Mac-address- MAC address Mask Bits to match in the address Clear mac-address-table dynamicShow mac-address-table Mac-address-table aging-time Sort Sort by address, vlan or interface Lldp Commands 57 Lldp Commands Function ModeShow mac-address-table aging-time 196 Mac-phy Physical layer specifications Lldp dot3-tlv Vlan ID Syntax no lldp Default Setting LldpLldp holdtime-multiplier Holdtime multiplier TTL 4*30 = 120 seconds Lldp medFastStartCount Lldp notification-intervalSyntax Lldp medfaststartcount packets Packets Syntax Lldp refresh-interval seconds no lldp refresh-delay Lldp refresh-interval Lldp reinit-delay Lldp tx-delaySyntax Lldp reinit-delay seconds no lldp reinit-delay Syntax Lldp tx-delay seconds no lldp tx-delay Lldp admin-status Syntax No lldp notification Default SettingLldp notification Tx-rx Syntax No lldp mednotification Default Setting Lldp mednotification Lldp basic-tlv management-ip-address Lldp basic-tlv port-description Lldp basic-tlv system-description Syntax No lldp basic-tlv port-description Default SettingLldp basic-tlv system-capabilities Syntax No lldp basic-tlv system-description Default Setting Syntax No lldp basic-tlv system-name Default SettingLldp basic-tlv system-name Lldp dot1-tlv proto-ident Syntax No lldp dot1-tlv proto-vid Default Setting No lldp dot1-tlv proto-identLldp dot1-tlv proto-vid Lldp dot1-tlv pvid Lldp dot1-tlv vlan-name No lldp dot1-tlv vlan-nameLldp dot3-tlv link-agg No lldp dot3-tlv link-agg Syntax No lldp dot3-tlv mac-phy Default Setting Lldp dot3-tlv mac-phyLldp dot3-tlv max-frame Syntax No lldp dot3-tlv max-frame Syntax No lldp dot3-tlv poe Default Setting Lldp dot3-tlv poeLldp medtlv extpoe Syntax No lldp medtlv extpoe Lldp medtlv inventory No lldp medtlv inventoryLldp medtlv location No lldp medtlv location Lldp medtlv med-cap No lldp medtlv med-capLldp medtlv network-policy No lldp medtlv network-policy Show lldp config Syntax Show lldp config detail interfaceDetail Shows configuration summary Port-channel channel-idRange Command Mode 211 Detail Shows detailed information Show lldp info local-deviceSyntax Show lldp info local-device detail interface Show lldp info remote-device Show lldp info statisticsSyntax Show lldp info remote-device detail interface Syntax Show lldp info statistics detail interface 214 UPnP Commands UPnP Commands Function ModeSyntax No upnp device Default Setting Upnp device Upnp device ttl Upnp device advertise durationSyntax Upnp device ttl value Following example, the TTL is set to Show upnp Spanning Tree Commands58 Spanning Tree Commands Function Mode Spanning-tree Syntax No spanning-tree Default SettingSpanning tree is enabled Spanning-tree mode Rstp Spanning-tree forward-time Spanning-tree hello-time Spanning-tree max-age Syntax Spanning-tree pathcost method long short Spanning-tree prioritySpanning-tree pathcost method No spanning-tree pathcost method Spanning-tree mst-configurationSpanning-tree transmission-limit No mst instanceid vlan vlan-range MST ConfigurationMst vlan Mst priority NameMst instanceid priority priority no mst instanceid priority Syntax Name name Revision Max-hopsSyntax Revision number Number Revision number of the spanning tree. Range Spanning-tree spanning-disabled Syntax No spanning-tree spanning-disabled Default SettingThis example disables the spanning tree algorithm for port Spanning-tree cost Spanning-tree port-priority Priority The priority for a port. Range 0-240, in steps Syntax No spanning-tree edge-port Default Setting Spanning-tree edge-port Spanning-treeedge-port4-229 Syntax No spanning-tree portfast Default SettingSpanning-tree portfast Auto Spanning-tree link-typeSpanning-tree loopback-detection Spanning-tree loopback-detection release-mode Spanning-tree loopback-detection trap Spanning-tree mst cost Spanning-tree mst port-priority Spanning-tree mst port-priority4-234 Spanning-tree protocol-migration Show spanning-treeSyntax Spanning-tree protocol-migration interface Syntax Show spanning-tree interface mst instanceid Mstp Show spanning-tree mst configuration Vlan Commands Gvrp and Bridge Extension Commands59 VLANs Command Groups Function 60 Gvrp and Bridge Extension Commands Function Mode Show bridge-ext Syntax No bridge-ext gvrp Default SettingBridge-ext gvrp Switchport gvrp Show gvrp configurationSyntax No switchport gvrp Default Setting Syntax Show gvrp configuration interface Garp timer Show garp timer Syntax Show garp timer interface 61 Editing Vlan Groups Command Function ModeEditing Vlan Groups Vlan database By default only Vlan 1 exists and is active Vlan Database ConfigurationVlan Show vlan Configuring Vlan Interfaces 62 Configuring Vlan Interfaces Command Function ModeInterface vlan Interface vlan Switchport acceptable-frame-types4-246 Switchport modeAll ports are in hybrid mode with the Pvid set to Vlan Switchport acceptable-frame-types Switchport ingress-filteringSwitchport mode All frame types Switchport native vlan Switchport allowed vlan Switchport forbidden vlan No VLANs are included in the forbidden list Show vlan 63 Show Vlan Commands Function ModeDisplaying Vlan Information 64 Ieee 802.1Q Tunneling Commands Function Mode General Configuration Guidelines for QinQDot1q-tunnel system-tunnel-control Syntax No dot1q-tunnel system-tunnel-control Switchport dot1q-tunnel mode Show dot1q-tunnel4-253 Show interfaces switchport Switchport dot1q-tunnel tpid This command displays information about QinQ tunnel portsShow dot1q-tunnel 0x8100 Configuring Private VLANs Switchport dot1q-tunnel mode65 Private Vlan Commands Edit Private Vlan Groups Private-vlan Display Private Vlan Information 65 Private Vlan Commands Function ModeConfigure Private Vlan Interfaces Private-vlan Private vlan association Normal Vlan Switchport mode private-vlanNo private-vlan primary-vlan-idassociation Isolated-vlan-id- ID of isolated VLAN. Range Switchport private-vlan host-associationSwitchport private-vlan isolated Switchport private-vlan mapping Show vlan private-vlan Syntax Show vlan private-vlan community isolated primary Protocol-vlan protocol-group Configuring Groups 66 Protocol-based Vlan Commands Function Mode No protocol groups are mapped to any VLANs Protocol-vlan protocol-group Configuring VLANsNo protocol groups are configured Syntax Show protocol-vlan protocol-group group-id Show protocol-vlan protocol-groupShow protocol-vlan protocol-group-vid Priority Commands Priority Commands Layer67 Priority Commands Command Groups Function 68 Priority Commands Layer Function Mode Syntax Queue mode strict wrr no queue mode Queue modeSwitchport priority default Queue bandwidth Queue bandwidth weight1...weight4 no queue bandwidthWeights 1, 2, 4, 8 are assigned to queues 0-3 respectively Queue cos-mapqueueid cos1 ... cosn no queue cos-map 69 Default CoS Values to Egress QueuesQueue cos-map Show queue mode Following example shows how to change the CoS assignmentsThis command shows the current queue mode Show queue bandwidth Priority Commands Layer 3 This command shows the class of service priority map70 Priority Commands Layer 3 Function Mode Show queue cos-map 71 IP Dscp to CoS Vales IP Dscp Value CoS Value Syntax No map ip dscp Default SettingMap ip dscp dscp-value cos cos-value no map ip dscp Syntax Show map ip dscp interface This command shows the IP Dscp priority mapShow map ip dscp Quality of Service Commands 72 Quality of Service Commands Function Mode Class-map Syntax No class-map class-map-namematch-any Show class map Class Map ConfigurationMatch Policy-map No policy-mappolicy-map-name No class class-map-name Policy Map ConfigurationClass Policy Map Class Configuration SetPolice Syntax No police rate-kbpsburst-byteexceed-action drop set No policy map is attached to an interface Service-policySyntax No service-policy input policy-map-name Show class-map Show policy-mapSyntax Show class-map class-map-name Show policy-mappolicy-map-name class class-map-name Voice Vlan Commands 73 Voice Vlan Commands Function ModeShow policy-map interface Syntax Show policy-map interface interface input Voice vlan Voice vlan voice-vlan-id no voice vlan Voice vlan aging Voice vlan mac-addressSyntax Voice vlan aging minutes no voice vlan Minutes Following example adds a MAC OUI to the OUI Telephony list Switchport voice vlanFollowing example sets port 1 to Voice Vlan auto mode Switchport voice vlan rule Switchport voice vlan securitySyntax No switchport voice vlan rule oui lldp OUI Enabled Lldp Disabled Switchport voice vlan priority Following example enables security filtering on portPriority-value- The CoS priority value. Range Following example sets the CoS priority to 5 on port Show voice vlan Syntax Show voice vlan oui status Multicast Filtering Commands Igmp Snooping Commands74 Multicast Filtering Commands Command Groups Function 75 Igmp Snooping Commands Function Mode Syntax No ip igmp snooping Default Setting Following example enables Igmp snoopingIp igmp snooping Ip igmp snooping vlan static Following configures the switch to use Igmp Version Syntax No ip igmp snooping leave-proxy Default SettingIp igmp snooping version Ip igmp snooping leave-proxy Interface Configuration Vlan Following shows how to enable immediate leaveIp igmp snooping immediate-leave Syntax No ip igmp snooping immediate-leave vlan-id This command shows the Igmp snooping configuration Following shows the current Igmp snooping configurationThis command shows known multicast addresses Show ip igmp snooping Igmp Query Commands Layer 76 Igmp Query Commands Layer Function ModeSyntax No ip igmp snooping querier Default Setting Ip igmp snooping querier Following shows how to configure the query count to Ip igmp snooping query-countIp igmp snooping query-interval Times Seconds The report delay advertised in Igmp queries. Range Ip igmp snooping query-max-response-time Ip igmp snooping router-port-expire-time Static Multicast Routing Commands77 Static Multicast Routing Commands Function Mode Ip igmp snooping vlan mrouter Show ip igmp snooping mrouterSyntax No ip igmp snooping vlan vlan-idmrouter interface Syntax Show ip igmp snooping mrouter vlan vlan-id Igmp Filtering and Throttling Commands 78 Igmp Filtering and Throttling Commands Function ModeMulticast router port types displayed include Static 299 Syntax No ip igmp filter Default Setting Ip igmp profileSyntax No ip igmp profile profile-number Profile-number- An Igmp filter profile number. Range Syntax Permit deny Default Setting Permit, denyRange No range low-ip-address high-ip-address Syntax Ip igmp max-groups number no ip igmp max-groups Ip igmp max-groupsSyntax No ip igmp filter profile-number Ip igmp max-groups action Syntax Ip igmp max-groups action replace deny Show ip igmp filter Show ip igmp profileSyntax Show ip igmp filter interface interface Syntax Show ip igmp profile profile-number Show ip igmp throttle interface Syntax Show ip igmp throttle interface interface Multicast Vlan Registration Commands 79 Multicast Vlan Registration Commands Function Mode305 Multicast groups assigned to the MVR Vlan Mvr Interface Configuration 306 Following shows the global MVR settings Show mvrSyntax Show mvr interface interface members ip-address 80 show mvr display description 81 show mvr interface display description 82 show mvr members display description IP Interface Commands 83 IP Interface Commands Function ModeIp address 310 Ip default-gateway Syntax Ip default-gateway gateway no ip default-gatewayGateway IP address of the default gateway Following example defines a default gateway for this device This command submits a Bootp or Dhcp client request This command displays the settings of an IP interfaceIp dhcp restart Show ip interface Ip default-gateway4-310 This command has no default for the hostShow ip redirects Ping IP Source Guard Commands 84 IP Source Guard Commands Function ModeIp source-guard Syntax Ip source-guard sip sip-macno ip source-guard 314 This example enables IP source guard on port No configured entriesIp source-guard binding No ip source-guard binding mac-addressvlan vlan-id This command shows the source guard binding table Show ip source-guardShow ip source-guard binding Ip source-guard4-313 ip dhcp snooping Ip dhcp snooping vlan Dhcp Snooping Commands 85 Dhcp Snooping Commands Function ModeSyntax No ip dhcp snooping Default Setting Ip dhcp snooping 318 This example enables Dhcp snooping globally for the switch This example enables Dhcp snooping for VlanIp dhcp snooping vlan Ip dhcp snooping vlan 4-319 ip dhcp snooping trust Syntax No ip dhcp snooping trust Default Setting Ip dhcp snooping trust Ip dhcp snooping information option This example enables MAC address verificationIp dhcp snooping verify mac-address Replace This example enables the Dhcp Snooping Information OptionIp dhcp snooping information policy Show ip dhcp snooping This command shows the Dhcp snooping configuration settingsIp dhcp snooping database flash IP Cluster Commands 86 Switch Cluster Commands Function ModeSyntax No cluster Default Setting Show ip dhcp snooping binding Cluster commander Syntax No cluster commander Default Setting Cluster ip-pool Cluster memberSyntax Cluster ip-pool ip-addressno cluster ip-pool 10.254.254.1 Rcommand Syntax Rcommand id member-idMember-id- The ID number of the Member switch. Range This command shows the switch clustering configuration Show cluster candidates This command shows the current switch cluster membersShow cluster members Appendix a Software Specifications Software Features Management Features Groups 1, 2, 3, 9 Statistics, History, Alarm, EventStandards Igmp RFC 1112 IGMPv2 RFC Management Information Bases Management Information Bases a Software Specifications Table B-1 Troubleshooting Chart Symptom Action Using System Logs Access Control List ACL Boot Protocol BootpClass of Service CoS Differentiated Services Code Point Service Dscp Garp Vlan Registration Protocol Gvrp Generic Attribute Registration Protocol GarpGeneric Multicast Registration Protocol Gmrp Group Attribute Registration Protocol Garp Igmp Snooping Igmp QueryInternet Group Management Protocol Igmp In-Band Management Multicast Switching Port AuthenticationRemote Authentication Dial-in User Service Radius Network Time Protocol NTP Secure Shell SSH Simple Network Management Protocol SnmpSimple Network Time Protocol Sntp Spanning Tree Algorithm STA Virtual LAN Vlan XModem Index Numerics Index Link Layer Discovery Protocol See Index-4 Index-5 Type Length Value See also LLDP-MED TLVPage ES3528M-SFP E122007-DG-R01 149100035500A