Authenticator State Machine | Accton Technology ES3528M-SFP manual

		Authentication Commands
		Authentication Commands	4
-	Status	– Administrative state for port access control.
-	Operation Mode	– Dot1x port control operation mode (page 4-115).
-	Mode	– Dot1x port control mode (page 4-114).
-	Authorized	– Authorization status (yes or n/a - not authorized).

•802.1X Port Details – Displays the port access control parameters for each interface, including the following items:

-	reauth-enabled	– Periodic re-authentication (page 4-116).
-	reauth-period	– Time after which a connected client must be
		re-authenticated (page 4-117).
-	quiet-period	– Time a port waits after Max Request Count is
		exceeded before attempting to acquire a new
		client (page 4-116).
-	tx-period	– Time a port waits during authentication session
		before re-transmitting EAP packet (page 4-117).
-	supplicant-timeout	– Supplicant timeout.
-	server-timeout	– Server timeout.
-	reauth-max	– Maximum number of reauthentication attempts.
-	max-req	– Maximum number of times a port will retransmit
		an EAP request/identity packet to the client
		before it times out the authentication session
		(page 4-114).
-	Status	– Authorization status (authorized or not).
-	Operation Mode	– Shows if single or multiple hosts (clients) can
		connect to an 802.1X-authorized port.
-	Max Count	– The maximum number of hosts allowed to
		access this port (page 4-115).
-	Port-control	– Shows the dot1x mode on a port as auto,
		force-authorized, or force-unauthorized
		(page 4-114).
-	Supplicant	– MAC address of authorized client.
-	Current Identifier	– The integer (0-255) used by the Authenticator to
		identify the current authentication session.
-	Intrusion action	– Shows whether the switch will block all non-EAP
		traffic or assign traffic on the port to a guest
		VLAN if authentication fails.

•Authenticator State Machine

-	State	– Current state (including initialize, disconnected,
		connecting, authenticating, authenticated, aborting,
		held, force_authorized, force_unauthorized).
-	Reauth Count	– Number of times connecting state is re-entered.

•Backend State Machine

-	State	– Current state (including request, response,
		success, fail, timeout, idle, initialize).
-	Request Count	– Number of EAP Request packets sent to the
		Supplicant without receiving a response.

4-119

Page 415

Image 415

Accton Technology ES3528M-SFP manual Authenticator State Machine, Backend State Machine

Contents

Powered by Accton Page Fast Ethernet Switch ES3528M-SFP E122007-DG-R01 149100035500A About This Guide Installation GuidePage Contents Page Iii Page Contents Command Line Interface Vii Viii Contents Page Contents Xii Xiii Xiv Contents Xvi Appendix a Software Specifications Glossary Index Appendix B TroubleshootingXvii Xviii Xix TablesPage Xxi Xxii Xxiii Figures Xxiv Figures Xxv Xxvi Key Features Key FeaturesFeature Description Introduction Description of Software Features Description of Software Features Introduction Description of Software Features Password super System DefaultsSystem Defaults Function Parameter Default Client Enabled System Defaults Function Parameter NTP Clock Synchronization Disabled Configuration Options Connecting to the Switch Required Connections Initial Configuration Remote Connections Basic ConfigurationConsole Connection Setting an IP Address Setting PasswordsManual Configuration Dynamic Configuration Enabling Snmp Management Access 152 Trap Receivers154 160 Saving Configuration SettingsConfiguring Access for Snmp Version 3 Clients 159 Managing System Files Initial Configuration Using the Web Interface Configuring the Switch Home Navigating the Web Browser Interface Revert Apply Help Configuration Options ActionPanel Display Button Main Menu Description Main MenuSystem System Information TACACS+ Group Settings Radius Group SettingsHttps Settings Configures secure Http settings 116 107 155 149802.1Q Vlan 155 176 159Current Table 164 190 Port on this switch Remote Trunk InformationRemote Port Information 187 233 Static Multicast Router Port217 225 245 Configuration Enables Upnp and defines timeout values Field Attributes Displaying System Information Management Software Displaying Switch Hardware/Software VersionsCLI Specify the hostname, location and contact information Main Board Switch Information Web Click System, Switch Information Displaying Bridge Extension Capabilities Bridge Extension Configuration 239 Setting the Switch’s IP AddressCLI Enter the following command Command Attributes 309 166310 311 Using DHCP/BOOTP Managing Firmware Enabling Jumbo Frames Copy Firmware Downloading System Software from a Server 11 Deleting Files Saving or Restoring Configuration Settings 12 Downloading Configuration Settings for Startup Downloading Configuration Settings from a Server 13 Setting the Startup Configuration Settings Console Port Settings 14 Console Port Settings Telnet Settings 15 Enabling Telnet Basic Configuration CLI This example shows the event message stored in RAM Configuring Event LoggingSystem Log Configuration Displaying Log Messages Logging Levels Error resource exhaustedLevel Severity Name Description Remote Log Configuration 18 Remote Logs Simple Mail Transfer Protocol 19 Enabling and Configuring Smtp 20 Resetting the System Resetting the System Setting the Time Manually Setting the System ClockConfiguring Sntp 21 Sntp Configuration Configuring NTP 22 NTP Client Configuration Setting the Time Zone Simple Network Management Protocol 23 Setting the System Clock User defined Setting Community Access StringsSNMPv3 Security Models and Levels Level Group Read View Write View Notify View Security Specifying Trap Managers and Trap Types Access Mode 156 Enabling Snmp Agent Status Setting the Local Engine ID Configuring SNMPv3 Management AccessWeb Click SNMP, Agent Status Specifying a Remote Engine ID Configuring SNMPv3 UsersWeb Click SNMP, SNMPv3, Engine ID Configuring the Switch 29 Configuring SNMPv3 Users Configuring Remote SNMPv3 Users 30 Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Supported Notification Messages ChangeTrap SwIpFilterRejectTrap 6.1.4.1.259.8.1.4.2.1.0.40 SwPowerStatus 6.1.4.1.259.8.1.4.2.1.0.1Rmon Events Private Traps 31 Configuring SNMPv3 Groups Setting SNMPv3 Views 32 Configuring SNMPv3 Views Configuring User Accounts User Authentication 33 Access Levels Command Usage Configuring Local/Remote Logon Authentication Tacacs Settings Radius Settings 34 Authentication Settings 101 100 Command Attributes Radius Settings Configuring Encryption KeysTACACS+ Settings AAA Authorization and Accounting 103 Configuring AAA Radius Group SettingsConfiguring AAA TACACS+ Group Settings 102 37 AAA TACACS+ Group Settings Configuring AAA Accounting 38 AAA Accounting Settings AAA Accounting 802.1X Port Settings AAA Accounting Update106 107 AAA Accounting Exec Command Privileges 108 41 AAA Accounting Exec Command Privileges AAA Accounting Statistics Summary AAA Accounting Exec SettingsAAA Accounting Summary AAA Accounting Summary 110 Web Click Security, AAA, Summary 44 AAA Authorization Settings Authorization Settings Authorization Summary Authorization Exec Settings109 Https System Support Web Browser Operating System Configuring Https 47 Https Settings Replacing the Default Secure-site Certificate Address server ip-address Configuring the Secure Shell Command Usage Authenticating SSH v2 Clients Authenticating SSH v1.5 Clients SSH server includes basic settings for authentication Configuring the SSH Server Generating the Host Key Pair Importing User Public Keys 50 SSH Host-Key Settings User Authentication 51 SSH User Public-Key Settings END SSH2 Public KEY Configuring Port Security 111 Configuring 802.1X Port Authentication Configuring the Switch CLI This example shows the default global setting for Displaying 802.1X Global SettingsConfiguring 802.1X Global Settings 802.1X protocol provides client authentication CLI This example enables 802.1X globally for the switch Configuring Port Settings for113 55 802.1X Port Configuration 116 114117 802.1X Statistics Displaying 802.1X StatisticsParameter Description CLI This example displays the 802.1X statistics for port Web Authentication 57 Web Authentication Configuration Configuring Web Authentication Configuring Web Authentication for Ports 137 Displaying Web Authentication Port Information Web Click Security, Web Authentication, Port Information Re-authenticating Web Authenticated Ports 136 Network Access MAC Address Authentication Mode Enables MAC authentication on a port. Default None Configuring the MAC Authentication Reauthentication TimeConfiguring MAC Authentication for Ports Web Click Security, Network Access, Configuration 62 Network Access Port Configuration CLI This example configures MAC authentication for port Configuring Port Link Detection Displaying Secure MAC Address Information 63 Network Access Port Link Detection Configuration 129 MAC AuthenticationConfiguring MAC authentication parameters for ports Port Indicates the port being configured 123 Access Control Lists Setting the ACL Name and Type Configuring Access Control Lists CLI This example creates a standard IP ACL named david Configuring a Standard IP ACL140 141 Configuring an Extended IP ACL 103 68 Configuring Extended IP ACLs Configuring a MAC ACL 146 Binding a Port to an Access Control List 143 Filtering IP Addresses for Management Access 108 71 Creating an IP Filter List CLI This example allows Snmp access for a specific client Displaying Connection Status Port ConfigurationField Attributes Web Current Status ConfigurationField Attributes CLI Basic Information CLI This example shows the connection status for Port Configuring Interface Connections173 170 167171 168 Creating Trunk Groups 74 Configuring Static Trunks Statically Configuring a Trunk 181 Enabling Lacp on Selected Ports 75 Lacp Trunk Configuration Dynamically Creating a Port Channel Configuring Lacp Parameters182 76 Lacp Port Configuration Field Description Displaying Lacp Port CountersYou can display statistics for Lacp protocol messages Lacp Port Counters CLI The following example displays Lacp counters 77 Lacp Port Counters Information Lacp Internal Configuration Information Displaying Lacp Settings and Status for the Local Side 78 Lacp Port Internal Information 79 Lacp Port Neighbors Information Displaying Lacp Settings and Status for the Remote Side Setting Broadcast Storm Thresholds 175 172 177 Configuring Port Mirroring Rate Limit Configuration Configuring Rate Limits179 Showing Port Statistics Etherlike Statistics 11 Port StatisticsRmon Statistics Formed Fragments Formed Oversize Frames 83 Port Statistics 174 Address Table SettingsSetting Static Addresses CLI This example shows statistics for port 190 Displaying the Address Table 191 85 Configuring a Dynamic Address Table 192 Spanning Tree Algorithm ConfigurationChanging the Aging Time CLI This example sets the aging time to 300 seconds Designated Root Port Bridge Displaying Global Settings 139 235 87 Displaying Spanning Tree Information Global settings apply to the entire switch Configuring Global SettingsBasic Configuration of Global Settings Configuration Settings for Rstp Root Device Configuration 88 Configuring Spanning Tree Configuration Settings for Mstp Displaying Interface Settings AD B 89 Displaying Spanning Tree Port Information CLI This example shows the STA attributes for port Configuring Interface Settings 148 CLI This example sets STA attributes for port Configuring Multiple Spanning Trees 225 223224 MST Instance ID Instance identifier to configure. Default Displaying Interface Settings for Mstp 92 Displaying Mstp Interface Settings Configuring Interface Settings for Mstp 154 Ieee 802.1Q VLANs Vlan ConfigurationCLI This example sets the Mstp attributes for port Assigning Ports to VLANs Port-based Vlan CLI This example enables Gvrp for the switch Enabling or Disabling Gvrp Global SettingForwarding Tagged/Untagged Frames Displaying Basic Vlan Information Command Attributes WebDisplaying Current VLANs 96 Displaying Current VLANs Command Attributes CLI 250 Creating VLANs 243 Adding Static Members to VLANs Vlan IndexCLI This example creates a new Vlan 242 163 248 Adding Static Members to VLANs Port Index Configuring Vlan Behavior for Interfaces 100 Configuring VLANs per Port Configuring Ieee 802.1Q Tunneling QinQ Tunneling Layer 2 Flow for Packets Coming into a Tunnel Access Port Layer 2 Flow for Packets Coming into a Tunnel Uplink Port Configuration Limitations for QinQ Enabling QinQ Tunneling on the SwitchGeneral Configuration Guidelines for QinQ 101 802.1Q Tunnel Status and Ethernet Type 253 CLI This example sets the switch to operate in QinQ modeAdding an Interface to a QinQ Tunnel 251 252 Private VLANs Displaying Current Private VLANs 103 Private Vlan Information Configuring Private VLANs Each community Vlan must be associated with a primary Vlan Associating VLANs256 106 Private Vlan Port Information Displaying Private Vlan Interface Information 259 Configuring Private Vlan Interfaces 258 Protocol Vlan Group ConfigurationProtocol VLANs 257 261 Protocol Vlan System Configuration 262 Setting Lldp Timing AttributesWeb Click VLAN, Protocol VLAN, System Configuration Link Layer Discovery Protocol 182 198 Configuring Lldp Interface Attributes195 197 184 111 Lldp Port Configuration Displaying Lldp Local Device Information 212 Displaying Lldp Remote Port Information 213 Displaying Lldp Remote Information Details 115 Lldp Device Statistics Displaying Device Statistics 116 Lldp Device Statistics Details Displaying Detailed Device Statistics Layer 2 Queue Settings Class of Service ConfigurationSetting the Default Priority for Interfaces 265 Port Priority ConfigurationCLI This example assigns a default priority of 5 to port Mapping CoS Values to Egress Queues Background 12 Mapping CoS Values to Egress Queues13 CoS Priority Levels Priority Level Traffic Type 267 Enabling CoS269 268 Selecting the Queue ModeSetting the Service Weight for Traffic Classes Web Click Priority, Traffic Classes Status Mapping Layer 3/4 Priorities to CoS Values Layer 3/4 Priority Settings Enabling IP Dscp Priority Switch allows you to enable or disable the IP Dscp priority 10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40 Mapping Dscp Priority14 Mapping Dscp Priority Values IP Dscp Value CoS Value 270 Quality of Service271 Class Map Configuring Quality of Service ParametersConfiguring a Class Map Class map is used for matching packets to a specified class Match Class Settings Class Configuration 274 273 Creating QoS Policies Policy ConfigurationPolicy Map Policy Options Policy Rule Settings Class Settings 125 Configuring Policy Maps 277 Attaching a Policy Map to Ingress Queues275 276 Configuring VoIP Traffic VoIP Traffic Configuration 281 Configuring VoIP Traffic Port282 128 VoIP Traffic Port Configuration 285 Configuring Telephony OUI283 284 129 Telephony OUI List Layer 2 Igmp Snooping and Query Multicast Filtering Configuring Igmp Snooping and Query Parameters 214 Enabling Igmp Immediate Leave 290 Displaying Interfaces Attached to a Multicast Router 132 Displaying Multicast Router Port Information Specifying Static Interfaces for a Multicast Router 133 Static Multicast Router Port Configuration Displaying Port Members of Multicast Services 134 IP Multicast Registration Table Assigning Ports to Multicast Services 291 Igmp Filtering and Throttling 136 Enabling Igmp Filtering and Throttling Enabling Igmp Filtering and Throttling 298 Configuring Igmp Filter Profiles302 Only one profile can be assigned to an interface Configuring Igmp Filtering and Throttling for Interfaces299 138 Igmp Filter and Throttling Port Configuration 303 Multicast Vlan Registration300 301 General Configuration Guidelines for MVR Configuring Global MVR Settings 304 Displaying MVR Interface Status 307 Displaying Port Members of Multicast Groups Web Click MVR, Group IP Information Configuring MVR Interface Status 142 MVR Port Configuration 305 Assigning Static Multicast Groups to Interfaces Dhcp Snooping Enables Dhcp snooping on the specified Vlan Dhcp Snooping ConfigurationDhcp Snooping Vlan Configuration Web Click Dhcp Snooping, Configuration 319 Dhcp Snooping Information Option ConfigurationWeb Click Dhcp Snooping, Vlan Configuration CLI This example first enables Dhcp Snooping for Vlan Web Click Dhcp Snooping, Information Option Configuration Dhcp Snooping Port Configuration322 320 Dhcp Snooping Binding Information324 IP Source Guard IP Source Guard Port Configuration 313 Static IP Source Guard Binding Configuration316 Dynamic IP Source Guard Binding Information Web Click IP Source Guard, Static Configuration Web Click IP Source Guard, Dynamic Information IP Clustering 152 Cluster Member Choice Cluster Configuration 325 Cluster Member ConfigurationWeb Click Cluster, Configuration Adds Candidate switches to the cluster as Members 328 Displays current cluster Member switch informationCluster Member Information Cluster Candidate Information 156 Cluster Candidate Information Web Click Cluster, Candidate Information UPnP 216 215217 Accessing the CLI Using the Command Line Interface Telnet Connection Keywords and Arguments Entering CommandsCommand Completion Getting Help on Commands Showing Commands Lldp Partial Keyword Lookup Negating the Effect of CommandsUsing Command History Understanding Command Modes Command Modes Exec Commands Vlan database Consoleconfig-vlan 242 Configuration CommandsConfiguration Modes Command Prompt Consoleconfig-if# 166 Consoleconfig#interface ethernet 1/5 Consoleconfig-if#exit Command Line Processing Command Line ProcessingKeystroke Function Command Groups Description Command Groups Line Commands Function Mode Line Commands Line Login No password is specified PasswordUsername 4-38 password Syntax Password 0 7 password no password Exec-timeout Timeout login response Syntax Exec-timeout seconds no exec-timeout Password-threshSyntax Password-thresh threshold no password-thresh Databits Silent-timeSyntax Silent-time seconds no silent-time Syntax Databits 7 8 no databits ParitySyntax Parity none even odd no parity Syntax Stopbits 1 SpeedStopbits Syntax Speed bps no speed Syntax Show line console vty DisconnectShow line Syntax Disconnect session-id Syntax Enable level General CommandsEnable General Commands Function Mode Level DisableDisable Enable password Enable Show history ConfigureEnd Syntax Reload in hour hours minute minutes Reload cancelSyntax Reload cancel Reload End Syntax Show reload Default SettingThis command returns to Privileged Exec mode Show reload Quit This command exits the configuration programThis example shows how to quit a CLI session Exit Device Designation Commands System Management CommandsPrompt Syntax Hostname name no hostname Banner Commands Function ModeBanner Hostname Syntax Banner configure Default Setting Banner configure Name The name of the company. Maximum length 32 characters Banner configure company Banner configure department Banner configure dc-power-info Banner configure equipment-info Banner configure ip-lan Banner configure equipment-location Lp-num- The LP number. Maximum length 32 characters Banner configure lp-number Banner configure mux Banner configure manager-infoSyntax Banner configure mux muxinfo No banner configure mux Banner configure note Syntax Show banner Default Setting This command displays all banner informationShow banner Username User Access Commands10 User Access Commands Function Mode 11 Default Login Settings Username Access-level Password Default is level Default password is super Enable password 12 IP Filter Commands Function Mode IP Filter CommandsManagement Show management Ip http port Web Server CommandsIp http server 14 Https System Support Web Browser Operating System Syntax No ip http secure-server Default SettingIp http secure-server Ip http port Ip http secure-server4-43 Ip http secure-portIp http secure-port4-44 Copy tftp https-certificate Portnumber The UDP port used for HTTPS. Range Ip telnet port Telnet Server CommandsIp telnet server Sets the SSH server key size Copy tftp public-key Secure Shell Commands16 SSH Commands Function Mode Ip telnet port System Management Commands Ip ssh server Syntax No ip ssh server Default SettingIp ssh crypto host-key generate 4-51 show ssh Exec-timeout4-15 show ip ssh Ip ssh timeoutIp ssh authentication-retries Syntax Ip ssh timeout seconds no ip ssh timeout Delete public-key Ip ssh server-key sizeSyntax Delete public-key username dsa rsa Syntax Ip ssh crypto zeroize dsa rsa Ip ssh crypto host-key generateIp ssh crypto zeroize Syntax Ip ssh crypto host-key generate dsa rsa Show ip ssh Ip ssh save host-keySyntax Ip ssh save host-key dsa rsa 17 show ssh display description Show sshTerminology Shows all public keys Show public-keySyntax Show public-key user username host Username Name of an SSH user. Range 1-8 characters Logging on Event Logging Commands18 Event Logging Commands Function Mode Syntax No logging on Default Setting Logging history Flash errors level 3 RAM warnings level 619 Logging Levels Hostipaddress The IP address of a syslog server Logging hostLogging facility Syntax No logging host hostipaddress Syntax Clear logging flash ram Logging trapClear logging Syntax Logging trap level no logging trap Syntax Show logging flash ram sendmail trap Show logging20 show logging flash/ram display description Show log Facility commandLogging trap command Syntax Show log flash ram login tail Following example shows sample messages stored in RAM Smtp Alert Commands22 Smtp Alert Commands Function Mode Logging sendmail host Syntax Logging sendmail level level Logging sendmail level This example will set the source email john@acme.com Logging sendmail source-emailLogging sendmail destination-email Syntax No logging sendmail source-email email-address Logging sendmail Syntax No logging sendmail Default SettingShow logging sendmail Sntp client Time Commands23 Time Commands Function Mode Syntax No sntp client Default Setting Sntp server 4-66 sntp poll 4-67 show sntp Sntp serverSyntax Sntp server ip1 ip2 ip3 Syntax Sntp poll seconds no sntp poll Sntp pollShow sntp Sntp client 4-65 sntp poll 4-67 show sntp Ntp client Syntax No ntp client Default SettingSntp client 4-65 ntp poll 4-70 ntp server Ntp client 4-68 ntp poll 4-70 show ntp Ntp serverSyntax Version number Syntax Ntp poll seconds no ntp poll Ntp authenticateSyntax No ntp authenticate Default Setting Ntp poll Ntp authentication-key4-71 Ntp authentication-key Clock timezone-predefined Show ntpGMT-Greenwich-Mean-Time-Dublin,Edinburgh,Lisbon,London Clock timezone No clock summer-time Clock summer-time date 235959, Sunday, Week 3 of March 60 min Clock summer-time predefinedAustralia 235959, Sunday, Week 5 of March 60 min Europe Clock summer-time recurring Calendar set hour min sec day month year month day year This command displays the system clockCalendar set Show calendar Show startup-config System Status Commands25 System Status Commands Function Mode Show running-config4-79 Show running-config Command Line Interface Show startup-config4-78 Show system This command displays system informationShow users Show version Syntax No jumbo frame Default Setting Frame Size Commands26 Frame Size Commands Function Mode Jumbo frame Enables support for jumbo frames Copy Flash/File Commands27 Flash/File Commands Function Mode Copy None Following example shows how to download a configuration file Dir Delete public-key4-50 This command deletes a file or imageDelete Delete unit filename Column Heading Description Syntax Dir unit boot-rom config opcode filenameDir 28 File Directory Information Syntax Boot system unit boot-romconfig opcode filename WhichbootBoot system Syntax whichboot unit 29 Authentication Commands Command Group Function Authentication CommandsAuthentication Sequence Dir 4-89 whichboot Username for setting the local user names and passwords Authentication loginLocal Enable password sets the password for changing command modes Authentication enable Show radius-server Shows the current Radius settings 31 Radius Client Commands Function ModeRadius Client Radius-server acct-port Default Setting Auth-portRetransmit Command Mode Radius-server host Radius-server key Radius-server auth-portSyntax Radius-server key keystring no radius-server key Radius-server retransmit Radius-server timeoutShow radius-server Tacacs-server host 32 Tacacs Commands Function ModeShow tacacs-server Shows the current TACACS+ settings 101 TACACS+ Client Syntax Tacacs-server port portnumber no tacacs-server port Default Setting PortTacacs-server port Tacacs-server key Tacacs-server retransmit Tacacs-server timeoutSyntax Tacacs-server key keystring no tacacs-server key Show tacacs-server Syntax No aaa group server radius tacacs+ group-name AAA Commands33 AAA Commands Function Mode Aaa group server No server index ip-address Server Group ConfigurationServer Aaa accounting dot1x Command Usage Example Accounting is not enabled No servers are specifiedAaa accounting exec Aaa accounting commands Minute Accounting exec Interface ConfigurationSyntax Accounting exec default list-nameno accounting exec Accounting dot1x Aaa authorization exec Accounting commands Authorization is not enabled No servers are specified Authorization exec Unit Stack unit. Range Port Port number. Range Show accountingInterface Ethernet unit/port Interface Configuration Ethernet Port Security Commands34 Port Security Commands Function Mode Status Disabled Action None Maximum Addresses 35 802.1X Port Authentication Command Function Mode 802.1X Port Authentication Syntax No dotx system-auth-control Default Setting Dot1x defaultAcquire a new client Dot1x timeout re-authperiod 117 Be re-authenticated Dot1x timeout tx-period Syntax Dot1x max-req count no dot1x max-req Default Command ModeDot1x max-req Dot1x port-control Single-host Dot1x re-authenticateSyntax Dot1x re-authenticate interface Dot1x operation-mode Seconds The number of seconds. Range Dot1x re-authenticationDot1x timeout quiet-period Syntax No dot1x re-authentication Command Mode Dot1x timeout tx-period Dot1x timeout re-authperiod Syntax Show dot1x statistics interface interface Dot1x intrusion-actionShow dot1x Block-traffic Backend State Machine Authenticator State Machine State Current state including initialize, reauthenticate Reauthentication State Machine Syntax No network-access mode mac-authentication Network-access mode36 Network Access Command Function Mode Max-mac-count Interface Mac-authentication Network-access max-mac-count 2048 Mac-authentication intrusion-actionMac-authentication max-mac-count Interface Config Syntax No network-access dynamic-vlan Default Setting Network-access dynamic-qosNetwork-access dynamic-vlan Syntax No network-access dynamic-qos Default Setting No network-access link-detection Network-access guest-vlanNetwork-access link-detection Following example enables dynamic Vlan assignment on port Network-access link-detection link-up Network-access link-detection link-down Mac-authentication reauth-time Network-access link-detection link-up-down1800 Unit This is unit Port Port number. Range Clear network-accessShow network-access Syntax Show network-access interface interface Displays the settings for all interfaces Show network-access mac-address-tableDisplays all filters Login-success-page-url Successful web authentication 37 Web Authentication Command Function Mode Web-auth login-fail-page-url Web-auth login-attemptsLogin attempts Web-auth login-success-page-url Web-auth login-page-urlSwitch-generated login Web-auth quiet-period Web-auth session-timeout No web-auth Web-auth system-auth-controlWeb-auth No web-auth system-auth-control Show web-auth This command displays global web authentication parametersShow web-auth interface Web-auth re-authenticate IP Web-auth re-authenticate Port Show web-auth summary Show web-auth summary 138 Access Control Lists Access Control List Commands38 Access Control Lists Command Groups Function IP ACLs Access-list ip39 IP ACLs Command Function Mode Syntax No access-list ip standard extended aclname Standard ACL Permit, deny Ip access-group4-143 show ip access-list4-143Access-list ip Syntax No permit deny any source bitmask host source Source-port sport end destination-port dport end Any destination address-bitmask host destinationExtended ACL Syntax No ip access-group aclname Show ip access-listIp access-group Syntax Show ip access-list standard extended aclname 40 MAC ACL Commands Function Mode Show ip access-groupShow ip access-list4-143 This command shows the ports assigned to IP ACLs Syntax No access-list mac aclname Access-list macAclname Name of the ACL. Maximum length 16 characters Permit, deny MAC ACL Permit, deny Mac access-group4-148 Show mac access-listThis command displays the rules for configured MAC ACLs Syntax Show mac access-list aclname Show mac access-list4-147 Mac access-groupShow mac access-group Syntax Mac access-group aclname ACL Information Show access-listShow access-group 41 ACL Information Command Function Mode 42 Snmp Commands Function Mode Snmp Commands Snmp-server Syntax No snmp-server Default SettingShow snmp Snmp-server community Syntax Snmp-server location text no snmp-server location Snmp-server contactSnmp-server location Syntax Snmp-server contact string no snmp-server contact Host Address None Notification Type Traps Snmp-server host Snmp Version UDP Port Snmp-server enable traps Snmp-server enable trapsIssue authentication and link-up-down traps Snmp-server engine-id This example shows the default engine ID This command shows the Snmp engine IDShow snmp engine-id This view includes MIB-2 Defaultview includes access to the entire MIB treeSnmp-server view Examples 44 show snmp view display description This command shows information on the Snmp viewsShow snmp view Snmp-server group Show snmp group 162 45 show snmp group display description Snmp-server user 164 Show snmp user This command shows information on Snmp users46 show snmp user display description Port-channel channel-idRange Interface Commands47 Interface Commands Function Mode Interface Speed-duplex DescriptionSyntax Description string no description Negotiation Syntax No negotiation Default SettingNegotiation 4-168 capabilities Capabilities Following example configures port 11 to use autonegotiationCapabilities 4-169speed-duplex4-167 Flowcontrol Syntax No flowcontrol Default SettingNegotiation 4-168speed-duplex4-167 flowcontrol Shutdown Syntax No shutdown Default Setting Syntax Clear counters interface Switchport packet-ratePort-channel channel-idRange Default Setting Clear counters Syntax Show interfaces status interface This command displays the status for an interfaceShow interfaces status Following example clears statistics on port Shows the counters for all interfaces This command displays interface statisticsShow interfaces counters Syntax Show interfaces counters interface Syntax Show interfaces switchport interface Show interfaces switchportShows all interfaces 48 Interfaces Switchport Statistics Interface ethernet unit/port source port Mirror Port Commands49 Mirror Port Commands Function Mode Port monitor Syntax Show port monitor interface This command displays mirror informationFollowing shows mirroring configured from port 6 to port Show port monitor Rate-limit Rate Limit Commands50 Rate Limit Commands Function Mode Rate-limit Configures the maximum input rate for a port 179 173 Link Aggregation Commands51 Link Aggregation Commands 185 Dynamically Creating a Port Channel Channel-groupGuidelines for Creating Trunks General Guidelines Lacp Syntax No lacp Default SettingFollowing example creates trunk 1 and then adds port 32768 Lacp system-priority Lacp admin-keyEthernet Interface Interface Configuration Port Channel Lacp admin-key Port Channel Lacp port-priority This command displays Lacp informationShow lacp LACPDUs Illegal Pkts Port Channel all52 show lacp counters display description Type 53 show lacp internal display description 55 show lacp sysid display description 54 show lacp neighbors display description Action Address Table Commands56 Address Table Commands Function Mode Mac-address-table static Show mac-address-table Clear mac-address-table dynamicMac-address- MAC address Mask Bits to match in the address Sort Sort by address, vlan or interface Mac-address-table aging-time 196 Lldp Commands57 Lldp Commands Function Mode Show mac-address-table aging-time Vlan ID Mac-phy Physical layer specifications Lldp dot3-tlv Holdtime multiplier TTL 4*30 = 120 seconds Syntax no lldp Default SettingLldp Lldp holdtime-multiplier Packets Lldp medFastStartCountLldp notification-interval Syntax Lldp medfaststartcount packets Lldp refresh-interval Syntax Lldp refresh-interval seconds no lldp refresh-delay Syntax Lldp tx-delay seconds no lldp tx-delay Lldp reinit-delayLldp tx-delay Syntax Lldp reinit-delay seconds no lldp reinit-delay Tx-rx Lldp admin-statusSyntax No lldp notification Default Setting Lldp notification Lldp mednotification Syntax No lldp mednotification Default Setting Lldp basic-tlv port-description Lldp basic-tlv management-ip-address Lldp basic-tlv system-capabilities Syntax No lldp basic-tlv port-description Default SettingLldp basic-tlv system-description Lldp dot1-tlv proto-ident Syntax No lldp basic-tlv system-description Default SettingSyntax No lldp basic-tlv system-name Default Setting Lldp basic-tlv system-name Lldp dot1-tlv pvid Syntax No lldp dot1-tlv proto-vid Default SettingNo lldp dot1-tlv proto-ident Lldp dot1-tlv proto-vid No lldp dot3-tlv link-agg Lldp dot1-tlv vlan-nameNo lldp dot1-tlv vlan-name Lldp dot3-tlv link-agg Syntax No lldp dot3-tlv max-frame Syntax No lldp dot3-tlv mac-phy Default SettingLldp dot3-tlv mac-phy Lldp dot3-tlv max-frame Syntax No lldp medtlv extpoe Syntax No lldp dot3-tlv poe Default SettingLldp dot3-tlv poe Lldp medtlv extpoe No lldp medtlv location Lldp medtlv inventoryNo lldp medtlv inventory Lldp medtlv location No lldp medtlv network-policy Lldp medtlv med-capNo lldp medtlv med-cap Lldp medtlv network-policy Port-channel channel-idRange Command Mode Show lldp configSyntax Show lldp config detail interface Detail Shows configuration summary 211 Syntax Show lldp info local-device detail interface Show lldp info local-deviceDetail Shows detailed information Syntax Show lldp info statistics detail interface Show lldp info remote-deviceShow lldp info statistics Syntax Show lldp info remote-device detail interface 214 Upnp device UPnP CommandsUPnP Commands Function Mode Syntax No upnp device Default Setting Following example, the TTL is set to Upnp device ttlUpnp device advertise duration Syntax Upnp device ttl value 58 Spanning Tree Commands Function Mode Spanning Tree CommandsShow upnp Spanning tree is enabled Syntax No spanning-tree Default SettingSpanning-tree Rstp Spanning-tree mode Spanning-tree forward-time Spanning-tree max-age Spanning-tree hello-time Spanning-tree pathcost method Spanning-tree prioritySyntax Spanning-tree pathcost method long short Spanning-tree transmission-limit Spanning-tree mst-configurationNo spanning-tree pathcost method Mst vlan MST ConfigurationNo mst instanceid vlan vlan-range Syntax Name name Mst priorityName Mst instanceid priority priority no mst instanceid priority Number Revision number of the spanning tree. Range RevisionMax-hops Syntax Revision number Spanning-tree cost Spanning-tree spanning-disabledSyntax No spanning-tree spanning-disabled Default Setting This example disables the spanning tree algorithm for port Priority The priority for a port. Range 0-240, in steps Spanning-tree port-priority Spanning-tree edge-port Syntax No spanning-tree edge-port Default Setting Spanning-tree portfast Syntax No spanning-tree portfast Default SettingSpanning-treeedge-port4-229 Spanning-tree loopback-detection Spanning-tree link-typeAuto Spanning-tree loopback-detection release-mode Spanning-tree mst cost Spanning-tree loopback-detection trap Spanning-tree mst port-priority4-234 Spanning-tree mst port-priority Syntax Show spanning-tree interface mst instanceid Spanning-tree protocol-migrationShow spanning-tree Syntax Spanning-tree protocol-migration interface Mstp Show spanning-tree mst configuration 60 Gvrp and Bridge Extension Commands Function Mode Vlan CommandsGvrp and Bridge Extension Commands 59 VLANs Command Groups Function Bridge-ext gvrp Syntax No bridge-ext gvrp Default SettingShow bridge-ext Syntax Show gvrp configuration interface Switchport gvrpShow gvrp configuration Syntax No switchport gvrp Default Setting Show garp timer Garp timer Vlan database Syntax Show garp timer interface61 Editing Vlan Groups Command Function Mode Editing Vlan Groups Show vlan By default only Vlan 1 exists and is activeVlan Database Configuration Vlan Interface vlan Configuring Vlan Interfaces62 Configuring Vlan Interfaces Command Function Mode Interface vlan All ports are in hybrid mode with the Pvid set to Vlan Switchport modeSwitchport acceptable-frame-types4-246 All frame types Switchport acceptable-frame-typesSwitchport ingress-filtering Switchport mode Switchport native vlan Switchport allowed vlan No VLANs are included in the forbidden list Switchport forbidden vlan Displaying Vlan Information 63 Show Vlan Commands Function ModeShow vlan Syntax No dot1q-tunnel system-tunnel-control 64 Ieee 802.1Q Tunneling Commands Function ModeGeneral Configuration Guidelines for QinQ Dot1q-tunnel system-tunnel-control Show dot1q-tunnel4-253 Show interfaces switchport Switchport dot1q-tunnel mode 0x8100 Switchport dot1q-tunnel tpidThis command displays information about QinQ tunnel ports Show dot1q-tunnel Edit Private Vlan Groups Private-vlan Configuring Private VLANsSwitchport dot1q-tunnel mode 65 Private Vlan Commands Configure Private Vlan Interfaces 65 Private Vlan Commands Function ModeDisplay Private Vlan Information Private vlan association Private-vlan No private-vlan primary-vlan-idassociation Switchport mode private-vlanNormal Vlan Switchport private-vlan isolated Switchport private-vlan host-associationIsolated-vlan-id- ID of isolated VLAN. Range Show vlan private-vlan Switchport private-vlan mapping Syntax Show vlan private-vlan community isolated primary 66 Protocol-based Vlan Commands Function Mode Protocol-vlan protocol-group Configuring Groups No protocol groups are configured Protocol-vlan protocol-group Configuring VLANsNo protocol groups are mapped to any VLANs Show protocol-vlan protocol-group-vid Show protocol-vlan protocol-groupSyntax Show protocol-vlan protocol-group group-id 68 Priority Commands Layer Function Mode Priority CommandsPriority Commands Layer 67 Priority Commands Command Groups Function Switchport priority default Queue modeSyntax Queue mode strict wrr no queue mode Weights 1, 2, 4, 8 are assigned to queues 0-3 respectively Queue bandwidth weight1...weight4 no queue bandwidthQueue bandwidth Queue cos-map 69 Default CoS Values to Egress QueuesQueue cos-mapqueueid cos1 ... cosn no queue cos-map Show queue bandwidth Show queue modeFollowing example shows how to change the CoS assignments This command shows the current queue mode Show queue cos-map Priority Commands Layer 3This command shows the class of service priority map 70 Priority Commands Layer 3 Function Mode Map ip dscp dscp-value cos cos-value no map ip dscp Syntax No map ip dscp Default Setting71 IP Dscp to CoS Vales IP Dscp Value CoS Value Show map ip dscp This command shows the IP Dscp priority mapSyntax Show map ip dscp interface 72 Quality of Service Commands Function Mode Quality of Service Commands Syntax No class-map class-map-namematch-any Class-map Match Class Map ConfigurationShow class map No policy-mappolicy-map-name Policy-map Class Policy Map ConfigurationNo class class-map-name Syntax No police rate-kbpsburst-byteexceed-action drop set Policy Map Class ConfigurationSet Police Syntax No service-policy input policy-map-name Service-policyNo policy map is attached to an interface Show policy-mappolicy-map-name class class-map-name Show class-mapShow policy-map Syntax Show class-map class-map-name Syntax Show policy-map interface interface input Voice Vlan Commands73 Voice Vlan Commands Function Mode Show policy-map interface Voice vlan voice-vlan-id no voice vlan Voice vlan Minutes Voice vlan agingVoice vlan mac-address Syntax Voice vlan aging minutes no voice vlan Following example sets port 1 to Voice Vlan auto mode Switchport voice vlanFollowing example adds a MAC OUI to the OUI Telephony list OUI Enabled Lldp Disabled Switchport voice vlan ruleSwitchport voice vlan security Syntax No switchport voice vlan rule oui lldp Following example sets the CoS priority to 5 on port Switchport voice vlan priorityFollowing example enables security filtering on port Priority-value- The CoS priority value. Range Syntax Show voice vlan oui status Show voice vlan 75 Igmp Snooping Commands Function Mode Multicast Filtering CommandsIgmp Snooping Commands 74 Multicast Filtering Commands Command Groups Function Ip igmp snooping vlan static Syntax No ip igmp snooping Default SettingFollowing example enables Igmp snooping Ip igmp snooping Ip igmp snooping leave-proxy Following configures the switch to use Igmp VersionSyntax No ip igmp snooping leave-proxy Default Setting Ip igmp snooping version Syntax No ip igmp snooping immediate-leave vlan-id Interface Configuration VlanFollowing shows how to enable immediate leave Ip igmp snooping immediate-leave Show ip igmp snooping This command shows the Igmp snooping configurationFollowing shows the current Igmp snooping configuration This command shows known multicast addresses Ip igmp snooping querier Igmp Query Commands Layer76 Igmp Query Commands Layer Function Mode Syntax No ip igmp snooping querier Default Setting Times Following shows how to configure the query count toIp igmp snooping query-count Ip igmp snooping query-interval Ip igmp snooping query-max-response-time Seconds The report delay advertised in Igmp queries. Range 77 Static Multicast Routing Commands Function Mode Static Multicast Routing CommandsIp igmp snooping router-port-expire-time Syntax Show ip igmp snooping mrouter vlan vlan-id Ip igmp snooping vlan mrouterShow ip igmp snooping mrouter Syntax No ip igmp snooping vlan vlan-idmrouter interface 299 Igmp Filtering and Throttling Commands78 Igmp Filtering and Throttling Commands Function Mode Multicast router port types displayed include Static Profile-number- An Igmp filter profile number. Range Syntax No ip igmp filter Default SettingIp igmp profile Syntax No ip igmp profile profile-number No range low-ip-address high-ip-address Syntax Permit deny Default SettingPermit, deny Range Syntax No ip igmp filter profile-number Ip igmp max-groupsSyntax Ip igmp max-groups number no ip igmp max-groups Syntax Ip igmp max-groups action replace deny Ip igmp max-groups action Syntax Show ip igmp profile profile-number Show ip igmp filterShow ip igmp profile Syntax Show ip igmp filter interface interface Syntax Show ip igmp throttle interface interface Show ip igmp throttle interface Multicast groups assigned to the MVR Vlan Multicast Vlan Registration Commands79 Multicast Vlan Registration Commands Function Mode 305 Mvr Interface Configuration 306 80 show mvr display description Following shows the global MVR settingsShow mvr Syntax Show mvr interface interface members ip-address 82 show mvr members display description 81 show mvr interface display description 310 IP Interface Commands83 IP Interface Commands Function Mode Ip address Following example defines a default gateway for this device Ip default-gatewaySyntax Ip default-gateway gateway no ip default-gateway Gateway IP address of the default gateway Show ip interface This command submits a Bootp or Dhcp client requestThis command displays the settings of an IP interface Ip dhcp restart Ping Ip default-gateway4-310This command has no default for the host Show ip redirects Syntax Ip source-guard sip sip-macno ip source-guard IP Source Guard Commands84 IP Source Guard Commands Function Mode Ip source-guard 314 No ip source-guard binding mac-addressvlan vlan-id This example enables IP source guard on portNo configured entries Ip source-guard binding Ip source-guard4-313 ip dhcp snooping Ip dhcp snooping vlan This command shows the source guard binding tableShow ip source-guard Show ip source-guard binding Ip dhcp snooping Dhcp Snooping Commands85 Dhcp Snooping Commands Function Mode Syntax No ip dhcp snooping Default Setting 318 Ip dhcp snooping vlan 4-319 ip dhcp snooping trust This example enables Dhcp snooping globally for the switchThis example enables Dhcp snooping for Vlan Ip dhcp snooping vlan Ip dhcp snooping trust Syntax No ip dhcp snooping trust Default Setting Ip dhcp snooping verify mac-address This example enables MAC address verificationIp dhcp snooping information option Ip dhcp snooping information policy This example enables the Dhcp Snooping Information OptionReplace Ip dhcp snooping database flash This command shows the Dhcp snooping configuration settingsShow ip dhcp snooping Show ip dhcp snooping binding IP Cluster Commands86 Switch Cluster Commands Function Mode Syntax No cluster Default Setting Syntax No cluster commander Default Setting Cluster commander 10.254.254.1 Cluster ip-poolCluster member Syntax Cluster ip-pool ip-addressno cluster ip-pool This command shows the switch clustering configuration RcommandSyntax Rcommand id member-id Member-id- The ID number of the Member switch. Range Show cluster members This command shows the current switch cluster membersShow cluster candidates Software Features Appendix a Software Specifications Igmp RFC 1112 IGMPv2 RFC Management FeaturesGroups 1, 2, 3, 9 Statistics, History, Alarm, Event Standards Management Information Bases a Management Information Bases Software Specifications Symptom Action Table B-1 Troubleshooting Chart Using System Logs Differentiated Services Code Point Service Dscp Access Control List ACLBoot Protocol Bootp Class of Service CoS Group Attribute Registration Protocol Garp Garp Vlan Registration Protocol GvrpGeneric Attribute Registration Protocol Garp Generic Multicast Registration Protocol Gmrp In-Band Management Igmp SnoopingIgmp Query Internet Group Management Protocol Igmp Network Time Protocol NTP Multicast SwitchingPort Authentication Remote Authentication Dial-in User Service Radius Spanning Tree Algorithm STA Secure Shell SSHSimple Network Management Protocol Snmp Simple Network Time Protocol Sntp XModem Virtual LAN Vlan Numerics Index Index Link Layer Discovery Protocol See Index-4 Index-5 LLDP-MED TLV Type Length Value See alsoPage ES3528M-SFP E122007-DG-R01 149100035500A