User Authentication | Accton Technology 24/48-Port, ES4548D, ES4524D

Chapter 12: User Authentication

This chapter describes how to configure the switch to authenticate users logging into the system for management access using local or remote authentication methods.

The switch provides secure network management access using the following options:

•User Accounts – Manually configure management access rights for users.

•Authentication Settings – Use remote authentication to configure access rights.

•HTTPS Settings – Provide a secure web connection.

•SSH Settings – Provide a secure shell (for secure Telnet access).

•IP Filter – Filters management access to the web, SNMP or Telnet interface.

Configuring User Accounts

The guest only has read access for most configuration parameters. However, the administrator has write access for all parameters governing the onboard agent. You should therefore assign a new administrator password as soon as possible, and store it in a safe place.

The default guest name is “guest” with the password “guest.” The default administrator name is “admin” with the password “admin.”

Command Attributes

•Account List – Displays the current list of user accounts and associated access levels. (Defaults: admin, and guest)

•New Account – Displays configuration settings for a new account.

-User Name – The name of the user.

(Maximum length: 8 characters; maximum number of users: 16)

-Access Level – Specifies the user level. (Options: Normal and Privileged)

-Password – Specifies the user password. (Range: 0-8 characters plain text, case sensitive)

•Change Password – Sets a new password for the specified user.

12-1

Page 119

Image 119

Accton Technology 24/48-Port, ES4548D, ES4524D manual User Authentication, Configuring User Accounts

Contents

Powered by Accton Page ES4524D Gigabit Ethernet Switch ES4524D ES4548D F0.0.0.4 E112006-CS-R01 149100030400A Contents Setting the System Clock 10-1 Vii Access Control Lists 15-1 Viii Vlan Configuration 23-1 Multicast Filtering 28-1 File Management Commands 35-1 Smtp Alert Commands 38-1 Xii 802.1X Port Authentication 43-1 Xiii Access Control List Commands 44-1 Xiv Address Table Commands 50-1 Private Vlan Commands 53-1 Xvi Quality of Service Commands 56-1 Xvii IPv4 Interface Commands 59-1 Xviii Xix TablesPage Xxi Xxii Xxiii Figures Xxiv Figures IP Filter 12-14 Port Security 13-2 Xxv Figures Xxvi Section I Getting Started Getting Started Introduction Key FeaturesKey Features Feature Description Introduction Description of Software Features Description of Software Features Introduction Description of Software Features Password super System DefaultsSystem Defaults Function Parameter Default Snmp View defaultview System Log Status Enabled Messages Logged System Defaults Function ParameterTraffic Prioritization Ingress Port Priority Queue Mode Disabled Igmp Snooping Snooping Enabled Configuration Options Initial ConfigurationConnecting to the Switch Remote Connections Required Connections Console Connection Basic ConfigurationSetting Passwords Assigning an IPv4 Address Setting an IP Address 59-2 Assigning an IPv6 Address45-1 59-1 60-10 60-4 60-12 60-3 35-2 Obtaining an IPv4 Address59-3 59-4 60-2 Obtaining an IPv6 Address 60-6 Enabling Snmp Management Access 40-5 40-3 40-14 Managing System Files40-10 40-11 Saving Configuration Settings Initial Configuration Section II Switch Management Page Using the Web Interface Configuring the Switch Home Navigating the Web Browser Interface Action Web Page Configuration ButtonsPanel Display Apply Revert Help IPv6 Neighbor Switch Main Menu DescriptionMain Menu System System Information 12-13 11-112-8 15-1 17-1 Lacp 23-5 Class-of-service value23-1 Current Table 28-4 26-928-2 Query Multicast Router Field Attributes Basic System SettingsDisplaying System Information System Information Management Software Displaying Switch Hardware/Software VersionsCLI Specify the hostname, location and contact information Main Board 34-8 Switch Information Displaying Bridge Extension Capabilities Displaying Bridge Extension Configuration Command Attributes Configuring Support for Jumbo FramesCLI Enter the following command Command Usage CLI This example renumbers all units in the stack Resetting the SystemCLI Use the reload command to restart the switch Renumbering the Stack Basic System Settings Setting the Switch’s IP Address IP Version Setting an IP Address IPv4 Interface Configuration Manual Manual Configuration IPv4 Interface Configuration Dhcp Using DHCP/BOOTP Configuring an IPv6 Address Setting the Switch’s IP Address IP Version 6 IP Address Setting the Switch’s IP Address IP Version 6 Current Address Table IPv6 Interface Configuration 60-14 Configuring an IPv6 General Network Prefix60-13 Protocol Settings IPv6 General Prefix Configuration Current Neighbor Cache Table Adding Static Neighbors IPv6 Neighbor -- Add 60-26 60-22 Managing Firmware Managing System Files Copy Firmware Downloading System Software from a Server 35-7 Deleting Files Saving or Restoring Configuration Settings Downloading Configuration Settings for Start-Up Downloading Configuration Settings from a Server Console#copy tftp startup-config Console Port Settings 36-4 36-136-2 36-3 Telnet Settings Configuring the Telnet Interface Logging Levels Configuring Event LoggingSystem Log Configuration Error resource exhausted 37-5 Remote Log Configuration37-1 37-2 37-4 37-3 37-7 Displaying Log MessagesSending Simple Mail Transfer Protocol Alerts CLI This example shows the event message stored in RAM Enabling and Configuring Smtp Alerts 38-4 38-138-2 38-3 Configuring Sntp Setting the System Clock 39-2 Setting the Time Zone39-1 39-3 Snmp Overview Simple Network Management Protocol User defined Enabling the Snmp AgentSNMPv3 Security Models and Levels Level Group Read View Write View Notify View Security 40-2 Setting Community Access StringsCLI The following example enables Snmp on the switch Specifying Trap Managers and Trap Types 11-5 40-7 Configuring SNMPv3 Management Access 40-8 Setting a Local Engine IDSpecifying a Remote Engine ID CLI This example sets an SNMPv3 engine ID CLI This example specifies a remote SNMPv3 engine ID Configuring SNMPv3 Users Configuring SNMPv3 Users 40-15 Configuring Remote SNMPv3 Users Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Authenticated. While all implementations Topology Change Timer immediatelyAny of its configured ports transitions from That its configuration may have been altered Supported Notification Messages 40-13 Configuring SNMPv3 Groups Configuring SNMPv3 Views Setting SNMPv3 Views 11-17 Simple Network Management Protocol 11-18 Configuring User Accounts User Authentication 41-1 Configuring Local/Remote Logon Authentication TACACS+ server Radius SettingsGlobal Provides globally applicable Radius settings Web Telnet Authentication Server Settings Tacacs Settings Configuring Https Replacing the Default Secure-site Certificate Address server ip-address Copy Https Certificate Configuring the Secure Shell Authenticating SSH v1.5 Clients Generating the Host Key Pair Authenticating SSH v2 Clients 41-23 41-2041-21 SSH server includes basic settings for authentication Configuring the SSH Server 41-19 Filtering IP Addresses for Management Access41-17 41-18 41-25 41-24 Configuring Port Security 42-1 Port Security Configuring 802.1X Port Authentication Web Click Security, 802.1X, Information Displaying 802.1X Global Settings802.1X protocol provides port authentication CLI This example shows the default global setting for 43-1 Configuring 802.1X Global SettingsConfiguring Port Settings for CLI This example enables 802.1X globally for the switch Authorized 802.1X Port Configuration 43-5 43-243-4 Parameter Description Displaying 802.1X Statistics802.1X Statistics CLI This example displays the dot1x statistics for port 802.1X Port Statistics Configuring 802.1X Port Authentication 14-8 Overview Access Control ListsSetting an ACL Name and Type 44-2 Configuring a Standard IPv4 ACLCLI This example creates a standard IP ACL named bill ACL Configuration Standard IPv4 Configuring an Extended IPv4 ACL 15-4 44-3 ACL Configuration Extended IPv4 Configuring a MAC ACL 44-13 Configuring a Standard IPv6 ACL 44-8 Configuring an Extended IPv6 ACL 15-9 44-9 ACL Configuration Extended IPv6 44-15 Binding a Port to an Access Control ListThis switch supports ACLs for ingress filtering only 44-6 Access Control Lists 15-12 Field Attributes Web Port ConfigurationDisplaying Connection Status Current status ConfigurationField Attributes CLI Basic information 45-8 CLI This example shows the connection status for Port Configuring Interface Connections 45-4 45-245-6 45-3 Showing Port Statistics Rmon Statistics Port StatisticsEtherlike Statistics Fragments FormedOversize Frames 16-9 45-9 CLI This example shows statistics for port Creating Trunk Groups Static Trunk Configuration Statically Configuring a Trunk 46-2 Setting a Load-Balance Mode for Trunks Trunk Load Balance Mode 46-11 Enabling Lacp on Selected Ports46-3 46-4 Lacp Trunk Configuration Dynamically Creating a Port Channel Configuring Lacp Parameters Lacp Aggregation Port Lacp Port Counters Displaying Lacp Port CountersYou can display statistics for Lacp protocol messages Badly formed PDU or an illegal value of Protocol Subtype Parameter Description Marker Unknown PktsType Marker Illegal Pkts Field Description Displaying Lacp Settings and Status for the Local SideLacp Internal Configuration Information Lacp Port Internal Information Lacp Neighbor Configuration Information Field Description Displaying Lacp Settings and Status for the Remote Side 17-14 Broadcast Storm Control Setting Broadcast Storm Thresholds 45-10 47-1 Configuring Port Mirroring 48-1 Mirror Port Configuration Command Attribute Configuring Rate Limits 49-1 Setting Static Addresses Address Table Settings 50-1 Displaying the Address Table 50-3 Dynamic Addresses 50-4 Changing the Aging TimeCLI This example sets the aging time to 400 seconds Spanning Tree Algorithm Configuration For this Region Region R Displaying Global Settings 22-4 STA Information Web Click Spanning Tree, STA, Information Global settings apply to the entire switch Configuring Global Settings Root Device Configuration Basic Configuration of Global Settings Configuration Settings for Mstp Configuration Settings for Rstp STA Global Configuration Displaying Interface Settings 22-11 STA Port Information 51-18 Configuring Interface SettingsCLI This example shows the STA attributes for port 22-14 CLI This example sets STA attributes for port Configuring Multiple Spanning Trees Mstp Vlan Configuration 51-8 Mstp Port Information Displaying Interface Settings for Mstp Configuring Interface Settings for Mstp 51-16 CLI This example sets the Mstp attributes for port Assigning Ports to VLANs Vlan Configuration 23-2 Forwarding Tagged/Untagged Frames Displaying Basic Vlan Information Enabling or Disabling Gvrp Global SettingCLI This example enables Gvrp for the switch Max support Vlan numbers 256 Max support Vlan ID 4093 Command Attributes WebDisplaying Current VLANs 52-17 Command Attributes CLICreating VLANs 52-6 Adding Static Members to VLANs Vlan IndexCLI This example creates a new Vlan 52-5 Vlan Static Table Adding Static Members 52-11 Adding Static Members to VLANs Port Index Configuring Vlan Behavior for Interfaces Vlan Port Configuration Configuring Ieee 802.1Q Tunneling QinQ Tunneling Layer 2 Flow for Packets Coming into a Tunnel Access Port Layer 2 Flow for Packets Coming into a Tunnel Uplink Port General Configuration Guidelines for QinQ Configuration Limitations for QinQ 52-16 Enabling QinQ Tunneling on the SwitchCLI This example sets the switch to operate in QinQ mode 52-14 Adding an Interface to a QinQ Tunnel 52-15 Tunnel Port Configuration 53-1 Configuring Private VLANsCLI This example enables private VLANs Enabling Private VLANs 53-2 Configuring Uplink and Downlink Ports Create a protocol group for one or more protocols Configuring Protocol-Based VLANsConfiguring Protocol Groups 54-1 Mapping Protocols to VLANs 54-2 Protocol Vlan Port Configuration Configuring Protocol-Based VLANs 25-4 Setting the Default Priority for Interfaces Class of Service ConfigurationLayer 2 Queue Settings 55-3 CLI This example assigns a default priority of 5 to port Priority Level Traffic Type Mapping CoS Values to Egress QueuesMapping CoS Values to Egress Queues CoS Priority Levels 55-6 Selecting the Queue Mode55-4 55-5 Setting the Service Weight for Traffic Classes55-2 Queue Scheduling 55-8 Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP Priority Mapping IP Precedence Priority Level Traffic Type Mapping IP Precedence 10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40 Mapping Dscp PriorityMapping Dscp Priority IP Dscp Value CoS Value 55-13 55-10 IP Port Priority Status Mapping IP Port Priority 55-11 Configuring Quality of Service Parameters Quality of Service Class map is used for matching packets to a specified class Configuring a Class MapClass Configuration Match Class Settings Configuring Class Maps 56-3 Creating QoS PoliciesPolicy Map 56-2 Policy Options Policy ConfigurationPolicy Rule Settings Class Settings Configuring Policy Maps 56-6 Attaching a Policy Map to Ingress Queues56-4 56-5 Quality of Service 27-8 Layer 2 Igmp Snooping and Query Multicast Filtering Configuring Igmp Snooping and Query Parameters 57-6 57-157-4 57-5 57-9 Displaying Interfaces Attached to a Multicast Router 57-8 Specifying Static Interfaces for a Multicast Router IP Multicast Registration Table Displaying Port Members of Multicast Services Igmp Member Port Table Assigning Ports to Multicast Services 28-8 Configuring General DNS Service Parameters Configuring Domain Name Service 58-7 58-358-4 58-5 Configuring Static DNS Host to Address Entries 58-6 58-1 DNS Cache Displaying the DNS Cache 29-6 Cluster Configuration Switch Clustering 61-1 Cluster Member ConfigurationWeb Click Cluster, Configuration Adds Candidate switches to the cluster as Members 61-3 Web Click Cluster, Member ConfigurationDisplays current cluster Member switch information Cluster Member Information 61-5 Cluster Candidate Information Section IIICommand Line Interface Page Telnet Connection Using the Command Line InterfaceAccessing the CLI 31-2 Keywords and Arguments Entering CommandsCommand Completion Getting Help on Commands Showing Commands Partial Keyword Lookup Negating the Effect of CommandsUsing Command History General Command Modes Understanding Command ModesExec Commands Configuration Commands Consoleconfig-if# 45-1 Configuration Command Modes Prompt Keystroke Function Command Line ProcessingKeystroke Commands Using the Command Line Interface 31-10 Command Group Index Description CLI Command Groups 57-1 Class of Service55-1 Enable General Commands Example DisableConfigure Related Commands Normal Exec, Privileged Exec Show history Syntax Prompt string no prompt PromptEnd Exit Quit This command exits the configuration programThis example shows how to quit a CLI session General Commands 33-6 Syntax Hostname name no hostname System Management CommandsSystem Management Commands Function Mode Hostname Reload Switch renumberSyntax Switch all renumber Default Setting Show ipv6 mtu Show startup-configSyntax No jumbo frame Default Setting Jumbo frame 34-4 Show running-config34-5 Show running-config Show startup-config34-3 Show users This command displays system informationShow system Show version 34-9 System Management Commands 34-10 Managing Firmware File Management CommandsSaving or Restoring Configuration Settings Flash/File Commands Function Mode Copy 35-3 Delete unit filename This command deletes a file or imageDelete Syntax Dir Delete public-key41-20 This command displays a list of files in flash memorySyntax Dir unit boot-rom config opcode filename Dir Column Heading Description WhichbootSyntax whichboot unit File Directory Information Dir 35-5 whichboot Boot systemSyntax Boot system unit boot-romconfig opcode filename File Management Commands 35-8 Syntax Line console vty Line CommandsLine Commands Function Mode Line Syntax Login local no login Login No password is specified PasswordUsername 41-1 password Syntax Password 0 7 password no password Syntax Exec-timeout seconds no exec-timeout Timeout login responseExec-timeout Default value is three attempts Password-threshCLI No timeout Telnet 10 minutes Syntax Password-thresh threshold no password-thresh Syntax Databits 7 8 no databits Silent-timeDatabits Syntax Silent-time seconds no silent-time Syntax Parity none even odd no parity Parity Syntax Stopbits 1 SpeedStopbits Syntax Speed bps no speed Syntax Show line console vty DisconnectShow line Syntax Disconnect session-id To show all lines, enter this command Logging on Event Logging CommandsEvent Logging Commands Function Mode Syntax No logging on Default Setting Logging history 37-2 logging trap 37-4 clear log Flash errors level 3 RAM warnings level 7Logging history Syntax No logging host hostipaddress Default Setting Command ModeLogging host Logging facility Syntax Logging trap level no logging trap Disabled Level 7Logging trap Syntax Show logging flash ram sendmail trap Clear logShow logging Syntax Clear log flash ram Show logging trap display description Logging facility commandShow logging flash/ram display description Following example shows the event message stored in RAM Show logSyntax Show log flash ram Event Logging Commands 37-8 38-4 Smtp Alert CommandsSmtp Alert Commands Function Mode Logging sendmail host Syntax Logging sendmail source-email email-address Logging sendmail levelLogging sendmail source-email Syntax Logging sendmail level level Syntax No logging sendmail destination-email email-address Syntax No logging sendmail Default SettingLogging sendmail destination-email Logging sendmail Show logging sendmail Sntp client Time CommandsTime Commands Function Mode Syntax No sntp client Default Setting Syntax Sntp server ip1 ip2 ip3 Sntp serverSntp server 39-2 sntp poll 39-3 show sntp Syntax Sntp poll seconds no sntp poll Sntp pollShow sntp Sntp client 39-1 sntp poll 39-3 show sntp Clock timezone Calendar set hour min sec day month year month day year This command displays the system clockCalendar set Show calendar Time Commands 39-6 Snmp Commands Function Mode Snmp Commands Show snmp Syntax No snmp-server Default SettingSnmp-server Snmp-server community Syntax Snmp-server location text no snmp-server location Snmp-server contactSnmp-server location Syntax Snmp-server contact string no snmp-server contact Host Address None Notification Type Traps Snmp-server host Snmp Version UDP Port Issue authentication and link-up-down traps Snmp-server enable trapsSnmp-server enable traps Snmp-server engine-id Show snmp engine-id This command shows the Snmp engine IDThis example shows the default engine ID This view includes MIB-2 Defaultview includes access to the entire MIB treeSnmp-server view Examples Show snmp view display description This command shows information on the Snmp viewsShow snmp view Snmp-server group 40-12 Field Description Groupname Name of an Snmp group Show snmp groupShow snmp group display description Snmp-server user Show snmp user This command shows information on Snmp users Show snmp user display description User Access Commands Function Mode User Authentication CommandsUser Account Commands Authentication Commands Command Group Function Guest Admin Enable passwordDefault Login Settings Username Access-level Password Authentication Sequence Commands Function Mode Authentication SequenceAuthentication login Local Authentication enableTacacs Use Tacacs server password Username for setting the local user names and passwords 41-8 Radius Client Commands Function ModeShow radius-server Shows the current Radius settings 41-8 Radius Client Radius-server port Default Setting Auth-portRetransmit Command Mode Radius-server host Syntax Radius-server key keystring no radius-server key Radius-server keyRadius-server retransmit Show radius-server Radius-server timeout Tacacs-server port TACACS+ Client Commands Function ModeTACACS+ Client Tacacs-server host Syntax Tacacs-server key keystring no tacacs-server key Tacacs-server keyShow tacacs-server Ip http server Web Server CommandsIp http port Ip http port Syntax No ip http secure-server Default SettingIp http secure-server Portnumber The UDP port used for HTTPS. Range Ip http secure-portIp http secure-port41-13copy tftp https-certificate Ip telnet server Telnet Server CommandsTelnet Server Commands Function Mode Sets the SSH server key size 41-19 Copy tftp public-key Secure Shell Commands10 Secure Shell Commands Function Mode Configuration Guidelines 41-16 Ip ssh server Syntax No ip ssh server Default Setting Ip ssh crypto host-key generate 41-20 show ssh Ip ssh timeoutSyntax Ip ssh timeout seconds no ip ssh timeout Exec-timeout36-4 show ip ssh Bits Ip ssh authentication-retriesIp ssh server-key size Key-size- The size of server key. Range 512-896 bits Syntax Ip ssh crypto host-key generate dsa rsa Delete public-keyIp ssh crypto host-key generate Syntax Delete public-key username dsa rsa Syntax Ip ssh save host-key dsa rsa Ip ssh crypto zeroizeIp ssh save host-key Syntax Ip ssh crypto zeroize dsa rsa Ip ssh crypto host-key generate This command displays the current SSH server connectionsShow ip ssh Show ssh Syntax Show public-key user username host Show public-keyTerminology 41-25 IP Filter Commands12 IP Filter Commands Function Mode Management Show management 41-26 Max-mac-count Port Security CommandsPort Security Commands Function Mode Port security Shutdown 45-6mac-address-table static Dot1x system-auth-control 802.1X Port Authentication802.1X Port Authentication Commands Function Mode Syntax No dot1x system-auth-control Default Setting Dot1x port-control Dot1x defaultDefault Command Mode Dot1x max-req Single-host Dot1x operation-modeForce-authorized Syntax No dot1x re-authentication Command Mode Dot1x re-authenticateDot1x re-authentication Syntax Dot1x re-authenticate interface Seconds The number of seconds. Range Dot1x timeout quiet-periodDot1x timeout re-authperiod Dot1x timeout re-authperiod43-5 Statistics Displays dot1x status for each port Interface Dot1x timeout tx-periodShow dot1x Syntax Show dot1x statistics interface interface Backend State Machine Authenticator State Machine State- Current state including initialize, reauthenticate Reauthentication State Machine IPv4 ACLs Access Control List CommandsAccess Control List Commands Command Groups Function IPv4 ACL Commands Function Mode Syntax No permit deny any source bitmask host source Access-list ipSyntax No access-list ip standard extended aclname Permit, deny Ip access-group44-6 show ip access-list44-5 No permit deny tcp Access-list ipStandard IPv4 ACL Extended IPv4 ACL Permit, deny Ip access-group44-6 Show ip access-listThis command displays the rules for configured IPv4 ACLs Syntax Show ip access-list standard extended aclname Show ip access-list44-5 Ip access-groupShow ip access-group Syntax No ip access-group aclname IPv6 ACLs Access-list ipv6IPv6 ACL Commands Function Mode Syntax No access-list ipv6 standard extended aclname New rules are appended to the end of the list Access-list ipv6Standard IPv6 ACL Extended IPv6 ACL Syntax No permit denyAny destination-ipv6-address/prefix-length Next-header next-header dscp dscp flow-label flow-label This command displays the rules for configured IPv6 ACLs Show ipv6 access-list Syntax No ipv6 access-group aclname Ipv6 access-groupShow ipv6 access-group MAC ACLs Access-list macMAC ACL Commands Function Mode Syntax No access-list mac aclname No permit deny tagged-802.3 Permit, deny MAC ACLNo permit deny tagged-eth2 No permit deny untagged-eth2 Syntax Show mac access-list aclname Show mac access-listThis command displays the rules for configured MAC ACLs Syntax Mac access-group aclname Mac access-groupShow mac access-group ACL Information Show access-listShow access-group ACL Information Commands Function Mode 44-17 Access Control List Commands 44-18 Port-channel channel-idRange Interface CommandsInterface Commands Function Mode Interface Syntax Description string no description DescriptionSpeed-duplex Negotiation 45-3 capabilities Syntax No negotiation Default SettingNegotiation Capabilities 45-4speed-duplex45-2 Following example configures port 11 to use autonegotiationCapabilities Negotiation 45-3speed-duplex45-2 flowcontrol Syntax No flowcontrol Default SettingFollowing example enables flow control on port Flowcontrol Shutdown Syntax Media-type mode no media-typeSyntax No shutdown Default Setting Media-type Syntax Clear counters interface Port-channel channel-idRange Default SettingClear counters Shows the status for all interfaces This command displays the status for an interfaceShow interfaces status Syntax Show interfaces status interface Shows the counters for all interfaces This command displays interface statisticsShow interfaces counters Syntax Show interfaces counters interface Show interfaces switchport display description Show interfaces switchportSyntax Show interfaces switchport interface Indicates tagged Indicates membership mode as Trunk or HybridIndicates the default priority for untagged frames Allowed Vlan Interface Commands 45-12 Guidelines for Creating Trunks Link Aggregation CommandsLink Aggregation Commands Syntax Channel-group channel-idno channel-group Channel-groupDynamically Creating a Port Channel Src-dst-ip Port channel load-balance Lacp Syntax No lacp Default Setting 32768 Lacp system-priority Lacp admin-keyEthernet Interface Interface Configuration Port Channel Lacp admin-key Port ChannelSyntax Lacp admin-key key no lacp admin-key Show lacp This command displays Lacp informationLacp port-priority LACPDUs Illegal Pkts Port Channel allShow lacp counters display description Type Show lacp neighbors display description Show lacp internal display description Show lacp sysid display description Show port-channel load-balance 46-12 Enabled for all ports Packet-rate limit 500 pps Broadcast Storm Control CommandsSwitchport broadcast packet-rate Broadcast Storm Control Commands Function Mode Broadcast Storm Control Commands 47-2 Port monitor Mirror Port CommandsMirror Port Commands Function Mode Interface Configuration Ethernet, destination port Syntax Show port monitor interface This command displays mirror informationFollowing shows mirroring configured from port 6 to port Show port monitor Gigabit Ethernet 1000 Mbps Rate Limit CommandsRate Limit Commands Function Mode Rate-limit Rate Limit Commands 49-2 Action Address Table CommandsAddress Table Commands Function Mode Mac-address-table static Clear mac-address-table dynamic Show ipv6 neighbors Show mac-address-tableMac-address- MAC address Mask Bits to match in the address Show mac-address-table aging-time Mac-address-table aging-time Spanning Tree Commands Function Mode Spanning Tree Commands Spanning-tree Spanning-tree modeSyntax No spanning-tree Default Setting Spanning tree is enabled Spanning-tree forward-time Spanning-tree forward-time Spanning-tree forward-time 51-3spanning-tree max-age Spanning-tree hello-time Spanning-tree forward-time 51-3spanning-tree hello-time Spanning-tree max-ageSpanning-tree priority Long method Spanning-tree pathcost method Count The transmission limit in seconds. Range Spanning-tree mst-configurationThis command limits the maximum transmission rate for BPDUs Spanning-tree transmission-limit No mst instanceid vlan vlan-range MST ConfigurationMst vlan Syntax Name name Mst priorityName Mst instanceid priority priority no mst instanceid priority Name RevisionSyntax Revision number Number Revision number of the spanning tree. Range Max-hops Spanning-tree spanning-disabledSyntax No spanning-tree spanning-disabled Default Setting This example disables the spanning tree algorithm for port Syntax Spanning-tree cost cost no spanning-tree cost Spanning-tree cost Priority The priority for a port. Range 0-240, in steps Syntax No spanning-tree edge-port Default SettingSpanning-tree port-priority Spanning-tree edge-port Spanning-tree portfast Syntax No spanning-tree portfast Default Setting Spanning-treeedge-port51-13 Spanning-tree link-type Spanning-tree mst port-priority51-17 Spanning-tree mst cost Syntax Spanning-tree protocol-migration interface Spanning-tree mst port-prioritySpanning-tree protocol-migration Syntax Show spanning-tree interface mst instanceid Show spanning-tree 51-19 Show spanning-tree mst configuration Gvrp and Bridge Extension Commands Function Mode Vlan CommandsGvrp and Bridge Extension Commands Vlan Commands Command Groups Function Show bridge-ext Syntax No bridge-ext gvrp Default SettingBridge-ext gvrp Syntax Show gvrp configuration interface Switchport gvrpShow gvrp configuration Syntax No switchport gvrp Default Setting Garp timer Editing Vlan Groups Show garp timerSyntax Show garp timer interface Commands for Editing Vlan Groups Function Mode Show vlan By default only Vlan 1 exists and is activeVlan Database Configuration Vlan Interface vlan Configuring Vlan InterfacesCommands for Configuring Vlan Interfaces Function Mode Interface vlan Switchport acceptable-frame-types52-9 Switchport modeSyntax Switchport mode hybrid trunk no switchport mode All ports are in hybrid mode with the Pvid set to Vlan Syntax No switchport ingress-filtering Default Setting Switchport acceptable-frame-typesSwitchport ingress-filtering Switchport mode Switchport native vlan Switchport allowed vlan No VLANs are included in the forbidden list Switchport forbidden vlan 52-14 Ieee 802.1Q Tunneling Commands Function ModeGeneral Configuration Guidelines for QinQ Dot1q-tunnel Show dot1q-tunnel52-16 Show interfaces switchport Syntax No dot1q-tunnel system-tunnel-control Default Setting 0x8100 Switchport dot1q-tunnel tpid Displaying Vlan Information Commands for Displaying Vlan Information Function Mode Syntax Show vlan id vlan-idname vlan-name This command shows Vlan informationFollowing example shows how to display information for Vlan Show vlan Vlan Commands 52-18 No private VLANs are defined Private Vlan CommandsPrivate Vlan Commands Function Mode Pvlan Show pvlan This command displays the configured private Vlan 54-4 Protocol-based Vlan CommandsProtocol-vlan protocol-group Configuring Groups Protocol-based Vlan Commands Function Mode No protocol groups are mapped for any interface Protocol-vlan protocol-group ConfiguringNo protocol groups are configured Group-id- Group identifier for a protocol group. Range This shows protocol group 1 configured for IP over EthernetShow protocol-vlan protocol-group Syntax Show protocol-vlan protocol-group group-id Mapping for all interfaces is displayed Show interfaces protocol-vlan protocol-group Priority Commands Layer Function Mode Class of Service CommandsPriority Commands Layer Priority Commands Command Groups Function Queue bandwidth 55-4 show queue mode Queue modeSyntax Queue mode strict wrr no queue mode Weighted Round Robin Switchport priority default Queue cos-mapqueueid cos1 ... cosn no queue cos-map Queue bandwidth weight1...weight4 no queue bandwidthQueue bandwidth Queue cos-map Show queue cos-map55-6 Show queue modeDefault CoS Priority Levels This command shows the current queue mode Syntax Show queue cos-map interface This command shows the class of service priority mapShow queue bandwidth Show queue cos-map Syntax No map ip port Default Setting Priority Commands Layer 3Priority Commands Layer 3 Function Mode Syntax No map ip precedence Default Setting Following example shows how to map Http traffic to CoS value List below shows the default priority mapping Map ip precedence Interface Configuration Map ip dscp dscp-value cos cos-value no map ip dscp Syntax No map ip dscp Default Setting Syntax Show map ip port interface This command shows the IP port priority mapShow map ip port Mapping IP Dscp to CoS Values IP Dscp Value Syntax Show map ip precedence interface This command shows the IP precedence priority mapShow map ip precedence Syntax Show map ip dscp interface This command shows the IP Dscp priority mapShow map ip dscp 55-14 Quality of Service Commands Function Mode Quality of Service Commands Show class map Class-mapSyntax No class-map class-map-namematch-any Match Class Map Configuration No class class-map-name Policy-mapClass No policy-mappolicy-map-name Set Policy Map Configuration Drop out-of-profile packets Policy Map Class ConfigurationPolice Syntax No police rate-kbpsburst-byteexceed-action drop set No policy map is attached to an interface Service-policySyntax No service-policy input policy-map-name Show policy-mappolicy-map-name class class-map-name Show class-mapShow policy-map Syntax Show class-map class-map-name Syntax Show policy-map interface interface input Port-channel channel-idRange Command ModeShow policy-map interface Quality of Service Commands 56-10 Ip igmp snooping Multicast Filtering CommandsIgmp Snooping Commands Igmp Version Ip igmp snooping vlan staticIp igmp snooping version Show mac-address-table multicast Show ip igmp snooping Ip igmp snooping querier Igmp Query CommandsIgmp Query Commands Function Mode Syntax No ip igmp snooping querier Default Setting Times Following shows how to configure the query count toIp igmp snooping query-count Ip igmp snooping query-interval Ip igmp snooping query-max-response-time Seconds The report delay advertised in Igmp queries. Range Ip igmp snooping router-port-expire-time Switch must use IGMPv2 for this command to take effect Ip igmp snooping vlan mrouter Static Multicast Routing CommandsStatic Multicast Routing Commands Function Mode No static multicast router ports are configured Show ip igmp snooping mrouter Displays multicast router ports for all configured VLANs Multicast Filtering Commands 57-10 No ip host name address1 address2 … address8 Domain Name Service CommandsDNS Commands Function Mode Ip host Syntax Clear host name This command deletes entries from the DNS tableClear host This example maps two address to a host name Ip domain-list58-3 ip name-server58-4 ip domain-lookup58-5 Ip domain-nameIp domain-list Syntax Ip domain-name name no ip domain-name Server-address1- IP address of domain-name server Ip name-serverIp domain-name58-3 Ip domain-name58-3 ip domain-lookup58-5 Syntax No ip domain-lookup Default SettingIp domain-lookup Ip domain-name58-3 ip name-server58-4 Show hosts Show dns cache display description Show dnsShow dns cache Clear dns cache This command clears all entries in the DNS cache Ip address IPv4 Interface CommandsIPv4 Configuration Commands Function Mode Ip dhcp restart 59-3 ipv6 address Ip default-gatewaySyntax Ip default-gateway gateway no ip default-gateway Gateway IP address of the default gateway Ip dhcp restart Following example defines a default gateway for this deviceShow ip redirects 59-4 ipv6 default-gateway60-12 This command submits an IPv4 Bootp or Dhcp client request Show ip redirects This command displays the settings of an IPv4 interfaceIp default-gateway59-2 Show ipv6 default-gateway60-12 Show ip interface Interface 45-1 ping ipv6 This command has no default for the hostPing Syntax Ping host count countsize size 59 IPv4 Interface Commands 59-6 IPv6 Configuration Commands IPv6 Interface Commands Ipv6 address link-local60-9 show ipv6 interface Ipv6 enableSyntax No ipv6 enable Default Setting IPv6 is disabled Show ipv6 general-prefix60-4 Ipv6 general-prefixNo general prefix is defined No IPv6 addresses are defined This command displays all configured IPv6 general prefixesShow ipv6 general-prefix Ipv6 address 60-5 Syntax No ipv6 address autoconfig Default Setting Ipv6 address autoconfig Ipv6 address Show ipv6 interface Ipv6 address eui-64 Ipv6 address autoconfig 60-6 show ipv6 interface Ipv6 address link-local Show ipv6 interface display description Field Ipv6 enable Show ipv6 interfaceShow ipv6 interface Maximum transmission unit for this interface Show ipv6 interface display descriptionFF022, and solicited nodes FF021FFXXXXXX as described below Appending those bits to the prefix Syntax Ipv6 default-gateway ipv6-addressno ipv6 address Ipv6 default-gatewayShow ipv6 default-gateway Syntax Ipv6 mtu size no ipv6 mtu Ipv6 mtu Show ipv6 mtu display description Show ipv6 mtuShow ipv6 traffic Following example shows the MTU cache for this device 60-15 Ipv6 rcvd Rcvd total Received in errorFormat errors Errors discovered in processing their IPv6 options, etc Ipv6 sent Show ipv6 traffic display description Prohibited messages received by the interface Checksum errorsIpv6 icmp input Input Input interface for the messages Ipv6 icmp output Clear ipv6 traffic Ping ipv6 Repeat 5 timeout 2 seconds Ipv6 neighbor Syntax Ipv6 nd dad attempts count no ipv6 nd dad attempts Ipv6 nd dad attemptsShow ipv6 neighbors 60-26mac-address-table static Ipv6 nd ns interval 60-25 show ipv6 neighbors Milliseconds is used for neighbor discovery operations Ipv6 nd ns interval Show ipv6 neighbors display description Field Description Show ipv6 neighborsSyntax Show ipv6 neighbors vlan vlan-id ipv6-address Show ipv6 neighbors display description Clear ipv6 neighbors 60 IPv6 Interface Commands 60-28 Cluster Switch Cluster CommandsSwitch Cluster Commands Function Mode Syntax No cluster Default Setting Syntax Cluster ip-pool ip-addressno cluster ip-pool Cluster commanderSyntax No cluster commander Default Setting Cluster ip-pool No Members Cluster member This command shows the switch clustering configuration RcommandSyntax Rcommand id member-id Member-id- The ID number of the Member switch. Range Show cluster candidates This command shows the current switch cluster membersShow cluster members Switch Cluster Commands 61-6 Section IVAppendices Appendices Software Features Appendix a Software Specifications Icmp RFC Igmp RFC Management FeaturesGroups 1, 2, 3, 9 Statistics, History, Alarm, Event Standards Management Information Bases a Management Information Bases Software Specifications Symptom Action Appendix B TroubleshootingProblems Accessing the Management Interface Table B-1 Troubleshooting Chart Using System Logs Glossary Access Control List ACL See Generic Attribute Registration Protocol Extended Universal Identifier EUI Defines frame extensions for Vlan tagging Ieee 802.1Q See Port Trunk IP Precedence See Ieee Port Mirroring TCP/IP protocol commonly used for software downloads Secure Shell SSH User Datagram Protocol UDP Glossary Glossary-8 Numerics Index Index-2 Index-3 Index-4 Page ES4524D ES4548D E112006-CS-R01 149100030400A