Tacacs Settings | Accton Technology 24/48-Port, ES4548D, ES4524D

12 User Authentication

-ServerIndex – Specifies one of five RADIUS servers that may be configured. The switch attempts authentication using the listed sequence of servers. The process ends when a server either approves or denies access to a user.

-Server IP Address – Address of authentication server. (Default: 10.1.0.1)

-Server Port Number – Network (UDP) port of authentication server used for authentication messages. (Range: 1-65535; Default: 1812)

-Secret Text String – Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum length: 48 characters)

-Number of Server Transmits – Number of times the switch tries to authenticate logon access via the authentication server. (Range: 1-30; Default: 2)

-Timeout for a reply – The number of seconds the switch waits for a reply from the RADIUS server before it resends the request. (Range: 1-65535; Default: 5)

•TACACS Settings

-Server IP Address – Address of the TACACS+ server. (Default: 10.11.12.13)

-Server Port Number – Network (TCP) port of TACACS+ server used for authentication messages. (Range: 1-65535; Default: 49)

-Secret Text String – Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum length: 48 characters)

Note: The local switch user database has to be set up by manually entering user names and passwords using the CLI. (See “username” on page 41-1.)

Web – Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authentication sequence (i.e., one to three methods), fill in the parameters for RADIUS or TACACS+ authentication if selected, and click Apply.

Figure 12-2 Authentication Server Settings

12-4

Image 122

Accton Technology 24/48-Port, ES4548D, ES4524D manual Tacacs Settings, Authentication Server Settings

Contents

Powered by Accton Page ES4524D Gigabit Ethernet Switch ES4524D ES4548D F0.0.0.4 E112006-CS-R01 149100030400A Contents Setting the System Clock 10-1 Access Control Lists 15-1 Vii Vlan Configuration 23-1 Viii Multicast Filtering 28-1 File Management Commands 35-1 Smtp Alert Commands 38-1 802.1X Port Authentication 43-1 Xii Access Control List Commands 44-1 Xiii Address Table Commands 50-1 Xiv Private Vlan Commands 53-1 Quality of Service Commands 56-1 Xvi IPv4 Interface Commands 59-1 Xvii Xviii Tables XixPage Xxi Xxii Figures Xxiii Figures IP Filter 12-14 Port Security 13-2 Xxiv Figures Xxv Xxvi Section I Getting Started Getting Started Feature Description Key FeaturesKey Features Introduction Description of Software Features Introduction Description of Software Features Introduction Description of Software Features Function Parameter Default System DefaultsSystem Defaults Password super View defaultview Snmp Disabled Igmp Snooping Snooping Enabled System Defaults Function ParameterTraffic Prioritization Ingress Port Priority Queue Mode System Log Status Enabled Messages Logged Configuration Options Initial ConfigurationConnecting to the Switch Required Connections Remote Connections Console Connection Basic ConfigurationSetting Passwords Setting an IP Address Assigning an IPv4 Address 59-1 Assigning an IPv6 Address45-1 59-2 60-4 60-10 60-3 60-12 59-4 Obtaining an IPv4 Address59-3 35-2 Obtaining an IPv6 Address 60-2 Enabling Snmp Management Access 60-6 40-3 40-5 40-11 Managing System Files40-10 40-14 Saving Configuration Settings Initial Configuration Section II Switch Management Page Configuring the Switch Using the Web Interface Navigating the Web Browser Interface Home Apply Revert Help Web Page Configuration ButtonsPanel Display Action System System Information Switch Main Menu DescriptionMain Menu IPv6 Neighbor 15-1 11-112-8 12-13 Lacp 17-1 Current Table Class-of-service value23-1 23-5 Query Multicast Router 26-928-2 28-4 Field Attributes Basic System SettingsDisplaying System Information System Information Main Board Displaying Switch Hardware/Software VersionsCLI Specify the hostname, location and contact information Management Software Switch Information 34-8 Displaying Bridge Extension Configuration Displaying Bridge Extension Capabilities Command Usage Configuring Support for Jumbo FramesCLI Enter the following command Command Attributes Renumbering the Stack Resetting the SystemCLI Use the reload command to restart the switch CLI This example renumbers all units in the stack Basic System Settings Setting an IP Address Setting the Switch’s IP Address IP Version Manual Configuration IPv4 Interface Configuration Manual Using DHCP/BOOTP IPv4 Interface Configuration Dhcp Configuring an IPv6 Address Setting the Switch’s IP Address IP Version 6 IP Address Setting the Switch’s IP Address IP Version 6 Current Address Table IPv6 Interface Configuration 60-14 Configuring an IPv6 General Network Prefix60-13 IPv6 General Prefix Configuration Protocol Settings Current Neighbor Cache Table Adding Static Neighbors IPv6 Neighbor -- Add 60-22 60-26 Managing System Files Managing Firmware Downloading System Software from a Server Copy Firmware Deleting Files 35-7 Saving or Restoring Configuration Settings Downloading Configuration Settings from a Server Downloading Configuration Settings for Start-Up Console#copy tftp startup-config Console Port Settings 36-3 36-136-2 36-4 Telnet Settings Configuring the Telnet Interface Error resource exhausted Configuring Event LoggingSystem Log Configuration Logging Levels 37-2 Remote Log Configuration37-1 37-5 37-3 37-4 CLI This example shows the event message stored in RAM Displaying Log MessagesSending Simple Mail Transfer Protocol Alerts 37-7 Enabling and Configuring Smtp Alerts 38-3 38-138-2 38-4 Setting the System Clock Configuring Sntp 39-3 Setting the Time Zone39-1 39-2 Simple Network Management Protocol Snmp Overview Level Group Read View Write View Notify View Security Enabling the Snmp AgentSNMPv3 Security Models and Levels User defined 40-2 Setting Community Access StringsCLI The following example enables Snmp on the switch Specifying Trap Managers and Trap Types 11-5 Configuring SNMPv3 Management Access 40-7 CLI This example sets an SNMPv3 engine ID Setting a Local Engine IDSpecifying a Remote Engine ID 40-8 Configuring SNMPv3 Users CLI This example specifies a remote SNMPv3 engine ID Configuring SNMPv3 Users Configuring Remote SNMPv3 Users 40-15 Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups That its configuration may have been altered Topology Change Timer immediatelyAny of its configured ports transitions from Authenticated. While all implementations Supported Notification Messages Configuring SNMPv3 Groups 40-13 Setting SNMPv3 Views Configuring SNMPv3 Views 11-17 Simple Network Management Protocol 11-18 User Authentication Configuring User Accounts Configuring Local/Remote Logon Authentication 41-1 Web Telnet Radius SettingsGlobal Provides globally applicable Radius settings TACACS+ server Tacacs Settings Authentication Server Settings Configuring Https Replacing the Default Secure-site Certificate Copy Https Certificate Address server ip-address Configuring the Secure Shell Authenticating SSH v1.5 Clients Authenticating SSH v2 Clients Generating the Host Key Pair 41-23 41-2041-21 Configuring the SSH Server SSH server includes basic settings for authentication 41-18 Filtering IP Addresses for Management Access41-17 41-19 41-24 41-25 Configuring Port Security Port Security 42-1 Configuring 802.1X Port Authentication CLI This example shows the default global setting for Displaying 802.1X Global Settings802.1X protocol provides port authentication Web Click Security, 802.1X, Information CLI This example enables 802.1X globally for the switch Configuring 802.1X Global SettingsConfiguring Port Settings for 43-1 802.1X Port Configuration Authorized 43-5 43-243-4 Parameter Description Displaying 802.1X Statistics802.1X Statistics 802.1X Port Statistics CLI This example displays the dot1x statistics for port Configuring 802.1X Port Authentication 14-8 Overview Access Control ListsSetting an ACL Name and Type 44-2 Configuring a Standard IPv4 ACLCLI This example creates a standard IP ACL named bill Configuring an Extended IPv4 ACL ACL Configuration Standard IPv4 15-4 ACL Configuration Extended IPv4 44-3 Configuring a MAC ACL Configuring a Standard IPv6 ACL 44-13 Configuring an Extended IPv6 ACL 44-8 15-9 ACL Configuration Extended IPv6 44-9 44-6 Binding a Port to an Access Control ListThis switch supports ACLs for ingress filtering only 44-15 Access Control Lists 15-12 Field Attributes Web Port ConfigurationDisplaying Connection Status Basic information ConfigurationField Attributes CLI Current status CLI This example shows the connection status for Port 45-8 Configuring Interface Connections 45-3 45-245-6 45-4 Showing Port Statistics Rmon Statistics Port StatisticsEtherlike Statistics Fragments FormedOversize Frames 16-9 CLI This example shows statistics for port 45-9 Creating Trunk Groups Statically Configuring a Trunk Static Trunk Configuration Setting a Load-Balance Mode for Trunks 46-2 Trunk Load Balance Mode 46-11 Enabling Lacp on Selected Ports46-3 Lacp Trunk Configuration 46-4 Configuring Lacp Parameters Dynamically Creating a Port Channel Lacp Aggregation Port Lacp Port Counters Displaying Lacp Port CountersYou can display statistics for Lacp protocol messages Marker Illegal Pkts Parameter Description Marker Unknown PktsType Badly formed PDU or an illegal value of Protocol Subtype Field Description Displaying Lacp Settings and Status for the Local SideLacp Internal Configuration Information Lacp Port Internal Information Displaying Lacp Settings and Status for the Remote Side Lacp Neighbor Configuration Information Field Description 17-14 Setting Broadcast Storm Thresholds Broadcast Storm Control 47-1 45-10 Configuring Port Mirroring Mirror Port Configuration 48-1 Configuring Rate Limits Command Attribute 49-1 Address Table Settings Setting Static Addresses Displaying the Address Table 50-1 Dynamic Addresses 50-3 50-4 Changing the Aging TimeCLI This example sets the aging time to 400 seconds Spanning Tree Algorithm Configuration Region R For this Region Displaying Global Settings 22-4 Web Click Spanning Tree, STA, Information STA Information Configuring Global Settings Global settings apply to the entire switch Basic Configuration of Global Settings Root Device Configuration Configuration Settings for Rstp Configuration Settings for Mstp STA Global Configuration Displaying Interface Settings 22-11 STA Port Information 51-18 Configuring Interface SettingsCLI This example shows the STA attributes for port 22-14 Configuring Multiple Spanning Trees CLI This example sets STA attributes for port Mstp Vlan Configuration 51-8 Displaying Interface Settings for Mstp Mstp Port Information Configuring Interface Settings for Mstp CLI This example sets the Mstp attributes for port 51-16 Vlan Configuration Assigning Ports to VLANs 23-2 Forwarding Tagged/Untagged Frames Displaying Basic Vlan Information Enabling or Disabling Gvrp Global SettingCLI This example enables Gvrp for the switch Max support Vlan numbers 256 Max support Vlan ID 4093 Command Attributes WebDisplaying Current VLANs 52-17 Command Attributes CLICreating VLANs 52-5 Adding Static Members to VLANs Vlan IndexCLI This example creates a new Vlan 52-6 Vlan Static Table Adding Static Members Adding Static Members to VLANs Port Index 52-11 Configuring Vlan Behavior for Interfaces Vlan Port Configuration Configuring Ieee 802.1Q Tunneling Layer 2 Flow for Packets Coming into a Tunnel Access Port QinQ Tunneling Layer 2 Flow for Packets Coming into a Tunnel Uplink Port Configuration Limitations for QinQ General Configuration Guidelines for QinQ 52-14 Enabling QinQ Tunneling on the SwitchCLI This example sets the switch to operate in QinQ mode 52-16 Adding an Interface to a QinQ Tunnel Tunnel Port Configuration 52-15 Enabling Private VLANs Configuring Private VLANsCLI This example enables private VLANs 53-1 Configuring Uplink and Downlink Ports 53-2 Create a protocol group for one or more protocols Configuring Protocol-Based VLANsConfiguring Protocol Groups Mapping Protocols to VLANs 54-1 Protocol Vlan Port Configuration 54-2 Configuring Protocol-Based VLANs 25-4 Setting the Default Priority for Interfaces Class of Service ConfigurationLayer 2 Queue Settings CLI This example assigns a default priority of 5 to port 55-3 CoS Priority Levels Mapping CoS Values to Egress QueuesMapping CoS Values to Egress Queues Priority Level Traffic Type 55-6 Selecting the Queue Mode55-4 55-5 Setting the Service Weight for Traffic Classes55-2 Queue Scheduling Selecting IP Precedence/DSCP Priority Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS Values 55-8 Mapping IP Precedence Mapping IP Precedence Priority Level Traffic Type 10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40 Mapping Dscp PriorityMapping Dscp Priority IP Dscp Value CoS Value 55-10 55-13 Mapping IP Port Priority IP Port Priority Status 55-11 Quality of Service Configuring Quality of Service Parameters Match Class Settings Configuring a Class MapClass Configuration Class map is used for matching packets to a specified class Configuring Class Maps 56-2 Creating QoS PoliciesPolicy Map 56-3 Policy Options Policy ConfigurationPolicy Rule Settings Class Settings Configuring Policy Maps 56-5 Attaching a Policy Map to Ingress Queues56-4 56-6 Quality of Service 27-8 Multicast Filtering Layer 2 Igmp Snooping and Query Configuring Igmp Snooping and Query Parameters 57-5 57-157-4 57-6 Displaying Interfaces Attached to a Multicast Router 57-9 Specifying Static Interfaces for a Multicast Router 57-8 Displaying Port Members of Multicast Services IP Multicast Registration Table Assigning Ports to Multicast Services Igmp Member Port Table 28-8 Configuring Domain Name Service Configuring General DNS Service Parameters 58-5 58-358-4 58-7 Configuring Static DNS Host to Address Entries 58-1 58-6 Displaying the DNS Cache DNS Cache 29-6 Switch Clustering Cluster Configuration Adds Candidate switches to the cluster as Members Cluster Member ConfigurationWeb Click Cluster, Configuration 61-1 Cluster Member Information Web Click Cluster, Member ConfigurationDisplays current cluster Member switch information 61-3 Cluster Candidate Information 61-5 Section IIICommand Line Interface Page Telnet Connection Using the Command Line InterfaceAccessing the CLI 31-2 Getting Help on Commands Entering CommandsCommand Completion Keywords and Arguments Showing Commands Partial Keyword Lookup Negating the Effect of CommandsUsing Command History General Command Modes Understanding Command ModesExec Commands Configuration Commands Configuration Command Modes Prompt Consoleconfig-if# 45-1 Keystroke Function Command Line ProcessingKeystroke Commands Using the Command Line Interface 31-10 CLI Command Groups Command Group Index Description 57-1 Class of Service55-1 General Commands Enable Related Commands DisableConfigure Example Show history Normal Exec, Privileged Exec Exit PromptEnd Syntax Prompt string no prompt Quit This command exits the configuration programThis example shows how to quit a CLI session General Commands 33-6 Hostname System Management CommandsSystem Management Commands Function Mode Syntax Hostname name no hostname Reload Switch renumberSyntax Switch all renumber Default Setting Jumbo frame Show startup-configSyntax No jumbo frame Default Setting Show ipv6 mtu 34-4 Show running-config Show running-config34-5 Show startup-config34-3 Show users This command displays system informationShow system Show version 34-9 System Management Commands 34-10 Flash/File Commands Function Mode File Management CommandsSaving or Restoring Configuration Settings Managing Firmware Copy 35-3 Syntax This command deletes a file or imageDelete Delete unit filename Dir This command displays a list of files in flash memorySyntax Dir unit boot-rom config opcode filename Dir Delete public-key41-20 File Directory Information WhichbootSyntax whichboot unit Column Heading Description Dir 35-5 whichboot Boot systemSyntax Boot system unit boot-romconfig opcode filename File Management Commands 35-8 Line Line CommandsLine Commands Function Mode Syntax Line console vty Login Syntax Login local no login Syntax Password 0 7 password no password PasswordUsername 41-1 password No password is specified Syntax Exec-timeout seconds no exec-timeout Timeout login responseExec-timeout Syntax Password-thresh threshold no password-thresh Password-threshCLI No timeout Telnet 10 minutes Default value is three attempts Syntax Silent-time seconds no silent-time Silent-timeDatabits Syntax Databits 7 8 no databits Parity Syntax Parity none even odd no parity Syntax Speed bps no speed SpeedStopbits Syntax Stopbits 1 Syntax Disconnect session-id DisconnectShow line Syntax Show line console vty To show all lines, enter this command Syntax No logging on Default Setting Event Logging CommandsEvent Logging Commands Function Mode Logging on Logging history 37-2 logging trap 37-4 clear log Flash errors level 3 RAM warnings level 7Logging history Logging facility Default Setting Command ModeLogging host Syntax No logging host hostipaddress Syntax Logging trap level no logging trap Disabled Level 7Logging trap Syntax Clear log flash ram Clear logShow logging Syntax Show logging flash ram sendmail trap Show logging trap display description Logging facility commandShow logging flash/ram display description Following example shows the event message stored in RAM Show logSyntax Show log flash ram Event Logging Commands 37-8 Logging sendmail host Smtp Alert CommandsSmtp Alert Commands Function Mode 38-4 Syntax Logging sendmail level level Logging sendmail levelLogging sendmail source-email Syntax Logging sendmail source-email email-address Logging sendmail Syntax No logging sendmail Default SettingLogging sendmail destination-email Syntax No logging sendmail destination-email email-address Show logging sendmail Syntax No sntp client Default Setting Time CommandsTime Commands Function Mode Sntp client Syntax Sntp server ip1 ip2 ip3 Sntp serverSntp server 39-2 sntp poll 39-3 show sntp Sntp client 39-1 sntp poll 39-3 show sntp Sntp pollShow sntp Syntax Sntp poll seconds no sntp poll Clock timezone Show calendar This command displays the system clockCalendar set Calendar set hour min sec day month year month day year Time Commands 39-6 Snmp Commands Snmp Commands Function Mode Show snmp Syntax No snmp-server Default SettingSnmp-server Snmp-server community Syntax Snmp-server contact string no snmp-server contact Snmp-server contactSnmp-server location Syntax Snmp-server location text no snmp-server location Snmp-server host Host Address None Notification Type Traps Snmp Version UDP Port Issue authentication and link-up-down traps Snmp-server enable trapsSnmp-server enable traps Snmp-server engine-id Show snmp engine-id This command shows the Snmp engine IDThis example shows the default engine ID Examples Defaultview includes access to the entire MIB treeSnmp-server view This view includes MIB-2 Snmp-server group This command shows information on the Snmp viewsShow snmp view Show snmp view display description 40-12 Field Description Groupname Name of an Snmp group Show snmp groupShow snmp group display description Snmp-server user This command shows information on Snmp users Show snmp user Show snmp user display description Authentication Commands Command Group Function User Authentication CommandsUser Account Commands User Access Commands Function Mode Guest Admin Enable passwordDefault Login Settings Username Access-level Password Authentication Sequence Commands Function Mode Authentication SequenceAuthentication login Username for setting the local user names and passwords Authentication enableTacacs Use Tacacs server password Local Radius Client Radius Client Commands Function ModeShow radius-server Shows the current Radius settings 41-8 41-8 Radius-server host Default Setting Auth-portRetransmit Command Mode Radius-server port Syntax Radius-server key keystring no radius-server key Radius-server keyRadius-server retransmit Radius-server timeout Show radius-server Tacacs-server host TACACS+ Client Commands Function ModeTACACS+ Client Tacacs-server port Syntax Tacacs-server key keystring no tacacs-server key Tacacs-server keyShow tacacs-server Ip http server Web Server CommandsIp http port Ip http port Syntax No ip http secure-server Default SettingIp http secure-server Portnumber The UDP port used for HTTPS. Range Ip http secure-portIp http secure-port41-13copy tftp https-certificate Ip telnet server Telnet Server CommandsTelnet Server Commands Function Mode Configuration Guidelines Secure Shell Commands10 Secure Shell Commands Function Mode Sets the SSH server key size 41-19 Copy tftp public-key 41-16 Syntax No ip ssh server Default Setting Ip ssh server Exec-timeout36-4 show ip ssh Ip ssh timeoutSyntax Ip ssh timeout seconds no ip ssh timeout Ip ssh crypto host-key generate 41-20 show ssh Key-size- The size of server key. Range 512-896 bits Ip ssh authentication-retriesIp ssh server-key size Bits Syntax Delete public-key username dsa rsa Delete public-keyIp ssh crypto host-key generate Syntax Ip ssh crypto host-key generate dsa rsa Syntax Ip ssh crypto zeroize dsa rsa Ip ssh crypto zeroizeIp ssh save host-key Syntax Ip ssh save host-key dsa rsa Show ssh This command displays the current SSH server connectionsShow ip ssh Ip ssh crypto host-key generate Syntax Show public-key user username host Show public-keyTerminology Management IP Filter Commands12 IP Filter Commands Function Mode 41-25 Show management 41-26 Port security Port Security CommandsPort Security Commands Function Mode Max-mac-count Shutdown 45-6mac-address-table static Syntax No dot1x system-auth-control Default Setting 802.1X Port Authentication802.1X Port Authentication Commands Function Mode Dot1x system-auth-control Dot1x max-req Dot1x defaultDefault Command Mode Dot1x port-control Single-host Dot1x operation-modeForce-authorized Syntax Dot1x re-authenticate interface Dot1x re-authenticateDot1x re-authentication Syntax No dot1x re-authentication Command Mode Dot1x timeout re-authperiod43-5 Dot1x timeout quiet-periodDot1x timeout re-authperiod Seconds The number of seconds. Range Syntax Show dot1x statistics interface interface Dot1x timeout tx-periodShow dot1x Statistics Displays dot1x status for each port Interface Authenticator State Machine Backend State Machine Reauthentication State Machine State- Current state including initialize, reauthenticate IPv4 ACL Commands Function Mode Access Control List CommandsAccess Control List Commands Command Groups Function IPv4 ACLs Permit, deny Ip access-group44-6 show ip access-list44-5 Access-list ipSyntax No access-list ip standard extended aclname Syntax No permit deny any source bitmask host source No permit deny tcp Access-list ipStandard IPv4 ACL Extended IPv4 ACL Syntax Show ip access-list standard extended aclname Show ip access-listThis command displays the rules for configured IPv4 ACLs Permit, deny Ip access-group44-6 Syntax No ip access-group aclname Ip access-groupShow ip access-group Show ip access-list44-5 Syntax No access-list ipv6 standard extended aclname Access-list ipv6IPv6 ACL Commands Function Mode IPv6 ACLs New rules are appended to the end of the list Access-list ipv6Standard IPv6 ACL Next-header next-header dscp dscp flow-label flow-label Syntax No permit denyAny destination-ipv6-address/prefix-length Extended IPv6 ACL Show ipv6 access-list This command displays the rules for configured IPv6 ACLs Syntax No ipv6 access-group aclname Ipv6 access-groupShow ipv6 access-group Syntax No access-list mac aclname Access-list macMAC ACL Commands Function Mode MAC ACLs No permit deny untagged-eth2 Permit, deny MAC ACLNo permit deny tagged-eth2 No permit deny tagged-802.3 Syntax Show mac access-list aclname Show mac access-listThis command displays the rules for configured MAC ACLs Syntax Mac access-group aclname Mac access-groupShow mac access-group ACL Information Commands Function Mode Show access-listShow access-group ACL Information 44-17 Access Control List Commands 44-18 Interface Interface CommandsInterface Commands Function Mode Port-channel channel-idRange Syntax Description string no description DescriptionSpeed-duplex Negotiation 45-3 capabilities Syntax No negotiation Default SettingNegotiation Capabilities 45-4speed-duplex45-2 Following example configures port 11 to use autonegotiationCapabilities Flowcontrol Syntax No flowcontrol Default SettingFollowing example enables flow control on port Negotiation 45-3speed-duplex45-2 flowcontrol Media-type Syntax Media-type mode no media-typeSyntax No shutdown Default Setting Shutdown Syntax Clear counters interface Port-channel channel-idRange Default SettingClear counters Syntax Show interfaces status interface This command displays the status for an interfaceShow interfaces status Shows the status for all interfaces Syntax Show interfaces counters interface This command displays interface statisticsShow interfaces counters Shows the counters for all interfaces Show interfaces switchport display description Show interfaces switchportSyntax Show interfaces switchport interface Allowed Vlan Indicates membership mode as Trunk or HybridIndicates the default priority for untagged frames Indicates tagged Interface Commands 45-12 Guidelines for Creating Trunks Link Aggregation CommandsLink Aggregation Commands Syntax Channel-group channel-idno channel-group Channel-groupDynamically Creating a Port Channel Port channel load-balance Src-dst-ip Syntax No lacp Default Setting Lacp Lacp system-priority 32768 Lacp admin-keyEthernet Interface Interface Configuration Port Channel Lacp admin-key Port ChannelSyntax Lacp admin-key key no lacp admin-key Show lacp This command displays Lacp informationLacp port-priority Type Port Channel allShow lacp counters display description LACPDUs Illegal Pkts Show lacp internal display description Show lacp neighbors display description Show port-channel load-balance Show lacp sysid display description 46-12 Broadcast Storm Control Commands Function Mode Broadcast Storm Control CommandsSwitchport broadcast packet-rate Enabled for all ports Packet-rate limit 500 pps Broadcast Storm Control Commands 47-2 Interface Configuration Ethernet, destination port Mirror Port CommandsMirror Port Commands Function Mode Port monitor Show port monitor This command displays mirror informationFollowing shows mirroring configured from port 6 to port Syntax Show port monitor interface Rate-limit Rate Limit CommandsRate Limit Commands Function Mode Gigabit Ethernet 1000 Mbps Rate Limit Commands 49-2 Mac-address-table static Address Table CommandsAddress Table Commands Function Mode Action Clear mac-address-table dynamic Show ipv6 neighbors Show mac-address-tableMac-address- MAC address Mask Bits to match in the address Mac-address-table aging-time Show mac-address-table aging-time Spanning Tree Commands Spanning Tree Commands Function Mode Spanning tree is enabled Spanning-tree modeSyntax No spanning-tree Default Setting Spanning-tree Spanning-tree forward-time Spanning-tree forward-time Spanning-tree hello-time Spanning-tree forward-time 51-3spanning-tree max-age Spanning-tree forward-time 51-3spanning-tree hello-time Spanning-tree max-ageSpanning-tree priority Spanning-tree pathcost method Long method Spanning-tree transmission-limit Spanning-tree mst-configurationThis command limits the maximum transmission rate for BPDUs Count The transmission limit in seconds. Range No mst instanceid vlan vlan-range MST ConfigurationMst vlan Mst instanceid priority priority no mst instanceid priority Mst priorityName Syntax Name name Number Revision number of the spanning tree. Range RevisionSyntax Revision number Name This example disables the spanning tree algorithm for port Spanning-tree spanning-disabledSyntax No spanning-tree spanning-disabled Default Setting Max-hops Spanning-tree cost Syntax Spanning-tree cost cost no spanning-tree cost Spanning-tree edge-port Syntax No spanning-tree edge-port Default SettingSpanning-tree port-priority Priority The priority for a port. Range 0-240, in steps Syntax No spanning-tree portfast Default Setting Spanning-tree portfast Spanning-tree link-type Spanning-treeedge-port51-13 Spanning-tree mst cost Spanning-tree mst port-priority51-17 Syntax Spanning-tree protocol-migration interface Spanning-tree mst port-prioritySpanning-tree protocol-migration Show spanning-tree Syntax Show spanning-tree interface mst instanceid 51-19 Show spanning-tree mst configuration Vlan Commands Command Groups Function Vlan CommandsGvrp and Bridge Extension Commands Gvrp and Bridge Extension Commands Function Mode Show bridge-ext Syntax No bridge-ext gvrp Default SettingBridge-ext gvrp Syntax No switchport gvrp Default Setting Switchport gvrpShow gvrp configuration Syntax Show gvrp configuration interface Garp timer Commands for Editing Vlan Groups Function Mode Show garp timerSyntax Show garp timer interface Editing Vlan Groups Vlan By default only Vlan 1 exists and is activeVlan Database Configuration Show vlan Interface vlan Configuring Vlan InterfacesCommands for Configuring Vlan Interfaces Function Mode Interface vlan All ports are in hybrid mode with the Pvid set to Vlan Switchport modeSyntax Switchport mode hybrid trunk no switchport mode Switchport acceptable-frame-types52-9 Switchport mode Switchport acceptable-frame-typesSwitchport ingress-filtering Syntax No switchport ingress-filtering Default Setting Switchport native vlan Switchport allowed vlan Switchport forbidden vlan No VLANs are included in the forbidden list Dot1q-tunnel Ieee 802.1Q Tunneling Commands Function ModeGeneral Configuration Guidelines for QinQ 52-14 Syntax No dot1q-tunnel system-tunnel-control Default Setting Show dot1q-tunnel52-16 Show interfaces switchport Switchport dot1q-tunnel tpid 0x8100 Commands for Displaying Vlan Information Function Mode Displaying Vlan Information Show vlan This command shows Vlan informationFollowing example shows how to display information for Vlan Syntax Show vlan id vlan-idname vlan-name Vlan Commands 52-18 Pvlan Private Vlan CommandsPrivate Vlan Commands Function Mode No private VLANs are defined This command displays the configured private Vlan Show pvlan Protocol-based Vlan Commands Function Mode Protocol-based Vlan CommandsProtocol-vlan protocol-group Configuring Groups 54-4 No protocol groups are mapped for any interface Protocol-vlan protocol-group ConfiguringNo protocol groups are configured Syntax Show protocol-vlan protocol-group group-id This shows protocol group 1 configured for IP over EthernetShow protocol-vlan protocol-group Group-id- Group identifier for a protocol group. Range Show interfaces protocol-vlan protocol-group Mapping for all interfaces is displayed Priority Commands Command Groups Function Class of Service CommandsPriority Commands Layer Priority Commands Layer Function Mode Weighted Round Robin Queue modeSyntax Queue mode strict wrr no queue mode Queue bandwidth 55-4 show queue mode Switchport priority default Queue cos-map Queue bandwidth weight1...weight4 no queue bandwidthQueue bandwidth Queue cos-mapqueueid cos1 ... cosn no queue cos-map This command shows the current queue mode Show queue modeDefault CoS Priority Levels Show queue cos-map55-6 Show queue cos-map This command shows the class of service priority mapShow queue bandwidth Syntax Show queue cos-map interface Syntax No map ip port Default Setting Priority Commands Layer 3Priority Commands Layer 3 Function Mode Following example shows how to map Http traffic to CoS value Syntax No map ip precedence Default Setting Map ip precedence Interface Configuration List below shows the default priority mapping Syntax No map ip dscp Default Setting Map ip dscp dscp-value cos cos-value no map ip dscp Mapping IP Dscp to CoS Values IP Dscp Value This command shows the IP port priority mapShow map ip port Syntax Show map ip port interface Syntax Show map ip precedence interface This command shows the IP precedence priority mapShow map ip precedence Syntax Show map ip dscp interface This command shows the IP Dscp priority mapShow map ip dscp 55-14 Quality of Service Commands Quality of Service Commands Function Mode Show class map Class-mapSyntax No class-map class-map-namematch-any Class Map Configuration Match No policy-mappolicy-map-name Policy-mapClass No class class-map-name Policy Map Configuration Set Syntax No police rate-kbpsburst-byteexceed-action drop set Policy Map Class ConfigurationPolice Drop out-of-profile packets No policy map is attached to an interface Service-policySyntax No service-policy input policy-map-name Syntax Show class-map class-map-name Show class-mapShow policy-map Show policy-mappolicy-map-name class class-map-name Syntax Show policy-map interface interface input Port-channel channel-idRange Command ModeShow policy-map interface Quality of Service Commands 56-10 Ip igmp snooping Multicast Filtering CommandsIgmp Snooping Commands Igmp Version Ip igmp snooping vlan staticIp igmp snooping version Show ip igmp snooping Show mac-address-table multicast Syntax No ip igmp snooping querier Default Setting Igmp Query CommandsIgmp Query Commands Function Mode Ip igmp snooping querier Ip igmp snooping query-interval Following shows how to configure the query count toIp igmp snooping query-count Times Seconds The report delay advertised in Igmp queries. Range Ip igmp snooping query-max-response-time Switch must use IGMPv2 for this command to take effect Ip igmp snooping router-port-expire-time No static multicast router ports are configured Static Multicast Routing CommandsStatic Multicast Routing Commands Function Mode Ip igmp snooping vlan mrouter Displays multicast router ports for all configured VLANs Show ip igmp snooping mrouter Multicast Filtering Commands 57-10 Ip host Domain Name Service CommandsDNS Commands Function Mode No ip host name address1 address2 … address8 This example maps two address to a host name This command deletes entries from the DNS tableClear host Syntax Clear host name Syntax Ip domain-name name no ip domain-name Ip domain-nameIp domain-list Ip domain-list58-3 ip name-server58-4 ip domain-lookup58-5 Server-address1- IP address of domain-name server Ip name-serverIp domain-name58-3 Ip domain-name58-3 ip domain-lookup58-5 Syntax No ip domain-lookup Default SettingIp domain-lookup Show hosts Ip domain-name58-3 ip name-server58-4 Show dns cache display description Show dnsShow dns cache This command clears all entries in the DNS cache Clear dns cache Ip address IPv4 Interface CommandsIPv4 Configuration Commands Function Mode Gateway IP address of the default gateway Ip default-gatewaySyntax Ip default-gateway gateway no ip default-gateway Ip dhcp restart 59-3 ipv6 address This command submits an IPv4 Bootp or Dhcp client request Following example defines a default gateway for this deviceShow ip redirects 59-4 ipv6 default-gateway60-12 Ip dhcp restart Show ip interface This command displays the settings of an IPv4 interfaceIp default-gateway59-2 Show ipv6 default-gateway60-12 Show ip redirects Syntax Ping host count countsize size This command has no default for the hostPing Interface 45-1 ping ipv6 59 IPv4 Interface Commands 59-6 IPv6 Interface Commands IPv6 Configuration Commands IPv6 is disabled Ipv6 enableSyntax No ipv6 enable Default Setting Ipv6 address link-local60-9 show ipv6 interface Show ipv6 general-prefix60-4 Ipv6 general-prefixNo general prefix is defined Ipv6 address This command displays all configured IPv6 general prefixesShow ipv6 general-prefix No IPv6 addresses are defined 60-5 Ipv6 address autoconfig Syntax No ipv6 address autoconfig Default Setting Ipv6 address eui-64 Ipv6 address Show ipv6 interface Ipv6 address autoconfig 60-6 show ipv6 interface Ipv6 address link-local Show ipv6 interface display description Field Ipv6 enable Show ipv6 interfaceShow ipv6 interface Appending those bits to the prefix Show ipv6 interface display descriptionFF022, and solicited nodes FF021FFXXXXXX as described below Maximum transmission unit for this interface Syntax Ipv6 default-gateway ipv6-addressno ipv6 address Ipv6 default-gatewayShow ipv6 default-gateway Ipv6 mtu Syntax Ipv6 mtu size no ipv6 mtu Following example shows the MTU cache for this device Show ipv6 mtuShow ipv6 traffic Show ipv6 mtu display description 60-15 Errors discovered in processing their IPv6 options, etc Received in errorFormat errors Ipv6 rcvd Rcvd total Show ipv6 traffic display description Ipv6 sent Input interface for the messages Checksum errorsIpv6 icmp input Input Prohibited messages received by the interface Ipv6 icmp output Clear ipv6 traffic Repeat 5 timeout 2 seconds Ping ipv6 Ipv6 neighbor Syntax Ipv6 nd dad attempts count no ipv6 nd dad attempts Ipv6 nd dad attemptsShow ipv6 neighbors 60-26mac-address-table static Ipv6 nd ns interval 60-25 show ipv6 neighbors Ipv6 nd ns interval Milliseconds is used for neighbor discovery operations Show ipv6 neighbors display description Field Description Show ipv6 neighborsSyntax Show ipv6 neighbors vlan vlan-id ipv6-address Clear ipv6 neighbors Show ipv6 neighbors display description 60 IPv6 Interface Commands 60-28 Syntax No cluster Default Setting Switch Cluster CommandsSwitch Cluster Commands Function Mode Cluster Cluster ip-pool Cluster commanderSyntax No cluster commander Default Setting Syntax Cluster ip-pool ip-addressno cluster ip-pool Cluster member No Members Member-id- The ID number of the Member switch. Range RcommandSyntax Rcommand id member-id This command shows the switch clustering configuration Show cluster candidates This command shows the current switch cluster membersShow cluster members Switch Cluster Commands 61-6 Section IVAppendices Appendices Appendix a Software Specifications Software Features Standards Management FeaturesGroups 1, 2, 3, 9 Statistics, History, Alarm, Event Icmp RFC Igmp RFC Management Information Bases Management Information Bases a Software Specifications Table B-1 Troubleshooting Chart Appendix B TroubleshootingProblems Accessing the Management Interface Symptom Action Using System Logs Access Control List ACL Glossary Extended Universal Identifier EUI See Generic Attribute Registration Protocol Ieee 802.1Q Defines frame extensions for Vlan tagging IP Precedence See Port Trunk Port Mirroring See Ieee Secure Shell SSH TCP/IP protocol commonly used for software downloads User Datagram Protocol UDP Glossary Glossary-8 Index Numerics Index-2 Index-3 Index-4 Page ES4524D ES4548D E112006-CS-R01 149100030400A