802.1X Port Authentication | Accton Technology ES4548D, ES4524D

Chapter 43: 802.1X Port Authentication

The switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication. Client authentication is controlled centrally by a RADIUS server using EAP (Extensible Authentication Protocol).

Table 43-1 802.1X Port Authentication Commands

Command	Function	Mode	Page

dot1x system-auth-control	Enables dot1x globally on the switch.	GC	43-1

dot1x default	Resets all dot1x parameters to their default values	GC	43-2

dot1x max-req	Sets the maximum number of times that the switch	IC	43-2
	retransmits an EAP request/identity packet to the client
	before it times out the authentication session
dot1x port-control	Sets dot1x mode for a port interface	IC	43-2

dot1x operation-mode	Allows single or multiple hosts on an dot1x port	IC	43-3

dot1x re-authenticate	Forces re-authentication on specific ports	PE	43-4

dot1x re-authentication	Enables re-authentication for all ports	IC	43-4

dot1x timeout quiet-period	Sets the time that a switch port waits after the Max	IC	43-5
	Request Count has been exceeded before attempting to
	acquire a new client
dot1x timeout re-authperiod	Sets the time period after which a connected client must	IC	43-5
	be re-authenticated
dot1x timeout tx-period	Sets the time period during an authentication session that	IC	43-6
	the switch waits before re-transmitting an EAP packet
show dot1x	Shows all dot1x related information	PE	43-6

dot1x system-auth-control

This command enables IEEE 802.1X port authentication globally on the switch. Use the no form to restore the default.

Syntax

[no] dot1x system-auth-control

Default Setting

Disabled

Command Mode

Global Configuration

Example

Console(config)#dot1x system-auth-control

Console(config)#

43-1

Page 381

Image 381

Accton Technology ES4548D, ES4524D, 24/48-Port manual 802.1X Port Authentication, Dot1x system-auth-control

Contents

Powered by Accton Page ES4524D Gigabit Ethernet Switch ES4524D ES4548D F0.0.0.4 E112006-CS-R01 149100030400A Contents Setting the System Clock 10-1 Vii Access Control Lists 15-1 Viii Vlan Configuration 23-1 Multicast Filtering 28-1 File Management Commands 35-1 Smtp Alert Commands 38-1 Xii 802.1X Port Authentication 43-1 Xiii Access Control List Commands 44-1 Xiv Address Table Commands 50-1 Private Vlan Commands 53-1 Xvi Quality of Service Commands 56-1 Xvii IPv4 Interface Commands 59-1 Xviii Xix TablesPage Xxi Xxii Xxiii Figures Xxiv Figures IP Filter 12-14 Port Security 13-2 Xxv Figures Xxvi Section I Getting Started Getting Started Key Features Key FeaturesFeature Description Introduction Introduction Description of Software Features Description of Software Features Introduction Description of Software Features System Defaults System DefaultsFunction Parameter Default Password super Snmp View defaultview Traffic Prioritization Ingress Port Priority Queue Mode System Defaults Function ParameterDisabled Igmp Snooping Snooping Enabled System Log Status Enabled Messages Logged Initial Configuration Connecting to the SwitchConfiguration Options Remote Connections Required Connections Basic Configuration Setting PasswordsConsole Connection Assigning an IPv4 Address Setting an IP Address 45-1 Assigning an IPv6 Address59-1 59-2 60-10 60-4 60-12 60-3 59-3 Obtaining an IPv4 Address59-4 35-2 60-2 Obtaining an IPv6 Address 60-6 Enabling Snmp Management Access 40-5 40-3 40-10 Managing System Files40-11 40-14 Saving Configuration Settings Initial Configuration Section II Switch Management Page Using the Web Interface Configuring the Switch Home Navigating the Web Browser Interface Panel Display Web Page Configuration ButtonsApply Revert Help Action Main Menu Switch Main Menu DescriptionSystem System Information IPv6 Neighbor 12-8 11-115-1 12-13 17-1 Lacp 23-1 Class-of-service valueCurrent Table 23-5 28-2 26-9Query Multicast Router 28-4 Basic System Settings Displaying System InformationField Attributes System Information CLI Specify the hostname, location and contact information Displaying Switch Hardware/Software VersionsMain Board Management Software 34-8 Switch Information Displaying Bridge Extension Capabilities Displaying Bridge Extension Configuration CLI Enter the following command Configuring Support for Jumbo FramesCommand Usage Command Attributes CLI Use the reload command to restart the switch Resetting the SystemRenumbering the Stack CLI This example renumbers all units in the stack Basic System Settings Setting the Switch’s IP Address IP Version Setting an IP Address IPv4 Interface Configuration Manual Manual Configuration IPv4 Interface Configuration Dhcp Using DHCP/BOOTP Configuring an IPv6 Address Setting the Switch’s IP Address IP Version 6 IP Address Setting the Switch’s IP Address IP Version 6 Current Address Table IPv6 Interface Configuration Configuring an IPv6 General Network Prefix 60-1360-14 Protocol Settings IPv6 General Prefix Configuration Current Neighbor Cache Table Adding Static Neighbors IPv6 Neighbor -- Add 60-26 60-22 Managing Firmware Managing System Files Copy Firmware Downloading System Software from a Server 35-7 Deleting Files Saving or Restoring Configuration Settings Downloading Configuration Settings for Start-Up Downloading Configuration Settings from a Server Console#copy tftp startup-config Console Port Settings 36-2 36-136-3 36-4 Telnet Settings Configuring the Telnet Interface System Log Configuration Configuring Event LoggingError resource exhausted Logging Levels 37-1 Remote Log Configuration37-2 37-5 37-4 37-3 Sending Simple Mail Transfer Protocol Alerts Displaying Log MessagesCLI This example shows the event message stored in RAM 37-7 Enabling and Configuring Smtp Alerts 38-2 38-138-3 38-4 Configuring Sntp Setting the System Clock 39-1 Setting the Time Zone39-3 39-2 Snmp Overview Simple Network Management Protocol SNMPv3 Security Models and Levels Enabling the Snmp AgentLevel Group Read View Write View Notify View Security User defined Setting Community Access Strings CLI The following example enables Snmp on the switch40-2 Specifying Trap Managers and Trap Types 11-5 40-7 Configuring SNMPv3 Management Access Specifying a Remote Engine ID Setting a Local Engine IDCLI This example sets an SNMPv3 engine ID 40-8 CLI This example specifies a remote SNMPv3 engine ID Configuring SNMPv3 Users Configuring SNMPv3 Users 40-15 Configuring Remote SNMPv3 Users Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Any of its configured ports transitions from Topology Change Timer immediatelyThat its configuration may have been altered Authenticated. While all implementations Supported Notification Messages 40-13 Configuring SNMPv3 Groups Configuring SNMPv3 Views Setting SNMPv3 Views 11-17 Simple Network Management Protocol 11-18 Configuring User Accounts User Authentication 41-1 Configuring Local/Remote Logon Authentication Global Provides globally applicable Radius settings Radius SettingsWeb Telnet TACACS+ server Authentication Server Settings Tacacs Settings Configuring Https Replacing the Default Secure-site Certificate Address server ip-address Copy Https Certificate Configuring the Secure Shell Authenticating SSH v1.5 Clients Generating the Host Key Pair Authenticating SSH v2 Clients 41-20 41-2141-23 SSH server includes basic settings for authentication Configuring the SSH Server 41-17 Filtering IP Addresses for Management Access41-18 41-19 41-25 41-24 Configuring Port Security 42-1 Port Security Configuring 802.1X Port Authentication 802.1X protocol provides port authentication Displaying 802.1X Global SettingsCLI This example shows the default global setting for Web Click Security, 802.1X, Information Configuring Port Settings for Configuring 802.1X Global SettingsCLI This example enables 802.1X globally for the switch 43-1 Authorized 802.1X Port Configuration 43-2 43-443-5 Displaying 802.1X Statistics 802.1X StatisticsParameter Description CLI This example displays the dot1x statistics for port 802.1X Port Statistics Configuring 802.1X Port Authentication 14-8 Access Control Lists Setting an ACL Name and TypeOverview Configuring a Standard IPv4 ACL CLI This example creates a standard IP ACL named bill44-2 ACL Configuration Standard IPv4 Configuring an Extended IPv4 ACL 15-4 44-3 ACL Configuration Extended IPv4 Configuring a MAC ACL 44-13 Configuring a Standard IPv6 ACL 44-8 Configuring an Extended IPv6 ACL 15-9 44-9 ACL Configuration Extended IPv6 This switch supports ACLs for ingress filtering only Binding a Port to an Access Control List44-6 44-15 Access Control Lists 15-12 Port Configuration Displaying Connection StatusField Attributes Web Field Attributes CLI ConfigurationBasic information Current status 45-8 CLI This example shows the connection status for Port Configuring Interface Connections 45-6 45-245-3 45-4 Showing Port Statistics Port Statistics Etherlike StatisticsRmon Statistics Formed Oversize FramesFragments 16-9 45-9 CLI This example shows statistics for port Creating Trunk Groups Static Trunk Configuration Statically Configuring a Trunk 46-2 Setting a Load-Balance Mode for Trunks Trunk Load Balance Mode Enabling Lacp on Selected Ports 46-346-11 46-4 Lacp Trunk Configuration Dynamically Creating a Port Channel Configuring Lacp Parameters Lacp Aggregation Port Displaying Lacp Port Counters You can display statistics for Lacp protocol messagesLacp Port Counters Type Parameter Description Marker Unknown PktsMarker Illegal Pkts Badly formed PDU or an illegal value of Protocol Subtype Displaying Lacp Settings and Status for the Local Side Lacp Internal Configuration InformationField Description Lacp Port Internal Information Lacp Neighbor Configuration Information Field Description Displaying Lacp Settings and Status for the Remote Side 17-14 Broadcast Storm Control Setting Broadcast Storm Thresholds 45-10 47-1 Configuring Port Mirroring 48-1 Mirror Port Configuration Command Attribute Configuring Rate Limits 49-1 Setting Static Addresses Address Table Settings 50-1 Displaying the Address Table 50-3 Dynamic Addresses Changing the Aging Time CLI This example sets the aging time to 400 seconds50-4 Spanning Tree Algorithm Configuration For this Region Region R Displaying Global Settings 22-4 STA Information Web Click Spanning Tree, STA, Information Global settings apply to the entire switch Configuring Global Settings Root Device Configuration Basic Configuration of Global Settings Configuration Settings for Mstp Configuration Settings for Rstp STA Global Configuration Displaying Interface Settings 22-11 STA Port Information Configuring Interface Settings CLI This example shows the STA attributes for port51-18 22-14 CLI This example sets STA attributes for port Configuring Multiple Spanning Trees Mstp Vlan Configuration 51-8 Mstp Port Information Displaying Interface Settings for Mstp Configuring Interface Settings for Mstp 51-16 CLI This example sets the Mstp attributes for port Assigning Ports to VLANs Vlan Configuration 23-2 Forwarding Tagged/Untagged Frames Enabling or Disabling Gvrp Global Setting CLI This example enables Gvrp for the switchDisplaying Basic Vlan Information Command Attributes Web Displaying Current VLANsMax support Vlan numbers 256 Max support Vlan ID 4093 Command Attributes CLI Creating VLANs52-17 CLI This example creates a new Vlan Adding Static Members to VLANs Vlan Index52-5 52-6 Vlan Static Table Adding Static Members 52-11 Adding Static Members to VLANs Port Index Configuring Vlan Behavior for Interfaces Vlan Port Configuration Configuring Ieee 802.1Q Tunneling QinQ Tunneling Layer 2 Flow for Packets Coming into a Tunnel Access Port Layer 2 Flow for Packets Coming into a Tunnel Uplink Port General Configuration Guidelines for QinQ Configuration Limitations for QinQ CLI This example sets the switch to operate in QinQ mode Enabling QinQ Tunneling on the Switch52-14 52-16 Adding an Interface to a QinQ Tunnel 52-15 Tunnel Port Configuration CLI This example enables private VLANs Configuring Private VLANsEnabling Private VLANs 53-1 53-2 Configuring Uplink and Downlink Ports Configuring Protocol-Based VLANs Configuring Protocol GroupsCreate a protocol group for one or more protocols 54-1 Mapping Protocols to VLANs 54-2 Protocol Vlan Port Configuration Configuring Protocol-Based VLANs 25-4 Class of Service Configuration Layer 2 Queue SettingsSetting the Default Priority for Interfaces 55-3 CLI This example assigns a default priority of 5 to port Mapping CoS Values to Egress Queues Mapping CoS Values to Egress QueuesCoS Priority Levels Priority Level Traffic Type Selecting the Queue Mode 55-455-6 Setting the Service Weight for Traffic Classes 55-255-5 Queue Scheduling Mapping Layer 3/4 Priorities to CoS Values Layer 3/4 Priority SettingsSelecting IP Precedence/DSCP Priority 55-8 Mapping IP Precedence Priority Level Traffic Type Mapping IP Precedence Mapping Dscp Priority Mapping Dscp Priority IP Dscp Value CoS Value10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40 55-13 55-10 IP Port Priority Status Mapping IP Port Priority 55-11 Configuring Quality of Service Parameters Quality of Service Class Configuration Configuring a Class MapMatch Class Settings Class map is used for matching packets to a specified class Configuring Class Maps Policy Map Creating QoS Policies56-2 56-3 Policy Configuration Policy Rule Settings Class SettingsPolicy Options Configuring Policy Maps 56-4 Attaching a Policy Map to Ingress Queues56-5 56-6 Quality of Service 27-8 Layer 2 Igmp Snooping and Query Multicast Filtering Configuring Igmp Snooping and Query Parameters 57-4 57-157-5 57-6 57-9 Displaying Interfaces Attached to a Multicast Router 57-8 Specifying Static Interfaces for a Multicast Router IP Multicast Registration Table Displaying Port Members of Multicast Services Igmp Member Port Table Assigning Ports to Multicast Services 28-8 Configuring General DNS Service Parameters Configuring Domain Name Service 58-4 58-358-5 58-7 Configuring Static DNS Host to Address Entries 58-6 58-1 DNS Cache Displaying the DNS Cache 29-6 Cluster Configuration Switch Clustering Web Click Cluster, Configuration Cluster Member ConfigurationAdds Candidate switches to the cluster as Members 61-1 Displays current cluster Member switch information Web Click Cluster, Member ConfigurationCluster Member Information 61-3 61-5 Cluster Candidate Information Section IIICommand Line Interface Page Using the Command Line Interface Accessing the CLITelnet Connection 31-2 Command Completion Entering CommandsGetting Help on Commands Keywords and Arguments Showing Commands Negating the Effect of Commands Using Command HistoryPartial Keyword Lookup Understanding Command Modes Exec CommandsGeneral Command Modes Configuration Commands Consoleconfig-if# 45-1 Configuration Command Modes Prompt Command Line Processing Keystroke CommandsKeystroke Function Using the Command Line Interface 31-10 Command Group Index Description CLI Command Groups Class of Service 55-157-1 Enable General Commands Configure DisableRelated Commands Example Normal Exec, Privileged Exec Show history End PromptExit Syntax Prompt string no prompt This command exits the configuration program This example shows how to quit a CLI sessionQuit General Commands 33-6 System Management Commands Function Mode System Management CommandsHostname Syntax Hostname name no hostname Switch renumber Syntax Switch all renumber Default SettingReload Syntax No jumbo frame Default Setting Show startup-configJumbo frame Show ipv6 mtu 34-4 Show running-config34-5 Show running-config Show startup-config34-3 This command displays system information Show systemShow users Show version 34-9 System Management Commands 34-10 Saving or Restoring Configuration Settings File Management CommandsFlash/File Commands Function Mode Managing Firmware Copy 35-3 Delete This command deletes a file or imageSyntax Delete unit filename Syntax Dir unit boot-rom config opcode filename This command displays a list of files in flash memoryDir Dir Delete public-key41-20 Syntax whichboot unit WhichbootFile Directory Information Column Heading Description Boot system Syntax Boot system unit boot-romconfig opcode filenameDir 35-5 whichboot File Management Commands 35-8 Line Commands Function Mode Line CommandsLine Syntax Line console vty Syntax Login local no login Login Username 41-1 password PasswordSyntax Password 0 7 password no password No password is specified Timeout login response Exec-timeoutSyntax Exec-timeout seconds no exec-timeout CLI No timeout Telnet 10 minutes Password-threshSyntax Password-thresh threshold no password-thresh Default value is three attempts Databits Silent-timeSyntax Silent-time seconds no silent-time Syntax Databits 7 8 no databits Syntax Parity none even odd no parity Parity Stopbits SpeedSyntax Speed bps no speed Syntax Stopbits 1 Show line DisconnectSyntax Disconnect session-id Syntax Show line console vty To show all lines, enter this command Event Logging Commands Function Mode Event Logging CommandsSyntax No logging on Default Setting Logging on Flash errors level 3 RAM warnings level 7 Logging historyLogging history 37-2 logging trap 37-4 clear log Logging host Default Setting Command ModeLogging facility Syntax No logging host hostipaddress Disabled Level 7 Logging trapSyntax Logging trap level no logging trap Show logging Clear logSyntax Clear log flash ram Syntax Show logging flash ram sendmail trap Logging facility command Show logging flash/ram display descriptionShow logging trap display description Show log Syntax Show log flash ramFollowing example shows the event message stored in RAM Event Logging Commands 37-8 Smtp Alert Commands Function Mode Smtp Alert CommandsLogging sendmail host 38-4 Logging sendmail source-email Logging sendmail levelSyntax Logging sendmail level level Syntax Logging sendmail source-email email-address Logging sendmail destination-email Syntax No logging sendmail Default SettingLogging sendmail Syntax No logging sendmail destination-email email-address Show logging sendmail Time Commands Function Mode Time CommandsSyntax No sntp client Default Setting Sntp client Sntp server Sntp server 39-2 sntp poll 39-3 show sntpSyntax Sntp server ip1 ip2 ip3 Show sntp Sntp pollSntp client 39-1 sntp poll 39-3 show sntp Syntax Sntp poll seconds no sntp poll Clock timezone Calendar set This command displays the system clockShow calendar Calendar set hour min sec day month year month day year Time Commands 39-6 Snmp Commands Function Mode Snmp Commands Syntax No snmp-server Default Setting Snmp-serverShow snmp Snmp-server community Snmp-server location Snmp-server contactSyntax Snmp-server contact string no snmp-server contact Syntax Snmp-server location text no snmp-server location Host Address None Notification Type Traps Snmp-server host Snmp Version UDP Port Snmp-server enable traps Snmp-server enable trapsIssue authentication and link-up-down traps Snmp-server engine-id This command shows the Snmp engine ID This example shows the default engine IDShow snmp engine-id Snmp-server view Defaultview includes access to the entire MIB treeExamples This view includes MIB-2 Show snmp view This command shows information on the Snmp viewsSnmp-server group Show snmp view display description 40-12 Show snmp group Show snmp group display descriptionField Description Groupname Name of an Snmp group Snmp-server user Show snmp user This command shows information on Snmp users Show snmp user display description User Account Commands User Authentication CommandsAuthentication Commands Command Group Function User Access Commands Function Mode Enable password Default Login Settings Username Access-level PasswordGuest Admin Authentication Sequence Authentication loginAuthentication Sequence Commands Function Mode Tacacs Use Tacacs server password Authentication enableUsername for setting the local user names and passwords Local Show radius-server Shows the current Radius settings 41-8 Radius Client Commands Function ModeRadius Client 41-8 Retransmit Command Mode Default Setting Auth-portRadius-server host Radius-server port Radius-server key Radius-server retransmitSyntax Radius-server key keystring no radius-server key Show radius-server Radius-server timeout TACACS+ Client TACACS+ Client Commands Function ModeTacacs-server host Tacacs-server port Tacacs-server key Show tacacs-serverSyntax Tacacs-server key keystring no tacacs-server key Web Server Commands Ip http portIp http server Syntax No ip http secure-server Default Setting Ip http secure-serverIp http port Ip http secure-port Ip http secure-port41-13copy tftp https-certificatePortnumber The UDP port used for HTTPS. Range Telnet Server Commands Telnet Server Commands Function ModeIp telnet server 10 Secure Shell Commands Function Mode Secure Shell CommandsConfiguration Guidelines Sets the SSH server key size 41-19 Copy tftp public-key 41-16 Ip ssh server Syntax No ip ssh server Default Setting Syntax Ip ssh timeout seconds no ip ssh timeout Ip ssh timeoutExec-timeout36-4 show ip ssh Ip ssh crypto host-key generate 41-20 show ssh Ip ssh server-key size Ip ssh authentication-retriesKey-size- The size of server key. Range 512-896 bits Bits Ip ssh crypto host-key generate Delete public-keySyntax Delete public-key username dsa rsa Syntax Ip ssh crypto host-key generate dsa rsa Ip ssh save host-key Ip ssh crypto zeroizeSyntax Ip ssh crypto zeroize dsa rsa Syntax Ip ssh save host-key dsa rsa Show ip ssh This command displays the current SSH server connectionsShow ssh Ip ssh crypto host-key generate Show public-key TerminologySyntax Show public-key user username host 12 IP Filter Commands Function Mode IP Filter CommandsManagement 41-25 Show management 41-26 Port Security Commands Function Mode Port Security CommandsPort security Max-mac-count Shutdown 45-6mac-address-table static 802.1X Port Authentication Commands Function Mode 802.1X Port AuthenticationSyntax No dot1x system-auth-control Default Setting Dot1x system-auth-control Default Command Mode Dot1x defaultDot1x max-req Dot1x port-control Dot1x operation-mode Force-authorizedSingle-host Dot1x re-authentication Dot1x re-authenticateSyntax Dot1x re-authenticate interface Syntax No dot1x re-authentication Command Mode Dot1x timeout re-authperiod Dot1x timeout quiet-periodDot1x timeout re-authperiod43-5 Seconds The number of seconds. Range Show dot1x Dot1x timeout tx-periodSyntax Show dot1x statistics interface interface Statistics Displays dot1x status for each port Interface Backend State Machine Authenticator State Machine State- Current state including initialize, reauthenticate Reauthentication State Machine Access Control List Commands Command Groups Function Access Control List CommandsIPv4 ACL Commands Function Mode IPv4 ACLs Syntax No access-list ip standard extended aclname Access-list ipPermit, deny Ip access-group44-6 show ip access-list44-5 Syntax No permit deny any source bitmask host source Access-list ip Standard IPv4 ACLNo permit deny tcp Extended IPv4 ACL This command displays the rules for configured IPv4 ACLs Show ip access-listSyntax Show ip access-list standard extended aclname Permit, deny Ip access-group44-6 Show ip access-group Ip access-groupSyntax No ip access-group aclname Show ip access-list44-5 IPv6 ACL Commands Function Mode Access-list ipv6Syntax No access-list ipv6 standard extended aclname IPv6 ACLs Access-list ipv6 Standard IPv6 ACLNew rules are appended to the end of the list Any destination-ipv6-address/prefix-length Syntax No permit denyNext-header next-header dscp dscp flow-label flow-label Extended IPv6 ACL This command displays the rules for configured IPv6 ACLs Show ipv6 access-list Ipv6 access-group Show ipv6 access-groupSyntax No ipv6 access-group aclname MAC ACL Commands Function Mode Access-list macSyntax No access-list mac aclname MAC ACLs No permit deny tagged-eth2 Permit, deny MAC ACLNo permit deny untagged-eth2 No permit deny tagged-802.3 Show mac access-list This command displays the rules for configured MAC ACLsSyntax Show mac access-list aclname Mac access-group Show mac access-groupSyntax Mac access-group aclname Show access-group Show access-listACL Information Commands Function Mode ACL Information 44-17 Access Control List Commands 44-18 Interface Commands Function Mode Interface CommandsInterface Port-channel channel-idRange Description Speed-duplexSyntax Description string no description Syntax No negotiation Default Setting NegotiationNegotiation 45-3 capabilities Following example configures port 11 to use autonegotiation CapabilitiesCapabilities 45-4speed-duplex45-2 Following example enables flow control on port Syntax No flowcontrol Default SettingFlowcontrol Negotiation 45-3speed-duplex45-2 flowcontrol Syntax No shutdown Default Setting Syntax Media-type mode no media-typeMedia-type Shutdown Port-channel channel-idRange Default Setting Clear countersSyntax Clear counters interface Show interfaces status This command displays the status for an interfaceSyntax Show interfaces status interface Shows the status for all interfaces Show interfaces counters This command displays interface statisticsSyntax Show interfaces counters interface Shows the counters for all interfaces Show interfaces switchport Syntax Show interfaces switchport interfaceShow interfaces switchport display description Indicates the default priority for untagged frames Indicates membership mode as Trunk or HybridAllowed Vlan Indicates tagged Interface Commands 45-12 Link Aggregation Commands Link Aggregation CommandsGuidelines for Creating Trunks Channel-group Dynamically Creating a Port ChannelSyntax Channel-group channel-idno channel-group Src-dst-ip Port channel load-balance Lacp Syntax No lacp Default Setting 32768 Lacp system-priority Lacp admin-keyEthernet Interface Lacp admin-key Port Channel Syntax Lacp admin-key key no lacp admin-keyInterface Configuration Port Channel This command displays Lacp information Lacp port-priorityShow lacp Show lacp counters display description Port Channel allType LACPDUs Illegal Pkts Show lacp neighbors display description Show lacp internal display description Show lacp sysid display description Show port-channel load-balance 46-12 Switchport broadcast packet-rate Broadcast Storm Control CommandsBroadcast Storm Control Commands Function Mode Enabled for all ports Packet-rate limit 500 pps Broadcast Storm Control Commands 47-2 Mirror Port Commands Function Mode Mirror Port CommandsInterface Configuration Ethernet, destination port Port monitor Following shows mirroring configured from port 6 to port This command displays mirror informationShow port monitor Syntax Show port monitor interface Rate Limit Commands Function Mode Rate Limit CommandsRate-limit Gigabit Ethernet 1000 Mbps Rate Limit Commands 49-2 Address Table Commands Function Mode Address Table CommandsMac-address-table static Action Clear mac-address-table dynamic Show mac-address-table Mac-address- MAC address Mask Bits to match in the addressShow ipv6 neighbors Show mac-address-table aging-time Mac-address-table aging-time Spanning Tree Commands Function Mode Spanning Tree Commands Syntax No spanning-tree Default Setting Spanning-tree modeSpanning tree is enabled Spanning-tree Spanning-tree forward-time Spanning-tree forward-time Spanning-tree forward-time 51-3spanning-tree max-age Spanning-tree hello-time Spanning-tree max-age Spanning-tree prioritySpanning-tree forward-time 51-3spanning-tree hello-time Long method Spanning-tree pathcost method This command limits the maximum transmission rate for BPDUs Spanning-tree mst-configurationSpanning-tree transmission-limit Count The transmission limit in seconds. Range MST Configuration Mst vlanNo mst instanceid vlan vlan-range Name Mst priorityMst instanceid priority priority no mst instanceid priority Syntax Name name Syntax Revision number RevisionNumber Revision number of the spanning tree. Range Name Syntax No spanning-tree spanning-disabled Default Setting Spanning-tree spanning-disabledThis example disables the spanning tree algorithm for port Max-hops Syntax Spanning-tree cost cost no spanning-tree cost Spanning-tree cost Spanning-tree port-priority Syntax No spanning-tree edge-port Default SettingSpanning-tree edge-port Priority The priority for a port. Range 0-240, in steps Spanning-tree portfast Syntax No spanning-tree portfast Default Setting Spanning-treeedge-port51-13 Spanning-tree link-type Spanning-tree mst port-priority51-17 Spanning-tree mst cost Spanning-tree mst port-priority Spanning-tree protocol-migrationSyntax Spanning-tree protocol-migration interface Syntax Show spanning-tree interface mst instanceid Show spanning-tree 51-19 Show spanning-tree mst configuration Gvrp and Bridge Extension Commands Vlan CommandsVlan Commands Command Groups Function Gvrp and Bridge Extension Commands Function Mode Syntax No bridge-ext gvrp Default Setting Bridge-ext gvrpShow bridge-ext Show gvrp configuration Switchport gvrpSyntax No switchport gvrp Default Setting Syntax Show gvrp configuration interface Garp timer Syntax Show garp timer interface Show garp timerCommands for Editing Vlan Groups Function Mode Editing Vlan Groups Vlan Database Configuration By default only Vlan 1 exists and is activeVlan Show vlan Commands for Configuring Vlan Interfaces Function Mode Configuring Vlan InterfacesInterface vlan Interface vlan Syntax Switchport mode hybrid trunk no switchport mode Switchport modeAll ports are in hybrid mode with the Pvid set to Vlan Switchport acceptable-frame-types52-9 Switchport ingress-filtering Switchport acceptable-frame-typesSwitchport mode Syntax No switchport ingress-filtering Default Setting Switchport native vlan Switchport allowed vlan No VLANs are included in the forbidden list Switchport forbidden vlan General Configuration Guidelines for QinQ Ieee 802.1Q Tunneling Commands Function ModeDot1q-tunnel 52-14 Show dot1q-tunnel52-16 Show interfaces switchport Syntax No dot1q-tunnel system-tunnel-control Default Setting 0x8100 Switchport dot1q-tunnel tpid Displaying Vlan Information Commands for Displaying Vlan Information Function Mode Following example shows how to display information for Vlan This command shows Vlan informationShow vlan Syntax Show vlan id vlan-idname vlan-name Vlan Commands 52-18 Private Vlan Commands Function Mode Private Vlan CommandsPvlan No private VLANs are defined Show pvlan This command displays the configured private Vlan Protocol-vlan protocol-group Configuring Groups Protocol-based Vlan CommandsProtocol-based Vlan Commands Function Mode 54-4 Protocol-vlan protocol-group Configuring No protocol groups are configuredNo protocol groups are mapped for any interface Show protocol-vlan protocol-group This shows protocol group 1 configured for IP over EthernetSyntax Show protocol-vlan protocol-group group-id Group-id- Group identifier for a protocol group. Range Mapping for all interfaces is displayed Show interfaces protocol-vlan protocol-group Priority Commands Layer Class of Service CommandsPriority Commands Command Groups Function Priority Commands Layer Function Mode Syntax Queue mode strict wrr no queue mode Queue modeWeighted Round Robin Queue bandwidth 55-4 show queue mode Switchport priority default Queue bandwidth Queue bandwidth weight1...weight4 no queue bandwidthQueue cos-map Queue cos-mapqueueid cos1 ... cosn no queue cos-map Default CoS Priority Levels Show queue modeThis command shows the current queue mode Show queue cos-map55-6 Show queue bandwidth This command shows the class of service priority mapShow queue cos-map Syntax Show queue cos-map interface Priority Commands Layer 3 Priority Commands Layer 3 Function ModeSyntax No map ip port Default Setting Syntax No map ip precedence Default Setting Following example shows how to map Http traffic to CoS value List below shows the default priority mapping Map ip precedence Interface Configuration Map ip dscp dscp-value cos cos-value no map ip dscp Syntax No map ip dscp Default Setting Show map ip port This command shows the IP port priority mapMapping IP Dscp to CoS Values IP Dscp Value Syntax Show map ip port interface This command shows the IP precedence priority map Show map ip precedenceSyntax Show map ip precedence interface This command shows the IP Dscp priority map Show map ip dscpSyntax Show map ip dscp interface 55-14 Quality of Service Commands Function Mode Quality of Service Commands Class-map Syntax No class-map class-map-namematch-anyShow class map Match Class Map Configuration Class Policy-mapNo policy-mappolicy-map-name No class class-map-name Set Policy Map Configuration Police Policy Map Class ConfigurationSyntax No police rate-kbpsburst-byteexceed-action drop set Drop out-of-profile packets Service-policy Syntax No service-policy input policy-map-nameNo policy map is attached to an interface Show policy-map Show class-mapSyntax Show class-map class-map-name Show policy-mappolicy-map-name class class-map-name Port-channel channel-idRange Command Mode Show policy-map interfaceSyntax Show policy-map interface interface input Quality of Service Commands 56-10 Multicast Filtering Commands Igmp Snooping CommandsIp igmp snooping Ip igmp snooping vlan static Ip igmp snooping versionIgmp Version Show mac-address-table multicast Show ip igmp snooping Igmp Query Commands Function Mode Igmp Query CommandsSyntax No ip igmp snooping querier Default Setting Ip igmp snooping querier Ip igmp snooping query-count Following shows how to configure the query count toIp igmp snooping query-interval Times Ip igmp snooping query-max-response-time Seconds The report delay advertised in Igmp queries. Range Ip igmp snooping router-port-expire-time Switch must use IGMPv2 for this command to take effect Static Multicast Routing Commands Function Mode Static Multicast Routing CommandsNo static multicast router ports are configured Ip igmp snooping vlan mrouter Show ip igmp snooping mrouter Displays multicast router ports for all configured VLANs Multicast Filtering Commands 57-10 DNS Commands Function Mode Domain Name Service CommandsIp host No ip host name address1 address2 … address8 Clear host This command deletes entries from the DNS tableThis example maps two address to a host name Syntax Clear host name Ip domain-list Ip domain-nameSyntax Ip domain-name name no ip domain-name Ip domain-list58-3 ip name-server58-4 ip domain-lookup58-5 Ip name-server Ip domain-name58-3Server-address1- IP address of domain-name server Syntax No ip domain-lookup Default Setting Ip domain-lookupIp domain-name58-3 ip domain-lookup58-5 Ip domain-name58-3 ip name-server58-4 Show hosts Show dns Show dns cacheShow dns cache display description Clear dns cache This command clears all entries in the DNS cache IPv4 Interface Commands IPv4 Configuration Commands Function ModeIp address Syntax Ip default-gateway gateway no ip default-gateway Ip default-gatewayGateway IP address of the default gateway Ip dhcp restart 59-3 ipv6 address Show ip redirects 59-4 ipv6 default-gateway60-12 Following example defines a default gateway for this deviceThis command submits an IPv4 Bootp or Dhcp client request Ip dhcp restart Ip default-gateway59-2 Show ipv6 default-gateway60-12 This command displays the settings of an IPv4 interfaceShow ip interface Show ip redirects Ping This command has no default for the hostSyntax Ping host count countsize size Interface 45-1 ping ipv6 59 IPv4 Interface Commands 59-6 IPv6 Configuration Commands IPv6 Interface Commands Syntax No ipv6 enable Default Setting Ipv6 enableIPv6 is disabled Ipv6 address link-local60-9 show ipv6 interface Ipv6 general-prefix No general prefix is definedShow ipv6 general-prefix60-4 Show ipv6 general-prefix This command displays all configured IPv6 general prefixesIpv6 address No IPv6 addresses are defined 60-5 Syntax No ipv6 address autoconfig Default Setting Ipv6 address autoconfig Ipv6 address Show ipv6 interface Ipv6 address eui-64 Ipv6 address autoconfig 60-6 show ipv6 interface Ipv6 address link-local Ipv6 enable Show ipv6 interface Show ipv6 interfaceShow ipv6 interface display description Field FF022, and solicited nodes FF021FFXXXXXX as described below Show ipv6 interface display descriptionAppending those bits to the prefix Maximum transmission unit for this interface Ipv6 default-gateway Show ipv6 default-gatewaySyntax Ipv6 default-gateway ipv6-addressno ipv6 address Syntax Ipv6 mtu size no ipv6 mtu Ipv6 mtu Show ipv6 traffic Show ipv6 mtuFollowing example shows the MTU cache for this device Show ipv6 mtu display description 60-15 Format errors Received in errorErrors discovered in processing their IPv6 options, etc Ipv6 rcvd Rcvd total Ipv6 sent Show ipv6 traffic display description Ipv6 icmp input Input Checksum errorsInput interface for the messages Prohibited messages received by the interface Ipv6 icmp output Clear ipv6 traffic Ping ipv6 Repeat 5 timeout 2 seconds Ipv6 neighbor Ipv6 nd dad attempts Show ipv6 neighbors 60-26mac-address-table staticSyntax Ipv6 nd dad attempts count no ipv6 nd dad attempts Ipv6 nd ns interval 60-25 show ipv6 neighbors Milliseconds is used for neighbor discovery operations Ipv6 nd ns interval Show ipv6 neighbors Syntax Show ipv6 neighbors vlan vlan-id ipv6-addressShow ipv6 neighbors display description Field Description Show ipv6 neighbors display description Clear ipv6 neighbors 60 IPv6 Interface Commands 60-28 Switch Cluster Commands Function Mode Switch Cluster CommandsSyntax No cluster Default Setting Cluster Syntax No cluster commander Default Setting Cluster commanderCluster ip-pool Syntax Cluster ip-pool ip-addressno cluster ip-pool No Members Cluster member Syntax Rcommand id member-id RcommandMember-id- The ID number of the Member switch. Range This command shows the switch clustering configuration This command shows the current switch cluster members Show cluster membersShow cluster candidates Switch Cluster Commands 61-6 Section IVAppendices Appendices Software Features Appendix a Software Specifications Groups 1, 2, 3, 9 Statistics, History, Alarm, Event Management FeaturesStandards Icmp RFC Igmp RFC Management Information Bases a Management Information Bases Software Specifications Problems Accessing the Management Interface Appendix B TroubleshootingTable B-1 Troubleshooting Chart Symptom Action Using System Logs Glossary Access Control List ACL See Generic Attribute Registration Protocol Extended Universal Identifier EUI Defines frame extensions for Vlan tagging Ieee 802.1Q See Port Trunk IP Precedence See Ieee Port Mirroring TCP/IP protocol commonly used for software downloads Secure Shell SSH User Datagram Protocol UDP Glossary Glossary-8 Numerics Index Index-2 Index-3 Index-4 Page ES4524D ES4548D E112006-CS-R01 149100030400A

Accton Technology ES4548D, ES4524D manual 802.1X Port Authentication, Dot1x system-auth-control

Models: ES4524D 24/48-Port ES4548D