Management ACL, Management access-list, 189

Management ACL

management access-list

The management access-listGlobal Configuration mode command defines an access-list for management, and enters the access-list for configuration. Once in the access-list configuration mode, the denied or permitted access conditions are configured with the deny and permit commands. To remove an access list, use the no form of this command.

Syntax

management access-list name

no management access-list name

•name—The access list name using up to 32 characters.

Default Configuration

This command has no default configuration.

Command Mode

Global Configuration mode

User Guidelines

•This command enters the access-list configuration mode, where the denied or permitted access conditions with the deny and permit commands must be defined.

•If no match criteria are defined the default is "deny".

•If reentering to an access-list context, the new rules are entered at the end of the access-list.

•Use the management access-classcommand to select the active access-list.

•The active management list cannot be updated or removed.

•Management ACL requires a valid management interface (valid IFindex). A valid management interface is an interface with an IP address. A valid (IFindex) management interface can be a single port, vlan or port-channel. Management ACL only restricts access to the device for management configuration or viewing.

Management ACL

189

Page 189

Image 189

Dell 5324 manual Management ACL, Management access-list, Name-The access list name using up to 32 characters, 189

5324 specifications

The Dell 5324 is a high-performance network switch that is designed to meet the demands of modern enterprise networking. This switch represents a blend of advanced features aimed at enhancing network efficiency, reliability, and scalability, which are crucial for businesses looking to optimize their infrastructure.

One of the standout features of the Dell 5324 is its Layer 3 routing capabilities. It supports static routing and various dynamic routing protocols, including RIP, OSPF, and BGP, allowing for efficient data transfer across complex networks. This capability is particularly beneficial for organizations that require robust inter-VLAN routing and seamless connectivity with multiple network segments.

The Dell 5324 comes equipped with 24 Gigabit Ethernet ports, which provide ample connectivity options for devices within the network. Additionally, it includes four 10 Gigabit SFP+ ports, enabling users to integrate high-speed uplinks easily. This flexibility allows businesses to expand their network as demand grows without the need for a completely new setup.

Power over Ethernet (PoE) support is another significant advantage of the Dell 5324, as it enables the switch to deliver both data and power to connected devices through a single Ethernet cable. This feature is particularly useful for powering IP phones, security cameras, and Wi-Fi access points, simplifying the overall cabling and ensuring a neater installation.

Furthermore, the Dell 5324 offers advanced security features that help protect the network from unauthorized access and potential threats. It includes features such as 802.1X port-based authentication, MAC address filtering, and VLAN segmentation, ensuring that only authorized devices can connect to the network.

The user-friendly web-based interface alongside command-line interface (CLI) access enhances manageability, allowing network administrators to monitor performance, configure settings, and troubleshoot issues with ease. In addition, the switch supports network automation protocols, which can streamline management tasks and improve efficiency.

The industrial-grade design of the Dell 5324 ensures its reliability in various environments, making it a suitable choice for data centers and enterprise networks alike. With its combination of performance, scalability, and security features, the Dell 5324 stands out as a capable solution for organizations looking to improve their network infrastructure. Its capabilities make it a versatile addition for businesses aiming for a robust and future-ready networking environment.

Contents

CLI Reference Guide Aug Contents Using the CLI Address Table Commands Clock Ethernet Configuration Commands Igmp Snooping Commands Lacp Commands Management ACL Port Monitor Commands Rmon Commands Spanning-Tree Commands SSH Commands Syslog Commands Tacacs Commands Vlan Commands 32 802.1x Commands 382 Page Command Groups Command GroupsIntroduction Configures and reports on Spanning Tree protocol Configures Tacacs commandsConfigures commands related to 802.1x security protocol Address Table Commands AAA Commands Configures the system to automatically switch Configures an external time source forDefines an authentication key for Simple Displays statically created entries in the bridge Configuration and Image Files Commands Displays the backup configuration file contents Ethernet Configuration Commands Gvrp Commands Defines a default gateway router Igmp Snooping CommandsIP Addressing Sets an IP address Line Commands Deletes entries from the host name-to-addressCache Sets the line for automatic baud rate detection Lldp Commands PHY Diagnostics Commands Management ACL Commands Port Channel Commands Port Monitor CommandsQoS Commands Enables each port trust state Radius Commands Snmp Commands Rmon Commands Spanning Tree Commands MST SSH Commands Overrides the default link-type settingSets the default path cost method Syslog Commands System Management Commands Tacacs CommandsReloads the operating system Vlan Commands User Interface CommandsSwitches the mode to debug Disables the default Vlan functionality Interface Reserves a Vlan as the internal usage Vlan of an Web Server Commands Command Description Access Mode 802.1x Commands Command Groups GC Global Configuration Mode Command Modes Device Notification operation Sntp IC Interface Configuration Mode An Extensible Authentication Protocol EAP request/identity Frame, from the client, before resending the requestReserves a Vlan as the internal usage Vlan of an interface LC Line Configuration Mode Enables the Simple Network Time Protocol Sntp client on anCommand Description PE Privileged User Exec Mode MA Management Access-level Mode Vlan UE User Exec Mode SP SSH Public Key Mode Command Modes VC Vlan Configuration Mode W . d e l l . c o m s u p p o r t . d e l l . c o m Using the CLI CLI Command ModesIntroduction Privileged Exec Mode User Exec Mode Exit End Ctrl+Z Global Configuration Mode Starting the CLI Editing Features Entering CommandsConsoleconfig# username admin password smith Negating the Effect of Commands Terminal Command BufferCommand Completion Config#interface ethernet Keyboard Shortcuts CLI Command ConventionsItalic font Enter Using the CLI Aaa authentication login AAA CommandsDefault Configuration Command Mode Aaa authentication enable Following example configures authentication loginExample Console config# aaa authentication enable default enable Login authentication Console config-line#login authentication default Enable authentication Ip http authentication Console config-line#enable authentication defaultFollowing example configures the http authentication Ip https authentication Show authentication methodsFollowing example configures https authentication This command has no default configuration Syntax Show authentication methods Default ConfigurationPrivileged Exec mode Following example displays the authentication configuration Password Console# show authentication methodsSyntax Password password encrypted No password Enable password No password is requiredFollowing example specifies a password secret on a line Username Show users accountsNo user is defined Console# show users accounts Syntax Show users accounts Default Configuration AAA Commands Address Table Commands Interface configuration Vlan modeBridge address This example, bridge multicast filtering is enabled Disabled. All multicast addresses are flooded to all portsConsole config# bridge multicast filtering Bridge multicast filtering No multicast addresses are defined ExamplesFollowing example registers the MAC address Command Modes Bridge multicast forbidden addressNo forbidden addresses are defined Bridge multicast forward-all Disable forward-all on the specified interfaceBridge multicast forbidden forward-all This example all multicast packets on port g8 are forwarded Syntax Bridge aging-time Clear bridge Syntax Clear bridgeConsole# clear bridge Disabled No port security Interface Configuration Ethernet, port-channel modePort security Port security routed secure-address Console config-if#port security routed secure-addressShow bridge address-table Mac-address-Specify a MAC address in the format Port-channel-number-A valid port-channel number Console# show bridge address-table Show bridge address-table static Console# show bridge address-table static Show bridge address-table countSyntax Show bridge address-table count vlan vlan Vlan -Specific Vlan Console# show bridge address-table count Show bridge multicast address-table Console # show bridge multicast address-table format ip Console # show bridge multicast address-table Show ports security Show bridge multicast filteringSyntax Show bridge multicast filtering vlan-id Vlanid-A valid Vlan ID value Console # show ports security Clock set ClockClock source Syntax Clock source sntp No clock source Clock timezone No external clock sourceConsole# clock source sntp Clock summer-time No authentication key is defined Sntp authentication-key Sntp authenticate Consoleconfig# sntp authentication-key 8 md5 ClkKeySyntax Sntp authenticate No sntp authenticate Following example authenticates key Sntp client poll timerSntp trusted-key Not trusted Sntp broadcast client enable Console config# sntp client poll timerConsole config# sntp broadcast client enable Sntp client enable interface Sntp anycast client enableConsole config-if#sntp anycast client enable Syntax Sntp client enable No sntp client enable Sntp unicast client enable Console config# sntp unicast client enable101 Sntp unicast client poll Console config# sntp unicast client pollSntp server Syntax Sntp unicast client poll no sntp unicast client poll Show clock Syntax Show clock detail103 104 Console# show clock Syntax Show sntp configuration Show sntp configurationConsole# show sntp configuration 105 Syntax Show sntp status Show sntp statusFollowing example shows the status of the Sntp 106 107 Clock Delete startup-config Configuration and Image FilesConsole# delete startup-config Copy 110 Understanding Invalid Combinations of Source and Destination Copy Character Descriptions Storing the Running or Startup Configuration on a ServerCopying image file from a Server to Flash Memory 111 Syntax Boot system image-1 image-2 Boot systemConsole# boot system image-1 112 Syntax Show running-config sort type Show running-configSort type defaults to interface if unspecified 113 Show startup-config Console# show running-config no spanning-treeSyntax Show startup-config sort type 114 115 Show backup-config Console# show startup-config no spanning-treeSyntax Show backup-config 116 117 Console# show backup-config software version Syntax Show bootvar Default Configuration Show bootvarConsole# show bootvar 118 Ethernet Configuration Commands Interface ethernetInterface range ethernet Interface is enabled Syntax Shutdown No shutdown Default ConfigurationFollowing example disables port g5 Shutdown Speed DescriptionSyntax Description string No description Syntax Speed 100 1000 No speed Duplex Syntax Duplex half full No duplex122 Syntax Negotiation No negotiation Default Configuration Consoleconfig# interface ethernet g5Negotiation Flowcontrol Syntax Flowcontrol auto on off No flowcontrol MdixSyntax Mdix on auto No mdix 124 Syntax Back-pressure No back-pressure Default Configuration Back-pressure125 Port jumbo-frame Clear counters126 Set interface active Show interfaces configurationConsole# clear counters ethernet g1 Console# set interface active ethernet g5 128 Interfaces configuration 129 Show interfaces status Console# show interfaces status 130 131 Show interfaces description Show interfaces counters Console# show interfaces description ethernet g1132 Console# show interfaces counters 133 Console# show interfaces counters ethernet g1 Following example displays counters for port g1Following table describes the fields shown in the display 134 Ieee Std .3, 2000 Edition, section 135 Syntax Show ports jumbo-frame Default Configuration Show ports jumbo-frame136 Consoleconfig# port storm-control include-multicast Port storm-control broadcast enablePort storm-control include-multicast Console# show ports jumbo-frame Consoleconfig-if#port storm-control broadcast enable Broadcast storm control is disabledDefault storm control broadcast rate is Port storm-control broadcast rate Following example displays the storm control configuration Consoleconfig-if#port storm-control broadcast rateShow ports storm-control Syntax Show ports storm-control interface 140 Gvrp enable global Gvrp CommandsGvrp enable interface Syntax Gvrp enable No gvrp enable Default Configuration Garp timer Following example enables Gvrp on ethernet g8142 By default, dynamic Vlan creation is enabled Gvrp vlan-creation-forbid143 Console config-if#gvrp registration-forbid Console config-if#gvrp vlan-creation-forbidGvrp registration-forbid Clear gvrp statistics Show gvrp configuration Console# clear gvrp statistics ethernet g8145 Console# show gvrp configuration Show gvrp statistics146 Following example shows Gvrp statistics information Show gvrp error-statistics147 Console# show gvrp statistics Console# show gvrp-error statistics Following example displays Gvrp statistics information148 Ip igmp snooping Global Igmp Snooping CommandsIp igmp snooping Interface 149 Ip igmp snooping mrouter Ip igmp snooping host-time-out150 Console config-if#ip igmp snooping host-time-out Ip igmp snooping mrouter-time-out151 Default leave-time-out configuration is 10 seconds Console config-if#ip igmp snooping mrouter-time-outConsole config-if#ip igmp snooping leave-time-out Ip igmp snooping leave-time-out Show ip igmp snooping mrouter Show ip igmp snooping interfaceConsole # show ip igmp snooping mrouter Example displays Igmp snooping information Show ip igmp snooping groupsConsole # show ip igmp snooping interface 154 Example shows Igmp snooping information Console # show ip igmp snooping groups155 Igmp Snooping Commands Clear host dhcp IP Addressing CommandsIp address Console# clear host dhcp Ip address dhcp Interface configuration Ethernet, VLAN, port-channelNo IP address is defined for interfaces 158 Syntax Ip default-gateway ip-address No ip default-gateway Ip default-gatewayNo default gateway is defined 159 Following example defines an ip default gateway Show ip interface160 Arp Console# show ip interface161 Arp timeout Console config# arp 198.133.219.232 00000c400fbc ethernetClear arp-cache Show arp Syntax Show arp Default ConfigurationConsole# clear arp-cache Following example displays entries in the ARP table Ip domain-name Ip domain-lookupSyntax Ip domain-lookup No ip domain-lookup Syntax Ip domain-name name No ip domain-name Ip host Ip name-serverNo name server addresses are specified Following example sets the available name server Syntax Ip host name address No ip host name Clear hostNo host is defined Syntax Clear host name Show hosts Default Configuration Command ModeSyntax Show hosts name 167 168 Lacp system-priority Lacp CommandsLacp port-priority Syntax Lacp port-priority value No lacp port-priority Syntax Lacp timeout long short No lacp timeout Lacp timeoutDefault port timeout value is long 170 Show lacp port-channel Show lacp ethernetConsole# show lacp ethernet g1 statistics Syntax Show lacp port-channel portchannelnumber 172 Console# show lacp port-channel Line Line CommandsSyntax Line console telnet ssh Syntax Speed bps Syntax Autobaud No autobaud Default Configuration Exec-timeoutAutobaud 174 Show line Syntax Exec-timeout minutes seconds No exec-timeoutSyntax Show line console telnet ssh 175 Terminal history Following example displays the line configurationTerminal history size Console# show line console 177 Maximum for the sum of all buffers is Line Commands Lldp enable global Lldp CommandsLldp enable interface Syntax Interface configuration Ethernet Lldp timerSyntax Lldp timer seconds No lldp timer Default 30 seconds Default Configuraiton Lldp reinit-delayLldp hold-multiplier Syntax Lldp hold-multiplier number No lldp hold-multiplier Syntax Lldp reinit-delay seconds No lldp reinit-delay Lldp tx-delaySyntax Lldp tx-delay seconds No lldp tx-delay Parameters Default value is 2 seconds Lldp management-address Lldp optional-tlvUsage Guidelines No optional TLV is transmitted 184 Clear lldp rx Syntax Show lldp configuration ethernet interface Show lldp configurationSwitch# show lldp configuration Show lldp local 186 Show lldp neighbors Switch# show lldp neighbors Switch# show lldp neighbors ethernet g1187 Lldp Commands Name-The access list name using up to 32 characters Management access-listManagement ACL 189 Console config# management access-class mlist Permit management190 Management Access-list Configuration mode Deny management191 192 Management access-class Show management access-class Show management access-listSyntax Show management access-list name Console# show management access-list Syntax Show management access-class Default Configuration Console# show management access-class194 Test copper-port tdr PHY Diagnostics CommandsShow copper-ports tdr Console# test copper-port tdr g3 Syntax Show copper-ports cable-length interface Show copper-ports cable-lengthPort must be active and working in 1000M 196 Show fiber-ports optical-transceiver Console# show copper-ports cable-length197 Console# show fiber-ports optical-transceiver 198 Console# show fiber-ports optical-transceiver detailed 199 PHY Diagnostics Commands Console config# interface port-channel Port Channel CommandsInterface port-channel Interface range port-channel Channel-group Console config# interface range port-channelPort is not assigned to any port-channel 202 Port channel load balance Console config-if#channel-group 1 mode onShow interfaces port-channel Syntax Show interfaces port-channel port-channel-number 204 Default is both rx and tx Port Monitor CommandsInterface Configuration mode Port monitor Syntax Show ports monitor Default Configuration Show ports monitor206 207 Console# show ports monitor Port Monitor Commands QoS Commands QosShow qos Following example displays a QoS mode Wrr-queue cos-map210 Wrr-queue bandwidth Interface Configuration Ethernet, port channel modeFollowing example maps CoS 3 to queue 211 Priority-queue out num-of-queues Following example assigns WRR weights to egress queuesAll queues are expedite queues 212 Show qos interface Console config# priority-queue out num-of-queuesFollowing example sets queue 4, 3 to be expedite queues 213 Qos map dscp-queue Console# show qos interface ethernet g1 queuing214 Qos trust Global Syntax Qos trust cos dscp No qos trust215 Syntax Qos cos default-cos No qos cos 216 Syntax Qos trust No qos trust Default ConfigurationQos trust Interface Qos cos Show qos map Syntax Show qos map dscp-queue217 Console# show qos map Dscp-queue map Following example displays the Dscp port-queue mapFollowing table describes the fields used above D1 x 10 + D2 = Value of Dscp By default, no Radius host is specified Radius CommandsRadius-server host Ip-address-IP address of the Radius server host Default is an empty string TimeoutRadius-server key Syntax Radius-server key key-string No radius-server key Radius-server retransmit Console config# radius-server retransmitRadius-server source-ip 221 Radius-server timeout Console config# radius-server timeout222 Syntax Show radius-servers Default Configuration Console config# radius-server deadtimeRadius-server deadtime Show radius-servers Following example displays the Radius server settings 224Console# show radius-servers Show rmon statistics Rmon CommandsConsole# show rmon statistics ethernet g1 225 Field Description 226 227 Rmon collection history Show rmon collection history Console config-if#rmon collection history 1 intervalFollowing example displays all Rmon group statistics Console# show rmon collection history 229 Show rmon history Console# show rmon history 5 errors 230Console# show rmon history 5 throughput 231 Console# show rmon history 5 other 232 Rmon alarm 233 Show rmon alarm-table Syntax Show rmon alarm-table Default Configuration Show rmon alarmConsole# show rmon alarm-table Syntax Show rmon alarm number Following example displays Rmon 1 alarms Console# show rmon alarm235 236 Rmon event Syntax Show rmon events Default Configuration Following example configures an event with the trap indexShow rmon events Following example displays the Rmon event table Console# show rmon events Show rmon logSyntax Show rmon log event Event-Event index. Range 0 Following example displays the Rmon logging table Console# show rmon log239 Rmon table-size Console config# rmon table-size historyHistory table size is Log table size is 240 There are no default communities defined Snmp CommandsSnmp-server community No snmp-server community community ip-address Default and DefaultSuper views exists Default SettingSnmp-server view 242 Snmp-server filter Product specific243 Snmp-server location Snmp-server contactIncluded Syntax Snmp-server contact text No snmp-server contact Console config# snmp-server enable traps Snmp-server enable trapsSyntax Snmp-server location text No snmp-server location 245 Console config# snmp-server trap authentication Snmp-server trap authenticationSnmp-server host 246 247 Snmp-server set 248 Snmp-server group Snmp-server user Console config# snmp-server group user-groupv3 priv readNo group entry exists Router context is translated to context in the MIB 250 Console config# snmp-server user Following example configures a new Snmp Version 3 userSnmp-server v3-host 251 Following example configures an SNMPv3 host Snmp-server engineID local252 Consoleconfig # snmp-server engineID local default Syntax Show snmp engineID Default SettingShow snmp engineid 253 Show snmp Syntax Show snmp Default ConfigurationConsole# sh snmp 254 Show snmp views Syntax Show snmp views viewname255 Show snmp groups Syntax Show snmp groups groupname256 Show snmp filters Syntax Show snmp filters filtername257 Show snmp users Syntax Show snmp users username258 259 Snmp Commands Spanning-tree mode Spanning-Tree CommandsSyntax Spanning-tree No spanning-tree Default Configuration Spanning-tree Consoleconfig# spanning-tree forward-time Consoleconfig# spanning-tree mode rstpSpanning-tree forward-time Seconds-Time in seconds. Range 4 263 Spanning-tree hello-time Consoleconfig# spanning-tree hello-time Spanning-tree max-age264 Consoleconfig# spanning-tree max-age Spanning-tree disableConsoleconfig# spanning-tree priority Spanning-tree priority Spanning-tree cost Following example disables spanning-tree on g5Syntax Spanning-tree cost cost No spanning-tree cost Cost-The port path cost Range 1 200,000,000 Spanning-tree port-priority Consoleconfig-if#spanning-tree port-prioritySpanning-tree portfast 267 Consoleconfig-if#spanning-tree link-type shared Consoleconfig-if#spanning-tree portfastSpanning-tree link-type 268 Console config # spanning-tree mst 1 priority Default number of hops isSpanning-tree mst priority Spanning-tree mst max-hops Consoleconfig-if#spanning-tree mst 1 port-priority Console config # spanning-tree mst max-hopsSpanning-tree mst port-priority 270 Spanning-tree mst cost Spanning-tree mst configurationInterface Long Short 271 Instance mst Syntax Spanning-tree mst configuration Default SettingSyntax Instance instance-id add remove vlan vlan-range 272 Revision mst Name mstSyntax Name string Syntax Revision value No revision Following example sets the configuration revision to Default configuration revision number isShow mst Syntax Show current pending Syntax Abort Default Setting Syntax Exit Default SettingExit mst Abort mst Spanning-tree bpdu Spanning-tree pathcost methodConsole# spanning-tree pathcost method long 276 Clear spanning-tree detected-protocols Consoleconfig# spanning-tree bpdu floodingSyntax Spanning-tree bpdu filtering flooding 277 Console# clear spanning-tree detected-protocols ethernet g1 Show spanning-treeFollowing example displays spanning-tree information 278 Console# show spanning-tree 279 280 281 282 283 284 285 286 Console# show spanning-tree mst-configuration 287 288 289 290 Spanning-tree mst mstp-rstp Root guard is disabled Consoleconfig# spanning-tree mst mstp-rstpInterface configuration Ethernet, port-channel Spanning-tree guard root Following example enable root guard on port g8 Consoleconfig-if#spanning-tree guard root292 SSH Commands Ip ssh portIp ssh server Console config# crypto key generate dsa Syntax Crypto key generate dsa Default ConfigurationCrypto key generate dsa Crypto key generate rsa Console config# crypto key generate rsa Syntax Crypto key generate rsa Default ConfigurationIp ssh pubkey-auth 295 Consoleconfig# crypto key pubkey-chain ssh Crypto key pubkey-chain sshUser-key Key-string Syntax Key-string row key-string297 Syntax Show ip ssh Default Configuration Show ip ssh298 Show crypto key mypubkey Following example displays the SSH server configurationSyntax Show crypto key mypubkey rsa dsa Rsa-RSA key Dsa-DSA key Show crypto key pubkey-chain ssh 300Console# show crypto key mypubkey rsa Following example displays the SSH public called bob Console# show crypto key pubkey-chain sshConsole# show crypto key pubkey-chain ssh username bob 301 SSH Commands Syntax Logging on no logging on Default Configuration Syslog CommandsLogging on Logging Logging console Default is informationalAs described in the field descriptions Syntax Logging console level No logging console Logging buffered Default level is informationalLogging buffered size Syntax Logging buffered level No logging buffered Syntax Clear logging Default Configuration Console config# logging buffered sizeClear logging Console# clear logging Logging file Syntax Clear logging file Default ConfigurationClear logging file Syntax Logging file level No logging file Show logging Syntax Show logging Default ConfigurationFollowing example clears messages from the logging file Console# clear logging file Show logging file Syntax Show logging file Default ConfigurationConsole# show logging 309 Syntax Show syslog-servers Default Configuration Show syslog-servers310 Following example displays the syslog server settings Console# show syslog-servers311 Syslog Commands System Management Timeout timeout-The default is 2000 millisecondsPing 313 Traceroute Following example displays a ping to IP address314 315 316 Special Telnet Command characters Telnet317 318 Keywords Table 319 Ports Table Resume Following command switches to another open Telnet sessionSyntax Resume connection 320 Hostname Reload Show users Show sessionsConsole# show users Show system Exec modeConsole show sessions Syntax Show system Following example displays the system information Show versionSyntax Show version 324 Console show system Syntax Asset-tag tag No asset-tag Asset-tagTag-The device asset tag. Range 1- 16 characters 325 Show system id Syntax Show system id Default ConfigurationConsole show system id 326 Tacacs-server host Tacacs CommandsNo Tacacs host is specified 327 Following example sets the authentication encryption key Tacacs-server timeoutTacacs-server key Following example specifies a TACACS+ host Console config# tacacs-server timeout Tacacs-server source-ip329 Syntax Show tacacs ip-address Show tacacsIp-address-Name or IP address of the host Console# show tacacs Enable DisableUser Interface Configure LoginSyntax Login Default Configuration Syntax Configure Syntax Exit Default Configuration ExitconfigurationAll command modes 333 ExitEXEC Syntax End Default ConfigurationEnd Following example closes an active terminal session Syntax History No history Default Configuration Syntax Help Default ConfigurationHelp History Syntax Debug-mode Default Configuration Syntax History size number-of-commands No history sizeHistory size Debug-mode Syntax Show history Default Configuration Show history337 Show privilege Syntax Show privilege Default ConfigurationConsole# show history Console# show privilege Vlan Commands Vlan databaseVlan Default-vlan disable Interface vlanConsole# vlan database Interface range vlan Syntax Interface range vlan vlan-range all341 Name Switchport access vlanSyntax Name string no name 342 Switchport trunk allowed vlan Console config-if#switchport access vlan343 Switchport general allowed vlan Switchport trunk native vlanConsole config-if#switchport trunk allowed vlan add 2,5-8 Console config-if#switchport trunk native vlan 345 Switchport general pvid Switchport general ingress-filtering disable Ingress filtering is enabled346 Switchport forbidden vlan Switchport general acceptable-frame-type tagged-onlyAll frame types are accepted at ingress All VLANs allowed Map protocol protocols-group Console config-if#switchport forbidden vlan addFollowing example maps protocol ip-arp to the group named 348 Ip internal-usage-vlan Switchport general map protocols-group vlanVlan-id-VLAN ID of the internal usage VLAN.Range Valid Vlan 349 Show vlan Console config# ip internal-usage-vlanSyntax Show vlan tag vlan-id name vlan-name Following example displays all Vlan information Syntax Show vlan internal usage Default Configuration Show vlan internal usage351 Show vlan protocols-groups Syntax Show vlan protocols-groups Default ConfigurationConsole# show vlan internal usage Following example displays protocols-groups information Show interfaces switchport Console# show vlan protocols-groups353 Switchport mode Console# show interface switchport ethernet g1Syntax Switchport mode customer access trunk general 354 No switchport mode Switchport customer vlanNo Vlan is configured Vlan-id- Vlan ID of the customer 356 Ip http server Web ServerIp http port Syntax Ip http port port-number No ip http port Ip https server Default for the device is disabledIp https port Syntax Ip https port port-number No ip https port Following example configures the https port number to Crypto certificate generate359 Crypto certificate request Console enable# crypto certificate generate key-generateCertificate and the SSL RSA key pairs do not exist Following example regenerates a Https certificate 361 Console# crypto certificate 1 request Syntax Crypto certificate number import Crypto certificate importNumber-Specifies the certificate number. Range 1 362 Ip https certificate Consoleconfig# crypto certificate 1 importCertificate number 363 Crypto certificate export pkcs12 Console config# ip https certificateSyntax Crypto certificate number export pkcs12 364 Following example exports the certificate and RSA keys 365Console# crypto certificate 1 export pkcs12 Syntax Crypto certificate number import pkcs12 passphrase Crypto certificate import pkcs12Following example imports the certificate and RSA keys 366 367 Syntax Show crypto certificate mycertificate number Show crypto certificate mycertificateFollowing example displays the certificate Console# show crypto certificate mycertificate Show ip http Show ip httpsConsole# show ip http 370 Console# show ip https Aaa authentication dot1x 802.1x CommandsConsole config# aaa authentication dot1x default none Method1 method2...-At least one from the following table Console config# dot1x system-auto-control Following example enables 802.1x globallyDot1x system-auto-control Dot1x port-control Console config-if#dot1x port-control auto Dot1x re-authenticationSyntax Dot1x re-authentication No dot1x re-authentication 373 Dot1x re-authenticate Dot1x timeout re-authperiodConsole config-if#dot1x re-authentication Console config-if#dot1x timeout re-authperiod Dot1x timeout quiet-period Console# dot1x re-authenticate ethernet g8375 Dot1x timeout tx-period Console config-if#dot1x timeout quiet-period376 Dot1x max-req Dot1x timeout supp-timeoutSyntax Dot1x max-req count No dot1x max-req 377 378 Dot1x timeout server-timeout Show dot1x Console config# dot1x timeout server-timeoutSyntax Show dot1x ethernet interface 379 Console# show dot1x ethernet g3 380 Syntax Show dot1x users username username Show dot1x usersUsername-Supplicant username Range 1- 160 characters Following example displays 802.1X users Show dot1x statistics Syntax Show dot1x statistics ethernet interface382 383 Switch# show dot1x statistics ethernet g1 Dot1x auth-not-req User should be authorized to access the VlanSyntax Dot1x auth-not-req no dot1x auth-not-req 384 Dot1x single-host-violation Dot1x multiple-hostsSyntax Dot1x multiple-hosts no dot1x multiple-hosts 385 Forward trap Show dot1x advancedSyntax Show dot1x advanced ethernet interface 386 Switch# show dot1x advanced Switch# show dot1x advanced ethernet g1387 388 Console# show dot1x advanced ethernet g1

Dell 5324 manual Management ACL, Management access-list, 189

Models: 5324

Management ACL

management access-list

•name—The access list name using up to 32 characters.

Default Configuration

This command has no default configuration.

Command Mode

User Guidelines

189

5324 specifications