Permit management, 190 | Dell 5324 manual

w w w . d e l l . c o m s u p p o r t . d e l l . c o m

Examples

The following example shows how to create an access-list called "mlist", configure two management interfaces ethernet g1 and ethernet g9, and make the access-list the active list.

Console (config)# management access-listmlist

Console (config-macl)# permit ethernet g1

Console (config-macl)# permit ethernet g9

Console (config-macl)# exit

Console (config)# management access-class mlist

The following example shows how to create an access-list called "mlist", configure all interfaces to be management interfaces except interfaces ethernet g1 and ethernet g9, and make the access-list the active list.

Console (config)# management access-listmlist

Console (config-macl)# deny ethernet g1

Console (config-macl)# deny ethernet g9

Console (config-macl)# permit

Console (config-macl)# exit

Console (config)# management access-class mlist

permit (management)

The permit Management Access-List Configuration mode command defines a permit rule.

Syntax

permit [ethernet interface-number vlan vlan-id port-channel number] [service service]

permit ip-source ip-address [mask mask prefix-length] [ethernet interface-number vlan vlan-id port-channel number] [service service]

•ethernet interface-number—A valid Ethernet port number.

•vlan vlan-id—A valid VLAN number.

•port-channelnumber—A valid port channel number.

•ip-address—Source IP address.(Range: Valid IP Address)

•mask mask—Specifies the network mask of the source IP address. (Range: Valid subnet mask)

190

Management ACL

Page 190

Image 190

Dell 5324 manual Permit management, Console config# management access-class mlist, 190

5324 specifications

The Dell 5324 is a high-performance network switch that is designed to meet the demands of modern enterprise networking. This switch represents a blend of advanced features aimed at enhancing network efficiency, reliability, and scalability, which are crucial for businesses looking to optimize their infrastructure.

One of the standout features of the Dell 5324 is its Layer 3 routing capabilities. It supports static routing and various dynamic routing protocols, including RIP, OSPF, and BGP, allowing for efficient data transfer across complex networks. This capability is particularly beneficial for organizations that require robust inter-VLAN routing and seamless connectivity with multiple network segments.

The Dell 5324 comes equipped with 24 Gigabit Ethernet ports, which provide ample connectivity options for devices within the network. Additionally, it includes four 10 Gigabit SFP+ ports, enabling users to integrate high-speed uplinks easily. This flexibility allows businesses to expand their network as demand grows without the need for a completely new setup.

Power over Ethernet (PoE) support is another significant advantage of the Dell 5324, as it enables the switch to deliver both data and power to connected devices through a single Ethernet cable. This feature is particularly useful for powering IP phones, security cameras, and Wi-Fi access points, simplifying the overall cabling and ensuring a neater installation.

Furthermore, the Dell 5324 offers advanced security features that help protect the network from unauthorized access and potential threats. It includes features such as 802.1X port-based authentication, MAC address filtering, and VLAN segmentation, ensuring that only authorized devices can connect to the network.

The user-friendly web-based interface alongside command-line interface (CLI) access enhances manageability, allowing network administrators to monitor performance, configure settings, and troubleshoot issues with ease. In addition, the switch supports network automation protocols, which can streamline management tasks and improve efficiency.

The industrial-grade design of the Dell 5324 ensures its reliability in various environments, making it a suitable choice for data centers and enterprise networks alike. With its combination of performance, scalability, and security features, the Dell 5324 stands out as a capable solution for organizations looking to improve their network infrastructure. Its capabilities make it a versatile addition for businesses aiming for a robust and future-ready networking environment.

Contents

CLI Reference Guide Aug Contents Using the CLI Address Table Commands Clock Ethernet Configuration Commands Igmp Snooping Commands Lacp Commands Management ACL Port Monitor Commands Rmon Commands Spanning-Tree Commands SSH Commands Syslog Commands Tacacs Commands Vlan Commands 32 802.1x Commands 382 Page Command Groups Command GroupsIntroduction Configures Tacacs commands Configures and reports on Spanning Tree protocolConfigures commands related to 802.1x security protocol AAA Commands Address Table Commands Defines an authentication key for Simple Configures an external time source forConfigures the system to automatically switch Displays statically created entries in the bridge Configuration and Image Files Commands Ethernet Configuration Commands Displays the backup configuration file contents Gvrp Commands IP Addressing Igmp Snooping CommandsDefines a default gateway router Sets an IP address Deletes entries from the host name-to-address Line CommandsCache Lldp Commands Sets the line for automatic baud rate detection Management ACL Commands PHY Diagnostics Commands Port Monitor Commands Port Channel CommandsQoS Commands Radius Commands Enables each port trust state Rmon Commands Snmp Commands Spanning Tree Commands MST Overrides the default link-type setting SSH CommandsSets the default path cost method Syslog Commands Tacacs Commands System Management CommandsReloads the operating system Switches the mode to debug User Interface CommandsVlan Commands Disables the default Vlan functionality Reserves a Vlan as the internal usage Vlan of an Interface Web Server Commands 802.1x Commands Command Description Access Mode Command Groups Command Modes GC Global Configuration Mode Device Notification operation IC Interface Configuration Mode Sntp Frame, from the client, before resending the request An Extensible Authentication Protocol EAP request/identityReserves a Vlan as the internal usage Vlan of an interface Enables the Simple Network Time Protocol Sntp client on an LC Line Configuration ModeCommand Description MA Management Access-level Mode PE Privileged User Exec Mode Vlan SP SSH Public Key Mode UE User Exec Mode Command Modes VC Vlan Configuration Mode W . d e l l . c o m s u p p o r t . d e l l . c o m CLI Command Modes Using the CLIIntroduction User Exec Mode Privileged Exec Mode Global Configuration Mode Exit End Ctrl+Z Starting the CLI Entering Commands Editing FeaturesConsoleconfig# username admin password smith Command Completion Terminal Command BufferNegating the Effect of Commands Config#interface ethernet Italic font CLI Command ConventionsKeyboard Shortcuts Enter Using the CLI Default Configuration AAA CommandsAaa authentication login Command Mode Following example configures authentication login Aaa authentication enableExample Login authentication Console config# aaa authentication enable default enable Enable authentication Console config-line#login authentication default Console config-line#enable authentication default Ip http authenticationFollowing example configures the http authentication Show authentication methods Ip https authenticationFollowing example configures https authentication Privileged Exec mode Syntax Show authentication methods Default ConfigurationThis command has no default configuration Following example displays the authentication configuration Console# show authentication methods PasswordSyntax Password password encrypted No password No password is required Enable passwordFollowing example specifies a password secret on a line Show users accounts UsernameNo user is defined Syntax Show users accounts Default Configuration Console# show users accounts AAA Commands Interface configuration Vlan mode Address Table CommandsBridge address Console config# bridge multicast filtering Disabled. All multicast addresses are flooded to all portsThis example, bridge multicast filtering is enabled Bridge multicast filtering Examples No multicast addresses are definedFollowing example registers the MAC address Bridge multicast forbidden address Command ModesNo forbidden addresses are defined Bridge multicast forbidden forward-all Disable forward-all on the specified interfaceBridge multicast forward-all This example all multicast packets on port g8 are forwarded Bridge aging-time Syntax Syntax Clear bridge Clear bridgeConsole# clear bridge Interface Configuration Ethernet, port-channel mode Disabled No port securityPort security Show bridge address-table Console config-if#port security routed secure-addressPort security routed secure-address Mac-address-Specify a MAC address in the format Port-channel-number-A valid port-channel number Show bridge address-table static Console# show bridge address-table Syntax Show bridge address-table count vlan vlan Show bridge address-table countConsole# show bridge address-table static Vlan -Specific Vlan Show bridge multicast address-table Console# show bridge address-table count Console # show bridge multicast address-table Console # show bridge multicast address-table format ip Syntax Show bridge multicast filtering vlan-id Show bridge multicast filteringShow ports security Vlanid-A valid Vlan ID value Console # show ports security Clock source ClockClock set Syntax Clock source sntp No clock source No external clock source Clock timezoneConsole# clock source sntp Clock summer-time Sntp authentication-key No authentication key is defined Consoleconfig# sntp authentication-key 8 md5 ClkKey Sntp authenticateSyntax Sntp authenticate No sntp authenticate Sntp trusted-key Sntp client poll timerFollowing example authenticates key Not trusted Console config# sntp client poll timer Sntp broadcast client enableConsole config# sntp broadcast client enable Console config-if#sntp anycast client enable Sntp anycast client enableSntp client enable interface Syntax Sntp client enable No sntp client enable Console config# sntp unicast client enable Sntp unicast client enable101 Sntp server Console config# sntp unicast client pollSntp unicast client poll Syntax Sntp unicast client poll no sntp unicast client poll Syntax Show clock detail Show clock103 Console# show clock 104 Console# show sntp configuration Show sntp configurationSyntax Show sntp configuration 105 Following example shows the status of the Sntp Show sntp statusSyntax Show sntp status 106 107 Clock Console# delete startup-config Configuration and Image FilesDelete startup-config Copy Understanding Invalid Combinations of Source and Destination 110 Copying image file from a Server to Flash Memory Storing the Running or Startup Configuration on a ServerCopy Character Descriptions 111 Console# boot system image-1 Boot systemSyntax Boot system image-1 image-2 112 Sort type defaults to interface if unspecified Show running-configSyntax Show running-config sort type 113 Console# show running-config no spanning-tree Show startup-configSyntax Show startup-config sort type 114 115 Console# show startup-config no spanning-tree Show backup-configSyntax Show backup-config 116 Console# show backup-config software version 117 Console# show bootvar Show bootvarSyntax Show bootvar Default Configuration 118 Interface ethernet Ethernet Configuration CommandsInterface range ethernet Following example disables port g5 Syntax Shutdown No shutdown Default ConfigurationInterface is enabled Shutdown Syntax Description string No description DescriptionSpeed Syntax Speed 100 1000 No speed Syntax Duplex half full No duplex Duplex122 Negotiation Consoleconfig# interface ethernet g5Syntax Negotiation No negotiation Default Configuration Flowcontrol Syntax Mdix on auto No mdix MdixSyntax Flowcontrol auto on off No flowcontrol 124 Back-pressure Syntax Back-pressure No back-pressure Default Configuration125 Clear counters Port jumbo-frame126 Console# clear counters ethernet g1 Show interfaces configurationSet interface active Console# set interface active ethernet g5 Interfaces configuration 128 Show interfaces status 129 130 Console# show interfaces status Show interfaces description 131 Console# show interfaces description ethernet g1 Show interfaces counters132 133 Console# show interfaces counters Following table describes the fields shown in the display Following example displays counters for port g1Console# show interfaces counters ethernet g1 134 135 Ieee Std .3, 2000 Edition, section Show ports jumbo-frame Syntax Show ports jumbo-frame Default Configuration136 Port storm-control include-multicast Port storm-control broadcast enableConsoleconfig# port storm-control include-multicast Console# show ports jumbo-frame Default storm control broadcast rate is Broadcast storm control is disabledConsoleconfig-if#port storm-control broadcast enable Port storm-control broadcast rate Show ports storm-control Consoleconfig-if#port storm-control broadcast rateFollowing example displays the storm control configuration Syntax Show ports storm-control interface 140 Gvrp enable interface Gvrp CommandsGvrp enable global Syntax Gvrp enable No gvrp enable Default Configuration Following example enables Gvrp on ethernet g8 Garp timer142 Gvrp vlan-creation-forbid By default, dynamic Vlan creation is enabled143 Gvrp registration-forbid Console config-if#gvrp vlan-creation-forbidConsole config-if#gvrp registration-forbid Clear gvrp statistics Console# clear gvrp statistics ethernet g8 Show gvrp configuration145 Show gvrp statistics Console# show gvrp configuration146 147 Show gvrp error-statisticsFollowing example shows Gvrp statistics information Console# show gvrp statistics Following example displays Gvrp statistics information Console# show gvrp-error statistics148 Ip igmp snooping Interface Igmp Snooping CommandsIp igmp snooping Global 149 Ip igmp snooping host-time-out Ip igmp snooping mrouter150 Ip igmp snooping mrouter-time-out Console config-if#ip igmp snooping host-time-out151 Console config-if#ip igmp snooping leave-time-out Console config-if#ip igmp snooping mrouter-time-outDefault leave-time-out configuration is 10 seconds Ip igmp snooping leave-time-out Show ip igmp snooping interface Show ip igmp snooping mrouterConsole # show ip igmp snooping mrouter Console # show ip igmp snooping interface Show ip igmp snooping groupsExample displays Igmp snooping information 154 Console # show ip igmp snooping groups Example shows Igmp snooping information155 Igmp Snooping Commands Ip address IP Addressing CommandsClear host dhcp Console# clear host dhcp No IP address is defined for interfaces Interface configuration Ethernet, VLAN, port-channelIp address dhcp 158 No default gateway is defined Ip default-gatewaySyntax Ip default-gateway ip-address No ip default-gateway 159 Show ip interface Following example defines an ip default gateway160 Console# show ip interface Arp161 Console config# arp 198.133.219.232 00000c400fbc ethernet Arp timeoutClear arp-cache Console# clear arp-cache Syntax Show arp Default ConfigurationShow arp Following example displays entries in the ARP table Syntax Ip domain-lookup No ip domain-lookup Ip domain-lookupIp domain-name Syntax Ip domain-name name No ip domain-name No name server addresses are specified Ip name-serverIp host Following example sets the available name server No host is defined Clear hostSyntax Ip host name address No ip host name Syntax Clear host name Syntax Show hosts name Default Configuration Command ModeShow hosts 167 168 Lacp port-priority Lacp CommandsLacp system-priority Syntax Lacp port-priority value No lacp port-priority Default port timeout value is long Lacp timeoutSyntax Lacp timeout long short No lacp timeout 170 Console# show lacp ethernet g1 statistics Show lacp ethernetShow lacp port-channel Syntax Show lacp port-channel portchannelnumber Console# show lacp port-channel 172 Syntax Line console telnet ssh Line CommandsLine Syntax Speed bps Autobaud Exec-timeoutSyntax Autobaud No autobaud Default Configuration 174 Syntax Show line console telnet ssh Syntax Exec-timeout minutes seconds No exec-timeoutShow line 175 Terminal history size Following example displays the line configurationTerminal history Console# show line console Maximum for the sum of all buffers is 177 Line Commands Lldp enable interface Lldp CommandsLldp enable global Syntax Syntax Lldp timer seconds No lldp timer Lldp timerInterface configuration Ethernet Default 30 seconds Lldp hold-multiplier Lldp reinit-delayDefault Configuraiton Syntax Lldp hold-multiplier number No lldp hold-multiplier Syntax Lldp tx-delay seconds No lldp tx-delay Parameters Lldp tx-delaySyntax Lldp reinit-delay seconds No lldp reinit-delay Default value is 2 seconds Usage Guidelines Lldp optional-tlvLldp management-address No optional TLV is transmitted Clear lldp rx 184 Switch# show lldp configuration Show lldp configurationSyntax Show lldp configuration ethernet interface Show lldp local Show lldp neighbors 186 Switch# show lldp neighbors ethernet g1 Switch# show lldp neighbors187 Lldp Commands Management ACL Management access-listName-The access list name using up to 32 characters 189 Permit management Console config# management access-class mlist190 Deny management Management Access-list Configuration mode191 Management access-class 192 Syntax Show management access-list name Show management access-listShow management access-class Console# show management access-list Console# show management access-class Syntax Show management access-class Default Configuration194 Show copper-ports tdr PHY Diagnostics CommandsTest copper-port tdr Console# test copper-port tdr g3 Port must be active and working in 1000M Show copper-ports cable-lengthSyntax Show copper-ports cable-length interface 196 Console# show copper-ports cable-length Show fiber-ports optical-transceiver197 198 Console# show fiber-ports optical-transceiver 199 Console# show fiber-ports optical-transceiver detailed PHY Diagnostics Commands Interface port-channel Port Channel CommandsConsole config# interface port-channel Interface range port-channel Port is not assigned to any port-channel Console config# interface range port-channelChannel-group 202 Show interfaces port-channel Console config-if#channel-group 1 mode onPort channel load balance Syntax Show interfaces port-channel port-channel-number 204 Interface Configuration mode Port Monitor CommandsDefault is both rx and tx Port monitor Show ports monitor Syntax Show ports monitor Default Configuration206 Console# show ports monitor 207 Port Monitor Commands Qos QoS CommandsShow qos Wrr-queue cos-map Following example displays a QoS mode210 Following example maps CoS 3 to queue Interface Configuration Ethernet, port channel modeWrr-queue bandwidth 211 All queues are expedite queues Following example assigns WRR weights to egress queuesPriority-queue out num-of-queues 212 Following example sets queue 4, 3 to be expedite queues Console config# priority-queue out num-of-queuesShow qos interface 213 Console# show qos interface ethernet g1 queuing Qos map dscp-queue214 Syntax Qos trust cos dscp No qos trust Qos trust Global215 Qos trust Interface Syntax Qos trust No qos trust Default ConfigurationSyntax Qos cos default-cos No qos cos 216 Qos cos Syntax Show qos map dscp-queue Show qos map217 Following table describes the fields used above Following example displays the Dscp port-queue mapConsole# show qos map Dscp-queue map D1 x 10 + D2 = Value of Dscp Radius-server host Radius CommandsBy default, no Radius host is specified Ip-address-IP address of the Radius server host Radius-server key TimeoutDefault is an empty string Syntax Radius-server key key-string No radius-server key Radius-server source-ip Console config# radius-server retransmitRadius-server retransmit 221 Console config# radius-server timeout Radius-server timeout222 Radius-server deadtime Console config# radius-server deadtimeSyntax Show radius-servers Default Configuration Show radius-servers 224 Following example displays the Radius server settingsConsole# show radius-servers Console# show rmon statistics ethernet g1 Rmon CommandsShow rmon statistics 225 226 Field Description Rmon collection history 227 Following example displays all Rmon group statistics Console config-if#rmon collection history 1 intervalShow rmon collection history Console# show rmon collection history Show rmon history 229 230 Console# show rmon history 5 errorsConsole# show rmon history 5 throughput Console# show rmon history 5 other 231 Rmon alarm 232 Show rmon alarm-table 233 Console# show rmon alarm-table Show rmon alarmSyntax Show rmon alarm-table Default Configuration Syntax Show rmon alarm number Console# show rmon alarm Following example displays Rmon 1 alarms235 Rmon event 236 Show rmon events Following example configures an event with the trap indexSyntax Show rmon events Default Configuration Following example displays the Rmon event table Syntax Show rmon log event Show rmon logConsole# show rmon events Event-Event index. Range 0 Console# show rmon log Following example displays the Rmon logging table239 History table size is Log table size is Console config# rmon table-size historyRmon table-size 240 Snmp-server community Snmp CommandsThere are no default communities defined No snmp-server community community ip-address Snmp-server view Default SettingDefault and DefaultSuper views exists 242 Product specific Snmp-server filter243 Included Snmp-server contactSnmp-server location Syntax Snmp-server contact text No snmp-server contact Syntax Snmp-server location text No snmp-server location Snmp-server enable trapsConsole config# snmp-server enable traps 245 Snmp-server host Snmp-server trap authenticationConsole config# snmp-server trap authentication 246 Snmp-server set 247 Snmp-server group 248 No group entry exists Console config# snmp-server group user-groupv3 priv readSnmp-server user Router context is translated to context in the MIB 250 Snmp-server v3-host Following example configures a new Snmp Version 3 userConsole config# snmp-server user 251 Snmp-server engineID local Following example configures an SNMPv3 host252 Show snmp engineid Syntax Show snmp engineID Default SettingConsoleconfig # snmp-server engineID local default 253 Console# sh snmp Syntax Show snmp Default ConfigurationShow snmp 254 Syntax Show snmp views viewname Show snmp views255 Syntax Show snmp groups groupname Show snmp groups256 Syntax Show snmp filters filtername Show snmp filters257 Syntax Show snmp users username Show snmp users258 259 Snmp Commands Syntax Spanning-tree No spanning-tree Default Configuration Spanning-Tree CommandsSpanning-tree mode Spanning-tree Spanning-tree forward-time Consoleconfig# spanning-tree mode rstpConsoleconfig# spanning-tree forward-time Seconds-Time in seconds. Range 4 Spanning-tree hello-time 263 Spanning-tree max-age Consoleconfig# spanning-tree hello-time264 Consoleconfig# spanning-tree priority Spanning-tree disableConsoleconfig# spanning-tree max-age Spanning-tree priority Syntax Spanning-tree cost cost No spanning-tree cost Following example disables spanning-tree on g5Spanning-tree cost Cost-The port path cost Range 1 200,000,000 Spanning-tree portfast Consoleconfig-if#spanning-tree port-prioritySpanning-tree port-priority 267 Spanning-tree link-type Consoleconfig-if#spanning-tree portfastConsoleconfig-if#spanning-tree link-type shared 268 Spanning-tree mst priority Default number of hops isConsole config # spanning-tree mst 1 priority Spanning-tree mst max-hops Spanning-tree mst port-priority Console config # spanning-tree mst max-hopsConsoleconfig-if#spanning-tree mst 1 port-priority 270 Interface Long Short Spanning-tree mst configurationSpanning-tree mst cost 271 Syntax Instance instance-id add remove vlan vlan-range Syntax Spanning-tree mst configuration Default SettingInstance mst 272 Syntax Name string Name mstRevision mst Syntax Revision value No revision Show mst Default configuration revision number isFollowing example sets the configuration revision to Syntax Show current pending Exit mst Syntax Exit Default SettingSyntax Abort Default Setting Abort mst Console# spanning-tree pathcost method long Spanning-tree pathcost methodSpanning-tree bpdu 276 Syntax Spanning-tree bpdu filtering flooding Consoleconfig# spanning-tree bpdu floodingClear spanning-tree detected-protocols 277 Following example displays spanning-tree information Show spanning-treeConsole# clear spanning-tree detected-protocols ethernet g1 278 279 Console# show spanning-tree 280 281 282 283 284 285 Console# show spanning-tree mst-configuration 286 287 288 289 Spanning-tree mst mstp-rstp 290 Interface configuration Ethernet, port-channel Consoleconfig# spanning-tree mst mstp-rstpRoot guard is disabled Spanning-tree guard root Consoleconfig-if#spanning-tree guard root Following example enable root guard on port g8292 Ip ssh port SSH CommandsIp ssh server Crypto key generate dsa Syntax Crypto key generate dsa Default ConfigurationConsole config# crypto key generate dsa Crypto key generate rsa Ip ssh pubkey-auth Syntax Crypto key generate rsa Default ConfigurationConsole config# crypto key generate rsa 295 Crypto key pubkey-chain ssh Consoleconfig# crypto key pubkey-chain sshUser-key Syntax Key-string row key-string Key-string297 Show ip ssh Syntax Show ip ssh Default Configuration298 Syntax Show crypto key mypubkey rsa dsa Following example displays the SSH server configurationShow crypto key mypubkey Rsa-RSA key Dsa-DSA key 300 Show crypto key pubkey-chain sshConsole# show crypto key mypubkey rsa Console# show crypto key pubkey-chain ssh username bob Console# show crypto key pubkey-chain sshFollowing example displays the SSH public called bob 301 SSH Commands Logging on Syslog CommandsSyntax Logging on no logging on Default Configuration Logging As described in the field descriptions Default is informationalLogging console Syntax Logging console level No logging console Logging buffered size Default level is informationalLogging buffered Syntax Logging buffered level No logging buffered Clear logging Console config# logging buffered sizeSyntax Clear logging Default Configuration Console# clear logging Clear logging file Syntax Clear logging file Default ConfigurationLogging file Syntax Logging file level No logging file Following example clears messages from the logging file Syntax Show logging Default ConfigurationShow logging Console# clear logging file Console# show logging Syntax Show logging file Default ConfigurationShow logging file 309 Show syslog-servers Syntax Show syslog-servers Default Configuration310 Console# show syslog-servers Following example displays the syslog server settings311 Syslog Commands Ping Timeout timeout-The default is 2000 millisecondsSystem Management 313 Following example displays a ping to IP address Traceroute314 315 316 Telnet Special Telnet Command characters317 Keywords Table 318 Ports Table 319 Syntax Resume connection Following command switches to another open Telnet sessionResume 320 Reload Hostname Show sessions Show usersConsole# show users Console show sessions Exec modeShow system Syntax Show system Syntax Show version 324 Show versionFollowing example displays the system information Console show system Tag-The device asset tag. Range 1- 16 characters Asset-tagSyntax Asset-tag tag No asset-tag 325 Console show system id Syntax Show system id Default ConfigurationShow system id 326 No Tacacs host is specified Tacacs CommandsTacacs-server host 327 Tacacs-server key Tacacs-server timeoutFollowing example sets the authentication encryption key Following example specifies a TACACS+ host Tacacs-server source-ip Console config# tacacs-server timeout329 Ip-address-Name or IP address of the host Show tacacsSyntax Show tacacs ip-address Console# show tacacs Disable EnableUser Interface Syntax Login Default Configuration LoginConfigure Syntax Configure All command modes ExitconfigurationSyntax Exit Default Configuration 333 End Syntax End Default ConfigurationExitEXEC Following example closes an active terminal session Help Syntax Help Default ConfigurationSyntax History No history Default Configuration History History size Syntax History size number-of-commands No history sizeSyntax Debug-mode Default Configuration Debug-mode Show history Syntax Show history Default Configuration337 Console# show history Syntax Show privilege Default ConfigurationShow privilege Console# show privilege Vlan database Vlan CommandsVlan Interface vlan Default-vlan disableConsole# vlan database Syntax Interface range vlan vlan-range all Interface range vlan341 Syntax Name string no name Switchport access vlanName 342 Console config-if#switchport access vlan Switchport trunk allowed vlan343 Console config-if#switchport trunk allowed vlan add 2,5-8 Switchport trunk native vlanSwitchport general allowed vlan Console config-if#switchport trunk native vlan Switchport general pvid 345 Ingress filtering is enabled Switchport general ingress-filtering disable346 All frame types are accepted at ingress Switchport general acceptable-frame-type tagged-onlySwitchport forbidden vlan All VLANs allowed Following example maps protocol ip-arp to the group named Console config-if#switchport forbidden vlan addMap protocol protocols-group 348 Vlan-id-VLAN ID of the internal usage VLAN.Range Valid Vlan Switchport general map protocols-group vlanIp internal-usage-vlan 349 Syntax Show vlan tag vlan-id name vlan-name Console config# ip internal-usage-vlanShow vlan Following example displays all Vlan information Show vlan internal usage Syntax Show vlan internal usage Default Configuration351 Console# show vlan internal usage Syntax Show vlan protocols-groups Default ConfigurationShow vlan protocols-groups Following example displays protocols-groups information Console# show vlan protocols-groups Show interfaces switchport353 Console# show interface switchport ethernet g1 Switchport modeSyntax Switchport mode customer access trunk general 354 No Vlan is configured Switchport customer vlanNo switchport mode Vlan-id- Vlan ID of the customer 356 Ip http port Web ServerIp http server Syntax Ip http port port-number No ip http port Ip https port Default for the device is disabledIp https server Syntax Ip https port port-number No ip https port Crypto certificate generate Following example configures the https port number to359 Certificate and the SSL RSA key pairs do not exist Console enable# crypto certificate generate key-generateCrypto certificate request Following example regenerates a Https certificate Console# crypto certificate 1 request 361 Number-Specifies the certificate number. Range 1 Crypto certificate importSyntax Crypto certificate number import 362 Certificate number Consoleconfig# crypto certificate 1 importIp https certificate 363 Syntax Crypto certificate number export pkcs12 Console config# ip https certificateCrypto certificate export pkcs12 364 365 Following example exports the certificate and RSA keysConsole# crypto certificate 1 export pkcs12 Following example imports the certificate and RSA keys Crypto certificate import pkcs12Syntax Crypto certificate number import pkcs12 passphrase 366 367 Following example displays the certificate Show crypto certificate mycertificateSyntax Show crypto certificate mycertificate number Console# show crypto certificate mycertificate Show ip https Show ip httpConsole# show ip http Console# show ip https 370 Console config# aaa authentication dot1x default none 802.1x CommandsAaa authentication dot1x Method1 method2...-At least one from the following table Dot1x system-auto-control Following example enables 802.1x globallyConsole config# dot1x system-auto-control Dot1x port-control Syntax Dot1x re-authentication No dot1x re-authentication Dot1x re-authenticationConsole config-if#dot1x port-control auto 373 Console config-if#dot1x re-authentication Dot1x timeout re-authperiodDot1x re-authenticate Console config-if#dot1x timeout re-authperiod Console# dot1x re-authenticate ethernet g8 Dot1x timeout quiet-period375 Console config-if#dot1x timeout quiet-period Dot1x timeout tx-period376 Syntax Dot1x max-req count No dot1x max-req Dot1x timeout supp-timeoutDot1x max-req 377 Dot1x timeout server-timeout 378 Syntax Show dot1x ethernet interface Console config# dot1x timeout server-timeoutShow dot1x 379 380 Console# show dot1x ethernet g3 Username-Supplicant username Range 1- 160 characters Show dot1x usersSyntax Show dot1x users username username Following example displays 802.1X users Syntax Show dot1x statistics ethernet interface Show dot1x statistics382 Switch# show dot1x statistics ethernet g1 383 Syntax Dot1x auth-not-req no dot1x auth-not-req User should be authorized to access the VlanDot1x auth-not-req 384 Syntax Dot1x multiple-hosts no dot1x multiple-hosts Dot1x multiple-hostsDot1x single-host-violation 385 Syntax Show dot1x advanced ethernet interface Show dot1x advancedForward trap 386 Switch# show dot1x advanced ethernet g1 Switch# show dot1x advanced387 Console# show dot1x advanced ethernet g1 388