Deny management, 191 | Dell 5324 instruction

•mask prefix-length—Specifies the number of bits that comprise the source IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 0 - 32)

•service service—Indicates service type. Can be one of the following: telnet, ssh, http, https or snmp.

Default Configuration

If no permit statement is present, the default is set to deny.

Command Mode

Management Access-list Configuration mode

User Guidelines

•Rules with Ethernet, VLAN and port-channel parameters are valid only if an IP address is defined on the appropriate interface.The system supports up to 256 management access rules.

Example

The following example shows how all ports are permitted in the access-list called "mlist".

Console (config)# management access-listmlist

Console (config-macl)# permit

deny (management)

The deny Management Access-List Configuration mode command defines a deny rule.

Syntax

deny [ethernet interface-number vlan vlan-id port-channel number] [service service]

deny ip-source ip-address [mask mask prefix-length] [ethernet interface-number vlan vlan- id port-channel number] [service service]

•ethernet interface-number—A valid Ethernet port number.

•vlan vlan-id—A valid VLAN number.

•port-channelnumber—A valid port-channel number.

•ip-address—Source IP address. (Range: Valid IP Address)

•mask mask—Specifies the network mask of the source IP address. (Range: Valid subnet mask)

•mask prefix-length—Specifies the number of bits that comprise the source IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 0 - 32)

Management ACL

191

Page 191

Image 191

Dell 5324 manual Deny management, Management Access-list Configuration mode, 191

5324 specifications

The Dell 5324 is a high-performance network switch that is designed to meet the demands of modern enterprise networking. This switch represents a blend of advanced features aimed at enhancing network efficiency, reliability, and scalability, which are crucial for businesses looking to optimize their infrastructure.

One of the standout features of the Dell 5324 is its Layer 3 routing capabilities. It supports static routing and various dynamic routing protocols, including RIP, OSPF, and BGP, allowing for efficient data transfer across complex networks. This capability is particularly beneficial for organizations that require robust inter-VLAN routing and seamless connectivity with multiple network segments.

The Dell 5324 comes equipped with 24 Gigabit Ethernet ports, which provide ample connectivity options for devices within the network. Additionally, it includes four 10 Gigabit SFP+ ports, enabling users to integrate high-speed uplinks easily. This flexibility allows businesses to expand their network as demand grows without the need for a completely new setup.

Power over Ethernet (PoE) support is another significant advantage of the Dell 5324, as it enables the switch to deliver both data and power to connected devices through a single Ethernet cable. This feature is particularly useful for powering IP phones, security cameras, and Wi-Fi access points, simplifying the overall cabling and ensuring a neater installation.

Furthermore, the Dell 5324 offers advanced security features that help protect the network from unauthorized access and potential threats. It includes features such as 802.1X port-based authentication, MAC address filtering, and VLAN segmentation, ensuring that only authorized devices can connect to the network.

The user-friendly web-based interface alongside command-line interface (CLI) access enhances manageability, allowing network administrators to monitor performance, configure settings, and troubleshoot issues with ease. In addition, the switch supports network automation protocols, which can streamline management tasks and improve efficiency.

The industrial-grade design of the Dell 5324 ensures its reliability in various environments, making it a suitable choice for data centers and enterprise networks alike. With its combination of performance, scalability, and security features, the Dell 5324 stands out as a capable solution for organizations looking to improve their network infrastructure. Its capabilities make it a versatile addition for businesses aiming for a robust and future-ready networking environment.

Contents

CLI Reference Guide Aug Contents Using the CLI Address Table Commands Clock Ethernet Configuration Commands Igmp Snooping Commands Lacp Commands Management ACL Port Monitor Commands Rmon Commands Spanning-Tree Commands SSH Commands Syslog Commands Tacacs Commands Vlan Commands 32 802.1x Commands 382 Page Introduction Command GroupsCommand Groups Configures commands related to 802.1x security protocol Configures and reports on Spanning Tree protocolConfigures Tacacs commands Address Table Commands AAA Commands Displays statically created entries in the bridge Configures an external time source forConfigures the system to automatically switch Defines an authentication key for Simple Configuration and Image Files Commands Displays the backup configuration file contents Ethernet Configuration Commands Gvrp Commands Sets an IP address Igmp Snooping CommandsDefines a default gateway router IP Addressing Cache Line CommandsDeletes entries from the host name-to-address Sets the line for automatic baud rate detection Lldp Commands PHY Diagnostics Commands Management ACL Commands QoS Commands Port Channel CommandsPort Monitor Commands Enables each port trust state Radius Commands Snmp Commands Rmon Commands Spanning Tree Commands MST Sets the default path cost method SSH CommandsOverrides the default link-type setting Syslog Commands Reloads the operating system System Management CommandsTacacs Commands Disables the default Vlan functionality User Interface CommandsVlan Commands Switches the mode to debug Interface Reserves a Vlan as the internal usage Vlan of an Web Server Commands Command Description Access Mode 802.1x Commands Command Groups GC Global Configuration Mode Command Modes Device Notification operation Sntp IC Interface Configuration Mode Reserves a Vlan as the internal usage Vlan of an interface An Extensible Authentication Protocol EAP request/identityFrame, from the client, before resending the request Command Description LC Line Configuration ModeEnables the Simple Network Time Protocol Sntp client on an PE Privileged User Exec Mode MA Management Access-level Mode Vlan UE User Exec Mode SP SSH Public Key Mode Command Modes VC Vlan Configuration Mode W . d e l l . c o m s u p p o r t . d e l l . c o m Introduction Using the CLICLI Command Modes Privileged Exec Mode User Exec Mode Exit End Ctrl+Z Global Configuration Mode Starting the CLI Consoleconfig# username admin password smith Editing FeaturesEntering Commands Config#interface ethernet Terminal Command BufferNegating the Effect of Commands Command Completion Enter CLI Command ConventionsKeyboard Shortcuts Italic font Using the CLI Command Mode AAA CommandsAaa authentication login Default Configuration Example Aaa authentication enableFollowing example configures authentication login Console config# aaa authentication enable default enable Login authentication Console config-line#login authentication default Enable authentication Following example configures the http authentication Ip http authenticationConsole config-line#enable authentication default Following example configures https authentication Ip https authenticationShow authentication methods Following example displays the authentication configuration Syntax Show authentication methods Default ConfigurationThis command has no default configuration Privileged Exec mode Syntax Password password encrypted No password PasswordConsole# show authentication methods Following example specifies a password secret on a line Enable passwordNo password is required No user is defined UsernameShow users accounts Console# show users accounts Syntax Show users accounts Default Configuration AAA Commands Bridge address Address Table CommandsInterface configuration Vlan mode Bridge multicast filtering Disabled. All multicast addresses are flooded to all portsThis example, bridge multicast filtering is enabled Console config# bridge multicast filtering Following example registers the MAC address No multicast addresses are definedExamples No forbidden addresses are defined Command ModesBridge multicast forbidden address This example all multicast packets on port g8 are forwarded Disable forward-all on the specified interfaceBridge multicast forward-all Bridge multicast forbidden forward-all Syntax Bridge aging-time Console# clear bridge Clear bridgeSyntax Clear bridge Port security Disabled No port securityInterface Configuration Ethernet, port-channel mode Mac-address-Specify a MAC address in the format Console config-if#port security routed secure-addressPort security routed secure-address Show bridge address-table Port-channel-number-A valid port-channel number Console# show bridge address-table Show bridge address-table static Vlan -Specific Vlan Show bridge address-table countConsole# show bridge address-table static Syntax Show bridge address-table count vlan vlan Console# show bridge address-table count Show bridge multicast address-table Console # show bridge multicast address-table format ip Console # show bridge multicast address-table Vlanid-A valid Vlan ID value Show bridge multicast filteringShow ports security Syntax Show bridge multicast filtering vlan-id Console # show ports security Syntax Clock source sntp No clock source ClockClock set Clock source Console# clock source sntp Clock timezoneNo external clock source Clock summer-time No authentication key is defined Sntp authentication-key Syntax Sntp authenticate No sntp authenticate Sntp authenticateConsoleconfig# sntp authentication-key 8 md5 ClkKey Not trusted Sntp client poll timerFollowing example authenticates key Sntp trusted-key Console config# sntp broadcast client enable Sntp broadcast client enableConsole config# sntp client poll timer Syntax Sntp client enable No sntp client enable Sntp anycast client enableSntp client enable interface Console config-if#sntp anycast client enable 101 Sntp unicast client enableConsole config# sntp unicast client enable Syntax Sntp unicast client poll no sntp unicast client poll Console config# sntp unicast client pollSntp unicast client poll Sntp server 103 Show clockSyntax Show clock detail 104 Console# show clock 105 Show sntp configurationSyntax Show sntp configuration Console# show sntp configuration 106 Show sntp statusSyntax Show sntp status Following example shows the status of the Sntp 107 Clock Copy Configuration and Image FilesDelete startup-config Console# delete startup-config 110 Understanding Invalid Combinations of Source and Destination 111 Storing the Running or Startup Configuration on a ServerCopy Character Descriptions Copying image file from a Server to Flash Memory 112 Boot systemSyntax Boot system image-1 image-2 Console# boot system image-1 113 Show running-configSyntax Show running-config sort type Sort type defaults to interface if unspecified Syntax Show startup-config sort type 114 Show startup-configConsole# show running-config no spanning-tree 115 Syntax Show backup-config 116 Show backup-configConsole# show startup-config no spanning-tree 117 Console# show backup-config software version 118 Show bootvarSyntax Show bootvar Default Configuration Console# show bootvar Interface range ethernet Ethernet Configuration CommandsInterface ethernet Shutdown Syntax Shutdown No shutdown Default ConfigurationInterface is enabled Following example disables port g5 Syntax Speed 100 1000 No speed DescriptionSpeed Syntax Description string No description 122 DuplexSyntax Duplex half full No duplex Flowcontrol Consoleconfig# interface ethernet g5Syntax Negotiation No negotiation Default Configuration Negotiation 124 MdixSyntax Flowcontrol auto on off No flowcontrol Syntax Mdix on auto No mdix 125 Syntax Back-pressure No back-pressure Default ConfigurationBack-pressure 126 Port jumbo-frameClear counters Console# set interface active ethernet g5 Show interfaces configurationSet interface active Console# clear counters ethernet g1 128 Interfaces configuration 129 Show interfaces status Console# show interfaces status 130 131 Show interfaces description 132 Show interfaces countersConsole# show interfaces description ethernet g1 Console# show interfaces counters 133 134 Following example displays counters for port g1Console# show interfaces counters ethernet g1 Following table describes the fields shown in the display Ieee Std .3, 2000 Edition, section 135 136 Syntax Show ports jumbo-frame Default ConfigurationShow ports jumbo-frame Console# show ports jumbo-frame Port storm-control broadcast enableConsoleconfig# port storm-control include-multicast Port storm-control include-multicast Port storm-control broadcast rate Broadcast storm control is disabledConsoleconfig-if#port storm-control broadcast enable Default storm control broadcast rate is Syntax Show ports storm-control interface Consoleconfig-if#port storm-control broadcast rateFollowing example displays the storm control configuration Show ports storm-control 140 Syntax Gvrp enable No gvrp enable Default Configuration Gvrp CommandsGvrp enable global Gvrp enable interface 142 Garp timerFollowing example enables Gvrp on ethernet g8 143 By default, dynamic Vlan creation is enabledGvrp vlan-creation-forbid Clear gvrp statistics Console config-if#gvrp vlan-creation-forbidConsole config-if#gvrp registration-forbid Gvrp registration-forbid 145 Show gvrp configurationConsole# clear gvrp statistics ethernet g8 146 Console# show gvrp configurationShow gvrp statistics Console# show gvrp statistics Show gvrp error-statisticsFollowing example shows Gvrp statistics information 147 148 Console# show gvrp-error statisticsFollowing example displays Gvrp statistics information 149 Igmp Snooping CommandsIp igmp snooping Global Ip igmp snooping Interface 150 Ip igmp snooping mrouterIp igmp snooping host-time-out 151 Console config-if#ip igmp snooping host-time-outIp igmp snooping mrouter-time-out Ip igmp snooping leave-time-out Console config-if#ip igmp snooping mrouter-time-outDefault leave-time-out configuration is 10 seconds Console config-if#ip igmp snooping leave-time-out Console # show ip igmp snooping mrouter Show ip igmp snooping mrouterShow ip igmp snooping interface 154 Show ip igmp snooping groupsExample displays Igmp snooping information Console # show ip igmp snooping interface 155 Example shows Igmp snooping informationConsole # show ip igmp snooping groups Igmp Snooping Commands Console# clear host dhcp IP Addressing CommandsClear host dhcp Ip address 158 Interface configuration Ethernet, VLAN, port-channelIp address dhcp No IP address is defined for interfaces 159 Ip default-gatewaySyntax Ip default-gateway ip-address No ip default-gateway No default gateway is defined 160 Following example defines an ip default gatewayShow ip interface 161 ArpConsole# show ip interface Clear arp-cache Arp timeoutConsole config# arp 198.133.219.232 00000c400fbc ethernet Following example displays entries in the ARP table Syntax Show arp Default ConfigurationShow arp Console# clear arp-cache Syntax Ip domain-name name No ip domain-name Ip domain-lookupIp domain-name Syntax Ip domain-lookup No ip domain-lookup Following example sets the available name server Ip name-serverIp host No name server addresses are specified Syntax Clear host name Clear hostSyntax Ip host name address No ip host name No host is defined 167 Default Configuration Command ModeShow hosts Syntax Show hosts name 168 Syntax Lacp port-priority value No lacp port-priority Lacp CommandsLacp system-priority Lacp port-priority 170 Lacp timeoutSyntax Lacp timeout long short No lacp timeout Default port timeout value is long Syntax Show lacp port-channel portchannelnumber Show lacp ethernetShow lacp port-channel Console# show lacp ethernet g1 statistics 172 Console# show lacp port-channel Syntax Speed bps Line CommandsLine Syntax Line console telnet ssh 174 Exec-timeoutSyntax Autobaud No autobaud Default Configuration Autobaud 175 Syntax Exec-timeout minutes seconds No exec-timeoutShow line Syntax Show line console telnet ssh Console# show line console Following example displays the line configurationTerminal history Terminal history size 177 Maximum for the sum of all buffers is Line Commands Syntax Lldp CommandsLldp enable global Lldp enable interface Default 30 seconds Lldp timerInterface configuration Ethernet Syntax Lldp timer seconds No lldp timer Syntax Lldp hold-multiplier number No lldp hold-multiplier Lldp reinit-delayDefault Configuraiton Lldp hold-multiplier Default value is 2 seconds Lldp tx-delaySyntax Lldp reinit-delay seconds No lldp reinit-delay Syntax Lldp tx-delay seconds No lldp tx-delay Parameters No optional TLV is transmitted Lldp optional-tlvLldp management-address Usage Guidelines 184 Clear lldp rx Show lldp local Show lldp configurationSyntax Show lldp configuration ethernet interface Switch# show lldp configuration 186 Show lldp neighbors 187 Switch# show lldp neighborsSwitch# show lldp neighbors ethernet g1 Lldp Commands 189 Management access-listName-The access list name using up to 32 characters Management ACL 190 Console config# management access-class mlistPermit management 191 Management Access-list Configuration modeDeny management 192 Management access-class Console# show management access-list Show management access-listShow management access-class Syntax Show management access-list name 194 Syntax Show management access-class Default ConfigurationConsole# show management access-class Console# test copper-port tdr g3 PHY Diagnostics CommandsTest copper-port tdr Show copper-ports tdr 196 Show copper-ports cable-lengthSyntax Show copper-ports cable-length interface Port must be active and working in 1000M 197 Show fiber-ports optical-transceiverConsole# show copper-ports cable-length Console# show fiber-ports optical-transceiver 198 Console# show fiber-ports optical-transceiver detailed 199 PHY Diagnostics Commands Interface range port-channel Port Channel CommandsConsole config# interface port-channel Interface port-channel 202 Console config# interface range port-channelChannel-group Port is not assigned to any port-channel Syntax Show interfaces port-channel port-channel-number Console config-if#channel-group 1 mode onPort channel load balance Show interfaces port-channel 204 Port monitor Port Monitor CommandsDefault is both rx and tx Interface Configuration mode 206 Syntax Show ports monitor Default ConfigurationShow ports monitor 207 Console# show ports monitor Port Monitor Commands Show qos QoS CommandsQos 210 Following example displays a QoS modeWrr-queue cos-map 211 Interface Configuration Ethernet, port channel modeWrr-queue bandwidth Following example maps CoS 3 to queue 212 Following example assigns WRR weights to egress queuesPriority-queue out num-of-queues All queues are expedite queues 213 Console config# priority-queue out num-of-queuesShow qos interface Following example sets queue 4, 3 to be expedite queues 214 Qos map dscp-queueConsole# show qos interface ethernet g1 queuing 215 Qos trust GlobalSyntax Qos trust cos dscp No qos trust Qos cos Syntax Qos trust No qos trust Default ConfigurationSyntax Qos cos default-cos No qos cos 216 Qos trust Interface 217 Show qos mapSyntax Show qos map dscp-queue D1 x 10 + D2 = Value of Dscp Following example displays the Dscp port-queue mapConsole# show qos map Dscp-queue map Following table describes the fields used above Ip-address-IP address of the Radius server host Radius CommandsBy default, no Radius host is specified Radius-server host Syntax Radius-server key key-string No radius-server key TimeoutDefault is an empty string Radius-server key 221 Console config# radius-server retransmitRadius-server retransmit Radius-server source-ip 222 Radius-server timeoutConsole config# radius-server timeout Show radius-servers Console config# radius-server deadtimeSyntax Show radius-servers Default Configuration Radius-server deadtime Console# show radius-servers Following example displays the Radius server settings224 225 Rmon CommandsShow rmon statistics Console# show rmon statistics ethernet g1 Field Description 226 227 Rmon collection history Console# show rmon collection history Console config-if#rmon collection history 1 intervalShow rmon collection history Following example displays all Rmon group statistics 229 Show rmon history Console# show rmon history 5 throughput Console# show rmon history 5 errors230 231 Console# show rmon history 5 other 232 Rmon alarm 233 Show rmon alarm-table Syntax Show rmon alarm number Show rmon alarmSyntax Show rmon alarm-table Default Configuration Console# show rmon alarm-table 235 Following example displays Rmon 1 alarmsConsole# show rmon alarm 236 Rmon event Following example displays the Rmon event table Following example configures an event with the trap indexSyntax Show rmon events Default Configuration Show rmon events Event-Event index. Range 0 Show rmon logConsole# show rmon events Syntax Show rmon log event 239 Following example displays the Rmon logging tableConsole# show rmon log 240 Console config# rmon table-size historyRmon table-size History table size is Log table size is No snmp-server community community ip-address Snmp CommandsThere are no default communities defined Snmp-server community 242 Default SettingDefault and DefaultSuper views exists Snmp-server view 243 Snmp-server filterProduct specific Syntax Snmp-server contact text No snmp-server contact Snmp-server contactSnmp-server location Included 245 Snmp-server enable trapsConsole config# snmp-server enable traps Syntax Snmp-server location text No snmp-server location 246 Snmp-server trap authenticationConsole config# snmp-server trap authentication Snmp-server host 247 Snmp-server set 248 Snmp-server group Router context is translated to context in the MIB Console config# snmp-server group user-groupv3 priv readSnmp-server user No group entry exists 250 251 Following example configures a new Snmp Version 3 userConsole config# snmp-server user Snmp-server v3-host 252 Following example configures an SNMPv3 hostSnmp-server engineID local 253 Syntax Show snmp engineID Default SettingConsoleconfig # snmp-server engineID local default Show snmp engineid 254 Syntax Show snmp Default ConfigurationShow snmp Console# sh snmp 255 Show snmp viewsSyntax Show snmp views viewname 256 Show snmp groupsSyntax Show snmp groups groupname 257 Show snmp filtersSyntax Show snmp filters filtername 258 Show snmp usersSyntax Show snmp users username 259 Snmp Commands Spanning-tree Spanning-Tree CommandsSpanning-tree mode Syntax Spanning-tree No spanning-tree Default Configuration Seconds-Time in seconds. Range 4 Consoleconfig# spanning-tree mode rstpConsoleconfig# spanning-tree forward-time Spanning-tree forward-time 263 Spanning-tree hello-time 264 Consoleconfig# spanning-tree hello-timeSpanning-tree max-age Spanning-tree priority Spanning-tree disableConsoleconfig# spanning-tree max-age Consoleconfig# spanning-tree priority Cost-The port path cost Range 1 200,000,000 Following example disables spanning-tree on g5Spanning-tree cost Syntax Spanning-tree cost cost No spanning-tree cost 267 Consoleconfig-if#spanning-tree port-prioritySpanning-tree port-priority Spanning-tree portfast 268 Consoleconfig-if#spanning-tree portfastConsoleconfig-if#spanning-tree link-type shared Spanning-tree link-type Spanning-tree mst max-hops Default number of hops isConsole config # spanning-tree mst 1 priority Spanning-tree mst priority 270 Console config # spanning-tree mst max-hopsConsoleconfig-if#spanning-tree mst 1 port-priority Spanning-tree mst port-priority 271 Spanning-tree mst configurationSpanning-tree mst cost Interface Long Short 272 Syntax Spanning-tree mst configuration Default SettingInstance mst Syntax Instance instance-id add remove vlan vlan-range Syntax Revision value No revision Name mstRevision mst Syntax Name string Syntax Show current pending Default configuration revision number isFollowing example sets the configuration revision to Show mst Abort mst Syntax Exit Default SettingSyntax Abort Default Setting Exit mst 276 Spanning-tree pathcost methodSpanning-tree bpdu Console# spanning-tree pathcost method long 277 Consoleconfig# spanning-tree bpdu floodingClear spanning-tree detected-protocols Syntax Spanning-tree bpdu filtering flooding 278 Show spanning-treeConsole# clear spanning-tree detected-protocols ethernet g1 Following example displays spanning-tree information Console# show spanning-tree 279 280 281 282 283 284 285 286 Console# show spanning-tree mst-configuration 287 288 289 290 Spanning-tree mst mstp-rstp Spanning-tree guard root Consoleconfig# spanning-tree mst mstp-rstpRoot guard is disabled Interface configuration Ethernet, port-channel 292 Following example enable root guard on port g8Consoleconfig-if#spanning-tree guard root Ip ssh server SSH CommandsIp ssh port Crypto key generate rsa Syntax Crypto key generate dsa Default ConfigurationConsole config# crypto key generate dsa Crypto key generate dsa 295 Syntax Crypto key generate rsa Default ConfigurationConsole config# crypto key generate rsa Ip ssh pubkey-auth User-key Consoleconfig# crypto key pubkey-chain sshCrypto key pubkey-chain ssh 297 Key-stringSyntax Key-string row key-string 298 Syntax Show ip ssh Default ConfigurationShow ip ssh Rsa-RSA key Dsa-DSA key Following example displays the SSH server configurationShow crypto key mypubkey Syntax Show crypto key mypubkey rsa dsa Console# show crypto key mypubkey rsa Show crypto key pubkey-chain ssh300 301 Console# show crypto key pubkey-chain sshFollowing example displays the SSH public called bob Console# show crypto key pubkey-chain ssh username bob SSH Commands Logging Syslog CommandsSyntax Logging on no logging on Default Configuration Logging on Syntax Logging console level No logging console Default is informationalLogging console As described in the field descriptions Syntax Logging buffered level No logging buffered Default level is informationalLogging buffered Logging buffered size Console# clear logging Console config# logging buffered sizeSyntax Clear logging Default Configuration Clear logging Syntax Logging file level No logging file Syntax Clear logging file Default ConfigurationLogging file Clear logging file Console# clear logging file Syntax Show logging Default ConfigurationShow logging Following example clears messages from the logging file 309 Syntax Show logging file Default ConfigurationShow logging file Console# show logging 310 Syntax Show syslog-servers Default ConfigurationShow syslog-servers 311 Following example displays the syslog server settingsConsole# show syslog-servers Syslog Commands 313 Timeout timeout-The default is 2000 millisecondsSystem Management Ping 314 TracerouteFollowing example displays a ping to IP address 315 316 317 Special Telnet Command charactersTelnet 318 Keywords Table 319 Ports Table 320 Following command switches to another open Telnet sessionResume Syntax Resume connection Hostname Reload Console# show users Show usersShow sessions Syntax Show system Exec modeShow system Console show sessions Console show system Show versionFollowing example displays the system information Syntax Show version 324 325 Asset-tagSyntax Asset-tag tag No asset-tag Tag-The device asset tag. Range 1- 16 characters 326 Syntax Show system id Default ConfigurationShow system id Console show system id 327 Tacacs CommandsTacacs-server host No Tacacs host is specified Following example specifies a TACACS+ host Tacacs-server timeoutFollowing example sets the authentication encryption key Tacacs-server key 329 Console config# tacacs-server timeoutTacacs-server source-ip Console# show tacacs Show tacacsSyntax Show tacacs ip-address Ip-address-Name or IP address of the host User Interface EnableDisable Syntax Configure LoginConfigure Syntax Login Default Configuration 333 ExitconfigurationSyntax Exit Default Configuration All command modes Following example closes an active terminal session Syntax End Default ConfigurationExitEXEC End History Syntax Help Default ConfigurationSyntax History No history Default Configuration Help Debug-mode Syntax History size number-of-commands No history sizeSyntax Debug-mode Default Configuration History size 337 Syntax Show history Default ConfigurationShow history Console# show privilege Syntax Show privilege Default ConfigurationShow privilege Console# show history Vlan Vlan CommandsVlan database Console# vlan database Default-vlan disableInterface vlan 341 Interface range vlanSyntax Interface range vlan vlan-range all 342 Switchport access vlanName Syntax Name string no name 343 Switchport trunk allowed vlanConsole config-if#switchport access vlan Console config-if#switchport trunk native vlan Switchport trunk native vlanSwitchport general allowed vlan Console config-if#switchport trunk allowed vlan add 2,5-8 345 Switchport general pvid 346 Switchport general ingress-filtering disableIngress filtering is enabled All VLANs allowed Switchport general acceptable-frame-type tagged-onlySwitchport forbidden vlan All frame types are accepted at ingress 348 Console config-if#switchport forbidden vlan addMap protocol protocols-group Following example maps protocol ip-arp to the group named 349 Switchport general map protocols-group vlanIp internal-usage-vlan Vlan-id-VLAN ID of the internal usage VLAN.Range Valid Vlan Following example displays all Vlan information Console config# ip internal-usage-vlanShow vlan Syntax Show vlan tag vlan-id name vlan-name 351 Syntax Show vlan internal usage Default ConfigurationShow vlan internal usage Following example displays protocols-groups information Syntax Show vlan protocols-groups Default ConfigurationShow vlan protocols-groups Console# show vlan internal usage 353 Show interfaces switchportConsole# show vlan protocols-groups Syntax Switchport mode customer access trunk general 354 Switchport modeConsole# show interface switchport ethernet g1 Vlan-id- Vlan ID of the customer Switchport customer vlanNo switchport mode No Vlan is configured 356 Syntax Ip http port port-number No ip http port Web ServerIp http server Ip http port Syntax Ip https port port-number No ip https port Default for the device is disabledIp https server Ip https port 359 Following example configures the https port number toCrypto certificate generate Following example regenerates a Https certificate Console enable# crypto certificate generate key-generateCrypto certificate request Certificate and the SSL RSA key pairs do not exist 361 Console# crypto certificate 1 request 362 Crypto certificate importSyntax Crypto certificate number import Number-Specifies the certificate number. Range 1 363 Consoleconfig# crypto certificate 1 importIp https certificate Certificate number 364 Console config# ip https certificateCrypto certificate export pkcs12 Syntax Crypto certificate number export pkcs12 Console# crypto certificate 1 export pkcs12 Following example exports the certificate and RSA keys365 366 Crypto certificate import pkcs12Syntax Crypto certificate number import pkcs12 passphrase Following example imports the certificate and RSA keys 367 Console# show crypto certificate mycertificate Show crypto certificate mycertificateSyntax Show crypto certificate mycertificate number Following example displays the certificate Console# show ip http Show ip httpShow ip https 370 Console# show ip https Method1 method2...-At least one from the following table 802.1x CommandsAaa authentication dot1x Console config# aaa authentication dot1x default none Dot1x port-control Following example enables 802.1x globallyConsole config# dot1x system-auto-control Dot1x system-auto-control 373 Dot1x re-authenticationConsole config-if#dot1x port-control auto Syntax Dot1x re-authentication No dot1x re-authentication Console config-if#dot1x timeout re-authperiod Dot1x timeout re-authperiodDot1x re-authenticate Console config-if#dot1x re-authentication 375 Dot1x timeout quiet-periodConsole# dot1x re-authenticate ethernet g8 376 Dot1x timeout tx-periodConsole config-if#dot1x timeout quiet-period 377 Dot1x timeout supp-timeoutDot1x max-req Syntax Dot1x max-req count No dot1x max-req 378 Dot1x timeout server-timeout 379 Console config# dot1x timeout server-timeoutShow dot1x Syntax Show dot1x ethernet interface Console# show dot1x ethernet g3 380 Following example displays 802.1X users Show dot1x usersSyntax Show dot1x users username username Username-Supplicant username Range 1- 160 characters 382 Show dot1x statisticsSyntax Show dot1x statistics ethernet interface 383 Switch# show dot1x statistics ethernet g1 384 User should be authorized to access the VlanDot1x auth-not-req Syntax Dot1x auth-not-req no dot1x auth-not-req 385 Dot1x multiple-hostsDot1x single-host-violation Syntax Dot1x multiple-hosts no dot1x multiple-hosts 386 Show dot1x advancedForward trap Syntax Show dot1x advanced ethernet interface 387 Switch# show dot1x advancedSwitch# show dot1x advanced ethernet g1 388 Console# show dot1x advanced ethernet g1