Manuals / Enterasys Networks / Computer Equipment / Switch

Enterasys Networks 9034313-07 manual Set arpinspection validate, Src‐mac, Dst‐mac

Models: 9034313-07

1 872

Download 872 pages 24.54 Kb

Page 532

set arpinspection validate

Usage

Individual interfaces are configured as trusted or untrusted. The trust configuration for DAI is independent of the trust configuration for DHCP snooping. A trusted port is a port the network administrator does not consider to be a security threat. An untrusted port is one which could potentially be used to launch a network attack.

DAI considers all physical ports and LAGs untrusted by default. Packets arriving on trusted interfaces bypass all DAI validation checks.

Example

This example enables port ge.1.1 as trusted for DAI.

C3(su)->set arpinspection trust port ge.1.1 enable

set arpinspection validate

Use this command to configure additional optional ARP validation parameters.

Syntax

set arpinspection validate {[src-mac][dst-mac] [ip]}

Parameters

src‐mac	Specifies that DAI should verify that the sender MAC address equals
	the source MAC address in the Ethernet header.

dst‐mac	Specifies that DAI should verify that the target MAC address equals the
	destination MAC address in the Ethernet header.
	This check only applies to ARP responses, since the target MAC address
	is unspecified in ARP requests.

ip	Specifies that DAI should check the IP address and drop ARP packets
	with an invalid address. An invalid address is one of the following:
	•	0.0.0.0
	•	255.255.255.255

• All IP multicast addresses

• All class E addresses (240.0.0.0/4)

• Loopback addresses (in the range 127.0.0.0/8)

Defaults

All parameters are optional, but at least one parameter must be specified.

Mode

Switch command, read‐write.

Usage

This command adds additional validation of ARP packets by DAI, beyond the basic validation that the ARP packet’s sender MAC address and sender IP address match an entry in the DHCP snooping bindings database.

17-22 DHCP Snooping and Dynamic ARP Inspection

Image 532

Enterasys Networks 9034313-07 manual Set arpinspection validate, Src‐mac, Dst‐mac

Contents

Enterasys SecureStack C3 Page Page Enterasys Networks, Inc. Firmware License Agreement Iii Page Contents Page Activating Licensed Features Configuring System Power and PoE Discovery Protocol ConfigurationPort Configuration Show port broadcast Set port broadcast Clear port broadcast Snmp Configuration Spanning Tree Configuration Configuring Spanning Tree Port Parameters Purpose Commands 802.1Q Vlan Configuration Policy Classification Configuration Port Priority ConfigurationIgmp Configuration Logging and Network Management14-3 Rmon Configuration Dhcp Server Configuration IP Configuration Preparing for Router ModeDhcp Snooping and Dynamic ARP Inspection IPv4 Routing Protocol Configuration 20-11 IPv6 Configuration IPv6 ManagementDHCPv6 Configuration IPv6 Proxy RoutingOSPFv3 Configuration Authentication and Authorization Configuration 26-37 TACACS+ Configuration SFlow Configuration Appendix a Policy and Authentication CapacitiesIndex Tables10-4 22-26 Xxxii Using This Guide About This GuideStructure of This Guide Important NoticeStructure of This Guide SecureStack C3 Installation Guides Related DocumentsFollowing conventions are used in the text of this document Conventions Used in This GuideFollowing icons are used in this guide Getting Help Support@enterasys.comGetting Help Xxxviii About This Guide Introduction Switch Management MethodsSecureStack C3 CLI Overview Factory Default Settings Default Settings for Basic Switch OperationFeature Default Setting Default Settings for Router Operation SntpDvmrp Connecting Using the Console Port Using the Command Line InterfaceStarting a CLI Session Connecting Using Telnet Using a Default User AccountUsing an Administratively Configured User Account LoggingNavigating the Command Line Interface CLI Command Defaults DescriptionsCLI Command Modes Getting Help with CLI SyntaxAbbreviating and Completing Commands Displaying Scrolling ScreensBasic Line Editing Commands Basic Line Editing CommandsConfiguring Switches in a Stack About SecureStack C3 Switch Operation in a StackInstalling a New Stackable System of Up to Eight Units Creating a Virtual Switch Configuration Installing Previously-Configured Systems in a StackAdding a New Unit to an Existing Stack SID Considerations About Using Clear Config in a Stack Issues Related to Mixed Type StacksFeature Support ConfigurationStacking Configuration and Management Commands Show switchCommands PurposeShow switch switchtype ExamplesShow switch stack-ports NoneSet switch Switch command, read‐writeExample Priority valueSet switch copy-fw Set switch descriptionThis example shows how to assign priority 3 to switch This example shows how to renumber switch 5 to switchSet switch movemanagement Set switch memberClear switch member Use this command to remove a member entry from the stackQuick Start Setup Commands Basic ConfigurationRequired CLI Setup Commands Setting User Accounts and Passwords Optional CLI Setup CommandsShow system login Output Details Show system loginParameters Set system login Clear system loginUse this command to remove a local login user account Super‐user read‐write read‐onlyThis example shows how to remove the netops user account Set passwordSwitch command, read‐write Switch command, super‐user Set system password length Set system password agingDisable Set system password historyShow system lockout Set system lockout Show system lockout Output DetailsAttempts attempts Time timeSetting Basic Switch Properties Show ip address Set ip address Use this command to clear the system IP addressClear ip address Show ip protocol This example shows how to clear the system IP addressSet ip protocol This example shows how to display system information Show systemShow system hardware Show system Output DetailsShow system utilization Slot Hardware InformationSet system utilization Default threshold value is 80%This example sets the CPU utilization threshold to 75% Clear system utilization Show system enhancedbuffermodeSet system temperature Enable disable Enables or disables enhanced buffer modeThis example shows how to enable enhanced buffer mode Set system enhancedbuffermodeClear system temperature Syslog enableDisable Trap enable disableShow time Set timeUse this command to display daylight savings time settings This example shows how to set the system clock to 750 a.mShow summertime Set summertime Set summertime dateIf a zone name is not specified, none will be applied If an offset is not specified, none will be appliedSet summertime recurring Use this command to modify the command prompt This example shows how to set the command prompt to SwitchClear summertime Set promptShow banner motd Set banner motdClear banner motd Show version‐5 provides an explanation of the command output Use this command to configure a name for the systemSet system name Show version Output DetailsUse this command to identify the location of the system This example shows how to set the system location stringSet system location Set system contactThis example shows how to set the system contact string This example shows how to set the terminal columns toSet width Set lengthThis example shows how to set the terminal length to This example shows how to display the CLI logout settingShow logout Set logoutUse this command to display console settings This example shows how to display all console settingsUse this command to set the console port baud rate Show consoleThis example shows how to set the console port baud rate to Downloading a Firmware ImageDownloading from a Tftp Server Downloading via the Serial PortType 2. The following baud rate selection screen displays Reverting to a Previous Image Show boot system Reviewing and Selecting a Boot Firmware ImageReboot the system using the reset command page 3‐50 Set boot system Compatibility platform specificStarting and Configuring Telnet This example shows how to display Telnet statusUse this command to enable or disable Telnet on the switch Show telnetEnable disable TelnetInbound Outbound allManaging Switch Configuration and Files Configuration Persistence ModeShow snmp persistmode Set snmp persistmodeSave config DirAuto ManualUse this command to display the contents of a file Show fileShow config All ConfigureOutfile Append CopySystemimage This example shows how to download an image via Tftp Show tftp settingsDelete Set tftp timeout Clear tftp timeoutThis example shows the output of this command This example sets the timeout period to 4 secondsClear tftp retry Set tftp retryThis example sets the retry count to This example shows how to clear the CLI screen Clearing and Closing the CLICls clear screen To clear the CLI screen or to close your CLI sessionResetting the Switch ResetUse either of these commands to leave a CLI session This example shows how to exit a CLI sessionClear config If no unit ID is specified, the entire system will be resetThis example shows how to reset the system This example shows how to reset unitUse this command to display WebView status Using and Configuring WebViewShow webview Set webview Show sslThis example shows how to enable SSL This example shows how to display SSL statusSet ssl Command Gathering Technical Support InformationShow support To gather common technical support informationConfiguring Hostprotect Hostprotect is enabled by defaultShow system hostprotect Set system hostprotectThis feature is disabled by default This example disables hostprotectDefault state is enabled Clear system hostprotectUsage Licensing Procedure in a Stack Environment Activating Licensed FeaturesLicense Key Field Descriptions Clearing, Showing, and Applying Licenses Adding a New Member to a Licensed StackSet license UsageUse this command to clear the license key settings FeatureID feature The name of the feature being clearedShow license Clear licenseC3rw-clear license featureId advrouter Clear license Activating Licensed Features Configuring System Power and PoE CommandsShow inlinepower Use this command to display system power propertiesThis example shows how to display system power properties Set inlinepower thresholdShow inlinepower Output Details Set inlinepower detectionmode Set inlinepower trapSending of traps is disabled by default Show port inlinepower IeeeSet port inlinepower Admin off autoPriority critical High lowSet port inlinepower Configuring System Power and PoE Discovery Protocol Configuration Configuring CDPShow cdp Show cdp Output DetailsEnable Auto disableSet cdp state Set cdp auth Use this command to set a global CDP authentication codeSet cdp interval Set cdp hold-time Clear cdpShow neighbors Configuring Cisco Discovery Protocol Show ciscodp‐2 provides an explanation of the command output ‐3 provides an explanation of the command outputShow ciscodp port info Show ciscodp Output DetailsSet ciscodp timer This example shows how to globally enable CiscoDPSet ciscodp status Show ciscodp port info Output DetailsSet ciscodp holdtime Set ciscodp portVvid Dot1pUntagged TrustedClear ciscodp To review and configure Llpd and LLPD‐MED Configuring Link Layer Discovery Protocol and LLDP-MEDOverview Configuration Tasks Use this command to display Lldp configuration information Show lldpShow lldp port status Show lldp port trapShow lldp port location-info Show lldp port tx-tlvShow lldp port tx‐tlv port‐string Show lldp port local-info Show lldp port local-info Output Details 1000BASE-TFDECS Elin Show lldp port remote-info Voice‐signaling Guest‐voice‐signalingShow lldp port network-policy VoiceVideo‐signaling Set lldp tx-intervalSoftphone‐voice Video‐conferencingSet lldp trap-interval Set lldp hold-multiplierThis example sets the transmit interval to 20 seconds Set lldp med-fast-repeat Tx‐enable Rx‐enableSet lldp port status Set lldp port trapSet lldp port location-info Set lldp port med-trapElin Set lldp port tx-tlv Gvrp Mac‐phyPoe Link‐aggrState enable disable Set lldp port network-policyTag tagged untagged Vid vlan‐id dot1pClear lldp Tx‐intervalHold‐multiplier Trap‐intervalClear lldp port status Clear lldp port trapClear lldp port location-info Clear lldp port med-trapCleared Clear lldp port network-policy TagVid DscpClear lldp port tx-tlv Disables the LLDP‐MED Location Identification TLV from being Disables the LLDP‐MED Extended Power via MDI TLV from beingPort Configuration Port Configuration SummaryPort String Syntax Used in the CLI Port type.unitorslot number.port numberReviewing Port Status Port Slot/Unit Parameters Used in the CLIShow port Show port statusShow port counters Switch mib2Show port status Output Details Show port counters Output Details Show port cablestatus Clear port countersThis example clears the port counters for ge.3.1 This example shows the cable status for 1 GE port ge.1.31 Disabling / Enabling and Naming PortsShow port cablestatus Output Details Set port disable Set port enableThis example shows how to disable ge.1.1 This example shows how to enable ge.1.3Show port alias Use this command to assign an alias name to a portSet port alias This example shows how to assign the alias Admin to ge.3.3 This example shows how to clear the alias for ge.3.3Setting Speed and Duplex Mode Show port speedSet port speed Show port duplex10 100 MbpsSet port duplex This example shows how to set ge.1.17 to full duplexFull half Enabling / Disabling Jumbo Frame Support Show port jumboSet port jumbo Enables or disables jumbo frame supportClear port jumbo Setting Auto-Negotiation and Advertised Ability Show port negotiationSet port negotiation Enable disableShow port advertise Set port advertise Clear port advertise Show port mdix Set port mdixForced‐auto MdiConfigure ports to use Mdix mode only Configure ports to use MDI mode onlyOptional Specify the port or ports to configure Show flowcontrol Setting Flow ControlSet flowcontrol This example shows how to enable flow control Setting Port Link Traps and Link Flap Detection Show port trapSet port trap Following example disables sending trap on ge.3.1Show linkflap Globalstate PortstateParameters MetricsShow linkflap parameters Output Details Show linkflap metrics Output DetailsDisable enable Disables or enables the link flap detection functionSet linkflap globalstate Set linkflap portstateSet linkflap interval Set linkflap actionClear linkflap action Use this command to set the link flap action trigger countSet linkflap threshold Set linkflap downtime Clear linkflap downClear linkflap All statsParameter Threshold intervalConfiguring Broadcast Suppression Show port broadcastSet port broadcast Clear port broadcastSyntax Used in the CLI on page 7‐1 Port Mirroring Mirroring FeaturesRemote Port Mirroring Procedures Configuring Smon MIB Port MirroringOverview To review and configure port mirroring on the device Show port mirroringCan be configured per stack, if applicable Create disableSet port mirroring Clear port mirroring Use this command to clear a port mirroring relationshipSet mirror vlan Clear mirror vlan Link Aggregation Control Protocol Lacp Lacp Operation‐6 defines key terminology used in Lacp configuration Lacp TerminologySecureStack C3 Usage Considerations Lacp Terms and DefinitionsCommands ‐7 provides an explanation of the command output Show lacpDisable enable Disables or enables Lacp This example shows how to disable LacpSet lacp Show lacp Output DetailsSet lacp asyspri Set lacp aadminkeyAsyspri Clear lacp Disable enable Disables or enables static link aggregationSet lacp static Clear lacp static Set lacp singleportlag This example enables the formation of single port LAGsClear lacp singleportlag Status detail Show port lacpSummary Counters Aadminkey Set port lacpAadminstate LacptimeoutPadminkey PadminportClear port lacp C3su-clear port lacp port ge.3.16 Set port protected Configuring Protected PortsProtected Port Operation Clear port protected Show port protectedRead‐only Set port protected name Show port protected nameUse this command to clear the name of a protected group Clear port protected nameClear port protected name Port Configuration Snmp Configuration Snmp Configuration SummarySNMPv3 SNMPv1 and SNMPv2cAbout Snmp Security Models and Levels Using Snmp Contexts to Access Specific MIBs Configuration ConsiderationsReviewing Snmp Statistics Snmp Security LevelsShow snmp engineid This example shows how to display Snmp engine propertiesShow snmp engineid Output Details This example shows how to display Snmp counter values Use this command to display Snmp traffic counter valuesShow snmp counters Show snmp counters Output Details Engine or otherwise unavailable Configuring Snmp Users, Groups, and Communities Show snmp userThis example shows how to display an Snmp user list ‐4 provides an explanation of the command outputUse this command to create a new SNMPv3 user Set snmp userAes ShaVolatile NonvolatileShow snmp group Clear snmp userRemote remote Set snmp group User userSecurity‐model V2c usm VolatileShow snmp community Clear snmp groupV2c usm Use this command to configure an Snmp community group Set snmp communitySecurityname Context contextConfiguring Snmp Access Rights Use this command to delete an Snmp community nameThis example shows how to delete the community name vip Clear snmp communityShow snmp access NoauthenticationAuthentication Privacy Context context Nonvolatile read‐ Only‐6 provides an explanation of the command output This example shows how to display Snmp access informationShow snmp access Output Details Set snmp access Clear snmp access Configuring Snmp MIB ViewsShow snmp view Set snmp view Show snmp contextShow snmp view Output Details Clear snmp view Configuring Snmp Target Parameters Show snmp targetparamsVolatile nonvolatile Read‐only‐8 provides an explanation of the command output Set snmp targetparamsShow snmp targetparams Output Details Message‐Authentication Clear snmp targetparamsPrivacy Protected from disclosureUse this command to display Snmp target address information Configuring Snmp Target AddressesShow snmp targetaddr Timeout timeout Set snmp targetaddrParam param Udpport udpportUse this command to delete an Snmp target address entry Clear snmp targetaddrTaglist taglist Tag 1 tagConfiguring Snmp Notification Parameters About Snmp Notify FiltersShow newaddrtrap By default, this function is disabled globally and per portSet newaddrtrap Show snmp notify ‐10 provides an explanation of the command output Set snmp notify10 show snmp notify Output Details Trap informClear snmp notify Use this command to clear an Snmp notify configurationShow snmp notifyfilter Set snmp notifyfilter Subtree oid‐or‐Clear snmp notifyfilter Set snmp notifyprofile Show snmp notifyprofileTargetparam This example shows how to delete Snmp notify profile area51 Creating a Basic Snmp Trap ConfigurationClear snmp notifyprofile 11 Basic Snmp Trap Configuration ExampleHow Snmp Will Use This Configuration Configuring the Snmp Management InterfaceShow snmp interface Set snmp interface Loopback loop‐IDClear snmp interface Clear snmp interface Snmp Configuration Spanning Tree Configuration Spanning Tree Configuration SummarySpanning Tree Features Loop ProtectConfiguring Spanning Tree Bridge Parameters For information about Sid sid Show spantree statsActive ‐1 shows a detailed explanation of command output Show spantree Output DetailsSet spantree Disable enable Globally disables or enables Spanning TreeShow spantree version Set spantree version Clear spantree version This example shows how to reset the Spanning Tree versionShow spantree bpdu-forwarding Disable enable Disables or enables Bpdu forwarding By default Bpdu forwarding is disabledThis example shows how to enable Bpdu forwarding Set spantree bpdu-forwardingSet spantree bridgeprioritymode Clear spantree bridgeprioritymode8021d 8021tSet spantree msti Show spantree mstilistCreate delete Show spantree mstmap Clear spantree mstiFid fid This example shows how to map FID 3 to SID Use this command to map a FID back to SIDSet spantree mstmap Clear spantree mstmapShow spantree vlanlist This example shows how to map FID 2 back to SIDShow spantree mstcfgid Set spantree mstcfgid Cfgname name Specifies an MST configuration nameClear spantree mstcfgid Set spantree priority Use this command to set the device’s Spanning Tree priorityClear spantree priority Set spantree hello This example shows how to reset the bridge priority on SIDClear spantree hello Use this command to set the bridge maximum aging time Set spantree maxageUse this command to set the Spanning Tree forward delay Set spantree fwddelayClear spantree maxage Clear spantree fwddelay Show spantree backuprootSet spantree backuproot Clear spantree backuprootShow spantree tctrapsuppress Set spantree tctrapsuppressClear spantree tctrapsuppress Set spantree protomigrationShow spantree spanguard Enable disable Enables or disables the SpanGuard functionSet spantree spanguard This example shows how to enable the SpanGuard function Clear spantree spanguardShow spantree spanguardtimeout Set spantree spanguardtimeoutClear spantree spanguardtimeout Show spantree spanguardlockThis example shows how to unlock port ge.1.16 Show spantree spanguardtrapenableClear / set spantree spanguardlock Clear spantree spanguardtrapenable Set spantree spanguardtrapenableIs enabled Show spantree legacypathcost Set spantree legacypathcostClear spantree legacypathcost Show spantree autoedgeSet spantree autoedge This example clears the legacy path cost to 802.1t valuesClear spantree autoedge Configuring Spanning Tree Port Parameters Set spantree portadminDisable enable To display and set Spanning Tree port parametersShow spantree portadmin Clear spantree portadminThis example shows how to disable Spanning Tree on ge.1.5 Show spantree portpri Use this command to set a port’s Spanning Tree prioritySet spantree portpri Clear spantree portpri Show spantree adminpathcost Set spantree adminpathcostClear spantree adminpathcost Show spantree adminedgeSet spantree adminedge Clear spantree adminedgeThis example shows how to set ge.1.11 as an edge port True falseThis example shows how to reset ge.1.11 as a non‐edge port Show spantree operedgeConfiguring Spanning Tree Loop Protect Parameters This example shows how to enable Loop Protect on ge.2.3 Set spantree lpShow spantree lp If no SID is specified, SID 0 is assumedClear spantree lp Show spantree lplockClear spantree lplock SID LockedSet spantree lpcapablepartner Show spantree lpcapablepartnerClear spantree lpcapablepartner Use this command to set the Loop Protect event thresholdSet spantree lpthreshold Show spantree lpthreshold None. The default event threshold isClear spantree lpthreshold Set spantree lpwindow Show spantree lpwindowDisabled Set spantree lptrapenableClear spantree lpwindow Show spantree lptrapenable Clear spantree lptrapenableSet spantree disputedbpduthreshold Show spantree disputedbpduthreshold Clear spantree disputedbpduthresholdShow spantree nonforwardingreason 802.1Q Vlan Configuration Vlan Configuration SummaryCommand Set for Creating a Secure Management Vlan Creating a Secure Management VlanViewing VLANs Show vlanStatic PortinfoShow vlan Output Details Vlan Vlan ID NameCreate enable Creates, enables or disables VLANs. disable This example shows how to create VlanCreating and Naming Static VLANs Set vlanSet vlan name This example shows how to set the name for Vlan 7 to greenClear vlan This example shows how to clear the name for Vlan Clear vlan nameAssigning Port Vlan IDs PVIDs and Ingress Filtering Show port vlanSet port vlan Clear port vlanModify‐egress No‐modify‐egressShow port ingress filter Set port ingress filter Show port discardSet port discard Tagged untagged both noneConfiguring the Vlan Egress List Show port egressSet vlan forbidden Use this command to remove ports from a VLAN’s egress list Set vlan egressClear vlan egress Untagged forbidden taggedShow vlan dynamicegress ForbiddenThis example shows how to enable dynamic egress on Vlan Enable disable Enables or disables dynamic egressSet vlan dynamicegress Show host vlan Setting the Host VlanSet host vlan This example shows how to set Vlan 7 as the host Vlan Clear host vlanAbout Garp Vlan Registration Protocol Gvrp Enabling/Disabling Gvrp Garp Vlan Registration ProtocolHow It Works Example of Vlan Propagation via Gvrp Use this command to display Gvrp configuration information Show garp timerShow gvrp Disables or enables Gvrp on the device Show gvrp configuration Output DetailsSet gvrp This example shows how to enable Gvrp on ge.1.3 Set garp timerClear gvrp Clear garp timer Leaveall timer‐Join LeaveC3su-clear garp timer leave ge.1.1 Policy Classification Configuration Policy Classification Configuration SummaryConfiguring Policy Profiles Use this command to display policy profile informationShow policy profile ‐verboseShow policy profile Output Details Set policy profile This example shows how to delete policy profile Use this command to delete a policy profile entryClear policy profile All admin‐ profile profile‐ index Configuring Classification RulesShow policy rule Not‐in‐service Not‐ready Storage‐type non‐ Admin‐pidTcpsourceport UdpdestportShow policy capability Show policy rule Output DetailsVlan Set policy rule Admin‐profileVlantag data Ether IpprotoIpdestsocket IpsourcesocketValid Values for Policy Classification Rules Data value Mask bitsFollowing parameters apply to deleting an admin rule Clear policy ruleRange from 1 to 4094 or 0xFFF All‐pid‐entriesUse this command to remove all policy classification rules Clear policy all-rulesUse this command to assign ports to a policy profile Assigning Ports to Policy ProfilesSet policy port To assign and unassign ports to policy profilesClear policy port About Policy-Based CoS Configurations Configuring Policy Class of Service CoSProcedure 11-1 User-Defined CoS Configuration Configuring Policy Class of Service CoS Procedure About CoS-Based Flood ControlUse this command to enable or disable Class of Service Set cos stateShow cos state This example shows how to enable Class of ServiceClear cos state Set cos settings Priority priorityTos‐value tos‐value Irl‐referenceClear cos settings Show cos settingsPriority Tos‐valueSet cos port-config Show cos port-config Should be displayedClear cos port-config EntryName PortsSet cos port-resource irl Set cos port-resource flood-ctrl Group#.port‐typeUnicast MulticastShow cos port-resource Group#.port‐typeClear cos port-resource irl UnitRate TypeClear cos port-resource flood-ctrl Set cos referenceUnicast MulticastSpecifies that an IRL reference is being configured Show cos referenceIRL reference number associated with this entry Rate‐limit irl‐indexClear cos reference Show cos unit Port‐typ e indexKbps PpsClear cos all-entries Show cos port-typeThis example shows flood control information for port type Port Priority Configuration Port Priority Configuration SummaryConfiguring Port Priority Show port prioritySet port priority Clear port priorityConfiguring Priority to Transmit Queue Mapping Show port priority-queueSet port priority-queue Clear port priority-queue Configuring Quality of Service QoS Show port txqSet port txq By default, transmit queues are defined as follows Clear port txqClear port txq Port Priority Configuration Igmp Overview Igmp ConfigurationAbout IP Multicast Group Management To configure Igmp snooping from the switch CLI Configuring Igmp at LayerAbout Multicasting Set igmpsnooping adminmode Use this command to display Igmp snooping informationThis example shows how to display Igmp snooping information Use this command to enable or disable Igmp on the systemThis example shows how to enable Igmp on the system Enable disable Enables or disables IgmpThis example shows how to enable Igmp on port ge.1.10 Set igmpsnooping interfacemodeSet igmpsnooping maxresponse Set igmpsnooping mcrtrexpiretime Set igmpsnooping add-staticModify If no ports are specified, all ports are added to the entryShow igmpsnooping static Set igmpsnooping remove-staticIf modify is not specified, a new entry is created Show igmpsnooping mfdb Group groupThis example displays the static Igmp ports for Vlan Stats Optional Displays Mfdb statisticsThis example shows how to clear all Igmp snooping entries Use this command to clear all Igmp snooping entriesClear igmpsnooping Configuring Igmp on Routing Interfaces To configure Igmp on routing interfacesGlobal configuration C3su‐routerConfig# Ip igmpIp igmp enable This example shows how to enable Igmp on the routerInterface configuration C3su‐routerConfig‐ifVlan 1# Ip igmp versionAny router mode Show ip igmp interfaceShow ip igmp groups Ip igmp query-intervalIp igmp query-max-response-time Ip igmp startup-query-intervalIp igmp startup-query-count Ip igmp last-member-query-intervalIp igmp last-member-query-count Ip igmp robustnessInterface configuration C3 su‐routerConfig‐ifVlan 1# Ip igmp robustness Igmp Configuration Configuring System Logging Logging and Network ManagementShow logging server Set logging server Show logging default Clear logging serverSet logging default Use this command to set logging default valuesClear logging default Show logging applicationFacility SeveritySet logging application Show logging application Output DetailsLevel level If level is not specified, none will be appliedClear logging application Show logging localSet logging local Clear logging localShow logging buffer This example shows how to clear local loggingShow logging interface Set logging interface Clear logging interface Monitoring Network Events and Status HistoryUse this command to set the size of the history buffer DefaultShow history Set historyShow users PingThis example, the host at IP address is not responding Show netstat DisconnectConsole Following table describes the output of this command Following example shows the output of this commandShow netstat Output Details Use this command to display the switch’s ARP table Managing Switch Network Addresses and RoutesShow arp Set arp This example shows how to display the ARP tableShow arp Output Details Clear arp TracerouteShow mac Each responseType other learned Self mgmtShow mac agetime Show mac Output DetailsThis example shows how to display the MAC timeout period This example shows how to set the MAC timeout periodSet mac agetime Clear mac agetimeSet mac algorithm Default MAC algorithm is mac‐crc16‐upperbitsShow mac algorithm Clear mac algorithm Set mac multicastClear mac address Use this command to remove a multicast MAC addressAppend clear Show mac unreserved-flood Set mac unreserved-floodConfiguring Simple Network Time Protocol Sntp This example enables multicast flood protectionUse this command to display Sntp client settings Show sntpThis example shows how to display Sntp client settings Show sntp Output DetailsSet sntp client Clear sntp clientClear sntp server Set sntp serverIf precedence is not specified, 1 will be applied Set sntp poll-interval Clear sntp poll-intervalSet sntp poll-retry This example shows how to clear the Sntp poll intervalClear sntp poll-retry Set sntp poll-timeout Clear sntp poll-timeoutUse this command to clear the Sntp poll timeout This example shows how to clear the Sntp poll timeoutSet timezone Show sntp interface Set sntp interfaceClear sntp interface C3rw-show sntp interface Vlan 100 C3rw-clear sntp interface Configuring Node Aliases Show nodealias configSet nodealias Show nodealias config Output DetailsMaxentries maxentries Clear nodealias config Rmon Monitoring Group Functions and Commands Rmon ConfigurationRmon Monitoring Group Functions Group What It Does What It Monitors CLI Commands Design ConsiderationsStatistics Group Commands To display, configure, and clear Rmon statisticsShow rmon stats Use this command to configure an Rmon statistics entrySet rmon stats To‐defaults This example shows how to delete Rmon statistics entryClear rmon stats If owner is not specified, monitor will be appliedHistory Group Commands Show rmon historySet rmon history Clear rmon historyBuckets buckets Interval intervalThis example shows how to delete Rmon history entry Show rmon alarm Alarm Group CommandsThis example shows how to display Rmon alarm entry Set rmon alarm properties Show rmon alarm Output DetailsObject object Type absoluteSet rmon alarm status Clear rmon alarm EnableThis example shows how to enable Rmon alarm entry Use this command to delete an Rmon alarm entryEvent Group Commands Use this command to display Rmon event entry propertiesThis example shows how to display Rmon event entry Show rmon eventSet rmon event properties DescriptionType none log Trap bothSet rmon event status This example shows how to enable Rmon event entryClear rmon event This example shows how to clear Rmon event Filter Group Commands Show rmon channelUse this command to configure an Rmon channel entry Set rmon channelAccept matched FailedClear rmon channel Show rmon filterIndex index Channel channelSet rmon filter This example shows how to clear Rmon filter entry Use this command to clear an Rmon filter entryClear rmon filter Show rmon capture Packet Capture CommandsNodata Set rmon capture Action lockSlice slice Loadsize loadsizeThis example shows how to clear Rmon capture entry Use this command to clears an Rmon capture entryClear rmon capture Dhcp Server Configuration Dhcp OverviewDhcp Relay Agent Dhcp ServerConfiguring a Dhcp Server Configuring General Dhcp Server Parameters This example enables Dhcp server functionality Set dhcp bootpSet dhcp This example enables address allocation for Bootp clients This example enables Dhcp conflict loggingSet dhcp conflict logging Show dhcp conflictLogging Disables conflict logging This example disables Dhcp conflict loggingClear dhcp conflict Clears the conflict information for all IP addressesSet dhcp exclude 100, with the set dhcp exclude commandClear dhcp exclude Clear dhcp ping Set dhcp pingThis example sets the number of ping packets sent to Show dhcp binding Clear dhcp bindingUse this command to display Dhcp server statistics Use this command to clear all Dhcp server countersShow dhcp server statistics Clear dhcp server statisticsThis example clears all Dhcp server counters Configuring IP Address Pools Manual Pool Configuration ConsiderationsSet dhcp pool This example creates an address pool named auto1Use this command to delete a Dhcp server pool of addresses Clear dhcp poolSet dhcp pool network This example deletes the address pool named auto1Clear dhcp pool network Set dhcp pool hardware-addressSet dhcp pool host Clear dhcp pool hardware-addressIf no type is specified, Ethernet is assumed Clear dhcp pool host Set dhcp pool client-identifierClear dhcp pool client-identifier Set dhcp pool client-name Clear dhcp pool client-nameSet dhcp pool bootfile Clear dhcp pool bootfileSet dhcp pool next-server Clear dhcp pool next-serverClear dhcp pool lease Set dhcp pool leaseInfinite Set dhcp pool default-router Clear dhcp pool default-routerSet dhcp pool dns-server Clear dhcp pool dns-serverSet dhcp pool domain-name Clear dhcp pool domain-nameSet dhcp pool netbios-name-server Clear dhcp pool netbios-name-serverClear dhcp pool netbios-node-type Set dhcp pool netbios-node-type‐node Set dhcp pool option Ascii stringClear dhcp pool option Show dhcp pool configurationThis example removes option 19 from address pool auto1 Show dhcp pool configuration Dhcp Snooping Overview Dhcp Snooping Dynamic ARP InspectionDhcp Message Processing Building and Maintaining the Database Basic Configuration Configuration NotesProcedure 17-1 Basic Configuration for Dhcp Snooping Rate LimitingDisabled globally Dhcp Snooping CommandsSet dhcpsnooping Set dhcpsnooping database write-delay Set dhcpsnooping vlanBy default, ports are untrusted Set dhcpsnooping trustSet dhcpsnooping binding This example configures port ge.1.1 as a trusted portSet dhcpsnooping verify Set dhcpsnooping log-invalid Source MAC address verification is enabled by defaultAgainst the client hardware address Set dhcpsnooping limit NoneRate pps Burst interval secsThis example configures rate limit parameters on port ge.1.1 Show dhcpsnooping database Show dhcpsnooping portDynamic static Show dhcpsnooping bindingEntry, either dynamic or static Show dhcpsnooping statistics Clear dhcpsnooping statistics Clear dhcpsnooping bindingClear dhcpsnooping database Write‐delay Default value of 300 secondsClear dhcpsnooping limit Dynamic ARP Inspection OverviewStatic Mappings Functional DescriptionOptional ARP Packet Validation Logging Invalid Packets Packet ForwardingRate Limiting Eligible InterfacesProcedure 17-2 Basic Dynamic ARP Inspection Configuration Step Task CommandsRouter Configuration Example ConfigurationVlan Configuration Dynamic ARP Inspection Commands Set arpinspection vlanDhcp Snooping Configuration Dynamic ARP Inspection ConfigurationSet arpinspection trust Logging is disabled by defaultBy default, all physical ports and LAGs are untrusted LoggingSrc‐mac Set arpinspection validateDst‐mac Set arpinspection limit Set arpinspection filter Show arpinspection access-listPermit Mac hostShow arpinspection ports This example displays the ARP configuration of lag.0.1Show arpinspection vlan Show arpinspection statisticsWith an invalid address Clear arpinspection validateThis example removes all 3 additional validation conditions Clear arpinspection vlan Clear arpinspection filter Clear arpinspection limit This example removes the ARP ACL named staticARP from VlanClear arpinspection statistics This example clears all DAI statistics from the switchPage Preparing for Router Mode Pre-Routing Configuration TasksEnabling the Switch for Routing Enabling Router Configuration ModesRouter CLI Configuration Modes Router CLI Configuration Modes Page IP Configuration Configuring Routing Interface SettingsShow interface Vlan vlan ‐idUse this command to configure interfaces for IP routing Router global configuration mode C3su‐routerConfig#Interface Vlan vlan‐ idThis example shows how to enter configuration mode for Vlan Show ip interfaceRouter interface configuration C3su‐routerConfig‐ifVlan 1# Ip addressShow ip interface Output Details SecondaryShow running-config No shutdownThis example shows how to enable Vlan 1 for IP routing No ip routingUse this command to configure a tunnel interface Configuring Tunnel InterfacesInterface tunnel Router interface configuration C3su‐routerConfig‐ifTnnl 1# This example creates a configured tunnel interfaceTunnel source Tunnel mode This command specifies the mode of the tunnel interfaceIpv6ip Specifies that the tunnel mode is IPv6 over IPv4 No form of this command removes the mode of the tunnelThis example sets the tunnel mode to IPv6 over IPv4 Show interface tunnelReviewing and Configuring the ARP Table Show ip arpArp This example shows how to use the show ip arp commandShow ip arp Output Details This example shows how to enable proxy ARP on Vlan Ip proxy-arpArp timeout Clear arp-cache14,400 seconds Privileged Exec C3su‐router#Interface configuration C3su‐Router1Config‐ifVlan 1# Configuring Broadcast SettingsIp directed-broadcast Ip forward-protocol UdpSpecifies UDP as the IP forwarding protocol Are forwardedIp helper-address Reviewing IP Traffic and Configuring Routes Show ip routeOSPF, IA Ping Ip routePreference in route selection There is also a traceroute command available in switch mode This command is also available in switch modeTraceroute Configuring Icmp Redirects Ip icmp redirect enableShow ip icmp redirect InterfaceIPv4 Routing Protocol Configuration Activating Advanced Routing FeaturesConfiguring RIP RIP Configuration Task List and CommandsRIP Configuration Task List and Commands Router ripThis example shows how to enable RIP Ip rip enableDistance Ip rip send version R1compatibleIp rip authentication-key Specifies RIP version 1. This is the default settingIp rip receive version Specifies RIP versionIp rip message-digest-key Md5Use this command to disable automatic route summarization Router configuration C3su‐routerConfig‐router#No auto-summary Split-horizon poisonPassive-interface Receive-interface RedistributeConnected OspfCommand detailed in ip route on page 19‐21 ProtocolSubnets Subnetted will be redistributedConfiguring Ospf Ospf Configuration Task List and CommandsOspf Configuration Task List and Commands Advanced License RequiredRouter id RoutesRouter ospf This example shows how to enable routing for Ospf process1583compatibility This example shows how to enable RFC 1583 compatibility Ip ospf enableIp ospf areaid Ip ospf cost Ip ospf priorityTimers spf Ip ospf transmit-delay Ip ospf retransmit-intervalIp ospf dead-interval Ip ospf hello-interval65535 Ip ospf authentication-key Ip ospf message digest key md5 Distance ospfArea range External inter‐Area intra‐area Intra‐area routesIf not specified, advertise mode will be set Area stubAdvertise no‐ AdvertiseArea default cost Area nssaDefault‐ This example shows how to configure area 10 as an Nssa areaArea virtual-link Information‐Authentication‐ Transmit‐delayKey key Dead‐intervalRip Show ip ospfMetric‐type type Use this command to display the Ospf link state database This example shows how to display Ospf informationShow ip ospf database Show ip ospf interface Show ip ospf database Output DetailsShow ip ospf interface Output Details Show ip ospf neighbor Show ip ospf neighbor Output DetailsClear ip ospf process Show ip ospf virtual-linksShow ip ospf virtual links Output Details This example shows how to reset Ospf process Configuring Dvmrp Enabling Dvmrp on an InterfaceIp dvmrp enable Commands to Enable Dvmrp on an InterfaceThis example shows how to enable the Dvmrp process Ip dvmrpIp dvmrp metric Use this command to display Dvmrp routing informationShow ip dvmrp This example shows how to display Dvmrp status information Configuring Irdp Ip irdp enableIp irdp maxadvertinterval Ip irdp minadvertintervalIp irdp preference Ip irdp holdtime9000 Ip irdp broadcast Use this command to display Irdp informationShow ip irdp Configuration Tasks on page 18‐1 Configuring Vrrp Router vrrpThis example shows how enable Vrrp configuration mode CreateAddress Priority Advertise-intervalDescribed in Pre‐Routing Configuration Tasks on page 18‐1 PreemptEnable Ip vrrp authentication-key Use this command to display Vrrp routing informationThis example shows how to display Vrrp information Show ip vrrpConfiguring PIM-SM Design ConsiderationsGlobal router configuration C3su‐routerConfig# This example shows how to globally enable and disable PIMIp pimsm Ip pimsm staticrpIp pimsm enable Ip pimsm query-interval This example shows how to display PIM informationShow ip pimsm Show ip pimsm componenttable This example shows how to display PIM router informationShow ip pimsm Output Details This example shows how to display PIM interface information Show ip pimsm interfaceShow ip pimsm componenettable Output Details StatsThis example shows how to display PIM interface statistics Show ip pimsm neighborShow ip pimsm interface vlan Output Details 10 show ip pimsm interface stats Output Details‐11 provides an explanation of the command output Show ip pimsm rp11 show ip pimsm neighbor Output Details CandidateShow ip pimsm rphash ‐12 provides an explanation of the command output12 show ip pimsm rp Output Details Show ip pimsm staticrp ‐13 provides an explanation of the command outputDisplay the PIM‐SM static Rendezvous Point information Show ip mroute Use this command to display the IP multicast routing table13 show ip pimsm staticrp Output Details 20-60 IPv4 Routing Protocol Configuration IPv6 Management Show ipv6 statusThis example shows how to enable IPv6 management By default, IPv6 management is disabledSet ipv6 Set ipv6 address No global unicast IPv6 address is defined by defaultEui64 Show ipv6 address Use this command to clear IPv6 global addressesClear ipv6 address Set ipv6 gateway Clear ipv6 gateway Use this command to clear an IPv6 gateway addressShow ipv6 neighbors Use this command to display IPv6 netstat information This example shows example output of this commandShow ipv6 netstat Ping ipv6 This command is also available in router modeSize num Traceroute ipv6 Traceroute ipv6 21-10 IPv6 Management Overview IPv6 ConfigurationIPv6 Routing License Required Default Conditions Following table lists the default IPv6 conditionsIpv6 forwarding General Configuration CommandsIpv6 hop-limit Default maximum number of IPv6 hops is This command configures static IPv6 routesIpv6 route This example sets the hop limit toDefault preference or administrative distance is Ipv6 route distanceThis command sets the default distance value to Ipv6 unicast-routingPing ipv6 interface Link‐local‐addressRouter privileged exec C3 su‐router# 20010db8123455551 Ipv6 address Interface Configuration CommandsNo IPv6 addresses are defined for any interface Ipv6 enable IPv6 is disabledIpv6 mtu BytesThis example sets the MTU value to 1500 bytes Clear ipv6 neighbors Neighbor Cache and Neighbor Discovery CommandsThis example clears all dynamically learned cache entries Ipv6 nd dad attempts Duplicate address detection enabled, for 1 attemptIpv6 nd ns-interval By default, a value of 0 is advertised in RA messages Router interface configurationC3su‐routerConfig‐ifVlan 1#Ipv6 nd reachable-time This example sets the NS interval to 2 secondsIpv6 nd other-config-flag Flag is set to false by defaultRouter interface configuration C3su‐routerConfig‐if Vlan 1# This example sets the reachable time to 60 secondsIpv6 nd ra-interval Ipv6 nd ra-lifetimeSuppression disabled This example disables router advertisement transmissionIpv6 nd suppress-ra Ipv6 nd prefixRouter interface configurationC3su‐routerConfig‐if Vlan 1# No‐autoconfigOff‐link Example Query Commands Show ipv6Show ipv6 interface Router privileged execution C3su‐router#This example displays information about IPv6 interface Vlan This command displays IPv6 Neighbor Cache information This example displays the neighbors in the cacheThis command displays the IPv6 routing table Show ipv6 routeShow ipv6 neighbor Output Details Interface interfaceThis example displays all active IPv6 routes Show ipv6 route Output DetailsShow ipv6 route preferences Show ipv6 route preferences Output DetailsShow ipv6 route summary This command displays the summary of the routing tableNon‐best routes Show ipv6 traffic Following example displays the output of this commandShow ipv6 summary Output Details Show ipv6 traffic Output Details Options, etc Counter would include datagrams counted Send. Note that this counter includes all those counted by Router privileged executionC3su‐router# Clear ipv6 statisticsThis example clears the statistics for Vlan IPv6 Proxy Routing Preparing a Mixed Stack for IPv6 Proxy Routing LimitationsIPv6 proxy routing is disabled by default Router global configuration C2su‐routerConfig#This example enables IPv6 proxy routing Ipv6 proxy-routingAny routing mode DHCPv6 Configuration Global Configuration Commands Ipv6 dhcp enableFollowing table lists the default DHCPv6 conditions This command enables DHCPv6 on the routerThis example enables DHCPv6 By default, DHCPv6 is disabledIpv6 dhcp relay-agent-info-opt Ipv6 dhcp relay-agent-info-remote-id-subopt Ipv6 dhcp poolIpv6 dhcp pool Address Pool Configuration Commands Domain-nameDns-server Prefix-delegationPreferred‐lifetime Valid‐lifetime secsSecs infinite C3su-routerConfig-dhcp6s-pool# exit C3su-routerConfig# By default, DHCPv6 functionality is disabled Ipv6 dhcp serverRapid‐commit Preference prefIpv6 dhcp relay Destination dest‐addrInterface intf Remote‐id duid‐ifidExamples DHCPv6 Show Commands Show ipv6 dhcpShow ipv6 dhcp interface StatisticsOutput of show ipv6 dhcp interface Command This example displays the DHCPv6 statistics for VlanOutput of show ipv6 dhcp statistics Command This example displays the output of this commandShow ipv6 dhcp statistics Clear ipv6 dhcp statistics This example clears DHCPv6 statistics for VlanShow ipv6 dhcp pool This command displays information about DHCPv6 bindingsShow ipv6 dhcp binding If no IPv6 address is specified, all bindings are displayed Show ipv6 dhcp binding DHCPv6 Configuration OSPFv3 Configuration Following table lists the default OSPFv3 conditions Use this command to configure the OSPFv3 router ID Global OSPFv3 Configuration CommandsIpv6 router id Default-information originate Ipv6 router ospfAlways Metric valueDefault-metric Router OSPFv3 configuration C3su‐routerConfig‐router#No default metric is configured Router OSPFv3 configuration C3su-routerConfig-router#Exit-overflow-interval IntraInter Type1This command configures the external Lsdb limit for OSPFv3 Default value is ‐1External-lsdb-limit This example sets the exit overflow interval to 10 secondsConnected static Maximum-pathsTag tag Metric = unspecified Metric type = Type Tag = Area default-cost Area Configuration CommandsThese commands are used to configure area parameters This example sets the default route cost to 50 for area This example shows how to configure area 20 as an NssaArea nssa default-info-originate Default metric value isArea nssa no-redistribute ComparableArea nssa no-summary This command configures the translator role of the router By default, the translator role is disabledArea nssa translator role Area nssa translator-stab-intvDefault interval is 40 seconds Area address ranges are not configured by defaultSummarylink NssaexternallinkThis command creates a stub area for the specified area ID Area stub no-summary Example disables the import of summary LSAs into stub areaThis example creates a stub area with the ID Default dead interval is 40 seconds Area virtual-link dead-intervalArea virtual-link hello-interval Default hello interval is 10 secondsArea virtual-link retransmit-interval Default retransmit interval is 5 seconds Area virtual-link transmit-delayDefault transmit delay is 1 second Ipv6 ospf enable OSPFv3 is disabled by defaultIpv6 ospf areaid Ipv6 ospf costDefault dead interval value is 40 seconds Ipv6 ospf dead-intervalIpv6 ospf hello-interval Ipv6 ospf mtu-ignoreDefault network type is broadcast By default, MTU mismatch detection is enabledIpv6 ospf network Ipv6 ospf priority Default priority value isIpv6 ospf retransmit-interval Default value is 4 seconds Ipv6 ospf transmit-delayDefault value is 1 second Ipv6 ospf transmit-delay OSPFv3 Show Commands This command displays OSPFv3 router informationThis example shows how to display OSPFv3 router information Show ipv6 ospfShow ipv6 ospf Output Details Show ipv6 ospf area Show ipv6 ospf area Output DetailsShow ipv6 ospf abr Show ipv6 ospf abr Output DetailsShow ipv6 ospf asbr Show ipv6 ospf asbr Output DetailsShow ipv6 ospf database Adv Router Link Id Age Sequence Csum Options Rtr Opt Show ipv6 ospf database Output Details Show ipv6 ospf database database-summary Output Details Show ipv6 ospf interface This command displays information about OSPFv3 interfacesLoopback loopid Show ipv6 ospf interface Command Output Details This example shows how to display statistics for Vlan Show ipv6 ospf interface statsShow ipv6 ospf interface stats Output Details This command displays information about OSPFv3 neighbors Show ipv6 ospf neighborSpecify the Vlan interface to display information about Specify the tunnel interface to displayShow ipv6 ospf neighbor Output Details 10 show ipv6 ospf neighbor routerid Output Details Show ipv6 ospf rangeThis example displays range information for area Show ipv6 ospf stub table 11 show ipv6 ospf range Output DetailsThis example displays the OSPFv3 stub table information 12 show ipv6 ospf stub table Output DetailsShow ipv6 ospf virtual-link 13 show ipv6 ospf virtual-link Output DetailsShow ipv6 ospf virtual-link Show ipv6 ospf virtual-link OSPFv3 Configuration Authentication and Authorization Configuration Overview of Authentication and Authorization MethodsOverview of Authentication and Authorization Methods Filter-ID Attribute Formats Setting the Authentication Login Method Show authentication loginSet authentication login Use this command to set the authentication login methodClear authentication login AnyLocal RadiusConfiguring Radius TimeoutShow radius RetriesOptional Displays Radius server configuration information Set radiusServer Servers or a specific Radius server as defined by an indexRealm management‐ access any network‐access Timeout timeoutServer index Clear radius RealmSet radius accounting Show radius accountingRetries retries This example shows how to set Radius accounting retries to TimeoutClear radius accounting RetriesShow radius interface Set radius interfaceClear radius interface Example Configuring 802.1X Authentication Show dot1xAuth‐diag Auth‐statsThis example shows how to display 802.1X status Show dot1x auth-config Init reauth Set dot1xTrue false Set dot1x auth-config Clear dot1x auth-config Portcontrol MaxreqShow eapol Connecting state, via disconnected Show eapol Output DetailsSet eapol Clear eapolAuth‐mode Forced‐authOptional Globally clears the Eapol authentication mode Configuring MAC Authentication Show macauthenticationShow macauthentication Output Details NopasswordThis example shows how to display MAC session information Show macauthentication sessionShow macauthentication session Output Details Set macauthentication password Set macauthenticationUse this command to set a MAC authentication password Clear macauthentication password Set macauthentication portUse this command to clear the MAC authentication password Enables or disables MAC authenticationSet macauthentication portinitialize Set macauthentication portquietperiodSet macauthentication macinitialize Clear macauthentication portquietperiodThis example resets the default quiet period on port Set macauthentication portreauthenticate Set macauthentication reauthenticationEnables or disables MAC reauthentication Set macauthentication macreauthenticate Set macauthentication reauthperiodClear macauthentication reauthperiod Set macauthentication significant-bits Clear macauthentication significant-bitsC3su-clear macauthentication significant-bits About Multiple Authentication Types Configuring Multiple Authentication MethodsAbout Multi-User Authentication Show multiauth Set multiauth mode Clear multiauth modeMulti StrictSet multiauth precedence Default precedence order is dot1x, pwa, macClear multiauth precedence Show multiauth port Set multiauth portClear multiauth port Show multiauth station Show multiauth sessionShow multiauth idle-timeout Agent dot1x macSet multiauth idle-timeout Authentication method for which to set the timeout valueWhich to set the timeout value Idle timeout value is provided by the authenticating serverClear multiauth idle-timeout Show multiauth session-timeoutDefault Which to reset the timeout value to its defaultSet multiauth session-timeout Which to set the session timeout valueClear multiauth session-timeout Configuring User + IP Phone AuthenticationConfiguring Vlan Authorization RFC Set vlanauthorization egress Set vlanauthorizationTagged Show vlanauthorization Clear vlanauthorizationBy default, administrative egress is set to untagged Configuring Policy Maptable Response Show vlanauthorization Output DetailsWhen Policy Maptable Response is Both Operational DescriptionWhen Policy Maptable Response is Tunnel When Policy Maptable Response is PolicyShow policy maptable Set policy maptable ResponseBoth PolicyClear policy maptable Configuring MAC Locking To review, disable, enable, and configure MAC lockingShow maclock Show maclock stations Show maclock Output DetailsFirstarrival Connected to MAC locked portsSet maclock enable port‐string Set maclock enableShow maclock stations Output Details Set maclock disable This example shows how to enable MAC locking on ge.2.3This example shows how to disable MAC locking on ge.2.3 Set maclockCreate Clear maclockSpecified MAC address and port Set maclock static Clear maclock staticSet maclock firstarrival Clear maclock firstarrival Set maclock agefirstarrivalThis example enables first arrival aging on port ge.1.1 This example disables first arrival aging on port ge.1.1Clear maclock agefirstarrival Set maclock moveSet maclock trap Configuring Port Web Authentication PWA About PWAShow pwa Show pwa Output DetailsThis example shows how to enable port web authentication Enable disable Enables or disables port web authenticationSet pwa Show pwa banner This example shows how to display the PWA login bannerSet pwa banner This example shows how to hide the Enterasys Networks logo Clear pwa bannerSet pwa displaylogo Display hideSet pwa protocol Set pwa ipaddressChap pap Use this command to clear the PWA guest user name This example shows how to clear the PWA guest user nameSet pwa guestname Clear pwa guestnameSet pwa guestpassword Set pwa gueststatusAuthnone AuthradiusSet pwa initialize This example shows how to initialize ports ge.1.5‐7Set pwa quietperiod Set pwa maxrequest Set pwa portcontrolEnables or disables PWA on specified ports This example shows how to enable PWA on ports 1‐22This example shows how to display PWA session information Show pwa sessionThis example shows how to enable PWA enhancedmode Enable disable Enables or disables PWA enhancedmodeSet pwa enhancedmode Configuring Secure Shell SSH This example shows how to display SSH status on the switchShow ssh status Set sshThis example shows how to regenerate SSH keys This example shows how to disable SSHSet ssh hostkey Show access-lists Configuring Access ListsShow access‐lists number Access-list standard Deny permitInsert replace Access-list extendedThis example moves entry 16 to the beginning of ACL Insert replace Interface configuration C3su‐routerConfig‐ifVlan vlanid# Ip access-groupFilters inbound frames Example Page TACACS+ Configuration State Optional Displays only the TACACS+ client status Show tacacsShow tacacs Output Details Use this command to enable or disable the TACACS+ client Enable disable Enables or disables the Tacacs clientThis example shows how to enable the TACACS+ client Set tacacsTimeout seconds Set tacacs serverClear tacacs server Specifies one TACACS+ server to be affectedShow tacacs session This example removes TACACS+ serverSet tacacs session Service Clear tacacs sessionRead‐write Super‐userShow tacacs command Set tacacs commandSet tacacs singleconnect Show tacacs singleconnectConnection Show tacacs interface Set tacacs interfaceClear tacacs interface Clear tacacs interface TACACS+ Configuration 27-14 Using sFlow in Your Network SFlow ConfigurationAdvantages of using sFlow include Definitions SFlow Agent FunctionalitySampling Mechanisms SFlow DefinitionsCounter Sampling Packet Flow SamplingUsage Notes 28-5 Show sflow receivers Contents of the sFlow Receivers Table is displayedThis example displays the sFlow Receivers Table Following table describes the output fields Show sflow receivers Output DescriptionsSet sflow receiver owner Set sflow receiver ipDefault IP address is Default maximum datagram size is 1400 bytesSet sflow receiver maxdatagram Maxdatagram bytesDefault port value is Set sflow receiver portClear sflow receiver MaxdatagramOwner Set sflow port pollerPort port Show sflow pollers Clear sflow port poller Set sflow port samplerInterval This example removes the poller instance on port ge.1.1Show sflow samplers Clear sflow port sampler Set sflow interfaceMaxheadersize RateShow sflow interface Clear sflow interface Show sflow agent 28-18 Policy Capacities Policy and Authentication CapacitiesTable A-1 Policy Capacities Authentication Capacities Table A-2 Authentication CapacitiesIndex NumericsOspf 20-30Network Management Tftp Index