Enterasys Networks 9034313-07 specification

26

Authentication and Authorization

Configuration

This chapter describes the following authentication and authorization commands and how to use them. For information about using the TACACS+ authentication method for management, see Chapter 27, TACACS+ Configuration.

For information about...	Refer to page...

Overview of Authentication and Authorization Methods	26-1

Setting the Authentication Login Method	26-4

Configuring RADIUS	26-6

Configuring 802.1X Authentication	26-15

Configuring MAC Authentication	26-25

Configuring Multiple Authentication Methods	26-37

Configuring User + IP Phone Authentication	26-48

Configuring VLAN Authorization (RFC 3580)	26-49

Configuring Policy Maptable Response	26-52

Configuring MAC Locking	26-57

Configuring Port Web Authentication (PWA)	26-68

Configuring Secure Shell (SSH)	26-80

Configuring Access Lists	26-82

Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of authentication and authorization configuration is located on the Enterasys Networks web site:

http://www.enterasys.com/support/manuals/

Overview of Authentication and Authorization Methods

The following methods are available for controlling which users are allowed to access, monitor, and manage the switch.

•Login user accounts and passwords – used to log in to the CLI via a Telnet connection or local COM port connection. For details, refer to “Setting User Accounts and Passwords” on page 3‐2.

•Host Access Control Authentication (HACA) – authenticates user access of Telnet management, console local management and WebView via a central RADIUS Client/Server or

SecureStack C3 Configuration Guide 26-1

Image 747

Enterasys Networks 9034313-07 manual Authentication and Authorization Configuration

Contents

Enterasys SecureStack C3 Page Page Enterasys Networks, Inc. Firmware License Agreement Iii Page Contents Page Activating Licensed Features Discovery Protocol Configuration Configuring System Power and PoE Port Configuration Show port broadcast Set port broadcast Clear port broadcast Snmp Configuration Spanning Tree Configuration Configuring Spanning Tree Port Parameters Purpose Commands 802.1Q Vlan Configuration Port Priority Configuration Policy Classification Configuration Logging and Network Management Igmp Configuration 14-3 Rmon Configuration Dhcp Server Configuration Preparing for Router Mode IP ConfigurationDhcp Snooping and Dynamic ARP Inspection IPv4 Routing Protocol Configuration 20-11 IPv6 Management IPv6 Configuration IPv6 Proxy Routing DHCPv6 Configuration OSPFv3 Configuration Authentication and Authorization Configuration 26-37 TACACS+ Configuration Tables SFlow ConfigurationAppendix a Policy and Authentication Capacities Index 10-4 22-26 Xxxii Important Notice Using This GuideAbout This Guide Structure of This Guide Structure of This Guide Related Documents SecureStack C3 Installation Guides Conventions Used in This Guide Following conventions are used in the text of this documentFollowing icons are used in this guide Support@enterasys.com Getting Help Getting Help Xxxviii About This Guide Switch Management Methods IntroductionSecureStack C3 CLI Overview Default Settings for Basic Switch Operation Factory Default Settings Feature Default Setting Sntp Default Settings for Router Operation Dvmrp Using the Command Line Interface Connecting Using the Console PortStarting a CLI Session Logging Connecting Using TelnetUsing a Default User Account Using an Administratively Configured User Account Getting Help with CLI Syntax Navigating the Command Line InterfaceCLI Command Defaults Descriptions CLI Command Modes Displaying Scrolling Screens Abbreviating and Completing Commands Basic Line Editing Commands Basic Line Editing Commands About SecureStack C3 Switch Operation in a Stack Configuring Switches in a Stack Installing a New Stackable System of Up to Eight Units Installing Previously-Configured Systems in a Stack Creating a Virtual Switch ConfigurationAdding a New Unit to an Existing Stack SID Configuration Considerations About Using Clear Config in a StackIssues Related to Mixed Type Stacks Feature Support Purpose Stacking Configuration and Management CommandsShow switch Commands Examples Show switch switchtype None Show switch stack-ports Priority value Set switchSwitch command, read‐write Example This example shows how to renumber switch 5 to switch Set switch copy-fwSet switch description This example shows how to assign priority 3 to switch Set switch member Set switch movemanagement Use this command to remove a member entry from the stack Clear switch member Basic Configuration Quick Start Setup CommandsRequired CLI Setup Commands Optional CLI Setup Commands Setting User Accounts and Passwords Show system login Show system login Output DetailsParameters Super‐user read‐write read‐only Set system loginClear system login Use this command to remove a local login user account Set password This example shows how to remove the netops user accountSwitch command, read‐write Switch command, super‐user Set system password aging Set system password length Set system password history DisableShow system lockout Time time Set system lockoutShow system lockout Output Details Attempts attempts Setting Basic Switch Properties Show ip address Use this command to clear the system IP address Set ip addressClear ip address This example shows how to clear the system IP address Show ip protocolSet ip protocol Show system This example shows how to display system information Show system Output Details Show system hardware Slot Hardware Information Show system utilization Default threshold value is 80% Set system utilizationThis example sets the CPU utilization threshold to 75% Show system enhancedbuffermode Clear system utilization Set system enhancedbuffermode Set system temperatureEnable disable Enables or disables enhanced buffer mode This example shows how to enable enhanced buffer mode Trap enable disable Clear system temperatureSyslog enable Disable Set time Show time This example shows how to set the system clock to 750 a.m Use this command to display daylight savings time settingsShow summertime If an offset is not specified, none will be applied Set summertimeSet summertime date If a zone name is not specified, none will be applied Set summertime recurring Set prompt Use this command to modify the command promptThis example shows how to set the command prompt to Switch Clear summertime Set banner motd Show banner motd Show version Clear banner motd Show version Output Details ‐5 provides an explanation of the command outputUse this command to configure a name for the system Set system name Set system contact Use this command to identify the location of the systemThis example shows how to set the system location string Set system location Set length This example shows how to set the system contact stringThis example shows how to set the terminal columns to Set width Set logout This example shows how to set the terminal length toThis example shows how to display the CLI logout setting Show logout Show console Use this command to display console settingsThis example shows how to display all console settings Use this command to set the console port baud rate Downloading via the Serial Port This example shows how to set the console port baud rate toDownloading a Firmware Image Downloading from a Tftp Server Type 2. The following baud rate selection screen displays Reverting to a Previous Image Reviewing and Selecting a Boot Firmware Image Show boot systemReboot the system using the reset command page 3‐50 Compatibility platform specific Set boot system Show telnet Starting and Configuring TelnetThis example shows how to display Telnet status Use this command to enable or disable Telnet on the switch Outbound all Enable disableTelnet Inbound Configuration Persistence Mode Managing Switch Configuration and Files Set snmp persistmode Show snmp persistmode Manual Save configDir Auto Show file Use this command to display the contents of a file Show config Configure AllOutfile Copy AppendSystemimage Show tftp settings This example shows how to download an image via TftpDelete This example sets the timeout period to 4 seconds Set tftp timeoutClear tftp timeout This example shows the output of this command Set tftp retry Clear tftp retryThis example sets the retry count to To clear the CLI screen or to close your CLI session This example shows how to clear the CLI screenClearing and Closing the CLI Cls clear screen This example shows how to exit a CLI session Resetting the SwitchReset Use either of these commands to leave a CLI session This example shows how to reset unit Clear configIf no unit ID is specified, the entire system will be reset This example shows how to reset the system Using and Configuring WebView Use this command to display WebView statusShow webview Show ssl Set webview This example shows how to display SSL status This example shows how to enable SSLSet ssl To gather common technical support information CommandGathering Technical Support Information Show support Set system hostprotect Configuring HostprotectHostprotect is enabled by default Show system hostprotect Clear system hostprotect This feature is disabled by defaultThis example disables hostprotect Default state is enabled Usage Activating Licensed Features Licensing Procedure in a Stack EnvironmentLicense Key Field Descriptions Adding a New Member to a Licensed Stack Clearing, Showing, and Applying Licenses Usage Set license Clear license Use this command to clear the license key settingsFeatureID feature The name of the feature being cleared Show license C3rw-clear license featureId advrouter Clear license Activating Licensed Features Use this command to display system power properties Configuring System Power and PoECommands Show inlinepower Set inlinepower threshold This example shows how to display system power propertiesShow inlinepower Output Details Set inlinepower trap Set inlinepower detectionmodeSending of traps is disabled by default Ieee Show port inlinepower High low Set port inlinepowerAdmin off auto Priority critical Set port inlinepower Configuring System Power and PoE Configuring CDP Discovery Protocol Configuration Show cdp Output Details Show cdp Auto disable EnableSet cdp state Use this command to set a global CDP authentication code Set cdp authSet cdp interval Clear cdp Set cdp hold-time Show neighbors Show ciscodp Configuring Cisco Discovery Protocol Show ciscodp Output Details ‐2 provides an explanation of the command output‐3 provides an explanation of the command output Show ciscodp port info Show ciscodp port info Output Details Set ciscodp timerThis example shows how to globally enable CiscoDP Set ciscodp status Set ciscodp port Set ciscodp holdtime Trusted VvidDot1p Untagged Clear ciscodp Configuring Link Layer Discovery Protocol and LLDP-MED To review and configure Llpd and LLPD‐MEDOverview Configuration Tasks Show lldp Use this command to display Lldp configuration information Show lldp port trap Show lldp port status Show lldp port tx-tlv Show lldp port location-infoShow lldp port tx‐tlv port‐string Show lldp port local-info 1000BASE-TFD Show lldp port local-info Output Details ECS Elin Show lldp port remote-info Voice Voice‐signalingGuest‐voice‐signaling Show lldp port network-policy Video‐conferencing Video‐signalingSet lldp tx-interval Softphone‐voice Set lldp hold-multiplier Set lldp trap-intervalThis example sets the transmit interval to 20 seconds Set lldp med-fast-repeat Set lldp port trap Tx‐enableRx‐enable Set lldp port status Set lldp port med-trap Set lldp port location-infoElin Set lldp port tx-tlv Link‐aggr GvrpMac‐phy Poe Vid vlan‐id dot1p State enable disableSet lldp port network-policy Tag tagged untagged Trap‐interval Clear lldpTx‐interval Hold‐multiplier Clear lldp port trap Clear lldp port status Clear lldp port med-trap Clear lldp port location-infoCleared Dscp Clear lldp port network-policyTag Vid Clear lldp port tx-tlv Disables the LLDP‐MED Extended Power via MDI TLV from being Disables the LLDP‐MED Location Identification TLV from being Port type.unitorslot number.port number Port ConfigurationPort Configuration Summary Port String Syntax Used in the CLI Port Slot/Unit Parameters Used in the CLI Reviewing Port Status Show port status Show port Switch mib2 Show port countersShow port status Output Details Show port counters Output Details Clear port counters Show port cablestatusThis example clears the port counters for ge.3.1 Disabling / Enabling and Naming Ports This example shows the cable status for 1 GE port ge.1.31Show port cablestatus Output Details This example shows how to enable ge.1.3 Set port disableSet port enable This example shows how to disable ge.1.1 Use this command to assign an alias name to a port Show port aliasSet port alias This example shows how to clear the alias for ge.3.3 This example shows how to assign the alias Admin to ge.3.3 Show port speed Setting Speed and Duplex Mode Mbps Set port speedShow port duplex 10 100 This example shows how to set ge.1.17 to full duplex Set port duplexFull half Show port jumbo Enabling / Disabling Jumbo Frame Support Enables or disables jumbo frame support Set port jumboClear port jumbo Show port negotiation Setting Auto-Negotiation and Advertised Ability Enable disable Set port negotiationShow port advertise Set port advertise Clear port advertise Mdi Show port mdixSet port mdix Forced‐auto Configure ports to use MDI mode only Configure ports to use Mdix mode onlyOptional Specify the port or ports to configure Setting Flow Control Show flowcontrolSet flowcontrol This example shows how to enable flow control Show port trap Setting Port Link Traps and Link Flap Detection Following example disables sending trap on ge.3.1 Set port trapShow linkflap Metrics GlobalstatePortstate Parameters Show linkflap metrics Output Details Show linkflap parameters Output Details Set linkflap portstate Disable enableDisables or enables the link flap detection function Set linkflap globalstate Set linkflap action Set linkflap interval Use this command to set the link flap action trigger count Clear linkflap actionSet linkflap threshold Clear linkflap down Set linkflap downtime Threshold interval Clear linkflapAll stats Parameter Show port broadcast Configuring Broadcast Suppression Clear port broadcast Set port broadcast Syntax Used in the CLI on page 7‐1 Mirroring Features Port MirroringRemote Port Mirroring Configuring Smon MIB Port Mirroring ProceduresOverview Show port mirroring To review and configure port mirroring on the device Create disable Can be configured per stack, if applicableSet port mirroring Use this command to clear a port mirroring relationship Clear port mirroringSet mirror vlan Clear mirror vlan Lacp Operation Link Aggregation Control Protocol Lacp Lacp Terms and Definitions ‐6 defines key terminology used in Lacp configurationLacp Terminology SecureStack C3 Usage Considerations Commands Show lacp ‐7 provides an explanation of the command output Show lacp Output Details Disable enable Disables or enables LacpThis example shows how to disable Lacp Set lacp Set lacp aadminkey Set lacp asyspriAsyspri Disable enable Disables or enables static link aggregation Clear lacpSet lacp static Clear lacp static This example enables the formation of single port LAGs Set lacp singleportlagClear lacp singleportlag Show port lacp Status detailSummary Counters Set port lacp Aadminkey Padminport AadminstateLacptimeout Padminkey Clear port lacp C3su-clear port lacp port ge.3.16 Configuring Protected Ports Set port protectedProtected Port Operation Show port protected Clear port protectedRead‐only Show port protected name Set port protected name Clear port protected name Use this command to clear the name of a protected group Clear port protected name Port Configuration Snmp Configuration Summary Snmp Configuration SNMPv1 and SNMPv2c SNMPv3About Snmp Security Models and Levels Snmp Security Levels Using Snmp Contexts to Access Specific MIBsConfiguration Considerations Reviewing Snmp Statistics This example shows how to display Snmp engine properties Show snmp engineidShow snmp engineid Output Details Use this command to display Snmp traffic counter values This example shows how to display Snmp counter valuesShow snmp counters Show snmp counters Output Details Engine or otherwise unavailable Show snmp user Configuring Snmp Users, Groups, and Communities Set snmp user This example shows how to display an Snmp user list‐4 provides an explanation of the command output Use this command to create a new SNMPv3 user Nonvolatile AesSha Volatile Clear snmp user Show snmp groupRemote remote V2c usm Volatile Set snmp groupUser user Security‐model Clear snmp group Show snmp communityV2c usm Context context Use this command to configure an Snmp community groupSet snmp community Securityname Clear snmp community Configuring Snmp Access RightsUse this command to delete an Snmp community name This example shows how to delete the community name vip Nonvolatile read‐ Only Show snmp accessNoauthentication Authentication Privacy Context context This example shows how to display Snmp access information ‐6 provides an explanation of the command outputShow snmp access Output Details Set snmp access Configuring Snmp MIB Views Clear snmp access Show snmp view Show snmp context Set snmp viewShow snmp view Output Details Clear snmp view Read‐only Configuring Snmp Target ParametersShow snmp targetparams Volatile nonvolatile Message‐ ‐8 provides an explanation of the command outputSet snmp targetparams Show snmp targetparams Output Details Protected from disclosure AuthenticationClear snmp targetparams Privacy Configuring Snmp Target Addresses Use this command to display Snmp target address informationShow snmp targetaddr Udpport udpport Timeout timeoutSet snmp targetaddr Param param Tag 1 tag Use this command to delete an Snmp target address entryClear snmp targetaddr Taglist taglist About Snmp Notify Filters Configuring Snmp Notification Parameters By default, this function is disabled globally and per port Show newaddrtrapSet newaddrtrap Show snmp notify Trap inform ‐10 provides an explanation of the command outputSet snmp notify 10 show snmp notify Output Details Use this command to clear an Snmp notify configuration Clear snmp notifyShow snmp notifyfilter Subtree oid‐or‐ Set snmp notifyfilter Clear snmp notifyfilter Show snmp notifyprofile Set snmp notifyprofileTargetparam Creating a Basic Snmp Trap Configuration This example shows how to delete Snmp notify profile area51Clear snmp notifyprofile Example 11 Basic Snmp Trap Configuration Configuring the Snmp Management Interface How Snmp Will Use This ConfigurationShow snmp interface Loopback loop‐ID Set snmp interface Clear snmp interface Clear snmp interface Snmp Configuration Spanning Tree Configuration Summary Spanning Tree Configuration Loop Protect Spanning Tree Features Configuring Spanning Tree Bridge Parameters For information about Show spantree stats Sid sidActive Show spantree Output Details ‐1 shows a detailed explanation of command output Disable enable Globally disables or enables Spanning Tree Set spantreeShow spantree version Set spantree version This example shows how to reset the Spanning Tree version Clear spantree versionShow spantree bpdu-forwarding Set spantree bpdu-forwarding Disable enable Disables or enables Bpdu forwardingBy default Bpdu forwarding is disabled This example shows how to enable Bpdu forwarding 8021t Set spantree bridgeprioritymodeClear spantree bridgeprioritymode 8021d Show spantree mstilist Set spantree mstiCreate delete Clear spantree msti Show spantree mstmapFid fid Clear spantree mstmap This example shows how to map FID 3 to SIDUse this command to map a FID back to SID Set spantree mstmap This example shows how to map FID 2 back to SID Show spantree vlanlistShow spantree mstcfgid Cfgname name Specifies an MST configuration name Set spantree mstcfgidClear spantree mstcfgid Use this command to set the device’s Spanning Tree priority Set spantree priorityClear spantree priority This example shows how to reset the bridge priority on SID Set spantree helloClear spantree hello Set spantree maxage Use this command to set the bridge maximum aging time Set spantree fwddelay Use this command to set the Spanning Tree forward delayClear spantree maxage Show spantree backuproot Clear spantree fwddelay Clear spantree backuproot Set spantree backuproot Set spantree tctrapsuppress Show spantree tctrapsuppress Set spantree protomigration Clear spantree tctrapsuppress Enable disable Enables or disables the SpanGuard function Show spantree spanguardSet spantree spanguard Clear spantree spanguard This example shows how to enable the SpanGuard function Set spantree spanguardtimeout Show spantree spanguardtimeout Show spantree spanguardlock Clear spantree spanguardtimeout Show spantree spanguardtrapenable This example shows how to unlock port ge.1.16Clear / set spantree spanguardlock Set spantree spanguardtrapenable Clear spantree spanguardtrapenableIs enabled Set spantree legacypathcost Show spantree legacypathcost This example clears the legacy path cost to 802.1t values Clear spantree legacypathcostShow spantree autoedge Set spantree autoedge Clear spantree autoedge To display and set Spanning Tree port parameters Configuring Spanning Tree Port ParametersSet spantree portadmin Disable enable Clear spantree portadmin Show spantree portadminThis example shows how to disable Spanning Tree on ge.1.5 Use this command to set a port’s Spanning Tree priority Show spantree portpriSet spantree portpri Clear spantree portpri Set spantree adminpathcost Show spantree adminpathcost Show spantree adminedge Clear spantree adminpathcost True false Set spantree adminedgeClear spantree adminedge This example shows how to set ge.1.11 as an edge port Show spantree operedge This example shows how to reset ge.1.11 as a non‐edge port Configuring Spanning Tree Loop Protect Parameters If no SID is specified, SID 0 is assumed This example shows how to enable Loop Protect on ge.2.3Set spantree lp Show spantree lp Show spantree lplock Clear spantree lp SID Locked Clear spantree lplock Show spantree lpcapablepartner Set spantree lpcapablepartner Use this command to set the Loop Protect event threshold Clear spantree lpcapablepartnerSet spantree lpthreshold None. The default event threshold is Show spantree lpthresholdClear spantree lpthreshold Show spantree lpwindow Set spantree lpwindow Set spantree lptrapenable DisabledClear spantree lpwindow Clear spantree lptrapenable Show spantree lptrapenable Set spantree disputedbpduthreshold Clear spantree disputedbpduthreshold Show spantree disputedbpduthreshold Show spantree nonforwardingreason Vlan Configuration Summary 802.1Q Vlan Configuration Creating a Secure Management Vlan Command Set for Creating a Secure Management Vlan Portinfo Viewing VLANsShow vlan Static Vlan Vlan ID Name Show vlan Output Details Set vlan Create enable Creates, enables or disables VLANs. disableThis example shows how to create Vlan Creating and Naming Static VLANs This example shows how to set the name for Vlan 7 to green Set vlan nameClear vlan Clear vlan name This example shows how to clear the name for Vlan Show port vlan Assigning Port Vlan IDs PVIDs and Ingress Filtering No‐modify‐egress Set port vlanClear port vlan Modify‐egress Show port ingress filter Show port discard Set port ingress filter Tagged untagged both none Set port discard Show port egress Configuring the Vlan Egress List Set vlan forbidden Untagged forbidden tagged Use this command to remove ports from a VLAN’s egress listSet vlan egress Clear vlan egress Forbidden Show vlan dynamicegress Enable disable Enables or disables dynamic egress This example shows how to enable dynamic egress on VlanSet vlan dynamicegress Setting the Host Vlan Show host vlanSet host vlan Clear host vlan This example shows how to set Vlan 7 as the host Vlan Enabling/Disabling Gvrp Garp Vlan Registration Protocol About Garp Vlan Registration Protocol GvrpHow It Works Example of Vlan Propagation via Gvrp Show garp timer Use this command to display Gvrp configuration informationShow gvrp Show gvrp configuration Output Details Disables or enables Gvrp on the deviceSet gvrp Set garp timer This example shows how to enable Gvrp on ge.1.3Clear gvrp Leave Clear garp timerLeaveall timer‐ Join C3su-clear garp timer leave ge.1.1 Policy Classification Configuration Summary Policy Classification Configuration ‐verbose Configuring Policy ProfilesUse this command to display policy profile information Show policy profile Show policy profile Output Details Set policy profile Use this command to delete a policy profile entry This example shows how to delete policy profileClear policy profile Configuring Classification Rules All admin‐ profile profile‐ indexShow policy rule Udpdestport Not‐in‐service Not‐ready Storage‐type non‐Admin‐pid Tcpsourceport Show policy rule Output Details Show policy capability Vlan Admin‐profile Set policy ruleVlantag data Ipsourcesocket EtherIpproto Ipdestsocket Data value Mask bits Valid Values for Policy Classification Rules All‐pid‐entries Following parameters apply to deleting an admin ruleClear policy rule Range from 1 to 4094 or 0xFFF Clear policy all-rules Use this command to remove all policy classification rules To assign and unassign ports to policy profiles Use this command to assign ports to a policy profileAssigning Ports to Policy Profiles Set policy port Clear policy port Configuring Policy Class of Service CoS About Policy-Based CoS ConfigurationsProcedure 11-1 User-Defined CoS Configuration Configuring Policy Class of Service CoS About CoS-Based Flood Control Procedure Set cos state Use this command to enable or disable Class of Service This example shows how to enable Class of Service Show cos stateClear cos state Irl‐reference Set cos settingsPriority priority Tos‐value tos‐value Tos‐value Clear cos settingsShow cos settings Priority Set cos port-config Should be displayed Show cos port-config Ports Clear cos port-configEntry Name Set cos port-resource irl Multicast Set cos port-resource flood-ctrlGroup#.port‐type Unicast Group#.port‐type Show cos port-resource Type Clear cos port-resource irlUnit Rate Multicast Clear cos port-resource flood-ctrlSet cos reference Unicast Rate‐limit irl‐index Specifies that an IRL reference is being configuredShow cos reference IRL reference number associated with this entry Clear cos reference Pps Show cos unitPort‐typ e index Kbps Show cos port-type Clear cos all-entries This example shows flood control information for port type Port Priority Configuration Summary Port Priority Configuration Show port priority Configuring Port Priority Clear port priority Set port priority Show port priority-queue Configuring Priority to Transmit Queue Mapping Set port priority-queue Clear port priority-queue Show port txq Configuring Quality of Service QoS Set port txq Clear port txq By default, transmit queues are defined as follows Clear port txq Port Priority Configuration Igmp Configuration Igmp OverviewAbout IP Multicast Group Management Configuring Igmp at Layer To configure Igmp snooping from the switch CLIAbout Multicasting Use this command to enable or disable Igmp on the system Set igmpsnooping adminmodeUse this command to display Igmp snooping information This example shows how to display Igmp snooping information Set igmpsnooping interfacemode This example shows how to enable Igmp on the systemEnable disable Enables or disables Igmp This example shows how to enable Igmp on port ge.1.10 Set igmpsnooping maxresponse If no ports are specified, all ports are added to the entry Set igmpsnooping mcrtrexpiretimeSet igmpsnooping add-static Modify Set igmpsnooping remove-static Show igmpsnooping staticIf modify is not specified, a new entry is created Stats Optional Displays Mfdb statistics Show igmpsnooping mfdbGroup group This example displays the static Igmp ports for Vlan Use this command to clear all Igmp snooping entries This example shows how to clear all Igmp snooping entriesClear igmpsnooping Ip igmp Configuring Igmp on Routing InterfacesTo configure Igmp on routing interfaces Global configuration C3su‐routerConfig# Ip igmp version Ip igmp enableThis example shows how to enable Igmp on the router Interface configuration C3su‐routerConfig‐ifVlan 1# Show ip igmp interface Any router mode Ip igmp query-interval Show ip igmp groups Ip igmp startup-query-interval Ip igmp query-max-response-time Ip igmp last-member-query-interval Ip igmp startup-query-count Ip igmp robustness Ip igmp last-member-query-count Interface configuration C3 su‐routerConfig‐ifVlan 1# Ip igmp robustness Igmp Configuration Logging and Network Management Configuring System Logging Show logging server Set logging server Clear logging server Show logging default Use this command to set logging default values Set logging default Severity Clear logging defaultShow logging application Facility Show logging application Output Details Set logging application If level is not specified, none will be applied Level level Show logging local Clear logging application Clear logging local Set logging local This example shows how to clear local logging Show logging bufferShow logging interface Set logging interface Clear logging interface History Monitoring Network Events and Status Set history Use this command to set the size of the history bufferDefault Show history Ping Show usersThis example, the host at IP address is not responding Disconnect Show netstatConsole Following example shows the output of this command Following table describes the output of this commandShow netstat Output Details Managing Switch Network Addresses and Routes Use this command to display the switch’s ARP tableShow arp This example shows how to display the ARP table Set arpShow arp Output Details Traceroute Clear arp Self mgmt Show macEach response Type other learned Show mac Output Details Show mac agetime Clear mac agetime This example shows how to display the MAC timeout periodThis example shows how to set the MAC timeout period Set mac agetime Default MAC algorithm is mac‐crc16‐upperbits Set mac algorithmShow mac algorithm Set mac multicast Clear mac algorithm Use this command to remove a multicast MAC address Clear mac addressAppend clear Set mac unreserved-flood Show mac unreserved-flood Show sntp Configuring Simple Network Time Protocol SntpThis example enables multicast flood protection Use this command to display Sntp client settings Show sntp Output Details This example shows how to display Sntp client settings Clear sntp client Set sntp client Set sntp server Clear sntp serverIf precedence is not specified, 1 will be applied Clear sntp poll-interval Set sntp poll-interval This example shows how to clear the Sntp poll interval Set sntp poll-retryClear sntp poll-retry This example shows how to clear the Sntp poll timeout Set sntp poll-timeoutClear sntp poll-timeout Use this command to clear the Sntp poll timeout Set timezone Set sntp interface Show sntp interface Clear sntp interface C3rw-show sntp interface Vlan 100 C3rw-clear sntp interface Show nodealias config Configuring Node Aliases Show nodealias config Output Details Set nodealiasMaxentries maxentries Clear nodealias config Rmon Configuration Rmon Monitoring Group Functions and CommandsRmon Monitoring Group Functions Design Considerations Group What It Does What It Monitors CLI Commands To display, configure, and clear Rmon statistics Statistics Group Commands Use this command to configure an Rmon statistics entry Show rmon statsSet rmon stats If owner is not specified, monitor will be applied To‐defaultsThis example shows how to delete Rmon statistics entry Clear rmon stats Show rmon history History Group Commands Interval interval Set rmon historyClear rmon history Buckets buckets This example shows how to delete Rmon history entry Alarm Group Commands Show rmon alarmThis example shows how to display Rmon alarm entry Type absolute Set rmon alarm propertiesShow rmon alarm Output Details Object object Set rmon alarm status Use this command to delete an Rmon alarm entry Clear rmon alarmEnable This example shows how to enable Rmon alarm entry Show rmon event Event Group CommandsUse this command to display Rmon event entry properties This example shows how to display Rmon event entry Trap both Set rmon event propertiesDescription Type none log This example shows how to enable Rmon event entry Set rmon event statusClear rmon event This example shows how to clear Rmon event Show rmon channel Filter Group Commands Failed Use this command to configure an Rmon channel entrySet rmon channel Accept matched Channel channel Clear rmon channelShow rmon filter Index index Set rmon filter Use this command to clear an Rmon filter entry This example shows how to clear Rmon filter entryClear rmon filter Packet Capture Commands Show rmon captureNodata Loadsize loadsize Set rmon captureAction lock Slice slice Use this command to clears an Rmon capture entry This example shows how to clear Rmon capture entryClear rmon capture Dhcp Server Dhcp Server ConfigurationDhcp Overview Dhcp Relay Agent Configuring a Dhcp Server Configuring General Dhcp Server Parameters Set dhcp bootp This example enables Dhcp server functionalitySet dhcp Show dhcp conflict This example enables address allocation for Bootp clientsThis example enables Dhcp conflict logging Set dhcp conflict logging Clears the conflict information for all IP addresses Logging Disables conflict loggingThis example disables Dhcp conflict logging Clear dhcp conflict 100, with the set dhcp exclude command Set dhcp excludeClear dhcp exclude Set dhcp ping Clear dhcp pingThis example sets the number of ping packets sent to Clear dhcp binding Show dhcp binding Clear dhcp server statistics Use this command to display Dhcp server statisticsUse this command to clear all Dhcp server counters Show dhcp server statistics This example clears all Dhcp server counters Manual Pool Configuration Considerations Configuring IP Address Pools This example creates an address pool named auto1 Set dhcp pool This example deletes the address pool named auto1 Use this command to delete a Dhcp server pool of addressesClear dhcp pool Set dhcp pool network Set dhcp pool hardware-address Clear dhcp pool network Clear dhcp pool hardware-address Set dhcp pool hostIf no type is specified, Ethernet is assumed Set dhcp pool client-identifier Clear dhcp pool host Clear dhcp pool client-identifier Clear dhcp pool client-name Set dhcp pool client-name Clear dhcp pool bootfile Set dhcp pool bootfile Clear dhcp pool next-server Set dhcp pool next-server Set dhcp pool lease Clear dhcp pool leaseInfinite Clear dhcp pool default-router Set dhcp pool default-router Clear dhcp pool dns-server Set dhcp pool dns-server Clear dhcp pool domain-name Set dhcp pool domain-name Clear dhcp pool netbios-name-server Set dhcp pool netbios-name-server Set dhcp pool netbios-node-type Clear dhcp pool netbios-node-type‐node Ascii string Set dhcp pool option Show dhcp pool configuration Clear dhcp pool optionThis example removes option 19 from address pool auto1 Show dhcp pool configuration Dhcp Snooping Dynamic ARP Inspection Dhcp Snooping OverviewDhcp Message Processing Building and Maintaining the Database Rate Limiting Basic ConfigurationConfiguration Notes Procedure 17-1 Basic Configuration for Dhcp Snooping Dhcp Snooping Commands Disabled globallySet dhcpsnooping Set dhcpsnooping vlan Set dhcpsnooping database write-delay Set dhcpsnooping trust By default, ports are untrusted This example configures port ge.1.1 as a trusted port Set dhcpsnooping bindingSet dhcpsnooping verify Source MAC address verification is enabled by default Set dhcpsnooping log-invalidAgainst the client hardware address Burst interval secs Set dhcpsnooping limitNone Rate pps This example configures rate limit parameters on port ge.1.1 Show dhcpsnooping port Show dhcpsnooping database Show dhcpsnooping binding Dynamic staticEntry, either dynamic or static Show dhcpsnooping statistics Clear dhcpsnooping binding Clear dhcpsnooping statisticsClear dhcpsnooping database Dynamic ARP Inspection Overview Write‐delayDefault value of 300 seconds Clear dhcpsnooping limit Functional Description Static MappingsOptional ARP Packet Validation Eligible Interfaces Logging Invalid PacketsPacket Forwarding Rate Limiting Step Task Commands Procedure 17-2 Basic Dynamic ARP Inspection Configuration Example Configuration Router ConfigurationVlan Configuration Dynamic ARP Inspection Configuration Dynamic ARP Inspection CommandsSet arpinspection vlan Dhcp Snooping Configuration Logging Set arpinspection trustLogging is disabled by default By default, all physical ports and LAGs are untrusted Set arpinspection validate Src‐macDst‐mac Set arpinspection limit Mac host Set arpinspection filterShow arpinspection access-list Permit This example displays the ARP configuration of lag.0.1 Show arpinspection ports Show arpinspection statistics Show arpinspection vlan Clear arpinspection validate With an invalid addressThis example removes all 3 additional validation conditions Clear arpinspection vlan Clear arpinspection filter This example removes the ARP ACL named staticARP from Vlan Clear arpinspection limit This example clears all DAI statistics from the switch Clear arpinspection statisticsPage Pre-Routing Configuration Tasks Preparing for Router Mode Enabling Router Configuration Modes Enabling the Switch for RoutingRouter CLI Configuration Modes Router CLI Configuration Modes Page Configuring Routing Interface Settings IP Configuration Vlan vlan ‐id Show interface Vlan vlan‐ id Use this command to configure interfaces for IP routingRouter global configuration mode C3su‐routerConfig# Interface Show ip interface This example shows how to enter configuration mode for Vlan Secondary Router interface configuration C3su‐routerConfig‐ifVlan 1#Ip address Show ip interface Output Details No shutdown Show running-config No ip routing This example shows how to enable Vlan 1 for IP routing Configuring Tunnel Interfaces Use this command to configure a tunnel interfaceInterface tunnel This example creates a configured tunnel interface Router interface configuration C3su‐routerConfig‐ifTnnl 1#Tunnel source No form of this command removes the mode of the tunnel Tunnel modeThis command specifies the mode of the tunnel interface Ipv6ip Specifies that the tunnel mode is IPv6 over IPv4 Show interface tunnel This example sets the tunnel mode to IPv6 over IPv4 Show ip arp Reviewing and Configuring the ARP Table This example shows how to use the show ip arp command ArpShow ip arp Output Details Ip proxy-arp This example shows how to enable proxy ARP on Vlan Privileged Exec C3su‐router# Arp timeoutClear arp-cache 14,400 seconds Configuring Broadcast Settings Interface configuration C3su‐Router1Config‐ifVlan 1#Ip directed-broadcast Are forwarded Ip forward-protocolUdp Specifies UDP as the IP forwarding protocol Ip helper-address Show ip route Reviewing IP Traffic and Configuring Routes OSPF, IA Ip route PingPreference in route selection This command is also available in switch mode There is also a traceroute command available in switch modeTraceroute Ip icmp redirect enable Configuring Icmp Redirects Interface Show ip icmp redirect Activating Advanced Routing Features IPv4 Routing Protocol Configuration Router rip Configuring RIPRIP Configuration Task List and Commands RIP Configuration Task List and Commands Ip rip enable This example shows how to enable RIPDistance R1compatible Ip rip send version Specifies RIP version Ip rip authentication-keySpecifies RIP version 1. This is the default setting Ip rip receive version Md5 Ip rip message-digest-key Split-horizon poison Use this command to disable automatic route summarizationRouter configuration C3su‐routerConfig‐router# No auto-summary Passive-interface Ospf Receive-interfaceRedistribute Connected Subnetted will be redistributed Command detailed in ip route on page 19‐21Protocol Subnets Advanced License Required Configuring OspfOspf Configuration Task List and Commands Ospf Configuration Task List and Commands Routes Router id This example shows how to enable routing for Ospf process Router ospf1583compatibility Ip ospf enable This example shows how to enable RFC 1583 compatibilityIp ospf areaid Ip ospf priority Ip ospf cost Timers spf Ip ospf retransmit-interval Ip ospf transmit-delay Ip ospf hello-interval Ip ospf dead-interval65535 Ip ospf authentication-key Distance ospf Ip ospf message digest key md5 Intra‐area routes Area rangeExternal inter‐ Area intra‐area Advertise If not specified, advertise mode will be setArea stub Advertise no‐ Area nssa Area default cost Information‐ Default‐This example shows how to configure area 10 as an Nssa area Area virtual-link Dead‐interval Authentication‐Transmit‐delay Key key Show ip ospf RipMetric‐type type This example shows how to display Ospf information Use this command to display the Ospf link state databaseShow ip ospf database Show ip ospf database Output Details Show ip ospf interface Show ip ospf interface Output Details Show ip ospf neighbor Output Details Show ip ospf neighbor Show ip ospf virtual-links Clear ip ospf processShow ip ospf virtual links Output Details This example shows how to reset Ospf process Enabling Dvmrp on an Interface Configuring Dvmrp Ip dvmrp Ip dvmrp enableCommands to Enable Dvmrp on an Interface This example shows how to enable the Dvmrp process Use this command to display Dvmrp routing information Ip dvmrp metricShow ip dvmrp This example shows how to display Dvmrp status information Ip irdp enable Configuring Irdp Ip irdp minadvertinterval Ip irdp maxadvertinterval Ip irdp holdtime Ip irdp preference9000 Use this command to display Irdp information Ip irdp broadcastShow ip irdp Configuration Tasks on page 18‐1 Router vrrp Configuring Vrrp Create This example shows how enable Vrrp configuration mode Address Advertise-interval Priority Preempt Described in Pre‐Routing Configuration Tasks on page 18‐1 Enable Show ip vrrp Ip vrrp authentication-keyUse this command to display Vrrp routing information This example shows how to display Vrrp information Design Considerations Configuring PIM-SM Ip pimsm staticrp Global router configuration C3su‐routerConfig#This example shows how to globally enable and disable PIM Ip pimsm Ip pimsm enable This example shows how to display PIM information Ip pimsm query-intervalShow ip pimsm This example shows how to display PIM router information Show ip pimsm componenttableShow ip pimsm Output Details Stats This example shows how to display PIM interface informationShow ip pimsm interface Show ip pimsm componenettable Output Details 10 show ip pimsm interface stats Output Details This example shows how to display PIM interface statisticsShow ip pimsm neighbor Show ip pimsm interface vlan Output Details Candidate ‐11 provides an explanation of the command outputShow ip pimsm rp 11 show ip pimsm neighbor Output Details ‐12 provides an explanation of the command output Show ip pimsm rphash12 show ip pimsm rp Output Details ‐13 provides an explanation of the command output Show ip pimsm staticrpDisplay the PIM‐SM static Rendezvous Point information Use this command to display the IP multicast routing table Show ip mroute13 show ip pimsm staticrp Output Details 20-60 IPv4 Routing Protocol Configuration Show ipv6 status IPv6 Management By default, IPv6 management is disabled This example shows how to enable IPv6 managementSet ipv6 No global unicast IPv6 address is defined by default Set ipv6 addressEui64 Use this command to clear IPv6 global addresses Show ipv6 addressClear ipv6 address Set ipv6 gateway Use this command to clear an IPv6 gateway address Clear ipv6 gatewayShow ipv6 neighbors This example shows example output of this command Use this command to display IPv6 netstat informationShow ipv6 netstat This command is also available in router mode Ping ipv6Size num Traceroute ipv6 Traceroute ipv6 21-10 IPv6 Management IPv6 Configuration OverviewIPv6 Routing License Required Following table lists the default IPv6 conditions Default Conditions General Configuration Commands Ipv6 forwardingIpv6 hop-limit This example sets the hop limit to Default maximum number of IPv6 hops isThis command configures static IPv6 routes Ipv6 route Ipv6 route distance Default preference or administrative distance is Ipv6 unicast-routing This command sets the default distance value to Link‐local‐address Ping ipv6 interface Router privileged exec C3 su‐router# 20010db8123455551 Interface Configuration Commands Ipv6 addressNo IPv6 addresses are defined for any interface IPv6 is disabled Ipv6 enable Bytes Ipv6 mtu This example sets the MTU value to 1500 bytes Neighbor Cache and Neighbor Discovery Commands Clear ipv6 neighborsThis example clears all dynamically learned cache entries Duplicate address detection enabled, for 1 attempt Ipv6 nd dad attemptsIpv6 nd ns-interval This example sets the NS interval to 2 seconds By default, a value of 0 is advertised in RA messagesRouter interface configurationC3su‐routerConfig‐ifVlan 1# Ipv6 nd reachable-time This example sets the reachable time to 60 seconds Ipv6 nd other-config-flagFlag is set to false by default Router interface configuration C3su‐routerConfig‐if Vlan 1# Ipv6 nd ra-lifetime Ipv6 nd ra-interval Ipv6 nd prefix Suppression disabledThis example disables router advertisement transmission Ipv6 nd suppress-ra No‐autoconfig Router interface configurationC3su‐routerConfig‐if Vlan 1#Off‐link Example Router privileged execution C3su‐router# Query CommandsShow ipv6 Show ipv6 interface This example displays information about IPv6 interface Vlan This example displays the neighbors in the cache This command displays IPv6 Neighbor Cache information Interface interface This command displays the IPv6 routing tableShow ipv6 route Show ipv6 neighbor Output Details Show ipv6 route Output Details This example displays all active IPv6 routes Show ipv6 route preferences Output Details Show ipv6 route preferences This command displays the summary of the routing table Show ipv6 route summaryNon‐best routes Following example displays the output of this command Show ipv6 trafficShow ipv6 summary Output Details Show ipv6 traffic Output Details Options, etc Counter would include datagrams counted Send. Note that this counter includes all those counted by Clear ipv6 statistics Router privileged executionC3su‐router#This example clears the statistics for Vlan IPv6 Proxy Routing Limitations Preparing a Mixed Stack for IPv6 Proxy Routing Ipv6 proxy-routing IPv6 proxy routing is disabled by defaultRouter global configuration C2su‐routerConfig# This example enables IPv6 proxy routing Any routing mode DHCPv6 Configuration This command enables DHCPv6 on the router Global Configuration CommandsIpv6 dhcp enable Following table lists the default DHCPv6 conditions By default, DHCPv6 is disabled This example enables DHCPv6Ipv6 dhcp relay-agent-info-opt Ipv6 dhcp pool Ipv6 dhcp relay-agent-info-remote-id-subopt Ipv6 dhcp pool Domain-name Address Pool Configuration Commands Prefix-delegation Dns-server Valid‐lifetime secs Preferred‐lifetimeSecs infinite C3su-routerConfig-dhcp6s-pool# exit C3su-routerConfig# Preference pref By default, DHCPv6 functionality is disabledIpv6 dhcp server Rapid‐commit Remote‐id duid‐ifid Ipv6 dhcp relayDestination dest‐addr Interface intf Examples Show ipv6 dhcp DHCPv6 Show Commands Statistics Show ipv6 dhcp interface This example displays the DHCPv6 statistics for Vlan Output of show ipv6 dhcp interface Command This example displays the output of this command Output of show ipv6 dhcp statistics CommandShow ipv6 dhcp statistics This example clears DHCPv6 statistics for Vlan Clear ipv6 dhcp statistics This command displays information about DHCPv6 bindings Show ipv6 dhcp poolShow ipv6 dhcp binding If no IPv6 address is specified, all bindings are displayed Show ipv6 dhcp binding DHCPv6 Configuration OSPFv3 Configuration Following table lists the default OSPFv3 conditions Global OSPFv3 Configuration Commands Use this command to configure the OSPFv3 router IDIpv6 router id Metric value Default-information originateIpv6 router ospf Always Router OSPFv3 configuration C3su-routerConfig-router# Default-metricRouter OSPFv3 configuration C3su‐routerConfig‐router# No default metric is configured Type1 Exit-overflow-intervalIntra Inter This example sets the exit overflow interval to 10 seconds This command configures the external Lsdb limit for OSPFv3Default value is ‐1 External-lsdb-limit Maximum-paths Connected staticTag tag Metric = unspecified Metric type = Type Tag = Area Configuration Commands Area default-costThese commands are used to configure area parameters This example shows how to configure area 20 as an Nssa This example sets the default route cost to 50 for area Comparable Area nssa default-info-originateDefault metric value is Area nssa no-redistribute Area nssa no-summary Area nssa translator-stab-intv This command configures the translator role of the routerBy default, the translator role is disabled Area nssa translator role Nssaexternallink Default interval is 40 secondsArea address ranges are not configured by default Summarylink This command creates a stub area for the specified area ID Example disables the import of summary LSAs into stub area Area stub no-summaryThis example creates a stub area with the ID Area virtual-link dead-interval Default dead interval is 40 seconds Default hello interval is 10 seconds Area virtual-link hello-intervalArea virtual-link retransmit-interval Area virtual-link transmit-delay Default retransmit interval is 5 secondsDefault transmit delay is 1 second OSPFv3 is disabled by default Ipv6 ospf enable Ipv6 ospf cost Ipv6 ospf areaid Ipv6 ospf dead-interval Default dead interval value is 40 seconds Ipv6 ospf mtu-ignore Ipv6 ospf hello-interval By default, MTU mismatch detection is enabled Default network type is broadcastIpv6 ospf network Default priority value is Ipv6 ospf priorityIpv6 ospf retransmit-interval Ipv6 ospf transmit-delay Default value is 4 secondsDefault value is 1 second Ipv6 ospf transmit-delay Show ipv6 ospf OSPFv3 Show CommandsThis command displays OSPFv3 router information This example shows how to display OSPFv3 router information Show ipv6 ospf Output Details Show ipv6 ospf area Output Details Show ipv6 ospf area Show ipv6 ospf abr Output Details Show ipv6 ospf abr Show ipv6 ospf asbr Output Details Show ipv6 ospf asbr Show ipv6 ospf database Adv Router Link Id Age Sequence Csum Options Rtr Opt Show ipv6 ospf database Output Details Show ipv6 ospf database database-summary Output Details This command displays information about OSPFv3 interfaces Show ipv6 ospf interfaceLoopback loopid Show ipv6 ospf interface Command Output Details Show ipv6 ospf interface stats This example shows how to display statistics for Vlan Show ipv6 ospf interface stats Output Details Specify the tunnel interface to display This command displays information about OSPFv3 neighborsShow ipv6 ospf neighbor Specify the Vlan interface to display information about Show ipv6 ospf neighbor Output Details Show ipv6 ospf range 10 show ipv6 ospf neighbor routerid Output DetailsThis example displays range information for area 12 show ipv6 ospf stub table Output Details Show ipv6 ospf stub table11 show ipv6 ospf range Output Details This example displays the OSPFv3 stub table information 13 show ipv6 ospf virtual-link Output Details Show ipv6 ospf virtual-link Show ipv6 ospf virtual-link Show ipv6 ospf virtual-link OSPFv3 Configuration Overview of Authentication and Authorization Methods Authentication and Authorization Configuration Overview of Authentication and Authorization Methods Filter-ID Attribute Formats Use this command to set the authentication login method Setting the Authentication Login MethodShow authentication login Set authentication login Radius Clear authentication loginAny Local Retries Configuring RadiusTimeout Show radius Servers or a specific Radius server as defined by an index Optional Displays Radius server configuration informationSet radius Server Timeout timeout Realm management‐ access any network‐accessServer index Realm Clear radius Show radius accounting Set radius accountingRetries retries Retries This example shows how to set Radius accounting retries toTimeout Clear radius accounting Set radius interface Show radius interface Clear radius interface Example Auth‐stats Configuring 802.1X AuthenticationShow dot1x Auth‐diag This example shows how to display 802.1X status Show dot1x auth-config Set dot1x Init reauthTrue false Set dot1x auth-config Portcontrol Maxreq Clear dot1x auth-config Show eapol Show eapol Output Details Connecting state, via disconnected Forced‐auth Set eapolClear eapol Auth‐mode Optional Globally clears the Eapol authentication mode Show macauthentication Configuring MAC Authentication Nopassword Show macauthentication Output Details Show macauthentication session This example shows how to display MAC session informationShow macauthentication session Output Details Set macauthentication Set macauthentication passwordUse this command to set a MAC authentication password Enables or disables MAC authentication Clear macauthentication passwordSet macauthentication port Use this command to clear the MAC authentication password Set macauthentication portquietperiod Set macauthentication portinitialize Clear macauthentication portquietperiod Set macauthentication macinitializeThis example resets the default quiet period on port Set macauthentication reauthentication Set macauthentication portreauthenticateEnables or disables MAC reauthentication Set macauthentication reauthperiod Set macauthentication macreauthenticate Clear macauthentication reauthperiod Clear macauthentication significant-bits Set macauthentication significant-bits C3su-clear macauthentication significant-bits Configuring Multiple Authentication Methods About Multiple Authentication TypesAbout Multi-User Authentication Show multiauth Strict Set multiauth modeClear multiauth mode Multi Default precedence order is dot1x, pwa, mac Set multiauth precedenceClear multiauth precedence Set multiauth port Show multiauth port Clear multiauth port Show multiauth session Show multiauth station Agent dot1x mac Show multiauth idle-timeout Idle timeout value is provided by the authenticating server Set multiauth idle-timeoutAuthentication method for which to set the timeout value Which to set the timeout value Which to reset the timeout value to its default Clear multiauth idle-timeoutShow multiauth session-timeout Default Which to set the session timeout value Set multiauth session-timeout Configuring User + IP Phone Authentication Clear multiauth session-timeout Configuring Vlan Authorization RFC Set vlanauthorization Set vlanauthorization egressTagged Clear vlanauthorization Show vlanauthorizationBy default, administrative egress is set to untagged Show vlanauthorization Output Details Configuring Policy Maptable Response Operational Description When Policy Maptable Response is Both When Policy Maptable Response is Policy When Policy Maptable Response is TunnelShow policy maptable Policy Set policy maptableResponse Both Clear policy maptable To review, disable, enable, and configure MAC locking Configuring MAC Locking Show maclock Connected to MAC locked ports Show maclock stationsShow maclock Output Details Firstarrival Set maclock enable Set maclock enable port‐stringShow maclock stations Output Details Set maclock Set maclock disableThis example shows how to enable MAC locking on ge.2.3 This example shows how to disable MAC locking on ge.2.3 Clear maclock CreateSpecified MAC address and port Clear maclock static Set maclock static Set maclock firstarrival Set maclock agefirstarrival Clear maclock firstarrival Set maclock move This example enables first arrival aging on port ge.1.1This example disables first arrival aging on port ge.1.1 Clear maclock agefirstarrival Set maclock trap About PWA Configuring Port Web Authentication PWA Show pwa Output Details Show pwa Enable disable Enables or disables port web authentication This example shows how to enable port web authenticationSet pwa This example shows how to display the PWA login banner Show pwa bannerSet pwa banner Display hide This example shows how to hide the Enterasys Networks logoClear pwa banner Set pwa displaylogo Set pwa ipaddress Set pwa protocolChap pap Clear pwa guestname Use this command to clear the PWA guest user nameThis example shows how to clear the PWA guest user name Set pwa guestname Authradius Set pwa guestpasswordSet pwa gueststatus Authnone This example shows how to initialize ports ge.1.5‐7 Set pwa initializeSet pwa quietperiod Set pwa portcontrol Set pwa maxrequest Show pwa session Enables or disables PWA on specified portsThis example shows how to enable PWA on ports 1‐22 This example shows how to display PWA session information Enable disable Enables or disables PWA enhancedmode This example shows how to enable PWA enhancedmodeSet pwa enhancedmode Set ssh Configuring Secure Shell SSHThis example shows how to display SSH status on the switch Show ssh status This example shows how to disable SSH This example shows how to regenerate SSH keysSet ssh hostkey Configuring Access Lists Show access-listsShow access‐lists number Deny permit Access-list standard Access-list extended Insert replaceThis example moves entry 16 to the beginning of ACL Insert replace Ip access-group Interface configuration C3su‐routerConfig‐ifVlan vlanid#Filters inbound frames Example Page TACACS+ Configuration Show tacacs State Optional Displays only the TACACS+ client statusShow tacacs Output Details Set tacacs Use this command to enable or disable the TACACS+ clientEnable disable Enables or disables the Tacacs client This example shows how to enable the TACACS+ client Set tacacs server Timeout seconds Specifies one TACACS+ server to be affected Clear tacacs server This example removes TACACS+ server Show tacacs session Set tacacs session Super‐user ServiceClear tacacs session Read‐write Set tacacs command Show tacacs command Show tacacs singleconnect Set tacacs singleconnectConnection Set tacacs interface Show tacacs interface Clear tacacs interface Clear tacacs interface TACACS+ Configuration 27-14 SFlow Configuration Using sFlow in Your NetworkAdvantages of using sFlow include SFlow Definitions DefinitionsSFlow Agent Functionality Sampling Mechanisms Packet Flow Sampling Counter SamplingUsage Notes 28-5 Contents of the sFlow Receivers Table is displayed Show sflow receiversThis example displays the sFlow Receivers Table Show sflow receivers Output Descriptions Following table describes the output fields Set sflow receiver ip Set sflow receiver owner Maxdatagram bytes Default IP address isDefault maximum datagram size is 1400 bytes Set sflow receiver maxdatagram Maxdatagram Default port value isSet sflow receiver port Clear sflow receiver Set sflow port poller OwnerPort port Show sflow pollers This example removes the poller instance on port ge.1.1 Clear sflow port pollerSet sflow port sampler Interval Show sflow samplers Rate Clear sflow port samplerSet sflow interface Maxheadersize Show sflow interface Clear sflow interface Show sflow agent 28-18 Policy and Authentication Capacities Policy CapacitiesTable A-1 Policy Capacities Table A-2 Authentication Capacities Authentication Capacities Numerics Index Ospf 20-30Network Management Tftp Index