Manuals / Enterasys Networks / Computer Equipment / Switch

Enterasys Networks 9034313-07 manual Set dot1x auth-config

Models: 9034313-07

1 872

Download 872 pages 24.54 Kb

Page 765

set dot1x auth-config

set dot1x auth-config

Use this command to configure 802.1X authentication.

Syntax

set dot1x auth-config {[authcontrolled-portcontrol {auto forced-auth forced-unauth}] [maxreq value] [quietperiod value] [reauthenabled {false true}] [reauthperiod value] [servertimeout timeout] [supptimeout timeout] [txperiod value]} [port-string]

Parameters

	authcontrolled‐	Specifies the 802.1X port control mode.
	portcontrol	• auto – Set port control mode to auto controlled port control. This
	auto forced‐auth
	auto forced‐auth	is the default value.
	forced‐unauth	is the default value.
	forced‐unauth	• forced‐auth – Set port control mode to ForcedAuthorized
		• forced‐auth – Set port control mode to ForcedAuthorized
		controlled port control.
		• forced‐unauth – Set port control mode to ForcedUnauthorized
		controlled port control.

	maxreq value	Specifies the maximum number of authentication requests allowed
		by the backend authentication state machine. Valid values are 1 – 10.
		Default value is 2.

	quietperiod value	Specifies the time (in seconds) following a failed authentication
		before another attempt can be made by the authenticator PAE state
		machine. Valid values are 0 – 65535. Default value is 60 seconds.

	reauthenabled false	Enables (true) or disables (false) reauthentication control of the
	true	reauthentication timer state machine. Default value is false.

	reauthperiod value	Specifies the time lapse (in seconds) between attempts by the
		reauthentication timer state machine to reauthenticate a port. Valid
		values are 0 – 65535. Default value is 3600 seconds.

	servertimeout timeout	Specifies a timeout period (in seconds) for the authentication server,
		used by the backend authentication state machine. Valid values are 1
		– 300. Default value is 30 seconds.

	supptimeout timeout	Specifies a timeout period (in seconds) for the authentication
		supplicant used by the backend authentication state machine. Valid
		values are 1 – 300. Default value is 30 seconds.

	txperiod value	Specifies the period (in seconds) which passes between authenticator
		PAE state machine EAP transmissions. Valid values are 0 – 65535.
		Default value is 30 seconds.

	port‐string	(Optional) Limits the configuration of desired settings to specified
		port(s). For a detailed description of possible port‐string values, refer
		to “Port String Syntax Used in the CLI” on page 7‐1.

Defaults

If port‐string is not specified, authentication parameters will be set on all ports.

Mode

Switch command, read‐write.

SecureStack C3 Configuration Guide 26-19

Image 765

Enterasys Networks 9034313-07 manual Set dot1x auth-config

Contents

Enterasys SecureStack C3 Page Page Enterasys Networks, Inc. Firmware License Agreement Iii Page Contents Page Activating Licensed Features Discovery Protocol Configuration Configuring System Power and PoEPort Configuration Show port broadcast Set port broadcast Clear port broadcast Snmp Configuration Spanning Tree Configuration Configuring Spanning Tree Port Parameters Purpose Commands 802.1Q Vlan Configuration Port Priority Configuration Policy Classification ConfigurationLogging and Network Management Igmp Configuration14-3 Rmon Configuration Dhcp Server Configuration Preparing for Router Mode IP ConfigurationDhcp Snooping and Dynamic ARP Inspection IPv4 Routing Protocol Configuration 20-11 IPv6 Management IPv6 ConfigurationIPv6 Proxy Routing DHCPv6 ConfigurationOSPFv3 Configuration Authentication and Authorization Configuration 26-37 TACACS+ Configuration Appendix a Policy and Authentication Capacities SFlow ConfigurationIndex Tables10-4 22-26 Xxxii About This Guide Using This GuideStructure of This Guide Important NoticeStructure of This Guide Related Documents SecureStack C3 Installation GuidesConventions Used in This Guide Following conventions are used in the text of this documentFollowing icons are used in this guide Support@enterasys.com Getting HelpGetting Help Xxxviii About This Guide Switch Management Methods IntroductionSecureStack C3 CLI Overview Default Settings for Basic Switch Operation Factory Default SettingsFeature Default Setting Sntp Default Settings for Router OperationDvmrp Using the Command Line Interface Connecting Using the Console PortStarting a CLI Session Using a Default User Account Connecting Using TelnetUsing an Administratively Configured User Account LoggingCLI Command Defaults Descriptions Navigating the Command Line InterfaceCLI Command Modes Getting Help with CLI SyntaxDisplaying Scrolling Screens Abbreviating and Completing CommandsBasic Line Editing Commands Basic Line Editing CommandsAbout SecureStack C3 Switch Operation in a Stack Configuring Switches in a StackInstalling a New Stackable System of Up to Eight Units Installing Previously-Configured Systems in a Stack Creating a Virtual Switch ConfigurationAdding a New Unit to an Existing Stack SID Issues Related to Mixed Type Stacks Considerations About Using Clear Config in a StackFeature Support ConfigurationShow switch Stacking Configuration and Management CommandsCommands PurposeExamples Show switch switchtypeNone Show switch stack-portsSwitch command, read‐write Set switchExample Priority valueSet switch description Set switch copy-fwThis example shows how to assign priority 3 to switch This example shows how to renumber switch 5 to switchSet switch member Set switch movemanagementUse this command to remove a member entry from the stack Clear switch memberBasic Configuration Quick Start Setup CommandsRequired CLI Setup Commands Optional CLI Setup Commands Setting User Accounts and PasswordsShow system login Show system login Output DetailsParameters Clear system login Set system loginUse this command to remove a local login user account Super‐user read‐write read‐onlySet password This example shows how to remove the netops user accountSwitch command, read‐write Switch command, super‐user Set system password aging Set system password lengthSet system password history DisableShow system lockout Show system lockout Output Details Set system lockoutAttempts attempts Time timeSetting Basic Switch Properties Show ip address Use this command to clear the system IP address Set ip addressClear ip address This example shows how to clear the system IP address Show ip protocolSet ip protocol Show system This example shows how to display system informationShow system Output Details Show system hardwareSlot Hardware Information Show system utilizationDefault threshold value is 80% Set system utilizationThis example sets the CPU utilization threshold to 75% Show system enhancedbuffermode Clear system utilizationEnable disable Enables or disables enhanced buffer mode Set system temperatureThis example shows how to enable enhanced buffer mode Set system enhancedbuffermodeSyslog enable Clear system temperatureDisable Trap enable disableSet time Show timeThis example shows how to set the system clock to 750 a.m Use this command to display daylight savings time settingsShow summertime Set summertime date Set summertimeIf a zone name is not specified, none will be applied If an offset is not specified, none will be appliedSet summertime recurring This example shows how to set the command prompt to Switch Use this command to modify the command promptClear summertime Set promptSet banner motd Show banner motdShow version Clear banner motdUse this command to configure a name for the system ‐5 provides an explanation of the command outputSet system name Show version Output DetailsThis example shows how to set the system location string Use this command to identify the location of the systemSet system location Set system contactThis example shows how to set the terminal columns to This example shows how to set the system contact stringSet width Set lengthThis example shows how to display the CLI logout setting This example shows how to set the terminal length toShow logout Set logoutThis example shows how to display all console settings Use this command to display console settingsUse this command to set the console port baud rate Show consoleDownloading a Firmware Image This example shows how to set the console port baud rate toDownloading from a Tftp Server Downloading via the Serial PortType 2. The following baud rate selection screen displays Reverting to a Previous Image Reviewing and Selecting a Boot Firmware Image Show boot systemReboot the system using the reset command page 3‐50 Compatibility platform specific Set boot systemThis example shows how to display Telnet status Starting and Configuring TelnetUse this command to enable or disable Telnet on the switch Show telnetTelnet Enable disableInbound Outbound allConfiguration Persistence Mode Managing Switch Configuration and FilesSet snmp persistmode Show snmp persistmodeDir Save configAuto ManualShow file Use this command to display the contents of a fileShow config Configure AllOutfile Copy AppendSystemimage Show tftp settings This example shows how to download an image via TftpDelete Clear tftp timeout Set tftp timeoutThis example shows the output of this command This example sets the timeout period to 4 secondsSet tftp retry Clear tftp retryThis example sets the retry count to Clearing and Closing the CLI This example shows how to clear the CLI screenCls clear screen To clear the CLI screen or to close your CLI sessionReset Resetting the SwitchUse either of these commands to leave a CLI session This example shows how to exit a CLI sessionIf no unit ID is specified, the entire system will be reset Clear configThis example shows how to reset the system This example shows how to reset unitUsing and Configuring WebView Use this command to display WebView statusShow webview Show ssl Set webviewThis example shows how to display SSL status This example shows how to enable SSLSet ssl Gathering Technical Support Information CommandShow support To gather common technical support informationHostprotect is enabled by default Configuring HostprotectShow system hostprotect Set system hostprotectThis example disables hostprotect This feature is disabled by defaultDefault state is enabled Clear system hostprotectUsage Activating Licensed Features Licensing Procedure in a Stack EnvironmentLicense Key Field Descriptions Adding a New Member to a Licensed Stack Clearing, Showing, and Applying LicensesUsage Set licenseFeatureID feature The name of the feature being cleared Use this command to clear the license key settingsShow license Clear licenseC3rw-clear license featureId advrouter Clear license Activating Licensed Features Commands Configuring System Power and PoEShow inlinepower Use this command to display system power propertiesSet inlinepower threshold This example shows how to display system power propertiesShow inlinepower Output Details Set inlinepower trap Set inlinepower detectionmodeSending of traps is disabled by default Ieee Show port inlinepowerAdmin off auto Set port inlinepowerPriority critical High lowSet port inlinepower Configuring System Power and PoE Configuring CDP Discovery Protocol ConfigurationShow cdp Output Details Show cdpAuto disable EnableSet cdp state Use this command to set a global CDP authentication code Set cdp authSet cdp interval Clear cdp Set cdp hold-timeShow neighbors Show ciscodp Configuring Cisco Discovery Protocol‐3 provides an explanation of the command output ‐2 provides an explanation of the command outputShow ciscodp port info Show ciscodp Output DetailsThis example shows how to globally enable CiscoDP Set ciscodp timerSet ciscodp status Show ciscodp port info Output DetailsSet ciscodp port Set ciscodp holdtimeDot1p VvidUntagged TrustedClear ciscodp Configuring Link Layer Discovery Protocol and LLDP-MED To review and configure Llpd and LLPD‐MEDOverview Configuration Tasks Show lldp Use this command to display Lldp configuration informationShow lldp port trap Show lldp port statusShow lldp port tx-tlv Show lldp port location-infoShow lldp port tx‐tlv port‐string Show lldp port local-info 1000BASE-TFD Show lldp port local-info Output DetailsECS Elin Show lldp port remote-info Guest‐voice‐signaling Voice‐signalingShow lldp port network-policy VoiceSet lldp tx-interval Video‐signalingSoftphone‐voice Video‐conferencingSet lldp hold-multiplier Set lldp trap-intervalThis example sets the transmit interval to 20 seconds Set lldp med-fast-repeat Rx‐enable Tx‐enableSet lldp port status Set lldp port trapSet lldp port med-trap Set lldp port location-infoElin Set lldp port tx-tlv Mac‐phy GvrpPoe Link‐aggrSet lldp port network-policy State enable disableTag tagged untagged Vid vlan‐id dot1pTx‐interval Clear lldpHold‐multiplier Trap‐intervalClear lldp port trap Clear lldp port statusClear lldp port med-trap Clear lldp port location-infoCleared Tag Clear lldp port network-policyVid DscpClear lldp port tx-tlv Disables the LLDP‐MED Extended Power via MDI TLV from being Disables the LLDP‐MED Location Identification TLV from beingPort Configuration Summary Port ConfigurationPort String Syntax Used in the CLI Port type.unitorslot number.port numberPort Slot/Unit Parameters Used in the CLI Reviewing Port StatusShow port status Show portSwitch mib2 Show port countersShow port status Output Details Show port counters Output Details Clear port counters Show port cablestatusThis example clears the port counters for ge.3.1 Disabling / Enabling and Naming Ports This example shows the cable status for 1 GE port ge.1.31Show port cablestatus Output Details Set port enable Set port disableThis example shows how to disable ge.1.1 This example shows how to enable ge.1.3Use this command to assign an alias name to a port Show port aliasSet port alias This example shows how to clear the alias for ge.3.3 This example shows how to assign the alias Admin to ge.3.3Show port speed Setting Speed and Duplex ModeShow port duplex Set port speed10 100 MbpsThis example shows how to set ge.1.17 to full duplex Set port duplexFull half Show port jumbo Enabling / Disabling Jumbo Frame SupportEnables or disables jumbo frame support Set port jumboClear port jumbo Show port negotiation Setting Auto-Negotiation and Advertised AbilityEnable disable Set port negotiationShow port advertise Set port advertise Clear port advertise Set port mdix Show port mdixForced‐auto MdiConfigure ports to use MDI mode only Configure ports to use Mdix mode onlyOptional Specify the port or ports to configure Setting Flow Control Show flowcontrolSet flowcontrol This example shows how to enable flow control Show port trap Setting Port Link Traps and Link Flap DetectionFollowing example disables sending trap on ge.3.1 Set port trapShow linkflap Portstate GlobalstateParameters MetricsShow linkflap metrics Output Details Show linkflap parameters Output DetailsDisables or enables the link flap detection function Disable enableSet linkflap globalstate Set linkflap portstateSet linkflap action Set linkflap intervalUse this command to set the link flap action trigger count Clear linkflap actionSet linkflap threshold Clear linkflap down Set linkflap downtimeAll stats Clear linkflapParameter Threshold intervalShow port broadcast Configuring Broadcast SuppressionClear port broadcast Set port broadcastSyntax Used in the CLI on page 7‐1 Mirroring Features Port MirroringRemote Port Mirroring Configuring Smon MIB Port Mirroring ProceduresOverview Show port mirroring To review and configure port mirroring on the deviceCreate disable Can be configured per stack, if applicableSet port mirroring Use this command to clear a port mirroring relationship Clear port mirroringSet mirror vlan Clear mirror vlan Lacp Operation Link Aggregation Control Protocol LacpLacp Terminology ‐6 defines key terminology used in Lacp configurationSecureStack C3 Usage Considerations Lacp Terms and DefinitionsCommands Show lacp ‐7 provides an explanation of the command outputThis example shows how to disable Lacp Disable enable Disables or enables LacpSet lacp Show lacp Output DetailsSet lacp aadminkey Set lacp asyspriAsyspri Disable enable Disables or enables static link aggregation Clear lacpSet lacp static Clear lacp static This example enables the formation of single port LAGs Set lacp singleportlagClear lacp singleportlag Show port lacp Status detailSummary Counters Set port lacp AadminkeyLacptimeout AadminstatePadminkey PadminportClear port lacp C3su-clear port lacp port ge.3.16 Configuring Protected Ports Set port protectedProtected Port Operation Show port protected Clear port protectedRead‐only Show port protected name Set port protected nameClear port protected name Use this command to clear the name of a protected groupClear port protected name Port Configuration Snmp Configuration Summary Snmp ConfigurationSNMPv1 and SNMPv2c SNMPv3About Snmp Security Models and Levels Configuration Considerations Using Snmp Contexts to Access Specific MIBsReviewing Snmp Statistics Snmp Security LevelsThis example shows how to display Snmp engine properties Show snmp engineidShow snmp engineid Output Details Use this command to display Snmp traffic counter values This example shows how to display Snmp counter valuesShow snmp counters Show snmp counters Output Details Engine or otherwise unavailable Show snmp user Configuring Snmp Users, Groups, and Communities‐4 provides an explanation of the command output This example shows how to display an Snmp user listUse this command to create a new SNMPv3 user Set snmp userSha AesVolatile NonvolatileClear snmp user Show snmp groupRemote remote User user Set snmp groupSecurity‐model V2c usm VolatileClear snmp group Show snmp communityV2c usm Set snmp community Use this command to configure an Snmp community groupSecurityname Context contextUse this command to delete an Snmp community name Configuring Snmp Access RightsThis example shows how to delete the community name vip Clear snmp communityNoauthentication Show snmp accessAuthentication Privacy Context context Nonvolatile read‐ OnlyThis example shows how to display Snmp access information ‐6 provides an explanation of the command outputShow snmp access Output Details Set snmp access Configuring Snmp MIB Views Clear snmp accessShow snmp view Show snmp context Set snmp viewShow snmp view Output Details Clear snmp view Show snmp targetparams Configuring Snmp Target ParametersVolatile nonvolatile Read‐onlySet snmp targetparams ‐8 provides an explanation of the command outputShow snmp targetparams Output Details Message‐Clear snmp targetparams AuthenticationPrivacy Protected from disclosureConfiguring Snmp Target Addresses Use this command to display Snmp target address informationShow snmp targetaddr Set snmp targetaddr Timeout timeoutParam param Udpport udpportClear snmp targetaddr Use this command to delete an Snmp target address entryTaglist taglist Tag 1 tagAbout Snmp Notify Filters Configuring Snmp Notification ParametersBy default, this function is disabled globally and per port Show newaddrtrapSet newaddrtrap Show snmp notify Set snmp notify ‐10 provides an explanation of the command output10 show snmp notify Output Details Trap informUse this command to clear an Snmp notify configuration Clear snmp notifyShow snmp notifyfilter Subtree oid‐or‐ Set snmp notifyfilterClear snmp notifyfilter Show snmp notifyprofile Set snmp notifyprofileTargetparam Creating a Basic Snmp Trap Configuration This example shows how to delete Snmp notify profile area51Clear snmp notifyprofile Example 11 Basic Snmp Trap ConfigurationConfiguring the Snmp Management Interface How Snmp Will Use This ConfigurationShow snmp interface Loopback loop‐ID Set snmp interfaceClear snmp interface Clear snmp interface Snmp Configuration Spanning Tree Configuration Summary Spanning Tree ConfigurationLoop Protect Spanning Tree FeaturesConfiguring Spanning Tree Bridge Parameters For information about Show spantree stats Sid sidActive Show spantree Output Details ‐1 shows a detailed explanation of command outputDisable enable Globally disables or enables Spanning Tree Set spantreeShow spantree version Set spantree version This example shows how to reset the Spanning Tree version Clear spantree versionShow spantree bpdu-forwarding By default Bpdu forwarding is disabled Disable enable Disables or enables Bpdu forwardingThis example shows how to enable Bpdu forwarding Set spantree bpdu-forwardingClear spantree bridgeprioritymode Set spantree bridgeprioritymode8021d 8021tShow spantree mstilist Set spantree mstiCreate delete Clear spantree msti Show spantree mstmapFid fid Use this command to map a FID back to SID This example shows how to map FID 3 to SIDSet spantree mstmap Clear spantree mstmapThis example shows how to map FID 2 back to SID Show spantree vlanlistShow spantree mstcfgid Cfgname name Specifies an MST configuration name Set spantree mstcfgidClear spantree mstcfgid Use this command to set the device’s Spanning Tree priority Set spantree priorityClear spantree priority This example shows how to reset the bridge priority on SID Set spantree helloClear spantree hello Set spantree maxage Use this command to set the bridge maximum aging timeSet spantree fwddelay Use this command to set the Spanning Tree forward delayClear spantree maxage Show spantree backuproot Clear spantree fwddelayClear spantree backuproot Set spantree backuprootSet spantree tctrapsuppress Show spantree tctrapsuppressSet spantree protomigration Clear spantree tctrapsuppressEnable disable Enables or disables the SpanGuard function Show spantree spanguardSet spantree spanguard Clear spantree spanguard This example shows how to enable the SpanGuard functionSet spantree spanguardtimeout Show spantree spanguardtimeoutShow spantree spanguardlock Clear spantree spanguardtimeoutShow spantree spanguardtrapenable This example shows how to unlock port ge.1.16Clear / set spantree spanguardlock Set spantree spanguardtrapenable Clear spantree spanguardtrapenableIs enabled Set spantree legacypathcost Show spantree legacypathcostShow spantree autoedge Clear spantree legacypathcostSet spantree autoedge This example clears the legacy path cost to 802.1t valuesClear spantree autoedge Set spantree portadmin Configuring Spanning Tree Port ParametersDisable enable To display and set Spanning Tree port parametersClear spantree portadmin Show spantree portadminThis example shows how to disable Spanning Tree on ge.1.5 Use this command to set a port’s Spanning Tree priority Show spantree portpriSet spantree portpri Clear spantree portpri Set spantree adminpathcost Show spantree adminpathcostShow spantree adminedge Clear spantree adminpathcostClear spantree adminedge Set spantree adminedgeThis example shows how to set ge.1.11 as an edge port True falseShow spantree operedge This example shows how to reset ge.1.11 as a non‐edge portConfiguring Spanning Tree Loop Protect Parameters Set spantree lp This example shows how to enable Loop Protect on ge.2.3Show spantree lp If no SID is specified, SID 0 is assumedShow spantree lplock Clear spantree lpSID Locked Clear spantree lplockShow spantree lpcapablepartner Set spantree lpcapablepartnerUse this command to set the Loop Protect event threshold Clear spantree lpcapablepartnerSet spantree lpthreshold None. The default event threshold is Show spantree lpthresholdClear spantree lpthreshold Show spantree lpwindow Set spantree lpwindowSet spantree lptrapenable DisabledClear spantree lpwindow Clear spantree lptrapenable Show spantree lptrapenableSet spantree disputedbpduthreshold Clear spantree disputedbpduthreshold Show spantree disputedbpduthresholdShow spantree nonforwardingreason Vlan Configuration Summary 802.1Q Vlan ConfigurationCreating a Secure Management Vlan Command Set for Creating a Secure Management VlanShow vlan Viewing VLANsStatic PortinfoVlan Vlan ID Name Show vlan Output DetailsThis example shows how to create Vlan Create enable Creates, enables or disables VLANs. disableCreating and Naming Static VLANs Set vlanThis example shows how to set the name for Vlan 7 to green Set vlan nameClear vlan Clear vlan name This example shows how to clear the name for VlanShow port vlan Assigning Port Vlan IDs PVIDs and Ingress FilteringClear port vlan Set port vlanModify‐egress No‐modify‐egressShow port ingress filter Show port discard Set port ingress filterTagged untagged both none Set port discardShow port egress Configuring the Vlan Egress ListSet vlan forbidden Set vlan egress Use this command to remove ports from a VLAN’s egress listClear vlan egress Untagged forbidden taggedForbidden Show vlan dynamicegressEnable disable Enables or disables dynamic egress This example shows how to enable dynamic egress on VlanSet vlan dynamicegress Setting the Host Vlan Show host vlanSet host vlan Clear host vlan This example shows how to set Vlan 7 as the host VlanEnabling/Disabling Gvrp Garp Vlan Registration Protocol About Garp Vlan Registration Protocol GvrpHow It Works Example of Vlan Propagation via Gvrp Show garp timer Use this command to display Gvrp configuration informationShow gvrp Show gvrp configuration Output Details Disables or enables Gvrp on the deviceSet gvrp Set garp timer This example shows how to enable Gvrp on ge.1.3Clear gvrp Leaveall timer‐ Clear garp timerJoin LeaveC3su-clear garp timer leave ge.1.1 Policy Classification Configuration Summary Policy Classification ConfigurationUse this command to display policy profile information Configuring Policy ProfilesShow policy profile ‐verboseShow policy profile Output Details Set policy profile Use this command to delete a policy profile entry This example shows how to delete policy profileClear policy profile Configuring Classification Rules All admin‐ profile profile‐ indexShow policy rule Admin‐pid Not‐in‐service Not‐ready Storage‐type non‐Tcpsourceport UdpdestportShow policy rule Output Details Show policy capabilityVlan Admin‐profile Set policy ruleVlantag data Ipproto EtherIpdestsocket IpsourcesocketData value Mask bits Valid Values for Policy Classification RulesClear policy rule Following parameters apply to deleting an admin ruleRange from 1 to 4094 or 0xFFF All‐pid‐entriesClear policy all-rules Use this command to remove all policy classification rulesAssigning Ports to Policy Profiles Use this command to assign ports to a policy profileSet policy port To assign and unassign ports to policy profilesClear policy port Configuring Policy Class of Service CoS About Policy-Based CoS ConfigurationsProcedure 11-1 User-Defined CoS Configuration Configuring Policy Class of Service CoS About CoS-Based Flood Control ProcedureSet cos state Use this command to enable or disable Class of ServiceThis example shows how to enable Class of Service Show cos stateClear cos state Priority priority Set cos settingsTos‐value tos‐value Irl‐referenceShow cos settings Clear cos settingsPriority Tos‐valueSet cos port-config Should be displayed Show cos port-configEntry Clear cos port-configName PortsSet cos port-resource irl Group#.port‐type Set cos port-resource flood-ctrlUnicast MulticastGroup#.port‐type Show cos port-resourceUnit Clear cos port-resource irlRate TypeSet cos reference Clear cos port-resource flood-ctrlUnicast MulticastShow cos reference Specifies that an IRL reference is being configuredIRL reference number associated with this entry Rate‐limit irl‐indexClear cos reference Port‐typ e index Show cos unitKbps PpsShow cos port-type Clear cos all-entriesThis example shows flood control information for port type Port Priority Configuration Summary Port Priority ConfigurationShow port priority Configuring Port PriorityClear port priority Set port priorityShow port priority-queue Configuring Priority to Transmit Queue MappingSet port priority-queue Clear port priority-queue Show port txq Configuring Quality of Service QoSSet port txq Clear port txq By default, transmit queues are defined as followsClear port txq Port Priority Configuration Igmp Configuration Igmp OverviewAbout IP Multicast Group Management Configuring Igmp at Layer To configure Igmp snooping from the switch CLIAbout Multicasting Use this command to display Igmp snooping information Set igmpsnooping adminmodeThis example shows how to display Igmp snooping information Use this command to enable or disable Igmp on the systemEnable disable Enables or disables Igmp This example shows how to enable Igmp on the systemThis example shows how to enable Igmp on port ge.1.10 Set igmpsnooping interfacemodeSet igmpsnooping maxresponse Set igmpsnooping add-static Set igmpsnooping mcrtrexpiretimeModify If no ports are specified, all ports are added to the entrySet igmpsnooping remove-static Show igmpsnooping staticIf modify is not specified, a new entry is created Group group Show igmpsnooping mfdbThis example displays the static Igmp ports for Vlan Stats Optional Displays Mfdb statisticsUse this command to clear all Igmp snooping entries This example shows how to clear all Igmp snooping entriesClear igmpsnooping To configure Igmp on routing interfaces Configuring Igmp on Routing InterfacesGlobal configuration C3su‐routerConfig# Ip igmpThis example shows how to enable Igmp on the router Ip igmp enableInterface configuration C3su‐routerConfig‐ifVlan 1# Ip igmp versionShow ip igmp interface Any router modeIp igmp query-interval Show ip igmp groupsIp igmp startup-query-interval Ip igmp query-max-response-timeIp igmp last-member-query-interval Ip igmp startup-query-countIp igmp robustness Ip igmp last-member-query-countInterface configuration C3 su‐routerConfig‐ifVlan 1# Ip igmp robustness Igmp Configuration Logging and Network Management Configuring System LoggingShow logging server Set logging server Clear logging server Show logging defaultUse this command to set logging default values Set logging defaultShow logging application Clear logging defaultFacility SeverityShow logging application Output Details Set logging applicationIf level is not specified, none will be applied Level levelShow logging local Clear logging applicationClear logging local Set logging localThis example shows how to clear local logging Show logging bufferShow logging interface Set logging interface Clear logging interface History Monitoring Network Events and StatusDefault Use this command to set the size of the history bufferShow history Set historyPing Show usersThis example, the host at IP address is not responding Disconnect Show netstatConsole Following example shows the output of this command Following table describes the output of this commandShow netstat Output Details Managing Switch Network Addresses and Routes Use this command to display the switch’s ARP tableShow arp This example shows how to display the ARP table Set arpShow arp Output Details Traceroute Clear arpEach response Show macType other learned Self mgmtShow mac Output Details Show mac agetimeThis example shows how to set the MAC timeout period This example shows how to display the MAC timeout periodSet mac agetime Clear mac agetimeDefault MAC algorithm is mac‐crc16‐upperbits Set mac algorithmShow mac algorithm Set mac multicast Clear mac algorithmUse this command to remove a multicast MAC address Clear mac addressAppend clear Set mac unreserved-flood Show mac unreserved-floodThis example enables multicast flood protection Configuring Simple Network Time Protocol SntpUse this command to display Sntp client settings Show sntpShow sntp Output Details This example shows how to display Sntp client settingsClear sntp client Set sntp clientSet sntp server Clear sntp serverIf precedence is not specified, 1 will be applied Clear sntp poll-interval Set sntp poll-intervalThis example shows how to clear the Sntp poll interval Set sntp poll-retryClear sntp poll-retry Clear sntp poll-timeout Set sntp poll-timeoutUse this command to clear the Sntp poll timeout This example shows how to clear the Sntp poll timeoutSet timezone Set sntp interface Show sntp interfaceClear sntp interface C3rw-show sntp interface Vlan 100 C3rw-clear sntp interface Show nodealias config Configuring Node AliasesShow nodealias config Output Details Set nodealiasMaxentries maxentries Clear nodealias config Rmon Configuration Rmon Monitoring Group Functions and CommandsRmon Monitoring Group Functions Design Considerations Group What It Does What It Monitors CLI CommandsTo display, configure, and clear Rmon statistics Statistics Group CommandsUse this command to configure an Rmon statistics entry Show rmon statsSet rmon stats This example shows how to delete Rmon statistics entry To‐defaultsClear rmon stats If owner is not specified, monitor will be appliedShow rmon history History Group CommandsClear rmon history Set rmon historyBuckets buckets Interval intervalThis example shows how to delete Rmon history entry Alarm Group Commands Show rmon alarmThis example shows how to display Rmon alarm entry Show rmon alarm Output Details Set rmon alarm propertiesObject object Type absoluteSet rmon alarm status Enable Clear rmon alarmThis example shows how to enable Rmon alarm entry Use this command to delete an Rmon alarm entryUse this command to display Rmon event entry properties Event Group CommandsThis example shows how to display Rmon event entry Show rmon eventDescription Set rmon event propertiesType none log Trap bothThis example shows how to enable Rmon event entry Set rmon event statusClear rmon event This example shows how to clear Rmon event Show rmon channel Filter Group CommandsSet rmon channel Use this command to configure an Rmon channel entryAccept matched FailedShow rmon filter Clear rmon channelIndex index Channel channelSet rmon filter Use this command to clear an Rmon filter entry This example shows how to clear Rmon filter entryClear rmon filter Packet Capture Commands Show rmon captureNodata Action lock Set rmon captureSlice slice Loadsize loadsizeUse this command to clears an Rmon capture entry This example shows how to clear Rmon capture entryClear rmon capture Dhcp Overview Dhcp Server ConfigurationDhcp Relay Agent Dhcp ServerConfiguring a Dhcp Server Configuring General Dhcp Server Parameters Set dhcp bootp This example enables Dhcp server functionalitySet dhcp This example enables Dhcp conflict logging This example enables address allocation for Bootp clientsSet dhcp conflict logging Show dhcp conflictThis example disables Dhcp conflict logging Logging Disables conflict loggingClear dhcp conflict Clears the conflict information for all IP addresses100, with the set dhcp exclude command Set dhcp excludeClear dhcp exclude Set dhcp ping Clear dhcp pingThis example sets the number of ping packets sent to Clear dhcp binding Show dhcp bindingUse this command to clear all Dhcp server counters Use this command to display Dhcp server statisticsShow dhcp server statistics Clear dhcp server statisticsThis example clears all Dhcp server counters Manual Pool Configuration Considerations Configuring IP Address PoolsThis example creates an address pool named auto1 Set dhcp poolClear dhcp pool Use this command to delete a Dhcp server pool of addressesSet dhcp pool network This example deletes the address pool named auto1Set dhcp pool hardware-address Clear dhcp pool networkClear dhcp pool hardware-address Set dhcp pool hostIf no type is specified, Ethernet is assumed Set dhcp pool client-identifier Clear dhcp pool hostClear dhcp pool client-identifier Clear dhcp pool client-name Set dhcp pool client-nameClear dhcp pool bootfile Set dhcp pool bootfileClear dhcp pool next-server Set dhcp pool next-serverSet dhcp pool lease Clear dhcp pool leaseInfinite Clear dhcp pool default-router Set dhcp pool default-routerClear dhcp pool dns-server Set dhcp pool dns-serverClear dhcp pool domain-name Set dhcp pool domain-nameClear dhcp pool netbios-name-server Set dhcp pool netbios-name-serverSet dhcp pool netbios-node-type Clear dhcp pool netbios-node-type‐node Ascii string Set dhcp pool optionShow dhcp pool configuration Clear dhcp pool optionThis example removes option 19 from address pool auto1 Show dhcp pool configuration Dhcp Snooping Dynamic ARP Inspection Dhcp Snooping OverviewDhcp Message Processing Building and Maintaining the Database Configuration Notes Basic ConfigurationProcedure 17-1 Basic Configuration for Dhcp Snooping Rate LimitingDhcp Snooping Commands Disabled globallySet dhcpsnooping Set dhcpsnooping vlan Set dhcpsnooping database write-delaySet dhcpsnooping trust By default, ports are untrustedThis example configures port ge.1.1 as a trusted port Set dhcpsnooping bindingSet dhcpsnooping verify Source MAC address verification is enabled by default Set dhcpsnooping log-invalidAgainst the client hardware address None Set dhcpsnooping limitRate pps Burst interval secsThis example configures rate limit parameters on port ge.1.1 Show dhcpsnooping port Show dhcpsnooping databaseShow dhcpsnooping binding Dynamic staticEntry, either dynamic or static Show dhcpsnooping statistics Clear dhcpsnooping binding Clear dhcpsnooping statisticsClear dhcpsnooping database Default value of 300 seconds Write‐delayClear dhcpsnooping limit Dynamic ARP Inspection OverviewFunctional Description Static MappingsOptional ARP Packet Validation Packet Forwarding Logging Invalid PacketsRate Limiting Eligible InterfacesStep Task Commands Procedure 17-2 Basic Dynamic ARP Inspection ConfigurationExample Configuration Router ConfigurationVlan Configuration Set arpinspection vlan Dynamic ARP Inspection CommandsDhcp Snooping Configuration Dynamic ARP Inspection ConfigurationLogging is disabled by default Set arpinspection trustBy default, all physical ports and LAGs are untrusted LoggingSet arpinspection validate Src‐macDst‐mac Set arpinspection limit Show arpinspection access-list Set arpinspection filterPermit Mac hostThis example displays the ARP configuration of lag.0.1 Show arpinspection portsShow arpinspection statistics Show arpinspection vlanClear arpinspection validate With an invalid addressThis example removes all 3 additional validation conditions Clear arpinspection vlan Clear arpinspection filter This example removes the ARP ACL named staticARP from Vlan Clear arpinspection limitThis example clears all DAI statistics from the switch Clear arpinspection statisticsPage Pre-Routing Configuration Tasks Preparing for Router ModeEnabling Router Configuration Modes Enabling the Switch for RoutingRouter CLI Configuration Modes Router CLI Configuration Modes Page Configuring Routing Interface Settings IP ConfigurationVlan vlan ‐id Show interfaceRouter global configuration mode C3su‐routerConfig# Use this command to configure interfaces for IP routingInterface Vlan vlan‐ idShow ip interface This example shows how to enter configuration mode for VlanIp address Router interface configuration C3su‐routerConfig‐ifVlan 1#Show ip interface Output Details SecondaryNo shutdown Show running-configNo ip routing This example shows how to enable Vlan 1 for IP routingConfiguring Tunnel Interfaces Use this command to configure a tunnel interfaceInterface tunnel This example creates a configured tunnel interface Router interface configuration C3su‐routerConfig‐ifTnnl 1#Tunnel source This command specifies the mode of the tunnel interface Tunnel modeIpv6ip Specifies that the tunnel mode is IPv6 over IPv4 No form of this command removes the mode of the tunnelShow interface tunnel This example sets the tunnel mode to IPv6 over IPv4Show ip arp Reviewing and Configuring the ARP TableThis example shows how to use the show ip arp command ArpShow ip arp Output Details Ip proxy-arp This example shows how to enable proxy ARP on VlanClear arp-cache Arp timeout14,400 seconds Privileged Exec C3su‐router#Configuring Broadcast Settings Interface configuration C3su‐Router1Config‐ifVlan 1#Ip directed-broadcast Udp Ip forward-protocolSpecifies UDP as the IP forwarding protocol Are forwardedIp helper-address Show ip route Reviewing IP Traffic and Configuring RoutesOSPF, IA Ip route PingPreference in route selection This command is also available in switch mode There is also a traceroute command available in switch modeTraceroute Ip icmp redirect enable Configuring Icmp RedirectsInterface Show ip icmp redirectActivating Advanced Routing Features IPv4 Routing Protocol ConfigurationRIP Configuration Task List and Commands Configuring RIPRIP Configuration Task List and Commands Router ripIp rip enable This example shows how to enable RIPDistance R1compatible Ip rip send versionSpecifies RIP version 1. This is the default setting Ip rip authentication-keyIp rip receive version Specifies RIP versionMd5 Ip rip message-digest-keyRouter configuration C3su‐routerConfig‐router# Use this command to disable automatic route summarizationNo auto-summary Split-horizon poisonPassive-interface Redistribute Receive-interfaceConnected OspfProtocol Command detailed in ip route on page 19‐21Subnets Subnetted will be redistributedOspf Configuration Task List and Commands Configuring OspfOspf Configuration Task List and Commands Advanced License RequiredRoutes Router idThis example shows how to enable routing for Ospf process Router ospf1583compatibility Ip ospf enable This example shows how to enable RFC 1583 compatibilityIp ospf areaid Ip ospf priority Ip ospf costTimers spf Ip ospf retransmit-interval Ip ospf transmit-delayIp ospf hello-interval Ip ospf dead-interval65535 Ip ospf authentication-key Distance ospf Ip ospf message digest key md5External inter‐ Area rangeArea intra‐area Intra‐area routesArea stub If not specified, advertise mode will be setAdvertise no‐ AdvertiseArea nssa Area default costThis example shows how to configure area 10 as an Nssa area Default‐Area virtual-link Information‐Transmit‐delay Authentication‐Key key Dead‐intervalShow ip ospf RipMetric‐type type This example shows how to display Ospf information Use this command to display the Ospf link state databaseShow ip ospf database Show ip ospf database Output Details Show ip ospf interfaceShow ip ospf interface Output Details Show ip ospf neighbor Output Details Show ip ospf neighborShow ip ospf virtual-links Clear ip ospf processShow ip ospf virtual links Output Details This example shows how to reset Ospf process Enabling Dvmrp on an Interface Configuring DvmrpCommands to Enable Dvmrp on an Interface Ip dvmrp enableThis example shows how to enable the Dvmrp process Ip dvmrpUse this command to display Dvmrp routing information Ip dvmrp metricShow ip dvmrp This example shows how to display Dvmrp status information Ip irdp enable Configuring IrdpIp irdp minadvertinterval Ip irdp maxadvertintervalIp irdp holdtime Ip irdp preference9000 Use this command to display Irdp information Ip irdp broadcastShow ip irdp Configuration Tasks on page 18‐1 Router vrrp Configuring VrrpCreate This example shows how enable Vrrp configuration modeAddress Advertise-interval PriorityPreempt Described in Pre‐Routing Configuration Tasks on page 18‐1Enable Use this command to display Vrrp routing information Ip vrrp authentication-keyThis example shows how to display Vrrp information Show ip vrrpDesign Considerations Configuring PIM-SMThis example shows how to globally enable and disable PIM Global router configuration C3su‐routerConfig#Ip pimsm Ip pimsm staticrpIp pimsm enable This example shows how to display PIM information Ip pimsm query-intervalShow ip pimsm This example shows how to display PIM router information Show ip pimsm componenttableShow ip pimsm Output Details Show ip pimsm interface This example shows how to display PIM interface informationShow ip pimsm componenettable Output Details StatsShow ip pimsm neighbor This example shows how to display PIM interface statisticsShow ip pimsm interface vlan Output Details 10 show ip pimsm interface stats Output DetailsShow ip pimsm rp ‐11 provides an explanation of the command output11 show ip pimsm neighbor Output Details Candidate‐12 provides an explanation of the command output Show ip pimsm rphash12 show ip pimsm rp Output Details ‐13 provides an explanation of the command output Show ip pimsm staticrpDisplay the PIM‐SM static Rendezvous Point information Use this command to display the IP multicast routing table Show ip mroute13 show ip pimsm staticrp Output Details 20-60 IPv4 Routing Protocol Configuration Show ipv6 status IPv6 ManagementBy default, IPv6 management is disabled This example shows how to enable IPv6 managementSet ipv6 No global unicast IPv6 address is defined by default Set ipv6 addressEui64 Use this command to clear IPv6 global addresses Show ipv6 addressClear ipv6 address Set ipv6 gateway Use this command to clear an IPv6 gateway address Clear ipv6 gatewayShow ipv6 neighbors This example shows example output of this command Use this command to display IPv6 netstat informationShow ipv6 netstat This command is also available in router mode Ping ipv6Size num Traceroute ipv6 Traceroute ipv6 21-10 IPv6 Management IPv6 Configuration OverviewIPv6 Routing License Required Following table lists the default IPv6 conditions Default ConditionsGeneral Configuration Commands Ipv6 forwardingIpv6 hop-limit This command configures static IPv6 routes Default maximum number of IPv6 hops isIpv6 route This example sets the hop limit toIpv6 route distance Default preference or administrative distance isIpv6 unicast-routing This command sets the default distance value toLink‐local‐address Ping ipv6 interfaceRouter privileged exec C3 su‐router# 20010db8123455551 Interface Configuration Commands Ipv6 addressNo IPv6 addresses are defined for any interface IPv6 is disabled Ipv6 enableBytes Ipv6 mtuThis example sets the MTU value to 1500 bytes Neighbor Cache and Neighbor Discovery Commands Clear ipv6 neighborsThis example clears all dynamically learned cache entries Duplicate address detection enabled, for 1 attempt Ipv6 nd dad attemptsIpv6 nd ns-interval Router interface configurationC3su‐routerConfig‐ifVlan 1# By default, a value of 0 is advertised in RA messagesIpv6 nd reachable-time This example sets the NS interval to 2 secondsFlag is set to false by default Ipv6 nd other-config-flagRouter interface configuration C3su‐routerConfig‐if Vlan 1# This example sets the reachable time to 60 secondsIpv6 nd ra-lifetime Ipv6 nd ra-intervalThis example disables router advertisement transmission Suppression disabledIpv6 nd suppress-ra Ipv6 nd prefixNo‐autoconfig Router interface configurationC3su‐routerConfig‐if Vlan 1#Off‐link Example Show ipv6 Query CommandsShow ipv6 interface Router privileged execution C3su‐router#This example displays information about IPv6 interface Vlan This example displays the neighbors in the cache This command displays IPv6 Neighbor Cache informationShow ipv6 route This command displays the IPv6 routing tableShow ipv6 neighbor Output Details Interface interfaceShow ipv6 route Output Details This example displays all active IPv6 routesShow ipv6 route preferences Output Details Show ipv6 route preferencesThis command displays the summary of the routing table Show ipv6 route summaryNon‐best routes Following example displays the output of this command Show ipv6 trafficShow ipv6 summary Output Details Show ipv6 traffic Output Details Options, etc Counter would include datagrams counted Send. Note that this counter includes all those counted by Clear ipv6 statistics Router privileged executionC3su‐router#This example clears the statistics for Vlan IPv6 Proxy Routing Limitations Preparing a Mixed Stack for IPv6 Proxy RoutingRouter global configuration C2su‐routerConfig# IPv6 proxy routing is disabled by defaultThis example enables IPv6 proxy routing Ipv6 proxy-routingAny routing mode DHCPv6 Configuration Ipv6 dhcp enable Global Configuration CommandsFollowing table lists the default DHCPv6 conditions This command enables DHCPv6 on the routerBy default, DHCPv6 is disabled This example enables DHCPv6Ipv6 dhcp relay-agent-info-opt Ipv6 dhcp pool Ipv6 dhcp relay-agent-info-remote-id-suboptIpv6 dhcp pool Domain-name Address Pool Configuration CommandsPrefix-delegation Dns-serverValid‐lifetime secs Preferred‐lifetimeSecs infinite C3su-routerConfig-dhcp6s-pool# exit C3su-routerConfig# Ipv6 dhcp server By default, DHCPv6 functionality is disabledRapid‐commit Preference prefDestination dest‐addr Ipv6 dhcp relayInterface intf Remote‐id duid‐ifidExamples Show ipv6 dhcp DHCPv6 Show CommandsStatistics Show ipv6 dhcp interfaceThis example displays the DHCPv6 statistics for Vlan Output of show ipv6 dhcp interface CommandThis example displays the output of this command Output of show ipv6 dhcp statistics CommandShow ipv6 dhcp statistics This example clears DHCPv6 statistics for Vlan Clear ipv6 dhcp statisticsThis command displays information about DHCPv6 bindings Show ipv6 dhcp poolShow ipv6 dhcp binding If no IPv6 address is specified, all bindings are displayed Show ipv6 dhcp binding DHCPv6 Configuration OSPFv3 Configuration Following table lists the default OSPFv3 conditions Global OSPFv3 Configuration Commands Use this command to configure the OSPFv3 router IDIpv6 router id Ipv6 router ospf Default-information originateAlways Metric valueRouter OSPFv3 configuration C3su‐routerConfig‐router# Default-metricNo default metric is configured Router OSPFv3 configuration C3su-routerConfig-router#Intra Exit-overflow-intervalInter Type1Default value is ‐1 This command configures the external Lsdb limit for OSPFv3External-lsdb-limit This example sets the exit overflow interval to 10 secondsMaximum-paths Connected staticTag tag Metric = unspecified Metric type = Type Tag = Area Configuration Commands Area default-costThese commands are used to configure area parameters This example shows how to configure area 20 as an Nssa This example sets the default route cost to 50 for areaDefault metric value is Area nssa default-info-originateArea nssa no-redistribute ComparableArea nssa no-summary By default, the translator role is disabled This command configures the translator role of the routerArea nssa translator role Area nssa translator-stab-intvArea address ranges are not configured by default Default interval is 40 secondsSummarylink NssaexternallinkThis command creates a stub area for the specified area ID Example disables the import of summary LSAs into stub area Area stub no-summaryThis example creates a stub area with the ID Area virtual-link dead-interval Default dead interval is 40 secondsDefault hello interval is 10 seconds Area virtual-link hello-intervalArea virtual-link retransmit-interval Area virtual-link transmit-delay Default retransmit interval is 5 secondsDefault transmit delay is 1 second OSPFv3 is disabled by default Ipv6 ospf enableIpv6 ospf cost Ipv6 ospf areaidIpv6 ospf dead-interval Default dead interval value is 40 secondsIpv6 ospf mtu-ignore Ipv6 ospf hello-intervalBy default, MTU mismatch detection is enabled Default network type is broadcastIpv6 ospf network Default priority value is Ipv6 ospf priorityIpv6 ospf retransmit-interval Ipv6 ospf transmit-delay Default value is 4 secondsDefault value is 1 second Ipv6 ospf transmit-delay This command displays OSPFv3 router information OSPFv3 Show CommandsThis example shows how to display OSPFv3 router information Show ipv6 ospfShow ipv6 ospf Output Details Show ipv6 ospf area Output Details Show ipv6 ospf areaShow ipv6 ospf abr Output Details Show ipv6 ospf abrShow ipv6 ospf asbr Output Details Show ipv6 ospf asbrShow ipv6 ospf database Adv Router Link Id Age Sequence Csum Options Rtr Opt Show ipv6 ospf database Output Details Show ipv6 ospf database database-summary Output Details This command displays information about OSPFv3 interfaces Show ipv6 ospf interfaceLoopback loopid Show ipv6 ospf interface Command Output Details Show ipv6 ospf interface stats This example shows how to display statistics for VlanShow ipv6 ospf interface stats Output Details Show ipv6 ospf neighbor This command displays information about OSPFv3 neighborsSpecify the Vlan interface to display information about Specify the tunnel interface to displayShow ipv6 ospf neighbor Output Details Show ipv6 ospf range 10 show ipv6 ospf neighbor routerid Output DetailsThis example displays range information for area 11 show ipv6 ospf range Output Details Show ipv6 ospf stub tableThis example displays the OSPFv3 stub table information 12 show ipv6 ospf stub table Output Details13 show ipv6 ospf virtual-link Output Details Show ipv6 ospf virtual-linkShow ipv6 ospf virtual-link Show ipv6 ospf virtual-link OSPFv3 Configuration Overview of Authentication and Authorization Methods Authentication and Authorization ConfigurationOverview of Authentication and Authorization Methods Filter-ID Attribute Formats Show authentication login Setting the Authentication Login MethodSet authentication login Use this command to set the authentication login methodAny Clear authentication loginLocal RadiusTimeout Configuring RadiusShow radius RetriesSet radius Optional Displays Radius server configuration informationServer Servers or a specific Radius server as defined by an indexTimeout timeout Realm management‐ access any network‐accessServer index Realm Clear radiusShow radius accounting Set radius accountingRetries retries Timeout This example shows how to set Radius accounting retries toClear radius accounting RetriesSet radius interface Show radius interfaceClear radius interface Example Show dot1x Configuring 802.1X AuthenticationAuth‐diag Auth‐statsThis example shows how to display 802.1X status Show dot1x auth-config Set dot1x Init reauthTrue false Set dot1x auth-config Portcontrol Maxreq Clear dot1x auth-configShow eapol Show eapol Output Details Connecting state, via disconnectedClear eapol Set eapolAuth‐mode Forced‐authOptional Globally clears the Eapol authentication mode Show macauthentication Configuring MAC AuthenticationNopassword Show macauthentication Output DetailsShow macauthentication session This example shows how to display MAC session informationShow macauthentication session Output Details Set macauthentication Set macauthentication passwordUse this command to set a MAC authentication password Set macauthentication port Clear macauthentication passwordUse this command to clear the MAC authentication password Enables or disables MAC authenticationSet macauthentication portquietperiod Set macauthentication portinitializeClear macauthentication portquietperiod Set macauthentication macinitializeThis example resets the default quiet period on port Set macauthentication reauthentication Set macauthentication portreauthenticateEnables or disables MAC reauthentication Set macauthentication reauthperiod Set macauthentication macreauthenticateClear macauthentication reauthperiod Clear macauthentication significant-bits Set macauthentication significant-bitsC3su-clear macauthentication significant-bits Configuring Multiple Authentication Methods About Multiple Authentication TypesAbout Multi-User Authentication Show multiauth Clear multiauth mode Set multiauth modeMulti StrictDefault precedence order is dot1x, pwa, mac Set multiauth precedenceClear multiauth precedence Set multiauth port Show multiauth portClear multiauth port Show multiauth session Show multiauth stationAgent dot1x mac Show multiauth idle-timeoutAuthentication method for which to set the timeout value Set multiauth idle-timeoutWhich to set the timeout value Idle timeout value is provided by the authenticating serverShow multiauth session-timeout Clear multiauth idle-timeoutDefault Which to reset the timeout value to its defaultWhich to set the session timeout value Set multiauth session-timeoutConfiguring User + IP Phone Authentication Clear multiauth session-timeoutConfiguring Vlan Authorization RFC Set vlanauthorization Set vlanauthorization egressTagged Clear vlanauthorization Show vlanauthorizationBy default, administrative egress is set to untagged Show vlanauthorization Output Details Configuring Policy Maptable ResponseOperational Description When Policy Maptable Response is BothWhen Policy Maptable Response is Policy When Policy Maptable Response is TunnelShow policy maptable Response Set policy maptableBoth PolicyClear policy maptable To review, disable, enable, and configure MAC locking Configuring MAC LockingShow maclock Show maclock Output Details Show maclock stationsFirstarrival Connected to MAC locked portsSet maclock enable Set maclock enable port‐stringShow maclock stations Output Details This example shows how to enable MAC locking on ge.2.3 Set maclock disableThis example shows how to disable MAC locking on ge.2.3 Set maclockClear maclock CreateSpecified MAC address and port Clear maclock static Set maclock staticSet maclock firstarrival Set maclock agefirstarrival Clear maclock firstarrivalThis example disables first arrival aging on port ge.1.1 This example enables first arrival aging on port ge.1.1Clear maclock agefirstarrival Set maclock moveSet maclock trap About PWA Configuring Port Web Authentication PWAShow pwa Output Details Show pwaEnable disable Enables or disables port web authentication This example shows how to enable port web authenticationSet pwa This example shows how to display the PWA login banner Show pwa bannerSet pwa banner Clear pwa banner This example shows how to hide the Enterasys Networks logoSet pwa displaylogo Display hideSet pwa ipaddress Set pwa protocolChap pap This example shows how to clear the PWA guest user name Use this command to clear the PWA guest user nameSet pwa guestname Clear pwa guestnameSet pwa gueststatus Set pwa guestpasswordAuthnone AuthradiusThis example shows how to initialize ports ge.1.5‐7 Set pwa initializeSet pwa quietperiod Set pwa portcontrol Set pwa maxrequestThis example shows how to enable PWA on ports 1‐22 Enables or disables PWA on specified portsThis example shows how to display PWA session information Show pwa sessionEnable disable Enables or disables PWA enhancedmode This example shows how to enable PWA enhancedmodeSet pwa enhancedmode This example shows how to display SSH status on the switch Configuring Secure Shell SSHShow ssh status Set sshThis example shows how to disable SSH This example shows how to regenerate SSH keysSet ssh hostkey Configuring Access Lists Show access-listsShow access‐lists number Deny permit Access-list standardAccess-list extended Insert replaceThis example moves entry 16 to the beginning of ACL Insert replace Ip access-group Interface configuration C3su‐routerConfig‐ifVlan vlanid#Filters inbound frames Example Page TACACS+ Configuration Show tacacs State Optional Displays only the TACACS+ client statusShow tacacs Output Details Enable disable Enables or disables the Tacacs client Use this command to enable or disable the TACACS+ clientThis example shows how to enable the TACACS+ client Set tacacsSet tacacs server Timeout secondsSpecifies one TACACS+ server to be affected Clear tacacs serverThis example removes TACACS+ server Show tacacs sessionSet tacacs session Clear tacacs session ServiceRead‐write Super‐userSet tacacs command Show tacacs commandShow tacacs singleconnect Set tacacs singleconnectConnection Set tacacs interface Show tacacs interfaceClear tacacs interface Clear tacacs interface TACACS+ Configuration 27-14 SFlow Configuration Using sFlow in Your NetworkAdvantages of using sFlow include SFlow Agent Functionality DefinitionsSampling Mechanisms SFlow DefinitionsPacket Flow Sampling Counter SamplingUsage Notes 28-5 Contents of the sFlow Receivers Table is displayed Show sflow receiversThis example displays the sFlow Receivers Table Show sflow receivers Output Descriptions Following table describes the output fieldsSet sflow receiver ip Set sflow receiver ownerDefault maximum datagram size is 1400 bytes Default IP address isSet sflow receiver maxdatagram Maxdatagram bytesSet sflow receiver port Default port value isClear sflow receiver MaxdatagramSet sflow port poller OwnerPort port Show sflow pollers Set sflow port sampler Clear sflow port pollerInterval This example removes the poller instance on port ge.1.1Show sflow samplers Set sflow interface Clear sflow port samplerMaxheadersize RateShow sflow interface Clear sflow interface Show sflow agent 28-18 Policy and Authentication Capacities Policy CapacitiesTable A-1 Policy Capacities Table A-2 Authentication Capacities Authentication CapacitiesNumerics IndexOspf 20-30Network Management Tftp Index