Access-list standard, Deny permit | Enterasys Networks 9034313-07

access-list (standard)

C3(su)->router#show access-lists 145

Extended IP access list 145

1:permit icmp host 88.255.255.254 any

2:permit icmp any host 11.11.16.16

3:deny icmp any any

4:permit tcp host 88.255.255.254 any eq 22

5:permit udp 88.255.128.0 0.0.127.255 eq 161 any

6:permit tcp any host 230.10.230.10 eq 1234

7:deny tcp any any eq 23

8:permit ip 88.255.128.0 0.0.127.255 any

9:deny ip any 224.0.0.0 31.0.0.0

access-list (standard)

Use this command to define a standard IP access list by number when operating in router mode. The no form of this command removes the defined access list or entry.

Syntax

To create an ACL entry:

access-listaccess-list-number {deny permit} source [source-wildcard]no access-listaccess-list-number [entryno [entryno]]

To insert or replace an ACL entry:

access-list access-list-numberinsert replace entryno {deny permit} source [source-wildcard]

To move entries within an ACL:

access-listaccess-list-number move destination source1 [source2]

Parameters

access‐list‐number [entryno [entryno]]

Specifies a standard access list number. Valid values are from 1 to 99.

When using the no access‐list command, you can delete a whole access‐list, or only specific entries in the list with the optional entryno parameter. Specify a range of entries by entering the start and end entry numbers.

deny permit	Denies or permits access if specified conditions are met.
source	Specifies the network or host from which the packet will be sent. Valid
	options for expressing source are:
	• IP address or range of addresses (A.B.C.D)
	• any ‐ Any source host
	• host source ‐ IP address of a single source host

source‐wildcard	(Optional) Specifies the bits to ignore in the source address.

SecureStack C3 Configuration Guide 26-83

Page 829

Image 829

Enterasys Networks 9034313-07 manual Access-list standard, Deny permit

Contents

Enterasys SecureStack C3 Page Page Enterasys Networks, Inc. Firmware License Agreement Iii Page Contents Page Activating Licensed Features Discovery Protocol Configuration Configuring System Power and PoE Port Configuration Show port broadcast Set port broadcast Clear port broadcast Snmp Configuration Spanning Tree Configuration Configuring Spanning Tree Port Parameters Purpose Commands 802.1Q Vlan Configuration Port Priority Configuration Policy Classification Configuration Logging and Network Management Igmp Configuration 14-3 Rmon Configuration Dhcp Server Configuration IP Configuration Preparing for Router ModeDhcp Snooping and Dynamic ARP Inspection IPv4 Routing Protocol Configuration 20-11 IPv6 Management IPv6 Configuration IPv6 Proxy Routing DHCPv6 Configuration OSPFv3 Configuration Authentication and Authorization Configuration 26-37 TACACS+ Configuration Appendix a Policy and Authentication Capacities SFlow ConfigurationIndex Tables 10-4 22-26 Xxxii About This Guide Using This GuideStructure of This Guide Important Notice Structure of This Guide Related Documents SecureStack C3 Installation Guides Following conventions are used in the text of this document Conventions Used in This GuideFollowing icons are used in this guide Support@enterasys.com Getting Help Getting Help Xxxviii About This Guide Introduction Switch Management MethodsSecureStack C3 CLI Overview Default Settings for Basic Switch Operation Factory Default Settings Feature Default Setting Sntp Default Settings for Router Operation Dvmrp Connecting Using the Console Port Using the Command Line InterfaceStarting a CLI Session Using a Default User Account Connecting Using TelnetUsing an Administratively Configured User Account Logging CLI Command Defaults Descriptions Navigating the Command Line InterfaceCLI Command Modes Getting Help with CLI Syntax Displaying Scrolling Screens Abbreviating and Completing Commands Basic Line Editing Commands Basic Line Editing Commands About SecureStack C3 Switch Operation in a Stack Configuring Switches in a Stack Installing a New Stackable System of Up to Eight Units Creating a Virtual Switch Configuration Installing Previously-Configured Systems in a StackAdding a New Unit to an Existing Stack SID Issues Related to Mixed Type Stacks Considerations About Using Clear Config in a StackFeature Support Configuration Show switch Stacking Configuration and Management CommandsCommands Purpose Examples Show switch switchtype None Show switch stack-ports Switch command, read‐write Set switchExample Priority value Set switch description Set switch copy-fwThis example shows how to assign priority 3 to switch This example shows how to renumber switch 5 to switch Set switch member Set switch movemanagement Use this command to remove a member entry from the stack Clear switch member Quick Start Setup Commands Basic ConfigurationRequired CLI Setup Commands Optional CLI Setup Commands Setting User Accounts and Passwords Show system login Output Details Show system loginParameters Clear system login Set system loginUse this command to remove a local login user account Super‐user read‐write read‐only This example shows how to remove the netops user account Set passwordSwitch command, read‐write Switch command, super‐user Set system password aging Set system password length Disable Set system password historyShow system lockout Show system lockout Output Details Set system lockoutAttempts attempts Time time Setting Basic Switch Properties Show ip address Set ip address Use this command to clear the system IP addressClear ip address Show ip protocol This example shows how to clear the system IP addressSet ip protocol Show system This example shows how to display system information Show system Output Details Show system hardware Slot Hardware Information Show system utilization Set system utilization Default threshold value is 80%This example sets the CPU utilization threshold to 75% Show system enhancedbuffermode Clear system utilization Enable disable Enables or disables enhanced buffer mode Set system temperatureThis example shows how to enable enhanced buffer mode Set system enhancedbuffermode Syslog enable Clear system temperatureDisable Trap enable disable Set time Show time Use this command to display daylight savings time settings This example shows how to set the system clock to 750 a.mShow summertime Set summertime date Set summertimeIf a zone name is not specified, none will be applied If an offset is not specified, none will be applied Set summertime recurring This example shows how to set the command prompt to Switch Use this command to modify the command promptClear summertime Set prompt Set banner motd Show banner motd Show version Clear banner motd Use this command to configure a name for the system ‐5 provides an explanation of the command outputSet system name Show version Output Details This example shows how to set the system location string Use this command to identify the location of the systemSet system location Set system contact This example shows how to set the terminal columns to This example shows how to set the system contact stringSet width Set length This example shows how to display the CLI logout setting This example shows how to set the terminal length toShow logout Set logout This example shows how to display all console settings Use this command to display console settingsUse this command to set the console port baud rate Show console Downloading a Firmware Image This example shows how to set the console port baud rate toDownloading from a Tftp Server Downloading via the Serial Port Type 2. The following baud rate selection screen displays Reverting to a Previous Image Show boot system Reviewing and Selecting a Boot Firmware ImageReboot the system using the reset command page 3‐50 Compatibility platform specific Set boot system This example shows how to display Telnet status Starting and Configuring TelnetUse this command to enable or disable Telnet on the switch Show telnet Telnet Enable disableInbound Outbound all Configuration Persistence Mode Managing Switch Configuration and Files Set snmp persistmode Show snmp persistmode Dir Save configAuto Manual Show file Use this command to display the contents of a file Show config All ConfigureOutfile Append CopySystemimage This example shows how to download an image via Tftp Show tftp settingsDelete Clear tftp timeout Set tftp timeoutThis example shows the output of this command This example sets the timeout period to 4 seconds Clear tftp retry Set tftp retryThis example sets the retry count to Clearing and Closing the CLI This example shows how to clear the CLI screenCls clear screen To clear the CLI screen or to close your CLI session Reset Resetting the SwitchUse either of these commands to leave a CLI session This example shows how to exit a CLI session If no unit ID is specified, the entire system will be reset Clear configThis example shows how to reset the system This example shows how to reset unit Use this command to display WebView status Using and Configuring WebViewShow webview Show ssl Set webview This example shows how to enable SSL This example shows how to display SSL statusSet ssl Gathering Technical Support Information CommandShow support To gather common technical support information Hostprotect is enabled by default Configuring HostprotectShow system hostprotect Set system hostprotect This example disables hostprotect This feature is disabled by defaultDefault state is enabled Clear system hostprotect Usage Licensing Procedure in a Stack Environment Activating Licensed FeaturesLicense Key Field Descriptions Adding a New Member to a Licensed Stack Clearing, Showing, and Applying Licenses Usage Set license FeatureID feature The name of the feature being cleared Use this command to clear the license key settingsShow license Clear license C3rw-clear license featureId advrouter Clear license Activating Licensed Features Commands Configuring System Power and PoEShow inlinepower Use this command to display system power properties This example shows how to display system power properties Set inlinepower thresholdShow inlinepower Output Details Set inlinepower detectionmode Set inlinepower trapSending of traps is disabled by default Ieee Show port inlinepower Admin off auto Set port inlinepowerPriority critical High low Set port inlinepower Configuring System Power and PoE Configuring CDP Discovery Protocol Configuration Show cdp Output Details Show cdp Enable Auto disableSet cdp state Set cdp auth Use this command to set a global CDP authentication codeSet cdp interval Clear cdp Set cdp hold-time Show neighbors Show ciscodp Configuring Cisco Discovery Protocol ‐3 provides an explanation of the command output ‐2 provides an explanation of the command outputShow ciscodp port info Show ciscodp Output Details This example shows how to globally enable CiscoDP Set ciscodp timerSet ciscodp status Show ciscodp port info Output Details Set ciscodp port Set ciscodp holdtime Dot1p VvidUntagged Trusted Clear ciscodp To review and configure Llpd and LLPD‐MED Configuring Link Layer Discovery Protocol and LLDP-MEDOverview Configuration Tasks Show lldp Use this command to display Lldp configuration information Show lldp port trap Show lldp port status Show lldp port location-info Show lldp port tx-tlvShow lldp port tx‐tlv port‐string Show lldp port local-info 1000BASE-TFD Show lldp port local-info Output Details ECS Elin Show lldp port remote-info Guest‐voice‐signaling Voice‐signalingShow lldp port network-policy Voice Set lldp tx-interval Video‐signalingSoftphone‐voice Video‐conferencing Set lldp trap-interval Set lldp hold-multiplierThis example sets the transmit interval to 20 seconds Set lldp med-fast-repeat Rx‐enable Tx‐enableSet lldp port status Set lldp port trap Set lldp port location-info Set lldp port med-trapElin Set lldp port tx-tlv Mac‐phy GvrpPoe Link‐aggr Set lldp port network-policy State enable disableTag tagged untagged Vid vlan‐id dot1p Tx‐interval Clear lldpHold‐multiplier Trap‐interval Clear lldp port trap Clear lldp port status Clear lldp port location-info Clear lldp port med-trapCleared Tag Clear lldp port network-policyVid Dscp Clear lldp port tx-tlv Disables the LLDP‐MED Extended Power via MDI TLV from being Disables the LLDP‐MED Location Identification TLV from being Port Configuration Summary Port ConfigurationPort String Syntax Used in the CLI Port type.unitorslot number.port number Port Slot/Unit Parameters Used in the CLI Reviewing Port Status Show port status Show port Show port counters Switch mib2Show port status Output Details Show port counters Output Details Show port cablestatus Clear port countersThis example clears the port counters for ge.3.1 This example shows the cable status for 1 GE port ge.1.31 Disabling / Enabling and Naming PortsShow port cablestatus Output Details Set port enable Set port disableThis example shows how to disable ge.1.1 This example shows how to enable ge.1.3 Show port alias Use this command to assign an alias name to a portSet port alias This example shows how to clear the alias for ge.3.3 This example shows how to assign the alias Admin to ge.3.3 Show port speed Setting Speed and Duplex Mode Show port duplex Set port speed10 100 Mbps Set port duplex This example shows how to set ge.1.17 to full duplexFull half Show port jumbo Enabling / Disabling Jumbo Frame Support Set port jumbo Enables or disables jumbo frame supportClear port jumbo Show port negotiation Setting Auto-Negotiation and Advertised Ability Set port negotiation Enable disableShow port advertise Set port advertise Clear port advertise Set port mdix Show port mdixForced‐auto Mdi Configure ports to use Mdix mode only Configure ports to use MDI mode onlyOptional Specify the port or ports to configure Show flowcontrol Setting Flow ControlSet flowcontrol This example shows how to enable flow control Show port trap Setting Port Link Traps and Link Flap Detection Set port trap Following example disables sending trap on ge.3.1Show linkflap Portstate GlobalstateParameters Metrics Show linkflap metrics Output Details Show linkflap parameters Output Details Disables or enables the link flap detection function Disable enableSet linkflap globalstate Set linkflap portstate Set linkflap action Set linkflap interval Clear linkflap action Use this command to set the link flap action trigger countSet linkflap threshold Clear linkflap down Set linkflap downtime All stats Clear linkflapParameter Threshold interval Show port broadcast Configuring Broadcast Suppression Clear port broadcast Set port broadcast Syntax Used in the CLI on page 7‐1 Port Mirroring Mirroring FeaturesRemote Port Mirroring Procedures Configuring Smon MIB Port MirroringOverview Show port mirroring To review and configure port mirroring on the device Can be configured per stack, if applicable Create disableSet port mirroring Clear port mirroring Use this command to clear a port mirroring relationshipSet mirror vlan Clear mirror vlan Lacp Operation Link Aggregation Control Protocol Lacp Lacp Terminology ‐6 defines key terminology used in Lacp configurationSecureStack C3 Usage Considerations Lacp Terms and Definitions Commands Show lacp ‐7 provides an explanation of the command output This example shows how to disable Lacp Disable enable Disables or enables LacpSet lacp Show lacp Output Details Set lacp asyspri Set lacp aadminkeyAsyspri Clear lacp Disable enable Disables or enables static link aggregationSet lacp static Clear lacp static Set lacp singleportlag This example enables the formation of single port LAGsClear lacp singleportlag Status detail Show port lacpSummary Counters Set port lacp Aadminkey Lacptimeout AadminstatePadminkey Padminport Clear port lacp C3su-clear port lacp port ge.3.16 Set port protected Configuring Protected PortsProtected Port Operation Clear port protected Show port protectedRead‐only Show port protected name Set port protected name Clear port protected name Use this command to clear the name of a protected group Clear port protected name Port Configuration Snmp Configuration Summary Snmp Configuration SNMPv3 SNMPv1 and SNMPv2cAbout Snmp Security Models and Levels Configuration Considerations Using Snmp Contexts to Access Specific MIBsReviewing Snmp Statistics Snmp Security Levels Show snmp engineid This example shows how to display Snmp engine propertiesShow snmp engineid Output Details This example shows how to display Snmp counter values Use this command to display Snmp traffic counter valuesShow snmp counters Show snmp counters Output Details Engine or otherwise unavailable Show snmp user Configuring Snmp Users, Groups, and Communities ‐4 provides an explanation of the command output This example shows how to display an Snmp user listUse this command to create a new SNMPv3 user Set snmp user Sha AesVolatile Nonvolatile Show snmp group Clear snmp userRemote remote User user Set snmp groupSecurity‐model V2c usm Volatile Show snmp community Clear snmp groupV2c usm Set snmp community Use this command to configure an Snmp community groupSecurityname Context context Use this command to delete an Snmp community name Configuring Snmp Access RightsThis example shows how to delete the community name vip Clear snmp community Noauthentication Show snmp accessAuthentication Privacy Context context Nonvolatile read‐ Only ‐6 provides an explanation of the command output This example shows how to display Snmp access informationShow snmp access Output Details Set snmp access Configuring Snmp MIB Views Clear snmp access Show snmp view Set snmp view Show snmp contextShow snmp view Output Details Clear snmp view Show snmp targetparams Configuring Snmp Target ParametersVolatile nonvolatile Read‐only Set snmp targetparams ‐8 provides an explanation of the command outputShow snmp targetparams Output Details Message‐ Clear snmp targetparams AuthenticationPrivacy Protected from disclosure Use this command to display Snmp target address information Configuring Snmp Target AddressesShow snmp targetaddr Set snmp targetaddr Timeout timeoutParam param Udpport udpport Clear snmp targetaddr Use this command to delete an Snmp target address entryTaglist taglist Tag 1 tag About Snmp Notify Filters Configuring Snmp Notification Parameters Show newaddrtrap By default, this function is disabled globally and per portSet newaddrtrap Show snmp notify Set snmp notify ‐10 provides an explanation of the command output10 show snmp notify Output Details Trap inform Clear snmp notify Use this command to clear an Snmp notify configurationShow snmp notifyfilter Subtree oid‐or‐ Set snmp notifyfilter Clear snmp notifyfilter Set snmp notifyprofile Show snmp notifyprofileTargetparam This example shows how to delete Snmp notify profile area51 Creating a Basic Snmp Trap ConfigurationClear snmp notifyprofile Example 11 Basic Snmp Trap Configuration How Snmp Will Use This Configuration Configuring the Snmp Management InterfaceShow snmp interface Loopback loop‐ID Set snmp interface Clear snmp interface Clear snmp interface Snmp Configuration Spanning Tree Configuration Summary Spanning Tree Configuration Loop Protect Spanning Tree Features Configuring Spanning Tree Bridge Parameters For information about Sid sid Show spantree statsActive Show spantree Output Details ‐1 shows a detailed explanation of command output Set spantree Disable enable Globally disables or enables Spanning TreeShow spantree version Set spantree version Clear spantree version This example shows how to reset the Spanning Tree versionShow spantree bpdu-forwarding By default Bpdu forwarding is disabled Disable enable Disables or enables Bpdu forwardingThis example shows how to enable Bpdu forwarding Set spantree bpdu-forwarding Clear spantree bridgeprioritymode Set spantree bridgeprioritymode8021d 8021t Set spantree msti Show spantree mstilistCreate delete Show spantree mstmap Clear spantree mstiFid fid Use this command to map a FID back to SID This example shows how to map FID 3 to SIDSet spantree mstmap Clear spantree mstmap Show spantree vlanlist This example shows how to map FID 2 back to SIDShow spantree mstcfgid Set spantree mstcfgid Cfgname name Specifies an MST configuration nameClear spantree mstcfgid Set spantree priority Use this command to set the device’s Spanning Tree priorityClear spantree priority Set spantree hello This example shows how to reset the bridge priority on SIDClear spantree hello Set spantree maxage Use this command to set the bridge maximum aging time Use this command to set the Spanning Tree forward delay Set spantree fwddelayClear spantree maxage Show spantree backuproot Clear spantree fwddelay Clear spantree backuproot Set spantree backuproot Set spantree tctrapsuppress Show spantree tctrapsuppress Set spantree protomigration Clear spantree tctrapsuppress Show spantree spanguard Enable disable Enables or disables the SpanGuard functionSet spantree spanguard Clear spantree spanguard This example shows how to enable the SpanGuard function Set spantree spanguardtimeout Show spantree spanguardtimeout Show spantree spanguardlock Clear spantree spanguardtimeout This example shows how to unlock port ge.1.16 Show spantree spanguardtrapenableClear / set spantree spanguardlock Clear spantree spanguardtrapenable Set spantree spanguardtrapenableIs enabled Set spantree legacypathcost Show spantree legacypathcost Show spantree autoedge Clear spantree legacypathcostSet spantree autoedge This example clears the legacy path cost to 802.1t values Clear spantree autoedge Set spantree portadmin Configuring Spanning Tree Port ParametersDisable enable To display and set Spanning Tree port parameters Show spantree portadmin Clear spantree portadminThis example shows how to disable Spanning Tree on ge.1.5 Show spantree portpri Use this command to set a port’s Spanning Tree prioritySet spantree portpri Clear spantree portpri Set spantree adminpathcost Show spantree adminpathcost Show spantree adminedge Clear spantree adminpathcost Clear spantree adminedge Set spantree adminedgeThis example shows how to set ge.1.11 as an edge port True false Show spantree operedge This example shows how to reset ge.1.11 as a non‐edge port Configuring Spanning Tree Loop Protect Parameters Set spantree lp This example shows how to enable Loop Protect on ge.2.3Show spantree lp If no SID is specified, SID 0 is assumed Show spantree lplock Clear spantree lp SID Locked Clear spantree lplock Show spantree lpcapablepartner Set spantree lpcapablepartner Clear spantree lpcapablepartner Use this command to set the Loop Protect event thresholdSet spantree lpthreshold Show spantree lpthreshold None. The default event threshold isClear spantree lpthreshold Show spantree lpwindow Set spantree lpwindow Disabled Set spantree lptrapenableClear spantree lpwindow Clear spantree lptrapenable Show spantree lptrapenable Set spantree disputedbpduthreshold Clear spantree disputedbpduthreshold Show spantree disputedbpduthreshold Show spantree nonforwardingreason Vlan Configuration Summary 802.1Q Vlan Configuration Creating a Secure Management Vlan Command Set for Creating a Secure Management Vlan Show vlan Viewing VLANsStatic Portinfo Vlan Vlan ID Name Show vlan Output Details This example shows how to create Vlan Create enable Creates, enables or disables VLANs. disableCreating and Naming Static VLANs Set vlan Set vlan name This example shows how to set the name for Vlan 7 to greenClear vlan Clear vlan name This example shows how to clear the name for Vlan Show port vlan Assigning Port Vlan IDs PVIDs and Ingress Filtering Clear port vlan Set port vlanModify‐egress No‐modify‐egress Show port ingress filter Show port discard Set port ingress filter Tagged untagged both none Set port discard Show port egress Configuring the Vlan Egress List Set vlan forbidden Set vlan egress Use this command to remove ports from a VLAN’s egress listClear vlan egress Untagged forbidden tagged Forbidden Show vlan dynamicegress This example shows how to enable dynamic egress on Vlan Enable disable Enables or disables dynamic egressSet vlan dynamicegress Show host vlan Setting the Host VlanSet host vlan Clear host vlan This example shows how to set Vlan 7 as the host Vlan About Garp Vlan Registration Protocol Gvrp Enabling/Disabling Gvrp Garp Vlan Registration ProtocolHow It Works Example of Vlan Propagation via Gvrp Use this command to display Gvrp configuration information Show garp timerShow gvrp Disables or enables Gvrp on the device Show gvrp configuration Output DetailsSet gvrp This example shows how to enable Gvrp on ge.1.3 Set garp timerClear gvrp Leaveall timer‐ Clear garp timerJoin Leave C3su-clear garp timer leave ge.1.1 Policy Classification Configuration Summary Policy Classification Configuration Use this command to display policy profile information Configuring Policy ProfilesShow policy profile ‐verbose Show policy profile Output Details Set policy profile This example shows how to delete policy profile Use this command to delete a policy profile entryClear policy profile All admin‐ profile profile‐ index Configuring Classification RulesShow policy rule Admin‐pid Not‐in‐service Not‐ready Storage‐type non‐Tcpsourceport Udpdestport Show policy rule Output Details Show policy capability Vlan Set policy rule Admin‐profileVlantag data Ipproto EtherIpdestsocket Ipsourcesocket Data value Mask bits Valid Values for Policy Classification Rules Clear policy rule Following parameters apply to deleting an admin ruleRange from 1 to 4094 or 0xFFF All‐pid‐entries Clear policy all-rules Use this command to remove all policy classification rules Assigning Ports to Policy Profiles Use this command to assign ports to a policy profileSet policy port To assign and unassign ports to policy profiles Clear policy port About Policy-Based CoS Configurations Configuring Policy Class of Service CoSProcedure 11-1 User-Defined CoS Configuration Configuring Policy Class of Service CoS About CoS-Based Flood Control Procedure Set cos state Use this command to enable or disable Class of Service Show cos state This example shows how to enable Class of ServiceClear cos state Priority priority Set cos settingsTos‐value tos‐value Irl‐reference Show cos settings Clear cos settingsPriority Tos‐value Set cos port-config Should be displayed Show cos port-config Entry Clear cos port-configName Ports Set cos port-resource irl Group#.port‐type Set cos port-resource flood-ctrlUnicast Multicast Group#.port‐type Show cos port-resource Unit Clear cos port-resource irlRate Type Set cos reference Clear cos port-resource flood-ctrlUnicast Multicast Show cos reference Specifies that an IRL reference is being configuredIRL reference number associated with this entry Rate‐limit irl‐index Clear cos reference Port‐typ e index Show cos unitKbps Pps Show cos port-type Clear cos all-entries This example shows flood control information for port type Port Priority Configuration Summary Port Priority Configuration Show port priority Configuring Port Priority Clear port priority Set port priority Show port priority-queue Configuring Priority to Transmit Queue Mapping Set port priority-queue Clear port priority-queue Show port txq Configuring Quality of Service QoS Set port txq Clear port txq By default, transmit queues are defined as follows Clear port txq Port Priority Configuration Igmp Overview Igmp ConfigurationAbout IP Multicast Group Management To configure Igmp snooping from the switch CLI Configuring Igmp at LayerAbout Multicasting Use this command to display Igmp snooping information Set igmpsnooping adminmodeThis example shows how to display Igmp snooping information Use this command to enable or disable Igmp on the system Enable disable Enables or disables Igmp This example shows how to enable Igmp on the systemThis example shows how to enable Igmp on port ge.1.10 Set igmpsnooping interfacemode Set igmpsnooping maxresponse Set igmpsnooping add-static Set igmpsnooping mcrtrexpiretimeModify If no ports are specified, all ports are added to the entry Show igmpsnooping static Set igmpsnooping remove-staticIf modify is not specified, a new entry is created Group group Show igmpsnooping mfdbThis example displays the static Igmp ports for Vlan Stats Optional Displays Mfdb statistics This example shows how to clear all Igmp snooping entries Use this command to clear all Igmp snooping entriesClear igmpsnooping To configure Igmp on routing interfaces Configuring Igmp on Routing InterfacesGlobal configuration C3su‐routerConfig# Ip igmp This example shows how to enable Igmp on the router Ip igmp enableInterface configuration C3su‐routerConfig‐ifVlan 1# Ip igmp version Show ip igmp interface Any router mode Ip igmp query-interval Show ip igmp groups Ip igmp startup-query-interval Ip igmp query-max-response-time Ip igmp last-member-query-interval Ip igmp startup-query-count Ip igmp robustness Ip igmp last-member-query-count Interface configuration C3 su‐routerConfig‐ifVlan 1# Ip igmp robustness Igmp Configuration Logging and Network Management Configuring System Logging Show logging server Set logging server Clear logging server Show logging default Use this command to set logging default values Set logging default Show logging application Clear logging defaultFacility Severity Show logging application Output Details Set logging application If level is not specified, none will be applied Level level Show logging local Clear logging application Clear logging local Set logging local Show logging buffer This example shows how to clear local loggingShow logging interface Set logging interface Clear logging interface History Monitoring Network Events and Status Default Use this command to set the size of the history bufferShow history Set history Show users PingThis example, the host at IP address is not responding Show netstat DisconnectConsole Following table describes the output of this command Following example shows the output of this commandShow netstat Output Details Use this command to display the switch’s ARP table Managing Switch Network Addresses and RoutesShow arp Set arp This example shows how to display the ARP tableShow arp Output Details Traceroute Clear arp Each response Show macType other learned Self mgmt Show mac Output Details Show mac agetime This example shows how to set the MAC timeout period This example shows how to display the MAC timeout periodSet mac agetime Clear mac agetime Set mac algorithm Default MAC algorithm is mac‐crc16‐upperbitsShow mac algorithm Set mac multicast Clear mac algorithm Clear mac address Use this command to remove a multicast MAC addressAppend clear Set mac unreserved-flood Show mac unreserved-flood This example enables multicast flood protection Configuring Simple Network Time Protocol SntpUse this command to display Sntp client settings Show sntp Show sntp Output Details This example shows how to display Sntp client settings Clear sntp client Set sntp client Clear sntp server Set sntp serverIf precedence is not specified, 1 will be applied Clear sntp poll-interval Set sntp poll-interval Set sntp poll-retry This example shows how to clear the Sntp poll intervalClear sntp poll-retry Clear sntp poll-timeout Set sntp poll-timeoutUse this command to clear the Sntp poll timeout This example shows how to clear the Sntp poll timeout Set timezone Set sntp interface Show sntp interface Clear sntp interface C3rw-show sntp interface Vlan 100 C3rw-clear sntp interface Show nodealias config Configuring Node Aliases Set nodealias Show nodealias config Output DetailsMaxentries maxentries Clear nodealias config Rmon Monitoring Group Functions and Commands Rmon ConfigurationRmon Monitoring Group Functions Design Considerations Group What It Does What It Monitors CLI Commands To display, configure, and clear Rmon statistics Statistics Group Commands Show rmon stats Use this command to configure an Rmon statistics entrySet rmon stats This example shows how to delete Rmon statistics entry To‐defaultsClear rmon stats If owner is not specified, monitor will be applied Show rmon history History Group Commands Clear rmon history Set rmon historyBuckets buckets Interval interval This example shows how to delete Rmon history entry Show rmon alarm Alarm Group CommandsThis example shows how to display Rmon alarm entry Show rmon alarm Output Details Set rmon alarm propertiesObject object Type absolute Set rmon alarm status Enable Clear rmon alarmThis example shows how to enable Rmon alarm entry Use this command to delete an Rmon alarm entry Use this command to display Rmon event entry properties Event Group CommandsThis example shows how to display Rmon event entry Show rmon event Description Set rmon event propertiesType none log Trap both Set rmon event status This example shows how to enable Rmon event entryClear rmon event This example shows how to clear Rmon event Show rmon channel Filter Group Commands Set rmon channel Use this command to configure an Rmon channel entryAccept matched Failed Show rmon filter Clear rmon channelIndex index Channel channel Set rmon filter This example shows how to clear Rmon filter entry Use this command to clear an Rmon filter entryClear rmon filter Show rmon capture Packet Capture CommandsNodata Action lock Set rmon captureSlice slice Loadsize loadsize This example shows how to clear Rmon capture entry Use this command to clears an Rmon capture entryClear rmon capture Dhcp Overview Dhcp Server ConfigurationDhcp Relay Agent Dhcp Server Configuring a Dhcp Server Configuring General Dhcp Server Parameters This example enables Dhcp server functionality Set dhcp bootpSet dhcp This example enables Dhcp conflict logging This example enables address allocation for Bootp clientsSet dhcp conflict logging Show dhcp conflict This example disables Dhcp conflict logging Logging Disables conflict loggingClear dhcp conflict Clears the conflict information for all IP addresses Set dhcp exclude 100, with the set dhcp exclude commandClear dhcp exclude Clear dhcp ping Set dhcp pingThis example sets the number of ping packets sent to Clear dhcp binding Show dhcp binding Use this command to clear all Dhcp server counters Use this command to display Dhcp server statisticsShow dhcp server statistics Clear dhcp server statistics This example clears all Dhcp server counters Manual Pool Configuration Considerations Configuring IP Address Pools This example creates an address pool named auto1 Set dhcp pool Clear dhcp pool Use this command to delete a Dhcp server pool of addressesSet dhcp pool network This example deletes the address pool named auto1 Set dhcp pool hardware-address Clear dhcp pool network Set dhcp pool host Clear dhcp pool hardware-addressIf no type is specified, Ethernet is assumed Set dhcp pool client-identifier Clear dhcp pool host Clear dhcp pool client-identifier Clear dhcp pool client-name Set dhcp pool client-name Clear dhcp pool bootfile Set dhcp pool bootfile Clear dhcp pool next-server Set dhcp pool next-server Clear dhcp pool lease Set dhcp pool leaseInfinite Clear dhcp pool default-router Set dhcp pool default-router Clear dhcp pool dns-server Set dhcp pool dns-server Clear dhcp pool domain-name Set dhcp pool domain-name Clear dhcp pool netbios-name-server Set dhcp pool netbios-name-server Clear dhcp pool netbios-node-type Set dhcp pool netbios-node-type‐node Ascii string Set dhcp pool option Clear dhcp pool option Show dhcp pool configurationThis example removes option 19 from address pool auto1 Show dhcp pool configuration Dhcp Snooping Overview Dhcp Snooping Dynamic ARP InspectionDhcp Message Processing Building and Maintaining the Database Configuration Notes Basic ConfigurationProcedure 17-1 Basic Configuration for Dhcp Snooping Rate Limiting Disabled globally Dhcp Snooping CommandsSet dhcpsnooping Set dhcpsnooping vlan Set dhcpsnooping database write-delay Set dhcpsnooping trust By default, ports are untrusted Set dhcpsnooping binding This example configures port ge.1.1 as a trusted portSet dhcpsnooping verify Set dhcpsnooping log-invalid Source MAC address verification is enabled by defaultAgainst the client hardware address None Set dhcpsnooping limitRate pps Burst interval secs This example configures rate limit parameters on port ge.1.1 Show dhcpsnooping port Show dhcpsnooping database Dynamic static Show dhcpsnooping bindingEntry, either dynamic or static Show dhcpsnooping statistics Clear dhcpsnooping statistics Clear dhcpsnooping bindingClear dhcpsnooping database Default value of 300 seconds Write‐delayClear dhcpsnooping limit Dynamic ARP Inspection Overview Static Mappings Functional DescriptionOptional ARP Packet Validation Packet Forwarding Logging Invalid PacketsRate Limiting Eligible Interfaces Step Task Commands Procedure 17-2 Basic Dynamic ARP Inspection Configuration Router Configuration Example ConfigurationVlan Configuration Set arpinspection vlan Dynamic ARP Inspection CommandsDhcp Snooping Configuration Dynamic ARP Inspection Configuration Logging is disabled by default Set arpinspection trustBy default, all physical ports and LAGs are untrusted Logging Src‐mac Set arpinspection validateDst‐mac Set arpinspection limit Show arpinspection access-list Set arpinspection filterPermit Mac host This example displays the ARP configuration of lag.0.1 Show arpinspection ports Show arpinspection statistics Show arpinspection vlan With an invalid address Clear arpinspection validateThis example removes all 3 additional validation conditions Clear arpinspection vlan Clear arpinspection filter This example removes the ARP ACL named staticARP from Vlan Clear arpinspection limit This example clears all DAI statistics from the switch Clear arpinspection statisticsPage Pre-Routing Configuration Tasks Preparing for Router Mode Enabling the Switch for Routing Enabling Router Configuration ModesRouter CLI Configuration Modes Router CLI Configuration Modes Page Configuring Routing Interface Settings IP Configuration Vlan vlan ‐id Show interface Router global configuration mode C3su‐routerConfig# Use this command to configure interfaces for IP routingInterface Vlan vlan‐ id Show ip interface This example shows how to enter configuration mode for Vlan Ip address Router interface configuration C3su‐routerConfig‐ifVlan 1#Show ip interface Output Details Secondary No shutdown Show running-config No ip routing This example shows how to enable Vlan 1 for IP routing Use this command to configure a tunnel interface Configuring Tunnel InterfacesInterface tunnel Router interface configuration C3su‐routerConfig‐ifTnnl 1# This example creates a configured tunnel interfaceTunnel source This command specifies the mode of the tunnel interface Tunnel modeIpv6ip Specifies that the tunnel mode is IPv6 over IPv4 No form of this command removes the mode of the tunnel Show interface tunnel This example sets the tunnel mode to IPv6 over IPv4 Show ip arp Reviewing and Configuring the ARP Table Arp This example shows how to use the show ip arp commandShow ip arp Output Details Ip proxy-arp This example shows how to enable proxy ARP on Vlan Clear arp-cache Arp timeout14,400 seconds Privileged Exec C3su‐router# Interface configuration C3su‐Router1Config‐ifVlan 1# Configuring Broadcast SettingsIp directed-broadcast Udp Ip forward-protocolSpecifies UDP as the IP forwarding protocol Are forwarded Ip helper-address Show ip route Reviewing IP Traffic and Configuring Routes OSPF, IA Ping Ip routePreference in route selection There is also a traceroute command available in switch mode This command is also available in switch modeTraceroute Ip icmp redirect enable Configuring Icmp Redirects Interface Show ip icmp redirect Activating Advanced Routing Features IPv4 Routing Protocol Configuration RIP Configuration Task List and Commands Configuring RIPRIP Configuration Task List and Commands Router rip This example shows how to enable RIP Ip rip enableDistance R1compatible Ip rip send version Specifies RIP version 1. This is the default setting Ip rip authentication-keyIp rip receive version Specifies RIP version Md5 Ip rip message-digest-key Router configuration C3su‐routerConfig‐router# Use this command to disable automatic route summarizationNo auto-summary Split-horizon poison Passive-interface Redistribute Receive-interfaceConnected Ospf Protocol Command detailed in ip route on page 19‐21Subnets Subnetted will be redistributed Ospf Configuration Task List and Commands Configuring OspfOspf Configuration Task List and Commands Advanced License Required Routes Router id Router ospf This example shows how to enable routing for Ospf process1583compatibility This example shows how to enable RFC 1583 compatibility Ip ospf enableIp ospf areaid Ip ospf priority Ip ospf cost Timers spf Ip ospf retransmit-interval Ip ospf transmit-delay Ip ospf dead-interval Ip ospf hello-interval65535 Ip ospf authentication-key Distance ospf Ip ospf message digest key md5 External inter‐ Area rangeArea intra‐area Intra‐area routes Area stub If not specified, advertise mode will be setAdvertise no‐ Advertise Area nssa Area default cost This example shows how to configure area 10 as an Nssa area Default‐Area virtual-link Information‐ Transmit‐delay Authentication‐Key key Dead‐interval Rip Show ip ospfMetric‐type type Use this command to display the Ospf link state database This example shows how to display Ospf informationShow ip ospf database Show ip ospf database Output Details Show ip ospf interface Show ip ospf interface Output Details Show ip ospf neighbor Output Details Show ip ospf neighbor Clear ip ospf process Show ip ospf virtual-linksShow ip ospf virtual links Output Details This example shows how to reset Ospf process Enabling Dvmrp on an Interface Configuring Dvmrp Commands to Enable Dvmrp on an Interface Ip dvmrp enableThis example shows how to enable the Dvmrp process Ip dvmrp Ip dvmrp metric Use this command to display Dvmrp routing informationShow ip dvmrp This example shows how to display Dvmrp status information Ip irdp enable Configuring Irdp Ip irdp minadvertinterval Ip irdp maxadvertinterval Ip irdp preference Ip irdp holdtime9000 Ip irdp broadcast Use this command to display Irdp informationShow ip irdp Configuration Tasks on page 18‐1 Router vrrp Configuring Vrrp Create This example shows how enable Vrrp configuration mode Address Advertise-interval Priority Preempt Described in Pre‐Routing Configuration Tasks on page 18‐1 Enable Use this command to display Vrrp routing information Ip vrrp authentication-keyThis example shows how to display Vrrp information Show ip vrrp Design Considerations Configuring PIM-SM This example shows how to globally enable and disable PIM Global router configuration C3su‐routerConfig#Ip pimsm Ip pimsm staticrp Ip pimsm enable Ip pimsm query-interval This example shows how to display PIM informationShow ip pimsm Show ip pimsm componenttable This example shows how to display PIM router informationShow ip pimsm Output Details Show ip pimsm interface This example shows how to display PIM interface informationShow ip pimsm componenettable Output Details Stats Show ip pimsm neighbor This example shows how to display PIM interface statisticsShow ip pimsm interface vlan Output Details 10 show ip pimsm interface stats Output Details Show ip pimsm rp ‐11 provides an explanation of the command output11 show ip pimsm neighbor Output Details Candidate Show ip pimsm rphash ‐12 provides an explanation of the command output12 show ip pimsm rp Output Details Show ip pimsm staticrp ‐13 provides an explanation of the command outputDisplay the PIM‐SM static Rendezvous Point information Show ip mroute Use this command to display the IP multicast routing table13 show ip pimsm staticrp Output Details 20-60 IPv4 Routing Protocol Configuration Show ipv6 status IPv6 Management This example shows how to enable IPv6 management By default, IPv6 management is disabledSet ipv6 Set ipv6 address No global unicast IPv6 address is defined by defaultEui64 Show ipv6 address Use this command to clear IPv6 global addressesClear ipv6 address Set ipv6 gateway Clear ipv6 gateway Use this command to clear an IPv6 gateway addressShow ipv6 neighbors Use this command to display IPv6 netstat information This example shows example output of this commandShow ipv6 netstat Ping ipv6 This command is also available in router modeSize num Traceroute ipv6 Traceroute ipv6 21-10 IPv6 Management Overview IPv6 ConfigurationIPv6 Routing License Required Following table lists the default IPv6 conditions Default Conditions Ipv6 forwarding General Configuration CommandsIpv6 hop-limit This command configures static IPv6 routes Default maximum number of IPv6 hops isIpv6 route This example sets the hop limit to Ipv6 route distance Default preference or administrative distance is Ipv6 unicast-routing This command sets the default distance value to Link‐local‐address Ping ipv6 interface Router privileged exec C3 su‐router# 20010db8123455551 Ipv6 address Interface Configuration CommandsNo IPv6 addresses are defined for any interface IPv6 is disabled Ipv6 enable Bytes Ipv6 mtu This example sets the MTU value to 1500 bytes Clear ipv6 neighbors Neighbor Cache and Neighbor Discovery CommandsThis example clears all dynamically learned cache entries Ipv6 nd dad attempts Duplicate address detection enabled, for 1 attemptIpv6 nd ns-interval Router interface configurationC3su‐routerConfig‐ifVlan 1# By default, a value of 0 is advertised in RA messagesIpv6 nd reachable-time This example sets the NS interval to 2 seconds Flag is set to false by default Ipv6 nd other-config-flagRouter interface configuration C3su‐routerConfig‐if Vlan 1# This example sets the reachable time to 60 seconds Ipv6 nd ra-lifetime Ipv6 nd ra-interval This example disables router advertisement transmission Suppression disabledIpv6 nd suppress-ra Ipv6 nd prefix Router interface configurationC3su‐routerConfig‐if Vlan 1# No‐autoconfigOff‐link Example Show ipv6 Query CommandsShow ipv6 interface Router privileged execution C3su‐router# This example displays information about IPv6 interface Vlan This example displays the neighbors in the cache This command displays IPv6 Neighbor Cache information Show ipv6 route This command displays the IPv6 routing tableShow ipv6 neighbor Output Details Interface interface Show ipv6 route Output Details This example displays all active IPv6 routes Show ipv6 route preferences Output Details Show ipv6 route preferences Show ipv6 route summary This command displays the summary of the routing tableNon‐best routes Show ipv6 traffic Following example displays the output of this commandShow ipv6 summary Output Details Show ipv6 traffic Output Details Options, etc Counter would include datagrams counted Send. Note that this counter includes all those counted by Router privileged executionC3su‐router# Clear ipv6 statisticsThis example clears the statistics for Vlan IPv6 Proxy Routing Limitations Preparing a Mixed Stack for IPv6 Proxy Routing Router global configuration C2su‐routerConfig# IPv6 proxy routing is disabled by defaultThis example enables IPv6 proxy routing Ipv6 proxy-routing Any routing mode DHCPv6 Configuration Ipv6 dhcp enable Global Configuration CommandsFollowing table lists the default DHCPv6 conditions This command enables DHCPv6 on the router This example enables DHCPv6 By default, DHCPv6 is disabledIpv6 dhcp relay-agent-info-opt Ipv6 dhcp pool Ipv6 dhcp relay-agent-info-remote-id-subopt Ipv6 dhcp pool Domain-name Address Pool Configuration Commands Prefix-delegation Dns-server Preferred‐lifetime Valid‐lifetime secsSecs infinite C3su-routerConfig-dhcp6s-pool# exit C3su-routerConfig# Ipv6 dhcp server By default, DHCPv6 functionality is disabledRapid‐commit Preference pref Destination dest‐addr Ipv6 dhcp relayInterface intf Remote‐id duid‐ifid Examples Show ipv6 dhcp DHCPv6 Show Commands Statistics Show ipv6 dhcp interface This example displays the DHCPv6 statistics for Vlan Output of show ipv6 dhcp interface Command Output of show ipv6 dhcp statistics Command This example displays the output of this commandShow ipv6 dhcp statistics This example clears DHCPv6 statistics for Vlan Clear ipv6 dhcp statistics Show ipv6 dhcp pool This command displays information about DHCPv6 bindingsShow ipv6 dhcp binding If no IPv6 address is specified, all bindings are displayed Show ipv6 dhcp binding DHCPv6 Configuration OSPFv3 Configuration Following table lists the default OSPFv3 conditions Use this command to configure the OSPFv3 router ID Global OSPFv3 Configuration CommandsIpv6 router id Ipv6 router ospf Default-information originateAlways Metric value Router OSPFv3 configuration C3su‐routerConfig‐router# Default-metricNo default metric is configured Router OSPFv3 configuration C3su-routerConfig-router# Intra Exit-overflow-intervalInter Type1 Default value is ‐1 This command configures the external Lsdb limit for OSPFv3External-lsdb-limit This example sets the exit overflow interval to 10 seconds Connected static Maximum-pathsTag tag Metric = unspecified Metric type = Type Tag = Area default-cost Area Configuration CommandsThese commands are used to configure area parameters This example shows how to configure area 20 as an Nssa This example sets the default route cost to 50 for area Default metric value is Area nssa default-info-originateArea nssa no-redistribute Comparable Area nssa no-summary By default, the translator role is disabled This command configures the translator role of the routerArea nssa translator role Area nssa translator-stab-intv Area address ranges are not configured by default Default interval is 40 secondsSummarylink Nssaexternallink This command creates a stub area for the specified area ID Area stub no-summary Example disables the import of summary LSAs into stub areaThis example creates a stub area with the ID Area virtual-link dead-interval Default dead interval is 40 seconds Area virtual-link hello-interval Default hello interval is 10 secondsArea virtual-link retransmit-interval Default retransmit interval is 5 seconds Area virtual-link transmit-delayDefault transmit delay is 1 second OSPFv3 is disabled by default Ipv6 ospf enable Ipv6 ospf cost Ipv6 ospf areaid Ipv6 ospf dead-interval Default dead interval value is 40 seconds Ipv6 ospf mtu-ignore Ipv6 ospf hello-interval Default network type is broadcast By default, MTU mismatch detection is enabledIpv6 ospf network Ipv6 ospf priority Default priority value isIpv6 ospf retransmit-interval Default value is 4 seconds Ipv6 ospf transmit-delayDefault value is 1 second Ipv6 ospf transmit-delay This command displays OSPFv3 router information OSPFv3 Show CommandsThis example shows how to display OSPFv3 router information Show ipv6 ospf Show ipv6 ospf Output Details Show ipv6 ospf area Output Details Show ipv6 ospf area Show ipv6 ospf abr Output Details Show ipv6 ospf abr Show ipv6 ospf asbr Output Details Show ipv6 ospf asbr Show ipv6 ospf database Adv Router Link Id Age Sequence Csum Options Rtr Opt Show ipv6 ospf database Output Details Show ipv6 ospf database database-summary Output Details Show ipv6 ospf interface This command displays information about OSPFv3 interfacesLoopback loopid Show ipv6 ospf interface Command Output Details Show ipv6 ospf interface stats This example shows how to display statistics for Vlan Show ipv6 ospf interface stats Output Details Show ipv6 ospf neighbor This command displays information about OSPFv3 neighborsSpecify the Vlan interface to display information about Specify the tunnel interface to display Show ipv6 ospf neighbor Output Details 10 show ipv6 ospf neighbor routerid Output Details Show ipv6 ospf rangeThis example displays range information for area 11 show ipv6 ospf range Output Details Show ipv6 ospf stub tableThis example displays the OSPFv3 stub table information 12 show ipv6 ospf stub table Output Details 13 show ipv6 ospf virtual-link Output Details Show ipv6 ospf virtual-link Show ipv6 ospf virtual-link Show ipv6 ospf virtual-link OSPFv3 Configuration Overview of Authentication and Authorization Methods Authentication and Authorization Configuration Overview of Authentication and Authorization Methods Filter-ID Attribute Formats Show authentication login Setting the Authentication Login MethodSet authentication login Use this command to set the authentication login method Any Clear authentication loginLocal Radius Timeout Configuring RadiusShow radius Retries Set radius Optional Displays Radius server configuration informationServer Servers or a specific Radius server as defined by an index Realm management‐ access any network‐access Timeout timeoutServer index Realm Clear radius Set radius accounting Show radius accountingRetries retries Timeout This example shows how to set Radius accounting retries toClear radius accounting Retries Set radius interface Show radius interface Clear radius interface Example Show dot1x Configuring 802.1X AuthenticationAuth‐diag Auth‐stats This example shows how to display 802.1X status Show dot1x auth-config Init reauth Set dot1xTrue false Set dot1x auth-config Portcontrol Maxreq Clear dot1x auth-config Show eapol Show eapol Output Details Connecting state, via disconnected Clear eapol Set eapolAuth‐mode Forced‐auth Optional Globally clears the Eapol authentication mode Show macauthentication Configuring MAC Authentication Nopassword Show macauthentication Output Details This example shows how to display MAC session information Show macauthentication sessionShow macauthentication session Output Details Set macauthentication password Set macauthenticationUse this command to set a MAC authentication password Set macauthentication port Clear macauthentication passwordUse this command to clear the MAC authentication password Enables or disables MAC authentication Set macauthentication portquietperiod Set macauthentication portinitialize Set macauthentication macinitialize Clear macauthentication portquietperiodThis example resets the default quiet period on port Set macauthentication portreauthenticate Set macauthentication reauthenticationEnables or disables MAC reauthentication Set macauthentication reauthperiod Set macauthentication macreauthenticate Clear macauthentication reauthperiod Clear macauthentication significant-bits Set macauthentication significant-bits C3su-clear macauthentication significant-bits About Multiple Authentication Types Configuring Multiple Authentication MethodsAbout Multi-User Authentication Show multiauth Clear multiauth mode Set multiauth modeMulti Strict Set multiauth precedence Default precedence order is dot1x, pwa, macClear multiauth precedence Set multiauth port Show multiauth port Clear multiauth port Show multiauth session Show multiauth station Agent dot1x mac Show multiauth idle-timeout Authentication method for which to set the timeout value Set multiauth idle-timeoutWhich to set the timeout value Idle timeout value is provided by the authenticating server Show multiauth session-timeout Clear multiauth idle-timeoutDefault Which to reset the timeout value to its default Which to set the session timeout value Set multiauth session-timeout Configuring User + IP Phone Authentication Clear multiauth session-timeout Configuring Vlan Authorization RFC Set vlanauthorization egress Set vlanauthorizationTagged Show vlanauthorization Clear vlanauthorizationBy default, administrative egress is set to untagged Show vlanauthorization Output Details Configuring Policy Maptable Response Operational Description When Policy Maptable Response is Both When Policy Maptable Response is Tunnel When Policy Maptable Response is PolicyShow policy maptable Response Set policy maptableBoth Policy Clear policy maptable To review, disable, enable, and configure MAC locking Configuring MAC Locking Show maclock Show maclock Output Details Show maclock stationsFirstarrival Connected to MAC locked ports Set maclock enable port‐string Set maclock enableShow maclock stations Output Details This example shows how to enable MAC locking on ge.2.3 Set maclock disableThis example shows how to disable MAC locking on ge.2.3 Set maclock Create Clear maclockSpecified MAC address and port Clear maclock static Set maclock static Set maclock firstarrival Set maclock agefirstarrival Clear maclock firstarrival This example disables first arrival aging on port ge.1.1 This example enables first arrival aging on port ge.1.1Clear maclock agefirstarrival Set maclock move Set maclock trap About PWA Configuring Port Web Authentication PWA Show pwa Output Details Show pwa This example shows how to enable port web authentication Enable disable Enables or disables port web authenticationSet pwa Show pwa banner This example shows how to display the PWA login bannerSet pwa banner Clear pwa banner This example shows how to hide the Enterasys Networks logoSet pwa displaylogo Display hide Set pwa protocol Set pwa ipaddressChap pap This example shows how to clear the PWA guest user name Use this command to clear the PWA guest user nameSet pwa guestname Clear pwa guestname Set pwa gueststatus Set pwa guestpasswordAuthnone Authradius Set pwa initialize This example shows how to initialize ports ge.1.5‐7Set pwa quietperiod Set pwa portcontrol Set pwa maxrequest This example shows how to enable PWA on ports 1‐22 Enables or disables PWA on specified portsThis example shows how to display PWA session information Show pwa session This example shows how to enable PWA enhancedmode Enable disable Enables or disables PWA enhancedmodeSet pwa enhancedmode This example shows how to display SSH status on the switch Configuring Secure Shell SSHShow ssh status Set ssh This example shows how to regenerate SSH keys This example shows how to disable SSHSet ssh hostkey Show access-lists Configuring Access ListsShow access‐lists number Deny permit Access-list standard Insert replace Access-list extendedThis example moves entry 16 to the beginning of ACL Insert replace Interface configuration C3su‐routerConfig‐ifVlan vlanid# Ip access-groupFilters inbound frames Example Page TACACS+ Configuration State Optional Displays only the TACACS+ client status Show tacacsShow tacacs Output Details Enable disable Enables or disables the Tacacs client Use this command to enable or disable the TACACS+ clientThis example shows how to enable the TACACS+ client Set tacacs Set tacacs server Timeout seconds Specifies one TACACS+ server to be affected Clear tacacs server This example removes TACACS+ server Show tacacs session Set tacacs session Clear tacacs session ServiceRead‐write Super‐user Set tacacs command Show tacacs command Set tacacs singleconnect Show tacacs singleconnectConnection Set tacacs interface Show tacacs interface Clear tacacs interface Clear tacacs interface TACACS+ Configuration 27-14 Using sFlow in Your Network SFlow ConfigurationAdvantages of using sFlow include SFlow Agent Functionality DefinitionsSampling Mechanisms SFlow Definitions Counter Sampling Packet Flow SamplingUsage Notes 28-5 Show sflow receivers Contents of the sFlow Receivers Table is displayedThis example displays the sFlow Receivers Table Show sflow receivers Output Descriptions Following table describes the output fields Set sflow receiver ip Set sflow receiver owner Default maximum datagram size is 1400 bytes Default IP address isSet sflow receiver maxdatagram Maxdatagram bytes Set sflow receiver port Default port value isClear sflow receiver Maxdatagram Owner Set sflow port pollerPort port Show sflow pollers Set sflow port sampler Clear sflow port pollerInterval This example removes the poller instance on port ge.1.1 Show sflow samplers Set sflow interface Clear sflow port samplerMaxheadersize Rate Show sflow interface Clear sflow interface Show sflow agent 28-18 Policy Capacities Policy and Authentication CapacitiesTable A-1 Policy Capacities Table A-2 Authentication Capacities Authentication Capacities Numerics Index Ospf 20-30Network Management Tftp Index

access-list (standard)

Syntax

To create an ACL entry:

Parameters

access‐list‐number [entryno [entryno]]

deny permit

source

source‐wildcard