Enterasys Networks 9034313-07 TACACS+ Configuration

SecureStack C3 Configuration Guide 27-1

TACACS+ Configuration

ThischapterprovidesinformationaboutthecommandsusedtoconfigureandmonitorTACACS+

(TerminalAccessControllerAccess‐ControlSystemPlus).

TACACS+isasecurityprotcolthatprovidesservicesforsecureauthentication,CLIcommand

authorization,andCLIauditingforadministrativeaccess.Itcanbeusedasanalternativetothe

standardRADIUSsecurityprotocol(RFC2865).TACACS+runsoverTCPandencryptsthebody

ofeachmanagementpacket.

BasedonthenowobsoleteTACACSprotocol(definedinRFC1492),TACACS+isdefinedinan

un‐publishedandexpiredInternetDraftdraft‐grant‐tacacs‐02.txt,“TheTACAC S+Protocol

Vers ion 1.78,”January,1997.

FordetailedinformationaboutusingTACACS+inyournetwork,refertotheEnterasysFeature

Guide“TACACS+Configuration”locatedontheEnterasyswebsite:

http://www.enterasys.com/support/manuals/f.html#M

For information about... Refer to page...

show tacacs 27-2

set tacacs 27-3

show tacacs server 27-3

set tacacs server 27-4

clear tacacs server 27-5

show tacacs session 27-6

set tacacs session 27-7

clear tacacs session 27-8

show tacacs command 27-9

set tacacs command 27-9

show tacacs singleconnect 27-10

set tacacs singleconnect 27-10

show tacacs interface 27-11

set tacacs interface 27-11

clear tacacs interface 27-12

Contents

Main Page Notice Enterasys Networks, Inc. Firmware License Agreement BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. Page Page Contents About This Guide Chapter 1: Introduction Chapter 2: Configuring Switches in a Stack Chapter 3: Basic Configuration Page Chapter 4: Activating Licensed Features Chapter 5: Configuring System Power and PoE Chapter 6: Discovery Protocol Configuration Chapter 7: Port Configuration Page Chapter 8: SNMP Configuration Chapter 9: Spanning Tree Configuration Page Chapter 10: 802.1Q VLAN Configuration Chapter 11: Policy Classification Configuration Chapter 12: Port Priority Configuration Chapter 13: IGMP Configuration Chapter 14: Logging and Network Management Page Chapter 15: RMON Configuration Chapter 16: DHCP Server Configuration Chapter 17: DHCP Snooping and Dynamic ARP Inspection Chapter 18: Preparing for Router Mode Chapter 19: IP Configuration Chapter 20: IPv4 Routing Protocol Configuration Page Chapter 21: IPv6 Management Chapter 22: IPv6 Configuration Chapter 23: IPv6 Proxy Routing Chapter 24: DHCPv6 Configuration Chapter 25: OSPFv3 Configuration Chapter 26: Authentication and Authorization Configuration Page Chapter 27: TACACS+ Configuration Chapter 28: sFlow Configuration Appendix A: Policy and Authentication Capacities Index Figures Tables Page Page Page About This Guide Using This Guide Structure of This Guide Important Notice Page Chapter 28 Related Documents Conventions Used in This Guide Thefollowingconventionsareusedinthetextofthisdocument: Thefollowingiconsareusedinthisguide: Getting Help Page Introduction SecureStack C3 CLI Overview Switch Management Methods Factory Default Settings Table 1-1 Default Settings for Basic Switch Operation (Continued) Table 1-2 Default Settings for Router Operation Table 1-1 Default Settings for Basic Switch Operation (Continued) Table 1-2 Default Settings for Router Operation (Continued) Using the Command Line Interface Starting a CLI Session Connecting Using the Console Port Connecting Using Telnet Logging In Using a Default User Account Using an Administratively Configured User Account Navigating the Command Line Interface Getting Help with CLI Syntax CLI Command Defaults Descriptions CLI Command Modes Performing Keyword Lookups Displaying Scrolling Screens Abbreviating and Completing Commands Figure 1-6 Abbreviating a Command Basic Line Editing Commands TheCLIsupportsEMACslikelineeditingcommands.Tabl e 13listssomecommonlyused commands. Table 1-3 Basic Line Editing Commands Configuring Switches in a Stack About SecureStack C3 Switch Operation in a Stack Installing a New Stackable System of Up to Eight Units Important Installing Previously-Configured Systems in a Stack Adding a New Unit to an Existing Stack Creating a Virtual Switch Configuration Page Considerations About Using Clear Config in a Stack Issues Related to Mixed Type Stacks Feature Support Configuration Common Firmware Version Stacking Configuration and Management Commands show switch Thisexampleshowshowtodisplayinformationaboutallswitchunitsinthestack: Thisexampleshowshowtodisplayinformationaboutswitchunit1inthestack: Thisexampleshowshowtodisplaystatusinformationforswitchunit1inthestack: show switch switchtype Usethiscommandtodisplayinformationaboutsupportedswitchtypesinthestack. Thisexampleshowshowtodisplayswitchtypeinformationaboutallswitchesinthestack: switchindex (Optional)Specifiestheswitchindex(SID)oftheswitchtypetodisplay. ThisexampleshowshowtodisplayswitchtypeinformationaboutSID1: show switch stack-ports Usethiscommandtodisplayvariousdataflowanderrorcountersonstackports. set switch set switch copy-fw set switch description set switch movemanagement set switch member clear switch member Basic Configuration Quick Start Setup Commands Setting User Accounts and Passwords Table 3-2 Optional CLI Setup Commands show system login set system login clear system login set password set system password length set system password aging set system password history show system lockout set system lockout Thisexampleshowshowtosetloginattemptsto5andlockouttimeto30minutes: Setting Basic Switch Properties TodisplayandsetthesystemIPaddressandotherbasicsystem(switch)properties. show ip address UsethiscommandtodisplaythesystemIPaddressandsubnetmask. ThisexampleshowshowtodisplaythesystemIPaddressandsubnetmask: set ip address clear ip address show ip protocol set ip protocol show system Thefollowingtableprovidesanexplanationofthecommandoutput. show system hardware Usethiscommandtodisplaythesystemshardwareconfiguration. Table 3-4 show system Output Details show system utilization set system utilization clear system utilization show system enhancedbuffermode set system enhancedbuffermode set system temperature clear system temperature show time set time show summertime set summertime set summertime date set summertime recurring clear summertime set prompt show banner motd set banner motd clear banner motd show version set system name set system location set system contact set width set length show logout set logout show console set console baud Downloading a Firmware Image Downloading from a TFTP Server Downloading via the Serial Port 3. Type2.Thefollowingbaudrateselectionscreendisplays: 4. Type8tosettheswitchbaudrateto115200.Thefollowingmessagedisplays: Reverting to a Previous Image Reviewing and Selecting a Boot Firmware Image show boot system set boot system Starting and Configuring Telnet show telnet set telnet telnet Managing Switch Configuration and Files Configuration Persistence Mode show snmp persistmode set snmp persistmode save config dir show file show config Usethiscommandtodisplaythesystemconfigurationorwritetheconfigurationtoafile. configure copy delete show tftp settings set tftp timeout clear tftp timeout set tftp retry clear tftp retry Clearing and Closing the CLI cls (clear screen) exit Resetting the Switch reset clear config Using and Configuring WebView show webview set webview show ssl set ssl Gathering Technical Support Information show support Configuring Hostprotect show system hostprotect set system hostprotect clear system hostprotect Page Activating Licensed Features License Key Field Descriptions Licensing Procedure in a Stack Environment Adding a New Member to a Licensed Stack Clearing, Showing, and Applying Licenses Commands set license Usage show license clear license Page Page Configuring System Power and PoE Commands show inlinepower set inlinepower threshold set inlinepower trap set inlinepower detectionmode show port inlinepower set port inlinepower Page Discovery Protocol Configuration Configuring CDP show cdp set cdp state set cdp auth set cdp interval set cdp hold-time clear cdp show neighbors Configuring Cisco Discovery Protocol show ciscodp show ciscodp port info set ciscodp status set ciscodp timer set ciscodp holdtime set ciscodp port Page clear ciscodp Configuring Link Layer Discovery Protocol and LLDP-MED Overview ThecommandsusedtoreviewandconfiguretheCDPdiscoveryprotocolarelistedbelow. Configuration Tasks show lldp UsethiscommandtodisplayLLDPconfigurationinformation. ThisexampleshowshowtodisplayLLDPconfigurationinformation. show lldp port status show lldp port trap show lldp port tx-tlv show lldp port location-info show lldp port local-info Page Table 6-4 show lldp port local-info Output Details (Continued) show lldp port remote-info show lldp port network-policy set lldp tx-interval set lldp hold-multiplier set lldp trap-interval set lldp med-fast-repeat set lldp port status set lldp port trap set lldp port med-trap set lldp port location-info set lldp port tx-tlv Page set lldp port network-policy clear lldp clear lldp port status clear lldp port trap clear lldp port med-trap clear lldp port location-info clear lldp port network-policy clear lldp port tx-tlv Page Port Configuration Port Configuration Summary Port String Syntax Used in the CLI Port Slot/Unit Parameters Used in the CLI Reviewing Port Status show port show port status show port counters Page clear port counters show port cablestatus Disabling / Enabling and Naming Ports set port disable set port enable show port alias set port alias Page Setting Speed and Duplex Mode show port speed set port speed show port duplex set port duplex Enabling / Disabling Jumbo Frame Support show port jumbo set port jumbo clear port jumbo Setting Auto-Negotiation and Advertised Ability show port negotiation set port negotiation show port advertise set port advertise clear port advertise show port mdix set port mdix Page Setting Flow Control show flowcontrol set flowcontrol Page Setting Port Link Traps and Link Flap Detection show port trap set port trap show linkflap Page Thisexampleshowshowtodisplaytheglobalstatusofthelinktrapdetectionfunction: Thisexampleshowshowtodisplayportsdisabledbylinkflapdetectionduetoaviolation: Tabl e 75providesanexplanationoftheshowlinkflapmetricscommandoutput. Thisexampleshowshowtodisplaythelinkflapparameterstable: Tabl e 74providesanexplanationoftheshowlinkflapparameterscommandoutput. set linkflap globalstate set linkflap portstate set linkflap interval set linkflap action clear linkflap action set linkflap threshold set linkflap downtime clear linkflap down clear linkflap Configuring Broadcast Suppression show port broadcast set port broadcast clear port broadcast Page Port Mirroring Mirroring Features Remote Port Mirroring Configuring SMON MIB Port Mirroring Overview Procedures show port mirroring set port mirroring clear port mirroring set mirror vlan clear mirror vlan Link Aggregation Control Protocol (LACP) LACP Operation LACP Terminology SecureStack C3 Usage Considerations Page show lacp set lacp set lacp asyspri set lacp aadminkey clear lacp set lacp static clear lacp static set lacp singleportlag clear lacp singleportlag show port lacp set port lacp Page clear port lacp Page Configuring Protected Ports Protected Port Operation set port protected show port protected clear port protected set port protected name show port protected name clear port protected name Page SNMP Configuration SNMP Configuration Summary SNMPv1 and SNMPv2c SNMPv3 About SNMP Security Models and Levels Using SNMP Contexts to Access Specific MIBs Configuration Considerations Reviewing SNMP Statistics show snmp engineid show snmp counters UsethiscommandtodisplaySNMPtrafficcountervalues. ThisexampleshowshowtodisplaySNMPcountervalues Page Table 8-3 show snmp counters Output Details (Continued) Configuring SNMP Users, Groups, and Communities show snmp user set snmp user Page clear snmp user show snmp group set snmp group clear snmp group show snmp community set snmp community clear snmp community Configuring SNMP Access Rights show snmp access ThisexampleshowshowtodisplaySNMPaccessinformation: Tabl e 86providesanexplanationofthecommandoutput. Table 8-6 show snmp access Output Details set snmp access clear snmp access Configuring SNMP MIB Views show snmp view show snmp context set snmp view clear snmp view Configuring SNMP Target Parameters show snmp targetparams set snmp targetparams clear snmp targetparams Configuring SNMP Target Addresses show snmp targetaddr set snmp targetaddr clear snmp targetaddr Configuring SNMP Notification Parameters About SNMP Notify Filters Commands show newaddrtrap set newaddrtrap show snmp notify set snmp notify clear snmp notify show snmp notifyfilter set snmp notifyfilter clear snmp notifyfilter show snmp notifyprofile set snmp notifyprofile clear snmp notifyprofile Creating a Basic SNMP Trap Configuration Example How SNMP Will Use This Configuration Configuring the SNMP Management Interface show snmp interface set snmp interface clear snmp interface Page Spanning Tree Configuration Spanning Tree Configuration Summary Overview: Single, Rapid, and Multiple Spanning Tree Protocols RSTP MSTP Spanning Tree Features Loop Protect Configuring Spanning Tree Bridge Parameters Page show spantree stats ThisexampleshowshowtodisplaythedevicesSpanningTreeconfiguration: Tabl e 91showsadetailedexplanationofcommandoutput. Table 9-1 show spantree Output Details set spantree show spantree version set spantree version clear spantree version show spantree bpdu-forwarding set spantree bpdu-forwarding show spantree bridgeprioritymode set spantree bridgeprioritymode clear spantree bridgeprioritymode show spantree mstilist set spantree msti clear spantree msti show spantree mstmap set spantree mstmap clear spantree mstmap show spantree vlanlist show spantree mstcfgid set spantree mstcfgid clear spantree mstcfgid set spantree priority clear spantree priority set spantree hello clear spantree hello set spantree maxage clear spantree maxage set spantree fwddelay clear spantree fwddelay show spantree backuproot set spantree backuproot clear spantree backuproot show spantree tctrapsuppress set spantree tctrapsuppress clear spantree tctrapsuppress set spantree protomigration show spantree spanguard set spantree spanguard clear spantree spanguard show spantree spanguardtimeout set spantree spanguardtimeout clear spantree spanguardtimeout show spantree spanguardlock clear / set spantree spanguardlock show spantree spanguardtrapenable set spantree spanguardtrapenable clear spantree spanguardtrapenable show spantree legacypathcost set spantree legacypathcost clear spantree legacypathcost show spantree autoedge set spantree autoedge clear spantree autoedge Configuring Spanning Tree Port Parameters set spantree portadmin clear spantree portadmin show spantree portadmin show spantree portpri set spantree portpri clear spantree portpri show spantree adminpathcost set spantree adminpathcost clear spantree adminpathcost show spantree adminedge set spantree adminedge clear spantree adminedge show spantree operedge Configuring Spanning Tree Loop Protect Parameters set spantree lp show spantree lp clear spantree lp show spantree lplock clear spantree lplock set spantree lpcapablepartner show spantree lpcapablepartner clear spantree lpcapablepartner set spantree lpthreshold show spantree lpthreshold clear spantree lpthreshold set spantree lpwindow show spantree lpwindow clear spantree lpwindow set spantree lptrapenable show spantree lptrapenable clear spantree lptrapenable set spantree disputedbpduthreshold show spantree disputedbpduthreshold clear spantree disputedbpduthreshold show spantree nonforwardingreason 802.1Q VLAN Configuration VLAN Configuration Summary Port String Syntax Used in the CLI Creating a Secure Management VLAN Viewing VLANs show vlan Tabl e 102providesanexplanationofthecommandoutput. Table 10-2 show vlan Output Details Creating and Naming Static VLANs set vlan set vlan name clear vlan clear vlan name Assigning Port VLAN IDs (PVIDs) and Ingress Filtering show port vlan set port vlan clear port vlan show port ingress filter set port ingress filter show port discard set port discard Configuring the VLAN Egress List show port egress set vlan forbidden set vlan egress clear vlan egress show vlan dynamicegress set vlan dynamicegress Setting the Host VLAN show host vlan set host vlan clear host vlan Enabling/Disabling GVRP (GARP VLAN Registration Protocol) About GARP VLAN Registration Protocol (GVRP) Overview How It Works Page show gvrp show garp timer set gvrp clear gvrp set garp timer clear garp timer Page Policy Classification Configuration Policy Classification Configuration Summary Configuring Policy Profiles show policy profile Page set policy profile clear policy profile Configuring Classification Rules show policy rule Page Tabl e 112providesanexplanationofthecommandoutput. show policy capability Table 11-2 show policy rule Output Details Page set policy rule Page Page clear policy rule clear policy all-rules Assigning Ports to Policy Profiles set policy port clear policy port Configuring Policy Class of Service (CoS) About Policy-Based CoS Configurations Page About CoS-Based Flood Control set cos state UsethiscommandtoenableordisableClassofService. Switchcommand,readwrite. enable|disable EnablesordisablesClassofServiceontheswitch.Defaultstateis disabled. show cos state clear cos state set cos settings clear cos settings show cos settings set cos port-config show cos port-config clear cos port-config set cos port-resource irl set cos port-resource flood-ctrl show cos port-resource clear cos port-resource irl clear cos port-resource flood-ctrl set cos reference show cos reference clear cos reference show cos unit clear cos all-entries show cos port-type Page Port Priority Configuration Port Priority Configuration Summary Configuring Port Priority show port priority set port priority clear port priority Configuring Priority to Transmit Queue Mapping show port priority-queue set port priority-queue clear port priority-queue Configuring Quality of Service (QoS) show port txq set port txq clear port txq Page IGMP Configuration IGMP Overview About IP Multicast Group Management About Multicasting Configuring IGMP at Layer 2 Commands show igmpsnooping set igmpsnooping adminmode set igmpsnooping interfacemode set igmpsnooping groupmembershipinterval set igmpsnooping maxresponse set igmpsnooping mcrtrexpiretime set igmpsnooping add-static set igmpsnooping remove-static show igmpsnooping static show igmpsnooping mfdb clear igmpsnooping Configuring IGMP on Routing Interfaces ip igmp ip igmp enable ip igmp version show ip igmp interface show ip igmp groups ip igmp query-interval ip igmp query-max-response-time ip igmp startup-query-interval ip igmp startup-query-count ip igmp last-member-query-interval ip igmp last-member-query-count ip igmp robustness Page Page Logging and Network Management Thischapterdescribesswitchrelatedloggingandnetworkmanagementcommandsandhowto usethem. Configuring System Logging show logging server set logging server clear logging server show logging default set logging default clear logging default show logging application set logging application Page clear logging application show logging local set logging local clear logging local show logging buffer show logging interface set logging interface clear logging interface Monitoring Network Events and Status history show history set history ping show users disconnect show netstat Thefollowingexampleshowstheoutputofthiscommand. Thefollowingtabledescribestheoutputofthiscommand. Table 14-4 show netstat Output Details Managing Switch Network Addresses and Routes TodisplayordeleteswitchARPtableentries,andtodisplayMACaddressinformation. show arp UsethiscommandtodisplaytheswitchsARPtable. set arp clear arp traceroute show mac show mac agetime set mac agetime clear mac agetime set mac algorithm show mac algorithm clear mac algorithm set mac multicast clear mac address show mac unreserved-flood set mac unreserved-flood Thisexampleenablesmulticastfloodprotection. Configuring Simple Network Time Protocol (SNTP) show sntp UsethiscommandtodisplaySNTPclientsettings. ThisexampleshowshowtodisplaySNTPclientsettings: Tabl e 147providesanexplanationofthecommandoutput. Table 14-7 show sntp Output Details set sntp client clear sntp client set sntp server clear sntp server set sntp poll-interval clear sntp poll-interval set sntp poll-retry clear sntp poll-retry set sntp poll-timeout clear sntp poll-timeout set timezone show sntp interface set sntp interface clear sntp interface Page Configuring Node Aliases show nodealias config set nodealias clear nodealias config RMON Configuration RMON Design Considerations Table 15-1 RMON Monitoring Group Functions and Commands (Continued) Statistics Group Commands show rmon stats set rmon stats clear rmon stats History Group Commands show rmon history set rmon history clear rmon history Page Alarm Group Commands show rmon alarm set rmon alarm properties set rmon alarm status clear rmon alarm Event Group Commands show rmon event set rmon event properties set rmon event status clear rmon event Page Filter Group Commands show rmon channel set rmon channel clear rmon channel show rmon filter set rmon filter clear rmon filter Packet Capture Commands show rmon capture set rmon capture clear rmon capture DHCP Server Configuration DHCP Overview DHCP Relay Agent DHCP Server Configuring a DHCP Server Configuring General DHCP Server Parameters set dhcp set dhcp bootp set dhcp conflict logging show dhcp conflict clear dhcp conflict set dhcp exclude clear dhcp exclude set dhcp ping clear dhcp ping show dhcp binding clear dhcp binding show dhcp server statistics clear dhcp server statistics Page Configuring IP Address Pools Manual Pool Configuration Considerations set dhcp pool clear dhcp pool set dhcp pool network clear dhcp pool network set dhcp pool hardware-address clear dhcp pool hardware-address set dhcp pool host clear dhcp pool host set dhcp pool client-identifier clear dhcp pool client-identifier set dhcp pool client-name clear dhcp pool client-name set dhcp pool bootfile clear dhcp pool bootfile set dhcp pool next-server clear dhcp pool next-server set dhcp pool lease clear dhcp pool lease set dhcp pool default-router clear dhcp pool default-router set dhcp pool dns-server clear dhcp pool dns-server set dhcp pool domain-name clear dhcp pool domain-name set dhcp pool netbios-name-server clear dhcp pool netbios-name-server set dhcp pool netbios-node-type clear dhcp pool netbios-node-type set dhcp pool option clear dhcp pool option show dhcp pool configuration Page DHCP Snooping and Dynamic ARP Inspection DHCP Snooping Overview DHCP Message Processing Building and Maintaining the Database Rate Limiting Basic Configuration Configuration Notes DHCP Server DHCP Snooping Commands set dhcpsnooping set dhcpsnooping vlan set dhcpsnooping database write-delay set dhcpsnooping trust set dhcpsnooping binding set dhcpsnooping verify set dhcpsnooping log-invalid set dhcpsnooping limit show dhcpsnooping show dhcpsnooping database show dhcpsnooping port show dhcpsnooping binding show dhcpsnooping statistics clear dhcpsnooping binding clear dhcpsnooping statistics clear dhcpsnooping database clear dhcpsnooping limit Dynamic ARP Inspection Overview Functional Description Static Mappings Optional ARP Packet Validation Logging Invalid Packets Packet Forwarding Rate Limiting Eligible Interfaces Interaction with Other Functions Basic Configuration Example Configuration Router Configuration VLAN Configuration DHCP Snooping Configuration Dynamic ARP Inspection Configuration Dynamic ARP Inspection Commands set arpinspection vlan set arpinspection trust set arpinspection validate set arpinspection limit set arpinspection filter show arpinspection access-list show arpinspection ports show arpinspection vlan show arpinspection statistics clear arpinspection validate clear arpinspection vlan clear arpinspection filter clear arpinspection limit clear arpinspection statistics Page Preparing for Router Mode Pre-Routing Configuration Tasks Example Enabling Router Configuration Modes Table 18-1 Enabling the Switch for Routing Table 18-2 Router CLI Configuration Modes Table 18-2 Router CLI Configuration Modes (Continued) Page IP Configuration Configuring Routing Interface Settings show interface interface show ip interface ip address show running-config no shutdown no ip routing Configuring Tunnel Interfaces interface tunnel tunnel source tunnel destination tunnel mode show interface tunnel Reviewing and Configuring the ARP Table show ip arp arp ip proxy-arp arp timeout clear arp-cache Configuring Broadcast Settings ip directed-broadcast ip forward-protocol ip helper-address Reviewing IP Traffic and Configuring Routes show ip route Ifnoparametersarespecified,allIProuteinformationwillbedisplayed. ip route ping traceroute Configuring ICMP Redirects ip icmp redirect enable show ip icmp redirect IPv4 Routing Protocol Configuration Activating Advanced Routing Features Configuring RIP RIP Configuration Task List and Commands router rip ip rip enable distance ip rip send version ip rip receive version ip rip authentication-key ip rip message-digest-key no auto-summary split-horizon poison passive-interface receive-interface redistribute Page Configuring OSPF ToenableandconfiguretheOpenShortestPathFirst(OSPF)routingprotocol. OSPF Configuration Task List and Commands Table 20-2 OSPF Configuration Task List and Commands router id router ospf 1583compatibility ip ospf enable ip ospf areaid ip ospf cost ip ospf priority timers spf ip ospf retransmit-interval ip ospf transmit-delay ip ospf hello-interval ip ospf dead-interval ip ospf authentication-key ip ospf message digest key md5 distance ospf area range area stub area default cost area nssa area virtual-link Page show ip ospf ThisexampleshowshowtodisplayOSPFinformation: show ip ospf database UsethiscommandtodisplaytheOSPFlinkstatedatabase. None. Tabl e 203providesanexplanationofthecommandoutput. show ip ospf interface Table 20-3 show ip ospf database Output Details Ifvlanidisnotspecified,OSPFstatisticswillbedisplayedforallVLANs. ThisexampleshowshowtodisplayallOSPFrelatedinformationfortheVLAN6interface: show ip ospf neighbor show ip ospf virtual-links clear ip ospf process Page Configuring DVMRP Enabling DVMRP on an Interface ip dvmrp ip dvmrp enable ip dvmrp metric show ip dvmrp Page Configuring IRDP ip irdp enable ip irdp maxadvertinterval ip irdp minadvertinterval ip irdp holdtime ip irdp preference ip irdp broadcast show ip irdp Page Configuring VRRP router vrrp create address priority advertise-interval preempt enable ip vrrp authentication-key show ip vrrp Configuring PIM-SM Design Considerations ip pimsm ip pimsm staticrp ip pimsm enable ip pimsm query-interval show ip pimsm show ip pimsm componenttable show ip pimsm interface Tabl e 209providesanexplanationoftheshowippimsminterfacevlancommandoutput. ThisexampleshowshowtodisplayPIMinterfacestatistics. Tabl e 2010providesanexplanationoftheshowippimsminterfacestatscommandoutput. show ip pimsm neighbor DisplaytheroutersPIMneighbors. Table 20-9 show ip pimsm interface vlan Output Details Table 20-10 show ip pimsm interface stats Output Details show ip pimsm rp show ip pimsm rphash show ip pimsm staticrp show ip mroute Page IPv6 Management show ipv6 status set ipv6 set ipv6 address show ipv6 address clear ipv6 address set ipv6 gateway clear ipv6 gateway show ipv6 neighbors show ipv6 netstat ping ipv6 traceroute ipv6 Page IPv6 Configuration Page General Configuration Commands ipv6 forwarding ipv6 hop-limit ipv6 route ipv6 route distance ipv6 unicast-routing ping ipv6 ping ipv6 interface traceroute ipv6 Page ipv6 address ipv6 enable ipv6 mtu Page Neighbor Cache and Neighbor Discovery Commands clear ipv6 neighbors ipv6 nd dad attempts ipv6 nd ns-interval ipv6 nd reachable-time ipv6 nd other-config-flag ipv6 nd ra-interval ipv6 nd ra-lifetime ipv6 nd suppress-ra ipv6 nd prefix Page Page Query Commands show ipv6 show ipv6 interface Page show ipv6 neighbors ThiscommanddisplaysIPv6NeighborCacheinformation. UsethiscommandtodisplaythecontentsoftheNeighborCache. Thisexampledisplaystheneighborsinthecache. show ipv6 route Ifnoparametersareentered,informationaboutallactiveIPv6routesisdisplayed. Routeruserexecution:C3(su)>router> UsethiscommandtodisplayIPv6routingtableinformationforactiveroutes. ThisexampledisplaysallactiveIPv6routes. show ipv6 route preferences show ipv6 route summary show ipv6 traffic Page Page Page Page clear ipv6 statistics IPv6 Proxy Routing Limitations Preparing a Mixed Stack for IPv6 Proxy Routing ipv6 proxy-routing show ipv6 proxy-routing Page DHCPv6 Configuration Global Configuration Commands ipv6 dhcp enable ipv6 dhcp relay-agent-info-opt ipv6 dhcp relay-agent-info-remote-id-subopt ipv6 dhcp pool Page Address Pool Configuration Commands domain-name dns-server prefix-delegation exit Page ipv6 dhcp server ipv6 dhcp relay Page DHCPv6 Show Commands show ipv6 dhcp show ipv6 dhcp interface ThisexampledisplaystheDHCPv6statisticsforVLAN80. Tabl e 242providesanexplanationofthecommandoutput. Table 24-1 Output of show ipv6 dhcp interface Command show ipv6 dhcp statistics ThiscommanddisplaysIPv6DHCPstatisticsforallinterfaces. Thisexampledisplaystheoutputofthiscommand. clear ipv6 dhcp statistics ThiscommandclearsIPv6DHCPstatistics,eitherallstatisticsoronlyforaspecificinterface. vlanvlanid (Optional)SpecifiestheinterfaceforwhichtoclearDHCPv6statistics. Ifnointerfaceisspecified,IPv6DHCPstatisticsforallinterfacesarecleared. ThisexampleclearsDHCPv6statisticsforVLAN80. show ipv6 dhcp pool show ipv6 dhcp binding Page Page OSPFv3 Configuration Page Global OSPFv3 Configuration Commands ipv6 router id ipv6 router ospf default-information originate default-metric distance ospf exit-overflow-interval external-lsdb-limit maximum-paths Page Area Configuration Commands area default-cost area nssa area nssa default-info-originate area nssa no-redistribute area nssa no-summary area nssa translator role area nssa translator-stab-intv area range area stub area stub no-summary area virtual-link area virtual-link dead-interval area virtual-link hello-interval area virtual-link retransmit-interval area virtual-link transmit-delay ipv6 ospf enable ipv6 ospf areaid ipv6 ospf cost ipv6 ospf dead-interval ipv6 ospf hello-interval ipv6 ospf mtu-ignore ipv6 ospf network ipv6 ospf priority ipv6 ospf retransmit-interval ipv6 ospf transmit-delay Page OSPFv3 Show Commands show ipv6 ospf Tabl e 251providesanexplanationofthecommandoutput. Table 25-1 show ipv6 ospf Output Details show ipv6 ospf area show ipv6 ospf abr show ipv6 ospf asbr show ipv6 ospf database Thisexampleshowspartialoutputofthiscommandwhennoparametersarespecified. Thisexampleillustratestheoutputofthiscommandusingtheadvrouterparameter. Tabl e 255providesanexplanationofthecommandoutput. ThisexampleshowshowtodisplayOSPFdatabasesummaryinformation. Table 25-5 show ipv6 ospf database Output Details Page show ipv6 ospf interface Page show ipv6 ospf interface stats vlanvlanid SpecifiestheVLANinterfaceforwhichtodisplaystatistics. ThisexampleshowshowtodisplaystatisticsforVLAN80. Table 25-7 show ipv6 ospf interface Command Output Details (Continued) Page show ipv6 ospf neighbor Thisexampledisplaystheoutputofthiscommandwhenaneighborisspecified. Tabl e 2510providesanexplanationofthecommandoutput. Table 25-9 show ipv6 ospf neighbor Output Details show ipv6 ospf range show ipv6 ospf stub table show ipv6 ospf virtual-link Page Page Authentication and Authorization Configuration Overview of Authentication and Authorization Methods Page RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment Filter-ID Attribute Formats Setting the Authentication Login Method show authentication login set authentication login clear authentication login Configuring RADIUS show radius set radius Page clear radius show radius accounting set radius accounting clear radius accounting show radius interface set radius interface clear radius interface Page Configuring 802.1X Authentication show dot1x Ifportstringisnotspecified,informationforallportswillbedisplayed. Thisexampleshowshowtodisplay802.1Xstatus: Thisexampleshowshowtodisplayauthenticationdiagnosticsinformationforge.1.1: Thisexampleshowshowtodisplayauthenticationstatisticsforge.1.1: show dot1x auth-config set dot1x set dot1x auth-config clear dot1x auth-config show eapol Mode Table 26-2 show eapol Output Details set eapol clear eapol Page Configuring MAC Authentication show macauthentication Ifportstringisnotspecified,MACauthenticationinformationwillbedisplayedforallports. ThisexampleshowshowtodisplayMACauthenticationinformationforge.2.1through8: Tabl e 263providesanexplanationofthecommandoutput. Table 26-3 show macauthentication Output Details show macauthentication session set macauthentication set macauthentication password clear macauthentication password set macauthentication port set macauthentication portinitialize set macauthentication portquietperiod clear macauthentication portquietperiod set macauthentication macinitialize set macauthentication reauthentication set macauthentication portreauthenticate set macauthentication macreauthenticate set macauthentication reauthperiod clear macauthentication reauthperiod set macauthentication significant-bits clear macauthentication significant-bits Page Configuring Multiple Authentication Methods About Multiple Authentication Types About Multi-User Authentication show multiauth Usethiscommandtodisplaymultipleauthenticationsystemconfiguration. Thisexampleshowshowtodisplaymultipleauthenticationsystemconfiguration: set multiauth mode clear multiauth mode set multiauth precedence clear multiauth precedence show multiauth port set multiauth port clear multiauth port show multiauth station show multiauth session show multiauth idle-timeout set multiauth idle-timeout clear multiauth idle-timeout show multiauth session-timeout set multiauth session-timeout clear multiauth session-timeout Configuring User + IP Phone Authentication Configuring VLAN Authorization (RFC 3580) set vlanauthorization Mode set vlanauthorization egress clear vlanauthorization show vlanauthorization Configuring Policy Maptable Response Operational Description When Policy Maptable Response is Both When Policy Maptable Response is Policy When Policy Maptable Response is Tunnel show policy maptable set policy maptable clear policy maptable Configuring MAC Locking show maclock show maclock stations set maclock enable set maclock disable set maclock clear maclock set maclock static clear maclock static set maclock firstarrival clear maclock firstarrival set maclock agefirstarrival clear maclock agefirstarrival set maclock move set maclock trap Configuring Port Web Authentication (PWA) About PWA show pwa Usethiscommandtodisplayportwebauthenticationinformationforoneormoreports. Tabl e 268providesanexplanationofthecommandoutput. Ifportstringisnotspecified,PWAinformationwillbedisplayedforallports. ThisexampleshowshowtodisplayPWAinformationforge.2.1: set pwa Usethiscommandtoenableordisableportwebauthentication. enable|disable Enablesordisablesportwebauthentication. Switchcommand,readwrite. Thisexampleshowshowtoenableportwebauthentication: show pwa banner set pwa banner clear pwa banner set pwa displaylogo set pwa ipaddress set pwa protocol set pwa guestname clear pwa guestname set pwa guestpassword set pwa gueststatus set pwa initialize set pwa quietperiod set pwa maxrequest set pwa portcontrol show pwa session set pwa enhancedmode Configuring Secure Shell (SSH) show ssh status set ssh set ssh hostkey Configuring Access Lists show access-lists access-list (standard) To create an ACL entry: To insert or replace an ACL entry: To move entries within an ACL: access-list (extended) To create an extended ACL entry: To insert or replace an ACL entry: To move entries within an ACL: ip access-group Page Page TACACS+ Configuration show tacacs set tacacs show tacacs server set tacacs server index DisplaytheconfigurationoftheTACACS+serveridentifiedbyindex. clear tacacs server show tacacs session set tacacs session clear tacacs session show tacacs command set tacacs command show tacacs singleconnect set tacacs singleconnect show tacacs interface set tacacs interface clear tacacs interface Page Page sFlow Configuration Using sFlow in Your Network Definitions sFlow Agent Functionality Sampling Mechanisms Packet Flow Sampling Counter Sampling Usage Notes Example Configuration show sflow receivers ThisexampledisplaysinformationabouttheCollectorwithindex1. Thefollowingtabledescribestheoutputfields. Table 28-2 show sflow receivers Output Descriptions set sflow receiver owner set sflow receiver ip set sflow receiver maxdatagram set sflow receiver port clear sflow receiver set sflow port poller show sflow pollers clear sflow port poller set sflow port sampler show sflow samplers clear sflow port sampler set sflow interface show sflow interface clear sflow interface show sflow agent Page A Policy and Authentication Capacities Policy Capacities Authentication Capacities Index Numerics A B C J K L M N S T U V W