Aaa authentication enable

AAA Commands

User Guidelines

The default and optional list names created with the aaa authentication login command are used with the login authentication command.

Create a list by entering the aaa authentication login list-name method command for a particular protocol, where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.

The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.

Example

The following example configures the authentication login.

Console(config)# aaa authentication login default radius tacacs enable line local none

The aaa authentication enable Global Configuration mode command defines authentication method lists for accessing higher privilege levels. To restore defaults, use the no form of this command.

Syntax

aaa authentication enable {default list-name}method1 [method2...] no aaa authentication enable {default list-name}

Parameters

•default — Uses the listed authentication methods that follow this argument as the default list of methods, when using higher privilege levels.

•list-name— Character string used to name the list of authentication methods activated, when using access higher privilege levels. (Range: 1-12 characters)

•method1 [method2...] — Specify at least one method from the following list:

Keyword

Description

enable

Uses the enable password for authentication.

10	Intel® Blade Server Ethernet Switch Modules SBCEGBESW1 and SBCEGBESW10 CLI Guide

Page 26

Image 26

Intel SBCEGBESW10 CLI manual Aaa authentication enable, Following example configures the authentication login

Contents

Guide for System Administrators of Intel Server Products Disclaimer Consignes de sécurité Important Safety InstructionsWichtige Sicherheitshinweise Instrucciones de seguridad importantesPage About this Manual Manual OrganizationPage Contents ACL Commands Gvrp Commands Line Commands 141 QoS Commands Radius Commands 215 Spanning-Tree Commands System Management Commands 321 Vlan Commands Appendix a Getting Help 405 Using CLI Overview Privileged Exec Mode Command in the Global Configuration mode Interface Configuration and Specific Configuration Modes Starting the CLI Negating the Effect of Commands Nomenclature CLI Command Conventions Using CLI Global Configuration mode AAA CommandsAaa authentication login Aaa authentication enable Following example configures the authentication login Login authentication Consoleconfig# aaa authentication enable default enable Consoleconfig-line#login authentication default Enable authenticationLine Configuration mode Consoleconfig-line#enable authentication default Ip http authenticationThere are no user guidelines for this command Ip https authentication Following example configures the Http authentication Show authentication methods Show authentication methodsFollowing example configures Https authentication Privileged Exec mode PasswordThis command has no default configuration Following example displays the authentication configuration Enable password No password is defined Username No enable password is definedConsoleconfig# enable password secret level No user is defined User account can be created without a password AAA Commands Address Table Commands Bridge address Interface Configuration Vlan mode Bridge multicast filtering Folowing example, bridge multicast filtering is enabledConsoleconfig# bridge multicast filtering Bridge multicast filtering No bridge multicast filtering Bridge multicast address No multicast addresses are defined No forbidden addresses are defined Bridge multicast forbidden addressFollowing example registers the MAC address This setting is disabled Command Mode Bridge multicast forward-all This example, all multicast packets on port 1 are forwarded This setting is disabledBridge multicast forbidden forward-all Bridge aging-time seconds No bridge aging-time Default setting is 300 secondsBridge aging-time Seconds Time in seconds. Range 10-630 seconds Clear bridge Clear bridgePort security Following example, the bridge tables are cleared Port security mode lock mac-addresses No port security mode Port security modeInterface Configuration Ethernet, port-channel mode Consoleconfig-if#port security forward trap Mac-address a valid MAC address Consoleconfig-if#port security mode mac-addressesPort security routed secure-address Show bridge address-table No addresses are defined Show bridge address-table static Console# show bridge address-table Console# show bridge address-table static Show bridge address-table countVlan Specifies a valid VLAN, such as Vlan Show bridge multicast address-table Console# show bridge address-table count Console# show bridge multicast address-table Console# show bridge multicast address-table format ip Show bridge multicast filteringShow bridge multicast filtering vlan-id Show ports security Console# show bridge multicast filtering Console# show ports security Show ports security addressesFollowing table describes the fields shown above Console# show ports security addresses Address Table Commands Ip access-list name No ip access-list name ACL CommandsIp access-list Permit ip IP Protocol Abbreviated Name Protocol Number ACL Commands No IPv4 ACL is defined IP-Access List Configuration modeDeny IP Deny-icmp Deny-igmp Deny-tcp deny-udp Mac access-list Following example shows how to create a MAC ACL Mac access-list name No mac access-list nameDefault for all ACLs is deny all Permit MAC No MAC ACL is defined MAC-Access List Configuration modeDeny MAC This command has no default configuration Service-acl input acl-name No service-acl input Service-aclShow access-lists Show access-lists name Console# show access-lists Show interfaces access-listsFollowing example displays access lists defined on a device Name The name of the ACL Console# show interfaces access-lists Clock Commands Clock set Sntp Sntp servers Clock sourceClock timezone No external clock source Clock set to UTC Clock summer-timeNo clock timezone No clock summer-time recurring Sntp authentication-key No authentication key is defined Sntp authenticate Sntp authenticate no sntp authenticate Sntp trusted-key Sntp client poll timerFollowing example authenticates key Sntp trusted-key key-number No sntp trusted-key key-number Sntp broadcast client is disabled Sntp broadcast client enableSntp client poll timer seconds No sntp client poll timer Seconds Polling interval in seconds. Range Sntp anycast client enable No sntp anycast client enable Sntp anycast client enableFollowing example enables the Sntp broadcast clients Sntp anycast client is disabled Sntp client is disabled on an interface Sntp client enable InterfaceFollowing example enables Sntp anycast clients Interface Configuration Ethernet, port-channel, Vlan mode Sntp unicast client is disabled Sntp unicast client enableSntp unicast client enable No sntp unicast client enable Sntp unicast client poll Sntp server Polling is disabledConsoleconfig# sntp unicast client poll No sntp server host Show clock detail Detail Shows timezone and summertime configurationShow clock Console# show clock Show sntp configurationShow sntp configuration Show sntp status Console# show sntp configurationShow sntp status Following example shows the status of the Sntp Console# show sntp status Configuration and Image File Commands Copy Copying a Boot File from a Server to Flash Memory Copying an Image File from a Server to Flash Memory Delete url Storing the Running or Startup Configuration on a ServerDelete Sys, *.prv, image-1 and image-2 files cannot be deleted Boot systemBoot system image-1 image-2 Console# boot system image-1 Show running-configShow running-config Console# show running-config Show startup-configShow startup-config Console# show startup-config Show backup-configShow backup-config Console# show backup-config Show bootvarShow bootvar Console# show bootvar Configuration and Image File Commands Interface range ethernet Ethernet Configuration CommandsInterface ethernet Interface ethernet interface Shutdown No shutdown ShutdownInterface range ethernet port-listall Description Description string No description Speed 10 100 No speed SpeedFollowing example adds a description to Ethernet port Maximum port capability Duplex half full No duplex Interface Configuration Ethernet modeDuplex Interface is set to full duplex No negotiation Consoleconfig# interface ethernet ext.1Negotiation Flowcontrol Flowcontrol auto on off No flowcontrol Mdix Default setting is onFollowing example, automatic crossover is enabled on port Mdix on auto No mdix Back-pressure No back-pressure Back-pressurePort jumbo-frame Port jumbo-frame No port jumbo-frame Following example, jumbo frames are enabled on the device Jumbo frames are disabled on the deviceGlobal Configuration Clear counters Following example reactivates interface Set interface activeFollowing example, the counters for interface 1 are cleared Console# clear counters ethernet ext.2 Console# show interfaces advertise Show interfaces advertiseFollowing example displays auto-negotiation information Show interfaces configuration Console# show interfaces configuration Show interfaces status Show interfaces description Console# show interfaces description Show interfaces countersInterface a valid Ethernet port. Full syntax unit/port Console# show interfaces counters Console# show interfaces counters ethernet ext.1 Following example displays counters for Ethernet portFollowing table describes the fields shown in the display Show ports jumbo-frame This command is relevant to Giga devices onlyShow ports jumbo-frame Console# show port jumbo-frame Port storm-control include-multicast IC Following example enables counting multicast packetsPort storm-control include-multicast GC Multicast packets are not counted Port storm-control broadcast enable Broadcast storm control is disabled Default storm control broadcast rate is 3500 Kbits/Sec Port storm-control broadcast rate Show ports storm-control interface Following example displays the storm control configurationShow ports storm-control Console# show ports storm-control Disabled 3500 Broadcast Gvrp enable Interface Gvrp CommandsGvrp enable Global Gvrp enable No gvrp enable Following example enables Gvrp on Ethernet port Garp timerGvrp is disabled on all interfaces Garp timer join leave leaveall timervalue No garp timer Gvrp vlan-creation-forbid No gvrp vlan-creation-forbid Consoleconfig# interface ethernet ext.6Gvrp vlan-creation-forbid Gvrp registration-forbid No gvrp registration-forbid Dynamic Vlan creation or modification is enabledGvrp registration-forbid Dynamic registration of VLANs on the port is allowed Clear gvrp statistics Console# clear gvrp statistics ethernet ext.1 Following example displays Gvrp configuration information Show gvrp configurationPrivieged Exec mode Console# show gvrp configuration Console# show gvrp statistics Show gvrp statisticsFollowing example shows Gvrp statistical information Following example displays Gvrp statistical information Show gvrp error-statisticsConsole# show gvrp error-statistics Ip igmp snooping Interface Igmp Snooping CommandsIp igmp snooping Global Ip igmp snooping No ip igmp snooping Ip igmp snooping mrouter learn-pim-dvmrp Following example enables Igmp snooping on VlanAutomatic learning of multicast device ports is enabled Consoleconfig-if#ip igmp snooping mrouter learn-pim-dvmrp Time-out- Specifies the host timeout in seconds. RangeDefault host-time-out is 260 seconds Ip igmp snooping host-time-out Ip igmp snooping mrouter-time-out Default value is 300 secondsConsoleconfig-if#ip igmp snooping host-time-out Ip igmp snooping leave-time-out Default leave-time-out configuration is 10 secondsConsoleconfig-if#ip igmp snooping mrouter-time-out Show ip igmp snooping mrouter interface vlan-id Consoleconfig-if#ip igmp snooping leave-time-outShow ip igmp snooping mrouter Vlan-id Specifies the Vlan number Show ip igmp snooping interface Show ip igmp snooping interface vlan-id Show ip igmp snooping groups Console# show ip igmp snooping interface Console# show ip igmp snooping groups Igmp Snooping Commands Ip address IP Address CommandsInterface Configuration Ethernet, VLAN, port-channel mode Ip address ip-address mask prefix-length Ip address dhcp Ip address dhcp hostname host-name No ip address dhcp No default gateway is defined Ip default-gatewayIp default-gateway ip-address No ip default-gateway Show ip interface This command is only operational in Switch modeFollowing example defines default gateway Arp Console# show ip interface Default timeout is 60000 seconds Arp timeoutArp timeout seconds No arp timeout Clear arp-cache Clear arp-cacheShow arp Console# clear arp-cache Following example displays entries in the ARP table Ip domain-lookupShow arp Ip domain-lookup No ip domain-lookup Ip domain-name name No ip domain-name Default domain name is not definedIp domain-name No name server addresses are specified Ip name-serverServer-address- Specifies IP addresses of the name server Following example sets the available name server No ip host name Ip hostClear host No host is defined Console# clear host Clear host dhcpClear host dhcp name Name Specifies the host name. Range 1-158 characters Show hostsShow hosts name Console# clear host dhcp Following example displays host information Console# show hosts Lacp port-priority Lacp CommandsLacp system-priority Lacp system-priority value No lacp system-priority Lacp port-priority value No lacp port-priority Lacp timeoutLacp timeout long short no lacp timeout Show lacp ethernet Short Specifies the short timeout valueDefault port timeout value is long Following example display Lacp information for Ethernet port Console# show lacp ethernet ext.1 Show lacp port-channel Console# show lacp port-channel Show lacp port-channel portchannelnumberPortchannelnumber Valid port-channel number Line Line CommandsThis command has no user guidelines Show line Exec mode Show line telnet ssh Line Commands Line Commands Management access-list name No management access-list name Management ACL CommandsManagement access-list Name Access list name. Range 1-32 characters Consoleconfig# management access-list mlist Consoleconfig# management access-class mlist If no permit rule is defined, the default is set to deny Management Access-list Configuration mode Deny Management Management access-class Show management access-list name Following example displays the mlist management access list Show management access-class Console# show management access-class Management ACL Commands Test copper-port tdr interface PHY Diagnostics CommandsTest copper-port tdr Console# test copper-port tdr ext.3 Show copper-ports tdr interface User Exec modeShow copper-ports tdr Maximum length of the cable for the TDR test is 120 meters Show copper-ports cable-length interface Port must be active and working in 100M or 1000M modeShow copper-ports cable-length Console show copper-ports cable-length PHY Diagnostics Commands Interface port-channel Port Channel CommandsConsoleconfig# interface port-channel Interface port-channel port-channel-number Channel-group Consoleconfig# interface range port-channel 1-2,6Interface range port-channel Interface range port-channel port-channel-rangeall Show interfaces port-channel port-channel-number Show interfaces port-channelPort is not assigned to a port-channel Following example displays information on all port-channels Console# show interfaces port-channel Port Monitor Commands Monitors both received and transmitted packets Port monitor vlan-tagging No port monitor vlan-tagging Console config-if#port monitor vlan-taggingPort monitor vlan-tagging Ingress mirrored packets are transmitted untagged Console show ports monitor Show ports monitorShow ports monitor Port Monitor Commands QoS basic mode is enabled QoS CommandsQos basic advanced service No qos Following example enables QoS on the device Show qos aggregate-policer Trust mode is displayed if QoS is enabled in basic modeShow qos Show qos Console# show qos aggregate-policer policer1 Show qos interfaceThere are no user guidelines There is no default configuration for this command Console# show qos interface ethernet 1 buffers Show qos map dscp-queue Show qos map User Exec mode command displays all QoS mapsShow qos map Dscp-queue- Indicates the Dscp to queue map Class-map class-map-namematch-all match-any Class-mapFollowing example displays the Dscp port-queue map Console show qos map Show class-map class-map-name By default, the match-allparameter is selectedShow class-map Following example shows the class map for class1 Match access-group acl-name No match access-group acl-nameMatch Acl-name- Specifies the name of an IP or MAC ACL Policy-map-name- Specifies the name of the policy map Class-map Configuration modePolicy-map Class No policy map is defined Show policy-map Policy-map Configuration modeShow policy-mapUser Exec command displays the policy maps Following example displays all policy maps Policy-map Class Configuration modeTrust cos-dscp Trust cos-dscp No trust cos-dscp Set No set Police No police Service-policy Service-policy input policy-map-name No service-policy input No aggregate policer is define Qos aggregate-policerNo qos aggregate-policer Exceed-action drop Police aggregate Console show qos aggregate-policer policer1 Wrr-queue cos-map No wrr-queue cos-map queue-id No wrr-queue bandwidth Wrr-queue bandwidthFollowing example maps CoS 7 to queue Priority-queue out num-of-queues Priority-queue out num-of-queues number-of-queues No priority-queue out num-of-queues Consoleconfig# priority-queue out num-of-queuesTraffic-shape All queues are expedite queues No shape is defined Ethernet Notify Q depth Qid Size 125 Qos wrr-queue threshold No qos wrr-queue threshold tengigabitethernet queue-id Console config# qos wrr-queue threshold gigabitethernet 1Qos map policed-dscp Percent for all thresholds Dscp values 3,11,19… cannot be remapped to other values Consoleconfig# qos map policed-dscp 3 toQos map dscp-queue Following example maps Dscp values 33, 40 and 41 to queue Following table describes the default mapQos trust Global Qos trust cos dscp no qos trust Qos trust No qos trust CoS is the default trust modeQos trust Interface No qos cos Default CoS value of a port isQos cos Qos dscp-mutation No qos dscp-mutation Following example configures port 15 default CoS value toQos dscp-mutation Qos map dscp-mutation QoS Commands QoS Commands Console# show rmon statistics ethernet ext.1 Rmon CommandsShow rmon statistics Rmon Commands Rmon collection history Cannot be configured for a range of interfaces Range context Show rmon collection history Show rmon history Console# show rmon collection history Console# show rmon history 1 errors Console# show rmon history 1 throughput Console# show rmon history 1 other Rmon alarm No rmon alarm index Type is absolute Startup direction is rising-falling Following example displays the alarms table Show rmon alarm-tableShow rmon alarm-table Console# show rmon alarm-table Number Specifies the alarm index. Range Show rmon alarmShow rmon alarm number Following example displays Rmon 1 alarms Rmon event Last Sample Value Show rmon events Show rmon events Show rmon log event Show rmon logFollowing example displays the Rmon event table Event Specifies the event index. Range Following example displays the Rmon log table Console# show rmon log History table size is Log table size is Consoleconfig# rmon table-size historyRmon table-size No radius-server host ip-addresshostname Radius CommandsRadius-server host No Radius server host is specified Radius-server key Radius-server key key-string No radius-server key Software searches the list of Radius server hosts 3 times Radius-server retransmitKey-string is an empty string Source Specifies a valid source IP address Consoleconfig# radius-server retransmitRadius-server source-ip Consoleconfig# radius-server timeout Radius-server timeoutTimeout value is 3 seconds Radius-server deadtime Deadtime setting isConsoleconfig# radius-server deadtime Show radius-servers Console# show radius-servers Following example displays Radius server settingsShow radius-servers Radius Commands Ip http port Web Server CommandsIp http server Ip http server No ip http server Ip http exec-timout minutes seconds no ip http exec-timout Ip http exec-timeoutNo ip http port Ip https server Default timout is 10 minutesDisabled Ip https server No ip https server Ip https port Ip https exec-timeoutFollowing example configures the https port number to Ip https port port-number No ip https port Crypto certificate generate No ip https exec-timout Following example regenerates an Https certificate Consoleconfig# crypto certificate 1 generate key-generateCrypto certificate request There is no default configuration for this command Number Specifies the certificate number. Range Crypto certificate importCrypto certificate number import Console# crypto certificate 1 request Ip https certificate number No ip https certificate Consoleconfig# crypto certificate 1 importIp https certificate Certificate number Consoleconfig# ip https certificateShow crypto certificate mycertificate Show crypto certificate mycertificate number Show ip http Show ip httpFollowing example displays the certificate Console# show crypto certificate mycertificate Show ip https Following example displays the Http server configurationShow ip https Console# show ip http Web Server Commands Web Server Commands No communities are defined Snmp CommandsSnmp-server community Snmp-server view Snmp-server group No view entry exists No snmp-server group groupname v1 v2 v3 noauth auth priv No group entry exists Snmp-server user No snmp-server user username remote engineid-string Snmp-server engineID local Parameters Snmp traps are enabled Snmp-server enable trapsSnmp-server enable traps No snmp-server enable traps Following example enables Snmp traps Snmp-server filter No filter entry exists Snmp-server host Snmp-server v3-host Snmp-server trap authentication Snmp-server trap authenticationFollowing example configures an SNMPv3 host Following example enables Snmp failed authentication traps No snmp-server trap authenticationSnmp failed authentication traps are enabled Snmp-server contact Snmp-server location text No snmp-server location Snmp-server locationIntelTechnicalSupport Snmp-server set Following example defines the device location as NewYork Following example displays the Snmp communications status Show snmpShow snmp Show snmp engineid Show snmp engineID Show snmp views viewname Show snmp viewsFollowing example displays the Snmp engine ID Viewname Specifies the name of the view. Range Show snmp groups groupname Following example displays the configuration of viewsShow snmp groups Groupname-Specifies the name of the group. Range Show snmp filters filtername Show snmp filtersFollowing table describes significant fields shown above Filtername-Specifies the name of the filter. Range Show snmp users username Following example displays the configuration of filtersShow snmp users Username-Specifies the name of the user. Range Console# show snmp users Spanning-tree mode stp rstpmstp Spanning-Tree CommandsSpanning-tree mode Spanning-tree Consoleconfig# spanning-tree mode rstp No spanning-tree modeSTP is enabled Spanning-tree forward-time Consoleconfig# spanning-tree forward-time Seconds Time in seconds. Range Spanning-tree max-age seconds No spanning-tree max-age Consoleconfig# spanning-tree hello-timeSpanning-tree max-age Forward-Time 1 = Max-Age Max-Age = 2*Hello-Time + Following example configures spanning tree priority toSpanning-tree priority Spanning-tree priority priority No spanning-tree priority Spanning-tree cost Spanning-tree disableSpanning-tree disable No spanning-tree disable Spanning-tree cost cost No spanning-tree cost Spanning-tree port-priority Cost Path cost of the port Range 1-200,000,000 Consoleconfig-if#spanning-tree port-priority Default port priority for Ieee Spanning TreeProtocol STP isPortFast mode is disabled Spanning-tree portfast Spanning-tree link-type Following example enables PortFast on Ethernet portConsoleconfig-if#spanning-tree portfast Short path cost method Consoleconfig-if#spanning-tree link-type sharedSpanning-tree pathcost method Spanning-tree bpdu Following example sets the default path cost method to longDefault setting is flooding Spanning-tree bpdu filtering flooding No spanning-tree bpdu Spanning-tree mst instance-idpriority priority Clear spanning-tree detected-protocolsSpanning-tree mst priority No spanning-tree mst instance-idpriority Console config # spanning-tree mst 1 prioritySpanning-tree mst max-hops Spanning-tree mst port-priority Default number of hops isConsole config # spanning-tree mst max-hops Consoleconfig-if#spanning-tree mst 1 port-priority Spanning-tree mst cost Following example configures an MST region Spanning-tree mst configurationSpanning-tree mst configuration Consoleconfig# spanning-tree mst configuration Instance instance-idadd remove vlan vlan-range MST Configuration modeInstance mst Following example maps VLANs 10-20 to MST instance Name mst Default name is a radlanguestFollowing example defines the configuration name as region1 Revision mst Following example sets the configuration revision to Value Configuration revision number RangeDefault configuration revision number is Show mst Exit mst Exit Abort Abort mstSpanning-tree guard root Spanning-tree guard root No spanning-tree guard root Root guard is disabledShow spanning-tree Interface -number- a valid Ethernet port Following example displays spanning-tree information Console# show spanning-tree FWD Console# show spanning-tree active Console# show spanning-tree blockedports Console# show spanning-tree detail Port 3 disabled State N/A Role N/A Port id Console# show spanning-tree mst-configuration Console# show spanning-tree ethernet ext.1 Rstp Times hold 1, topology change 35, notification Designated port id Designated path cost Port Enabled State Forwarding Role Boundary Port id This switch is root for CST and IST master Hello Time 2 sec Max Age 20 sec Spanning-Tree Commands Ip ssh server SSH CommandsIp ssh port Ip ssh port port-number No ip ssh port DSA key pairs do not exist Device configuration from a SSH server is disabledCrypto key generate dsa Following example generates DSA key pairs Consoleconfig# crypto key generate dsaCrypto key generate rsa Crypto key generate rsa Following example generates RSA key pairs AAA authentication is independentIp ssh pubkey-auth Ip ssh pubkey-auth No ip ssh pubkey-auth Crypto key pubkey-chain ssh No keys are specified User-key SSH Public Key-string Configuration modeConsoleconfig# crypt\o key pubkey-chain ssh No SSH public keys exist Key-string Show ip ssh Consoleconfig# crypto key pubkey-chain sshShow ip ssh Show crypto key mypubkey rsa dsa Following example displays the SSH server configurationShow crypto key mypubkey Rsa Indicates the RSA key Dsa Indicates the DSA key Show crypto key pubkey-chain ssh Console# show crypto key mypubkey rsa Console# show crypto key pubkey-chain ssh Console# show crypto key pubkey-chain ssh username bob SSH Commands Following example enables logging error messages Syslog CommandsLogging is enabled Logging on Logging Logging buffered Default severity level is informationalConsoleconfig# logging buffered debugging Logging buffered level No logging buffered Consoleconfig# logging buffered size Default number of messages isThis command takes effect only after Reset Logging buffered size Clear logging Default severity level is errorsLogging file Logging file level No logging file Clear logging file Consoleconfig# logging file alertsClear logging file Following example clears messages from the logging file File-system logging Aaa logging login no aaa logging loginAaa logging File-system logging copy Management logging Logging file system events is enabledConsoleconfig# file-system logging copy Management logging deny No management logging deny Show logging Logging management ACL events is enabledConsoleconfig# management logging deny Show logging Console# show logging AAA Console# show logging file Show logging fileShow logging file Show syslog-servers Show syslog-servers Console# show syslog-servers Syslog Commands System Management Commands Ping Traceroute Following example displays pinging results Syntax Probe timed out Default port is the Telnet port decimal23 on the host Telnet Special Telnet Sequences Keywords Table Ports Table Reload Following command switches to open Telnet session numberResume Connection The connection number. Range 1-4 connections Following example reloads the operating system HostnameReload Hostname name No hostname Show users Show usersFollowing example specifies the device host name Console show users Following example lists open Telnet sessions Show sessionsShow sessions Console show sessions Console# show system Show systemShow system Show system id unit unit Privilaged Exec modeShow system id Unit unit Unit number Console show system id Show system flowcontrolShow system flowcontrol Priviledged Exec mode Show system modeShow system mode Following example displays information on features control Show version Service cpu-utilizationService cpu-utilization No service cpu-utilization Console show version Show cpu utilization This example enables measuring CPU utilizationConsoleconfig# service cpu-utilization Show cpu utilization Console# show cpu utilization No tacacs-server host ip-addresshostname TACACS+ CommandsTacacs-server host Tacacs-server key key-string No tacacs-server key Tacacs-server keyFollowing example specifies a TACACS+ host Empty string Following example sets the timeout value to Tacacs-server timeoutFollowing example sets the authentication encryption key Consoleconfig# tacacs-server timeout Source Specifies the source IP address Tacacs-server source-ipShow tacacs Following example specifies the source IP address Ip-address Name or IP address of the TACACS+ server Console# show tacacs TACACS+ Commands Disable User Interface CommandsEnable Login User Exec mode command changes a login username LoginFollowing example return to Users Exec mode Login Following example enters Global Configuration mode ConfigureConfigure Exit Exit ConfigurationAll configuration modes Following example closes an active terminal session EndPrivileged and User Exec modes End Terminal datadump All command modesHelp Help Terminal datadump No terminal datadump Dumping is disabledShow history Show history Console# show version Show privilegeShow privilege Console# show history Command The command to be executed Console# show privilege Console Config# do show vlan Vlan database Vlan CommandsFollowing example enters the Vlan database mode Vlan Following example Vlan number 1972 is created Vlan Configuration modeInterface vlan Interface vlan vlan-id All All existing static VLANs Interface range vlanInterface range vlan vlan-rangeall No name is defined NameNo name Following example gives Vlan number 19 the name Marketing Consoleconfig-if#switchport protected ethernet ext.1 Switchport protectedSwitchport protected is disabled Switchport mode access trunk general No switchport mode Switchport modeSwitchport access vlan All ports belong to Vlan Switchport trunk allowed vlanSwitchport trunk allowed vlan add vlan-listremove vlan-list Switchport trunk native vlan Vlan-id- Specifies the ID of the native Vlan Switchport general allowed vlan VID=1 Switchport general pvid Vlan-id- Specifies the Pvid Port Vlan ID Switchport general ingress-filtering disable Ingress filtering is enabled Switchport forbidden vlan add vlan-listremove vlan-list Switchport general acceptable-frame-type tagged-onlySwitchport forbidden vlan All frame types are accepted at ingress Ip internal-usage-vlan vlan-id No ip internal-usage-vlan Ip internal-usage-vlanAll VLANs are allowed Vlan-id- Specifies the ID of the internal usage Vlan Show vlan id vlan-idname vlan-name Consoleconfig-if#ip internal-usage-vlanShow vlan Vlan-id- specifies a Vlan ID Show vlan internal usage Show vlan internal usageFollowing example displays all Vlan information Show interfaces switchport Console# show vlan internal usage Console# show interface switchport ethernet ext.1 VLAN011 Pvid Map protocol protocols-group Map protocol protocol encapsulation protocols-group group Following protocol names are reserved Switchport general map protocols-group vlanVlan Database mode Following example maps protocol ip-arp to the group named Map mac macs-group Switchport general map macs-group vlan Console config-if#switchport general map macs-group 1 vlan Switchport general map subnets-group vlan Map subnet subnets-group Show vlan protocols-groups Show vlan macs-groups Console# show vlan protocols-groups Show vlan subnets-groups Following example shows subnets-groups information Vlan Commands No authentication method is defined 29 802.1x CommandsAaa authentication dot1x Method1 method2... At least one from the following table Dot1x system-auth-control 802.1x is disabled globallyFollowing example enables 802.1x globally Dot1x port-control Port is in the force-authorized state Interface Configuration EthernetConsoleconfig-if#dot1x port-control auto Dot1x re-authentication No dot1x re-authentication Dot1x re-authenticationDot1x timeout re-authperiod Periodic re-authentication is disabled Dot1x re-authenticate ethernet interface Dot1x re-authenticateRe-authentication period is 3600 seconds Consoleconfig-if#dot1x timeout re-authperiod Quiet period is 60 seconds Dot1x timeout quiet-periodConsole# dot1x re-authenticate ethernet ext.16 Timeout period is 30 seconds Dot1x timeout tx-periodDot1x timeout tx-period seconds No dot1x timeout tx-period Consoleconfig-if#dot1x timeout quiet-period Dot1x max-req count No dot1x max-req Default number of times isDot1x max-req Dot1x timeout supp-timeout Default timeout period is 30 seconds Consoleconfig-if#dot1x timeout server-timeout Dot1x timeout server-timeoutConsoleconfig-if# dot1x timeout supp-timeout Console# show dot1x Show dot1xShow dot1x ethernet interface Console# show dot1x ethernet ext.3 Username Supplicant username Range 1-160 characters Show dot1x usersShow dot1x users username username Console# show dot1x users username Bob Following example displays 802.1x usersConsole# show dot1x users Console# show dot1x statistics ethernet ext.1 Show dot1x statisticsShow dot1x statistics ethernet interface Dot1x auth-not-req Dot1x auth-not-req No dot1x auth-not-req Consoleconfig-if# dot1x auth-not-req Access is enabledMultiple hosts are disabled Dot1x multiple-hosts Dot1x single-host-violation No traps are sent Consoleconfig-if#dot1x single-host-violation forward trapDot1x guest-vlan Dot1x guest-vlan No dot1x guest-vlan Dot1x guest-vlan enable Following example defines Vlan 2 as a guest Vlan Show dot1x advanced ethernet interface Consoleconfig-if#dot1x guest-vlan enableShow dot1x advanced Console# show dot1x advanced Console# show dot1x advanced ethernet ext.1 Finland Appendix a Getting HelpWorld Wide Web Telephone Holland Myanmar AustraliaCambodia New Zealand 0800 444 Uruguay EcuadorPanama

Intel SBCEGBESW1 Aaa authentication enable, Following example configures the authentication login

Models: SBCEGBESW10 CLI SBCEGBESW1

User Guidelines

Example

The following example configures the authentication login.