TACACS+ Commands, Tacacs-server host

TACACS+ Commands

26TACACS+ Commands

tacacs-server host

The tacacs-server host Global Configuration mode command specifies a TACACS+ host. To delete the specified name or address, use the no form of this command.

Syntax

tacacs-server host {ip-address hostname} [single-connection] [port port-number] [timeout timeout] [key key-string] [source source] [priority priority]

no tacacs-server host {ip-addresshostname}

Parameters

•ip-address— IP address of the TACACS+ server.

•hostname — Host name of the TACACS+ server. (Range: 1-158 characters)

•single-connection— Indicates a single-connection. Rather than have the device open and close a TCP connection to the daemon each time it must communicate, the single- connection option maintains a single open connection between the device and the daemon.

•port-number — Specifies a server port number. (Range: 0-65535)

•timeout — Specifies the timeout value in seconds. (Range: 1-30)

•key-string — Specifies the authentication and encryption key for all TACACS+ communications between the device and the TACACS+ server. This key must match the encryption used on the TACACS+ daemon. To specify an empty string, enter "". (Range: 0-128 characters)

•source — Specifies the source IP address to use for the communication. 0.0.0.0 indicates a request to use the IP address of the outgoing IP interface.

•priority — Determines the order in which the TACACS+ servers are used, where 0 is the highest priority. (Range: 0-65535)

Default Configuration

No TACACS+ host is specified.

If no port number is specified, default port number 49 is used.

If no host-specific timeout, key-string or source value is specified, the global value is used.

Intel® Blade Server Ethernet Switch Modules SBCEGBESW1 and SBCEGBESW10 CLI Guide

339

Page 355

Image 355

Intel SBCEGBESW10 CLI manual TACACS+ Commands, Tacacs-server host, No tacacs-server host ip-addresshostname

Contents

Guide for System Administrators of Intel Server Products Disclaimer Instrucciones de seguridad importantes Important Safety InstructionsWichtige Sicherheitshinweise Consignes de sécuritéPage Manual Organization About this ManualPage Contents ACL Commands Gvrp Commands Line Commands 141 QoS Commands Radius Commands 215 Spanning-Tree Commands System Management Commands 321 Vlan Commands Appendix a Getting Help 405 Overview Using CLI Command in the Global Configuration mode Privileged Exec Mode Interface Configuration and Specific Configuration Modes Starting the CLI Negating the Effect of Commands Nomenclature CLI Command Conventions Using CLI Aaa authentication login AAA CommandsGlobal Configuration mode Following example configures the authentication login Aaa authentication enable Consoleconfig# aaa authentication enable default enable Login authentication Line Configuration mode Enable authenticationConsoleconfig-line#login authentication default There are no user guidelines for this command Ip http authenticationConsoleconfig-line#enable authentication default Following example configures the Http authentication Ip https authentication Following example configures Https authentication Show authentication methodsShow authentication methods Following example displays the authentication configuration PasswordThis command has no default configuration Privileged Exec mode No password is defined Enable password No user is defined No enable password is definedConsoleconfig# enable password secret level Username User account can be created without a password AAA Commands Interface Configuration Vlan mode Address Table Commands Bridge address Bridge multicast filtering No bridge multicast filtering Folowing example, bridge multicast filtering is enabledConsoleconfig# bridge multicast filtering Bridge multicast filtering No multicast addresses are defined Bridge multicast address Following example registers the MAC address Bridge multicast forbidden addressNo forbidden addresses are defined Bridge multicast forward-all This setting is disabled Command Mode Bridge multicast forbidden forward-all This setting is disabledThis example, all multicast packets on port 1 are forwarded Seconds Time in seconds. Range 10-630 seconds Default setting is 300 secondsBridge aging-time Bridge aging-time seconds No bridge aging-time Following example, the bridge tables are cleared Clear bridgePort security Clear bridge Consoleconfig-if#port security forward trap Port security modeInterface Configuration Ethernet, port-channel mode Port security mode lock mac-addresses No port security mode Port security routed secure-address Consoleconfig-if#port security mode mac-addressesMac-address a valid MAC address No addresses are defined Show bridge address-table Console# show bridge address-table Show bridge address-table static Vlan Specifies a valid VLAN, such as Vlan Show bridge address-table countConsole# show bridge address-table static Console# show bridge address-table count Show bridge multicast address-table Console# show bridge multicast address-table Show bridge multicast filtering vlan-id Show bridge multicast filteringConsole# show bridge multicast address-table format ip Console# show bridge multicast filtering Show ports security Following table describes the fields shown above Show ports security addressesConsole# show ports security Console# show ports security addresses Address Table Commands Ip access-list ACL CommandsIp access-list name No ip access-list name IP Protocol Abbreviated Name Protocol Number Permit ip ACL Commands Deny-icmp Deny-igmp IP-Access List Configuration modeDeny IP No IPv4 ACL is defined Deny-tcp deny-udp Mac access-list Permit MAC Mac access-list name No mac access-list nameDefault for all ACLs is deny all Following example shows how to create a MAC ACL Deny MAC MAC-Access List Configuration modeNo MAC ACL is defined This command has no default configuration Show access-lists name Service-aclShow access-lists Service-acl input acl-name No service-acl input Name The name of the ACL Show interfaces access-listsFollowing example displays access lists defined on a device Console# show access-lists Console# show interfaces access-lists Clock set Clock Commands No external clock source Clock sourceClock timezone Sntp Sntp servers No clock timezone Clock summer-timeClock set to UTC No clock summer-time recurring No authentication key is defined Sntp authentication-key Sntp authenticate no sntp authenticate Sntp authenticate Sntp trusted-key key-number No sntp trusted-key key-number Sntp client poll timerFollowing example authenticates key Sntp trusted-key Seconds Polling interval in seconds. Range Sntp broadcast client enableSntp client poll timer seconds No sntp client poll timer Sntp broadcast client is disabled Sntp anycast client is disabled Sntp anycast client enableFollowing example enables the Sntp broadcast clients Sntp anycast client enable No sntp anycast client enable Interface Configuration Ethernet, port-channel, Vlan mode Sntp client enable InterfaceFollowing example enables Sntp anycast clients Sntp client is disabled on an interface Sntp unicast client poll Sntp unicast client enableSntp unicast client enable No sntp unicast client enable Sntp unicast client is disabled No sntp server host Polling is disabledConsoleconfig# sntp unicast client poll Sntp server Show clock Detail Shows timezone and summertime configurationShow clock detail Show sntp configuration Show sntp configurationConsole# show clock Show sntp status Console# show sntp configurationShow sntp status Console# show sntp status Following example shows the status of the Sntp Copy Configuration and Image File Commands Copying an Image File from a Server to Flash Memory Copying a Boot File from a Server to Flash Memory Delete Storing the Running or Startup Configuration on a ServerDelete url Boot system image-1 image-2 Boot systemSys, *.prv, image-1 and image-2 files cannot be deleted Show running-config Show running-configConsole# boot system image-1 Show startup-config Show startup-configConsole# show running-config Show backup-config Show backup-configConsole# show startup-config Show bootvar Show bootvarConsole# show backup-config Console# show bootvar Configuration and Image File Commands Interface ethernet interface Ethernet Configuration CommandsInterface ethernet Interface range ethernet Interface range ethernet port-listall ShutdownShutdown No shutdown Description string No description Description Maximum port capability SpeedFollowing example adds a description to Ethernet port Speed 10 100 No speed Interface is set to full duplex Interface Configuration Ethernet modeDuplex Duplex half full No duplex Negotiation Consoleconfig# interface ethernet ext.1No negotiation Flowcontrol auto on off No flowcontrol Flowcontrol Mdix on auto No mdix Default setting is onFollowing example, automatic crossover is enabled on port Mdix Port jumbo-frame No port jumbo-frame Back-pressurePort jumbo-frame Back-pressure No back-pressure Clear counters Jumbo frames are disabled on the deviceGlobal Configuration Following example, jumbo frames are enabled on the device Console# clear counters ethernet ext.2 Set interface activeFollowing example, the counters for interface 1 are cleared Following example reactivates interface Following example displays auto-negotiation information Show interfaces advertiseConsole# show interfaces advertise Console# show interfaces configuration Show interfaces configuration Show interfaces status Show interfaces description Interface a valid Ethernet port. Full syntax unit/port Show interfaces countersConsole# show interfaces description Console# show interfaces counters Following table describes the fields shown in the display Following example displays counters for Ethernet portConsole# show interfaces counters ethernet ext.1 Console# show port jumbo-frame This command is relevant to Giga devices onlyShow ports jumbo-frame Show ports jumbo-frame Multicast packets are not counted Following example enables counting multicast packetsPort storm-control include-multicast GC Port storm-control include-multicast IC Broadcast storm control is disabled Port storm-control broadcast enable Port storm-control broadcast rate Default storm control broadcast rate is 3500 Kbits/Sec Console# show ports storm-control Following example displays the storm control configurationShow ports storm-control Show ports storm-control interface Disabled 3500 Broadcast Gvrp enable No gvrp enable Gvrp CommandsGvrp enable Global Gvrp enable Interface Garp timer join leave leaveall timervalue No garp timer Garp timerGvrp is disabled on all interfaces Following example enables Gvrp on Ethernet port Gvrp vlan-creation-forbid Consoleconfig# interface ethernet ext.6Gvrp vlan-creation-forbid No gvrp vlan-creation-forbid Dynamic registration of VLANs on the port is allowed Dynamic Vlan creation or modification is enabledGvrp registration-forbid Gvrp registration-forbid No gvrp registration-forbid Console# clear gvrp statistics ethernet ext.1 Clear gvrp statistics Console# show gvrp configuration Show gvrp configurationPrivieged Exec mode Following example displays Gvrp configuration information Following example shows Gvrp statistical information Show gvrp statisticsConsole# show gvrp statistics Console# show gvrp error-statistics Show gvrp error-statisticsFollowing example displays Gvrp statistical information Ip igmp snooping No ip igmp snooping Igmp Snooping CommandsIp igmp snooping Global Ip igmp snooping Interface Automatic learning of multicast device ports is enabled Following example enables Igmp snooping on VlanIp igmp snooping mrouter learn-pim-dvmrp Ip igmp snooping host-time-out Time-out- Specifies the host timeout in seconds. RangeDefault host-time-out is 260 seconds Consoleconfig-if#ip igmp snooping mrouter learn-pim-dvmrp Consoleconfig-if#ip igmp snooping host-time-out Default value is 300 secondsIp igmp snooping mrouter-time-out Consoleconfig-if#ip igmp snooping mrouter-time-out Default leave-time-out configuration is 10 secondsIp igmp snooping leave-time-out Vlan-id Specifies the Vlan number Consoleconfig-if#ip igmp snooping leave-time-outShow ip igmp snooping mrouter Show ip igmp snooping mrouter interface vlan-id Show ip igmp snooping interface vlan-id Show ip igmp snooping interface Console# show ip igmp snooping interface Show ip igmp snooping groups Console# show ip igmp snooping groups Igmp Snooping Commands Ip address ip-address mask prefix-length IP Address CommandsInterface Configuration Ethernet, VLAN, port-channel mode Ip address Ip address dhcp hostname host-name No ip address dhcp Ip address dhcp Ip default-gateway ip-address No ip default-gateway Ip default-gatewayNo default gateway is defined Following example defines default gateway This command is only operational in Switch modeShow ip interface Console# show ip interface Arp Arp timeout seconds No arp timeout Arp timeoutDefault timeout is 60000 seconds Console# clear arp-cache Clear arp-cacheShow arp Clear arp-cache Ip domain-lookup No ip domain-lookup Ip domain-lookupShow arp Following example displays entries in the ARP table Ip domain-name Default domain name is not definedIp domain-name name No ip domain-name Following example sets the available name server Ip name-serverServer-address- Specifies IP addresses of the name server No name server addresses are specified No host is defined Ip hostClear host No ip host name Clear host dhcp name Clear host dhcpConsole# clear host Console# clear host dhcp Show hostsShow hosts name Name Specifies the host name. Range 1-158 characters Console# show hosts Following example displays host information Lacp system-priority value No lacp system-priority Lacp CommandsLacp system-priority Lacp port-priority Lacp timeout long short no lacp timeout Lacp timeoutLacp port-priority value No lacp port-priority Default port timeout value is long Short Specifies the short timeout valueShow lacp ethernet Console# show lacp ethernet ext.1 Following example display Lacp information for Ethernet port Show lacp port-channel Portchannelnumber Valid port-channel number Show lacp port-channel portchannelnumberConsole# show lacp port-channel Show line Line CommandsThis command has no user guidelines Line Show line telnet ssh Exec mode Line Commands Line Commands Name Access list name. Range 1-32 characters Management ACL CommandsManagement access-list Management access-list name No management access-list name Consoleconfig# management access-class mlist Consoleconfig# management access-list mlist Management Access-list Configuration mode If no permit rule is defined, the default is set to deny Deny Management Management access-class Following example displays the mlist management access list Show management access-list name Console# show management access-class Show management access-class Management ACL Commands Console# test copper-port tdr ext.3 PHY Diagnostics CommandsTest copper-port tdr Test copper-port tdr interface Maximum length of the cable for the TDR test is 120 meters User Exec modeShow copper-ports tdr Show copper-ports tdr interface Console show copper-ports cable-length Port must be active and working in 100M or 1000M modeShow copper-ports cable-length Show copper-ports cable-length interface PHY Diagnostics Commands Interface port-channel port-channel-number Port Channel CommandsConsoleconfig# interface port-channel Interface port-channel Interface range port-channel port-channel-rangeall Consoleconfig# interface range port-channel 1-2,6Interface range port-channel Channel-group Port is not assigned to a port-channel Show interfaces port-channelShow interfaces port-channel port-channel-number Console# show interfaces port-channel Following example displays information on all port-channels Monitors both received and transmitted packets Port Monitor Commands Ingress mirrored packets are transmitted untagged Console config-if#port monitor vlan-taggingPort monitor vlan-tagging Port monitor vlan-tagging No port monitor vlan-tagging Show ports monitor Show ports monitorConsole show ports monitor Port Monitor Commands Following example enables QoS on the device QoS CommandsQos basic advanced service No qos QoS basic mode is enabled Show qos Trust mode is displayed if QoS is enabled in basic modeShow qos Show qos aggregate-policer There are no user guidelines Show qos interfaceConsole# show qos aggregate-policer policer1 Console# show qos interface ethernet 1 buffers There is no default configuration for this command Dscp-queue- Indicates the Dscp to queue map Show qos map User Exec mode command displays all QoS mapsShow qos map Show qos map dscp-queue Console show qos map Class-mapFollowing example displays the Dscp port-queue map Class-map class-map-namematch-all match-any Show class-map By default, the match-allparameter is selectedShow class-map class-map-name Acl-name- Specifies the name of an IP or MAC ACL Match access-group acl-name No match access-group acl-nameMatch Following example shows the class map for class1 Policy-map Class-map Configuration modePolicy-map-name- Specifies the name of the policy map No policy map is defined Class Show policy-mapUser Exec command displays the policy maps Policy-map Configuration modeShow policy-map Trust cos-dscp No trust cos-dscp Policy-map Class Configuration modeTrust cos-dscp Following example displays all policy maps No set Set No police Police Service-policy input policy-map-name No service-policy input Service-policy No qos aggregate-policer Qos aggregate-policerNo aggregate policer is define Exceed-action drop Console show qos aggregate-policer policer1 Police aggregate No wrr-queue cos-map queue-id Wrr-queue cos-map Following example maps CoS 7 to queue Wrr-queue bandwidthNo wrr-queue bandwidth Priority-queue out num-of-queues number-of-queues Priority-queue out num-of-queues All queues are expedite queues Consoleconfig# priority-queue out num-of-queuesTraffic-shape No priority-queue out num-of-queues No shape is defined Ethernet Notify Q depth Qid Size 125 Qos wrr-queue threshold Percent for all thresholds Console config# qos wrr-queue threshold gigabitethernet 1Qos map policed-dscp No qos wrr-queue threshold tengigabitethernet queue-id Qos map dscp-queue Consoleconfig# qos map policed-dscp 3 toDscp values 3,11,19… cannot be remapped to other values Qos trust cos dscp no qos trust Following table describes the default mapQos trust Global Following example maps Dscp values 33, 40 and 41 to queue Qos trust Interface CoS is the default trust modeQos trust No qos trust Qos cos Default CoS value of a port isNo qos cos Qos dscp-mutation Following example configures port 15 default CoS value toQos dscp-mutation No qos dscp-mutation Qos map dscp-mutation QoS Commands QoS Commands Show rmon statistics Rmon CommandsConsole# show rmon statistics ethernet ext.1 Rmon Commands Rmon collection history Show rmon collection history Cannot be configured for a range of interfaces Range context Console# show rmon collection history Show rmon history Console# show rmon history 1 throughput Console# show rmon history 1 errors Console# show rmon history 1 other No rmon alarm index Rmon alarm Type is absolute Startup direction is rising-falling Console# show rmon alarm-table Show rmon alarm-tableShow rmon alarm-table Following example displays the alarms table Following example displays Rmon 1 alarms Show rmon alarmShow rmon alarm number Number Specifies the alarm index. Range Last Sample Value Rmon event Show rmon events Show rmon events Event Specifies the event index. Range Show rmon logFollowing example displays the Rmon event table Show rmon log event Console# show rmon log Following example displays the Rmon log table Rmon table-size Consoleconfig# rmon table-size historyHistory table size is Log table size is No Radius server host is specified Radius CommandsRadius-server host No radius-server host ip-addresshostname Radius-server key key-string No radius-server key Radius-server key Key-string is an empty string Radius-server retransmitSoftware searches the list of Radius server hosts 3 times Radius-server source-ip Consoleconfig# radius-server retransmitSource Specifies a valid source IP address Timeout value is 3 seconds Radius-server timeoutConsoleconfig# radius-server timeout Show radius-servers Deadtime setting isConsoleconfig# radius-server deadtime Radius-server deadtime Show radius-servers Following example displays Radius server settingsConsole# show radius-servers Radius Commands Ip http server No ip http server Web Server CommandsIp http server Ip http port No ip http port Ip http exec-timeoutIp http exec-timout minutes seconds no ip http exec-timout Ip https server No ip https server Default timout is 10 minutesDisabled Ip https server Ip https port port-number No ip https port Ip https exec-timeoutFollowing example configures the https port number to Ip https port No ip https exec-timout Crypto certificate generate Crypto certificate request Consoleconfig# crypto certificate 1 generate key-generateFollowing example regenerates an Https certificate There is no default configuration for this command Console# crypto certificate 1 request Crypto certificate importCrypto certificate number import Number Specifies the certificate number. Range Ip https certificate Consoleconfig# crypto certificate 1 importIp https certificate number No ip https certificate Show crypto certificate mycertificate number Consoleconfig# ip https certificateShow crypto certificate mycertificate Certificate number Console# show crypto certificate mycertificate Show ip httpFollowing example displays the certificate Show ip http Console# show ip http Following example displays the Http server configurationShow ip https Show ip https Web Server Commands Web Server Commands Snmp-server community Snmp CommandsNo communities are defined Snmp-server view No view entry exists Snmp-server group No group entry exists No snmp-server group groupname v1 v2 v3 noauth auth priv No snmp-server user username remote engineid-string Snmp-server user Snmp-server engineID local Parameters Following example enables Snmp traps Snmp-server enable trapsSnmp-server enable traps No snmp-server enable traps Snmp traps are enabled No filter entry exists Snmp-server filter Snmp-server host Snmp-server v3-host Following example configures an SNMPv3 host Snmp-server trap authenticationSnmp-server trap authentication Snmp-server contact No snmp-server trap authenticationSnmp failed authentication traps are enabled Following example enables Snmp failed authentication traps IntelTechnicalSupport Snmp-server locationSnmp-server location text No snmp-server location Following example defines the device location as NewYork Snmp-server set Show snmp Show snmpFollowing example displays the Snmp communications status Show snmp engineID Show snmp engineid Viewname Specifies the name of the view. Range Show snmp viewsFollowing example displays the Snmp engine ID Show snmp views viewname Groupname-Specifies the name of the group. Range Following example displays the configuration of viewsShow snmp groups Show snmp groups groupname Filtername-Specifies the name of the filter. Range Show snmp filtersFollowing table describes significant fields shown above Show snmp filters filtername Username-Specifies the name of the user. Range Following example displays the configuration of filtersShow snmp users Show snmp users username Console# show snmp users Spanning-tree Spanning-Tree CommandsSpanning-tree mode Spanning-tree mode stp rstpmstp Spanning-tree forward-time No spanning-tree modeSTP is enabled Consoleconfig# spanning-tree mode rstp Seconds Time in seconds. Range Consoleconfig# spanning-tree forward-time Spanning-tree max-age Consoleconfig# spanning-tree hello-timeSpanning-tree max-age seconds No spanning-tree max-age Spanning-tree priority priority No spanning-tree priority Following example configures spanning tree priority toSpanning-tree priority Forward-Time 1 = Max-Age Max-Age = 2*Hello-Time + Spanning-tree cost cost No spanning-tree cost Spanning-tree disableSpanning-tree disable No spanning-tree disable Spanning-tree cost Cost Path cost of the port Range 1-200,000,000 Spanning-tree port-priority Spanning-tree portfast Default port priority for Ieee Spanning TreeProtocol STP isPortFast mode is disabled Consoleconfig-if#spanning-tree port-priority Consoleconfig-if#spanning-tree portfast Following example enables PortFast on Ethernet portSpanning-tree link-type Spanning-tree pathcost method Consoleconfig-if#spanning-tree link-type sharedShort path cost method Spanning-tree bpdu filtering flooding No spanning-tree bpdu Following example sets the default path cost method to longDefault setting is flooding Spanning-tree bpdu Spanning-tree mst priority Clear spanning-tree detected-protocolsSpanning-tree mst instance-idpriority priority Spanning-tree mst max-hops Console config # spanning-tree mst 1 priorityNo spanning-tree mst instance-idpriority Console config # spanning-tree mst max-hops Default number of hops isSpanning-tree mst port-priority Spanning-tree mst cost Consoleconfig-if#spanning-tree mst 1 port-priority Consoleconfig# spanning-tree mst configuration Spanning-tree mst configurationSpanning-tree mst configuration Following example configures an MST region Following example maps VLANs 10-20 to MST instance MST Configuration modeInstance mst Instance instance-idadd remove vlan vlan-range Revision mst Default name is a radlanguestFollowing example defines the configuration name as region1 Name mst Show mst Value Configuration revision number RangeDefault configuration revision number is Following example sets the configuration revision to Exit Exit mst Spanning-tree guard root Abort mstAbort Interface -number- a valid Ethernet port Root guard is disabledShow spanning-tree Spanning-tree guard root No spanning-tree guard root Console# show spanning-tree Following example displays spanning-tree information FWD Console# show spanning-tree active Console# show spanning-tree blockedports Console# show spanning-tree detail Port 3 disabled State N/A Role N/A Port id Console# show spanning-tree ethernet ext.1 Console# show spanning-tree mst-configuration Rstp Times hold 1, topology change 35, notification Designated port id Designated path cost Port Enabled State Forwarding Role Boundary Port id This switch is root for CST and IST master Hello Time 2 sec Max Age 20 sec Spanning-Tree Commands Ip ssh port port-number No ip ssh port SSH CommandsIp ssh port Ip ssh server Crypto key generate dsa Device configuration from a SSH server is disabledDSA key pairs do not exist Crypto key generate rsa Consoleconfig# crypto key generate dsaCrypto key generate rsa Following example generates DSA key pairs Ip ssh pubkey-auth No ip ssh pubkey-auth AAA authentication is independentIp ssh pubkey-auth Following example generates RSA key pairs No keys are specified Crypto key pubkey-chain ssh No SSH public keys exist SSH Public Key-string Configuration modeConsoleconfig# crypt\o key pubkey-chain ssh User-key Key-string Show ip ssh Consoleconfig# crypto key pubkey-chain sshShow ip ssh Rsa Indicates the RSA key Dsa Indicates the DSA key Following example displays the SSH server configurationShow crypto key mypubkey Show crypto key mypubkey rsa dsa Console# show crypto key mypubkey rsa Show crypto key pubkey-chain ssh Console# show crypto key pubkey-chain ssh username bob Console# show crypto key pubkey-chain ssh SSH Commands Logging on Syslog CommandsLogging is enabled Following example enables logging error messages Logging Logging buffered level No logging buffered Default severity level is informationalConsoleconfig# logging buffered debugging Logging buffered Logging buffered size Default number of messages isThis command takes effect only after Reset Consoleconfig# logging buffered size Logging file level No logging file Default severity level is errorsLogging file Clear logging Following example clears messages from the logging file Consoleconfig# logging file alertsClear logging file Clear logging file File-system logging copy Aaa logging login no aaa logging loginAaa logging File-system logging Management logging deny No management logging deny Logging file system events is enabledConsoleconfig# file-system logging copy Management logging Show logging Logging management ACL events is enabledConsoleconfig# management logging deny Show logging AAA Console# show logging Show logging file Show logging fileConsole# show logging file Show syslog-servers Show syslog-servers Console# show syslog-servers Syslog Commands Ping System Management Commands Following example displays pinging results Traceroute Syntax Probe timed out Telnet Default port is the Telnet port decimal23 on the host Keywords Table Special Telnet Sequences Ports Table Connection The connection number. Range 1-4 connections Following command switches to open Telnet session numberResume Reload Hostname name No hostname HostnameReload Following example reloads the operating system Console show users Show usersFollowing example specifies the device host name Show users Console show sessions Show sessionsShow sessions Following example lists open Telnet sessions Show system Show systemConsole# show system Unit unit Unit number Privilaged Exec modeShow system id Show system id unit unit Show system flowcontrol Show system flowcontrolConsole show system id Following example displays information on features control Show system modeShow system mode Priviledged Exec mode Console show version Service cpu-utilizationService cpu-utilization No service cpu-utilization Show version Show cpu utilization This example enables measuring CPU utilizationConsoleconfig# service cpu-utilization Show cpu utilization Console# show cpu utilization Tacacs-server host TACACS+ CommandsNo tacacs-server host ip-addresshostname Empty string Tacacs-server keyFollowing example specifies a TACACS+ host Tacacs-server key key-string No tacacs-server key Consoleconfig# tacacs-server timeout Tacacs-server timeoutFollowing example sets the authentication encryption key Following example sets the timeout value to Following example specifies the source IP address Tacacs-server source-ipShow tacacs Source Specifies the source IP address Console# show tacacs Ip-address Name or IP address of the TACACS+ server TACACS+ Commands Enable User Interface CommandsDisable Login LoginFollowing example return to Users Exec mode Login User Exec mode command changes a login username Configure ConfigureFollowing example enters Global Configuration mode All configuration modes Exit ConfigurationExit End EndPrivileged and User Exec modes Following example closes an active terminal session Help All command modesHelp Terminal datadump Show history Dumping is disabledShow history Terminal datadump No terminal datadump Console# show history Show privilegeShow privilege Console# show version Console# show privilege Command The command to be executed Console Config# do show vlan Vlan Vlan CommandsFollowing example enters the Vlan database mode Vlan database Interface vlan vlan-id Vlan Configuration modeInterface vlan Following example Vlan number 1972 is created Interface range vlan vlan-rangeall Interface range vlanAll All existing static VLANs Following example gives Vlan number 19 the name Marketing NameNo name No name is defined Switchport protected is disabled Switchport protectedConsoleconfig-if#switchport protected ethernet ext.1 Switchport access vlan Switchport modeSwitchport mode access trunk general No switchport mode Switchport trunk allowed vlan add vlan-listremove vlan-list Switchport trunk allowed vlanAll ports belong to Vlan Vlan-id- Specifies the ID of the native Vlan Switchport trunk native vlan VID=1 Switchport general allowed vlan Vlan-id- Specifies the Pvid Port Vlan ID Switchport general pvid Ingress filtering is enabled Switchport general ingress-filtering disable All frame types are accepted at ingress Switchport general acceptable-frame-type tagged-onlySwitchport forbidden vlan Switchport forbidden vlan add vlan-listremove vlan-list Vlan-id- Specifies the ID of the internal usage Vlan Ip internal-usage-vlanAll VLANs are allowed Ip internal-usage-vlan vlan-id No ip internal-usage-vlan Vlan-id- specifies a Vlan ID Consoleconfig-if#ip internal-usage-vlanShow vlan Show vlan id vlan-idname vlan-name Following example displays all Vlan information Show vlan internal usageShow vlan internal usage Console# show vlan internal usage Show interfaces switchport VLAN011 Console# show interface switchport ethernet ext.1 Pvid Map protocol protocol encapsulation protocols-group group Map protocol protocols-group Following example maps protocol ip-arp to the group named Switchport general map protocols-group vlanVlan Database mode Following protocol names are reserved Map mac macs-group Console config-if#switchport general map macs-group 1 vlan Switchport general map macs-group vlan Map subnet subnets-group Switchport general map subnets-group vlan Show vlan protocols-groups Console# show vlan protocols-groups Show vlan macs-groups Show vlan subnets-groups Following example shows subnets-groups information Vlan Commands Method1 method2... At least one from the following table 29 802.1x CommandsAaa authentication dot1x No authentication method is defined Dot1x port-control 802.1x is disabled globallyFollowing example enables 802.1x globally Dot1x system-auth-control Consoleconfig-if#dot1x port-control auto Interface Configuration EthernetPort is in the force-authorized state Periodic re-authentication is disabled Dot1x re-authenticationDot1x timeout re-authperiod Dot1x re-authentication No dot1x re-authentication Consoleconfig-if#dot1x timeout re-authperiod Dot1x re-authenticateRe-authentication period is 3600 seconds Dot1x re-authenticate ethernet interface Console# dot1x re-authenticate ethernet ext.16 Dot1x timeout quiet-periodQuiet period is 60 seconds Consoleconfig-if#dot1x timeout quiet-period Dot1x timeout tx-periodDot1x timeout tx-period seconds No dot1x timeout tx-period Timeout period is 30 seconds Dot1x max-req Default number of times isDot1x max-req count No dot1x max-req Default timeout period is 30 seconds Dot1x timeout supp-timeout Consoleconfig-if# dot1x timeout supp-timeout Dot1x timeout server-timeoutConsoleconfig-if#dot1x timeout server-timeout Show dot1x ethernet interface Show dot1xConsole# show dot1x Console# show dot1x ethernet ext.3 Show dot1x users username username Show dot1x usersUsername Supplicant username Range 1-160 characters Console# show dot1x users Following example displays 802.1x usersConsole# show dot1x users username Bob Show dot1x statistics ethernet interface Show dot1x statisticsConsole# show dot1x statistics ethernet ext.1 Dot1x auth-not-req No dot1x auth-not-req Dot1x auth-not-req Dot1x multiple-hosts Access is enabledMultiple hosts are disabled Consoleconfig-if# dot1x auth-not-req Dot1x single-host-violation Dot1x guest-vlan No dot1x guest-vlan Consoleconfig-if#dot1x single-host-violation forward trapDot1x guest-vlan No traps are sent Following example defines Vlan 2 as a guest Vlan Dot1x guest-vlan enable Console# show dot1x advanced Consoleconfig-if#dot1x guest-vlan enableShow dot1x advanced Show dot1x advanced ethernet interface Console# show dot1x advanced ethernet ext.1 Holland Appendix a Getting HelpWorld Wide Web Telephone Finland New Zealand 0800 444 AustraliaCambodia Myanmar Panama EcuadorUruguay