Switchport protected

VLAN Commands

The switchport protected Interface Configuration mode command overrides the FDB decision, and sends all Unicast, Multicast and Broadcast traffic to an uplink port. To disable overriding the FDB decision, use the no form of this command..

Syntax

switchport protected {ethernet port port-channel port-channel-number}

no switchport protected

Parameters

•port— Specifies the uplink Ethernet port.

•port-channel-number— Specifies the uplink port-channel.

Default Configuration

Switchport protected is disabled.

Command Mode

Interface Configuration (Ethernet, port-channel) mode

User Guidelines

Private VLAN Edge (PVE) supports private communication by isolating PVE-defined ports and ensuring that all Unicast, Broadcast and Multicast traffic from these ports is only forwarded to uplink port(s).

PVE requires only one VLAN on each device, but not on every port; this reduces the number of VLANs required by the device. Private VLANs and the default VLAN function simultaneously in the same device.

Example

This example configures ethernet port 8 as a protected port, so that all traffic is sent to its uplink (ethernet port 1).

Console(config)# interface ethernet ext.1

Console(config-if)#switchport forbidden vlan add 234-256

Console(config-if)# exit

Console(config)# interface ethernet ext.1

Console(config-if)#switchport protected ethernet ext.1

Intel® Blade Server Ethernet Switch Modules SBCEGBESW1 and SBCEGBESW10 CLI Guide

359

Page 375

Image 375

Intel SBCEGBESW10 CLI manual Switchport protected is disabled, Consoleconfig-if#switchport protected ethernet ext.1

Contents

Guide for System Administrators of Intel Server Products Disclaimer Instrucciones de seguridad importantes Important Safety InstructionsWichtige Sicherheitshinweise Consignes de sécuritéPage Manual Organization About this ManualPage Contents ACL Commands Gvrp Commands Line Commands 141 QoS Commands Radius Commands 215 Spanning-Tree Commands System Management Commands 321 Vlan Commands Appendix a Getting Help 405 Overview Using CLI Command in the Global Configuration mode Privileged Exec Mode Interface Configuration and Specific Configuration Modes Starting the CLI Negating the Effect of Commands Nomenclature CLI Command Conventions Using CLI AAA Commands Aaa authentication loginGlobal Configuration mode Following example configures the authentication login Aaa authentication enable Consoleconfig# aaa authentication enable default enable Login authentication Enable authentication Line Configuration modeConsoleconfig-line#login authentication default Ip http authentication There are no user guidelines for this commandConsoleconfig-line#enable authentication default Following example configures the Http authentication Ip https authentication Show authentication methods Following example configures Https authenticationShow authentication methods Following example displays the authentication configuration PasswordThis command has no default configuration Privileged Exec mode No password is defined Enable password No user is defined No enable password is definedConsoleconfig# enable password secret level Username User account can be created without a password AAA Commands Interface Configuration Vlan mode Address Table Commands Bridge address Bridge multicast filtering No bridge multicast filtering Folowing example, bridge multicast filtering is enabledConsoleconfig# bridge multicast filtering Bridge multicast filtering No multicast addresses are defined Bridge multicast address Bridge multicast forbidden address Following example registers the MAC addressNo forbidden addresses are defined Bridge multicast forward-all This setting is disabled Command Mode This setting is disabled Bridge multicast forbidden forward-allThis example, all multicast packets on port 1 are forwarded Seconds Time in seconds. Range 10-630 seconds Default setting is 300 secondsBridge aging-time Bridge aging-time seconds No bridge aging-time Following example, the bridge tables are cleared Clear bridgePort security Clear bridge Consoleconfig-if#port security forward trap Port security modeInterface Configuration Ethernet, port-channel mode Port security mode lock mac-addresses No port security mode Consoleconfig-if#port security mode mac-addresses Port security routed secure-addressMac-address a valid MAC address No addresses are defined Show bridge address-table Console# show bridge address-table Show bridge address-table static Show bridge address-table count Vlan Specifies a valid VLAN, such as VlanConsole# show bridge address-table static Console# show bridge address-table count Show bridge multicast address-table Console# show bridge multicast address-table Show bridge multicast filtering Show bridge multicast filtering vlan-idConsole# show bridge multicast address-table format ip Console# show bridge multicast filtering Show ports security Show ports security addresses Following table describes the fields shown aboveConsole# show ports security Console# show ports security addresses Address Table Commands ACL Commands Ip access-listIp access-list name No ip access-list name IP Protocol Abbreviated Name Protocol Number Permit ip ACL Commands Deny-icmp Deny-igmp IP-Access List Configuration modeDeny IP No IPv4 ACL is defined Deny-tcp deny-udp Mac access-list Permit MAC Mac access-list name No mac access-list nameDefault for all ACLs is deny all Following example shows how to create a MAC ACL MAC-Access List Configuration mode Deny MACNo MAC ACL is defined This command has no default configuration Show access-lists name Service-aclShow access-lists Service-acl input acl-name No service-acl input Name The name of the ACL Show interfaces access-listsFollowing example displays access lists defined on a device Console# show access-lists Console# show interfaces access-lists Clock set Clock Commands No external clock source Clock sourceClock timezone Sntp Sntp servers Clock summer-time No clock timezoneClock set to UTC No clock summer-time recurring No authentication key is defined Sntp authentication-key Sntp authenticate no sntp authenticate Sntp authenticate Sntp trusted-key key-number No sntp trusted-key key-number Sntp client poll timerFollowing example authenticates key Sntp trusted-key Seconds Polling interval in seconds. Range Sntp broadcast client enableSntp client poll timer seconds No sntp client poll timer Sntp broadcast client is disabled Sntp anycast client is disabled Sntp anycast client enableFollowing example enables the Sntp broadcast clients Sntp anycast client enable No sntp anycast client enable Interface Configuration Ethernet, port-channel, Vlan mode Sntp client enable InterfaceFollowing example enables Sntp anycast clients Sntp client is disabled on an interface Sntp unicast client poll Sntp unicast client enableSntp unicast client enable No sntp unicast client enable Sntp unicast client is disabled No sntp server host Polling is disabledConsoleconfig# sntp unicast client poll Sntp server Detail Shows timezone and summertime configuration Show clockShow clock detail Show sntp configuration Show sntp configurationConsole# show clock Console# show sntp configuration Show sntp statusShow sntp status Console# show sntp status Following example shows the status of the Sntp Copy Configuration and Image File Commands Copying an Image File from a Server to Flash Memory Copying a Boot File from a Server to Flash Memory Storing the Running or Startup Configuration on a Server DeleteDelete url Boot system Boot system image-1 image-2Sys, *.prv, image-1 and image-2 files cannot be deleted Show running-config Show running-configConsole# boot system image-1 Show startup-config Show startup-configConsole# show running-config Show backup-config Show backup-configConsole# show startup-config Show bootvar Show bootvarConsole# show backup-config Console# show bootvar Configuration and Image File Commands Interface ethernet interface Ethernet Configuration CommandsInterface ethernet Interface range ethernet Shutdown Interface range ethernet port-listallShutdown No shutdown Description string No description Description Maximum port capability SpeedFollowing example adds a description to Ethernet port Speed 10 100 No speed Interface is set to full duplex Interface Configuration Ethernet modeDuplex Duplex half full No duplex Consoleconfig# interface ethernet ext.1 NegotiationNo negotiation Flowcontrol auto on off No flowcontrol Flowcontrol Mdix on auto No mdix Default setting is onFollowing example, automatic crossover is enabled on port Mdix Port jumbo-frame No port jumbo-frame Back-pressurePort jumbo-frame Back-pressure No back-pressure Clear counters Jumbo frames are disabled on the deviceGlobal Configuration Following example, jumbo frames are enabled on the device Console# clear counters ethernet ext.2 Set interface activeFollowing example, the counters for interface 1 are cleared Following example reactivates interface Show interfaces advertise Following example displays auto-negotiation informationConsole# show interfaces advertise Console# show interfaces configuration Show interfaces configuration Show interfaces status Show interfaces description Show interfaces counters Interface a valid Ethernet port. Full syntax unit/portConsole# show interfaces description Console# show interfaces counters Following example displays counters for Ethernet port Following table describes the fields shown in the displayConsole# show interfaces counters ethernet ext.1 Console# show port jumbo-frame This command is relevant to Giga devices onlyShow ports jumbo-frame Show ports jumbo-frame Multicast packets are not counted Following example enables counting multicast packetsPort storm-control include-multicast GC Port storm-control include-multicast IC Broadcast storm control is disabled Port storm-control broadcast enable Port storm-control broadcast rate Default storm control broadcast rate is 3500 Kbits/Sec Console# show ports storm-control Following example displays the storm control configurationShow ports storm-control Show ports storm-control interface Disabled 3500 Broadcast Gvrp enable No gvrp enable Gvrp CommandsGvrp enable Global Gvrp enable Interface Garp timer join leave leaveall timervalue No garp timer Garp timerGvrp is disabled on all interfaces Following example enables Gvrp on Ethernet port Consoleconfig# interface ethernet ext.6 Gvrp vlan-creation-forbidGvrp vlan-creation-forbid No gvrp vlan-creation-forbid Dynamic registration of VLANs on the port is allowed Dynamic Vlan creation or modification is enabledGvrp registration-forbid Gvrp registration-forbid No gvrp registration-forbid Console# clear gvrp statistics ethernet ext.1 Clear gvrp statistics Console# show gvrp configuration Show gvrp configurationPrivieged Exec mode Following example displays Gvrp configuration information Show gvrp statistics Following example shows Gvrp statistical informationConsole# show gvrp statistics Show gvrp error-statistics Console# show gvrp error-statisticsFollowing example displays Gvrp statistical information Ip igmp snooping No ip igmp snooping Igmp Snooping CommandsIp igmp snooping Global Ip igmp snooping Interface Following example enables Igmp snooping on Vlan Automatic learning of multicast device ports is enabledIp igmp snooping mrouter learn-pim-dvmrp Ip igmp snooping host-time-out Time-out- Specifies the host timeout in seconds. RangeDefault host-time-out is 260 seconds Consoleconfig-if#ip igmp snooping mrouter learn-pim-dvmrp Default value is 300 seconds Consoleconfig-if#ip igmp snooping host-time-outIp igmp snooping mrouter-time-out Default leave-time-out configuration is 10 seconds Consoleconfig-if#ip igmp snooping mrouter-time-outIp igmp snooping leave-time-out Vlan-id Specifies the Vlan number Consoleconfig-if#ip igmp snooping leave-time-outShow ip igmp snooping mrouter Show ip igmp snooping mrouter interface vlan-id Show ip igmp snooping interface vlan-id Show ip igmp snooping interface Console# show ip igmp snooping interface Show ip igmp snooping groups Console# show ip igmp snooping groups Igmp Snooping Commands Ip address ip-address mask prefix-length IP Address CommandsInterface Configuration Ethernet, VLAN, port-channel mode Ip address Ip address dhcp hostname host-name No ip address dhcp Ip address dhcp Ip default-gateway Ip default-gateway ip-address No ip default-gatewayNo default gateway is defined This command is only operational in Switch mode Following example defines default gatewayShow ip interface Console# show ip interface Arp Arp timeout Arp timeout seconds No arp timeoutDefault timeout is 60000 seconds Console# clear arp-cache Clear arp-cacheShow arp Clear arp-cache Ip domain-lookup No ip domain-lookup Ip domain-lookupShow arp Following example displays entries in the ARP table Default domain name is not defined Ip domain-nameIp domain-name name No ip domain-name Following example sets the available name server Ip name-serverServer-address- Specifies IP addresses of the name server No name server addresses are specified No host is defined Ip hostClear host No ip host name Clear host dhcp Clear host dhcp nameConsole# clear host Console# clear host dhcp Show hostsShow hosts name Name Specifies the host name. Range 1-158 characters Console# show hosts Following example displays host information Lacp system-priority value No lacp system-priority Lacp CommandsLacp system-priority Lacp port-priority Lacp timeout Lacp timeout long short no lacp timeoutLacp port-priority value No lacp port-priority Short Specifies the short timeout value Default port timeout value is longShow lacp ethernet Console# show lacp ethernet ext.1 Following example display Lacp information for Ethernet port Show lacp port-channel Show lacp port-channel portchannelnumber Portchannelnumber Valid port-channel numberConsole# show lacp port-channel Show line Line CommandsThis command has no user guidelines Line Show line telnet ssh Exec mode Line Commands Line Commands Name Access list name. Range 1-32 characters Management ACL CommandsManagement access-list Management access-list name No management access-list name Consoleconfig# management access-class mlist Consoleconfig# management access-list mlist Management Access-list Configuration mode If no permit rule is defined, the default is set to deny Deny Management Management access-class Following example displays the mlist management access list Show management access-list name Console# show management access-class Show management access-class Management ACL Commands Console# test copper-port tdr ext.3 PHY Diagnostics CommandsTest copper-port tdr Test copper-port tdr interface Maximum length of the cable for the TDR test is 120 meters User Exec modeShow copper-ports tdr Show copper-ports tdr interface Console show copper-ports cable-length Port must be active and working in 100M or 1000M modeShow copper-ports cable-length Show copper-ports cable-length interface PHY Diagnostics Commands Interface port-channel port-channel-number Port Channel CommandsConsoleconfig# interface port-channel Interface port-channel Interface range port-channel port-channel-rangeall Consoleconfig# interface range port-channel 1-2,6Interface range port-channel Channel-group Show interfaces port-channel Port is not assigned to a port-channelShow interfaces port-channel port-channel-number Console# show interfaces port-channel Following example displays information on all port-channels Monitors both received and transmitted packets Port Monitor Commands Ingress mirrored packets are transmitted untagged Console config-if#port monitor vlan-taggingPort monitor vlan-tagging Port monitor vlan-tagging No port monitor vlan-tagging Show ports monitor Show ports monitorConsole show ports monitor Port Monitor Commands Following example enables QoS on the device QoS CommandsQos basic advanced service No qos QoS basic mode is enabled Show qos Trust mode is displayed if QoS is enabled in basic modeShow qos Show qos aggregate-policer Show qos interface There are no user guidelinesConsole# show qos aggregate-policer policer1 Console# show qos interface ethernet 1 buffers There is no default configuration for this command Dscp-queue- Indicates the Dscp to queue map Show qos map User Exec mode command displays all QoS mapsShow qos map Show qos map dscp-queue Console show qos map Class-mapFollowing example displays the Dscp port-queue map Class-map class-map-namematch-all match-any By default, the match-allparameter is selected Show class-mapShow class-map class-map-name Acl-name- Specifies the name of an IP or MAC ACL Match access-group acl-name No match access-group acl-nameMatch Following example shows the class map for class1 Class-map Configuration mode Policy-mapPolicy-map-name- Specifies the name of the policy map No policy map is defined Class Policy-map Configuration mode Show policy-mapUser Exec command displays the policy mapsShow policy-map Trust cos-dscp No trust cos-dscp Policy-map Class Configuration modeTrust cos-dscp Following example displays all policy maps No set Set No police Police Service-policy input policy-map-name No service-policy input Service-policy Qos aggregate-policer No qos aggregate-policerNo aggregate policer is define Exceed-action drop Console show qos aggregate-policer policer1 Police aggregate No wrr-queue cos-map queue-id Wrr-queue cos-map Wrr-queue bandwidth Following example maps CoS 7 to queueNo wrr-queue bandwidth Priority-queue out num-of-queues number-of-queues Priority-queue out num-of-queues All queues are expedite queues Consoleconfig# priority-queue out num-of-queuesTraffic-shape No priority-queue out num-of-queues No shape is defined Ethernet Notify Q depth Qid Size 125 Qos wrr-queue threshold Percent for all thresholds Console config# qos wrr-queue threshold gigabitethernet 1Qos map policed-dscp No qos wrr-queue threshold tengigabitethernet queue-id Consoleconfig# qos map policed-dscp 3 to Qos map dscp-queueDscp values 3,11,19… cannot be remapped to other values Qos trust cos dscp no qos trust Following table describes the default mapQos trust Global Following example maps Dscp values 33, 40 and 41 to queue CoS is the default trust mode Qos trust InterfaceQos trust No qos trust Default CoS value of a port is Qos cosNo qos cos Following example configures port 15 default CoS value to Qos dscp-mutationQos dscp-mutation No qos dscp-mutation Qos map dscp-mutation QoS Commands QoS Commands Rmon Commands Show rmon statisticsConsole# show rmon statistics ethernet ext.1 Rmon Commands Rmon collection history Show rmon collection history Cannot be configured for a range of interfaces Range context Console# show rmon collection history Show rmon history Console# show rmon history 1 throughput Console# show rmon history 1 errors Console# show rmon history 1 other No rmon alarm index Rmon alarm Type is absolute Startup direction is rising-falling Console# show rmon alarm-table Show rmon alarm-tableShow rmon alarm-table Following example displays the alarms table Following example displays Rmon 1 alarms Show rmon alarmShow rmon alarm number Number Specifies the alarm index. Range Last Sample Value Rmon event Show rmon events Show rmon events Event Specifies the event index. Range Show rmon logFollowing example displays the Rmon event table Show rmon log event Console# show rmon log Following example displays the Rmon log table Consoleconfig# rmon table-size history Rmon table-sizeHistory table size is Log table size is No Radius server host is specified Radius CommandsRadius-server host No radius-server host ip-addresshostname Radius-server key key-string No radius-server key Radius-server key Radius-server retransmit Key-string is an empty stringSoftware searches the list of Radius server hosts 3 times Consoleconfig# radius-server retransmit Radius-server source-ipSource Specifies a valid source IP address Radius-server timeout Timeout value is 3 secondsConsoleconfig# radius-server timeout Show radius-servers Deadtime setting isConsoleconfig# radius-server deadtime Radius-server deadtime Following example displays Radius server settings Show radius-serversConsole# show radius-servers Radius Commands Ip http server No ip http server Web Server CommandsIp http server Ip http port Ip http exec-timeout No ip http portIp http exec-timout minutes seconds no ip http exec-timout Ip https server No ip https server Default timout is 10 minutesDisabled Ip https server Ip https port port-number No ip https port Ip https exec-timeoutFollowing example configures the https port number to Ip https port No ip https exec-timout Crypto certificate generate Consoleconfig# crypto certificate 1 generate key-generate Crypto certificate requestFollowing example regenerates an Https certificate There is no default configuration for this command Console# crypto certificate 1 request Crypto certificate importCrypto certificate number import Number Specifies the certificate number. Range Consoleconfig# crypto certificate 1 import Ip https certificateIp https certificate number No ip https certificate Show crypto certificate mycertificate number Consoleconfig# ip https certificateShow crypto certificate mycertificate Certificate number Console# show crypto certificate mycertificate Show ip httpFollowing example displays the certificate Show ip http Console# show ip http Following example displays the Http server configurationShow ip https Show ip https Web Server Commands Web Server Commands Snmp Commands Snmp-server communityNo communities are defined Snmp-server view No view entry exists Snmp-server group No group entry exists No snmp-server group groupname v1 v2 v3 noauth auth priv No snmp-server user username remote engineid-string Snmp-server user Snmp-server engineID local Parameters Following example enables Snmp traps Snmp-server enable trapsSnmp-server enable traps No snmp-server enable traps Snmp traps are enabled No filter entry exists Snmp-server filter Snmp-server host Snmp-server v3-host Snmp-server trap authentication Following example configures an SNMPv3 hostSnmp-server trap authentication Snmp-server contact No snmp-server trap authenticationSnmp failed authentication traps are enabled Following example enables Snmp failed authentication traps Snmp-server location IntelTechnicalSupportSnmp-server location text No snmp-server location Following example defines the device location as NewYork Snmp-server set Show snmp Show snmpFollowing example displays the Snmp communications status Show snmp engineID Show snmp engineid Viewname Specifies the name of the view. Range Show snmp viewsFollowing example displays the Snmp engine ID Show snmp views viewname Groupname-Specifies the name of the group. Range Following example displays the configuration of viewsShow snmp groups Show snmp groups groupname Filtername-Specifies the name of the filter. Range Show snmp filtersFollowing table describes significant fields shown above Show snmp filters filtername Username-Specifies the name of the user. Range Following example displays the configuration of filtersShow snmp users Show snmp users username Console# show snmp users Spanning-tree Spanning-Tree CommandsSpanning-tree mode Spanning-tree mode stp rstpmstp Spanning-tree forward-time No spanning-tree modeSTP is enabled Consoleconfig# spanning-tree mode rstp Seconds Time in seconds. Range Consoleconfig# spanning-tree forward-time Consoleconfig# spanning-tree hello-time Spanning-tree max-ageSpanning-tree max-age seconds No spanning-tree max-age Spanning-tree priority priority No spanning-tree priority Following example configures spanning tree priority toSpanning-tree priority Forward-Time 1 = Max-Age Max-Age = 2*Hello-Time + Spanning-tree cost cost No spanning-tree cost Spanning-tree disableSpanning-tree disable No spanning-tree disable Spanning-tree cost Cost Path cost of the port Range 1-200,000,000 Spanning-tree port-priority Spanning-tree portfast Default port priority for Ieee Spanning TreeProtocol STP isPortFast mode is disabled Consoleconfig-if#spanning-tree port-priority Following example enables PortFast on Ethernet port Consoleconfig-if#spanning-tree portfastSpanning-tree link-type Consoleconfig-if#spanning-tree link-type shared Spanning-tree pathcost methodShort path cost method Spanning-tree bpdu filtering flooding No spanning-tree bpdu Following example sets the default path cost method to longDefault setting is flooding Spanning-tree bpdu Clear spanning-tree detected-protocols Spanning-tree mst prioritySpanning-tree mst instance-idpriority priority Console config # spanning-tree mst 1 priority Spanning-tree mst max-hopsNo spanning-tree mst instance-idpriority Default number of hops is Console config # spanning-tree mst max-hopsSpanning-tree mst port-priority Spanning-tree mst cost Consoleconfig-if#spanning-tree mst 1 port-priority Consoleconfig# spanning-tree mst configuration Spanning-tree mst configurationSpanning-tree mst configuration Following example configures an MST region Following example maps VLANs 10-20 to MST instance MST Configuration modeInstance mst Instance instance-idadd remove vlan vlan-range Revision mst Default name is a radlanguestFollowing example defines the configuration name as region1 Name mst Show mst Value Configuration revision number RangeDefault configuration revision number is Following example sets the configuration revision to Exit Exit mst Abort mst Spanning-tree guard rootAbort Interface -number- a valid Ethernet port Root guard is disabledShow spanning-tree Spanning-tree guard root No spanning-tree guard root Console# show spanning-tree Following example displays spanning-tree information FWD Console# show spanning-tree active Console# show spanning-tree blockedports Console# show spanning-tree detail Port 3 disabled State N/A Role N/A Port id Console# show spanning-tree ethernet ext.1 Console# show spanning-tree mst-configuration Rstp Times hold 1, topology change 35, notification Designated port id Designated path cost Port Enabled State Forwarding Role Boundary Port id This switch is root for CST and IST master Hello Time 2 sec Max Age 20 sec Spanning-Tree Commands Ip ssh port port-number No ip ssh port SSH CommandsIp ssh port Ip ssh server Device configuration from a SSH server is disabled Crypto key generate dsaDSA key pairs do not exist Crypto key generate rsa Consoleconfig# crypto key generate dsaCrypto key generate rsa Following example generates DSA key pairs Ip ssh pubkey-auth No ip ssh pubkey-auth AAA authentication is independentIp ssh pubkey-auth Following example generates RSA key pairs No keys are specified Crypto key pubkey-chain ssh No SSH public keys exist SSH Public Key-string Configuration modeConsoleconfig# crypt\o key pubkey-chain ssh User-key Key-string Consoleconfig# crypto key pubkey-chain ssh Show ip sshShow ip ssh Rsa Indicates the RSA key Dsa Indicates the DSA key Following example displays the SSH server configurationShow crypto key mypubkey Show crypto key mypubkey rsa dsa Console# show crypto key mypubkey rsa Show crypto key pubkey-chain ssh Console# show crypto key pubkey-chain ssh username bob Console# show crypto key pubkey-chain ssh SSH Commands Logging on Syslog CommandsLogging is enabled Following example enables logging error messages Logging Logging buffered level No logging buffered Default severity level is informationalConsoleconfig# logging buffered debugging Logging buffered Logging buffered size Default number of messages isThis command takes effect only after Reset Consoleconfig# logging buffered size Logging file level No logging file Default severity level is errorsLogging file Clear logging Following example clears messages from the logging file Consoleconfig# logging file alertsClear logging file Clear logging file File-system logging copy Aaa logging login no aaa logging loginAaa logging File-system logging Management logging deny No management logging deny Logging file system events is enabledConsoleconfig# file-system logging copy Management logging Show logging Logging management ACL events is enabledConsoleconfig# management logging deny Show logging AAA Console# show logging Show logging file Show logging fileConsole# show logging file Show syslog-servers Show syslog-servers Console# show syslog-servers Syslog Commands Ping System Management Commands Following example displays pinging results Traceroute Syntax Probe timed out Telnet Default port is the Telnet port decimal23 on the host Keywords Table Special Telnet Sequences Ports Table Connection The connection number. Range 1-4 connections Following command switches to open Telnet session numberResume Reload Hostname name No hostname HostnameReload Following example reloads the operating system Console show users Show usersFollowing example specifies the device host name Show users Console show sessions Show sessionsShow sessions Following example lists open Telnet sessions Show system Show systemConsole# show system Unit unit Unit number Privilaged Exec modeShow system id Show system id unit unit Show system flowcontrol Show system flowcontrolConsole show system id Following example displays information on features control Show system modeShow system mode Priviledged Exec mode Console show version Service cpu-utilizationService cpu-utilization No service cpu-utilization Show version Show cpu utilization This example enables measuring CPU utilizationConsoleconfig# service cpu-utilization Show cpu utilization Console# show cpu utilization TACACS+ Commands Tacacs-server hostNo tacacs-server host ip-addresshostname Empty string Tacacs-server keyFollowing example specifies a TACACS+ host Tacacs-server key key-string No tacacs-server key Consoleconfig# tacacs-server timeout Tacacs-server timeoutFollowing example sets the authentication encryption key Following example sets the timeout value to Following example specifies the source IP address Tacacs-server source-ipShow tacacs Source Specifies the source IP address Console# show tacacs Ip-address Name or IP address of the TACACS+ server TACACS+ Commands User Interface Commands EnableDisable Login LoginFollowing example return to Users Exec mode Login User Exec mode command changes a login username Configure ConfigureFollowing example enters Global Configuration mode Exit Configuration All configuration modesExit End EndPrivileged and User Exec modes Following example closes an active terminal session Help All command modesHelp Terminal datadump Show history Dumping is disabledShow history Terminal datadump No terminal datadump Console# show history Show privilegeShow privilege Console# show version Console# show privilege Command The command to be executed Console Config# do show vlan Vlan Vlan CommandsFollowing example enters the Vlan database mode Vlan database Interface vlan vlan-id Vlan Configuration modeInterface vlan Following example Vlan number 1972 is created Interface range vlan Interface range vlan vlan-rangeallAll All existing static VLANs Following example gives Vlan number 19 the name Marketing NameNo name No name is defined Switchport protected Switchport protected is disabledConsoleconfig-if#switchport protected ethernet ext.1 Switchport mode Switchport access vlanSwitchport mode access trunk general No switchport mode Switchport trunk allowed vlan Switchport trunk allowed vlan add vlan-listremove vlan-listAll ports belong to Vlan Vlan-id- Specifies the ID of the native Vlan Switchport trunk native vlan VID=1 Switchport general allowed vlan Vlan-id- Specifies the Pvid Port Vlan ID Switchport general pvid Ingress filtering is enabled Switchport general ingress-filtering disable All frame types are accepted at ingress Switchport general acceptable-frame-type tagged-onlySwitchport forbidden vlan Switchport forbidden vlan add vlan-listremove vlan-list Vlan-id- Specifies the ID of the internal usage Vlan Ip internal-usage-vlanAll VLANs are allowed Ip internal-usage-vlan vlan-id No ip internal-usage-vlan Vlan-id- specifies a Vlan ID Consoleconfig-if#ip internal-usage-vlanShow vlan Show vlan id vlan-idname vlan-name Show vlan internal usage Following example displays all Vlan informationShow vlan internal usage Console# show vlan internal usage Show interfaces switchport VLAN011 Console# show interface switchport ethernet ext.1 Pvid Map protocol protocol encapsulation protocols-group group Map protocol protocols-group Following example maps protocol ip-arp to the group named Switchport general map protocols-group vlanVlan Database mode Following protocol names are reserved Map mac macs-group Console config-if#switchport general map macs-group 1 vlan Switchport general map macs-group vlan Map subnet subnets-group Switchport general map subnets-group vlan Show vlan protocols-groups Console# show vlan protocols-groups Show vlan macs-groups Show vlan subnets-groups Following example shows subnets-groups information Vlan Commands Method1 method2... At least one from the following table 29 802.1x CommandsAaa authentication dot1x No authentication method is defined Dot1x port-control 802.1x is disabled globallyFollowing example enables 802.1x globally Dot1x system-auth-control Interface Configuration Ethernet Consoleconfig-if#dot1x port-control autoPort is in the force-authorized state Periodic re-authentication is disabled Dot1x re-authenticationDot1x timeout re-authperiod Dot1x re-authentication No dot1x re-authentication Consoleconfig-if#dot1x timeout re-authperiod Dot1x re-authenticateRe-authentication period is 3600 seconds Dot1x re-authenticate ethernet interface Dot1x timeout quiet-period Console# dot1x re-authenticate ethernet ext.16Quiet period is 60 seconds Consoleconfig-if#dot1x timeout quiet-period Dot1x timeout tx-periodDot1x timeout tx-period seconds No dot1x timeout tx-period Timeout period is 30 seconds Default number of times is Dot1x max-reqDot1x max-req count No dot1x max-req Default timeout period is 30 seconds Dot1x timeout supp-timeout Dot1x timeout server-timeout Consoleconfig-if# dot1x timeout supp-timeoutConsoleconfig-if#dot1x timeout server-timeout Show dot1x Show dot1x ethernet interfaceConsole# show dot1x Console# show dot1x ethernet ext.3 Show dot1x users Show dot1x users username usernameUsername Supplicant username Range 1-160 characters Following example displays 802.1x users Console# show dot1x usersConsole# show dot1x users username Bob Show dot1x statistics Show dot1x statistics ethernet interfaceConsole# show dot1x statistics ethernet ext.1 Dot1x auth-not-req No dot1x auth-not-req Dot1x auth-not-req Dot1x multiple-hosts Access is enabledMultiple hosts are disabled Consoleconfig-if# dot1x auth-not-req Dot1x single-host-violation Dot1x guest-vlan No dot1x guest-vlan Consoleconfig-if#dot1x single-host-violation forward trapDot1x guest-vlan No traps are sent Following example defines Vlan 2 as a guest Vlan Dot1x guest-vlan enable Console# show dot1x advanced Consoleconfig-if#dot1x guest-vlan enableShow dot1x advanced Show dot1x advanced ethernet interface Console# show dot1x advanced ethernet ext.1 Holland Appendix a Getting HelpWorld Wide Web Telephone Finland New Zealand 0800 444 AustraliaCambodia Myanmar Ecuador PanamaUruguay