Port is in the force-authorized state | Intel SBCEGBESW10 CLI

802.1x Commands

Syntax

dot1x port-control {auto force-authorized force-unauthorized}

no dot1x port-control

Parameters

•auto — Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.1x authentication exchange between the port and the client.

•force-authorized — Disables 802.1x authentication on the interface and causes the port to transition to the authorized state without any authentication exchange required. The port resends and receives normal traffic without 802.1x-based authentication of the client.

•force-unauthorized — Denies all access through this interface by forcing the port to transition to the unauthorized state and ignoring all attempts by the client to authenticate. The device cannot provide authentication services to the client through the interface.

Default Configuration

Port is in the force-authorized state

Command Mode

Interface Configuration (Ethernet)

User Guidelines

It is recommended to disable spanning tree or to enable spanning-tree PortFast mode on 802.1x edge ports (ports in auto state that are connected to end stations), in order to get immediately to the forwarding state after successful authentication.

Example

The following example enables 802.1x authentication on Ethernet port 16.

Console(config)# interface ethernet ext.16

Console(config-if)#dot1x port-control auto

Intel® Blade Server Ethernet Switch Modules SBCEGBESW1 and SBCEGBESW10 CLI Guide

385

Image 401

Intel SBCEGBESW10 CLI manual Port is in the force-authorized state, Interface Configuration Ethernet

Contents

Guide for System Administrators of Intel Server Products Disclaimer Wichtige Sicherheitshinweise Important Safety InstructionsConsignes de sécurité Instrucciones de seguridad importantesPage Manual Organization About this ManualPage Contents ACL Commands Gvrp Commands Line Commands 141 QoS Commands Radius Commands 215 Spanning-Tree Commands System Management Commands 321 Vlan Commands Appendix a Getting Help 405 Overview Using CLI Command in the Global Configuration mode Privileged Exec Mode Interface Configuration and Specific Configuration Modes Starting the CLI Negating the Effect of Commands Nomenclature CLI Command Conventions Using CLI Global Configuration mode AAA CommandsAaa authentication login Following example configures the authentication login Aaa authentication enable Consoleconfig# aaa authentication enable default enable Login authentication Consoleconfig-line#login authentication default Enable authenticationLine Configuration mode Consoleconfig-line#enable authentication default Ip http authenticationThere are no user guidelines for this command Following example configures the Http authentication Ip https authentication Show authentication methods Show authentication methodsFollowing example configures Https authentication This command has no default configuration PasswordPrivileged Exec mode Following example displays the authentication configuration No password is defined Enable password Consoleconfig# enable password secret level No enable password is definedUsername No user is defined User account can be created without a password AAA Commands Interface Configuration Vlan mode Address Table Commands Bridge address Consoleconfig# bridge multicast filtering Folowing example, bridge multicast filtering is enabledBridge multicast filtering Bridge multicast filtering No bridge multicast filtering No multicast addresses are defined Bridge multicast address No forbidden addresses are defined Bridge multicast forbidden addressFollowing example registers the MAC address Bridge multicast forward-all This setting is disabled Command Mode This example, all multicast packets on port 1 are forwarded This setting is disabledBridge multicast forbidden forward-all Bridge aging-time Default setting is 300 secondsBridge aging-time seconds No bridge aging-time Seconds Time in seconds. Range 10-630 seconds Port security Clear bridgeClear bridge Following example, the bridge tables are cleared Interface Configuration Ethernet, port-channel mode Port security modePort security mode lock mac-addresses No port security mode Consoleconfig-if#port security forward trap Mac-address a valid MAC address Consoleconfig-if#port security mode mac-addressesPort security routed secure-address No addresses are defined Show bridge address-table Console# show bridge address-table Show bridge address-table static Console# show bridge address-table static Show bridge address-table countVlan Specifies a valid VLAN, such as Vlan Console# show bridge address-table count Show bridge multicast address-table Console# show bridge multicast address-table Console# show bridge multicast address-table format ip Show bridge multicast filteringShow bridge multicast filtering vlan-id Console# show bridge multicast filtering Show ports security Console# show ports security Show ports security addressesFollowing table describes the fields shown above Console# show ports security addresses Address Table Commands Ip access-list name No ip access-list name ACL CommandsIp access-list IP Protocol Abbreviated Name Protocol Number Permit ip ACL Commands Deny IP IP-Access List Configuration modeNo IPv4 ACL is defined Deny-icmp Deny-igmp Deny-tcp deny-udp Mac access-list Default for all ACLs is deny all Mac access-list name No mac access-list nameFollowing example shows how to create a MAC ACL Permit MAC No MAC ACL is defined MAC-Access List Configuration modeDeny MAC This command has no default configuration Show access-lists Service-aclService-acl input acl-name No service-acl input Show access-lists name Following example displays access lists defined on a device Show interfaces access-listsConsole# show access-lists Name The name of the ACL Console# show interfaces access-lists Clock set Clock Commands Clock timezone Clock sourceSntp Sntp servers No external clock source Clock set to UTC Clock summer-timeNo clock timezone No clock summer-time recurring No authentication key is defined Sntp authentication-key Sntp authenticate no sntp authenticate Sntp authenticate Following example authenticates key Sntp client poll timerSntp trusted-key Sntp trusted-key key-number No sntp trusted-key key-number Sntp client poll timer seconds No sntp client poll timer Sntp broadcast client enableSntp broadcast client is disabled Seconds Polling interval in seconds. Range Following example enables the Sntp broadcast clients Sntp anycast client enableSntp anycast client enable No sntp anycast client enable Sntp anycast client is disabled Following example enables Sntp anycast clients Sntp client enable InterfaceSntp client is disabled on an interface Interface Configuration Ethernet, port-channel, Vlan mode Sntp unicast client enable No sntp unicast client enable Sntp unicast client enableSntp unicast client is disabled Sntp unicast client poll Consoleconfig# sntp unicast client poll Polling is disabledSntp server No sntp server host Show clock detail Detail Shows timezone and summertime configurationShow clock Console# show clock Show sntp configurationShow sntp configuration Show sntp status Console# show sntp configurationShow sntp status Console# show sntp status Following example shows the status of the Sntp Copy Configuration and Image File Commands Copying an Image File from a Server to Flash Memory Copying a Boot File from a Server to Flash Memory Delete url Storing the Running or Startup Configuration on a ServerDelete Sys, *.prv, image-1 and image-2 files cannot be deleted Boot systemBoot system image-1 image-2 Console# boot system image-1 Show running-configShow running-config Console# show running-config Show startup-configShow startup-config Console# show startup-config Show backup-configShow backup-config Console# show backup-config Show bootvarShow bootvar Console# show bootvar Configuration and Image File Commands Interface ethernet Ethernet Configuration CommandsInterface range ethernet Interface ethernet interface Shutdown No shutdown ShutdownInterface range ethernet port-listall Description string No description Description Following example adds a description to Ethernet port SpeedSpeed 10 100 No speed Maximum port capability Duplex Interface Configuration Ethernet modeDuplex half full No duplex Interface is set to full duplex No negotiation Consoleconfig# interface ethernet ext.1Negotiation Flowcontrol auto on off No flowcontrol Flowcontrol Following example, automatic crossover is enabled on port Default setting is onMdix Mdix on auto No mdix Port jumbo-frame Back-pressureBack-pressure No back-pressure Port jumbo-frame No port jumbo-frame Global Configuration Jumbo frames are disabled on the deviceFollowing example, jumbo frames are enabled on the device Clear counters Following example, the counters for interface 1 are cleared Set interface activeFollowing example reactivates interface Console# clear counters ethernet ext.2 Console# show interfaces advertise Show interfaces advertiseFollowing example displays auto-negotiation information Console# show interfaces configuration Show interfaces configuration Show interfaces status Show interfaces description Console# show interfaces description Show interfaces countersInterface a valid Ethernet port. Full syntax unit/port Console# show interfaces counters Console# show interfaces counters ethernet ext.1 Following example displays counters for Ethernet portFollowing table describes the fields shown in the display Show ports jumbo-frame This command is relevant to Giga devices onlyShow ports jumbo-frame Console# show port jumbo-frame Port storm-control include-multicast GC Following example enables counting multicast packetsPort storm-control include-multicast IC Multicast packets are not counted Broadcast storm control is disabled Port storm-control broadcast enable Port storm-control broadcast rate Default storm control broadcast rate is 3500 Kbits/Sec Show ports storm-control Following example displays the storm control configurationShow ports storm-control interface Console# show ports storm-control Disabled 3500 Broadcast Gvrp enable Global Gvrp CommandsGvrp enable Interface Gvrp enable No gvrp enable Gvrp is disabled on all interfaces Garp timerFollowing example enables Gvrp on Ethernet port Garp timer join leave leaveall timervalue No garp timer Gvrp vlan-creation-forbid No gvrp vlan-creation-forbid Consoleconfig# interface ethernet ext.6Gvrp vlan-creation-forbid Gvrp registration-forbid Dynamic Vlan creation or modification is enabledGvrp registration-forbid No gvrp registration-forbid Dynamic registration of VLANs on the port is allowed Console# clear gvrp statistics ethernet ext.1 Clear gvrp statistics Privieged Exec mode Show gvrp configurationFollowing example displays Gvrp configuration information Console# show gvrp configuration Console# show gvrp statistics Show gvrp statisticsFollowing example shows Gvrp statistical information Following example displays Gvrp statistical information Show gvrp error-statisticsConsole# show gvrp error-statistics Ip igmp snooping Global Igmp Snooping CommandsIp igmp snooping Interface Ip igmp snooping No ip igmp snooping Ip igmp snooping mrouter learn-pim-dvmrp Following example enables Igmp snooping on VlanAutomatic learning of multicast device ports is enabled Default host-time-out is 260 seconds Time-out- Specifies the host timeout in seconds. RangeConsoleconfig-if#ip igmp snooping mrouter learn-pim-dvmrp Ip igmp snooping host-time-out Ip igmp snooping mrouter-time-out Default value is 300 secondsConsoleconfig-if#ip igmp snooping host-time-out Ip igmp snooping leave-time-out Default leave-time-out configuration is 10 secondsConsoleconfig-if#ip igmp snooping mrouter-time-out Show ip igmp snooping mrouter Consoleconfig-if#ip igmp snooping leave-time-outShow ip igmp snooping mrouter interface vlan-id Vlan-id Specifies the Vlan number Show ip igmp snooping interface vlan-id Show ip igmp snooping interface Console# show ip igmp snooping interface Show ip igmp snooping groups Console# show ip igmp snooping groups Igmp Snooping Commands Interface Configuration Ethernet, VLAN, port-channel mode IP Address CommandsIp address Ip address ip-address mask prefix-length Ip address dhcp hostname host-name No ip address dhcp Ip address dhcp No default gateway is defined Ip default-gatewayIp default-gateway ip-address No ip default-gateway Show ip interface This command is only operational in Switch modeFollowing example defines default gateway Console# show ip interface Arp Default timeout is 60000 seconds Arp timeoutArp timeout seconds No arp timeout Show arp Clear arp-cacheClear arp-cache Console# clear arp-cache Show arp Ip domain-lookupFollowing example displays entries in the ARP table Ip domain-lookup No ip domain-lookup Ip domain-name name No ip domain-name Default domain name is not definedIp domain-name Server-address- Specifies IP addresses of the name server Ip name-serverNo name server addresses are specified Following example sets the available name server Clear host Ip hostNo ip host name No host is defined Console# clear host Clear host dhcpClear host dhcp name Show hosts name Show hostsName Specifies the host name. Range 1-158 characters Console# clear host dhcp Console# show hosts Following example displays host information Lacp system-priority Lacp CommandsLacp port-priority Lacp system-priority value No lacp system-priority Lacp port-priority value No lacp port-priority Lacp timeoutLacp timeout long short no lacp timeout Show lacp ethernet Short Specifies the short timeout valueDefault port timeout value is long Console# show lacp ethernet ext.1 Following example display Lacp information for Ethernet port Show lacp port-channel Console# show lacp port-channel Show lacp port-channel portchannelnumberPortchannelnumber Valid port-channel number This command has no user guidelines Line CommandsLine Show line Show line telnet ssh Exec mode Line Commands Line Commands Management access-list Management ACL CommandsManagement access-list name No management access-list name Name Access list name. Range 1-32 characters Consoleconfig# management access-class mlist Consoleconfig# management access-list mlist Management Access-list Configuration mode If no permit rule is defined, the default is set to deny Deny Management Management access-class Following example displays the mlist management access list Show management access-list name Console# show management access-class Show management access-class Management ACL Commands Test copper-port tdr PHY Diagnostics CommandsTest copper-port tdr interface Console# test copper-port tdr ext.3 Show copper-ports tdr User Exec modeShow copper-ports tdr interface Maximum length of the cable for the TDR test is 120 meters Show copper-ports cable-length Port must be active and working in 100M or 1000M modeShow copper-ports cable-length interface Console show copper-ports cable-length PHY Diagnostics Commands Consoleconfig# interface port-channel Port Channel CommandsInterface port-channel Interface port-channel port-channel-number Interface range port-channel Consoleconfig# interface range port-channel 1-2,6Channel-group Interface range port-channel port-channel-rangeall Show interfaces port-channel port-channel-number Show interfaces port-channelPort is not assigned to a port-channel Console# show interfaces port-channel Following example displays information on all port-channels Monitors both received and transmitted packets Port Monitor Commands Port monitor vlan-tagging Console config-if#port monitor vlan-taggingPort monitor vlan-tagging No port monitor vlan-tagging Ingress mirrored packets are transmitted untagged Console show ports monitor Show ports monitorShow ports monitor Port Monitor Commands Qos basic advanced service No qos QoS CommandsQoS basic mode is enabled Following example enables QoS on the device Show qos Trust mode is displayed if QoS is enabled in basic modeShow qos aggregate-policer Show qos Console# show qos aggregate-policer policer1 Show qos interfaceThere are no user guidelines Console# show qos interface ethernet 1 buffers There is no default configuration for this command Show qos map Show qos map User Exec mode command displays all QoS mapsShow qos map dscp-queue Dscp-queue- Indicates the Dscp to queue map Following example displays the Dscp port-queue map Class-mapClass-map class-map-namematch-all match-any Console show qos map Show class-map class-map-name By default, the match-allparameter is selectedShow class-map Match Match access-group acl-name No match access-group acl-nameFollowing example shows the class map for class1 Acl-name- Specifies the name of an IP or MAC ACL Policy-map-name- Specifies the name of the policy map Class-map Configuration modePolicy-map No policy map is defined Class Show policy-map Policy-map Configuration modeShow policy-mapUser Exec command displays the policy maps Trust cos-dscp Policy-map Class Configuration modeFollowing example displays all policy maps Trust cos-dscp No trust cos-dscp No set Set No police Police Service-policy input policy-map-name No service-policy input Service-policy No aggregate policer is define Qos aggregate-policerNo qos aggregate-policer Exceed-action drop Console show qos aggregate-policer policer1 Police aggregate No wrr-queue cos-map queue-id Wrr-queue cos-map No wrr-queue bandwidth Wrr-queue bandwidthFollowing example maps CoS 7 to queue Priority-queue out num-of-queues number-of-queues Priority-queue out num-of-queues Traffic-shape Consoleconfig# priority-queue out num-of-queuesNo priority-queue out num-of-queues All queues are expedite queues No shape is defined Ethernet Notify Q depth Qid Size 125 Qos wrr-queue threshold Qos map policed-dscp Console config# qos wrr-queue threshold gigabitethernet 1No qos wrr-queue threshold tengigabitethernet queue-id Percent for all thresholds Dscp values 3,11,19… cannot be remapped to other values Consoleconfig# qos map policed-dscp 3 toQos map dscp-queue Qos trust Global Following table describes the default mapFollowing example maps Dscp values 33, 40 and 41 to queue Qos trust cos dscp no qos trust Qos trust No qos trust CoS is the default trust modeQos trust Interface No qos cos Default CoS value of a port isQos cos Qos dscp-mutation No qos dscp-mutation Following example configures port 15 default CoS value toQos dscp-mutation Qos map dscp-mutation QoS Commands QoS Commands Console# show rmon statistics ethernet ext.1 Rmon CommandsShow rmon statistics Rmon Commands Rmon collection history Show rmon collection history Cannot be configured for a range of interfaces Range context Console# show rmon collection history Show rmon history Console# show rmon history 1 throughput Console# show rmon history 1 errors Console# show rmon history 1 other No rmon alarm index Rmon alarm Type is absolute Startup direction is rising-falling Show rmon alarm-table Show rmon alarm-tableFollowing example displays the alarms table Console# show rmon alarm-table Show rmon alarm number Show rmon alarmNumber Specifies the alarm index. Range Following example displays Rmon 1 alarms Last Sample Value Rmon event Show rmon events Show rmon events Following example displays the Rmon event table Show rmon logShow rmon log event Event Specifies the event index. Range Console# show rmon log Following example displays the Rmon log table History table size is Log table size is Consoleconfig# rmon table-size historyRmon table-size Radius-server host Radius CommandsNo radius-server host ip-addresshostname No Radius server host is specified Radius-server key key-string No radius-server key Radius-server key Software searches the list of Radius server hosts 3 times Radius-server retransmitKey-string is an empty string Source Specifies a valid source IP address Consoleconfig# radius-server retransmitRadius-server source-ip Consoleconfig# radius-server timeout Radius-server timeoutTimeout value is 3 seconds Consoleconfig# radius-server deadtime Deadtime setting isRadius-server deadtime Show radius-servers Console# show radius-servers Following example displays Radius server settingsShow radius-servers Radius Commands Ip http server Web Server CommandsIp http port Ip http server No ip http server Ip http exec-timout minutes seconds no ip http exec-timout Ip http exec-timeoutNo ip http port Disabled Default timout is 10 minutesIp https server Ip https server No ip https server Following example configures the https port number to Ip https exec-timeoutIp https port Ip https port port-number No ip https port No ip https exec-timout Crypto certificate generate Following example regenerates an Https certificate Consoleconfig# crypto certificate 1 generate key-generateCrypto certificate request There is no default configuration for this command Crypto certificate number import Crypto certificate importNumber Specifies the certificate number. Range Console# crypto certificate 1 request Ip https certificate number No ip https certificate Consoleconfig# crypto certificate 1 importIp https certificate Show crypto certificate mycertificate Consoleconfig# ip https certificateCertificate number Show crypto certificate mycertificate number Following example displays the certificate Show ip httpShow ip http Console# show crypto certificate mycertificate Show ip https Following example displays the Http server configurationShow ip https Console# show ip http Web Server Commands Web Server Commands No communities are defined Snmp CommandsSnmp-server community Snmp-server view No view entry exists Snmp-server group No group entry exists No snmp-server group groupname v1 v2 v3 noauth auth priv No snmp-server user username remote engineid-string Snmp-server user Snmp-server engineID local Parameters Snmp-server enable traps No snmp-server enable traps Snmp-server enable trapsSnmp traps are enabled Following example enables Snmp traps No filter entry exists Snmp-server filter Snmp-server host Snmp-server v3-host Snmp-server trap authentication Snmp-server trap authenticationFollowing example configures an SNMPv3 host Snmp failed authentication traps are enabled No snmp-server trap authenticationFollowing example enables Snmp failed authentication traps Snmp-server contact Snmp-server location text No snmp-server location Snmp-server locationIntelTechnicalSupport Following example defines the device location as NewYork Snmp-server set Following example displays the Snmp communications status Show snmpShow snmp Show snmp engineID Show snmp engineid Following example displays the Snmp engine ID Show snmp viewsShow snmp views viewname Viewname Specifies the name of the view. Range Show snmp groups Following example displays the configuration of viewsShow snmp groups groupname Groupname-Specifies the name of the group. Range Following table describes significant fields shown above Show snmp filtersShow snmp filters filtername Filtername-Specifies the name of the filter. Range Show snmp users Following example displays the configuration of filtersShow snmp users username Username-Specifies the name of the user. Range Console# show snmp users Spanning-tree mode Spanning-Tree CommandsSpanning-tree mode stp rstpmstp Spanning-tree STP is enabled No spanning-tree modeConsoleconfig# spanning-tree mode rstp Spanning-tree forward-time Seconds Time in seconds. Range Consoleconfig# spanning-tree forward-time Spanning-tree max-age seconds No spanning-tree max-age Consoleconfig# spanning-tree hello-timeSpanning-tree max-age Spanning-tree priority Following example configures spanning tree priority toForward-Time 1 = Max-Age Max-Age = 2*Hello-Time + Spanning-tree priority priority No spanning-tree priority Spanning-tree disable No spanning-tree disable Spanning-tree disableSpanning-tree cost Spanning-tree cost cost No spanning-tree cost Cost Path cost of the port Range 1-200,000,000 Spanning-tree port-priority PortFast mode is disabled Default port priority for Ieee Spanning TreeProtocol STP isConsoleconfig-if#spanning-tree port-priority Spanning-tree portfast Spanning-tree link-type Following example enables PortFast on Ethernet portConsoleconfig-if#spanning-tree portfast Short path cost method Consoleconfig-if#spanning-tree link-type sharedSpanning-tree pathcost method Default setting is flooding Following example sets the default path cost method to longSpanning-tree bpdu Spanning-tree bpdu filtering flooding No spanning-tree bpdu Spanning-tree mst instance-idpriority priority Clear spanning-tree detected-protocolsSpanning-tree mst priority No spanning-tree mst instance-idpriority Console config # spanning-tree mst 1 prioritySpanning-tree mst max-hops Spanning-tree mst port-priority Default number of hops isConsole config # spanning-tree mst max-hops Spanning-tree mst cost Consoleconfig-if#spanning-tree mst 1 port-priority Spanning-tree mst configuration Spanning-tree mst configurationFollowing example configures an MST region Consoleconfig# spanning-tree mst configuration Instance mst MST Configuration modeInstance instance-idadd remove vlan vlan-range Following example maps VLANs 10-20 to MST instance Following example defines the configuration name as region1 Default name is a radlanguestName mst Revision mst Default configuration revision number is Value Configuration revision number RangeFollowing example sets the configuration revision to Show mst Exit Exit mst Abort Abort mstSpanning-tree guard root Show spanning-tree Root guard is disabledSpanning-tree guard root No spanning-tree guard root Interface -number- a valid Ethernet port Console# show spanning-tree Following example displays spanning-tree information FWD Console# show spanning-tree active Console# show spanning-tree blockedports Console# show spanning-tree detail Port 3 disabled State N/A Role N/A Port id Console# show spanning-tree ethernet ext.1 Console# show spanning-tree mst-configuration Rstp Times hold 1, topology change 35, notification Designated port id Designated path cost Port Enabled State Forwarding Role Boundary Port id This switch is root for CST and IST master Hello Time 2 sec Max Age 20 sec Spanning-Tree Commands Ip ssh port SSH CommandsIp ssh server Ip ssh port port-number No ip ssh port DSA key pairs do not exist Device configuration from a SSH server is disabledCrypto key generate dsa Crypto key generate rsa Consoleconfig# crypto key generate dsaFollowing example generates DSA key pairs Crypto key generate rsa Ip ssh pubkey-auth AAA authentication is independentFollowing example generates RSA key pairs Ip ssh pubkey-auth No ip ssh pubkey-auth No keys are specified Crypto key pubkey-chain ssh Consoleconfig# crypt\o key pubkey-chain ssh SSH Public Key-string Configuration modeUser-key No SSH public keys exist Key-string Show ip ssh Consoleconfig# crypto key pubkey-chain sshShow ip ssh Show crypto key mypubkey Following example displays the SSH server configurationShow crypto key mypubkey rsa dsa Rsa Indicates the RSA key Dsa Indicates the DSA key Console# show crypto key mypubkey rsa Show crypto key pubkey-chain ssh Console# show crypto key pubkey-chain ssh username bob Console# show crypto key pubkey-chain ssh SSH Commands Logging is enabled Syslog CommandsFollowing example enables logging error messages Logging on Logging Consoleconfig# logging buffered debugging Default severity level is informationalLogging buffered Logging buffered level No logging buffered This command takes effect only after Reset Default number of messages isConsoleconfig# logging buffered size Logging buffered size Logging file Default severity level is errorsClear logging Logging file level No logging file Clear logging file Consoleconfig# logging file alertsClear logging file Following example clears messages from the logging file Aaa logging Aaa logging login no aaa logging loginFile-system logging File-system logging copy Consoleconfig# file-system logging copy Logging file system events is enabledManagement logging Management logging deny No management logging deny Consoleconfig# management logging deny Logging management ACL events is enabledShow logging Show logging AAA Console# show logging Console# show logging file Show logging fileShow logging file Show syslog-servers Show syslog-servers Console# show syslog-servers Syslog Commands Ping System Management Commands Following example displays pinging results Traceroute Syntax Probe timed out Telnet Default port is the Telnet port decimal23 on the host Keywords Table Special Telnet Sequences Ports Table Resume Following command switches to open Telnet session numberReload Connection The connection number. Range 1-4 connections Reload HostnameFollowing example reloads the operating system Hostname name No hostname Following example specifies the device host name Show usersShow users Console show users Show sessions Show sessionsFollowing example lists open Telnet sessions Console show sessions Console# show system Show systemShow system Show system id Privilaged Exec modeShow system id unit unit Unit unit Unit number Console show system id Show system flowcontrolShow system flowcontrol Show system mode Show system modePriviledged Exec mode Following example displays information on features control Service cpu-utilization No service cpu-utilization Service cpu-utilizationShow version Console show version Consoleconfig# service cpu-utilization This example enables measuring CPU utilizationShow cpu utilization Show cpu utilization Console# show cpu utilization No tacacs-server host ip-addresshostname TACACS+ CommandsTacacs-server host Following example specifies a TACACS+ host Tacacs-server keyTacacs-server key key-string No tacacs-server key Empty string Following example sets the authentication encryption key Tacacs-server timeoutFollowing example sets the timeout value to Consoleconfig# tacacs-server timeout Show tacacs Tacacs-server source-ipSource Specifies the source IP address Following example specifies the source IP address Console# show tacacs Ip-address Name or IP address of the TACACS+ server TACACS+ Commands Disable User Interface CommandsEnable Following example return to Users Exec mode LoginLogin User Exec mode command changes a login username Login Following example enters Global Configuration mode ConfigureConfigure Exit Exit ConfigurationAll configuration modes Privileged and User Exec modes EndFollowing example closes an active terminal session End Help All command modesTerminal datadump Help Show history Dumping is disabledTerminal datadump No terminal datadump Show history Show privilege Show privilegeConsole# show version Console# show history Console# show privilege Command The command to be executed Console Config# do show vlan Following example enters the Vlan database mode Vlan CommandsVlan database Vlan Interface vlan Vlan Configuration modeFollowing example Vlan number 1972 is created Interface vlan vlan-id All All existing static VLANs Interface range vlanInterface range vlan vlan-rangeall No name NameNo name is defined Following example gives Vlan number 19 the name Marketing Consoleconfig-if#switchport protected ethernet ext.1 Switchport protectedSwitchport protected is disabled Switchport mode access trunk general No switchport mode Switchport modeSwitchport access vlan All ports belong to Vlan Switchport trunk allowed vlanSwitchport trunk allowed vlan add vlan-listremove vlan-list Vlan-id- Specifies the ID of the native Vlan Switchport trunk native vlan VID=1 Switchport general allowed vlan Vlan-id- Specifies the Pvid Port Vlan ID Switchport general pvid Ingress filtering is enabled Switchport general ingress-filtering disable Switchport forbidden vlan Switchport general acceptable-frame-type tagged-onlySwitchport forbidden vlan add vlan-listremove vlan-list All frame types are accepted at ingress All VLANs are allowed Ip internal-usage-vlanIp internal-usage-vlan vlan-id No ip internal-usage-vlan Vlan-id- Specifies the ID of the internal usage Vlan Show vlan Consoleconfig-if#ip internal-usage-vlanShow vlan id vlan-idname vlan-name Vlan-id- specifies a Vlan ID Show vlan internal usage Show vlan internal usageFollowing example displays all Vlan information Console# show vlan internal usage Show interfaces switchport VLAN011 Console# show interface switchport ethernet ext.1 Pvid Map protocol protocol encapsulation protocols-group group Map protocol protocols-group Vlan Database mode Switchport general map protocols-group vlanFollowing protocol names are reserved Following example maps protocol ip-arp to the group named Map mac macs-group Console config-if#switchport general map macs-group 1 vlan Switchport general map macs-group vlan Map subnet subnets-group Switchport general map subnets-group vlan Show vlan protocols-groups Console# show vlan protocols-groups Show vlan macs-groups Show vlan subnets-groups Following example shows subnets-groups information Vlan Commands Aaa authentication dot1x 29 802.1x CommandsNo authentication method is defined Method1 method2... At least one from the following table Following example enables 802.1x globally 802.1x is disabled globallyDot1x system-auth-control Dot1x port-control Port is in the force-authorized state Interface Configuration EthernetConsoleconfig-if#dot1x port-control auto Dot1x timeout re-authperiod Dot1x re-authenticationDot1x re-authentication No dot1x re-authentication Periodic re-authentication is disabled Re-authentication period is 3600 seconds Dot1x re-authenticateDot1x re-authenticate ethernet interface Consoleconfig-if#dot1x timeout re-authperiod Quiet period is 60 seconds Dot1x timeout quiet-periodConsole# dot1x re-authenticate ethernet ext.16 Dot1x timeout tx-period seconds No dot1x timeout tx-period Dot1x timeout tx-periodTimeout period is 30 seconds Consoleconfig-if#dot1x timeout quiet-period Dot1x max-req count No dot1x max-req Default number of times isDot1x max-req Default timeout period is 30 seconds Dot1x timeout supp-timeout Consoleconfig-if#dot1x timeout server-timeout Dot1x timeout server-timeoutConsoleconfig-if# dot1x timeout supp-timeout Console# show dot1x Show dot1xShow dot1x ethernet interface Console# show dot1x ethernet ext.3 Username Supplicant username Range 1-160 characters Show dot1x usersShow dot1x users username username Console# show dot1x users username Bob Following example displays 802.1x usersConsole# show dot1x users Console# show dot1x statistics ethernet ext.1 Show dot1x statisticsShow dot1x statistics ethernet interface Dot1x auth-not-req No dot1x auth-not-req Dot1x auth-not-req Multiple hosts are disabled Access is enabledConsoleconfig-if# dot1x auth-not-req Dot1x multiple-hosts Dot1x single-host-violation Dot1x guest-vlan Consoleconfig-if#dot1x single-host-violation forward trapNo traps are sent Dot1x guest-vlan No dot1x guest-vlan Following example defines Vlan 2 as a guest Vlan Dot1x guest-vlan enable Show dot1x advanced Consoleconfig-if#dot1x guest-vlan enableShow dot1x advanced ethernet interface Console# show dot1x advanced Console# show dot1x advanced ethernet ext.1 World Wide Web Telephone Appendix a Getting HelpFinland Holland Cambodia AustraliaMyanmar New Zealand 0800 444 Uruguay EcuadorPanama