Dot1x single-host-violation

802.1x Commands

User Guidelines

This command enables the attachment of multiple clients to a single 802.1x-enabled port. In this mode, only one of the attached hosts must be successfully authorized for all hosts to be granted network access. If the port becomes unauthorized, all attached clients are denied access to the network.

For unauthenticated VLANs, multiple hosts are always enabled.

Multiple-hosts must be enabled to enable port security on the port.

Example

The following command enables multiple hosts (clients) on an 802.1x-authorized port.

Console(config-if)# dot1x multiple-hosts

The dot1x single-host-violationInterface Configuration mode command configures the action to be taken, when a station whose MAC address is not the supplicant MAC address, attempts to access the interface. Use the no form of this command to return to default.

Syntax

dot1x single-host-violation {forward discard discard-shutdown} [trap seconds] no port dot1x single-host-violation

Parameters

•forward — Forwards frames with source addresses that are not the supplicant address, but does not learn the source addresses.

•discard — Discards frames with source addresses that are not the supplicant address.

•discard-shutdown— Discards frames with source addresses that are not the supplicant address. The port is also shut down.

•trap — Indicates that SNMP traps are sent.

•seconds — Specifies the minimum amount of time in seconds between consecutive traps. (Range: 1- 1000000)

Default Configuration

Frames with source addresses that are not the supplicant address are discarded.

400Intel® Blade Server Ethernet Switch Modules SBCEGBESW1 and SBCEGBESW10 CLI Guide

Page 416

Image 416

Intel SBCEGBESW10 CLI manual Dot1x single-host-violation

Contents

Guide for System Administrators of Intel Server Products Disclaimer Important Safety Instructions Wichtige SicherheitshinweiseConsignes de sécurité Instrucciones de seguridad importantesPage About this Manual Manual OrganizationPage Contents ACL Commands Gvrp Commands Line Commands 141 QoS Commands Radius Commands 215 Spanning-Tree Commands System Management Commands 321 Vlan Commands Appendix a Getting Help 405 Using CLI Overview Privileged Exec Mode Command in the Global Configuration mode Interface Configuration and Specific Configuration Modes Starting the CLI Negating the Effect of Commands Nomenclature CLI Command Conventions Using CLI Global Configuration mode AAA CommandsAaa authentication login Aaa authentication enable Following example configures the authentication login Login authentication Consoleconfig# aaa authentication enable default enable Consoleconfig-line#login authentication default Enable authenticationLine Configuration mode Consoleconfig-line#enable authentication default Ip http authenticationThere are no user guidelines for this command Ip https authentication Following example configures the Http authentication Show authentication methods Show authentication methodsFollowing example configures Https authentication Password This command has no default configurationPrivileged Exec mode Following example displays the authentication configuration Enable password No password is defined No enable password is defined Consoleconfig# enable password secret levelUsername No user is defined User account can be created without a password AAA Commands Address Table Commands Bridge address Interface Configuration Vlan mode Folowing example, bridge multicast filtering is enabled Consoleconfig# bridge multicast filteringBridge multicast filtering Bridge multicast filtering No bridge multicast filtering Bridge multicast address No multicast addresses are defined No forbidden addresses are defined Bridge multicast forbidden addressFollowing example registers the MAC address This setting is disabled Command Mode Bridge multicast forward-all This example, all multicast packets on port 1 are forwarded This setting is disabledBridge multicast forbidden forward-all Default setting is 300 seconds Bridge aging-timeBridge aging-time seconds No bridge aging-time Seconds Time in seconds. Range 10-630 seconds Clear bridge Port securityClear bridge Following example, the bridge tables are cleared Port security mode Interface Configuration Ethernet, port-channel modePort security mode lock mac-addresses No port security mode Consoleconfig-if#port security forward trap Mac-address a valid MAC address Consoleconfig-if#port security mode mac-addressesPort security routed secure-address Show bridge address-table No addresses are defined Show bridge address-table static Console# show bridge address-table Console# show bridge address-table static Show bridge address-table countVlan Specifies a valid VLAN, such as Vlan Show bridge multicast address-table Console# show bridge address-table count Console# show bridge multicast address-table Console# show bridge multicast address-table format ip Show bridge multicast filteringShow bridge multicast filtering vlan-id Show ports security Console# show bridge multicast filtering Console# show ports security Show ports security addressesFollowing table describes the fields shown above Console# show ports security addresses Address Table Commands Ip access-list name No ip access-list name ACL CommandsIp access-list Permit ip IP Protocol Abbreviated Name Protocol Number ACL Commands IP-Access List Configuration mode Deny IPNo IPv4 ACL is defined Deny-icmp Deny-igmp Deny-tcp deny-udp Mac access-list Mac access-list name No mac access-list name Default for all ACLs is deny allFollowing example shows how to create a MAC ACL Permit MAC No MAC ACL is defined MAC-Access List Configuration modeDeny MAC This command has no default configuration Service-acl Show access-listsService-acl input acl-name No service-acl input Show access-lists name Show interfaces access-lists Following example displays access lists defined on a deviceConsole# show access-lists Name The name of the ACL Console# show interfaces access-lists Clock Commands Clock set Clock source Clock timezoneSntp Sntp servers No external clock source Clock set to UTC Clock summer-timeNo clock timezone No clock summer-time recurring Sntp authentication-key No authentication key is defined Sntp authenticate Sntp authenticate no sntp authenticate Sntp client poll timer Following example authenticates keySntp trusted-key Sntp trusted-key key-number No sntp trusted-key key-number Sntp broadcast client enable Sntp client poll timer seconds No sntp client poll timerSntp broadcast client is disabled Seconds Polling interval in seconds. Range Sntp anycast client enable Following example enables the Sntp broadcast clientsSntp anycast client enable No sntp anycast client enable Sntp anycast client is disabled Sntp client enable Interface Following example enables Sntp anycast clientsSntp client is disabled on an interface Interface Configuration Ethernet, port-channel, Vlan mode Sntp unicast client enable Sntp unicast client enable No sntp unicast client enableSntp unicast client is disabled Sntp unicast client poll Polling is disabled Consoleconfig# sntp unicast client pollSntp server No sntp server host Show clock detail Detail Shows timezone and summertime configurationShow clock Console# show clock Show sntp configurationShow sntp configuration Show sntp status Console# show sntp configurationShow sntp status Following example shows the status of the Sntp Console# show sntp status Configuration and Image File Commands Copy Copying a Boot File from a Server to Flash Memory Copying an Image File from a Server to Flash Memory Delete url Storing the Running or Startup Configuration on a ServerDelete Sys, *.prv, image-1 and image-2 files cannot be deleted Boot systemBoot system image-1 image-2 Console# boot system image-1 Show running-configShow running-config Console# show running-config Show startup-configShow startup-config Console# show startup-config Show backup-configShow backup-config Console# show backup-config Show bootvarShow bootvar Console# show bootvar Configuration and Image File Commands Ethernet Configuration Commands Interface ethernetInterface range ethernet Interface ethernet interface Shutdown No shutdown ShutdownInterface range ethernet port-listall Description Description string No description Speed Following example adds a description to Ethernet portSpeed 10 100 No speed Maximum port capability Interface Configuration Ethernet mode DuplexDuplex half full No duplex Interface is set to full duplex No negotiation Consoleconfig# interface ethernet ext.1Negotiation Flowcontrol Flowcontrol auto on off No flowcontrol Default setting is on Following example, automatic crossover is enabled on portMdix Mdix on auto No mdix Back-pressure Port jumbo-frameBack-pressure No back-pressure Port jumbo-frame No port jumbo-frame Jumbo frames are disabled on the device Global ConfigurationFollowing example, jumbo frames are enabled on the device Clear counters Set interface active Following example, the counters for interface 1 are clearedFollowing example reactivates interface Console# clear counters ethernet ext.2 Console# show interfaces advertise Show interfaces advertiseFollowing example displays auto-negotiation information Show interfaces configuration Console# show interfaces configuration Show interfaces status Show interfaces description Console# show interfaces description Show interfaces countersInterface a valid Ethernet port. Full syntax unit/port Console# show interfaces counters Console# show interfaces counters ethernet ext.1 Following example displays counters for Ethernet portFollowing table describes the fields shown in the display This command is relevant to Giga devices only Show ports jumbo-frameShow ports jumbo-frame Console# show port jumbo-frame Following example enables counting multicast packets Port storm-control include-multicast GCPort storm-control include-multicast IC Multicast packets are not counted Port storm-control broadcast enable Broadcast storm control is disabled Default storm control broadcast rate is 3500 Kbits/Sec Port storm-control broadcast rate Following example displays the storm control configuration Show ports storm-controlShow ports storm-control interface Console# show ports storm-control Disabled 3500 Broadcast Gvrp Commands Gvrp enable GlobalGvrp enable Interface Gvrp enable No gvrp enable Garp timer Gvrp is disabled on all interfacesFollowing example enables Gvrp on Ethernet port Garp timer join leave leaveall timervalue No garp timer Gvrp vlan-creation-forbid No gvrp vlan-creation-forbid Consoleconfig# interface ethernet ext.6Gvrp vlan-creation-forbid Dynamic Vlan creation or modification is enabled Gvrp registration-forbidGvrp registration-forbid No gvrp registration-forbid Dynamic registration of VLANs on the port is allowed Clear gvrp statistics Console# clear gvrp statistics ethernet ext.1 Show gvrp configuration Privieged Exec modeFollowing example displays Gvrp configuration information Console# show gvrp configuration Console# show gvrp statistics Show gvrp statisticsFollowing example shows Gvrp statistical information Following example displays Gvrp statistical information Show gvrp error-statisticsConsole# show gvrp error-statistics Igmp Snooping Commands Ip igmp snooping GlobalIp igmp snooping Interface Ip igmp snooping No ip igmp snooping Ip igmp snooping mrouter learn-pim-dvmrp Following example enables Igmp snooping on VlanAutomatic learning of multicast device ports is enabled Time-out- Specifies the host timeout in seconds. Range Default host-time-out is 260 secondsConsoleconfig-if#ip igmp snooping mrouter learn-pim-dvmrp Ip igmp snooping host-time-out Ip igmp snooping mrouter-time-out Default value is 300 secondsConsoleconfig-if#ip igmp snooping host-time-out Ip igmp snooping leave-time-out Default leave-time-out configuration is 10 secondsConsoleconfig-if#ip igmp snooping mrouter-time-out Consoleconfig-if#ip igmp snooping leave-time-out Show ip igmp snooping mrouterShow ip igmp snooping mrouter interface vlan-id Vlan-id Specifies the Vlan number Show ip igmp snooping interface Show ip igmp snooping interface vlan-id Show ip igmp snooping groups Console# show ip igmp snooping interface Console# show ip igmp snooping groups Igmp Snooping Commands IP Address Commands Interface Configuration Ethernet, VLAN, port-channel modeIp address Ip address ip-address mask prefix-length Ip address dhcp Ip address dhcp hostname host-name No ip address dhcp No default gateway is defined Ip default-gatewayIp default-gateway ip-address No ip default-gateway Show ip interface This command is only operational in Switch modeFollowing example defines default gateway Arp Console# show ip interface Default timeout is 60000 seconds Arp timeoutArp timeout seconds No arp timeout Clear arp-cache Show arpClear arp-cache Console# clear arp-cache Ip domain-lookup Show arpFollowing example displays entries in the ARP table Ip domain-lookup No ip domain-lookup Ip domain-name name No ip domain-name Default domain name is not definedIp domain-name Ip name-server Server-address- Specifies IP addresses of the name serverNo name server addresses are specified Following example sets the available name server Ip host Clear hostNo ip host name No host is defined Console# clear host Clear host dhcpClear host dhcp name Show hosts Show hosts nameName Specifies the host name. Range 1-158 characters Console# clear host dhcp Following example displays host information Console# show hosts Lacp Commands Lacp system-priorityLacp port-priority Lacp system-priority value No lacp system-priority Lacp port-priority value No lacp port-priority Lacp timeoutLacp timeout long short no lacp timeout Show lacp ethernet Short Specifies the short timeout valueDefault port timeout value is long Following example display Lacp information for Ethernet port Console# show lacp ethernet ext.1 Show lacp port-channel Console# show lacp port-channel Show lacp port-channel portchannelnumberPortchannelnumber Valid port-channel number Line Commands This command has no user guidelinesLine Show line Exec mode Show line telnet ssh Line Commands Line Commands Management ACL Commands Management access-listManagement access-list name No management access-list name Name Access list name. Range 1-32 characters Consoleconfig# management access-list mlist Consoleconfig# management access-class mlist If no permit rule is defined, the default is set to deny Management Access-list Configuration mode Deny Management Management access-class Show management access-list name Following example displays the mlist management access list Show management access-class Console# show management access-class Management ACL Commands PHY Diagnostics Commands Test copper-port tdrTest copper-port tdr interface Console# test copper-port tdr ext.3 User Exec mode Show copper-ports tdrShow copper-ports tdr interface Maximum length of the cable for the TDR test is 120 meters Port must be active and working in 100M or 1000M mode Show copper-ports cable-lengthShow copper-ports cable-length interface Console show copper-ports cable-length PHY Diagnostics Commands Port Channel Commands Consoleconfig# interface port-channelInterface port-channel Interface port-channel port-channel-number Consoleconfig# interface range port-channel 1-2,6 Interface range port-channelChannel-group Interface range port-channel port-channel-rangeall Show interfaces port-channel port-channel-number Show interfaces port-channelPort is not assigned to a port-channel Following example displays information on all port-channels Console# show interfaces port-channel Port Monitor Commands Monitors both received and transmitted packets Console config-if#port monitor vlan-tagging Port monitor vlan-taggingPort monitor vlan-tagging No port monitor vlan-tagging Ingress mirrored packets are transmitted untagged Console show ports monitor Show ports monitorShow ports monitor Port Monitor Commands QoS Commands Qos basic advanced service No qosQoS basic mode is enabled Following example enables QoS on the device Trust mode is displayed if QoS is enabled in basic mode Show qosShow qos aggregate-policer Show qos Console# show qos aggregate-policer policer1 Show qos interfaceThere are no user guidelines There is no default configuration for this command Console# show qos interface ethernet 1 buffers Show qos map User Exec mode command displays all QoS maps Show qos mapShow qos map dscp-queue Dscp-queue- Indicates the Dscp to queue map Class-map Following example displays the Dscp port-queue mapClass-map class-map-namematch-all match-any Console show qos map Show class-map class-map-name By default, the match-allparameter is selectedShow class-map Match access-group acl-name No match access-group acl-name MatchFollowing example shows the class map for class1 Acl-name- Specifies the name of an IP or MAC ACL Policy-map-name- Specifies the name of the policy map Class-map Configuration modePolicy-map Class No policy map is defined Show policy-map Policy-map Configuration modeShow policy-mapUser Exec command displays the policy maps Policy-map Class Configuration mode Trust cos-dscpFollowing example displays all policy maps Trust cos-dscp No trust cos-dscp Set No set Police No police Service-policy Service-policy input policy-map-name No service-policy input No aggregate policer is define Qos aggregate-policerNo qos aggregate-policer Exceed-action drop Police aggregate Console show qos aggregate-policer policer1 Wrr-queue cos-map No wrr-queue cos-map queue-id No wrr-queue bandwidth Wrr-queue bandwidthFollowing example maps CoS 7 to queue Priority-queue out num-of-queues Priority-queue out num-of-queues number-of-queues Consoleconfig# priority-queue out num-of-queues Traffic-shapeNo priority-queue out num-of-queues All queues are expedite queues No shape is defined Ethernet Notify Q depth Qid Size 125 Qos wrr-queue threshold Console config# qos wrr-queue threshold gigabitethernet 1 Qos map policed-dscpNo qos wrr-queue threshold tengigabitethernet queue-id Percent for all thresholds Dscp values 3,11,19… cannot be remapped to other values Consoleconfig# qos map policed-dscp 3 toQos map dscp-queue Following table describes the default map Qos trust GlobalFollowing example maps Dscp values 33, 40 and 41 to queue Qos trust cos dscp no qos trust Qos trust No qos trust CoS is the default trust modeQos trust Interface No qos cos Default CoS value of a port isQos cos Qos dscp-mutation No qos dscp-mutation Following example configures port 15 default CoS value toQos dscp-mutation Qos map dscp-mutation QoS Commands QoS Commands Console# show rmon statistics ethernet ext.1 Rmon CommandsShow rmon statistics Rmon Commands Rmon collection history Cannot be configured for a range of interfaces Range context Show rmon collection history Show rmon history Console# show rmon collection history Console# show rmon history 1 errors Console# show rmon history 1 throughput Console# show rmon history 1 other Rmon alarm No rmon alarm index Type is absolute Startup direction is rising-falling Show rmon alarm-table Show rmon alarm-tableFollowing example displays the alarms table Console# show rmon alarm-table Show rmon alarm Show rmon alarm numberNumber Specifies the alarm index. Range Following example displays Rmon 1 alarms Rmon event Last Sample Value Show rmon events Show rmon events Show rmon log Following example displays the Rmon event tableShow rmon log event Event Specifies the event index. Range Following example displays the Rmon log table Console# show rmon log History table size is Log table size is Consoleconfig# rmon table-size historyRmon table-size Radius Commands Radius-server hostNo radius-server host ip-addresshostname No Radius server host is specified Radius-server key Radius-server key key-string No radius-server key Software searches the list of Radius server hosts 3 times Radius-server retransmitKey-string is an empty string Source Specifies a valid source IP address Consoleconfig# radius-server retransmitRadius-server source-ip Consoleconfig# radius-server timeout Radius-server timeoutTimeout value is 3 seconds Deadtime setting is Consoleconfig# radius-server deadtimeRadius-server deadtime Show radius-servers Console# show radius-servers Following example displays Radius server settingsShow radius-servers Radius Commands Web Server Commands Ip http serverIp http port Ip http server No ip http server Ip http exec-timout minutes seconds no ip http exec-timout Ip http exec-timeoutNo ip http port Default timout is 10 minutes DisabledIp https server Ip https server No ip https server Ip https exec-timeout Following example configures the https port number toIp https port Ip https port port-number No ip https port Crypto certificate generate No ip https exec-timout Following example regenerates an Https certificate Consoleconfig# crypto certificate 1 generate key-generateCrypto certificate request There is no default configuration for this command Crypto certificate import Crypto certificate number importNumber Specifies the certificate number. Range Console# crypto certificate 1 request Ip https certificate number No ip https certificate Consoleconfig# crypto certificate 1 importIp https certificate Consoleconfig# ip https certificate Show crypto certificate mycertificateCertificate number Show crypto certificate mycertificate number Show ip http Following example displays the certificateShow ip http Console# show crypto certificate mycertificate Following example displays the Http server configuration Show ip httpsShow ip https Console# show ip http Web Server Commands Web Server Commands No communities are defined Snmp CommandsSnmp-server community Snmp-server view Snmp-server group No view entry exists No snmp-server group groupname v1 v2 v3 noauth auth priv No group entry exists Snmp-server user No snmp-server user username remote engineid-string Snmp-server engineID local Parameters Snmp-server enable traps Snmp-server enable traps No snmp-server enable trapsSnmp traps are enabled Following example enables Snmp traps Snmp-server filter No filter entry exists Snmp-server host Snmp-server v3-host Snmp-server trap authentication Snmp-server trap authenticationFollowing example configures an SNMPv3 host No snmp-server trap authentication Snmp failed authentication traps are enabledFollowing example enables Snmp failed authentication traps Snmp-server contact Snmp-server location text No snmp-server location Snmp-server locationIntelTechnicalSupport Snmp-server set Following example defines the device location as NewYork Following example displays the Snmp communications status Show snmpShow snmp Show snmp engineid Show snmp engineID Show snmp views Following example displays the Snmp engine IDShow snmp views viewname Viewname Specifies the name of the view. Range Following example displays the configuration of views Show snmp groupsShow snmp groups groupname Groupname-Specifies the name of the group. Range Show snmp filters Following table describes significant fields shown aboveShow snmp filters filtername Filtername-Specifies the name of the filter. Range Following example displays the configuration of filters Show snmp usersShow snmp users username Username-Specifies the name of the user. Range Console# show snmp users Spanning-Tree Commands Spanning-tree modeSpanning-tree mode stp rstpmstp Spanning-tree No spanning-tree mode STP is enabledConsoleconfig# spanning-tree mode rstp Spanning-tree forward-time Consoleconfig# spanning-tree forward-time Seconds Time in seconds. Range Spanning-tree max-age seconds No spanning-tree max-age Consoleconfig# spanning-tree hello-timeSpanning-tree max-age Following example configures spanning tree priority to Spanning-tree priorityForward-Time 1 = Max-Age Max-Age = 2*Hello-Time + Spanning-tree priority priority No spanning-tree priority Spanning-tree disable Spanning-tree disable No spanning-tree disableSpanning-tree cost Spanning-tree cost cost No spanning-tree cost Spanning-tree port-priority Cost Path cost of the port Range 1-200,000,000 Default port priority for Ieee Spanning TreeProtocol STP is PortFast mode is disabledConsoleconfig-if#spanning-tree port-priority Spanning-tree portfast Spanning-tree link-type Following example enables PortFast on Ethernet portConsoleconfig-if#spanning-tree portfast Short path cost method Consoleconfig-if#spanning-tree link-type sharedSpanning-tree pathcost method Following example sets the default path cost method to long Default setting is floodingSpanning-tree bpdu Spanning-tree bpdu filtering flooding No spanning-tree bpdu Spanning-tree mst instance-idpriority priority Clear spanning-tree detected-protocolsSpanning-tree mst priority No spanning-tree mst instance-idpriority Console config # spanning-tree mst 1 prioritySpanning-tree mst max-hops Spanning-tree mst port-priority Default number of hops isConsole config # spanning-tree mst max-hops Consoleconfig-if#spanning-tree mst 1 port-priority Spanning-tree mst cost Spanning-tree mst configuration Spanning-tree mst configurationFollowing example configures an MST region Consoleconfig# spanning-tree mst configuration MST Configuration mode Instance mstInstance instance-idadd remove vlan vlan-range Following example maps VLANs 10-20 to MST instance Default name is a radlanguest Following example defines the configuration name as region1Name mst Revision mst Value Configuration revision number Range Default configuration revision number isFollowing example sets the configuration revision to Show mst Exit mst Exit Abort Abort mstSpanning-tree guard root Root guard is disabled Show spanning-treeSpanning-tree guard root No spanning-tree guard root Interface -number- a valid Ethernet port Following example displays spanning-tree information Console# show spanning-tree FWD Console# show spanning-tree active Console# show spanning-tree blockedports Console# show spanning-tree detail Port 3 disabled State N/A Role N/A Port id Console# show spanning-tree mst-configuration Console# show spanning-tree ethernet ext.1 Rstp Times hold 1, topology change 35, notification Designated port id Designated path cost Port Enabled State Forwarding Role Boundary Port id This switch is root for CST and IST master Hello Time 2 sec Max Age 20 sec Spanning-Tree Commands SSH Commands Ip ssh portIp ssh server Ip ssh port port-number No ip ssh port DSA key pairs do not exist Device configuration from a SSH server is disabledCrypto key generate dsa Consoleconfig# crypto key generate dsa Crypto key generate rsaFollowing example generates DSA key pairs Crypto key generate rsa AAA authentication is independent Ip ssh pubkey-authFollowing example generates RSA key pairs Ip ssh pubkey-auth No ip ssh pubkey-auth Crypto key pubkey-chain ssh No keys are specified SSH Public Key-string Configuration mode Consoleconfig# crypt\o key pubkey-chain sshUser-key No SSH public keys exist Key-string Show ip ssh Consoleconfig# crypto key pubkey-chain sshShow ip ssh Following example displays the SSH server configuration Show crypto key mypubkeyShow crypto key mypubkey rsa dsa Rsa Indicates the RSA key Dsa Indicates the DSA key Show crypto key pubkey-chain ssh Console# show crypto key mypubkey rsa Console# show crypto key pubkey-chain ssh Console# show crypto key pubkey-chain ssh username bob SSH Commands Syslog Commands Logging is enabledFollowing example enables logging error messages Logging on Logging Default severity level is informational Consoleconfig# logging buffered debuggingLogging buffered Logging buffered level No logging buffered Default number of messages is This command takes effect only after ResetConsoleconfig# logging buffered size Logging buffered size Default severity level is errors Logging fileClear logging Logging file level No logging file Consoleconfig# logging file alerts Clear logging fileClear logging file Following example clears messages from the logging file Aaa logging login no aaa logging login Aaa loggingFile-system logging File-system logging copy Logging file system events is enabled Consoleconfig# file-system logging copyManagement logging Management logging deny No management logging deny Logging management ACL events is enabled Consoleconfig# management logging denyShow logging Show logging Console# show logging AAA Console# show logging file Show logging fileShow logging file Show syslog-servers Show syslog-servers Console# show syslog-servers Syslog Commands System Management Commands Ping Traceroute Following example displays pinging results Syntax Probe timed out Default port is the Telnet port decimal23 on the host Telnet Special Telnet Sequences Keywords Table Ports Table Following command switches to open Telnet session number ResumeReload Connection The connection number. Range 1-4 connections Hostname ReloadFollowing example reloads the operating system Hostname name No hostname Show users Following example specifies the device host nameShow users Console show users Show sessions Show sessionsFollowing example lists open Telnet sessions Console show sessions Console# show system Show systemShow system Privilaged Exec mode Show system idShow system id unit unit Unit unit Unit number Console show system id Show system flowcontrolShow system flowcontrol Show system mode Show system modePriviledged Exec mode Following example displays information on features control Service cpu-utilization Service cpu-utilization No service cpu-utilizationShow version Console show version This example enables measuring CPU utilization Consoleconfig# service cpu-utilizationShow cpu utilization Show cpu utilization Console# show cpu utilization No tacacs-server host ip-addresshostname TACACS+ CommandsTacacs-server host Tacacs-server key Following example specifies a TACACS+ hostTacacs-server key key-string No tacacs-server key Empty string Tacacs-server timeout Following example sets the authentication encryption keyFollowing example sets the timeout value to Consoleconfig# tacacs-server timeout Tacacs-server source-ip Show tacacsSource Specifies the source IP address Following example specifies the source IP address Ip-address Name or IP address of the TACACS+ server Console# show tacacs TACACS+ Commands Disable User Interface CommandsEnable Login Following example return to Users Exec modeLogin User Exec mode command changes a login username Login Following example enters Global Configuration mode ConfigureConfigure Exit Exit ConfigurationAll configuration modes End Privileged and User Exec modesFollowing example closes an active terminal session End All command modes HelpTerminal datadump Help Dumping is disabled Show historyTerminal datadump No terminal datadump Show history Show privilege Show privilegeConsole# show version Console# show history Command The command to be executed Console# show privilege Console Config# do show vlan Vlan Commands Following example enters the Vlan database modeVlan database Vlan Vlan Configuration mode Interface vlanFollowing example Vlan number 1972 is created Interface vlan vlan-id All All existing static VLANs Interface range vlanInterface range vlan vlan-rangeall Name No nameNo name is defined Following example gives Vlan number 19 the name Marketing Consoleconfig-if#switchport protected ethernet ext.1 Switchport protectedSwitchport protected is disabled Switchport mode access trunk general No switchport mode Switchport modeSwitchport access vlan All ports belong to Vlan Switchport trunk allowed vlanSwitchport trunk allowed vlan add vlan-listremove vlan-list Switchport trunk native vlan Vlan-id- Specifies the ID of the native Vlan Switchport general allowed vlan VID=1 Switchport general pvid Vlan-id- Specifies the Pvid Port Vlan ID Switchport general ingress-filtering disable Ingress filtering is enabled Switchport general acceptable-frame-type tagged-only Switchport forbidden vlanSwitchport forbidden vlan add vlan-listremove vlan-list All frame types are accepted at ingress Ip internal-usage-vlan All VLANs are allowedIp internal-usage-vlan vlan-id No ip internal-usage-vlan Vlan-id- Specifies the ID of the internal usage Vlan Consoleconfig-if#ip internal-usage-vlan Show vlanShow vlan id vlan-idname vlan-name Vlan-id- specifies a Vlan ID Show vlan internal usage Show vlan internal usageFollowing example displays all Vlan information Show interfaces switchport Console# show vlan internal usage Console# show interface switchport ethernet ext.1 VLAN011 Pvid Map protocol protocols-group Map protocol protocol encapsulation protocols-group group Switchport general map protocols-group vlan Vlan Database modeFollowing protocol names are reserved Following example maps protocol ip-arp to the group named Map mac macs-group Switchport general map macs-group vlan Console config-if#switchport general map macs-group 1 vlan Switchport general map subnets-group vlan Map subnet subnets-group Show vlan protocols-groups Show vlan macs-groups Console# show vlan protocols-groups Show vlan subnets-groups Following example shows subnets-groups information Vlan Commands 29 802.1x Commands Aaa authentication dot1xNo authentication method is defined Method1 method2... At least one from the following table 802.1x is disabled globally Following example enables 802.1x globallyDot1x system-auth-control Dot1x port-control Port is in the force-authorized state Interface Configuration EthernetConsoleconfig-if#dot1x port-control auto Dot1x re-authentication Dot1x timeout re-authperiodDot1x re-authentication No dot1x re-authentication Periodic re-authentication is disabled Dot1x re-authenticate Re-authentication period is 3600 secondsDot1x re-authenticate ethernet interface Consoleconfig-if#dot1x timeout re-authperiod Quiet period is 60 seconds Dot1x timeout quiet-periodConsole# dot1x re-authenticate ethernet ext.16 Dot1x timeout tx-period Dot1x timeout tx-period seconds No dot1x timeout tx-periodTimeout period is 30 seconds Consoleconfig-if#dot1x timeout quiet-period Dot1x max-req count No dot1x max-req Default number of times isDot1x max-req Dot1x timeout supp-timeout Default timeout period is 30 seconds Consoleconfig-if#dot1x timeout server-timeout Dot1x timeout server-timeoutConsoleconfig-if# dot1x timeout supp-timeout Console# show dot1x Show dot1xShow dot1x ethernet interface Console# show dot1x ethernet ext.3 Username Supplicant username Range 1-160 characters Show dot1x usersShow dot1x users username username Console# show dot1x users username Bob Following example displays 802.1x usersConsole# show dot1x users Console# show dot1x statistics ethernet ext.1 Show dot1x statisticsShow dot1x statistics ethernet interface Dot1x auth-not-req Dot1x auth-not-req No dot1x auth-not-req Access is enabled Multiple hosts are disabledConsoleconfig-if# dot1x auth-not-req Dot1x multiple-hosts Dot1x single-host-violation Consoleconfig-if#dot1x single-host-violation forward trap Dot1x guest-vlanNo traps are sent Dot1x guest-vlan No dot1x guest-vlan Dot1x guest-vlan enable Following example defines Vlan 2 as a guest Vlan Consoleconfig-if#dot1x guest-vlan enable Show dot1x advancedShow dot1x advanced ethernet interface Console# show dot1x advanced Console# show dot1x advanced ethernet ext.1 Appendix a Getting Help World Wide Web TelephoneFinland Holland Australia CambodiaMyanmar New Zealand 0800 444 Uruguay EcuadorPanama