Manuals / Intel / Computer Equipment / Switch

Intel SBCEGBESW10 CLI manual Permit ip, IP Protocol Abbreviated Name Protocol Number

Models: SBCEGBESW10 CLI SBCEGBESW1

1 424

Download 424 pages 57.83 Kb

Page 58

ACL Commands

permit (ip)

The permit IP-Access List Configuration mode command permits traffic if the conditions defined in the permit statement match.

Syntax

permit {any protocol} {any destination-wildcard}} [dscp

{source source-wildcard}} {any {destination dscp number ip-precedenceip-precedence]

permit-icmp{any {source source-wildcard}} {any {destination destination- wildcard}} {any icmp-type} {any icmp-code} [dscp number ip-precedencenumber]

permit-igmp{any {source source-wildcard}} {any {destination destination- wildcard}} {any igmp-type} [dscp number ip-precedencenumber]

permit-tcp{any {source source-wildcard}} {any source-port} {any {destination destination-wildcard}} {any destination-port} [dscp number ip-precedencenumber] [flags list-of-flags]

permit-udp{any {source source-wildcard}} {any source-port} {any {destination destination-wildcard}} {any destination-port} [dscp number ip-precedencenumber]

Parameters

•source — Specifies the source IP address of the packet. Specify any to indicate IP address 0.0.0.0 and mask 255.255.255.255.

•source-wildcard— Specifies wildcard to be applied to the source IP address. Use 1s in bit positions to be ignored. Specify any to indicate IP address 0.0.0.0 and mask 255.255.255.255.

•destination — Specifies the destination IP address of the packet. Specify any to indicate IP address 0.0.0.0 and mask 255.255.255.255.

•destination-wildcard— Specifies wildcard to be applied to the destination IP address. Use 1s in bit positions to be ignored. Specify any to indicate IP address 0.0.0.0 and mask 255.255.255.255.

•protocol — Specifies the abbreviated name or number of an IP protocol. (Range: 0- 255)

The following table lists the protocols that can be specified:

IP Protocol	Abbreviated Name	Protocol Number

Internet Control Message Protocol	icmp	1

Internet Group Management Protocol	igmp	2

IP in IP (encapsulation) Protocol	ipinip	4

Transmission Control Protocol	tcp	6

Exterior Gateway Protocol	egp	8

42	Intel® Blade Server Ethernet Switch Modules SBCEGBESW1 and SBCEGBESW10 CLI Guide

Image 58

Intel SBCEGBESW10 CLI manual Permit ip, IP Protocol Abbreviated Name Protocol Number

Contents

Guide for System Administrators of Intel Server Products Disclaimer Consignes de sécurité Important Safety InstructionsWichtige Sicherheitshinweise Instrucciones de seguridad importantesPage About this Manual Manual OrganizationPage Contents ACL Commands Gvrp Commands Line Commands 141 QoS Commands Radius Commands 215 Spanning-Tree Commands System Management Commands 321 Vlan Commands Appendix a Getting Help 405 Using CLI OverviewPrivileged Exec Mode Command in the Global Configuration modeInterface Configuration and Specific Configuration Modes Starting the CLI Negating the Effect of Commands Nomenclature CLI Command Conventions Using CLI Aaa authentication login AAA CommandsGlobal Configuration mode Aaa authentication enable Following example configures the authentication loginLogin authentication Consoleconfig# aaa authentication enable default enableLine Configuration mode Enable authenticationConsoleconfig-line#login authentication default There are no user guidelines for this command Ip http authenticationConsoleconfig-line#enable authentication default Ip https authentication Following example configures the Http authenticationFollowing example configures Https authentication Show authentication methodsShow authentication methods Privileged Exec mode PasswordThis command has no default configuration Following example displays the authentication configurationEnable password No password is definedUsername No enable password is definedConsoleconfig# enable password secret level No user is definedUser account can be created without a password AAA Commands Address Table Commands Bridge address Interface Configuration Vlan modeBridge multicast filtering Folowing example, bridge multicast filtering is enabledConsoleconfig# bridge multicast filtering Bridge multicast filtering No bridge multicast filteringBridge multicast address No multicast addresses are definedFollowing example registers the MAC address Bridge multicast forbidden addressNo forbidden addresses are defined This setting is disabled Command Mode Bridge multicast forward-allBridge multicast forbidden forward-all This setting is disabledThis example, all multicast packets on port 1 are forwarded Bridge aging-time seconds No bridge aging-time Default setting is 300 secondsBridge aging-time Seconds Time in seconds. Range 10-630 secondsClear bridge Clear bridgePort security Following example, the bridge tables are clearedPort security mode lock mac-addresses No port security mode Port security modeInterface Configuration Ethernet, port-channel mode Consoleconfig-if#port security forward trapPort security routed secure-address Consoleconfig-if#port security mode mac-addressesMac-address a valid MAC address Show bridge address-table No addresses are definedShow bridge address-table static Console# show bridge address-tableVlan Specifies a valid VLAN, such as Vlan Show bridge address-table countConsole# show bridge address-table static Show bridge multicast address-table Console# show bridge address-table countConsole# show bridge multicast address-table Show bridge multicast filtering vlan-id Show bridge multicast filteringConsole# show bridge multicast address-table format ip Show ports security Console# show bridge multicast filteringFollowing table describes the fields shown above Show ports security addressesConsole# show ports security Console# show ports security addresses Address Table Commands Ip access-list ACL CommandsIp access-list name No ip access-list name Permit ip IP Protocol Abbreviated Name Protocol NumberACL Commands No IPv4 ACL is defined IP-Access List Configuration modeDeny IP Deny-icmp Deny-igmpDeny-tcp deny-udp Mac access-list Following example shows how to create a MAC ACL Mac access-list name No mac access-list nameDefault for all ACLs is deny all Permit MACDeny MAC MAC-Access List Configuration modeNo MAC ACL is defined This command has no default configuration Service-acl input acl-name No service-acl input Service-aclShow access-lists Show access-lists nameConsole# show access-lists Show interfaces access-listsFollowing example displays access lists defined on a device Name The name of the ACLConsole# show interfaces access-lists Clock Commands Clock setSntp Sntp servers Clock sourceClock timezone No external clock sourceNo clock timezone Clock summer-timeClock set to UTC No clock summer-time recurring Sntp authentication-key No authentication key is definedSntp authenticate Sntp authenticate no sntp authenticateSntp trusted-key Sntp client poll timerFollowing example authenticates key Sntp trusted-key key-number No sntp trusted-key key-numberSntp broadcast client is disabled Sntp broadcast client enableSntp client poll timer seconds No sntp client poll timer Seconds Polling interval in seconds. RangeSntp anycast client enable No sntp anycast client enable Sntp anycast client enableFollowing example enables the Sntp broadcast clients Sntp anycast client is disabledSntp client is disabled on an interface Sntp client enable InterfaceFollowing example enables Sntp anycast clients Interface Configuration Ethernet, port-channel, Vlan modeSntp unicast client is disabled Sntp unicast client enableSntp unicast client enable No sntp unicast client enable Sntp unicast client pollSntp server Polling is disabledConsoleconfig# sntp unicast client poll No sntp server hostShow clock Detail Shows timezone and summertime configurationShow clock detail Show sntp configuration Show sntp configurationConsole# show clock Show sntp status Console# show sntp configurationShow sntp status Following example shows the status of the Sntp Console# show sntp statusConfiguration and Image File Commands CopyCopying a Boot File from a Server to Flash Memory Copying an Image File from a Server to Flash MemoryDelete Storing the Running or Startup Configuration on a ServerDelete url Boot system image-1 image-2 Boot systemSys, *.prv, image-1 and image-2 files cannot be deleted Show running-config Show running-configConsole# boot system image-1 Show startup-config Show startup-configConsole# show running-config Show backup-config Show backup-configConsole# show startup-config Show bootvar Show bootvarConsole# show backup-config Console# show bootvar Configuration and Image File Commands Interface range ethernet Ethernet Configuration CommandsInterface ethernet Interface ethernet interfaceInterface range ethernet port-listall ShutdownShutdown No shutdown Description Description string No descriptionSpeed 10 100 No speed SpeedFollowing example adds a description to Ethernet port Maximum port capabilityDuplex half full No duplex Interface Configuration Ethernet modeDuplex Interface is set to full duplexNegotiation Consoleconfig# interface ethernet ext.1No negotiation Flowcontrol Flowcontrol auto on off No flowcontrolMdix Default setting is onFollowing example, automatic crossover is enabled on port Mdix on auto No mdixBack-pressure No back-pressure Back-pressurePort jumbo-frame Port jumbo-frame No port jumbo-frameFollowing example, jumbo frames are enabled on the device Jumbo frames are disabled on the deviceGlobal Configuration Clear countersFollowing example reactivates interface Set interface activeFollowing example, the counters for interface 1 are cleared Console# clear counters ethernet ext.2Following example displays auto-negotiation information Show interfaces advertiseConsole# show interfaces advertise Show interfaces configuration Console# show interfaces configurationShow interfaces status Show interfaces description Interface a valid Ethernet port. Full syntax unit/port Show interfaces countersConsole# show interfaces description Console# show interfaces counters Following table describes the fields shown in the display Following example displays counters for Ethernet portConsole# show interfaces counters ethernet ext.1 Show ports jumbo-frame This command is relevant to Giga devices onlyShow ports jumbo-frame Console# show port jumbo-framePort storm-control include-multicast IC Following example enables counting multicast packetsPort storm-control include-multicast GC Multicast packets are not countedPort storm-control broadcast enable Broadcast storm control is disabledDefault storm control broadcast rate is 3500 Kbits/Sec Port storm-control broadcast rateShow ports storm-control interface Following example displays the storm control configurationShow ports storm-control Console# show ports storm-controlDisabled 3500 Broadcast Gvrp enable Interface Gvrp CommandsGvrp enable Global Gvrp enable No gvrp enableFollowing example enables Gvrp on Ethernet port Garp timerGvrp is disabled on all interfaces Garp timer join leave leaveall timervalue No garp timerGvrp vlan-creation-forbid Consoleconfig# interface ethernet ext.6Gvrp vlan-creation-forbid No gvrp vlan-creation-forbid Gvrp registration-forbid No gvrp registration-forbid Dynamic Vlan creation or modification is enabledGvrp registration-forbid Dynamic registration of VLANs on the port is allowedClear gvrp statistics Console# clear gvrp statistics ethernet ext.1Following example displays Gvrp configuration information Show gvrp configurationPrivieged Exec mode Console# show gvrp configurationFollowing example shows Gvrp statistical information Show gvrp statisticsConsole# show gvrp statistics Console# show gvrp error-statistics Show gvrp error-statisticsFollowing example displays Gvrp statistical information Ip igmp snooping Interface Igmp Snooping CommandsIp igmp snooping Global Ip igmp snooping No ip igmp snoopingAutomatic learning of multicast device ports is enabled Following example enables Igmp snooping on VlanIp igmp snooping mrouter learn-pim-dvmrp Consoleconfig-if#ip igmp snooping mrouter learn-pim-dvmrp Time-out- Specifies the host timeout in seconds. RangeDefault host-time-out is 260 seconds Ip igmp snooping host-time-outConsoleconfig-if#ip igmp snooping host-time-out Default value is 300 secondsIp igmp snooping mrouter-time-out Consoleconfig-if#ip igmp snooping mrouter-time-out Default leave-time-out configuration is 10 secondsIp igmp snooping leave-time-out Show ip igmp snooping mrouter interface vlan-id Consoleconfig-if#ip igmp snooping leave-time-outShow ip igmp snooping mrouter Vlan-id Specifies the Vlan numberShow ip igmp snooping interface Show ip igmp snooping interface vlan-idShow ip igmp snooping groups Console# show ip igmp snooping interfaceConsole# show ip igmp snooping groups Igmp Snooping Commands Ip address IP Address CommandsInterface Configuration Ethernet, VLAN, port-channel mode Ip address ip-address mask prefix-lengthIp address dhcp Ip address dhcp hostname host-name No ip address dhcpIp default-gateway ip-address No ip default-gateway Ip default-gatewayNo default gateway is defined Following example defines default gateway This command is only operational in Switch modeShow ip interface Arp Console# show ip interfaceArp timeout seconds No arp timeout Arp timeoutDefault timeout is 60000 seconds Clear arp-cache Clear arp-cacheShow arp Console# clear arp-cacheFollowing example displays entries in the ARP table Ip domain-lookupShow arp Ip domain-lookup No ip domain-lookupIp domain-name Default domain name is not definedIp domain-name name No ip domain-name No name server addresses are specified Ip name-serverServer-address- Specifies IP addresses of the name server Following example sets the available name serverNo ip host name Ip hostClear host No host is definedClear host dhcp name Clear host dhcpConsole# clear host Name Specifies the host name. Range 1-158 characters Show hostsShow hosts name Console# clear host dhcpFollowing example displays host information Console# show hostsLacp port-priority Lacp CommandsLacp system-priority Lacp system-priority value No lacp system-priorityLacp timeout long short no lacp timeout Lacp timeoutLacp port-priority value No lacp port-priority Default port timeout value is long Short Specifies the short timeout valueShow lacp ethernet Following example display Lacp information for Ethernet port Console# show lacp ethernet ext.1Show lacp port-channel Portchannelnumber Valid port-channel number Show lacp port-channel portchannelnumberConsole# show lacp port-channel Line Line CommandsThis command has no user guidelines Show lineExec mode Show line telnet sshLine Commands Line Commands Management access-list name No management access-list name Management ACL CommandsManagement access-list Name Access list name. Range 1-32 charactersConsoleconfig# management access-list mlist Consoleconfig# management access-class mlistIf no permit rule is defined, the default is set to deny Management Access-list Configuration modeDeny Management Management access-class Show management access-list name Following example displays the mlist management access listShow management access-class Console# show management access-classManagement ACL Commands Test copper-port tdr interface PHY Diagnostics CommandsTest copper-port tdr Console# test copper-port tdr ext.3Show copper-ports tdr interface User Exec modeShow copper-ports tdr Maximum length of the cable for the TDR test is 120 metersShow copper-ports cable-length interface Port must be active and working in 100M or 1000M modeShow copper-ports cable-length Console show copper-ports cable-lengthPHY Diagnostics Commands Interface port-channel Port Channel CommandsConsoleconfig# interface port-channel Interface port-channel port-channel-numberChannel-group Consoleconfig# interface range port-channel 1-2,6Interface range port-channel Interface range port-channel port-channel-rangeallPort is not assigned to a port-channel Show interfaces port-channelShow interfaces port-channel port-channel-number Following example displays information on all port-channels Console# show interfaces port-channelPort Monitor Commands Monitors both received and transmitted packetsPort monitor vlan-tagging No port monitor vlan-tagging Console config-if#port monitor vlan-taggingPort monitor vlan-tagging Ingress mirrored packets are transmitted untaggedShow ports monitor Show ports monitorConsole show ports monitor Port Monitor Commands QoS basic mode is enabled QoS CommandsQos basic advanced service No qos Following example enables QoS on the deviceShow qos aggregate-policer Trust mode is displayed if QoS is enabled in basic modeShow qos Show qosThere are no user guidelines Show qos interfaceConsole# show qos aggregate-policer policer1 There is no default configuration for this command Console# show qos interface ethernet 1 buffersShow qos map dscp-queue Show qos map User Exec mode command displays all QoS mapsShow qos map Dscp-queue- Indicates the Dscp to queue mapClass-map class-map-namematch-all match-any Class-mapFollowing example displays the Dscp port-queue map Console show qos mapShow class-map By default, the match-allparameter is selectedShow class-map class-map-name Following example shows the class map for class1 Match access-group acl-name No match access-group acl-nameMatch Acl-name- Specifies the name of an IP or MAC ACLPolicy-map Class-map Configuration modePolicy-map-name- Specifies the name of the policy map Class No policy map is definedShow policy-mapUser Exec command displays the policy maps Policy-map Configuration modeShow policy-map Following example displays all policy maps Policy-map Class Configuration modeTrust cos-dscp Trust cos-dscp No trust cos-dscpSet No setPolice No policeService-policy Service-policy input policy-map-name No service-policy inputNo qos aggregate-policer Qos aggregate-policerNo aggregate policer is define Exceed-action drop Police aggregate Console show qos aggregate-policer policer1Wrr-queue cos-map No wrr-queue cos-map queue-idFollowing example maps CoS 7 to queue Wrr-queue bandwidthNo wrr-queue bandwidth Priority-queue out num-of-queues Priority-queue out num-of-queues number-of-queuesNo priority-queue out num-of-queues Consoleconfig# priority-queue out num-of-queuesTraffic-shape All queues are expedite queuesNo shape is defined Ethernet Notify Q depth Qid Size 125 Qos wrr-queue threshold No qos wrr-queue threshold tengigabitethernet queue-id Console config# qos wrr-queue threshold gigabitethernet 1Qos map policed-dscp Percent for all thresholdsQos map dscp-queue Consoleconfig# qos map policed-dscp 3 toDscp values 3,11,19… cannot be remapped to other values Following example maps Dscp values 33, 40 and 41 to queue Following table describes the default mapQos trust Global Qos trust cos dscp no qos trustQos trust Interface CoS is the default trust modeQos trust No qos trust Qos cos Default CoS value of a port isNo qos cos Qos dscp-mutation Following example configures port 15 default CoS value toQos dscp-mutation No qos dscp-mutation Qos map dscp-mutation QoS Commands QoS Commands Show rmon statistics Rmon CommandsConsole# show rmon statistics ethernet ext.1 Rmon Commands Rmon collection history Cannot be configured for a range of interfaces Range context Show rmon collection historyShow rmon history Console# show rmon collection historyConsole# show rmon history 1 errors Console# show rmon history 1 throughputConsole# show rmon history 1 other Rmon alarm No rmon alarm indexType is absolute Startup direction is rising-falling Following example displays the alarms table Show rmon alarm-tableShow rmon alarm-table Console# show rmon alarm-tableNumber Specifies the alarm index. Range Show rmon alarmShow rmon alarm number Following example displays Rmon 1 alarmsRmon event Last Sample ValueShow rmon events Show rmon eventsShow rmon log event Show rmon logFollowing example displays the Rmon event table Event Specifies the event index. RangeFollowing example displays the Rmon log table Console# show rmon logRmon table-size Consoleconfig# rmon table-size historyHistory table size is Log table size is No radius-server host ip-addresshostname Radius CommandsRadius-server host No Radius server host is specifiedRadius-server key Radius-server key key-string No radius-server keyKey-string is an empty string Radius-server retransmitSoftware searches the list of Radius server hosts 3 times Radius-server source-ip Consoleconfig# radius-server retransmitSource Specifies a valid source IP address Timeout value is 3 seconds Radius-server timeoutConsoleconfig# radius-server timeout Radius-server deadtime Deadtime setting isConsoleconfig# radius-server deadtime Show radius-serversShow radius-servers Following example displays Radius server settingsConsole# show radius-servers Radius Commands Ip http port Web Server CommandsIp http server Ip http server No ip http serverNo ip http port Ip http exec-timeoutIp http exec-timout minutes seconds no ip http exec-timout Ip https server Default timout is 10 minutesDisabled Ip https server No ip https serverIp https port Ip https exec-timeoutFollowing example configures the https port number to Ip https port port-number No ip https portCrypto certificate generate No ip https exec-timoutCrypto certificate request Consoleconfig# crypto certificate 1 generate key-generateFollowing example regenerates an Https certificate There is no default configuration for this command Number Specifies the certificate number. Range Crypto certificate importCrypto certificate number import Console# crypto certificate 1 requestIp https certificate Consoleconfig# crypto certificate 1 importIp https certificate number No ip https certificate Certificate number Consoleconfig# ip https certificateShow crypto certificate mycertificate Show crypto certificate mycertificate numberShow ip http Show ip httpFollowing example displays the certificate Console# show crypto certificate mycertificateShow ip https Following example displays the Http server configurationShow ip https Console# show ip httpWeb Server Commands Web Server Commands Snmp-server community Snmp CommandsNo communities are defined Snmp-server view Snmp-server group No view entry existsNo snmp-server group groupname v1 v2 v3 noauth auth priv No group entry existsSnmp-server user No snmp-server user username remote engineid-stringSnmp-server engineID local Parameters Snmp traps are enabled Snmp-server enable trapsSnmp-server enable traps No snmp-server enable traps Following example enables Snmp trapsSnmp-server filter No filter entry existsSnmp-server host Snmp-server v3-host Following example configures an SNMPv3 host Snmp-server trap authenticationSnmp-server trap authentication Following example enables Snmp failed authentication traps No snmp-server trap authenticationSnmp failed authentication traps are enabled Snmp-server contactIntelTechnicalSupport Snmp-server locationSnmp-server location text No snmp-server location Snmp-server set Following example defines the device location as NewYorkShow snmp Show snmpFollowing example displays the Snmp communications status Show snmp engineid Show snmp engineIDShow snmp views viewname Show snmp viewsFollowing example displays the Snmp engine ID Viewname Specifies the name of the view. RangeShow snmp groups groupname Following example displays the configuration of viewsShow snmp groups Groupname-Specifies the name of the group. RangeShow snmp filters filtername Show snmp filtersFollowing table describes significant fields shown above Filtername-Specifies the name of the filter. RangeShow snmp users username Following example displays the configuration of filtersShow snmp users Username-Specifies the name of the user. RangeConsole# show snmp users Spanning-tree mode stp rstpmstp Spanning-Tree CommandsSpanning-tree mode Spanning-treeConsoleconfig# spanning-tree mode rstp No spanning-tree modeSTP is enabled Spanning-tree forward-timeConsoleconfig# spanning-tree forward-time Seconds Time in seconds. RangeSpanning-tree max-age Consoleconfig# spanning-tree hello-timeSpanning-tree max-age seconds No spanning-tree max-age Forward-Time 1 = Max-Age Max-Age = 2*Hello-Time + Following example configures spanning tree priority toSpanning-tree priority Spanning-tree priority priority No spanning-tree prioritySpanning-tree cost Spanning-tree disableSpanning-tree disable No spanning-tree disable Spanning-tree cost cost No spanning-tree costSpanning-tree port-priority Cost Path cost of the port Range 1-200,000,000Consoleconfig-if#spanning-tree port-priority Default port priority for Ieee Spanning TreeProtocol STP isPortFast mode is disabled Spanning-tree portfastConsoleconfig-if#spanning-tree portfast Following example enables PortFast on Ethernet portSpanning-tree link-type Spanning-tree pathcost method Consoleconfig-if#spanning-tree link-type sharedShort path cost method Spanning-tree bpdu Following example sets the default path cost method to longDefault setting is flooding Spanning-tree bpdu filtering flooding No spanning-tree bpduSpanning-tree mst priority Clear spanning-tree detected-protocolsSpanning-tree mst instance-idpriority priority Spanning-tree mst max-hops Console config # spanning-tree mst 1 priorityNo spanning-tree mst instance-idpriority Console config # spanning-tree mst max-hops Default number of hops isSpanning-tree mst port-priority Consoleconfig-if#spanning-tree mst 1 port-priority Spanning-tree mst costFollowing example configures an MST region Spanning-tree mst configurationSpanning-tree mst configuration Consoleconfig# spanning-tree mst configurationInstance instance-idadd remove vlan vlan-range MST Configuration modeInstance mst Following example maps VLANs 10-20 to MST instanceName mst Default name is a radlanguestFollowing example defines the configuration name as region1 Revision mstFollowing example sets the configuration revision to Value Configuration revision number RangeDefault configuration revision number is Show mstExit mst ExitSpanning-tree guard root Abort mstAbort Spanning-tree guard root No spanning-tree guard root Root guard is disabledShow spanning-tree Interface -number- a valid Ethernet portFollowing example displays spanning-tree information Console# show spanning-treeFWD Console# show spanning-tree active Console# show spanning-tree blockedports Console# show spanning-tree detail Port 3 disabled State N/A Role N/A Port id Console# show spanning-tree mst-configuration Console# show spanning-tree ethernet ext.1Rstp Times hold 1, topology change 35, notification Designated port id Designated path cost Port Enabled State Forwarding Role Boundary Port id This switch is root for CST and IST master Hello Time 2 sec Max Age 20 sec Spanning-Tree Commands Ip ssh server SSH CommandsIp ssh port Ip ssh port port-number No ip ssh portCrypto key generate dsa Device configuration from a SSH server is disabledDSA key pairs do not exist Following example generates DSA key pairs Consoleconfig# crypto key generate dsaCrypto key generate rsa Crypto key generate rsaFollowing example generates RSA key pairs AAA authentication is independentIp ssh pubkey-auth Ip ssh pubkey-auth No ip ssh pubkey-authCrypto key pubkey-chain ssh No keys are specifiedUser-key SSH Public Key-string Configuration modeConsoleconfig# crypt\o key pubkey-chain ssh No SSH public keys existKey-string Show ip ssh Consoleconfig# crypto key pubkey-chain sshShow ip ssh Show crypto key mypubkey rsa dsa Following example displays the SSH server configurationShow crypto key mypubkey Rsa Indicates the RSA key Dsa Indicates the DSA keyShow crypto key pubkey-chain ssh Console# show crypto key mypubkey rsaConsole# show crypto key pubkey-chain ssh Console# show crypto key pubkey-chain ssh username bobSSH Commands Following example enables logging error messages Syslog CommandsLogging is enabled Logging onLogging Logging buffered Default severity level is informationalConsoleconfig# logging buffered debugging Logging buffered level No logging bufferedConsoleconfig# logging buffered size Default number of messages isThis command takes effect only after Reset Logging buffered sizeClear logging Default severity level is errorsLogging file Logging file level No logging fileClear logging file Consoleconfig# logging file alertsClear logging file Following example clears messages from the logging fileFile-system logging Aaa logging login no aaa logging loginAaa logging File-system logging copyManagement logging Logging file system events is enabledConsoleconfig# file-system logging copy Management logging deny No management logging denyShow logging Logging management ACL events is enabledConsoleconfig# management logging deny Show loggingConsole# show logging AAAShow logging file Show logging fileConsole# show logging file Show syslog-servers Show syslog-serversConsole# show syslog-servers Syslog Commands System Management Commands PingTraceroute Following example displays pinging resultsSyntax Probe timed out Default port is the Telnet port decimal23 on the host TelnetSpecial Telnet Sequences Keywords TablePorts Table Reload Following command switches to open Telnet session numberResume Connection The connection number. Range 1-4 connectionsFollowing example reloads the operating system HostnameReload Hostname name No hostnameShow users Show usersFollowing example specifies the device host name Console show usersFollowing example lists open Telnet sessions Show sessionsShow sessions Console show sessionsShow system Show systemConsole# show system Show system id unit unit Privilaged Exec modeShow system id Unit unit Unit numberShow system flowcontrol Show system flowcontrolConsole show system id Priviledged Exec mode Show system modeShow system mode Following example displays information on features controlShow version Service cpu-utilizationService cpu-utilization No service cpu-utilization Console show versionShow cpu utilization This example enables measuring CPU utilizationConsoleconfig# service cpu-utilization Show cpu utilizationConsole# show cpu utilization Tacacs-server host TACACS+ CommandsNo tacacs-server host ip-addresshostname Tacacs-server key key-string No tacacs-server key Tacacs-server keyFollowing example specifies a TACACS+ host Empty stringFollowing example sets the timeout value to Tacacs-server timeoutFollowing example sets the authentication encryption key Consoleconfig# tacacs-server timeoutSource Specifies the source IP address Tacacs-server source-ipShow tacacs Following example specifies the source IP addressIp-address Name or IP address of the TACACS+ server Console# show tacacsTACACS+ Commands Enable User Interface CommandsDisable Login User Exec mode command changes a login username LoginFollowing example return to Users Exec mode LoginConfigure ConfigureFollowing example enters Global Configuration mode All configuration modes Exit ConfigurationExit Following example closes an active terminal session EndPrivileged and User Exec modes EndTerminal datadump All command modesHelp HelpTerminal datadump No terminal datadump Dumping is disabledShow history Show historyConsole# show version Show privilegeShow privilege Console# show historyCommand The command to be executed Console# show privilegeConsole Config# do show vlan Vlan database Vlan CommandsFollowing example enters the Vlan database mode VlanFollowing example Vlan number 1972 is created Vlan Configuration modeInterface vlan Interface vlan vlan-idInterface range vlan vlan-rangeall Interface range vlanAll All existing static VLANs No name is defined NameNo name Following example gives Vlan number 19 the name MarketingSwitchport protected is disabled Switchport protectedConsoleconfig-if#switchport protected ethernet ext.1 Switchport access vlan Switchport modeSwitchport mode access trunk general No switchport mode Switchport trunk allowed vlan add vlan-listremove vlan-list Switchport trunk allowed vlanAll ports belong to Vlan Switchport trunk native vlan Vlan-id- Specifies the ID of the native VlanSwitchport general allowed vlan VID=1Switchport general pvid Vlan-id- Specifies the Pvid Port Vlan IDSwitchport general ingress-filtering disable Ingress filtering is enabledSwitchport forbidden vlan add vlan-listremove vlan-list Switchport general acceptable-frame-type tagged-onlySwitchport forbidden vlan All frame types are accepted at ingressIp internal-usage-vlan vlan-id No ip internal-usage-vlan Ip internal-usage-vlanAll VLANs are allowed Vlan-id- Specifies the ID of the internal usage VlanShow vlan id vlan-idname vlan-name Consoleconfig-if#ip internal-usage-vlanShow vlan Vlan-id- specifies a Vlan IDFollowing example displays all Vlan information Show vlan internal usageShow vlan internal usage Show interfaces switchport Console# show vlan internal usageConsole# show interface switchport ethernet ext.1 VLAN011Pvid Map protocol protocols-group Map protocol protocol encapsulation protocols-group groupFollowing protocol names are reserved Switchport general map protocols-group vlanVlan Database mode Following example maps protocol ip-arp to the group namedMap mac macs-group Switchport general map macs-group vlan Console config-if#switchport general map macs-group 1 vlanSwitchport general map subnets-group vlan Map subnet subnets-groupShow vlan protocols-groups Show vlan macs-groups Console# show vlan protocols-groupsShow vlan subnets-groups Following example shows subnets-groups information Vlan Commands No authentication method is defined 29 802.1x CommandsAaa authentication dot1x Method1 method2... At least one from the following tableDot1x system-auth-control 802.1x is disabled globallyFollowing example enables 802.1x globally Dot1x port-controlConsoleconfig-if#dot1x port-control auto Interface Configuration EthernetPort is in the force-authorized state Dot1x re-authentication No dot1x re-authentication Dot1x re-authenticationDot1x timeout re-authperiod Periodic re-authentication is disabledDot1x re-authenticate ethernet interface Dot1x re-authenticateRe-authentication period is 3600 seconds Consoleconfig-if#dot1x timeout re-authperiodConsole# dot1x re-authenticate ethernet ext.16 Dot1x timeout quiet-periodQuiet period is 60 seconds Timeout period is 30 seconds Dot1x timeout tx-periodDot1x timeout tx-period seconds No dot1x timeout tx-period Consoleconfig-if#dot1x timeout quiet-periodDot1x max-req Default number of times isDot1x max-req count No dot1x max-req Dot1x timeout supp-timeout Default timeout period is 30 secondsConsoleconfig-if# dot1x timeout supp-timeout Dot1x timeout server-timeoutConsoleconfig-if#dot1x timeout server-timeout Show dot1x ethernet interface Show dot1xConsole# show dot1x Console# show dot1x ethernet ext.3 Show dot1x users username username Show dot1x usersUsername Supplicant username Range 1-160 characters Console# show dot1x users Following example displays 802.1x usersConsole# show dot1x users username Bob Show dot1x statistics ethernet interface Show dot1x statisticsConsole# show dot1x statistics ethernet ext.1 Dot1x auth-not-req Dot1x auth-not-req No dot1x auth-not-reqConsoleconfig-if# dot1x auth-not-req Access is enabledMultiple hosts are disabled Dot1x multiple-hostsDot1x single-host-violation No traps are sent Consoleconfig-if#dot1x single-host-violation forward trapDot1x guest-vlan Dot1x guest-vlan No dot1x guest-vlanDot1x guest-vlan enable Following example defines Vlan 2 as a guest VlanShow dot1x advanced ethernet interface Consoleconfig-if#dot1x guest-vlan enableShow dot1x advanced Console# show dot1x advancedConsole# show dot1x advanced ethernet ext.1 Finland Appendix a Getting HelpWorld Wide Web Telephone HollandMyanmar AustraliaCambodia New Zealand 0800 444Panama EcuadorUruguay