Manuals / Intel / Computer Equipment / Switch

Intel SBCEGBESW1 manual Deny IP, No IPv4 ACL is defined, IP-Access List Configuration mode

Models: SBCEGBESW10 CLI SBCEGBESW1

1 424

Download 424 pages 57.83 Kb

Page 60

Image 60

ACL Commands

•list-of-flags— Specifies a list of TCP flags that can be triggered. If a flag is set, it is prefixed by “+”.

If a flag is not set, it is prefixed by “-”. The possible values are: +urg, +ack, +psh, +rst, +syn, +fin, -urg,-ack,-psh,-rst,-synand -fin. The flags are concatenated into one string. For example: +fin-ack.

Default Configuration

No IPv4 ACL is defined.

Command Mode

IP-Access List Configuration mode

User Guidelines

Use the ip access-listGlobal Configuration mode command to enable the IP-Access List Configuration mode.

Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-anycondition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied.

Example

The following example shows how to define a permit statement for an IP ACL.

Console(config)# ip access-listip-acl1

Console(config-ip-al)# permit rsvp 192.1.1.1 0.0.0.0 any dscp 56

deny (IP)

The deny IP-Access List Configuration mode command denies traffic if the conditions defined in the deny statement match.

Syntax

deny [disable-port] {any protocol} {any {source source-wildcard}} {any

{destination destination-wildcard}} [dscp dscp number ip-precedenceip-precedence][in-portport-num out-portport-num]

deny-icmp

deny-igmp

44	Intel® Blade Server Ethernet Switch Modules SBCEGBESW1 and SBCEGBESW10 CLI Guide

Page 60

Image 60

Intel SBCEGBESW10 CLI manual Deny IP, No IPv4 ACL is defined, IP-Access List Configuration mode, Deny-icmp Deny-igmp

Contents

Guide for System Administrators of Intel Server Products Disclaimer Important Safety Instructions Wichtige SicherheitshinweiseConsignes de sécurité Instrucciones de seguridad importantesPage About this Manual Manual OrganizationPage Contents ACL Commands Gvrp Commands Line Commands 141 QoS Commands Radius Commands 215 Spanning-Tree Commands System Management Commands 321 Vlan Commands Appendix a Getting Help 405 Using CLI OverviewPrivileged Exec Mode Command in the Global Configuration modeInterface Configuration and Specific Configuration Modes Starting the CLI Negating the Effect of Commands Nomenclature CLI Command Conventions Using CLI AAA Commands Aaa authentication loginGlobal Configuration mode Aaa authentication enable Following example configures the authentication loginLogin authentication Consoleconfig# aaa authentication enable default enableEnable authentication Line Configuration modeConsoleconfig-line#login authentication default Ip http authentication There are no user guidelines for this commandConsoleconfig-line#enable authentication default Ip https authentication Following example configures the Http authenticationShow authentication methods Following example configures Https authenticationShow authentication methods Password This command has no default configurationPrivileged Exec mode Following example displays the authentication configurationEnable password No password is definedNo enable password is defined Consoleconfig# enable password secret levelUsername No user is definedUser account can be created without a password AAA Commands Address Table Commands Bridge address Interface Configuration Vlan modeFolowing example, bridge multicast filtering is enabled Consoleconfig# bridge multicast filteringBridge multicast filtering Bridge multicast filtering No bridge multicast filteringBridge multicast address No multicast addresses are definedBridge multicast forbidden address Following example registers the MAC addressNo forbidden addresses are defined This setting is disabled Command Mode Bridge multicast forward-allThis setting is disabled Bridge multicast forbidden forward-allThis example, all multicast packets on port 1 are forwarded Default setting is 300 seconds Bridge aging-timeBridge aging-time seconds No bridge aging-time Seconds Time in seconds. Range 10-630 secondsClear bridge Port securityClear bridge Following example, the bridge tables are clearedPort security mode Interface Configuration Ethernet, port-channel modePort security mode lock mac-addresses No port security mode Consoleconfig-if#port security forward trapConsoleconfig-if#port security mode mac-addresses Port security routed secure-addressMac-address a valid MAC address Show bridge address-table No addresses are definedShow bridge address-table static Console# show bridge address-tableShow bridge address-table count Vlan Specifies a valid VLAN, such as VlanConsole# show bridge address-table static Show bridge multicast address-table Console# show bridge address-table countConsole# show bridge multicast address-table Show bridge multicast filtering Show bridge multicast filtering vlan-idConsole# show bridge multicast address-table format ip Show ports security Console# show bridge multicast filteringShow ports security addresses Following table describes the fields shown aboveConsole# show ports security Console# show ports security addresses Address Table Commands ACL Commands Ip access-listIp access-list name No ip access-list name Permit ip IP Protocol Abbreviated Name Protocol NumberACL Commands IP-Access List Configuration mode Deny IPNo IPv4 ACL is defined Deny-icmp Deny-igmpDeny-tcp deny-udp Mac access-list Mac access-list name No mac access-list name Default for all ACLs is deny allFollowing example shows how to create a MAC ACL Permit MACMAC-Access List Configuration mode Deny MACNo MAC ACL is defined This command has no default configuration Service-acl Show access-listsService-acl input acl-name No service-acl input Show access-lists nameShow interfaces access-lists Following example displays access lists defined on a deviceConsole# show access-lists Name The name of the ACLConsole# show interfaces access-lists Clock Commands Clock setClock source Clock timezoneSntp Sntp servers No external clock sourceClock summer-time No clock timezoneClock set to UTC No clock summer-time recurring Sntp authentication-key No authentication key is definedSntp authenticate Sntp authenticate no sntp authenticateSntp client poll timer Following example authenticates keySntp trusted-key Sntp trusted-key key-number No sntp trusted-key key-numberSntp broadcast client enable Sntp client poll timer seconds No sntp client poll timerSntp broadcast client is disabled Seconds Polling interval in seconds. RangeSntp anycast client enable Following example enables the Sntp broadcast clientsSntp anycast client enable No sntp anycast client enable Sntp anycast client is disabledSntp client enable Interface Following example enables Sntp anycast clientsSntp client is disabled on an interface Interface Configuration Ethernet, port-channel, Vlan modeSntp unicast client enable Sntp unicast client enable No sntp unicast client enableSntp unicast client is disabled Sntp unicast client pollPolling is disabled Consoleconfig# sntp unicast client pollSntp server No sntp server hostDetail Shows timezone and summertime configuration Show clockShow clock detail Show sntp configuration Show sntp configurationConsole# show clock Console# show sntp configuration Show sntp statusShow sntp status Following example shows the status of the Sntp Console# show sntp statusConfiguration and Image File Commands CopyCopying a Boot File from a Server to Flash Memory Copying an Image File from a Server to Flash MemoryStoring the Running or Startup Configuration on a Server DeleteDelete url Boot system Boot system image-1 image-2Sys, *.prv, image-1 and image-2 files cannot be deleted Show running-config Show running-configConsole# boot system image-1 Show startup-config Show startup-configConsole# show running-config Show backup-config Show backup-configConsole# show startup-config Show bootvar Show bootvarConsole# show backup-config Console# show bootvar Configuration and Image File Commands Ethernet Configuration Commands Interface ethernetInterface range ethernet Interface ethernet interfaceShutdown Interface range ethernet port-listallShutdown No shutdown Description Description string No descriptionSpeed Following example adds a description to Ethernet portSpeed 10 100 No speed Maximum port capabilityInterface Configuration Ethernet mode DuplexDuplex half full No duplex Interface is set to full duplexConsoleconfig# interface ethernet ext.1 NegotiationNo negotiation Flowcontrol Flowcontrol auto on off No flowcontrolDefault setting is on Following example, automatic crossover is enabled on portMdix Mdix on auto No mdixBack-pressure Port jumbo-frameBack-pressure No back-pressure Port jumbo-frame No port jumbo-frameJumbo frames are disabled on the device Global ConfigurationFollowing example, jumbo frames are enabled on the device Clear countersSet interface active Following example, the counters for interface 1 are clearedFollowing example reactivates interface Console# clear counters ethernet ext.2Show interfaces advertise Following example displays auto-negotiation informationConsole# show interfaces advertise Show interfaces configuration Console# show interfaces configurationShow interfaces status Show interfaces description Show interfaces counters Interface a valid Ethernet port. Full syntax unit/portConsole# show interfaces description Console# show interfaces counters Following example displays counters for Ethernet port Following table describes the fields shown in the displayConsole# show interfaces counters ethernet ext.1 This command is relevant to Giga devices only Show ports jumbo-frameShow ports jumbo-frame Console# show port jumbo-frameFollowing example enables counting multicast packets Port storm-control include-multicast GCPort storm-control include-multicast IC Multicast packets are not countedPort storm-control broadcast enable Broadcast storm control is disabledDefault storm control broadcast rate is 3500 Kbits/Sec Port storm-control broadcast rateFollowing example displays the storm control configuration Show ports storm-controlShow ports storm-control interface Console# show ports storm-controlDisabled 3500 Broadcast Gvrp Commands Gvrp enable GlobalGvrp enable Interface Gvrp enable No gvrp enableGarp timer Gvrp is disabled on all interfacesFollowing example enables Gvrp on Ethernet port Garp timer join leave leaveall timervalue No garp timerConsoleconfig# interface ethernet ext.6 Gvrp vlan-creation-forbidGvrp vlan-creation-forbid No gvrp vlan-creation-forbid Dynamic Vlan creation or modification is enabled Gvrp registration-forbidGvrp registration-forbid No gvrp registration-forbid Dynamic registration of VLANs on the port is allowedClear gvrp statistics Console# clear gvrp statistics ethernet ext.1Show gvrp configuration Privieged Exec modeFollowing example displays Gvrp configuration information Console# show gvrp configurationShow gvrp statistics Following example shows Gvrp statistical informationConsole# show gvrp statistics Show gvrp error-statistics Console# show gvrp error-statisticsFollowing example displays Gvrp statistical information Igmp Snooping Commands Ip igmp snooping GlobalIp igmp snooping Interface Ip igmp snooping No ip igmp snoopingFollowing example enables Igmp snooping on Vlan Automatic learning of multicast device ports is enabledIp igmp snooping mrouter learn-pim-dvmrp Time-out- Specifies the host timeout in seconds. Range Default host-time-out is 260 secondsConsoleconfig-if#ip igmp snooping mrouter learn-pim-dvmrp Ip igmp snooping host-time-outDefault value is 300 seconds Consoleconfig-if#ip igmp snooping host-time-outIp igmp snooping mrouter-time-out Default leave-time-out configuration is 10 seconds Consoleconfig-if#ip igmp snooping mrouter-time-outIp igmp snooping leave-time-out Consoleconfig-if#ip igmp snooping leave-time-out Show ip igmp snooping mrouterShow ip igmp snooping mrouter interface vlan-id Vlan-id Specifies the Vlan numberShow ip igmp snooping interface Show ip igmp snooping interface vlan-idShow ip igmp snooping groups Console# show ip igmp snooping interfaceConsole# show ip igmp snooping groups Igmp Snooping Commands IP Address Commands Interface Configuration Ethernet, VLAN, port-channel modeIp address Ip address ip-address mask prefix-lengthIp address dhcp Ip address dhcp hostname host-name No ip address dhcpIp default-gateway Ip default-gateway ip-address No ip default-gatewayNo default gateway is defined This command is only operational in Switch mode Following example defines default gatewayShow ip interface Arp Console# show ip interfaceArp timeout Arp timeout seconds No arp timeoutDefault timeout is 60000 seconds Clear arp-cache Show arpClear arp-cache Console# clear arp-cacheIp domain-lookup Show arpFollowing example displays entries in the ARP table Ip domain-lookup No ip domain-lookupDefault domain name is not defined Ip domain-nameIp domain-name name No ip domain-name Ip name-server Server-address- Specifies IP addresses of the name serverNo name server addresses are specified Following example sets the available name serverIp host Clear hostNo ip host name No host is definedClear host dhcp Clear host dhcp nameConsole# clear host Show hosts Show hosts nameName Specifies the host name. Range 1-158 characters Console# clear host dhcpFollowing example displays host information Console# show hostsLacp Commands Lacp system-priorityLacp port-priority Lacp system-priority value No lacp system-priorityLacp timeout Lacp timeout long short no lacp timeoutLacp port-priority value No lacp port-priority Short Specifies the short timeout value Default port timeout value is longShow lacp ethernet Following example display Lacp information for Ethernet port Console# show lacp ethernet ext.1Show lacp port-channel Show lacp port-channel portchannelnumber Portchannelnumber Valid port-channel numberConsole# show lacp port-channel Line Commands This command has no user guidelinesLine Show lineExec mode Show line telnet sshLine Commands Line Commands Management ACL Commands Management access-listManagement access-list name No management access-list name Name Access list name. Range 1-32 charactersConsoleconfig# management access-list mlist Consoleconfig# management access-class mlistIf no permit rule is defined, the default is set to deny Management Access-list Configuration modeDeny Management Management access-class Show management access-list name Following example displays the mlist management access listShow management access-class Console# show management access-classManagement ACL Commands PHY Diagnostics Commands Test copper-port tdrTest copper-port tdr interface Console# test copper-port tdr ext.3User Exec mode Show copper-ports tdrShow copper-ports tdr interface Maximum length of the cable for the TDR test is 120 metersPort must be active and working in 100M or 1000M mode Show copper-ports cable-lengthShow copper-ports cable-length interface Console show copper-ports cable-lengthPHY Diagnostics Commands Port Channel Commands Consoleconfig# interface port-channelInterface port-channel Interface port-channel port-channel-numberConsoleconfig# interface range port-channel 1-2,6 Interface range port-channelChannel-group Interface range port-channel port-channel-rangeallShow interfaces port-channel Port is not assigned to a port-channelShow interfaces port-channel port-channel-number Following example displays information on all port-channels Console# show interfaces port-channelPort Monitor Commands Monitors both received and transmitted packetsConsole config-if#port monitor vlan-tagging Port monitor vlan-taggingPort monitor vlan-tagging No port monitor vlan-tagging Ingress mirrored packets are transmitted untaggedShow ports monitor Show ports monitorConsole show ports monitor Port Monitor Commands QoS Commands Qos basic advanced service No qosQoS basic mode is enabled Following example enables QoS on the deviceTrust mode is displayed if QoS is enabled in basic mode Show qosShow qos aggregate-policer Show qosShow qos interface There are no user guidelinesConsole# show qos aggregate-policer policer1 There is no default configuration for this command Console# show qos interface ethernet 1 buffersShow qos map User Exec mode command displays all QoS maps Show qos mapShow qos map dscp-queue Dscp-queue- Indicates the Dscp to queue mapClass-map Following example displays the Dscp port-queue mapClass-map class-map-namematch-all match-any Console show qos mapBy default, the match-allparameter is selected Show class-mapShow class-map class-map-name Match access-group acl-name No match access-group acl-name MatchFollowing example shows the class map for class1 Acl-name- Specifies the name of an IP or MAC ACLClass-map Configuration mode Policy-mapPolicy-map-name- Specifies the name of the policy map Class No policy map is definedPolicy-map Configuration mode Show policy-mapUser Exec command displays the policy mapsShow policy-map Policy-map Class Configuration mode Trust cos-dscpFollowing example displays all policy maps Trust cos-dscp No trust cos-dscpSet No setPolice No policeService-policy Service-policy input policy-map-name No service-policy inputQos aggregate-policer No qos aggregate-policerNo aggregate policer is define Exceed-action drop Police aggregate Console show qos aggregate-policer policer1Wrr-queue cos-map No wrr-queue cos-map queue-idWrr-queue bandwidth Following example maps CoS 7 to queueNo wrr-queue bandwidth Priority-queue out num-of-queues Priority-queue out num-of-queues number-of-queuesConsoleconfig# priority-queue out num-of-queues Traffic-shapeNo priority-queue out num-of-queues All queues are expedite queuesNo shape is defined Ethernet Notify Q depth Qid Size 125 Qos wrr-queue threshold Console config# qos wrr-queue threshold gigabitethernet 1 Qos map policed-dscpNo qos wrr-queue threshold tengigabitethernet queue-id Percent for all thresholdsConsoleconfig# qos map policed-dscp 3 to Qos map dscp-queueDscp values 3,11,19… cannot be remapped to other values Following table describes the default map Qos trust GlobalFollowing example maps Dscp values 33, 40 and 41 to queue Qos trust cos dscp no qos trustCoS is the default trust mode Qos trust InterfaceQos trust No qos trust Default CoS value of a port is Qos cosNo qos cos Following example configures port 15 default CoS value to Qos dscp-mutationQos dscp-mutation No qos dscp-mutation Qos map dscp-mutation QoS Commands QoS Commands Rmon Commands Show rmon statisticsConsole# show rmon statistics ethernet ext.1 Rmon Commands Rmon collection history Cannot be configured for a range of interfaces Range context Show rmon collection historyShow rmon history Console# show rmon collection historyConsole# show rmon history 1 errors Console# show rmon history 1 throughputConsole# show rmon history 1 other Rmon alarm No rmon alarm indexType is absolute Startup direction is rising-falling Show rmon alarm-table Show rmon alarm-tableFollowing example displays the alarms table Console# show rmon alarm-tableShow rmon alarm Show rmon alarm numberNumber Specifies the alarm index. Range Following example displays Rmon 1 alarmsRmon event Last Sample ValueShow rmon events Show rmon eventsShow rmon log Following example displays the Rmon event tableShow rmon log event Event Specifies the event index. RangeFollowing example displays the Rmon log table Console# show rmon logConsoleconfig# rmon table-size history Rmon table-sizeHistory table size is Log table size is Radius Commands Radius-server hostNo radius-server host ip-addresshostname No Radius server host is specifiedRadius-server key Radius-server key key-string No radius-server keyRadius-server retransmit Key-string is an empty stringSoftware searches the list of Radius server hosts 3 times Consoleconfig# radius-server retransmit Radius-server source-ipSource Specifies a valid source IP address Radius-server timeout Timeout value is 3 secondsConsoleconfig# radius-server timeout Deadtime setting is Consoleconfig# radius-server deadtimeRadius-server deadtime Show radius-serversFollowing example displays Radius server settings Show radius-serversConsole# show radius-servers Radius Commands Web Server Commands Ip http serverIp http port Ip http server No ip http serverIp http exec-timeout No ip http portIp http exec-timout minutes seconds no ip http exec-timout Default timout is 10 minutes DisabledIp https server Ip https server No ip https serverIp https exec-timeout Following example configures the https port number toIp https port Ip https port port-number No ip https portCrypto certificate generate No ip https exec-timoutConsoleconfig# crypto certificate 1 generate key-generate Crypto certificate requestFollowing example regenerates an Https certificate There is no default configuration for this command Crypto certificate import Crypto certificate number importNumber Specifies the certificate number. Range Console# crypto certificate 1 requestConsoleconfig# crypto certificate 1 import Ip https certificateIp https certificate number No ip https certificate Consoleconfig# ip https certificate Show crypto certificate mycertificateCertificate number Show crypto certificate mycertificate numberShow ip http Following example displays the certificateShow ip http Console# show crypto certificate mycertificateFollowing example displays the Http server configuration Show ip httpsShow ip https Console# show ip httpWeb Server Commands Web Server Commands Snmp Commands Snmp-server communityNo communities are defined Snmp-server view Snmp-server group No view entry existsNo snmp-server group groupname v1 v2 v3 noauth auth priv No group entry existsSnmp-server user No snmp-server user username remote engineid-stringSnmp-server engineID local Parameters Snmp-server enable traps Snmp-server enable traps No snmp-server enable trapsSnmp traps are enabled Following example enables Snmp trapsSnmp-server filter No filter entry existsSnmp-server host Snmp-server v3-host Snmp-server trap authentication Following example configures an SNMPv3 hostSnmp-server trap authentication No snmp-server trap authentication Snmp failed authentication traps are enabledFollowing example enables Snmp failed authentication traps Snmp-server contactSnmp-server location IntelTechnicalSupportSnmp-server location text No snmp-server location Snmp-server set Following example defines the device location as NewYorkShow snmp Show snmpFollowing example displays the Snmp communications status Show snmp engineid Show snmp engineIDShow snmp views Following example displays the Snmp engine IDShow snmp views viewname Viewname Specifies the name of the view. RangeFollowing example displays the configuration of views Show snmp groupsShow snmp groups groupname Groupname-Specifies the name of the group. RangeShow snmp filters Following table describes significant fields shown aboveShow snmp filters filtername Filtername-Specifies the name of the filter. RangeFollowing example displays the configuration of filters Show snmp usersShow snmp users username Username-Specifies the name of the user. RangeConsole# show snmp users Spanning-Tree Commands Spanning-tree modeSpanning-tree mode stp rstpmstp Spanning-treeNo spanning-tree mode STP is enabledConsoleconfig# spanning-tree mode rstp Spanning-tree forward-timeConsoleconfig# spanning-tree forward-time Seconds Time in seconds. RangeConsoleconfig# spanning-tree hello-time Spanning-tree max-ageSpanning-tree max-age seconds No spanning-tree max-age Following example configures spanning tree priority to Spanning-tree priorityForward-Time 1 = Max-Age Max-Age = 2*Hello-Time + Spanning-tree priority priority No spanning-tree prioritySpanning-tree disable Spanning-tree disable No spanning-tree disableSpanning-tree cost Spanning-tree cost cost No spanning-tree costSpanning-tree port-priority Cost Path cost of the port Range 1-200,000,000Default port priority for Ieee Spanning TreeProtocol STP is PortFast mode is disabledConsoleconfig-if#spanning-tree port-priority Spanning-tree portfastFollowing example enables PortFast on Ethernet port Consoleconfig-if#spanning-tree portfastSpanning-tree link-type Consoleconfig-if#spanning-tree link-type shared Spanning-tree pathcost methodShort path cost method Following example sets the default path cost method to long Default setting is floodingSpanning-tree bpdu Spanning-tree bpdu filtering flooding No spanning-tree bpduClear spanning-tree detected-protocols Spanning-tree mst prioritySpanning-tree mst instance-idpriority priority Console config # spanning-tree mst 1 priority Spanning-tree mst max-hopsNo spanning-tree mst instance-idpriority Default number of hops is Console config # spanning-tree mst max-hopsSpanning-tree mst port-priority Consoleconfig-if#spanning-tree mst 1 port-priority Spanning-tree mst costSpanning-tree mst configuration Spanning-tree mst configurationFollowing example configures an MST region Consoleconfig# spanning-tree mst configurationMST Configuration mode Instance mstInstance instance-idadd remove vlan vlan-range Following example maps VLANs 10-20 to MST instanceDefault name is a radlanguest Following example defines the configuration name as region1Name mst Revision mstValue Configuration revision number Range Default configuration revision number isFollowing example sets the configuration revision to Show mstExit mst ExitAbort mst Spanning-tree guard rootAbort Root guard is disabled Show spanning-treeSpanning-tree guard root No spanning-tree guard root Interface -number- a valid Ethernet portFollowing example displays spanning-tree information Console# show spanning-treeFWD Console# show spanning-tree active Console# show spanning-tree blockedports Console# show spanning-tree detail Port 3 disabled State N/A Role N/A Port id Console# show spanning-tree mst-configuration Console# show spanning-tree ethernet ext.1Rstp Times hold 1, topology change 35, notification Designated port id Designated path cost Port Enabled State Forwarding Role Boundary Port id This switch is root for CST and IST master Hello Time 2 sec Max Age 20 sec Spanning-Tree Commands SSH Commands Ip ssh portIp ssh server Ip ssh port port-number No ip ssh portDevice configuration from a SSH server is disabled Crypto key generate dsaDSA key pairs do not exist Consoleconfig# crypto key generate dsa Crypto key generate rsaFollowing example generates DSA key pairs Crypto key generate rsaAAA authentication is independent Ip ssh pubkey-authFollowing example generates RSA key pairs Ip ssh pubkey-auth No ip ssh pubkey-authCrypto key pubkey-chain ssh No keys are specifiedSSH Public Key-string Configuration mode Consoleconfig# crypt\o key pubkey-chain sshUser-key No SSH public keys existKey-string Consoleconfig# crypto key pubkey-chain ssh Show ip sshShow ip ssh Following example displays the SSH server configuration Show crypto key mypubkeyShow crypto key mypubkey rsa dsa Rsa Indicates the RSA key Dsa Indicates the DSA keyShow crypto key pubkey-chain ssh Console# show crypto key mypubkey rsaConsole# show crypto key pubkey-chain ssh Console# show crypto key pubkey-chain ssh username bobSSH Commands Syslog Commands Logging is enabledFollowing example enables logging error messages Logging onLogging Default severity level is informational Consoleconfig# logging buffered debuggingLogging buffered Logging buffered level No logging bufferedDefault number of messages is This command takes effect only after ResetConsoleconfig# logging buffered size Logging buffered sizeDefault severity level is errors Logging fileClear logging Logging file level No logging fileConsoleconfig# logging file alerts Clear logging fileClear logging file Following example clears messages from the logging fileAaa logging login no aaa logging login Aaa loggingFile-system logging File-system logging copyLogging file system events is enabled Consoleconfig# file-system logging copyManagement logging Management logging deny No management logging denyLogging management ACL events is enabled Consoleconfig# management logging denyShow logging Show loggingConsole# show logging AAAShow logging file Show logging fileConsole# show logging file Show syslog-servers Show syslog-serversConsole# show syslog-servers Syslog Commands System Management Commands PingTraceroute Following example displays pinging resultsSyntax Probe timed out Default port is the Telnet port decimal23 on the host TelnetSpecial Telnet Sequences Keywords TablePorts Table Following command switches to open Telnet session number ResumeReload Connection The connection number. Range 1-4 connectionsHostname ReloadFollowing example reloads the operating system Hostname name No hostnameShow users Following example specifies the device host nameShow users Console show usersShow sessions Show sessionsFollowing example lists open Telnet sessions Console show sessionsShow system Show systemConsole# show system Privilaged Exec mode Show system idShow system id unit unit Unit unit Unit numberShow system flowcontrol Show system flowcontrolConsole show system id Show system mode Show system modePriviledged Exec mode Following example displays information on features controlService cpu-utilization Service cpu-utilization No service cpu-utilizationShow version Console show versionThis example enables measuring CPU utilization Consoleconfig# service cpu-utilizationShow cpu utilization Show cpu utilizationConsole# show cpu utilization TACACS+ Commands Tacacs-server hostNo tacacs-server host ip-addresshostname Tacacs-server key Following example specifies a TACACS+ hostTacacs-server key key-string No tacacs-server key Empty stringTacacs-server timeout Following example sets the authentication encryption keyFollowing example sets the timeout value to Consoleconfig# tacacs-server timeoutTacacs-server source-ip Show tacacsSource Specifies the source IP address Following example specifies the source IP addressIp-address Name or IP address of the TACACS+ server Console# show tacacsTACACS+ Commands User Interface Commands EnableDisable Login Following example return to Users Exec modeLogin User Exec mode command changes a login username LoginConfigure ConfigureFollowing example enters Global Configuration mode Exit Configuration All configuration modesExit End Privileged and User Exec modesFollowing example closes an active terminal session EndAll command modes HelpTerminal datadump HelpDumping is disabled Show historyTerminal datadump No terminal datadump Show historyShow privilege Show privilegeConsole# show version Console# show historyCommand The command to be executed Console# show privilegeConsole Config# do show vlan Vlan Commands Following example enters the Vlan database modeVlan database VlanVlan Configuration mode Interface vlanFollowing example Vlan number 1972 is created Interface vlan vlan-idInterface range vlan Interface range vlan vlan-rangeallAll All existing static VLANs Name No nameNo name is defined Following example gives Vlan number 19 the name MarketingSwitchport protected Switchport protected is disabledConsoleconfig-if#switchport protected ethernet ext.1 Switchport mode Switchport access vlanSwitchport mode access trunk general No switchport mode Switchport trunk allowed vlan Switchport trunk allowed vlan add vlan-listremove vlan-listAll ports belong to Vlan Switchport trunk native vlan Vlan-id- Specifies the ID of the native VlanSwitchport general allowed vlan VID=1Switchport general pvid Vlan-id- Specifies the Pvid Port Vlan IDSwitchport general ingress-filtering disable Ingress filtering is enabledSwitchport general acceptable-frame-type tagged-only Switchport forbidden vlanSwitchport forbidden vlan add vlan-listremove vlan-list All frame types are accepted at ingressIp internal-usage-vlan All VLANs are allowedIp internal-usage-vlan vlan-id No ip internal-usage-vlan Vlan-id- Specifies the ID of the internal usage VlanConsoleconfig-if#ip internal-usage-vlan Show vlanShow vlan id vlan-idname vlan-name Vlan-id- specifies a Vlan IDShow vlan internal usage Following example displays all Vlan informationShow vlan internal usage Show interfaces switchport Console# show vlan internal usageConsole# show interface switchport ethernet ext.1 VLAN011Pvid Map protocol protocols-group Map protocol protocol encapsulation protocols-group groupSwitchport general map protocols-group vlan Vlan Database modeFollowing protocol names are reserved Following example maps protocol ip-arp to the group namedMap mac macs-group Switchport general map macs-group vlan Console config-if#switchport general map macs-group 1 vlanSwitchport general map subnets-group vlan Map subnet subnets-groupShow vlan protocols-groups Show vlan macs-groups Console# show vlan protocols-groupsShow vlan subnets-groups Following example shows subnets-groups information Vlan Commands 29 802.1x Commands Aaa authentication dot1xNo authentication method is defined Method1 method2... At least one from the following table802.1x is disabled globally Following example enables 802.1x globallyDot1x system-auth-control Dot1x port-controlInterface Configuration Ethernet Consoleconfig-if#dot1x port-control autoPort is in the force-authorized state Dot1x re-authentication Dot1x timeout re-authperiodDot1x re-authentication No dot1x re-authentication Periodic re-authentication is disabledDot1x re-authenticate Re-authentication period is 3600 secondsDot1x re-authenticate ethernet interface Consoleconfig-if#dot1x timeout re-authperiodDot1x timeout quiet-period Console# dot1x re-authenticate ethernet ext.16Quiet period is 60 seconds Dot1x timeout tx-period Dot1x timeout tx-period seconds No dot1x timeout tx-periodTimeout period is 30 seconds Consoleconfig-if#dot1x timeout quiet-periodDefault number of times is Dot1x max-reqDot1x max-req count No dot1x max-req Dot1x timeout supp-timeout Default timeout period is 30 secondsDot1x timeout server-timeout Consoleconfig-if# dot1x timeout supp-timeoutConsoleconfig-if#dot1x timeout server-timeout Show dot1x Show dot1x ethernet interfaceConsole# show dot1x Console# show dot1x ethernet ext.3 Show dot1x users Show dot1x users username usernameUsername Supplicant username Range 1-160 characters Following example displays 802.1x users Console# show dot1x usersConsole# show dot1x users username Bob Show dot1x statistics Show dot1x statistics ethernet interfaceConsole# show dot1x statistics ethernet ext.1 Dot1x auth-not-req Dot1x auth-not-req No dot1x auth-not-reqAccess is enabled Multiple hosts are disabledConsoleconfig-if# dot1x auth-not-req Dot1x multiple-hostsDot1x single-host-violation Consoleconfig-if#dot1x single-host-violation forward trap Dot1x guest-vlanNo traps are sent Dot1x guest-vlan No dot1x guest-vlanDot1x guest-vlan enable Following example defines Vlan 2 as a guest VlanConsoleconfig-if#dot1x guest-vlan enable Show dot1x advancedShow dot1x advanced ethernet interface Console# show dot1x advancedConsole# show dot1x advanced ethernet ext.1 Appendix a Getting Help World Wide Web TelephoneFinland HollandAustralia CambodiaMyanmar New Zealand 0800 444Ecuador PanamaUruguay