Manuals / Intel / Computer Equipment / Switch

Intel SBCEGBESW1 manual Show access-lists, Service-acl input acl-name No service-acl input

Models: SBCEGBESW10 CLI SBCEGBESW1

1 424

Download 424 pages 57.83 Kb

Page 66

Image 66

ACL Commands

service-acl

The service-aclInterface Configuration mode command applies an ACL to the input interface. To detach an ACL from an input interface, use the no form of this command.

Syntax

service-acl {input acl-name}

no service-acl {input}

Parameters

•acl-name—Specifies the ACL to be applied to the input interface.

Default Configuration

This command has no default configuration.

Command Mode

Interface (Ethernet, port-channel) Configuration mode.

User Guidelines

In advanced mode, when an ACL is bound to an interface, the port trust mode is set to trust 12-13 and not to 12.

Example

The following example binds (services) an ACL to VLAN 2.

Console(config)# interface vlan 2

Console(config-if)# service-acl input macl1

show access-lists

The show access-listsPrivileged EXEC mode command displays access control lists (ACLs) defined on the device.

Syntax

show access-lists [name]

50	Intel® Blade Server Ethernet Switch Modules SBCEGBESW1 and SBCEGBESW10 CLI Guide

Page 66

Image 66

Intel SBCEGBESW10 CLI manual Service-acl input acl-name No service-acl input, Show access-lists name

Contents

Guide for System Administrators of Intel Server Products Disclaimer Consignes de sécurité Important Safety InstructionsWichtige Sicherheitshinweise Instrucciones de seguridad importantesPage About this Manual Manual OrganizationPage Contents ACL Commands Gvrp Commands Line Commands 141 QoS Commands Radius Commands 215 Spanning-Tree Commands System Management Commands 321 Vlan Commands Appendix a Getting Help 405 Using CLI OverviewPrivileged Exec Mode Command in the Global Configuration modeInterface Configuration and Specific Configuration Modes Starting the CLI Negating the Effect of Commands Nomenclature CLI Command Conventions Using CLI AAA Commands Aaa authentication loginGlobal Configuration mode Aaa authentication enable Following example configures the authentication loginLogin authentication Consoleconfig# aaa authentication enable default enableEnable authentication Line Configuration modeConsoleconfig-line#login authentication default Ip http authentication There are no user guidelines for this commandConsoleconfig-line#enable authentication default Ip https authentication Following example configures the Http authenticationShow authentication methods Following example configures Https authenticationShow authentication methods Privileged Exec mode PasswordThis command has no default configuration Following example displays the authentication configurationEnable password No password is definedUsername No enable password is definedConsoleconfig# enable password secret level No user is definedUser account can be created without a password AAA Commands Address Table Commands Bridge address Interface Configuration Vlan modeBridge multicast filtering Folowing example, bridge multicast filtering is enabledConsoleconfig# bridge multicast filtering Bridge multicast filtering No bridge multicast filteringBridge multicast address No multicast addresses are definedBridge multicast forbidden address Following example registers the MAC addressNo forbidden addresses are defined This setting is disabled Command Mode Bridge multicast forward-allThis setting is disabled Bridge multicast forbidden forward-allThis example, all multicast packets on port 1 are forwarded Bridge aging-time seconds No bridge aging-time Default setting is 300 secondsBridge aging-time Seconds Time in seconds. Range 10-630 secondsClear bridge Clear bridgePort security Following example, the bridge tables are clearedPort security mode lock mac-addresses No port security mode Port security modeInterface Configuration Ethernet, port-channel mode Consoleconfig-if#port security forward trapConsoleconfig-if#port security mode mac-addresses Port security routed secure-addressMac-address a valid MAC address Show bridge address-table No addresses are definedShow bridge address-table static Console# show bridge address-tableShow bridge address-table count Vlan Specifies a valid VLAN, such as VlanConsole# show bridge address-table static Show bridge multicast address-table Console# show bridge address-table countConsole# show bridge multicast address-table Show bridge multicast filtering Show bridge multicast filtering vlan-idConsole# show bridge multicast address-table format ip Show ports security Console# show bridge multicast filteringShow ports security addresses Following table describes the fields shown aboveConsole# show ports security Console# show ports security addresses Address Table Commands ACL Commands Ip access-listIp access-list name No ip access-list name Permit ip IP Protocol Abbreviated Name Protocol NumberACL Commands No IPv4 ACL is defined IP-Access List Configuration modeDeny IP Deny-icmp Deny-igmpDeny-tcp deny-udp Mac access-list Following example shows how to create a MAC ACL Mac access-list name No mac access-list nameDefault for all ACLs is deny all Permit MACMAC-Access List Configuration mode Deny MACNo MAC ACL is defined This command has no default configuration Service-acl input acl-name No service-acl input Service-aclShow access-lists Show access-lists nameConsole# show access-lists Show interfaces access-listsFollowing example displays access lists defined on a device Name The name of the ACLConsole# show interfaces access-lists Clock Commands Clock setSntp Sntp servers Clock sourceClock timezone No external clock sourceClock summer-time No clock timezoneClock set to UTC No clock summer-time recurring Sntp authentication-key No authentication key is definedSntp authenticate Sntp authenticate no sntp authenticateSntp trusted-key Sntp client poll timerFollowing example authenticates key Sntp trusted-key key-number No sntp trusted-key key-numberSntp broadcast client is disabled Sntp broadcast client enableSntp client poll timer seconds No sntp client poll timer Seconds Polling interval in seconds. RangeSntp anycast client enable No sntp anycast client enable Sntp anycast client enableFollowing example enables the Sntp broadcast clients Sntp anycast client is disabledSntp client is disabled on an interface Sntp client enable InterfaceFollowing example enables Sntp anycast clients Interface Configuration Ethernet, port-channel, Vlan modeSntp unicast client is disabled Sntp unicast client enableSntp unicast client enable No sntp unicast client enable Sntp unicast client pollSntp server Polling is disabledConsoleconfig# sntp unicast client poll No sntp server hostDetail Shows timezone and summertime configuration Show clockShow clock detail Show sntp configuration Show sntp configurationConsole# show clock Console# show sntp configuration Show sntp statusShow sntp status Following example shows the status of the Sntp Console# show sntp statusConfiguration and Image File Commands CopyCopying a Boot File from a Server to Flash Memory Copying an Image File from a Server to Flash MemoryStoring the Running or Startup Configuration on a Server DeleteDelete url Boot system Boot system image-1 image-2Sys, *.prv, image-1 and image-2 files cannot be deleted Show running-config Show running-configConsole# boot system image-1 Show startup-config Show startup-configConsole# show running-config Show backup-config Show backup-configConsole# show startup-config Show bootvar Show bootvarConsole# show backup-config Console# show bootvar Configuration and Image File Commands Interface range ethernet Ethernet Configuration CommandsInterface ethernet Interface ethernet interfaceShutdown Interface range ethernet port-listallShutdown No shutdown Description Description string No descriptionSpeed 10 100 No speed SpeedFollowing example adds a description to Ethernet port Maximum port capabilityDuplex half full No duplex Interface Configuration Ethernet modeDuplex Interface is set to full duplexConsoleconfig# interface ethernet ext.1 NegotiationNo negotiation Flowcontrol Flowcontrol auto on off No flowcontrolMdix Default setting is onFollowing example, automatic crossover is enabled on port Mdix on auto No mdixBack-pressure No back-pressure Back-pressurePort jumbo-frame Port jumbo-frame No port jumbo-frameFollowing example, jumbo frames are enabled on the device Jumbo frames are disabled on the deviceGlobal Configuration Clear countersFollowing example reactivates interface Set interface activeFollowing example, the counters for interface 1 are cleared Console# clear counters ethernet ext.2Show interfaces advertise Following example displays auto-negotiation informationConsole# show interfaces advertise Show interfaces configuration Console# show interfaces configurationShow interfaces status Show interfaces description Show interfaces counters Interface a valid Ethernet port. Full syntax unit/portConsole# show interfaces description Console# show interfaces counters Following example displays counters for Ethernet port Following table describes the fields shown in the displayConsole# show interfaces counters ethernet ext.1 Show ports jumbo-frame This command is relevant to Giga devices onlyShow ports jumbo-frame Console# show port jumbo-framePort storm-control include-multicast IC Following example enables counting multicast packetsPort storm-control include-multicast GC Multicast packets are not countedPort storm-control broadcast enable Broadcast storm control is disabledDefault storm control broadcast rate is 3500 Kbits/Sec Port storm-control broadcast rateShow ports storm-control interface Following example displays the storm control configurationShow ports storm-control Console# show ports storm-controlDisabled 3500 Broadcast Gvrp enable Interface Gvrp CommandsGvrp enable Global Gvrp enable No gvrp enableFollowing example enables Gvrp on Ethernet port Garp timerGvrp is disabled on all interfaces Garp timer join leave leaveall timervalue No garp timerConsoleconfig# interface ethernet ext.6 Gvrp vlan-creation-forbidGvrp vlan-creation-forbid No gvrp vlan-creation-forbid Gvrp registration-forbid No gvrp registration-forbid Dynamic Vlan creation or modification is enabledGvrp registration-forbid Dynamic registration of VLANs on the port is allowedClear gvrp statistics Console# clear gvrp statistics ethernet ext.1Following example displays Gvrp configuration information Show gvrp configurationPrivieged Exec mode Console# show gvrp configurationShow gvrp statistics Following example shows Gvrp statistical informationConsole# show gvrp statistics Show gvrp error-statistics Console# show gvrp error-statisticsFollowing example displays Gvrp statistical information Ip igmp snooping Interface Igmp Snooping CommandsIp igmp snooping Global Ip igmp snooping No ip igmp snoopingFollowing example enables Igmp snooping on Vlan Automatic learning of multicast device ports is enabledIp igmp snooping mrouter learn-pim-dvmrp Consoleconfig-if#ip igmp snooping mrouter learn-pim-dvmrp Time-out- Specifies the host timeout in seconds. RangeDefault host-time-out is 260 seconds Ip igmp snooping host-time-outDefault value is 300 seconds Consoleconfig-if#ip igmp snooping host-time-outIp igmp snooping mrouter-time-out Default leave-time-out configuration is 10 seconds Consoleconfig-if#ip igmp snooping mrouter-time-outIp igmp snooping leave-time-out Show ip igmp snooping mrouter interface vlan-id Consoleconfig-if#ip igmp snooping leave-time-outShow ip igmp snooping mrouter Vlan-id Specifies the Vlan numberShow ip igmp snooping interface Show ip igmp snooping interface vlan-idShow ip igmp snooping groups Console# show ip igmp snooping interfaceConsole# show ip igmp snooping groups Igmp Snooping Commands Ip address IP Address CommandsInterface Configuration Ethernet, VLAN, port-channel mode Ip address ip-address mask prefix-lengthIp address dhcp Ip address dhcp hostname host-name No ip address dhcpIp default-gateway Ip default-gateway ip-address No ip default-gatewayNo default gateway is defined This command is only operational in Switch mode Following example defines default gatewayShow ip interface Arp Console# show ip interfaceArp timeout Arp timeout seconds No arp timeoutDefault timeout is 60000 seconds Clear arp-cache Clear arp-cacheShow arp Console# clear arp-cacheFollowing example displays entries in the ARP table Ip domain-lookupShow arp Ip domain-lookup No ip domain-lookupDefault domain name is not defined Ip domain-nameIp domain-name name No ip domain-name No name server addresses are specified Ip name-serverServer-address- Specifies IP addresses of the name server Following example sets the available name serverNo ip host name Ip hostClear host No host is definedClear host dhcp Clear host dhcp nameConsole# clear host Name Specifies the host name. Range 1-158 characters Show hostsShow hosts name Console# clear host dhcpFollowing example displays host information Console# show hostsLacp port-priority Lacp CommandsLacp system-priority Lacp system-priority value No lacp system-priorityLacp timeout Lacp timeout long short no lacp timeoutLacp port-priority value No lacp port-priority Short Specifies the short timeout value Default port timeout value is longShow lacp ethernet Following example display Lacp information for Ethernet port Console# show lacp ethernet ext.1Show lacp port-channel Show lacp port-channel portchannelnumber Portchannelnumber Valid port-channel numberConsole# show lacp port-channel Line Line CommandsThis command has no user guidelines Show lineExec mode Show line telnet sshLine Commands Line Commands Management access-list name No management access-list name Management ACL CommandsManagement access-list Name Access list name. Range 1-32 charactersConsoleconfig# management access-list mlist Consoleconfig# management access-class mlistIf no permit rule is defined, the default is set to deny Management Access-list Configuration modeDeny Management Management access-class Show management access-list name Following example displays the mlist management access listShow management access-class Console# show management access-classManagement ACL Commands Test copper-port tdr interface PHY Diagnostics CommandsTest copper-port tdr Console# test copper-port tdr ext.3Show copper-ports tdr interface User Exec modeShow copper-ports tdr Maximum length of the cable for the TDR test is 120 metersShow copper-ports cable-length interface Port must be active and working in 100M or 1000M modeShow copper-ports cable-length Console show copper-ports cable-lengthPHY Diagnostics Commands Interface port-channel Port Channel CommandsConsoleconfig# interface port-channel Interface port-channel port-channel-numberChannel-group Consoleconfig# interface range port-channel 1-2,6Interface range port-channel Interface range port-channel port-channel-rangeallShow interfaces port-channel Port is not assigned to a port-channelShow interfaces port-channel port-channel-number Following example displays information on all port-channels Console# show interfaces port-channelPort Monitor Commands Monitors both received and transmitted packetsPort monitor vlan-tagging No port monitor vlan-tagging Console config-if#port monitor vlan-taggingPort monitor vlan-tagging Ingress mirrored packets are transmitted untaggedShow ports monitor Show ports monitorConsole show ports monitor Port Monitor Commands QoS basic mode is enabled QoS CommandsQos basic advanced service No qos Following example enables QoS on the deviceShow qos aggregate-policer Trust mode is displayed if QoS is enabled in basic modeShow qos Show qosShow qos interface There are no user guidelinesConsole# show qos aggregate-policer policer1 There is no default configuration for this command Console# show qos interface ethernet 1 buffersShow qos map dscp-queue Show qos map User Exec mode command displays all QoS mapsShow qos map Dscp-queue- Indicates the Dscp to queue mapClass-map class-map-namematch-all match-any Class-mapFollowing example displays the Dscp port-queue map Console show qos mapBy default, the match-allparameter is selected Show class-mapShow class-map class-map-name Following example shows the class map for class1 Match access-group acl-name No match access-group acl-nameMatch Acl-name- Specifies the name of an IP or MAC ACLClass-map Configuration mode Policy-mapPolicy-map-name- Specifies the name of the policy map Class No policy map is definedPolicy-map Configuration mode Show policy-mapUser Exec command displays the policy mapsShow policy-map Following example displays all policy maps Policy-map Class Configuration modeTrust cos-dscp Trust cos-dscp No trust cos-dscpSet No setPolice No policeService-policy Service-policy input policy-map-name No service-policy inputQos aggregate-policer No qos aggregate-policerNo aggregate policer is define Exceed-action drop Police aggregate Console show qos aggregate-policer policer1Wrr-queue cos-map No wrr-queue cos-map queue-idWrr-queue bandwidth Following example maps CoS 7 to queueNo wrr-queue bandwidth Priority-queue out num-of-queues Priority-queue out num-of-queues number-of-queuesNo priority-queue out num-of-queues Consoleconfig# priority-queue out num-of-queuesTraffic-shape All queues are expedite queuesNo shape is defined Ethernet Notify Q depth Qid Size 125 Qos wrr-queue threshold No qos wrr-queue threshold tengigabitethernet queue-id Console config# qos wrr-queue threshold gigabitethernet 1Qos map policed-dscp Percent for all thresholdsConsoleconfig# qos map policed-dscp 3 to Qos map dscp-queueDscp values 3,11,19… cannot be remapped to other values Following example maps Dscp values 33, 40 and 41 to queue Following table describes the default mapQos trust Global Qos trust cos dscp no qos trustCoS is the default trust mode Qos trust InterfaceQos trust No qos trust Default CoS value of a port is Qos cosNo qos cos Following example configures port 15 default CoS value to Qos dscp-mutationQos dscp-mutation No qos dscp-mutation Qos map dscp-mutation QoS Commands QoS Commands Rmon Commands Show rmon statisticsConsole# show rmon statistics ethernet ext.1 Rmon Commands Rmon collection history Cannot be configured for a range of interfaces Range context Show rmon collection historyShow rmon history Console# show rmon collection historyConsole# show rmon history 1 errors Console# show rmon history 1 throughputConsole# show rmon history 1 other Rmon alarm No rmon alarm indexType is absolute Startup direction is rising-falling Following example displays the alarms table Show rmon alarm-tableShow rmon alarm-table Console# show rmon alarm-tableNumber Specifies the alarm index. Range Show rmon alarmShow rmon alarm number Following example displays Rmon 1 alarmsRmon event Last Sample ValueShow rmon events Show rmon eventsShow rmon log event Show rmon logFollowing example displays the Rmon event table Event Specifies the event index. RangeFollowing example displays the Rmon log table Console# show rmon logConsoleconfig# rmon table-size history Rmon table-sizeHistory table size is Log table size is No radius-server host ip-addresshostname Radius CommandsRadius-server host No Radius server host is specifiedRadius-server key Radius-server key key-string No radius-server keyRadius-server retransmit Key-string is an empty stringSoftware searches the list of Radius server hosts 3 times Consoleconfig# radius-server retransmit Radius-server source-ipSource Specifies a valid source IP address Radius-server timeout Timeout value is 3 secondsConsoleconfig# radius-server timeout Radius-server deadtime Deadtime setting isConsoleconfig# radius-server deadtime Show radius-serversFollowing example displays Radius server settings Show radius-serversConsole# show radius-servers Radius Commands Ip http port Web Server CommandsIp http server Ip http server No ip http serverIp http exec-timeout No ip http portIp http exec-timout minutes seconds no ip http exec-timout Ip https server Default timout is 10 minutesDisabled Ip https server No ip https serverIp https port Ip https exec-timeoutFollowing example configures the https port number to Ip https port port-number No ip https portCrypto certificate generate No ip https exec-timoutConsoleconfig# crypto certificate 1 generate key-generate Crypto certificate requestFollowing example regenerates an Https certificate There is no default configuration for this command Number Specifies the certificate number. Range Crypto certificate importCrypto certificate number import Console# crypto certificate 1 requestConsoleconfig# crypto certificate 1 import Ip https certificateIp https certificate number No ip https certificate Certificate number Consoleconfig# ip https certificateShow crypto certificate mycertificate Show crypto certificate mycertificate numberShow ip http Show ip httpFollowing example displays the certificate Console# show crypto certificate mycertificateShow ip https Following example displays the Http server configurationShow ip https Console# show ip httpWeb Server Commands Web Server Commands Snmp Commands Snmp-server communityNo communities are defined Snmp-server view Snmp-server group No view entry existsNo snmp-server group groupname v1 v2 v3 noauth auth priv No group entry existsSnmp-server user No snmp-server user username remote engineid-stringSnmp-server engineID local Parameters Snmp traps are enabled Snmp-server enable trapsSnmp-server enable traps No snmp-server enable traps Following example enables Snmp trapsSnmp-server filter No filter entry existsSnmp-server host Snmp-server v3-host Snmp-server trap authentication Following example configures an SNMPv3 hostSnmp-server trap authentication Following example enables Snmp failed authentication traps No snmp-server trap authenticationSnmp failed authentication traps are enabled Snmp-server contactSnmp-server location IntelTechnicalSupportSnmp-server location text No snmp-server location Snmp-server set Following example defines the device location as NewYorkShow snmp Show snmpFollowing example displays the Snmp communications status Show snmp engineid Show snmp engineIDShow snmp views viewname Show snmp viewsFollowing example displays the Snmp engine ID Viewname Specifies the name of the view. RangeShow snmp groups groupname Following example displays the configuration of viewsShow snmp groups Groupname-Specifies the name of the group. RangeShow snmp filters filtername Show snmp filtersFollowing table describes significant fields shown above Filtername-Specifies the name of the filter. RangeShow snmp users username Following example displays the configuration of filtersShow snmp users Username-Specifies the name of the user. RangeConsole# show snmp users Spanning-tree mode stp rstpmstp Spanning-Tree CommandsSpanning-tree mode Spanning-treeConsoleconfig# spanning-tree mode rstp No spanning-tree modeSTP is enabled Spanning-tree forward-timeConsoleconfig# spanning-tree forward-time Seconds Time in seconds. RangeConsoleconfig# spanning-tree hello-time Spanning-tree max-ageSpanning-tree max-age seconds No spanning-tree max-age Forward-Time 1 = Max-Age Max-Age = 2*Hello-Time + Following example configures spanning tree priority toSpanning-tree priority Spanning-tree priority priority No spanning-tree prioritySpanning-tree cost Spanning-tree disableSpanning-tree disable No spanning-tree disable Spanning-tree cost cost No spanning-tree costSpanning-tree port-priority Cost Path cost of the port Range 1-200,000,000Consoleconfig-if#spanning-tree port-priority Default port priority for Ieee Spanning TreeProtocol STP isPortFast mode is disabled Spanning-tree portfastFollowing example enables PortFast on Ethernet port Consoleconfig-if#spanning-tree portfastSpanning-tree link-type Consoleconfig-if#spanning-tree link-type shared Spanning-tree pathcost methodShort path cost method Spanning-tree bpdu Following example sets the default path cost method to longDefault setting is flooding Spanning-tree bpdu filtering flooding No spanning-tree bpduClear spanning-tree detected-protocols Spanning-tree mst prioritySpanning-tree mst instance-idpriority priority Console config # spanning-tree mst 1 priority Spanning-tree mst max-hopsNo spanning-tree mst instance-idpriority Default number of hops is Console config # spanning-tree mst max-hopsSpanning-tree mst port-priority Consoleconfig-if#spanning-tree mst 1 port-priority Spanning-tree mst costFollowing example configures an MST region Spanning-tree mst configurationSpanning-tree mst configuration Consoleconfig# spanning-tree mst configurationInstance instance-idadd remove vlan vlan-range MST Configuration modeInstance mst Following example maps VLANs 10-20 to MST instanceName mst Default name is a radlanguestFollowing example defines the configuration name as region1 Revision mstFollowing example sets the configuration revision to Value Configuration revision number RangeDefault configuration revision number is Show mstExit mst ExitAbort mst Spanning-tree guard rootAbort Spanning-tree guard root No spanning-tree guard root Root guard is disabledShow spanning-tree Interface -number- a valid Ethernet portFollowing example displays spanning-tree information Console# show spanning-treeFWD Console# show spanning-tree active Console# show spanning-tree blockedports Console# show spanning-tree detail Port 3 disabled State N/A Role N/A Port id Console# show spanning-tree mst-configuration Console# show spanning-tree ethernet ext.1Rstp Times hold 1, topology change 35, notification Designated port id Designated path cost Port Enabled State Forwarding Role Boundary Port id This switch is root for CST and IST master Hello Time 2 sec Max Age 20 sec Spanning-Tree Commands Ip ssh server SSH CommandsIp ssh port Ip ssh port port-number No ip ssh portDevice configuration from a SSH server is disabled Crypto key generate dsaDSA key pairs do not exist Following example generates DSA key pairs Consoleconfig# crypto key generate dsaCrypto key generate rsa Crypto key generate rsaFollowing example generates RSA key pairs AAA authentication is independentIp ssh pubkey-auth Ip ssh pubkey-auth No ip ssh pubkey-authCrypto key pubkey-chain ssh No keys are specifiedUser-key SSH Public Key-string Configuration modeConsoleconfig# crypt\o key pubkey-chain ssh No SSH public keys existKey-string Consoleconfig# crypto key pubkey-chain ssh Show ip sshShow ip ssh Show crypto key mypubkey rsa dsa Following example displays the SSH server configurationShow crypto key mypubkey Rsa Indicates the RSA key Dsa Indicates the DSA keyShow crypto key pubkey-chain ssh Console# show crypto key mypubkey rsaConsole# show crypto key pubkey-chain ssh Console# show crypto key pubkey-chain ssh username bobSSH Commands Following example enables logging error messages Syslog CommandsLogging is enabled Logging onLogging Logging buffered Default severity level is informationalConsoleconfig# logging buffered debugging Logging buffered level No logging bufferedConsoleconfig# logging buffered size Default number of messages isThis command takes effect only after Reset Logging buffered sizeClear logging Default severity level is errorsLogging file Logging file level No logging fileClear logging file Consoleconfig# logging file alertsClear logging file Following example clears messages from the logging fileFile-system logging Aaa logging login no aaa logging loginAaa logging File-system logging copyManagement logging Logging file system events is enabledConsoleconfig# file-system logging copy Management logging deny No management logging denyShow logging Logging management ACL events is enabledConsoleconfig# management logging deny Show loggingConsole# show logging AAAShow logging file Show logging fileConsole# show logging file Show syslog-servers Show syslog-serversConsole# show syslog-servers Syslog Commands System Management Commands PingTraceroute Following example displays pinging resultsSyntax Probe timed out Default port is the Telnet port decimal23 on the host TelnetSpecial Telnet Sequences Keywords TablePorts Table Reload Following command switches to open Telnet session numberResume Connection The connection number. Range 1-4 connectionsFollowing example reloads the operating system HostnameReload Hostname name No hostnameShow users Show usersFollowing example specifies the device host name Console show usersFollowing example lists open Telnet sessions Show sessionsShow sessions Console show sessionsShow system Show systemConsole# show system Show system id unit unit Privilaged Exec modeShow system id Unit unit Unit numberShow system flowcontrol Show system flowcontrolConsole show system id Priviledged Exec mode Show system modeShow system mode Following example displays information on features controlShow version Service cpu-utilizationService cpu-utilization No service cpu-utilization Console show versionShow cpu utilization This example enables measuring CPU utilizationConsoleconfig# service cpu-utilization Show cpu utilizationConsole# show cpu utilization TACACS+ Commands Tacacs-server hostNo tacacs-server host ip-addresshostname Tacacs-server key key-string No tacacs-server key Tacacs-server keyFollowing example specifies a TACACS+ host Empty stringFollowing example sets the timeout value to Tacacs-server timeoutFollowing example sets the authentication encryption key Consoleconfig# tacacs-server timeoutSource Specifies the source IP address Tacacs-server source-ipShow tacacs Following example specifies the source IP addressIp-address Name or IP address of the TACACS+ server Console# show tacacsTACACS+ Commands User Interface Commands EnableDisable Login User Exec mode command changes a login username LoginFollowing example return to Users Exec mode LoginConfigure ConfigureFollowing example enters Global Configuration mode Exit Configuration All configuration modesExit Following example closes an active terminal session EndPrivileged and User Exec modes EndTerminal datadump All command modesHelp HelpTerminal datadump No terminal datadump Dumping is disabledShow history Show historyConsole# show version Show privilegeShow privilege Console# show historyCommand The command to be executed Console# show privilegeConsole Config# do show vlan Vlan database Vlan CommandsFollowing example enters the Vlan database mode VlanFollowing example Vlan number 1972 is created Vlan Configuration modeInterface vlan Interface vlan vlan-idInterface range vlan Interface range vlan vlan-rangeallAll All existing static VLANs No name is defined NameNo name Following example gives Vlan number 19 the name MarketingSwitchport protected Switchport protected is disabledConsoleconfig-if#switchport protected ethernet ext.1 Switchport mode Switchport access vlanSwitchport mode access trunk general No switchport mode Switchport trunk allowed vlan Switchport trunk allowed vlan add vlan-listremove vlan-listAll ports belong to Vlan Switchport trunk native vlan Vlan-id- Specifies the ID of the native VlanSwitchport general allowed vlan VID=1Switchport general pvid Vlan-id- Specifies the Pvid Port Vlan IDSwitchport general ingress-filtering disable Ingress filtering is enabledSwitchport forbidden vlan add vlan-listremove vlan-list Switchport general acceptable-frame-type tagged-onlySwitchport forbidden vlan All frame types are accepted at ingressIp internal-usage-vlan vlan-id No ip internal-usage-vlan Ip internal-usage-vlanAll VLANs are allowed Vlan-id- Specifies the ID of the internal usage VlanShow vlan id vlan-idname vlan-name Consoleconfig-if#ip internal-usage-vlanShow vlan Vlan-id- specifies a Vlan IDShow vlan internal usage Following example displays all Vlan informationShow vlan internal usage Show interfaces switchport Console# show vlan internal usageConsole# show interface switchport ethernet ext.1 VLAN011Pvid Map protocol protocols-group Map protocol protocol encapsulation protocols-group groupFollowing protocol names are reserved Switchport general map protocols-group vlanVlan Database mode Following example maps protocol ip-arp to the group namedMap mac macs-group Switchport general map macs-group vlan Console config-if#switchport general map macs-group 1 vlanSwitchport general map subnets-group vlan Map subnet subnets-groupShow vlan protocols-groups Show vlan macs-groups Console# show vlan protocols-groupsShow vlan subnets-groups Following example shows subnets-groups information Vlan Commands No authentication method is defined 29 802.1x CommandsAaa authentication dot1x Method1 method2... At least one from the following tableDot1x system-auth-control 802.1x is disabled globallyFollowing example enables 802.1x globally Dot1x port-controlInterface Configuration Ethernet Consoleconfig-if#dot1x port-control autoPort is in the force-authorized state Dot1x re-authentication No dot1x re-authentication Dot1x re-authenticationDot1x timeout re-authperiod Periodic re-authentication is disabledDot1x re-authenticate ethernet interface Dot1x re-authenticateRe-authentication period is 3600 seconds Consoleconfig-if#dot1x timeout re-authperiodDot1x timeout quiet-period Console# dot1x re-authenticate ethernet ext.16Quiet period is 60 seconds Timeout period is 30 seconds Dot1x timeout tx-periodDot1x timeout tx-period seconds No dot1x timeout tx-period Consoleconfig-if#dot1x timeout quiet-periodDefault number of times is Dot1x max-reqDot1x max-req count No dot1x max-req Dot1x timeout supp-timeout Default timeout period is 30 secondsDot1x timeout server-timeout Consoleconfig-if# dot1x timeout supp-timeoutConsoleconfig-if#dot1x timeout server-timeout Show dot1x Show dot1x ethernet interfaceConsole# show dot1x Console# show dot1x ethernet ext.3 Show dot1x users Show dot1x users username usernameUsername Supplicant username Range 1-160 characters Following example displays 802.1x users Console# show dot1x usersConsole# show dot1x users username Bob Show dot1x statistics Show dot1x statistics ethernet interfaceConsole# show dot1x statistics ethernet ext.1 Dot1x auth-not-req Dot1x auth-not-req No dot1x auth-not-reqConsoleconfig-if# dot1x auth-not-req Access is enabledMultiple hosts are disabled Dot1x multiple-hostsDot1x single-host-violation No traps are sent Consoleconfig-if#dot1x single-host-violation forward trapDot1x guest-vlan Dot1x guest-vlan No dot1x guest-vlanDot1x guest-vlan enable Following example defines Vlan 2 as a guest VlanShow dot1x advanced ethernet interface Consoleconfig-if#dot1x guest-vlan enableShow dot1x advanced Console# show dot1x advancedConsole# show dot1x advanced ethernet ext.1 Finland Appendix a Getting HelpWorld Wide Web Telephone HollandMyanmar AustraliaCambodia New Zealand 0800 444Ecuador PanamaUruguay