Manuals / Siemens / Computer Equipment / Network Router

Siemens S223 1 802.1x Authentication, Enabling, Configuring Radius Server, Authentication Server

Models: S323 S223

1 381

Page 65

User Manual	UMN:CLI
SURPASS hiD 6615 S223/S323 R1.5

4.5.1802.1x Authentication

4.5.1.1Enabling 802.1x

To configure 802.1x, the user should enable 802.1x daemon first. In order to enable 802.1x daemon, use the following command.

Command	Mode	Description

dot1x system-auth-control	Global	Enables 802.1x daemon.

no dot1x system-auth-control		Disables 802.1x daemon.
no dot1x system-auth-control		Disables 802.1x daemon.

4.5.1.2Configuring RADIUS Server

As RADIUS server is registered in authenticator, authenticator also can be registered in RADIUS server.

Here, authenticator and RADIUS server need extra data authenticating each other be- sides they register each other’s IP address. The data is the key and should be the same value for each other. For the key value, every kinds of character can be used except for the space or special character.

		RADIUS
		Server
[Suppliant]	[Authenticator]	[Authentication Server]

Authentication request

in order

	Designate as default	Response
	RADIUS server	Response
	RADIUS server

RADIUS Servers

A : 10.1.1.1

B : 20.1.1.1

C : 30.1.1.1

J : 100.1.1.1

Fig. 4.2 Multiple Authentication Servers

If you register in several servers, the authentication server starts form RADIUS server registered as first one, then requests the second RADIUS server in case there’s no re- sponse. According to the order of registering the authentication request, the authentica- tion request is tried and the server which responds to it becomes the default server from the point of response time.

A50010-Y3-C150-2-7619

Page 65

Image 65

Siemens S223, S323 user manual 1 802.1x Authentication, Enabling, Configuring Radius Server, Authentication Server

Contents

A50010-Y3-C150-2-7619 UmncliA50010-Y3-C150-2-7619 Important Notice on Product SafetySurpass hiD 6615 S223/S323 R1.5 Issue History Reason for UpdateSummary System software upgrade added DetailsContents 4.4 4.35.1 5.27.2 7.17.3 12.1101 100102 103125 124126 127147 Surpass hiD 6615 S223/S323 R1.5 3.1149 150180 179181 182216 Surpass hiD 6615 S223/S323 R1.5 5.9217 6.11.17 1.16246 247268 Surpass hiD 6615 S223/S323 R1.5 3.2269 3.8297 295298 299318 Surpass hiD 6615 S223/S323 R1.5 10.1.110.1.1.1 10.1.1.2353 10.2.1210.2.13 354Illustrations Igmp Snooping and PIM-SM Configuration Network 279 Tab Tables171 176Document Structure AudienceTab .1 briefly describes the structure of this document Tab .1 Overview of Chapters A50010-Y3-C150-2-7619Document Convention Tab .2 Command Notation of Guide BookDocument Notation CE Declaration of ConformityGPL/LGPL Warranty and Liability Exclusion System Overview Quality of Service QoS System FeaturesMulticasting IP RoutingLink Aggregation Trunking Spanning Tree Protocol STPSystem Management based on CLI Broadcast Storm ControlRadius and TACACS+ Command Mode Command Line Interface CLIShows hiD 6615 S323 software mode structure briefly Privileged Exec Enable Mode Privileged Exec View ModeGlobal Configuration Mode Tab .1 Main Commands of Privileged Exec View ModeTab .3 Main Commands of Global Configuration Mode Bridge Configuration ModeOpens Rule Configuration mode Rule Configuration ModeTab .4 Main Commands of Bridge Configuration Mode Dhcp Option 82 Configuration Mode Dhcp Configuration ModeTab .6 Main Commands of Dhcp Configuration Mode Command Mode Description Ip dhcp pool PoolCommand Mode Description Interface Interface Interface Configuration ModeRmon Configuration Mode Vrrp Configuration Mode Router Configuration ModeTab .10 Main Commands of Router Configuration Mode Command Mode DescriptionRoute-Map Configuration Mode Variables following after the commands Listing Available CommandsUseful Tips 6615 S223/S323Surpass hiD 6615 S223/S323 R1.5 Calling Command HistoryCommand Using Command of Privileged Exec Enable Mode Using AbbreviationTab .13 Command Abbreviation SWITCH# show clockAble mode, you will be logged out Exit Current Command ModeExits to Privileged Exec enable mode Step System LoginSystem Connection Passwd enable 8 Password Password for Privileged Exec ModeCommand Mode Description Passwd enable Password Creating System Account Changing Login PasswordManagement for System Account To display the created account, use the following command Configuring Security LevelSWITCH# show list No privilege configure level Command Mode Description No privilegeNo privilege rmon-alarm level No privilege bgp levelShows a configured security level Command Mode Description Show privilegeSWITCH# write memory Telnet AccessSWITCH# disconnect ttyp0 Limiting Number of UserManual System Rebooting System RebootingSWITCHconfig# show exec-timeout Auto Log-outAuto System Rebooting System AuthenticationAuto-reset memory 1-120 No auto-reset cpu memoryPrimary Authentication Method Authentication MethodAuthentication Interface Timeout of Authentication Request Radius Server for System AuthenticationRadius Server Radius Server PriorityTacacs Server Tacacs Server for System AuthenticationFrequency of Retransmit 5.2 Tacacs Server PriorityTCP Port for the Authentication Additional TACACS+ ConfigurationAuthentication Type Command Mode Description Login tacacs timeoutDisplaying System Authentication Accounting ModeLogin accounting-mode none Start stop bothTacacs Sample ConfigurationAssigning IP Address To enable the interface, use the following command Interface Configuration ModeEnabling Interface Disabling InterfaceAssigning IP Address to Network Interface Static Route and Default GatewayIp address IP-ADDRESS/M No ip route IP-ADDRESS/MForwarding Information BaseFIB Retain Displaying Forwarding Information BaseFIB TableDisplaying Interface ② On Interface Configuration ModeShow interface Interface Show ip interface InterfaceSSH Server SSH Secure ShellLogin to SSH Server Assigning Specific Authentication Key2.3 Configuring Authentication Key SSH ClientSsh keygen rsa1 rsa dsa Configure the authentication key in the switchConnect to SSH server with the authentication key EAP over LAN EAP over Radius 802.1x AuthenticationServer Suppliant Authenticator Authentication Server Configuring Radius Server 1 802.1x AuthenticationAuthentication Server Designate as default ResponseDot1x radius-server host Configuring Authentication ModeCommand Mode Description Dot1x radius-server move IP Force Authorization Authentication PortMode Description Dot1x port-control auto force Command Mode Description Dot1x timeout tx-period1.7 Configuring Number of Request to Radius Server 2 802.1x Re-Authentication1.8 Configuring Interval of Request to Radius Server Enabling 802.1x Re-Authentication2.4 802.1x Re-authentication Configuring the Interval of Re-AuthenticationConfiguring the Interval of Requesting Re-authentication Applying Default Value Initializing Authentication StatusDisplaying 802.1x Configuration 6 802.1x User Authentication StatisticSWTICHconfig# dot1x auth-mode mac-base SWTICHconfig# dot1x system-auth-controlPortAuthed Show port Ports Port BasicSelecting Port Type To enable/disable a port, use the following command Ethernet Port ConfigurationCommand Mode Description Port medium Port sfp rj45 Enabling Ethernet PortAuto-negotiation Command Mode Description Port nego Ports on offTransmit Rate Port speed Ports 10 100Command Mode Description Port duplex Ports full half Duplex ModeFlow Control HalfTo view description of port, use the following command Following is an example of configuring flow control to portSWITCHbridge# port flow-control 25 on SWITCHbridge# show port descriptionSWITCHbridge# show port statistics rmon SWITCHbridge# show port statistics avg-pktTraffic Statistics Packets StatisticsProtocol statistics To enable/disable protocol statisticsCPU statistics SWITCH# show port To display a port status, use the following commandPort Mirroring Port StatusDesignate the monitor port, use the following command Activate the port mirroring, using the following commandDesignate the mirrored ports, use the following command Command Mode Description Mirror add Ports ingressConnect a motoring PC to the monitor port of the switch To disable monitoring function, use the following commandEnable mirroring function Configure the monitor port 1 and mirroring port 2, 3, 4Time and Date Environment ConfigurationHost Name Network Time Protocol Time ZoneTab .1 shows the world time zone Tab .1 World Time ZoneFollowing is an example of releasing NTP and showing it NTP Network Time ProtocolSimple Network Time Protocol Sntp No sntp Terminal ConfigurationTo display Sntp configuration, use the following command To restore a default banner, use the following command Login BannerTo set a DNS server, use the following command DNS ServerDisabling Daemon Operation Fan OperationSystem Threshold CPU LoadPort Traffic Mode Description Threshold PortFan Operation No threshold Port Ports rxEnabling FTP Server System TemperatureSystem Memory Threshold temp Value ValueDisplaying System Configuration Configuration ManagementAssigning IP Address of FTP Client All Option History router bgp pim ripSystem Configuration File Saving System ConfigurationSWITCH# show running-config syslog Auto-SavingSWITCHconfig# copy running-config SURPASShiD6615 Restoring Default ConfigurationTo delete backup file, use the following command Network Connection SWITCHconfig# restore factory-defaultsSystem Management Figured time interval. Default is 2 seconds Items Description Source address or interface Type of serviceSet DF bit in IP header? no Data pattern 0xABCDIP Source Routing A50010-Y3-C150-2-7619 IP Icmp Source-RoutingFollowing is the basic information to trace packet routes Tracing Packet RouteMAC Table Displaying User Connecting to SystemSWITCH# traceroute SWITCH# show uptime Configuring Ageing timeRunning Time of System System InformationCPU packet limit System Memory InformationAverage of CPU Load Running ProcessDisplaying System Image Displaying Installed OSDefault OS Tech Support Switch StatusBer of display lines of terminal screen A50010-Y3-C150-2-7619 103Simple Network Management Protocol Snmp Command Mode Description Snmp community ro rw CommunitySnmp Community No snmp community ro rw CommunityA50010-Y3-C150-2-7619 105 Information of Snmp AgentFollowing is an example of creating 2 Snmp communities SWITCHconfig# show snmp com2sec Following is an example of configuring Snmp com2secSnmp Com2sec Snmp GroupSWITCHconfig# snmp view Test included Permission to Access Snmp View RecordSnmp View Record Following is an example of creating an Snmp view recordTo display Snmp version 3 user, use the following command Lowing commandSnmp access Snmp Version 3 UserTo set an Snmp trap host, use the following command Snmp Trap ModeTo select an Snmp trap-mode, use the following command Snmp Trap Host110 A50010-Y3-C150-2-7619 Enabling Snmp TrapNode To disable Snmp trap, use the following commandDisabling Snmp Trap Enabling Alarm Notification Snmp AlarmSWITCHconfig# snmp inform-trap-host Displaying Snmp TrapTo configure a priority of alarm, use the following command Default Alarm SeverityAlarm Severity Criterion 114 A50010-Y3-C150-2-7619 Generic Alarm SeveritySnmp Alarm-severity adva-if-sfp-mismatch Adva Alarm SeverityA50010-Y3-C150-2-7619 115 Critical major minor warning intermedi116 A50010-Y3-C150-2-7619 ERP Alarm SeverityA50010-Y3-C150-2-7619 117 Displaying Snmp ConfigurationSTP Guard Alarm Severity Disabling Snmp To disable Snmp feature, use the following commandSWITCHconfig# show snmp alarm-history Disables local OAM Operation, Administration and Maintenance OAMOAM Loopback A50010-Y3-C150-2-7619 119Remote OAM Local OAM ModeOAM Unidirection A50010-Y3-C150-2-7619 121 Displaying OAM ConfigurationTo display OAM configuration, use the following command 122 A50010-Y3-C150-2-7619 Lldp Operation Link Layer Discovery Protocol LldpLldp Operation Type Basic TLV124 A50010-Y3-C150-2-7619 Interval and Delay TimeLldp Message A50010-Y3-C150-2-7619 125 Displaying Lldp ConfigurationTo display Lldp configuration, use the following command SWITCHconfig# show rmon-history config To open RMON-historymode, use the following commandCommand Mode Description Rmon-history Remote Monitoring RmonSubject of Rmon History Source Port of Statistical DataNumber of Sample Data Interval of Sample InquiryDisplaying Rmon History Deleting Configuration of Rmon HistoryActivating Rmon History Subject of Rmon Alarm Rmon AlarmCommand Mode Description Rmon-alarm A50010-Y3-C150-2-7619 129Absolute Comparison and Delta Comparison Object of Sample InquiryUpper Bound of Threshold 130 A50010-Y3-C150-2-7619Lower Bound of Threshold Configuring Standard of the First AlarmDeleting Configuration of Rmon Alarm Activating Rmon AlarmDisplaying Rmon Alarm Rmon EventSubject of Rmon Event Event DescriptionEvent Type Activating Rmon EventDisplaying Rmon Event Deleting Configuration of Rmon Event134 A50010-Y3-C150-2-7619 Activates Rmon eventSyslog To set a syslog output level, use the following commandSyslog Output Level Syslog Output Level without a Priority136 A50010-Y3-C150-2-7619 Syslog Output Level with a PriorityLocal5 local6 local7 lpr mail news sys Log user uucp emerg alert crit errA50010-Y3-C150-2-7619 137 Facility CodeSyslog Bind Address Debug Message for Remote Terminal Displaying Syslog ConfigurationDisabling Syslog Displaying Syslog MessageRule and QoS How to Operate Rule and QoSRule Creation Rule ConfigurationRule Priority 140 A50010-Y3-C150-2-7619A50010-Y3-C150-2-7619 141 Packet ClassificationTcp 142 A50010-Y3-C150-2-7619A50010-Y3-C150-2-7619 143 Rule ActionOverwrites 802.1p CoS field in the packet same as IP 144 A50010-Y3-C150-2-7619Remedy Select another name for the rule e.g. add a prefix Applying RuleModifying and Deleting Rule Displaying Rule 3 QoSScheduling Algorithm Weighted Round Robin WRRWeighted Fair Queuing WFQ Strict Priority Queuing SP Weighted Fair Queuing3.3 802.1p Priory-to-queue Mapping Qos WeightTo configure a queue parameter, use the following command Admin Access RuleTo display a configuration of QoS, enter following command Queue ParameterCommand Mode Description Priority low medium high Command Mode Description Rule Name create adminA50010-Y3-C150-2-7619 151 Highest Defaul low152 A50010-Y3-C150-2-7619 Command Mode Description Apply Command Mode Description No-match denyApplies an admin access rule to the system Match permit Permits a packet154 A50010-Y3-C150-2-7619 Shows a current configuration of a ruleA50010-Y3-C150-2-7619 155 NetBIOS FilteringInternet Max Host SWITCHbridge# show netbios-filterMartian Filtering Max New Hosts To display configured max host, use the following commandFollowing is an example of displaying configured max hosts Enable port security on the port To configure max new hosts, use the following commandPort Security Port Security on PortSet the maximum number of secure MAC address for the port Set the violation mode and the action to be takenEnter a secure MAC address for the port A50010-Y3-C150-2-7619 159Port Security Aging This is an example of configuring port security on portPort MaximumA50010-Y3-C150-2-7619 161 MAC TableCommand Mode Description No mac Command Mode Description Clear macClear mac Name Clear mac Name PortSample Configuration Default Policy of MAC FilteringMAC Filtering Adding Policy of MAC FilterDisplaying MAC Filter Policy Deleting MAC Filter PolicyListing of MAC Filter Policy ARP Table Address Resolution Protocol ARPFollowing is an example of displaying one configuration 166 A50010-Y3-C150-2-7619 Registering ARP TableDisplaying ARP Table ARP Alias To display ARP alias, use the following commandARP Inspection A50010-Y3-C150-2-7619 167168 A50010-Y3-C150-2-7619 Proxy-ARP Icmp Message ControlGratuitous ARP Interval for Transmit Icmp Message Blocking Echo Reply MessageTab Type ValueType Status Enable Shows Icmp interval configuration Global Command Mode Description Ip icmp interval rate-limitTransmitting Icmp Redirect Message 172 A50010-Y3-C150-2-7619Policy of unreached messages RST ConfigurationIP TCP Flag Control Verifying Packet Dump SYN ConfigurationPacket Dump A50010-Y3-C150-2-7619 175 Packet Dump by ProtocolPacket Dump with Option Option Description Tab .4 shows the options for packet dumpTab .4 Options for Packet Dump 176 A50010-Y3-C150-2-7619 A50010-Y3-C150-2-7619 177 Displaying the usage of the packet routing tableDebug Packet Dump Enlarged Network Bandwidth VlanCost-Effective Way Strengthened SecurityPort-Based Vlan Specifying Pvid Creating VlanAssigning Port to Vlan Deleting VlanDisplaying Vlan Protocol-Based VlanMAC address-based Vlan Tagged Vlan Subnet-based VlanVlan Tag Macbase MAC-ADDRESSMapping Frames to Vlan Vlan DescriptionDisplaying Vlan Information Tunnel Port QinQTrunk Port TaggedTo disable double tagging, use the following command Double Tagging ConfigurationDouble Tagging Operation Designate the QinQ portLayer 2 Isolation Tpid ConfigurationPrivate Vlan Edge Private VlanPort Isolation Command Mode Description Port protected PortsShared Vlan No port protected PortsVlan fid Vlans FID 188 A50010-Y3-C150-2-7619Open Bridge Configuration mode using the bridge command Open Rule Configuration mode using rule Name create commandSample Configuration 1 Configuring Port-based Vlan Vlan TranslationFollowing is deleting vlan id 3 among configured Vlan Sample Configuration 2 Deleting Port-based VlanSample Configuration 3 Configuring Protocol-based Vlan Default br2 br3 br4Switch Sample Configuration 4 Configuring QinQSample Configuration 5 Configuring Shared Vlan with FID SWITCHbridge# vlan dot1q-tunnel enableLink Aggregation SWITCHbridge# vlan add br5 1-42untaggedPort Trunk Configuring Port TrunkTrunk distmode Dstip dstmac SrcdstipDisabling Port Trunk Displaying Port Trunk ConfigurationLink Aggregation Control Protocol Lacp Packet Route Configuring LacpActivate Lacp function, using the following command 196 A50010-Y3-C150-2-7619 Operating Mode of Member PortTo disable configuring packets, use the following command Bpdu Transmission Rate Identifying Member Ports within LacpKey value of Member Port A50010-Y3-C150-2-7619 197Command Mode Description Lacp port priority Ports Priority of SwitchPriority of Member Port 198 A50010-Y3-C150-2-7619A50010-Y3-C150-2-7619 199 Displaying Lacp ConfigurationTo display a configured LACP, use the following command Spanning-Tree Protocol STP A50010-Y3-C150-2-7619 201 Root SwitchSTP Operation Switch Designated SwitchPort Priority Designated Port and Root PortPort States DisabledListening LearningBackup Switch B Switch CPort Path Switch D Rstp OperationRapid Network Convergence Bpdu Policy17 Network Convergence of 802.1w A50010-Y3-C150-2-7619 207 19 Network Convergece of 802.1w 208 A50010-Y3-C150-2-7619 Compatibility with 802.1d Mstp OperationRegion B IST Switch D Switch EOperation A50010-Y3-C150-2-7619 211 Configuring STP/RSTP/MSTP/PVSTP/PVRSTP Mode RequiredRegion a IST Root Switch Configuring STP/RSTP/MSTPActivating STP/RSTP/MSTP Path-costA50010-Y3-C150-2-7619 213 Port-priorityTab STP Path-cost MST Region Point-to-point MAC Parameters Mstp ProtocolEdge Ports A50010-Y3-C150-2-7619 215To delete the edge port mode, use the following command Displaying ConfigurationCommand Mode Description Stp pvst enable VLAN-RANGE Configuring PVSTP/PVRSTPActivating PVSTP/PVRSTP A50010-Y3-C150-2-7619 2176.3 Path-cost Ally. To configure port priority, use the following command6.4 Port-priority 218 A50010-Y3-C150-2-7619Restarting Protocol Migration Root Guard ConfigurationRoot Guard Forward Delay Bridge Protocol Data Unit ConfigurationHello Time Hello TimeMax Age Forward DelayFollowing command To delete a configured max age, use the following command9.4 Bpdu Hop 9.5 Bpdu FilterSelf Loop Detection Configure the specific port as edge-portConfigure Bpdu Guard 224 A50010-Y3-C150-2-7619 Displaying Bpdu ConfigurationBackup Route 226 A50010-Y3-C150-2-7619 Mstp ConfigurationSWITCHbridge# stp force-version mstp Internet Virtual Router Redundancy Protocol VrrpTo delete the Vrrp configuration, use the following command Configuring VrrpAssociated IP Address 228 A50010-Y3-C150-2-7619A50010-Y3-C150-2-7619 229 Access to Associated IP AddressMaster Router and Backup Router SWTICH1config# router vrrp default Layer 3 Switch 2 IP Address 10.0.0.2/24Vrrp Track Function To configure Vrrp Track, use the following command Authentication PasswordPreempt SWITCHconfig-vrrp#authentication cleartext networkFollowing is an example of disabling Preempt A50010-Y3-C150-2-7619 233Vrrp Statistics Configuration modeRate Limit A50010-Y3-C150-2-7619 235 Configuring Rate LimitTo set a port bandwidth, use the following command 236 A50010-Y3-C150-2-7619 Configuring Flood-GuardFlood Guard SWITCHbridge# show mac-flood-guard Following is an example of configuration to bandwidth asBandwidth A50010-Y3-C150-2-7619 237Saving Cost Dynamic Host Configuration Protocol DhcpEfficient IP Management IP Packet Broadcast Dhcp Server or Relay AgentDhcp Server Range of IP Address Dhcp Pool CreationDhcp Subnet Following is an example of specifying the default gateway Default GatewayIP Lease Time A50010-Y3-C150-2-7619 241Manual Binding DNS ServerFollowing is an example of specifying a DNS server 242 A50010-Y3-C150-2-7619Dhcp Server Option Domain NameStatic Mapping Recognition of Dhcp ClientCommand Mode Description Ip dhcp arp ping timeout Command Mode Description Ip dhcp arp ping packetIP Address Validation Authorized ARPProhibition of 1N IP Address Assignment Ignoring Bootp RequestDhcp Packet Statistics A50010-Y3-C150-2-7619 245SWITCHconfig# show ip dhcp server statistics Displaying Dhcp Pool ConfigurationCommand Mode Description Show ip dhcp pool Pool 246 A50010-Y3-C150-2-7619Dhcp Class Capability Dhcp Address Allocation with OptionDhcp Class Creation Relay Agent Information PatternRange of IP Address for Dhcp Class Associating Dhcp ClassText String No address range A.B.C.DDhcp Database Agent Dhcp Lease DatabaseDisplaying Dhcp Lease Status A50010-Y3-C150-2-7619 249Deleting Dhcp Lease Database Dhcp Relay AgentDhcp Server Relay Agent Subnet PC= Dhcp ClientC.D all Packet Forwarding AddressSmart Relay Agent Forwarding Dhcp Option Option 82 Sub-Option Enabling Dhcp OptionOption 82 Trust Policy Default Trust PolicyOption 82 Reforwarding Policy Simplified Dhcp Option To specify a trusted remote ID, use the following commandTrusted Remote ID Trusted Physical PortEnabling Dhcp Client Dhcp Client6.2 Dhcp Client ID 6.3 Dhcp Class IDRequesting Option Displaying Dhcp Client ConfigurationForcing Release or Renewal of Dhcp Lease A50010-Y3-C150-2-7619 257Enabling Dhcp Snooping Dhcp SnoopingDhcp Trust State 258 A50010-Y3-C150-2-7619Dhcp Rate Limit Mode Description Ip dhcp snooping Limit-leaseDhcp Lease Limit Source MAC Address VerificationSpecifying Dhcp Snooping Database Agent Dhcp Snooping Database AgentSpecifying Dhcp Snooping Binding Entry 260 A50010-Y3-C150-2-7619IP Source Guard Displaying Dhcp Snooping ConfigurationEnabling IP Source Guard Source IP Address FilterSource port-security commands together Displaying IP Source Guard ConfigurationCommand Mode Description Ip dhcp verify source Ports Static IP Source BindingDhcp Filtering Command Mode Description Ip dhcp filter-addressDhcp Packet Filtering Dhcp Server Packet FilteringPacket service all Command Mode Description Debug dhcp filterDebugging Dhcp 264 A50010-Y3-C150-2-7619ERP Operation Ethernet Ring Protection ERPSend Link Down Message Normal NodeRM Node Normal Node RM NodeERP Domain Configuring ERPLoss of Test Packet Lotp Port of ERP domain RM NodeProtected Vlan Protected ActivationWait-to-Restore Time Manual Switch to SecondaryLearning Disable Time Test Packet IntervalShow erp all DOMAIN-ID Displaying ERP ConfigurationStacking Designating Master and Slave Switch Switch GroupDesignate Mater switch using the following command A50010-Y3-C150-2-7619 271To disable stacking, use the following command Accessing to Slave Switch from Master SwitchSample Configuration 1 Configuring Stacking Disabling StackingSWITCHAconfig# stack device default SWITCHA# configure terminalSWITCHBconfig# stack device default A50010-Y3-C150-2-7619 273To disconnect, input as below Broadcast Storm ControlStorm-control broadcast mul Ticast dlf Rate PortsA50010-Y3-C150-2-7619 275 Command Mode Description Jumbo-frame PortsJumbo-frame Capacity 276 A50010-Y3-C150-2-7619 Blocking Direct BroadcastMaximum Transmission Unit MTU A50010-Y3-C150-2-7619 277 SWITCHconfig-if#show running-config interfaceLayer 3 Network Layer 2 NetworkMulticast Routing Information Base Command Mode Description Ip multicast route-limitEnabling Multicast Routing Required Limitation of Mrib Routing EntryClearing Total or Partial Group Entry of Mrib Clearing Mrib InformationClearing Statistics of Multicast Routing Table 280 A50010-Y3-C150-2-7619Mrib Debug Displaying Mrib InformationMulticast Time-To-Live Threshold 282 A50010-Y3-C150-2-7619 Multicast AgingInternet Group Management Protocol Igmp Igmp Basic ConfigurationIgmp Version per Interface Igmp VersionIgmp Version Igmp Static Join SettingRemoving Igmp Entry Igmp DebugCommand Mode Description Ip igmp static-group Igmp Query ConfigurationMaximum Number of Groups Vlan Vlan port Port reporter286 A50010-Y3-C150-2-7619 Igmp Maximum Response TimeA50010-Y3-C150-2-7619 287 Displaying the Igmp ConfigurationIgmp v2 Fast Leave Step Execute the ip multicast-routing command Igmp Snooping Basic Configuration3 L2 Mfib Enabling Igmp Snooping per VlanCommand Mode Description Ip igmp snooping vlan Vlans Enable Igmp snooping on a Vlan interfaceCommand Mode Description Show ip igmp snooping Vlan Igmp v2 Snooping290 A50010-Y3-C150-2-7619 Igmp v2 Snooping Fast LeaveMulticast Packet Igmp v2 Snooping Querier To disable Igmp querier, use the following commandEnabling Igmp Snooping Querier A50010-Y3-C150-2-7619 291To disable the max-response-time, use the following command Timeout Value of Igmp v2 Snooping Querier’s General QueryQuery Interval of Igmp v2 Snooping Querier 292 A50010-Y3-C150-2-7619A50010-Y3-C150-2-7619 293 Igmp v2 Snooping Last-Member-IntervalVlans querier detail Last-member-query-intervalIgmp v2 Snooping Report Method Configuring Mrouter Port per VlanMrouter Port 294 A50010-Y3-C150-2-7619Mrouter Port Learning Method Displaying Mrouter ConfigurationMulticast TCN Flooding 296 A50010-Y3-C150-2-7619 Command Mode Description Ip igmp snooping tcn queryVlans flood Nected to on a Vlan interfaceIgmp Snooping Version Igmp v3 SnoopingJoin Host Management A50010-Y3-C150-2-7619 297Immediate Block To display a configuration, use the following commandMulticast Vlan Registration MVR MVR Group Address Enabling MVRMVR IP Address A50010-Y3-C150-2-7619 299Send and Receive Port 7.5 Displaying MVR ConfigurationIgmp Filtering and Throttling Policy of Igmp Profile Creating Igmp ProfileGroup Range of Igmp Profile A50010-Y3-C150-2-7619 301Applying Igmp Profile to the Filter Port To return to the default setting, use the following commandMax Number of Igmp Join Group 302 A50010-Y3-C150-2-7619RPT and SPT PIM-SM Protocol Independent Multicast-Sparse ModeDisplaying Igmp Snooping Table Packet for the request PIM Common ConfigurationDR Priority PIM-SM and Passive ModeFilters of Neighbor in PIM To configure a query hold time, use the following commandPIM Hello Query 306 A50010-Y3-C150-2-7619To activate PIM-SM debugging, use the following command Bootstrap Router BSRBSR and RP PIM DebugStatic RP for Certain Group RP InformationIp pim bsr-candidate Global Clears all RP sets SetA50010-Y3-C150-2-7619 309 Enabling Transmission of Candidate RP Message4.3 PIM-SM Registration4.4 Ignoring RP Priority Rate Limit of Register MessageCommand Mode Description Ip pim register-suppression Configure filtering out multicast sourcesFilters for Register Message from RP Source Address of Register MessageThis command is disabled by default SPT SwitchoverReachability for PIM Register Process 312 A50010-Y3-C150-2-7619Checksum of Full PIM Register Message PIM Join/Prune InteroperabilityCisco Router Interoperability 8.2 Candidate RP Message with Cisco BSR With older Cisco IOS versions, use the following command8.3 Excluding GenID Option With older Cisco IOS versionsPIM Snooping PIM-SSM Group316 A50010-Y3-C150-2-7619 Displaying PIM-SM ConfigurationBorder Gateway Protocol BGP IP Routing ProtocolEnabling BGP Routing Basic ConfigurationConfiguration Type of BGP Disabling BGP Routing Advanced ConfigurationGo back to Global Configuration mode using the exit command Summary of Path Command Mode Description Aggregate-address A.B.C.D/MAutomatic Summarization of Path As-set summary-onlyChoosing Best Path Multi-Exit Discriminator MEDBgp deterministic-med No bgp deterministic-medCommand Mode Description Bgp bestpath compare-confed Command Mode Description Bgp bestpath as-path ignoreSelects the best path using the router ID for identical AspathGraceful Restart Configures the router to consider the MED in choosingRestart Time IP Address FamilyStalepath Time 324 A50010-Y3-C150-2-7619Peer Group Default RouteBGP Neighbor Force Shutdown To create a BGP Peer Group, use the following commandRoute Map Word shutdown BGP Session ResetSession Reset of All Peers 328 A50010-Y3-C150-2-7619 Session Reset of Peers within Particular ASA50010-Y3-C150-2-7619 329 Session Reset of Specific RouteSession Reset of External Peer 330 A50010-Y3-C150-2-7619 Session Reset of Peer GroupA50010-Y3-C150-2-7619 331 Displaying and Managing BGPNEIGHBOR-IP routes 332 A50010-Y3-C150-2-7619Enabling Ospf Open Shortest Path First OspfNo router ospf Command Mode Description Router ospf334 A50010-Y3-C150-2-7619 Command Mode Description Network A.B.C.D/M area ABR Type ConfigurationCompatibility Support Ospf Interface336 A50010-Y3-C150-2-7619 Authentication TypeAuthentication Key A50010-Y3-C150-2-7619 337 Interface CostRouting Protocol Interval Blocking Transmission of Route Information DatabaseA50010-Y3-C150-2-7619 339 To configure a dead interval, use the following commandTo configure a transmit delay, use the following command 340 A50010-Y3-C150-2-7619 Ospf Maximum Transmission Unit MTUOspf Priority A50010-Y3-C150-2-7619 341 Non-Broadcast NetworkOspf Network Type 342 A50010-Y3-C150-2-7619 Area AuthenticationOspf Area Area 0-4294967295filter-list access LIST-NAMEin out Default Cost of AreaNo area 0-4294967295filter- list access LIST-NAMEin out Area 0-4294967295filter-list prefix LIST-NAMEin outNot So Stubby Area Nssa Default-information-originateNo-redistribution No-summaryOriginate metric Router Configures Nssa with one option To delete configured NSSA, use the following commandA50010-Y3-C150-2-7619 345 OriginateShortcut Area Area Range346 A50010-Y3-C150-2-7619 C.D/M advertise not AdvertiseVirtual Link Stub Area348 A50010-Y3-C150-2-7619 Transmit-delayDead-interval To delete the configuration, use the following command Default MetricGraceful Restart Support Hello-interval350 A50010-Y3-C150-2-7619 Grace-periodHelper Opaque-LSA Support Default RouteMetric Metric-typeFinding Period Metric-type Router Deletes the configurationRoute-map Metric-type Always Route-map MAP-NAMEA50010-Y3-C150-2-7619 353 External Routes to Ospf NetworkMetric-type Route-map MAP-NAME Router Deletes the default metric To delete the default metric, use the following commandOspf Distance External Inter-area Intra-areaHost Route To make it as a default, use the following commandPassive Interface A50010-Y3-C150-2-7619 355Ospf Monitoring and Management Blocking Routing InformationSummary Routing Information Displaying Ospf Protocol Information To display the Ospf database, use the following commandA50010-Y3-C150-2-7619 357 As A.B.C.D358 A50010-Y3-C150-2-7619 Command Mode Description Show ip ospf interface InterfaceA50010-Y3-C150-2-7619 359 Displaying Debugging InformationLimiting Number of Database Maximum Process of LSA Command Mode Description Overflow database360 A50010-Y3-C150-2-7619 Overflow database externalRouting Information Protocol RIP To use RIP protocol, you should enable RIPEnabling RIP A50010-Y3-C150-2-7619 361RIP Neighbor Router Configure the network to operate as RIPRIP Version Redistributing Routing Information Creating available Static Route only for RIPCommand Mode Description Route-map TAG deny permit Metrics for Redistributed Routes Routing Information Filtering Administrative DistanceOriginating Default Information Offset List Filtering Access List and Prefix ListDisabling the transmission to Interface Update RIP Network TimerTimeout Maximum Number of RIP RoutesTo adjust the timers, use the following command Authentication KeyNo timers basic Update Time Split HorizonUDP Buffer Size of RIP To disable RIP authentication, use the following commandRestarting RIP 372 A50010-Y3-C150-2-7619 Monitoring and Managing RIPA50010-Y3-C150-2-7619 373 General UpgradeCommand Mode Description Copy ftp tftp os Download 374 A50010-Y3-C150-2-7619 Boot Mode UpgradeTo configure a default gateway, use the following command To configure a subnet mask, use the following commandTo the boot mode only A50010-Y3-C150-2-7619 375376 A50010-Y3-C150-2-7619 Boot load os1 10.27.41.82 V5212G.3.18.xA50010-Y3-C150-2-7619 377 FTP UpgradeUploads the new system software using the following command Command! For more information, see Section Exit the FTP client using the following commandCommand Mode Description Exit 378 A50010-Y3-C150-2-7619Address Resolution Protocol Access Control ListCommand Line Interface CoS Class of ServiceLoss of Signal Internet Service ProviderLoss of Power Medium Access ControlSpanning Tree Protocol Type of ServiceSoftware Transmission Control Protocol

SURPASS hiD 6615 S223/S323 R1.5

4.5.1802.1x Authentication

4.5.1.1Enabling 802.1x

4.5.1.2Configuring RADIUS Server

RADIUS

[Authentication Server]

Designate as default

Response

Fig. 4.2 Multiple Authentication Servers

A50010-Y3-C150-2-7619