SMC Networks 10/100 Port Authentication Commands

C

OMMAND

L

INE

I

NTERFACE

3-44

Command Mode

Privileged Exec

Example

Port Authentication Commands

The switch supports IEEE 802.1x (dot1x) port-based access control

that prevents unauthorized access to the network by requiring

users to first enter a user ID and password for authentication.

Client authentication is controlled centrally by a RADIUS server

using EAPOL (Extensible Authentication Protocol O ver LAN).

Console#show radius-server

Server IP address: 10.1.0.99

Communication key with radius server:

Server port number: 1812

Retransmit times: 2

Request timeout: 5

Console#

Command Function Mode Page

authentication

dot1x

Enables authentication on all switch

ports by setting the dot1x mode to

“Auto”

GC 3-45

dot1x default Resets all dot1x parameters to their

default values

GC 3-46

dot1x max-req Sets the maximum number of requests

the switch can send for the

authentication process before starting

the process again

GC 3-46

dot1x port-control Sets dot1x mode for a port interface IC 3-47

dot1x

re-authenticate

Forces a re-authentication on specific

ports

PE 3-48

dot1x

re-authentication

Enables re-authentication for all ports GC 3-48

Contents

Main TigerSwitch 10/100 24-Port Fast Ethernet Switch Management Guide Page Page Page L W IMITED v ARRANTY W IMITED ARRANTY vi ONTENTS 1 Switch Management . . . . . . . . . . . . . . . . . . . . . . 1-1 2 Configuring the Switch . . . . . . . . . . . . . . . . . . . . 2-1 ii iii 3 Command Line Interface . . . . . . . . . . . . . . . . . . 3-1 iv v vi vii Page 1-1 1 S M WITCH ANAGEMENT Connecting to the Switch M 1-2 S 1-3 Required Connections M 1-4 Remote Connections C 1-5 Basic Configuration Console Connection M 1-6 Setting Passwords C 1-7 Setting an IP Address M 1-8 C 1-9 M 1-10 Enabling SNMP Management Access C 1-11 M 1-12 Saving Configuration Settings S F Managing System Files M 1-14 System Defaults D 1-15 M 1-16 D 1-17 Page 2-1 2 S THE ONFIGURING Navigating the Web Browser Interface Page S 2-4 Panel Display M 2-5 Main Menu S 2-6 M 2-7 S 2-8 C 2-9 Basic Configuration Displaying System Information Page C 2-11 Setting the IP Address S 2-12 C 2-13 Manual Configuration Using DHCP/BOOTP S 2-14 U A Configuring User Authentication Configuring the Logon Password S 2-16 U A 2-17 Configuring RADIUS Logon Authentication S 2-18 U A 2-19 Managing Firmware F 2-21 S 2-22 Saving or Restoring Configuration Settings Downloading Configuration Settings from a Server F 2-23 S 2-24 Resetting the System Displaying Bridge Extension Capabilities B C E 2-25 Page Enabling or Disabling GVRP (Global Setting) S 2-28 Displaying Switch Hardware/Software Versions Page S 2-30 Port Configuration Displaying Connection Status C 2-31 S 2-32 Configuring Interface Connections C 2-33 S 2-34 Setting Broadcast Storm Thresholds C 2-35 S 2-36 Page Address Table Settings Page Page Page Spanning Tree Algorithm Configuration T C A 2-43 Managing Global Settings S 2-44 Page S CLI THE 2-46 Page S 2-48 T C A 2-49 S 2-50 T C LGORITHM A REE VLAN Configuration 2-53 Assigning Ports to VLANs S 2-54 2-55 S 2-56 Forwarding Tagged/Untagged Frames Displaying Basic VLAN Information 2-57 Displaying Current VLANs Command Attributes (Web) Page 2-59 Creating VLANs S 2-60 2-61 Adding Static Members to VLANs (VLAN Index) S 2-62 2-63 Page 2-65 Configuring VLAN Behavior for Interfaces S 2-66 2-67 S 2-68 Configuring Private VLANs P VLAN 2-69 Displaying Current Private VLANs Page P VLAN 2-71 Configuring Private VLANs S 2-72 Associating Community VLANs Page S 2-74 P VLAN 2-75 Configuring Private VLAN Interfaces S 2-76 C Class of Service Configuration S 2-78 Setting the Queue Mode T Port Trunk Configuration S 2-80 Page S 2-82 Configuring SNMP SNMP 2-83 Setting Community Access Strings Page SNMP 2-85 S 2-86 Multicast Configuration C 2-87 Configuring IGMP Parameters S 2-88 C 2-89 Interfaces Attached to a Multicast Router S 2-90 Displaying Interfaces Attached to a Multicast Router Page Page Page Page C 2-95 Showing Port Statistics Page S THE 2-98 Rate Limit Configuration L C 2-99 Command Attribute Configuring 802.1x Port Authentication 802.1 A P 2-101 S 2-102 Displaying 802.1x Global Settings 802.1 A ORT P X S 2-104 Page Page 802.1 A Statistical Values P 2-107 Page Page Page 3 I INE L OMMAND L I 3-2 Telnet Connection I L C 3-3 Entering Commands C 3-5 Command Completion Getting Help on Commands Showing Commands Page C 3-7 Understanding Command Modes Exec Commands L I 3-8 Configuration Commands C 3-9 L I 3-10 Command Groups G 3-11 L I 3-12 C 3-13 General Commands enable L I 3-14 disable C 3-15 configure L I 3-16 show history C 3-17 reload end L I 3-18 exit C Flash/File Commands L I 3-20 copy C 3-21 L I 3-22 delete C 3-23 dir L I 3-24 whichboot C 3-25 boot system L I System Management Commands M C 3-27 hostname username L I 3-28 M C 3-29 enable password L I 3-30 ip http port Page Page M C ANAGEMENT YSTEM 3-33 Page M C ANAGEMENT YSTEM 3-35 L I 3-36 show system M C 3-37 show users show version Authentication Commands C 3-39 authentication login L I 3-40 radius-server host C 3-41 radius-server port Page C 3-43 radius-server timeout show radius-server L Port Authentication Commands A C 3-45 authentication dot1x Page Page Page Page Page A C 3-51 show dot1x L I 3-52 A C UTHENTICATION ORT 3-53 SNMP Commands snmp-server community 3-55 snmp-server contact Page 3-57 snmp-server host L I 3-58 snmp-server enable traps 3-59 show snmp L I 3-60 C 3-61 IGMP Snooping Commands ip igmp snooping L I 3-62 ip igmp snooping query-count C 3-63 ip igmp snooping query-max-response-time L I 3-64 ip igmp snooping router-port-expire-time C 3-65 ip igmp snooping version L I 3-66 show ip igmp snooping C 3-67 show mac-address-table multicast L I Line Commands C 3-69 line L I 3-70 login C 3-71 password L I 3-72 exec-timeout C 3-73 password-thresh L I 3-74 silent-time C 3-75 databits L I 3-76 parity C 3-77 speed Page 3-79 Example To show all lines, enter this command: IP Commands L I 3-80 ip address 3-81 ip dhcp restart L I 3-82 ip default-gateway 3-83 show ip interface Page 3-85 L I 3-86 HOL Blocking Prevention Commands queue hol-prevention HOL B C P 3-87 show queue hol-prevention Interface Commands C 3-89 interface L I 3-90 description speed-duplex C 3-91 L I 3-92 negotiation C 3-93 capabilities Default Setting L I 3-94 flowcontrol C 3-95 Page C 3-97 switchport broadcast percent L I 3-98 clear counters Page L I 3-100 show interfaces counters C NTERFACE 3-101 L I 3-102 show interfaces switchport C 3-103 L I 3-104 Rate Limit Commands L C 3-105 rate-limit L Address Table Commands T C 3-107 mac-address-table static L I 3-108 clear mac-address-table dynamic T C 3-109 show mac-address-table L I 3-110 mac-address-table aging-time T Spanning Tree Commands L I 3-112 spanning-tree T C 3-113 spanning-tree forward-time Page T C 3-115 spanning-tree max-age Page T C 3-117 spanning-tree port-priority L I 3-118 spanning-tree portfast T C 3-119 show spanning-tree L I 3-120 3-121 VLAN Commands L I 3-122 vlan database 3-123 Page 3-125 switchport mode L I 3-126 switchport acceptable-frame-types 3-127 switchport ingress-filtering L I 3-128 switchport native vlan 3-129 switchport allowed vlan L I 3-130 switchport forbidden vlan 3-131 show vlan L I 3-132 Private VLAN Commands VLAN C 3-133 L I 3-134 private-vlan VLAN C 3-135 private vlan association L I 3-136 switchport mode private-vlan VLAN C 3-137 switchport private-vlan host-association Page VLAN C 3-139 show vlan private-vlan L I GVRP and Bridge Extension Commands switchport gvrp GVRP C E B 3-141 L I 3-142 garp timer GVRP C E B 3-143 L I 3-144 bridge-ext gvrp GVRP C E B 3-145 Priority Commands C 3-147 queue mode show queue mode L Mirror Port Commands port monitor P C 3-149 show port monitor L Port Trunking Commands T C 3-151 L I 3-152 port-group Page Page A PPENDIX A-1 A T ROUBLESHOOTING A-2 Page F P S B-2 B-3 F P S Restoring Switch Defaults S D 4. Enter <q> and then <x> to return to the main menu. ESTORING EFAULTS Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Page Page Page I NDEX Index-1 A B R S T U V