Manuals / SMC Networks / Computer Equipment / Switch

SMC Networks SMC6824M manual Configuring the SSH Server

Models: SMC6824M

1 608

Download 608 pages 58 Kb

Page 139

USER AUTHENTICATION

CLI – This example generates a host-key pair using both the RSA and DSA algorithms, stores the keys to flash memory, and then displays the host’s public keys.

Console#ip ssh crypto host-key generate		4-51
Console#ip ssh save host-key		4-52
Console#show public-key host		4-55
Host:
RSA:	65537
1024	65537

127250922544926402131336514546131189679055192360076028653006761

8240969094744832010252487896597759216832222558465238779154647980739

6314033869257931051057652122430528078658854857892726029378660892368

4142327591212760325919683697053439336438445223335188287173896894511

729290510813919642025190932104328579045764891

DSA:

ssh-dss AAAAB3NzaC1kc3MAAACBAN6zwIqCqDb3869jYVXlME1sHL0EcE/Re6hlasf EthIwmjhLY4O0jqJZpcEQUgCfYlum0Y2uoLka+Py9ieGWQ8f2gobUZKIICuKg6vjO9X Ts7XKc05xfzkBiKviDa+2OrIz6UK+6vFOgvUDFedlnixYTVo+h5v8r0ea2rpnO6DkZA AAAFQCNZn/x17dwpW8RrVDQnSWw4Qk+6QAAAIEAptkGeB6B5hwagH4gUOCY6i1TmrmS iJgfwO9OqRPUMbCAkCC+uzxatOo7drnIZypMx+Sx5RUdMGgKS+9ywsa1cWqHeFY5ilc 3lDCNBueeLykZzVS+RS+azTKIk/zrJh8GLG Nq375R55yRxFvmcGIn/Q7IphPqyJ3o9 MK8LFDfmJEAAACAL8A6tESiswP2OFqX7VGoEbzVDSOIRTMFy3iUXtvGyQAOVSy67Mfc 3lMtgqPRUOYXDiwIBp5NXgilCg5z7VqbmRm28mWc5a//f8TUAg PNWKV6W0hqmshQdo tVzDR1e+XKNTZj0uTwWfjO5Kytdn4MdoTHgrbl/DMdAfjnte8MZZs=

Console#

Configuring the SSH Server

The SSH server includes basic settings for authentication.

Field Attributes

•SSH Server Status – Allows you to enable/disable the SSH server on the switch. (Default: Disabled)

•Version – The Secure Shell version number. Version 2.0 is displayed, but the switch supports management access via either SSH Version 1.5 or 2.0 clients.

•SSH Authentication Timeout – Specifies the time interval in seconds that the SSH server waits for a response from a client during an authentication attempt.

(Range: 1 to 120 seconds; Default: 120 seconds)

•SSH Authentication Retries – Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process. (Range: 1-5 times; Default: 3)

3-83

Image 139

SMC Networks SMC6824M manual Configuring the SSH Server, SSH server includes basic settings for authentication

Contents

TigerStack III 10/100 Page TigerStack III 10/100 Management Guide Trademarks Limited Warranty Limited Warranty Table of Contents Table of Contents Table of Contents Table of Contents Vii Command Line InterfaceViii Table of Contents Table of Contents Table of Contents Xii Xiii Xiv Table of Contents Xvi Xvii Glossary IndexXviii Xix TablesTables Xxi Xxii Xxiii Figures37 802.1X Global Information XxivXxv Xxvi Key Features Key FeaturesFeature Description Lacp Description of Software FeaturesDescription of Software Features Introduction Description of Software Features Introduction System Defaults System DefaultsFunction Parameter Default Https Pvid Dhcp Configuration Options Connecting to the SwitchInitial Configuration Required Connections Remote Connections Stack Operations Recovering from Stack Failure or Topology ChangeSelecting the Stack Master Resilient IP Interface for Management Access Basic ConfigurationConsole Connection Setting an IP Address Setting PasswordsManual Configuration Dynamic Configuration Enabling Snmp Management Access Community Strings for Snmp version 1 and 2c clients Clients, we recommend that you delete both of the defaultTrap Receivers Configuring Access for Snmp Version 3 ClientsSaving Configuration Settings Managing System Files Configuring Power over Ethernet Initial Configuration Using the Web Interface Configuring the SwitchConfiguring the Switch Home Navigating the Web Browser InterfaceButton Web Page Configuration ButtonsAction Panel Display Front Panel IndicatorsMain Menu Switch Main MenuMenu Description Sntp ACL Vlan Mstp 206 Vlan ID Field Attributes Displaying System InformationSystem Information CLI Specify the hostname, location and contact information Displaying Switch Hardware/Software VersionsManagement Software General Switch Information Web Click System, Switch InformationField Attributes Displaying Bridge Extension CapabilitiesCLI Enter the following command Setting the IP AddressWeb Click System, Bridge Extension Command Attributes IP Interface Configuration Manual Manual ConfigurationIP Interface Configuration Dhcp Using DHCP/BOOTPManaging Firmware Command AttributesCopy Firmware Downloading System Software from a ServerSetting the Startup Code Command Usage Saving or Restoring Configuration SettingsBasic Configuration 11 Downloading Configuration Settings for Start-Up Downloading Configuration Settings from a Server12 Setting the Startup Configuration Settings Command Attributes Console Port SettingsCLI only 13 Console Port Settings Command Attributes Telnet Settings14 Configuring the Telnet Interface System Log Configuration Configuring Event LoggingLogging Levels Command Attributes15 System Logs Remote Log Configuration16 Remote Logs 17 Displaying Logs Displaying Log MessagesCLI This example shows the event message stored in RAM Sending Simple Mail Transfer Protocol Alerts18 Enabling and Configuring Smtp Alerts 19 Resetting the Switch Resetting the SystemConfiguring Sntp Setting the System ClockCLI Use the reload command to reboot the system 20 Sntp Configuration Setting the Time ZoneSimple Network Management Protocol 21 Setting the Time ZoneConfiguring the Switch Model Level Group Read Write Notify Security View SNMPv3 Security Models and LevelsCLI The following example enables Snmp on the switch Setting Community Access StringsEnabling the Snmp Agent 23 Configuring Snmp Community Strings Specifying Trap Managers and Trap Types Command UsageCommand Attributes 24 Configuring Snmp Trap Managers Setting the Local Engine ID Configuring SNMPv3 Management AccessCLI This example sets an SNMPv3 engine ID Specifying a Remote Engine IDCLI This example specifies a remote SNMPv3 engine ID Configuring SNMPv3 UsersConfiguring the Switch 27 Configuring SNMPv3 Users 169 Configuring Remote SNMPv3 UsersCommand Attributes 28 Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Object Label Object ID Description Supported Notification MessagesObject Label Object ID Description Rmon Events SwIpFilterRejectTrap 29 Configuring SNMPv3 Groups 165 Setting SNMPv3 Views30 Configuring SNMPv3 Views 163 User AuthenticationCommand Attributes Configuring User Accounts31 Configuring User Accounts That use software running Configuring Local/Remote Logon AuthenticationOn a central server to Radius Settings Command Attributes32 Authentication Server Settings Tacacs Settings104 Configuring HttpsWeb Browser Operating System Https Support33 Https Settings Replacing the Default Secure-site CertificateConfiguring the Secure Shell Command Usage Configuring the Switch Field Attributes Generating the Host Key Pair34 SSH Host-Key Settings SSH server includes basic settings for authentication Configuring the SSH Server35 SSH Server Settings Command Usage Configuring Port SecurityCommand Attributes 36 Enabling Port Security Configuring 802.1X Port Authentication Web Click Security, 802.1X, Information Displaying 802.1X Global Settings802.1X protocol provides client authentication 802.1X System Authentication Control The global setting forCLI This example shows the default global setting for Configuring 802.1X Global SettingsCLI This example enables 802.1X globally for the switch Configuring Port Settings for Authorized 39 802.1X Port ConfigurationUser Authentication 802.1X Statistics Displaying 802.1X StatisticsParameter Description CLI This example displays the 802.1X statistics for port 40 Displaying 802.1X StatisticsCommand Usage Filtering IP Addresses for Management Access41 Entering IP Addresses to be Filtered Configuring Access Control Lists Access Control ListsCommand Attributes Setting the ACL Name and Type100 Configuring a Standard IP ACL Command AttributesCLI This example creates a standard IP ACL named bill 101 Configuring an Extended IP ACL Command Attributes102 103 44 Configuring Extended IP ACLs104 Configuring a MAC ACL Command Attributes105 Command Usage106 45 Configuring MAC ACLs107 Configuring ACL MasksSpecifying the Mask Type 108 Configuring an IP ACL MaskThis mask defines the fields to check in the IP header 109 47 Configuring an IP based ACL110 Configuring a MAC ACL MaskThis mask defines the fields to check in the packet header 111 48 Configuring an ACL MAC Mask112 Binding a Port to an Access Control List49 Mapping ACLs to Port Ingress/Egress Queues 113114 Port ConfigurationCommand Attributes Web Displaying Connection StatusField Attributes CLI 115Web Click Port, Port Information or Trunk Information Current status 116117 Configuring Interface ConnectionsCLI This example shows the connection status for Port 118 119 51 Configuring Port Attributes120 Creating Trunk Groups121 Statically Configuring a Trunk Command Usage122 52 Static Trunk Configuration123 Enabling Lacp on Selected Ports Command Usage124 53 Lacp Port Configuration125 126 127 54 Lacp Aggregation Port Configuration128 Lacp Port Counters 129Displaying Lacp Port Counters You can display statistics for Lacp protocol messagesLacp Internal Configuration Information Displaying Lacp Settings and Status for the Local Side130 131 56 Displaying Lacp Port Information 13210 Lacp Neighbor Configuration Information Displaying Lacp Settings and Status for the Remote Side133 57 Displaying Remote Lacp Port Information 134135 Setting Broadcast Storm Thresholds136 Configuring Port Mirroring137 59 Configuring a Mirror PortCommand Attribute Configuring Rate Limits138 139 Showing Port Statistics11 Port Statistics 140141 Rmon Statistics 142143 61 Port Statistics 144145 Power Over Ethernet SettingsCLI This example shows statistics for port Displays the Power over Ethernet parameters for the switch Switch Power Status146 Web Click PoE, Power Status Setting a Switch Power Budget147 148 Displaying Port Power StatusWeb Click PoE, Power Port Status Configuring Port PoE Power149 150 65 Configuring Port PoE PowerSetting Static Addresses Address Table Settings151 152 Displaying the Address Table67 Displaying the MAC Dynamic Address Table 153CLI This example sets the aging time to 300 seconds Spanning Tree Algorithm ConfigurationChanging the Aging Time 154155 156 Displaying Global Settings157 158 Web Click Spanning Tree, STA Information 159Global settings apply to the entire switch Configuring Global Settings160 161 Basic Configuration of Global Settings162 Root Device Configuration163 Configuration Settings for Rstp164 70 Configuring the Spanning Tree Algorithm165 Displaying Interface Settings166 AD B 16771 STA Port Information 168169 Configuring Interface Settings170 171 72 Configuring Spanning Tree Algorithm per Port172 Configuring Multiple Spanning TreesCLI This example sets STA attributes for port 173 73 Mstp Vlan Configuration174 175 Displaying Interface Settings for Mstp176 177 Configuring Interface Settings for MstpCLI This example sets the Mstp attributes for port 178Ieee 802.1Q VLANs Vlan Configuration179 Assigning Ports to VLANs 180181 Forwarding Tagged/Untagged Frames 182CLI This example enables Gvrp for the switch Enabling or Disabling Gvrp Global Setting183 Displaying Basic Vlan Information 184Web Click VLAN, 802.1Q VLAN, Basic Information Displaying Current VLANs 185186 Command Attributes CLICreating VLANs 79 Vlan Static List Creating VLANs 187Adding Static Members to VLANs Vlan Index 188CLI This example creates a new Vlan 189 Command AttributesAdding Static Members to VLANs Port Index 190191 Configuring Vlan Behavior for Interfaces192 193 194 Private VLANs195 Vlan ID ID of configured VlanDisplaying Current Private VLANs 83 Displaying Private Vlan Port Information 196197 Configuring Private VLANsAssociating Community VLANs 198Each community Vlan must be associated with a primary Vlan Displaying Private Vlan Interface Information 199200 Configuring Private Vlan Interfaces201 87 Configuring Private Vlan Ports202 Class of Service ConfigurationLayer 2 Queue Settings Setting the Default Priority for Interfaces203 CLI This example assigns a default priority of 5 to port13 CoS Priority Levels 204Mapping CoS Values to Egress Queues 12 Mapping CoS Values to Egress Queues205 89 Configuring Traffic Classes206 Selecting the Queue Mode207 Setting the Service Weight for Traffic ClassesSelecting IP Precedence/DSCP Priority Layer 3/4 Priority Settings208 Mapping Layer 3/4 Priorities to CoS ValuesMapping IP Precedence 20914 Mapping IP Precedence 210 93 Mapping IP Precedence to Class of Service ValuesIP Dscp Value CoS Value 211Mapping Dscp Priority 15 Mapping Dscp Priority212 94 Mapping IP Dscp Priority to Class of Service ValuesMapping IP Port Priority 21395 Globally Enabling the IP Port Priority Status 214215 Copy Settings16 CoS to ACL Mapping CLI This feature not supported through the CLI216 Mapping CoS Values to ACLs98 Mapping CoS Values to ACLs 217Changing Priorities Based on ACL Rules 21899 Changing Priorities Based on ACL Rules 219Igmp Protocol Multicast Filtering220 221 Layer 2 Igmp Snooping and Query222 Configuring Igmp Snooping and Query Parameters223 100 Configuring Internet Group Management ProtocolDisplaying Interfaces Attached to a Multicast Router 224Specifying Interfaces Attached to a Multicast Router 225226 Displaying Port Members of Multicast Services227 103 Displaying Port Members of Multicast Services228 Assigning Ports to Multicast ServicesConfiguring General DNS Server Parameters Configuring Domain Name Service229 230 231 105 Configuring DNS232 Configuring Static DNS Host to Address Entries106 Mapping IP Addresses to a Host Name 233234 Displaying the DNS CacheWeb Select DNS, Cache 235236 Accessing the CLI Using the Command Line InterfaceConsole Connection Telnet Connection This section describes how to enter CLI commands Entering CommandsKeywords and Arguments Minimum Abbreviation Command CompletionGetting Help on Commands Showing CommandsCommand Line Interface Partial Keyword Lookup Negating the Effect of CommandsUsing Command History Understanding Command ModesCommand Modes Exec CommandsClass Mode Configuration Commands Mode Command Prompt Configuration Command ModesKeystroke Commands Command Line ProcessingKeystroke Function Command Group Index Command GroupsCommand Group Description Configures DNS services 286 Password-thresh command Line CommandsLine Commands Command Function ModeLine Line Configuration LoginSyntax Login local no login Login localNo password is specified PasswordUsername 4-34password Syntax Password 0 7 password no passwordTo set the timeout to two minutes, enter this command Timeout login responseLogin 4-15password-thresh CLI Disabled 0 seconds Telnet 300 secondsSyntax Exec-timeout seconds no exec-timeout Exec-timeoutCLI and Telnet 600 seconds 10 minutes Syntax Password-thresh threshold no password-thresh Password-threshDefault value is three attempts Syntax Databits 7 8 no databits Silent-timeDatabits Syntax Silent-time seconds no silent-timeSyntax Parity none even odd no parity ParitySyntax Speed bps no speed To specify no parity, enter this commandTo specify 57600 bps, enter this command SpeedSyntax disconnect session-id StopbitsDisconnect Stopbits 1Syntax Show line console vty Show lineSyntax enable level General CommandsEnable General CommandsDisable Enable password DisableNone Show history ConfigureThis command resets the entire system This command restarts the systemReload Exit This example shows how to reset the switchThis command returns to Privileged Exec mode EndThis example shows how to quit a CLI session Use this command to exit the configuration programQuit System Management Commands System Management CommandsCommand Group Function Syntax Prompt string no prompt Device Designation CommandsDevice Designation Commands PromptSyntax Light unit unit HostnameLight unit Syntax Hostname name no hostnameUser Access Commands User Access CommandsUsername Username Access-level Password 10 Default Login SettingsDefault is level is level Default password is super Enable passwordManagement IP Filter CommandsEnable 4-25authentication enable 11 IP Filter CommandsShow management 12 Web Server Commands Web Server CommandsIp http server Default Setting Command ModeSyntax No ip http server Default Setting Ip http portIp http secure-server Syntax No ip http secure-server Default SettingPortnumber The UDP port used for HTTPS. Range Ip http secure-port13 Https System Support Ip http secure-port4-42 Copy tftp https-certificateIp http secure-server4-41 Telnet Server Commands14 Telnet Server Commands Ip telnet serverServer Enabled Server Port Secure Shell CommandsCommand Function Mode 15 Secure Shell CommandsSystem Management Commands Disabled Syntax No ip ssh server Default SettingIp ssh server Seconds Ip ssh timeoutSyntax Ip ssh timeout seconds no ip ssh timeout Ip ssh crypto host-key generate 4-51 show sshExec-timeout4-18 show ip ssh Ip ssh authentication-retriesDelete public-key Ip ssh server-key sizeSyntax Delete public-key username dsa rsa Generates both the DSA and RSA key pairs Ip ssh crypto host-key generateSyntax Ip ssh crypto host-key generate dsa rsa Dsa DSA Version 2 key type Rsa RSA Version 1 key typeSyntax Ip ssh save host-key dsa rsa Ip ssh crypto zeroizeIp ssh save host-key Syntax Ip ssh crypto zeroize dsa rsaSaves both the DSA and RSA key This command displays the current SSH server connectionsShow ip ssh Show sshTerminology 16 show ssh display descriptionShows all public keys Show public-keySyntax Show public-key user username host Username Name of an SSH user. Range 1-8 characters17 Event Logging Commands Event Logging CommandsLogging history 4-57clear logging Syntax No logging on Default SettingLogging on Logging history18 Logging Levels Flash errors level 3 RAM informational level 6Level Severity Name Description Hostipaddress The IP address of a syslog server Logging hostLogging facility Syntax No logging host hostipaddressLogging trap Disabled Level 7Syntax Logging trap level no logging trap Syntax Show logging flash ram sendmail trap Clear logShow logging Syntax Clear log flash ram19 show logging flash/ram display description Following example displays settings for the trap function20 show logging trap display description Show logSyntax Show log flash ram Following example shows the event message stored in RAM Smtp Alert Commands21 Smtp Commands Logging sendmail hostSyntax Logging sendmail level level Logging sendmail levelSyntax Logging sendmail source-email email-address Logging sendmail source-emailSyntax No logging sendmail destination-email email-address Syntax No logging sendmail Default SettingLogging sendmail destination-email Logging sendmail22 Time Commands Time CommandsShow logging sendmail Sntp client Syntax No sntp client Default SettingSntp server 4-70 sntp poll 4-71 show sntp Sntp serverSyntax Sntp server ip1 ip2 ip3 Sntp client 4-69 sntp poll 4-71 show sntp Sntp pollSyntax Sntp poll seconds no sntp poll Sntp client Show sntpNone Clock timezoneSyntax This command displays the system clockCalendar set Show calendarShow startup-config System Status Commands23 System Status Commands Example Related Commands Show running-configShow startup-config Show system This command displays system informationShow version Show users24 Flash/File Commands Flash/File CommandsPrivileged Exec CopyCommand Usage Following example shows how to download a configuration file Command Line Interface Delete This command deletes a file or imageDir Delete public-key 25 File Directory Information This command displays a list of files in flash memorySyntax Dir unit boot-rom config opcode filename DirFollowing example shows how to display all file information WhichbootSyntax Boot system unit boot-romconfig opcode filename Boot systemDir 4-87whichboot 26 PoE Commands Power over Ethernet CommandsCommand Group Function Mode Syntax No power inline compatible Power mainpower maximum allocationPower inline compatible Syntax Power mainpower maximum allocation watts unit unitCompatible Mode Enabled Power inline maximum allocation Power inlineSyntax No power inline Default Setting Low Power inline priorityUnit Stack unit. Range Port Port number. Range Show power inline statusSyntax Show power inline status interface EthernetMainpower maximum allocation on Show power mainpower27 show power inline status parameters 28 show power mainpower parameters30 Authentication Sequence Command Authentication CommandsAuthentication Sequence 29 Authentication CommandsLocal Authentication loginUsername for setting the local user names and passwords Authentication enableRadius Client 31 Radius Client CommandsRadius-server host Default Setting Auth-portTimeout 5 seconds Retransmit Command Mode1812 Radius-server portRadius-server key Syntax Radius-server port portnumber no radius-server portRadius-server retransmit Radius-server timeoutPrivileged Exec Show radius-serverHostipaddress IP address of a TACACS+ server 32 TACACS+ Client CommandsTACACS+ Client Tacacs-server hostSyntax Tacacs-server key keystring no tacacs-server key Tacacs-server portTacacs-server key Syntax Tacacs-server port portnumber no tacacs-server portShow tacacs-server Port Security CommandsPort security 33 Port Security CommandsStatus Disabled Action None Maximum Addresses Interface Configuration Ethernet109 34 802.1X Port Authentication Commands 802.1X Port AuthenticationDot1x max-req Dot1x defaultSyntax No dot1x system-auth-control Default Setting Dot1x system-auth-controlForce-authorized Default Command ModeDefault Dot1x port-controlSingle-host Dot1x operation-modeSyntax No dot1x re-authentication Command Mode Dot1x re-authenticateDot1x re-authentication Syntax Dot1x re-authenticate interfaceDot1x timeout re-authperiod Dot1x timeout quiet-periodSeconds The number of seconds. Range Statistics Displays dot1x status for each port Interface Dot1x timeout tx-periodShow dot1x Syntax Show dot1x statistics interface interface117 State- Current state including initialize, reauthenticate Authenticator State MachineAccess Control Lists Access Control List CommandsAccess Control List Commands 35 Access Control List Commands Masks for Access Control ListsCommand Groups Function IP ACLs 36 IP ACL CommandsSyntax No access-list ip standard extended aclname Access-list ipPermit, deny Standard ACL Access-list ip extended fragment-auto-maskStandard ACL Permit, deny Extended ACLExtended ACL No permit deny tcp127 Permit, deny Ip access-group4-134 Show ip access-listThis command displays the rules for configured IP ACLs Syntax Show ip access-list standard extended aclnameSyntax No access-list ip mask-precedence in out Access-list ip mask-precedenceMask IP ACL 4-130 ip access-group4-134 IP Mask Syntax No mask protocol131 132 Syntax Show access-list ip mask-precedence in out Show access-list ip mask-precedenceSyntax No ip access-group aclname in out Ip access-groupThis command shows the ports assigned to IP ACLs Show ip access-groupMap access-list ip Show ip access-list4-12837 Egress Queue Priority Mapping Show map access-list ipQueue cos-map4-257 Show map access-list ip Syntax Show map access-list ip interfaceMap access-list ip Match access-list ipMAC ACLs Match access-list ip38 MAC ACL Commands Show markingSyntax No access-list mac aclname Access-list macSyntax No permit deny Permit, deny MAC ACLMAC ACL Permit, deny Mac access-group4-146 Show mac access-listThis command displays the rules for configured MAC ACLs Syntax Show mac access-list aclnameMask MAC ACL 4-144 mac access-group4-146 Access-list mac mask-precedenceMAC Mask Syntax No mask pktformatThis example creates an Egress MAC ACL 145Syntax Mac access-group aclname in out Show access-list mac mask-precedenceMac access-group Syntax Show access-list mac mask-precedence in outThis command shows the ports assigned to MAC ACLs Show mac access-groupMap access-list mac Show mac access-list4-14239 Mapping CoS Values to MAC ACL Rules Show map access-list macQueue cos-map4-257 Show map access-list mac Syntax Show map access-list mac interfaceMap access-list mac Match access-list macACL Information Show access-list40 ACL Information 41 Snmp Commands Snmp CommandsShow access-group This command shows the port assignments of ACLsSnmp-server Syntax No snmp-server Default SettingNone Show snmpSnmp-server contact Snmp-server communitySyntax Snmp-server contact string no snmp-server contact Syntax Snmp-server location text no snmp-server location Snmp-server locationSnmp-server host 156157 158 Issue authentication and link-up-down traps Snmp-server enable trapsSnmp-server host Snmp-server engine-idThis example shows the default engine ID This command shows the Snmp engine IDShow snmp engine-id Snmp-server view Defaultview includes access to the entire MIB tree42 show snmp engine-id display description This view includes MIB-2 This command shows information on the Snmp viewsShow snmp view ExamplesSnmp-server group 164Show snmp group Command Usage44 show snmp group display description 166Snmp-server user Default Setting168 Show snmp user This command shows information on Snmp users45 show snmp user display description 46 Interface Commands Interface CommandsSyntax Description string no description InterfaceDescription Port-channel channel-idRangeSpeed-duplex Interface Configuration Ethernet, Port ChannelFollowing example adds a description to port Negotiation Syntax No negotiation Default SettingNegotiation 4-173capabilities Capabilities Following example configures port 11 to use autonegotiationNegotiation 4-173speed-duplex Negotiation 4-173speed-duplex4-172 flowcontrol Syntax No flowcontrol Default SettingFlow control enabled FlowcontrolShutdown Following example enables flow control on portSyntax No shutdown Default Setting All interfaces are enabledFollowing example disables port Switchport broadcast packet-rateSyntax Clear counters interface This command clears statistics on an interfacePort-channel channel-idRange Default Setting Clear countersShows the status for all interfaces This command displays the status for an interfaceShow interfaces status Syntax Show interfaces status interfaceShows the counters for all interfaces This command displays interface statisticsShow interfaces counters Syntax Show interfaces counters interface181 Shows all interfaces Show interfaces switchportSyntax Show interfaces switchport interface This example shows the configuration setting for portField Description 47 show interfaces switchport display descriptionPort monitor Mirror Port Commands48 Mirror Port Commands Interface Configuration Ethernet, destination portShows all sessions This command displays mirror informationShow port monitor Syntax Show port monitor interfaceFollowing shows mirroring configured from port 6 to port Rate Limit Commands49 Rate Limit Commands Rate-limit Interface Configuration Ethernet, Port Channel50 Link Aggregation Commands Link Aggregation CommandsGeneral Guidelines Guidelines for Creating TrunksSyntax Channel-group channel-idno channel-group Syntax no lacp Default SettingChannel-group Lacp191 32768 Lacp system-priorityLacp admin-keyEthernet Interface Syntax Lacp admin-key key no lacp admin-key Lacp admin-key Port ChannelLacp port-priority Default Setting51 show lacp counters display description This command displays Lacp informationShow lacp Port Channel all52 show lacp internal display description 197Partner 53 show lacp neighbors display description 19955 Address Table Commands Address Table Commands54 show lacp sysid display description Mac-address- MAC address Mac-address-table staticVlan-id- Vlan ID Range Show mac-address-table Clear mac-address-table dynamicMac-address- MAC address Mask Bits to match in the address Seconds Mac-address-table aging-time56 Spanning Tree Commands Spanning Tree CommandsShow mac-address-table aging-time RSTP/MSTP Spanning tree is enabled Syntax No spanning-tree Default SettingSpanning-tree Rstp Spanning-tree modeSpanning-tree forward-time 208Seconds Spanning-tree hello-timeSpanning-tree max-age 210Spanning-tree priority Spanning-tree default priorityIeee 802.1t format Long method Spanning-tree pathcost methodSpanning-tree transmission-limit This command limits the maximum transmission rate for BPDUsCount -The transmission limit in seconds. Range Spanning-tree mst-configuration Spanning-tree backup-rootSyntax No spanning-tree backup-root Default Setting Mst vlan MST ConfigurationMst instanceid priority priority no mst instanceid priority Mst priorityName Name of the spanning tree Switch’s MAC addressName Syntax name nameNumber Revision number of the spanning tree. Range RevisionMax-hops Syntax revision numberSyntax No spanning-tree spanning-disabled Default Setting Spanning-tree spanning-disabledThis example disables the Spanning Tree Algorithm for port Syntax Spanning-tree cost cost no spanning-tree cost Spanning-tree costSyntax No spanning-tree edge-port Spanning-tree port-prioritySpanning-tree edge-port Priority The priority for a port. Range 0-240, in stepsSpanning-tree portfast Syntax No spanning-tree portfast Default SettingSpanning-treeedge-port4-221 Spanning-tree link-typeAuto Spanning-tree mst costSpanning-tree mst port-priority4-225 Spanning-tree mst port-prioritySpanning-tree protocol-migration Port-channel channel-idRange Command ModeSyntax Spanning-tree protocol-migration interface Syntax Show spanning-tree interface mst instanceid Show spanning-tree228 229 Show spanning-tree mst configurationVlan database Vlan Commands57 Vlan Commands Editing Vlan GroupsVlan By default only Vlan 1 exists and is activeVlan Database Configuration Configuring Vlan Interfaces59 Configuring Vlan Interfaces Syntax Interface vlan vlan-id Interface vlanShutdown Syntax Switchport mode trunk hybrid no switchport mode Switchport modeAll ports are in hybrid mode with the Pvid set to Vlan All frame types Switchport acceptable-frame-typesSyntax No switchport ingress-filtering Default Setting Switchport ingress-filtering237 Switchport native vlan238 Switchport allowed vlan239 Switchport forbidden vlanNo VLANs are included in the forbidden list 60 Displaying Vlan Information 240Displaying Vlan Information Show vlan61 Private Vlan Commands Following example shows how to display information for Vlan241 242 Private-vlan 243Private-vlan association 244No private-vlan primary-vlan-idassociation 245 Switchport mode private-vlanNormal Vlan Switchport private-vlan mapping Switchport private-vlan host-association246 Show vlan private-vlan 247Syntax Show vlan private-vlan community primary 62 Gvrp and Bridge Extension Commands Gvrp and Bridge Extension Commands248 Show bridge-ext Syntax No bridge-ext gvrp Default Setting249 Bridge-ext gvrpSyntax Show gvrp configuration interface Switchport gvrpShow gvrp configuration Syntax No switchport gvrp Default SettingShows both global and interface-specific configuration Garp timer251 252 Show garp timerSyntax Show garp timer interface Shows all Garp timers63 Priority Commands Priority Commands253 Syntax Queue mode strict wrr no queue mode Priority Commands LayerQueue mode 64 Priority Commands LayerQueue bandwidth 255256 Switchport priority defaultQueue cos-map 257258 65 Default CoS Priority LevelsShow queue bandwidth Show queue modeThis command shows the current queue mode 259Show queue cos-map Priority Commands Layer 366 Priority Commands Layer 3 260261 Syntax No map ip port Default Setting262 Syntax No map ip precedence Default Setting263 List below shows the default priority mapping67 Mapping IP Precedence to CoS Values 264 Syntax No map ip dscp Default Setting68 Mapping IP Dscp to CoS Values 265Syntax Show map ip port interface This command shows the IP port priority map266 Show map ip portSyntax Show map ip precedence interface This command shows the IP precedence priority map267 Show map ip precedenceSyntax Show map ip dscp interface This command shows the IP Dscp priority map268 Show map ip dscp70 Igmp Snooping Commands Multicast Filtering CommandsIgmp Snooping Commands 69 Multicast Filtering CommandsIp igmp snooping Syntax No ip igmp snooping Default SettingFollowing example enables Igmp snooping 270Igmp Version Following configures the switch to use Igmp Version271 Ip igmp snooping versionShow ip igmp snooping 272Show mac-address-table multicast Ip igmp snooping querier Igmp Query Commands Layer71 Igmp Query Commands Layer 273Ip igmp snooping query-count 274Times 275 Following shows how to configure the query count toIp igmp snooping query-interval 276 Seconds The report delay advertised in Igmp queries. RangeIp igmp snooping query-max-response-time 277 Switch must use IGMPv2 for this command to take effectIp igmp snooping router-port-expire-time Ip igmp snooping vlan mrouter Static Multicast Routing Commands72 Static Multicast Routing Commands 278Syntax Show ip igmp snooping mrouter vlan vlan-id Displays multicast router ports for all configured VLANs279 Show ip igmp snooping mrouterIp address IP Interface Commands73 IP Interface Command Syntax 280281 Interface Configuration VlanIp dhcp restart Ip default-gatewaySyntax Ip default-gateway gateway no ip default-gateway 282Show ip interface 283Ping This command has no default for the host284 Show ip redirects285 74 DNS Commands DNS Commands286 This example maps two address to a host name 287Ip host No static entriesSyntax Clear host name 288Clear host Ip domain-nameIp domain-list 289Syntax No ip domain-list name Ip name-server 290Ip domain-name4-288 Ip domain-name4-288 ip domain-lookup4-291 Syntax No ip domain-lookup Default Setting291 Ip domain-lookupShow hosts 292Ip domain-name4-288 ip name-server4-290 Show dns This command displays the configuration of the DNS serverThis command displays entries in the DNS cache 29375 Show DNS Output Description This command clears all entries in the DNS cache294 Clear dns cachePoE AuthenticationAccess Control Lists Dhcp Client Port ConfigurationSpanning Tree Protocol Class of ServiceAdditional Features Port TrunkingSNMPv3 StandardsManagement Information Bases Table B-1 Troubleshooting Chart Problems Accessing the Management InterfaceSymptom Action Cannot access Using System Logs Troubleshooting Glossary-1 Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Virtual LAN Vlan Glossary-8XModem Index-1 IndexIgmp Index-2Index-3 Index-4 Page For Technical SUPPORT, Call