Command Usage | SMC Networks TigerSwitch 100 manual

SECURITY

CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the password.

Console(config)#username bob access-level 15

3-27

Console(config)#username bob password 0 smith

Console(config)#

Configuring RADIUS/TACACS Logon Authentication

You can configure this switch to authenticate users logging into the system for management access using local, RADIUS, or TACACS+ authentication methods.

RADIUS and TACACS+ are logon authentication protocols that use software running on a central server to control access to RADIUS-aware or TACACS+-aware devices on the network. An authentication server contains a database of multiple user name, password pairs with associated privilege levels for each user that requires management access to a switch.

Like RADIUS, Terminal Access Controller Access Control System Plus (TACACS+) is a system that uses a central server to control authentication for access to switches on the network.

RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet.

Command Usage

•By default, management access is always checked against the authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol.

2-15

Image 45

SMC Networks TigerSwitch 100 manual Configuring RADIUS/TACACS Logon Authentication, Command Usage

Contents

TigerSwitch 10/100/1000 Page TigerSwitch 10/100/1000 Management Guide Trademarks Limited Warranty Limited Warranty Contents Viii Command Line Interface Contents Contents Xii Xiii Xiv Glossary Index Configuration Options Connecting to the Switch Switch Management Required Connections Remote Connections Basic Configuration Setting PasswordsConsole Connection Setting an IP Address Manual Configuration Dynamic Configuration Enabling Snmp Management Access Community Strings Trap Receivers Saving Configuration Settings Managing System Files Function Parameter Default System Defaults Function Parameter Default Pvid Switch Management Using the Web Interface Configuring the Switch Home Navigating the Web Browser Interface Button Action Panel Display Menu Description Main Menu Menu Description Snmp Displaying System Information Command Attributes CLI Only CLI Specify the hostname, location and contact information Setting the IP Address Basic Configuration Manual Configuration Security Configuring the Logon Password Command Attributes Command Usage Configuring RADIUS/TACACS Logon Authentication Command Attributes Radius Settings Configuring the Switch Https Https SSH Managing Firmware Downloading System Software from a Server Saving or Restoring Configuration Settings Managing Firmware Copying the Running Configuration to a File Displaying Bridge Extension Capabilities Configuring the Switch 137 Displaying Switch Hardware/Software Versions Main BoardManagement Software Displaying Switch HARDWARE/SOFTWARE Versions Displaying Connection Status Port Configuration Port Configuration Configuring Interface Connections Port Configuration Command Attributes Setting Broadcast Storm Thresholds Port Configuration Configuring Port Mirroring Port Configuration Configuring Port Security Port Security Action Setting Static Addresses Address Table Settings Displaying the Address Table 102 Changing the Aging Time Spanning Tree Protocol Configuration Spanning Tree Protocol Configuration STP Information Spanning Tree Protocol Configuration CLI only CLI This example shows the current Spanning Tree settings Command Usage STP Configuration Spanning Tree Protocol Configuration Configuring the Switch 107 STP Port and Trunk Information Spanning Tree Protocol Configuration Configuring the Switch Spanning Tree Protocol Configuration STP Port and Trunk Configuration Spanning Tree Protocol Configuration Configuring the Switch Vlan Configuration Assigning Ports to VLANs Vlan Configuration Forwarding Tagged/Untagged Frames Displaying Basic Vlan Information Displaying Current VLANs Command Attributes for Web Interface Command Attributes for CLI Interface 131 Creating VLANs 122 Adding Interfaces Based on Membership Type Vlan Configuration 129 Adding Interfaces Based on Static Membership Configuring Vlan Behavior for Interfaces Command Usage Vlan Configuration Configuring the Switch Setting the Default Priority for Interfaces Class of Service Configuration Mapping CoS Values to Egress Queues Queue 155 Setting the Service Weight for Traffic Classes Selecting IP Precedence/DSCP Priority Mapping Layer 3/4 Priorities to CoS Values Mapping IP Precedence Flash Override Class of Service Configuration Mapping Dscp Priority 38, 40 Port Trunk Configuration Port Trunk Configuration Dynamically Configuring a Trunk with Lacp Port Trunk Configuration 168 Statically Configuring a Trunk Port Trunk Configuration 167 Configuring Snmp Access Mode Setting Community Access Strings Specifying Trap Managers Snmp IP Filtering Command Attributes Multicast Configuration 100 Configuring Igmp Parameters 101 102 103 Interfaces Attached to a Multicast Router Specifying Interfaces Attached to a Multicast Router 104 105 Displaying Port Members of Multicast Services 106 107 Adding Multicast Addresses to VLANs 108 Showing Device Statistics Statistical Values 109 Parameter Description 110 Rmon Statistics 111 112 113 CLI This example shows statistics for port 114 Accessing the CLI Using the Command Line Interface Telnet Connection Keywords and Arguments Entering Commands Command Completion Getting Help on CommandsMinimum Abbreviation Showing Commands Using Command History Negating the Effect of CommandsUnderstanding Command Modes Partial Keyword Lookup Exec Commands Configuration Commands Keystroke Function Command Line Processing Command Description Group Command Groups 150 Enable General CommandsSyntax Enable level Default Setting Disable Related CommandsExample Configure Show history End Reload Quit Exit Copy Flash/File Commands FLASH/FILE Commands Following example shows how to download a configuration file Syntax Delete Dir Syntax Dir boot-rom config opcode filename Following example shows how to display all file information Whichboot Syntax Boot system boot-romconfig opcode filename Boot system Command Function Mode System Management Commands Event Logging Commands Hostname UsernameSyntax Hostname name no hostname Username Access-level Password Guest Admin Enable password Jumbo frame Syntax Jumbo frame no jumbo frame Default Setting Syntax Ip http server no ip http server Default Setting Default Setting Command ModeIp http port Ip http server Ip http secure-server Syntax Ip http secure-port portnumber no ip http secure-port Ip http secure-port Ip ssh Ip ssh server Syntax Ip ssh server no ip ssh server Default Setting Syntax Disconnect ssh connection-id Disconnect ssh Show ip ssh Show ssh Logging on Syntax Logging on no logging on Default Setting Level Argument Description Syslog Definition Logging history Logging host Syntax Logging facility type no logging facility type Logging facility Syntax Logging trap level no logging trap level Logging trap Show logging Clear loggingSyntax Clear logging flash ram Syntax Show logging flash ram trap Show startup-config Command Mode Show running-config Show system Show users Show version Authentication Commands TACACS+ Client Authentication login Radius-server host Radius-server key Radius-server portSyntax Radius-server port portnumber no radius-server port Syntax Radius-server key keystring no radius-server key Radius-server retransmit Show radius-server Radius-server timeout Tacacs-server host Tacacs-server portSyntax Tacacs-server port portnumber no tacacs-server port Tacacs-server key Show tacacs-serverSyntax Tacacs-server key keystring no tacacs-server key Snmp-server community Snmp Commands Snmp Commands Snmp-server location Snmp-server contactSyntax Snmp-server contact string no snmp-server contact Syntax Snmp-server location text no snmp-server location Snmp-server host Host Address None Snmp Version Snmp-server enable traps Snmp ip filter Show snmp Example Ip address IP Commands Dhcp Obtains IP address from Dhcp Ip dhcp restart Ip default-gateway Syntax Ip default-gateway gateway no ip default-gatewayShow ip interface Show ip redirects Syntax Ping host count countsize size Ping Line Commands Syntax Line console vty Line Syntax Login local no login Login Syntax Password 0 7 password no password Password Syntax Exec-timeout seconds no exec-timeout Exec-timeout Syntax Password-thresh threshold no password-thresh Password-thresh Syntax Silent-time seconds no silent-time Silent-time Syntax Databits 7 8 no databits Databits Syntax Parity none even odd no parity Parity Syntax Speed bps no speed Speed Show line StopbitsSyntax Stopbits 1 Syntax Show line console vty To show all lines, enter this command Interface Commands Interface Ethernet unit/portPort-channel channel-idRange Description Speed-duplexSyntax Description string no description Negotiation Capabilities Negotiation Syntax Negotiation no negotiation Default Setting Capabilities Default Setting Flowcontrol Syntax Flowcontrol no flowcontrol Default Setting Syntax Shutdown no shutdown Shutdown Switchport broadcast Port security Clear counters Show interfaces status Port-channel channel-idRange Default SettingSyntax Clear counters interface Syntax Show interfaces status interface Port-channel channel-idRange Syntax Show interfaces counters interface Show interfaces counters Syntax Show interfaces switchport interface Show interfaces switchport Shows all interfaces Mac-address-table static Address Table Commands Action Show mac-address-table Mac-address-table aging-time Clear mac-address-table dynamic Show mac-address-table aging-time Command Function Spanning Tree Commands Spanning-tree Syntax Spanning-tree no spanning-tree Default Setting Syntax Spanning-tree mode stp rstp no spanning-tree mode Spanning-tree mode Spanning-tree forward-time Spanning-tree max-age Spanning-tree hello-time Spanning-tree priority Spanning-tree pathcost method Spanning-tree transmission-limit Syntax Spanning-tree cost cost no spanning-tree cost Spanning-tree cost Spanning-tree port-priority 115 Spanning-tree portfast 116 Spanning-tree edge-port Spanning-tree protocol-migration Port-channel channel-idRange Command Mode117 Syntax Spanning-tree protocol-migration interface 118 Spanning-tree link-type Show spanning-tree 119Syntax Show spanning-tree interface 120 121 Vlan Commands 122 Vlan database 123 Vlan Interface vlan 124Syntax Interface vlan vlan-id Switchport mode Syntax Switchport mode trunk hybrid no switchport mode125 126 Switchport acceptable-frame-types 127 Switchport ingress-filtering 128 Switchport native vlan 129 Switchport allowed vlan 130 Switchport forbidden vlan Show vlan 131Syntax Show vlan id vlan-idname vlan-name Switchport gvrp Gvrp and Bridge Extension CommandsSyntax Switchport gvrp no switchport gvrp 132 Show gvrp configuration Syntax Show gvrp configuration interface133 134 Garp timer Show garp timer Syntax Show garp timer interface135 Syntax Bridge-ext gvrp no bridge-ext gvrp Default Setting Bridge-ext gvrp136 137 Show bridge-ext 138 Igmp Snooping Commands Syntax Ip igmp snooping no ip igmp snooping Default Setting Ip igmp snooping139 140 Ip igmp snooping vlan static Ip igmp snooping version Show ip igmp snooping141 142 Show mac-address-table multicast 143 Ip igmp snooping querier 144 Ip igmp snooping query-count Ip igmp snooping query-interval Ip igmp snooping query-max-response-time145 146 147 Ip igmp snooping router-port-expire-time 148 Ip igmp snooping vlan mrouter Show ip igmp snooping mrouter 149Syntax Show ip igmp snooping mrouter vlan vlan-id 150 Priority Commands 151 Switchport priority default 152 Queue bandwidth 153 Queue cos-map 154 Show queue cos-map Show queue bandwidth155 Syntax Show queue cos-map interface 156 Map ip precedence Global Configuration 157 Map ip precedence Interface Configuration Map ip dscp Global Configuration Syntax Map ip dscp no map ip dscp Default Setting158 159 Map ip dscp Interface Configuration Show map ip precedence 160Syntax Show map ip precedence interface Show map ip dscp 161Syntax Show map ip dscp interface 162 Mirror Port Commands Port monitor163 Show port monitor 164Syntax Show port monitor interface 165 Following shows mirroring configured from port 6 to port Port Trunking Commands 166Guidelines for Creating Trunks Channel-group 167Syntax Channel-group channel-idno channel-group Syntax Lacp no lacp Default Setting Lacp168 169 170 Troubleshooting Chart Appendix a Troubleshooting Troubleshooting Appendix B Upgrading Firmware VIA Serial Port Upgrading Firmware VIA the Serial Port Page Upgrading Firmware VIA the Serial Port DB-9 Port Pin Assignments Console Port Pin Assignments Console Port to 25-Pin DTE Port on PC Console Port to 9-Pin DTE Port on PC Glossary-1 Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Virtual LAN VlanXModem Glossary-8 Index-1 Index Index-2 Page For Technical SUPPORT, Call