Authentication login, 9Authentication Commands | Sunfire B1600

RADIUS and TACACS are logon authentication protocols that use software running on a central server to control access to RADIUS-aware or TACACS-aware devices on the network. An authentication server contains a database of multiple user name and password pairs with associated privilege levels for each user that requires management access to a switch.

TABLE 4-9Authentication Commands

Command		Function	Mode	Page

Authentication Method
authentication		Defines logon authentication method and precedence	GC	4-46
login
RADIUS Client
radius-server	host	Specifies the RADIUS server	GC	4-48
radius-server port		Sets the RADIUS server network port	GC	4-48
radius-server	key	Sets the RADIUS encryption key	GC	4-49
radius-server		Sets the number of retries	GC	4-50
retransmit
radius-server		Sets the interval between sending authentication	GC	4-50
timeout		requests
show radius-server		Shows the current RADIUS settings	PE	4-51
TACACS Client

tacacs-server host tacacs-server port tacacs-server key show tacacs-server

Specifies the TACACS server	GC	4-52
Sets the TACACS server network port	GC	4-52
Sets the TACACS encryption key	GC	4-53
Shows the current TACACS settings	PE	4-54

4.3.4.1authentication login

Use this command to define the login authentication method and precedence. Use the no form to restore the default.

Syntax

authentication login {[local] [radius] [tacacs]}

no authentication login

■local – Use local password.

■radius – Use RADIUS server password.

■tacacs – Use TACACS server password.

4-46Sun Fire B1600 Blade System Chassis Switch Administration Guide • June 2003

Image 244

Sunfire B1600 manual Authentication login, 9Authentication Commands

Contents

Page Page Page Page Contents General Management of the Switch Contents Page Contents Command-Line Reference Contents Page Contents Page Contents Management Information Base A-1 Glossary Glossary-1 Index Index-1 Page Before You Read This Book How This Book Is OrganizedPage Accessing Sun Documentation EnableTypographic Conventions Related Documentation Contacting Sun Technical Support Sun Welcomes Your Comments Introduction Ways of Accessing the Switch Management Application Switch ArchitectureOverview Ethernet Ports Description of HardwareUp-link Ports Internal Ports Status LEDs SSC Exterior Panel Port LEDs Features of the Switch Introduction Page Switch Default Settings 2Switch Default Settings ARP Initial Configuration Configuration Options Connecting to the Switch InterfaceSc console sscn/swt Enabling Snmp Management Access Community Strings Trap Receivers Blade System Chassis Software Setup Guide Page General Management of the Switch Using the Web Interface Navigating the Web Browser Interface Home 1Web Page Configuration Buttons Configuration OptionsPanel Display 2Summary of Tasks You Can Perform Using the Web Agent Main Menu 102 134 Basic Configuration Displaying System Information 3Switch Setup ⇒ System Identity Window Pass MIB Variables Identification Details Setting the IP Address Manual Configuration Web Interface Specifying the Management Vlan and IP Details 5Open Switch Setup ⇒ Network Identity Window Consoleconfig#ip default-gateway Consoleconfig-if#ip address 10.1.0.2MIB Variables Specifying the Management Vlan and IP Details Using DHCP/BOOTP Web Interface Using Dynamic IP Configuration Services Console#ip dhcp restart Console#show ip interface Console#ip dhcp restart Displaying Switch Software Versions MIB variables Using Dynamic IP Configuration Services Use the following command to display version information Console#show version MIB Variables Associated With Software Version Information 6MIB Versions Associated With Software Version Information Web Interface Downloading Switch Firmware Downloading Switch Firmware From a ServerManaging Firmware Command-line Interface Dowloading Switch Firmware Consoleconfig#boot system opcode MIB Variables Associated With Downloading FirmwareConsole#copy tftp file 7MIB Variables Associated With Downloading Firmware Supported Downloading Configuration Settings From a Server Saving or Restoring Configuration SettingsWeb Interface Downloading a File of Configuration Settings Page Consoleconfig#boot system config startup-new Configuring User Authentication Applies only to Radius server authentication Web Interface Configuring User Authentication To configure authentication parameters for local access Command-line Interface Configuring User Authentication MIB variables Associated With User Authentication Configuring Snmp9MIB Variables Associated With User Authentication Configuring Snmp Access Web Interface Adding and Removing Community Strings Consoleconfig#snmp-server community blueberry rw MIB Variables Associated With Community Strings Specifying Trap Managers and Trap Types Web Interface Specifying Trap Management Stations Command-line Interface Specifying Trap Management Stations MIB Variables Associated With Trap Management 10MIB Variables Associated With Trap Management Configuring Global Network Protocols Vlan ConfigurationPage Displaying Basic Vlan Information Web Interface Displaying Basic Vlan Information Command-line Interface Displaying Basic Vlan Information Console#show bridge-ext MIB Variables Associated With Basic Vlan Information 11MIB Variables Associated With Basic Vlan Information MIB-II Web Interface Enabling or Disabling Gvrp Global Setting Enabling or Disabling Gvrp Global SettingCommand-line Interface Enabling Gvrp Configuring VLANs Web Interface Configuring VLANsMIB Variables Associated With Gvrp 12MIB Variables Associated With Gvrp See Adding Static Members to VLANs on Command-line Interface Vlan Configuration Vlan MIB Variables Associated With Vlan Configuration 13MIB Variables Associated With Vlan Configuration Adding Static Members to VLANs Port list Web Interface Adding Ports Manually to a Vlan Command-line Interface Adding Ports Manually to a Vlan 18The Switch Config ⇒ VLANs Window MIB Variables Associated With Adding Ports to a Vlan 14MIB Variables Associated With Adding Ports to a Vlan Multicast Configuration Configuring Igmp Snooping Parameters Web Interface Configuring Igmp Snooping Parameters 19The Switch Config ⇒ Broadcast & Multicast Window Command-line Interface Configuring Igmp Snooping Parameters Console#show ip igmp snooping MIB Variables Associated With Igmp Parameters Specifying Interfaces Connected to Multicast Routers15MIB Variables Associated With Igmp Parameters Page General Management of the Switch Consoleconfig#ip igmp snooping vlan 1 mrouter ethernet NETP0 Console#show ip igmp snooping mrouter vlan Read/create Octet string Multicast Router Configuring Multicast Services Web Interface Configuring Multicast Services General Management of the Switch Command-line Interface Configuring Multicast Services MIB Variables Associated With Configuring Multicast Servcies Broadcast Storm Control Global Setting Web Interface Using Broadcast Storm Control Command-line Interface Using Broadcast Storm Control MIB Variables Associated With Broadcast Storm Control 18MIB Variables Associated With Broadcast Storm Control Spanning Tree Algorithm Configuration Configuring Basic STA Settings General Management of the Switch Web Interface Configuring Basic STA Settings General Management of the Switch Command-line Interface Configuring Basic STA Settings Consoleconfig#spanning-tree mode rst MIB Variables Associated With Basic STA Settings 19MIB Variables Associated With Basic STA Settings Configuring Advanced STA Settings Web Interface Configuring Advanced STA Settings MIB variables Associated With Advanced STA Settings Command-line Interface Configuring Advanced STA Settings20MIB Variables Associated With Advanced STA Settings Setting the Default Priority for Interfaces Class of Service ConfigurationWeb Interface Configuring Class of Service Command-line Interface Configuring Class of Service 25The Switch Config ⇒ Class of Service MIB Variables Associated With Class of Service 21MIB Variables Associated With Class of Service22IEEE 802.1p Default Priority Recommendations Mapping COS Values to Egress Queues Web Interface Mapping COS Values to Traffic Classes 23IEEE 802.1p Traffic Types Command-line Interface Mapping COS Values to Traffic Classes Console#show queue cos-map ethernet NETP0 Traffic Class Setting the Service Weight for Traffic Classes Web Interace Setting the Service Weight for Traffic Classes 25Setting the Service Weight for Traffic Classes Console#show queue bandwidth Queue ID WeightMapping Layer 3/4 Priorities to COS Values Command-line Interface Enabling Priority Services Web Interface Enabling Priority ServicesConsoleconfig#map ip precedence Consoleconfig#no map ip precedence Mapping IP PrecedenceMIB Variables Associated With Traffic Prioritisation 26MIB Variables Associated With Traffic Prioritization Web Interface Mapping IP Precedence Command-line Interface Mapping IP Precedence MIB Variables Associated With Mapping IP PrecedenceConsole#show map ip precedence ethernet SNP5 28MIB Variables Associated With Mapping IP Precedence Mapping Dscp Priority 29Default Dscp to COS MappingWeb Interface Mapping Dscp Priority Consoleconfig#interface ethernet SNP5 Command-line Interface Mapping Dscp PriorityConsole#show map ip dscp ethernet SNP5 Displaying the Address Table Address Table SettingsMIB Variables Associated With Mapping Dscp to CoS Values Web Interface Viewing the Address Tables Command-line Interface Viewing the Address TablesMac-address-table Interface ethernet NETP1 Changing the Aging Time MIB Variables Associated With the Address TablesWeb Interface Changing the Aging Time 30MIB Variables Associated With the Address Tables Command-line Interface Changing the Aging Time Consoleconfig#mac-address-table aging-timeMIB Variables Associated With Aging Time 31MIB Variables Associated With Aging Time Port Configuration Displaying Connection Status See Configuring Interface Connections on Web Interface Displaying Connection Status for the Ports 33The Up Links ⇒ Connections Status Window This example shows the connection status for Port NETP7 Console#show interfaces status ethernet NETP7 MIB Variables Associated With the Connection Status of Ports Read only Error1 Duplex Status Configuring Interface Connections Web Interface Configuring Interface Connections 34The Up Links ⇒ Status Window showing attribues of NETP0 Command-line Interface Configuring Interface Connections 33MIB Variables for Interface Connections Read/write Bits Capabilities Configuring Aggregated Links Dynamically Configuring an Aggregated Link with Lacp Web Interface Dynamic Aggregated Links Lacp Command-line Interface Dynamic Aggregated Links Lacp Consoleconfig#interface ethernet NETP0Consoleconfig#interface ethernet NETP1 Console#show interfaces status port-channel MIB Variables Associated With Dynamic Aggregated Links 34MIB Variables Associated With Dynamic Aggregated Links Statically Configuring an Aggregated Link Web Interface Statically Configuring an Aggregated Link Consoleconfig#interface port-channel Consoleconfig#interface ethernet NETP3 MIB Variables Associated With Static Aggregated Links 35MIB Variables Associated With Static Aggregated Links Configuring Vlan Behavior for Interfaces Web Interface Configuring Vlan Behavior for Interfaces Modify the required settings for each interface Click Save 38The Up Links ⇒ VLANs Window cont’d MIB Variables Associated With Vlan Behavior of Interfaces 36MIB Variables Associated With Vlan Behavior of Interfaces Port Gvrp Read Octet string Name Configuring Static Addresses Web Interface Configuring Static Addresses 39The Up Links ⇒ Static Addresses Window Command-line Interface Configuring Static Addresses MIB Variables Associated With Static AddressesConsole#show mac-address-table ethernet NETP4 37MIB Variables Associated With Static Addresses Vlan Index Displaying the Current Interface Settings for STA Managing Interfaces for Spanning Tree Algorithm CLI displays this term 40The Up Links ⇒ Spanning Tree Window Console#show spanning-tree ethernet NETP4 MIB Variables Associated With a Port’s STA Settings 38MIB Variables Associated With a Port’s STA Settings Configuring Interface Settings for STA Web Interface Configuring STA Settings for a Port Command-line Interface Configuring STA Settings for a Port 41The Up Links ⇒ Spanning Tree Window for NETP4 39MIB Variables for Configuring a Port’s STA Settings MIB Variables for Configuring a Port’s STA SettingsChecking the STA Protocol Status for Interfaces MIB Variables Associated With a Port’s STA Status 40MIB Variables Associated With a Port’s STA StatusPage Web Interface Filtering Traffic to the Management Port 43The Management Ports ⇒ Packet Filtering Window Consoleconfig#ip filter permit any 0.0.0.0 0.0.0.0 0.0.0.0 Action Read/create Integer IP Port Web Interface Configuring Port Mirroring Configuring Port MirroringMonitoring Port and Management Traffic Command-line Interface Configuring Port Mirroring 44The Monitoring ⇒ Port Mirroring Window MIB Variables Associated With Port Mirroring Showing Port Statistics42MIB Variables Associated With Port Mirroring 43Traffic Statistics 43Traffic Statistics 43Traffic Statistics Web Interface Viewing Port Statistics 45The Monitoring ⇒ Port Statistics window Scroll down the page to view Rmon statistics Command-line Interface Viewing Port Statistics This example shows statistics for port SNP13 MIB Variables Associated With Port Statistics 44MIB Variables Associated With Port Statistics Out Discards Deferred CRC/Alignment Showing Snmp Statistics 45SNMP Traffic Statistics Web Interface Viewing Snmp Statistics Open Monitoring ⇒ Snmp Statistics 47The Monitoring Snmp Statistics Window Command-line Interface Viewing Snmp Statistics Console#show snmp MIB Variables Associated With Snmp Statistics Configuring Message Logs46MIB Variables Associated With Snmp Statistics Web Interface Configuring Message Logs 47Error Levels Command-line Interface Configuring Message Logs 48The Monitoring ⇒ Logs Window MIB Variables Associated With Message Logs 48MIB Variables Associated With Message LogsPage Command-Line Reference Accessing the CLI Using the Command-Line InterfaceConsole Connection Consoleconfig-if#ip address 10.1.0.1 Telnet Connection Entering Commands Console#show startup-configConsoleconfig#username admin password 0 smith Keywords and Arguments Getting Help on Commands Command CompletionMinimum Abbreviation Showing Commands Consoleshow interfaces ? Negating the Effect of Commands Using Command HistoryUnderstanding Command Modes Partial Keyword Lookup Exec Commands 1Command Modes Configuration Commands Console#configure 2Configuration Modes Command-Line Processing3CLI Editing Keystrokes Command Groups 4Command Groups 166 Detailed Command Description General CommandsEnable Syntax Disable Configure Show history Reload 1.6 end Exit Quit Flash/File Commands Copy Syntax Delete Console#copy file tftp 2.3 dir Console#delete test2.cfg 5File Information Whichboot Following example shows how to display all file information Boot system Console#whichboot Consoleconfig#boot system config startup System Management Commands6System Management Commands Hostname 7Default User Names and Passwords Consoleconfig#hostname ServerChassis35Username Enable password Consoleconfig#enable password level 15 0 admin Ip http port Ip http server Jumbo frame Logging on 8Error Levels Logging history Clear logging Consoleconfig#logging history ramConsole#clear logging Show logging Show startup-config Console#show startup-config Show running-config Console#show running-config Show system None Show version Show usersConsole#show users Authentication Commands Example Authentication login 9Authentication Commands Consoleconfig#authentication login radius Radius-server host Radius-server port Consoleconfig#radius-server key green Radius-server key Default Setting Command Mode Radius-server timeoutRadius-server retransmit Show radius-server Console#show radius-server Tacacs-server host Tacacs-server port Tacacs-server key Snmp Commands 10SNMP CommandsShow tacacs-server Console#show tacacs-server Snmp-server community Consoleconfig#snmp-server contact Paul Consoleconfig#snmp-server community alpha rwSnmp-server contact Snmp-server location Consoleconfig#snmp-server location WC-19Snmp-server host Consoleconfig#snmp-server host 10.1.19.23 batman version Snmp-server enable traps Show snmp Console#show snmp 11Line Commands Line CommandsLine Login Password No password is specified Exec-timeout Password-thresh Silent-time Show line IP Commands Console#show line Ip address Ip dhcp restart Ip dhcp client-identifier Syntax Ip default-gateway Show ip interface Show ip redirects Ping Console#show ip redirects Ip filter Port number is not checked. The fragments option is allowed General Configuration Example Checking for fragments Example Address filtersExample Checking for code values Show ip filter Consoleconfig#ip filter permit tcp 192.168.1.0 0.0 0.0.0.0Example Checking for port numbers Console#show ip filter 13Interface Commands Interface CommandsInterface Description Speed-duplex Consoleconfig-if#speed-duplex 100half Consoleconfig#interface ethernet NETP5Negotiation Consoleconfig#interface ethernet SNP11 Capabilities SNP0-15 1000full Flowcontrol Following example enables flow control on port NETP7 Consoleconfig#interface ethernet NETP7 Switchport broadcast packet-rate Shutdown Enabled for all ports Packets per second Show interfaces status Clear countersConsole#clear counters ethernet SNP5 Vlan vlan-idRange Show interfaces counters Console#show interfaces status ethernet SNP11 Show interfaces switchport Console#show interfaces counters ethernet NETP7 Shows all interfaces Console#show interfaces switchport ethernet NETP7 Address Table Commands14Address Table Commands Mac-address-table static Action Show mac-address-table Clear mac-address-table dynamicConsole#clear mac-address-table dynamic Mac-address-table aging-time Console#show mac-address-table Show mac-address-table aging-time Port Security Commands 15Port Security CommandsPort security Console#show mac-address-table aging-time Following example enables port security of port SNP5 16Spanning Tree Commands Spanning Tree CommandsSpanning-tree Spanning-tree mode Consoleconfig#spanning-tree mode rstp Spanning-tree forward-time Spanning-tree hello-time Spanning-tree max-age Spanning-tree priority Consoleconfig#spanning-tree priority Spanning-tree pathcost method Spanning-tree transmission-limit Consoleconfig#spanning-tree pathcost method longSpanning-tree cost Spanning-tree cost cost No spanning-tree cost Spanning-tree port-priority Spanning-tree edge-port Spanning-tree protocol-migration Spanning-tree link-type Show spanning-tree Rstp Vlan Commands 17VLAN Commands Vlan database Vlan Consoleconfig-vlan#vlan 105 name RD5 media ethernet Consoleconfig-if#ip address 192.168.1.254 Switchport modeInterface vlan Switchport acceptable-frame-types Switchport ingress-filtering Switchport native vlan Switchport allowed vlan Default Setting Switchport forbidden vlan Show vlan 18GVRP and Bridge Extension Commands Gvrp and Bridge Extension CommandsVlan id Show gvrp configuration Switchport gvrpConsoleconfig#interface ethernet SNP1 Garp timer Console#show gvrp configuration Show garp timer Console#show garp timer ethernet SNP1 Show garp timerBridge-ext gvrp Show bridge-ext Command Usage Igmp Snooping Commands 19IGMP Snooping Commands Ip igmp snooping Ip igmp snooping vlan static Ip igmp snooping version Consoleconfig#ip igmp snooping version Show ip igmp snooping Show mac-address-table multicast Ip igmp snooping querier Consoleconfig#ip igmp snooping querierIp igmp snooping query-count Consoleconfig#ip igmp snooping query-count Ip igmp snooping query-interval Consoleconfig#ip igmp snooping query-interval Ip igmp snooping query-max-response-time Consoleconfig#ip igmp snooping query-max-response-time Ip igmp snooping router-port-expire-time Consoleconfig#ip igmp snooping router-port-expire-time Ip igmp snooping vlan mrouter Show ip igmp snooping mrouter 20Priority Commands Priority CommandsConsole#show ip igmp snooping mrouter Switchport priority default Queue bandwidth weight1...weight4 Queue bandwidth Consoleconfig#queue bandwidth 1 3 5 Queue cos-map 21IEEE 802.1p Default Priority Recommendations Show queue bandwidth Show queue cos-map Map ip precedence Global Configuration Console#show queue cos-map ethernet SNP11 Map ip precedence Interface Configuration Map ip precedence ip-precedence-value cos cos-value Map ip dscp Global Configuration Map ip dscp Interface Configuration 22Default Dscp to COS Mapping Show map ip precedence Show map ip dscp Map ip dscp ethernet SNP1 23Mirror Port Commands Mirror Port CommandsPort monitor Show port monitor Link Aggregation Commands Channel-group 24Link Aggregation CommandsGuidelines for Creating Aggregated Links Lacp Lacp No lacp Consoleconfig#interface ethernet NETP0 Management Information Base Supported MIBs Table A-1Supported MIBs Table A-2Sun Private Enterprise MIB Supported TrapsTable A-4Sun Private Enterprise Traps Page Troubleshooting Accessing the Management Interface Diagnosing Switch IndicatorsDiagnosing Port Connections Appendix B Troubleshooting B-3 Log Messages Using System LogsTable B-1Log Messages Command-Line Error Detection Error MessagesConsole#show interfaces statuss e 1/1 System Errors Command Line ErrorsTable B-2System Error Messages Table B-3Command Line Error Messages Appendix B Troubleshooting B-7 Line mode vty can not use console parameter Web Interface Errors Table B-4Web Interface Error Messages Illegal Snmp trap IP address Appendix B Troubleshooting B-11 Table B-4Web Interface Error Messages Appendix B Troubleshooting B-13 Table B-4Web Interface Error Messages Specifications Switch Architecture Table C-1Switch Architecture Management Features Table C-2Management Features Environmental PowerStandards Appendix C Specifications C-5 Page Glossary Bandwidth Garp Vlan Access method and physical layer specifications Convergence for topology changes1000BASE-T Fast Ethernet Defines frame extensions for Vlan tagging Link Aggregation Control Protocol Management services Access to this switchBlocks and error-corrected Efficiency of the networkPage Index Page Index-3