Instruction Manual

ManualsBrandsAllied Telesis ManualsComputer HardwareAT-S94 CLI (AT-8000S Series)

361

362

363

364

365

366

367

368

369

370

Table Of Contents

Preface
- Intended Audience
- Document Conventions
- Contacting Allied Telesis
Chapter 1. Using the CLI
- Overview
- CLI Command Modes
- Starting the CLI
- Editing Features
  - Entering Commands
  - Copying and Pasting Text
Chapter 2. ACL Commands
- ip access-list
- permit (ip)
- deny (IP)
- ipv6 access-list
- permit (IPv6)
- deny (IPv6)
- mac access-list
- permit (MAC)
- deny (MAC)
- service-acl
- show access-lists
- show interfaces access-lists
Chapter 3. AAA Commands
- aaa authentication login
- aaa authentication enable
- login authentication
- enable authentication
- ip http authentication
- ip https authentication
- show authentication methods
- password
- username
- aaa accounting login
- aaa accounting dot1x
- show users accounts
- enable password
- show accounting
Chapter 4. Address Table Commands
- bridge address
- bridge multicast filtering
- bridge multicast address
- bridge multicast forbidden address
- bridge multicast unregistered
- bridge multicast forward-all
- bridge multicast forbidden forward-all
- bridge aging-time
- clear bridge
- port security
- port security mode
- port security max
- port security routed secure-address
- show bridge address-table
- show bridge address-table static
- show bridge address-table count
- show bridge multicast address-table
- show bridge multicast address-table static
- show bridge multicast filtering
- show bridge multicast unregistered
- show ports security
- show ports security addresses
Chapter 5. Clock Commands
- clock set
- clock source
- clock timezone
- clock summer-time
- sntp authentication-key
- sntp authenticate
- sntp trusted-key
- sntp client poll timer
- sntp broadcast client enable
- sntp anycast client enable
- sntp client enable (Interface)
- sntp unicast client enable
- sntp unicast client poll
- sntp server
- show clock
- show sntp configuration
- show sntp status
Chapter 6. Configuration and Image File Commands
- copy
- dir
- delete
- boot system
- show running-config
- show startup-config
- show bootvar
Chapter 7. DHCP Snooping Commands
- ip dhcp snooping
- ip dhcp snooping vlan
- ip dhcp snooping trust
- ip dhcp snooping information option allowed-untrusted
- ip dhcp snooping verify
- ip dhcp snooping database
- ip dhcp snooping database update-freq
- ip dhcp snooping binding
- clear ip dhcp snooping database
- show ip dhcp snooping
- show ip dhcp snooping binding
Chapter 8. Ethernet Configuration Commands
- interface ethernet
- interface range ethernet
- shutdown
- description
- speed
- duplex
- negotiation
- flowcontrol
- mdix
- back-pressure
- system flowcontrol
- clear counters
- set interface active
- show interfaces advertise
- show interfaces configuration
- show interfaces status
- show interfaces description
- show interfaces counters
- port storm-control include-multicast (IC)
- port storm-control broadcast enable
- port storm-control broadcast rate
- show ports storm-control
Chapter 9. GVRP Commands
- gvrp enable (Global)
- gvrp enable (Interface)
- garp timer
- gvrp vlan-creation-forbid
- gvrp registration-forbid
- clear gvrp statistics
- show gvrp configuration
- show gvrp statistics
- show gvrp error-statistics
Chapter 10. IGMP Snooping Commands
- ip igmp snooping (Global)
- ip igmp snooping (Interface)
- ip igmp snooping mrouter learn-pim-dvmrp
- ip igmp snooping host-time-out
- ip igmp snooping querier enable
- ip igmp snooping querier address
- ip igmp snooping querier version
- ip igmp snooping mrouter-time-out
- ip igmp snooping leave-time-out
- show ip igmp snooping mrouter
- show ip igmp snooping interface
- show ip igmp snooping groups
Chapter 11. IP Addressing Commands
- ip address
- ip address dhcp
- ip default-gateway
- show ip interface
- arp
- arp timeout
- clear arp-cache
- show arp
- ip domain-lookup
- ip domain-name
- ip name-server
- ip host
- clear host
- clear host dhcp
- show hosts
Chapter 12. IPv6 Addressing Commands
- ipv6 enable
- ipv6 address
- ipv6 address link-local
- ipv6 default-gateway
- show ipv6 interface
- ipv6 nd dad attempts
- ipv6 host
- ipv6 neighbor
- show ipv6 neighbors
- clear ipv6 neighbors
Chapter 13. Line Commands
- line
- speed
- autobaud
- exec-timeout
- history
- history size
- terminal history
- terminal history size
- show line
Chapter 14. DHCP Option 82 Commands
- ip dhcp information option
- show ip dhcp information option
Chapter 15. IP DHCP Relay
- ip dhcp relay enable (global)
- ip dhcp relay enable (interface)
- ip dhcp relay address
- show ip dhcp relay
Chapter 16. LACP Commands
- lacp system-priority
- lacp port-priority
- lacp timeout
- show lacp ethernet
- show lacp port-channel
Chapter 17. LLDP Commands
- lldp enable (global)
- lldp enable (interface)
- lldp timer
- lldp hold-multiplier
- lldp reinit-delay
- lldp tx-delay
- lldp optional-tlv
- lldp management-address
- lldp notifications
- lldp med enable
- lldp med network-policy (global)
- lldp med network-policy (interface)
- lldp med location
- clear lldp rx
- show lldp configuration
- show lldp med configuration
- show lldp local
- show lldp neighbors
Chapter 18. Login Banner Commands
- login_banner
- show login_banner
Chapter 19. Management ACL Commands
- management access-list
- permit (Management)
- deny (Management)
- management access-class
- show management access-list
- show management access-class
Chapter 20. PHY Diagnostics Commands
- test copper-port tdr
- show copper-ports tdr
- show copper-ports cable-length
- show fiber-ports optical-transceiver
Chapter 21. Port Channel Commands
- interface port-channel
- interface range port-channel
- channel-group
- show interfaces port-channel
Chapter 22. Port Monitor Commands
- port monitor
- show ports monitor
Chapter 23. Power over Ethernet Commands
- power inline
- power inline powered-device
- power inline priority
- power inline usage-threshold
- power inline traps enable
- show power inline
- show power inline power-consumption
- show power inline version
Chapter 24. QoS Commands
- qos
- show qos
- priority-queue out num-of-queues
- rate-limit
- traffic-shape
- show qos interface
- wrr-queue cos-map
- qos trust (Global)
- qos map dscp-queue
- qos cos
- show qos map
Chapter 25. Radius Commands
- radius-server host
- radius-server key
- radius-server retransmit
- radius-server source-ip
- radius-server source-ipv6
- radius-server timeout
- radius-server deadtime
- show radius-servers
Chapter 26. RMON Commands
- show rmon statistics
- rmon collection history
- show rmon collection history
- show rmon history
- rmon alarm
- show rmon alarm-table
- show rmon alarm
- rmon event
- show rmon events
- show rmon log
- rmon table-size
Chapter 27. SNMP Commands
- snmp-server community
- snmp-server view
- snmp-server group
- snmp-server user
- snmp-server engineID local
- snmp-server enable traps
- snmp-server filter
- snmp-server host
- snmp-server v3-host
- snmp-server trap authentication
- snmp-server contact
- snmp-server location
- snmp-server set
- show snmp
- show snmp engineid
- show snmp views
- show snmp groups
- show snmp filters
- show snmp users
Chapter 28. Spanning-Tree Commands
- spanning-tree
- spanning-tree mode
- spanning-tree forward-time
- spanning-tree hello-time
- spanning-tree max-age
- spanning-tree priority
- spanning-tree disable
- spanning-tree cost
- spanning-tree port-priority
- spanning-tree portfast
- spanning-tree link-type
- spanning-tree pathcost method
- spanning-tree bpdu
- spanning-tree guard root
- spanning-tree bpduguard
- clear spanning-tree detected-protocols
- spanning-tree mst priority
- spanning-tree mst max-hops
- spanning-tree mst port-priority
- spanning-tree mst cost
- spanning-tree mst configuration
- instance (mst)
- name (mst)
- revision (mst)
- show (mst)
- exit (mst)
- abort (mst)
- show spanning-tree
Chapter 29. SSH Commands
- ip ssh port
- ip ssh server
- crypto key generate dsa
- crypto key generate rsa
- ip ssh pubkey-auth
- crypto key pubkey-chain ssh
- user-key
- key-string
- show ip ssh
- show crypto key mypubkey
- show crypto key pubkey-chain ssh
Chapter 30. Syslog Commands
- logging on
- logging
- logging console
- logging buffered
- logging buffered size
- clear logging
- logging file
- clear logging file
- aaa logging
- file-system logging
- management logging
- show logging
- show logging file
- show syslog-servers
Chapter 31. TACACS+ Commands
- tacacs-server host
- tacacs-server key
- tacacs-server timeout
- tacacs-server source-ip
- show tacacs
Chapter 32. Tunnel Commands
- interface tunnel
- tunnel mode ipv6ip
- tunnel isatap router
- tunnel source
- tunnel isatap query-interval
- tunnel isatap solicitation-interval
- tunnel isatap robustness
- show ipv6 tunnel
Chapter 33. System Management Commands
- ping
- telnet
- reload
- resume
- hostname
- stack master
- stack reload
- stack change unit-id
- show stack
- show users
- show sessions
- show system
- show system id
- show version
Chapter 34. User Interface Commands
- do
- enable
- disable
- login
- configure
- exit (Configuration)
- exit
- end
- help
- terminal datadump
- show history
- show privilege
Chapter 35. VLAN Commands
- vlan database
- vlan
- interface vlan
- interface range vlan
- name
- switchport protected
- switchport mode
- switchport access vlan
- switchport trunk allowed vlan
- switchport trunk native vlan
- switchport general allowed vlan
- switchport general pvid
- switchport general ingress-filtering disable
- switchport general acceptable-frame-type tagged-only
- switchport general map macs-group vlan
- map mac macs-group
- show vlan macs-group
- switchport forbidden vlan
- ip internal-usage-vlan
- show vlan
- show vlan internal usage
- show interfaces switchport
Chapter 36. Web Server Commands
- ip http server
- ip http port
- ip http exec-timeout
- ip https server
- ip https port
- ip https exec-timeout
- crypto certificate generate
- crypto certificate request
- crypto certificate import
- ip https certificate
- show crypto certificate mycertificate
- show ip http
- show ip https
Chapter 37. 802.1x Commands
- aaa authentication dot1x
- dot1x system-auth-control
- dot1x port-control
- dot1x re-authentication
- dot1x timeout re-authperiod
- dot1x re-authenticate
- dot1x timeout quiet-period
- dot1x timeout tx-period
- dot1x max-req
- dot1x timeout supp-timeout
- dot1x timeout server-timeout
- show dot1x
- show dot1x users
- show dot1x statistics
- dot1x auth-not-req
- dot1x guest-vlan
- dot1x single-host-violation
- dot1x mac-authentication
- show dot1x advanced
- dot1x guest-vlan enable
- dot1x guest-vlan timeout
- dot1x radius-attributes vlan
Index

Page 365

Allied Telesis

AT-8000S-S94-3.0 Command Line Interface User’s Guide

Parameters

•

number — Specifies the certificate number. (Range: 1 - 2)

• key-generate — Regenerate the SSL RSA key.

• length — Specifies the SSL RSA key length. (Range: 512 - 2048)

• string — Passphrase used for exporting the certificate in PKCS12 file format. If unspecified the certificate is

not exportable.

• common- name — Specifies the fully qualified URL or IP address of the device. (Range: 1 - 64). If

unspecified, defaults to the lowest static IPv6 address of the device (when the certificate is generated) ,or to

the lowest static IPv4 address of the device if there is no static IPv6 address, or to 0.0.0.0 if there is no static

IP address.

• organization — Specifies the organization name. (Range: 1 - 64)

• organization-unit — Specifies the organization-unit or department name.(Range: 1 - 64)

• location — Specifies the location or city name. (Range: 1 - 64)

• state — Specifies the state or province name. (Range: 1 - 64)

• country — Specifies the country name. (Range: 2 - 2)

• days — Specifies number of days certification is valid. (Range: 30 - 3650)

Default Configuration

The Certificate and SSL’s RSA key pairs do not exist.

If no certificate number is specified, the default certificate number is 1.

If no RSA key length is specified, the default length is 1024.

If no URL or IP address is specified, the default common name is the lowest IP address of the device at the time

that the certificate is generated.

If the number of days is not specified, the default period of time that the certification is valid is 365 days.

Command Mode

Global Configuration mode

User Guidelines

The command is not saved in the device configuration; however, the certificate and keys generated by this

command are saved in the private configuration (which is never displayed to the user or backed up to another

device).

Use this command to generate a self-signed certificate for the device.

If the RSA keys do not exist, parameter key-generate must be used.

Example

The following example regenerates an HTTPS certificate.

crypto certificate request

The crypto certificate request Privileged EXEC mode command generates and displays certificate requests for

HTTPS.

console(config)# crypto certificate 1 generate key-generate