Reference Guide
Table Of Contents
- About this Guide
- Configuration Fundamentals
- Getting Started
- System Management
- Configure Privilege Levels
- Configure Logging
- Log Messages in the Logging Buffer
- Disable System Logging
- Send System Messages to a Syslog Server
- Change System Logging Settings
- Display the Logging Buffer and the Logging Configuration
- Configure a UNIX Logging Facility Level
- Synchronize Log Messages
- Enable Timestamp on Syslog Messages
- File Transfer Services
- Terminal Lines
- Time out of EXEC Privilege Mode
- Telnet to Another Network Device
- Lock CONFIGURATION mode
- Recovering from a Forgotten Password
- Recovering from a Failed Start
- 802.1ag
- Ethernet CFM
- Maintenance Domains
- Maintenance Points
- Maintenance End Points
- Implementation Information
- Configure CFM
- Enable Ethernet CFM
- Create a Maintenance Domain
- Create a Maintenance Association
- Create Maintenance Points
- Continuity Check Messages
- Loopback Message and Response
- Linktrace Message and Response
- Enable CFM SNMP Traps
- Display Ethernet CFM Statistics
- 802.3ah
- 802.1X
- Protocol Overview
- Configuring 802.1X
- Important Points to Remember
- Enabling 802.1X
- Configuring Request Identity Re-transmissions
- Forcibly Authorize or Unauthorize a Port
- Re-Authenticating a Port
- Configuring Timeouts
- Dynamic VLAN Assignment with Port Authentication
- Guest and Authentication-Fail VLANs
- Multi-Host Authentication
- Multi-Supplicant Authentication
- MAC Authentication Bypass
- Dynamic CoS with 802.1X
- IP Access Control Lists (ACL), Prefix Lists, and Route-maps
- Overview
- IP Access Control Lists (ACLs)
- IP Fragment Handling
- Configure a standard IP ACL
- Configure an extended IP ACL
- Configure Layer 2 and Layer 3 ACLs on an Interface
- Assign an IP ACL to an Interface
- Configure Ingress ACLs
- Configure Egress ACLs
- Configure ACLs to Loopback
- IP Prefix Lists
- ACL Resequencing
- Route Maps
- Important Points to Remember
- Bidirectional Forwarding Detection
- Protocol Overview
- Important Points to Remember
- Configure Bidirectional Forwarding Detection
- Border Gateway Protocol IPv4 (BGPv4)
- Protocol Overview
- BGP Attributes
- Multiprotocol BGP
- Implement BGP with FTOS
- Configuration Information
- BGP Configuration
- Defaults
- Configuration Task List for BGP
- Enable BGP
- Configure AS4 Number Representations
- Configure Peer Groups
- BGP fast fall-over
- Configure passive peering
- Maintain existing AS numbers during an AS migration
- Allow an AS number to appear in its own AS path
- Enable graceful restart
- Filter on an AS-Path attribute
- Redistribute routes
- Configure IP community lists
- Manipulate the COMMUNITY attribute
- Change MED attribute
- Change LOCAL_PREFERENCE attribute
- Change NEXT_HOP attribute
- Change WEIGHT attribute
- Enable multipath
- Filter BGP routes
- Configure BGP route reflectors
- Aggregate routes
- Configure BGP confederations
- Enable route flap dampening
- Change BGP timers
- BGP neighbor soft-reconfiguration
- Route map continue
- MBGP Configuration
- BGP Regular Expression Optimization
- Retain NH in BGP Advertisement
- Debug BGP
- Sample Configurations
- Content Addressable Memory
- Content Addressable Memory
- CAM Profiles
- Microcode
- CAM Profiling for ACLs
- Boot Behavior
- When to Use CAM Profiling
- Important Points to Remember
- Select CAM Profiles
- CAM Allocation
- Test CAM Usage
- View CAM Profiles
- View CAM-ACL settings
- View CAM Usage
- Configuring IPv4Flow Sub-partitions
- Configuring Ingress Layer 2 ACL Sub-partitions
- Return to the Default CAM Configuration
- CAM Optimization
- Applications for CAM Profiling
- Troubleshoot CAM Profiling
- Configuration Replace and Rollback
- Archived Files
- Configuring Configuration Replace and Rollback
- Important Points to Remember
- Enable the Archive Service
- Archive a Configuration File
- Replace the Current Running Configuration
- Roll Back to the Previous Configuration
- Configure an Archive File Maximum
- Configure Auto-archive
- Copy and Delete an Archive File
- View and Edit the Contents of an Archive File
- Dynamic Host Configuration Protocol
- Protocol Overview
- Implementation Information
- Configuration Tasks
- Configure the System to be a DHCP Server
- Configure the System to be a Relay Agent
- Configure Secure DHCP
- Equal Cost Multi-Path
- Force10 Resilient Ring Protocol
- Force10 Service Agent
- Implementation Information
- Configure Force10 Service Agent
- Enable Force10 Service Agent
- Specify an SMTP Server for FTSA
- Providing an Administrator E-mail Address
- FTSA Messaging Service
- FTSA Message Types
- FTSA Policies
- Debug FTSA
- GARP VLAN Registration Protocol
- High Availability
- Internet Group Management Protocol
- IGMP Implementation Information
- IGMP Protocol Overview
- Configuring IGMP
- Viewing IGMP Enabled Interfaces
- Selecting an IGMP Version
- Viewing IGMP Groups
- Adjusting Timers
- Configuring a Static IGMP Group
- Enabling IGMP Immediate-leave
- IGMP Snooping
- Fast Convergence after MSTP Topology Changes
- Designating a Multicast Router Interface
- Interfaces
- Basic Interface Configuration:
- Advanced Interface Configuration:
- Interface Types
- View Basic Interface Information
- Enable a Physical Interface
- Physical Interfaces
- Management Interfaces
- VLAN Interfaces
- Loopback Interfaces
- Null Interfaces
- Port Channel Interfaces
- Port channel definition and standards
- Port channel benefits
- Port channel implementation
- 10/100/1000 Mbps interfaces in port channels
- Configuration task list for port channel interfaces
- Create a port channel
- Add a physical interface to a port channel
- Reassign an interface to a new port channel
- Configure the minimum oper up links in a port channel (LAG)
- Add or remove a port channel from a VLAN
- Assign an IP address to a port channel
- Delete or disable a port channel
- Load balancing through port channels
- E-Series load-balancing
- IPv4, IPv6, and non-IP traffic handling on the E-Series
- C-Series and S-Series load-balancing
- Hash algorithm
- Bulk Configuration
- Interface Range Macros
- Monitor and Maintain Interfaces
- Link Debounce Timer
- Link Dampening
- Ethernet Pause Frames
- Configure MTU Size on an Interface
- Port-pipes
- Auto-Negotiation on Ethernet Interfaces
- View Advanced Interface Information
- IPv4 Addressing
- IP Addresses
- Directed Broadcast
- Resolution of Host Names
- ARP
- ARP Learning via Gratuitous ARP
- ARP Learning via ARP Request
- Configurable ARP Retries
- ICMP
- UDP Helper
- Configuring UDP Helper
- Important Points to Remember about UDP Helper
- Enabling UDP Helper
- Configuring a Broadcast Address
- Configurations Using UDP Helper
- Troubleshooting UDP Helper
- IPv6 Addressing
- Protocol Overview
- Implementing IPv6 with FTOS
- ICMPv6
- Path MTU Discovery
- IPv6 Neighbor Discovery
- QoS for IPv6
- IPv6 Multicast
- SSH over an IPv6 Transport
- Configuration Task List for IPv6
- Change your CAM-Profile on an E-Series system
- Adjust your CAM-Profile on an C-Series or S-Series
- Assign an IPv6 Address to an Interface
- Assign a Static IPv6 Route
- Telnet with IPv6
- SNMP over IPv6
- Show IPv6 Information
- Show an IPv6 Interface
- Show IPv6 Routes
- Show the Running-Configuration for an Interface
- Clear IPv6 Routes
- Intermediate System to Intermediate System
- Link Aggregation Control Protocol
- Layer 2
- Managing the MAC Address Table
- MAC Learning Limit
- mac learning-limit dynamic
- mac learning-limit station-move
- mac learning-limit no-station-move
- mac learning-limit sticky
- Displaying MAC Learning-Limited Interfaces
- Learning Limit Violation Actions
- Station Move Violation Actions
- Recovering from Learning Limit and Station Move Violations
- Per-VLAN MAC Learning Limit
- NIC Teaming
- Microsoft Clustering
- Configuring Redundant Pairs
- Restricting Layer 2 Flooding
- Far-end Failure Detection
- Link Layer Discovery Protocol
- 802.1AB (LLDP) Overview
- Optional TLVs
- TIA-1057 (LLDP-MED) Overview
- Configuring LLDP
- Important Points to Remember
- CONFIGURATION versus INTERFACE Configurations
- Enabling LLDP
- Advertising TLVs
- Viewing the LLDP Configuration
- Viewing Information Advertised by Adjacent LLDP Agents
- Configuring LLDPDU Intervals
- Configuring Transmit and Receive Mode
- Configuring a Time to Live
- Debugging LLDP
- Relevant Management Objects
- Multicast Listener Discovery
- Multicast Source Discovery Protocol
- Protocol Overview
- Implementation Information
- Configuring Multicast Source Discovery Protocol
- Enable MSDP
- Manage the Source-active Cache
- Accept Source-active Messages that fail the RFP Check
- Limit the Source-active Messages from a Peer
- Prevent MSDP from Caching a Local Source
- Prevent MSDP from Caching a Remote Source
- Prevent MSDP from Advertising a Local Source
- Log Changes in Peership States
- Terminate a Peership
- Clear Peer Statistics
- Debug MSDP
- MSDP with Anycast RP
- MSDP Sample Configurations
- Multiple Spanning Tree Protocol
- Protocol Overview
- Configure Multiple Spanning Tree Protocol
- Enable Multiple Spanning Tree Globally
- Add and Remove Interfaces
- Create Multiple Spanning Tree Instances
- Influence MSTP Root Selection
- Interoperate with Non-FTOS Bridges
- Modify Global Parameters
- Modify Interface Parameters
- Configure an EdgePort
- Configure a Root Guard
- Configure a Loop Guard
- Flush MAC Addresses after a Topology Change
- Displaying STP Guard Configuration
- MSTP Sample Configurations
- Debugging and Verifying MSTP Configuration
- Multicast Features
- Object Tracking
- Open Shortest Path First (OSPFv2 and OSPFv3)
- Protocol Overview
- Implementing OSPF with FTOS
- Configuration Requirements
- Configuration Task List for OSPFv2 (OSPF for IPv4)
- Enable OSPFv2
- Enable Multi-Process OSPF
- Assign an OSPFv2 area
- Enable OSPFv2 on interfaces
- Configure stub areas
- Configure OSPF Stub-Router Advertisement
- Enable passive interfaces
- Enable fast-convergence
- Change OSPFv2 parameters on interfaces
- Enable OSPFv2 authentication
- Enable OSPFv2 graceful restart
- Configure virtual links
- Filter routes
- Redistribute routes
- Troubleshooting OSPFv2
- Sample Configurations for OSPFv2
- Configuration Task List for OSPFv3 (OSPF for IPv6)
- Enable IPv6 Unicast Routing
- Assign IPv6 addresses on an interface
- Assign Area ID on interface
- Assign OSPFv3 Process ID and Router ID Globally
- Configure stub areas
- Configure Passive-Interface
- Redistribute routes
- Configure a default route
- Enable OSPFv3 graceful restart
- OSPFv3 Authentication Using IPsec
- Troubleshooting OSPFv3
- PIM Dense-Mode
- PIM Sparse-Mode
- Implementation Information
- Protocol Overview
- Important Points to Remember
- Configure PIM-SM
- Enable PIM-SM
- Configurable S,G Expiry Timers
- Configure a Static Rendezvous Point
- Elect an RP using the BSR Mechanism
- Configure a Designated Router
- Create Multicast Boundaries and Domains
- Set a Threshold for Switching to the SPT
- PIM-SM Graceful Restart
- First Packet Forwarding for Lossless Multicast
- Monitoring PIM
- PIM-SM and IGMP Snooping: Usage Notes
- PIM-SM Snooping
- PIM Source-Specific Mode
- Power over Ethernet
- Policy-based Routing
- Port Monitoring
- Private VLANs
- Per-VLAN Spanning Tree Plus
- Protocol Overview
- Implementation Information
- Configure Per-VLAN Spanning Tree Plus
- Enable PVST+
- Modify Global PVST+ Parameters
- Modify Interface PVST+ Parameters
- Configure an EdgePort
- Configure a Root Guard
- Configure a Loop Guard
- PVST+ in Multi-vendor Networks
- PVST+ Extended System ID
- Displaying STP Guard Configuration
- PVST+ Sample Configurations
- Quality of Service
- Implementation Information
- Port-based QoS Configurations
- Policy-based QoS Configurations
- QoS Rate Adjustment
- Strict-priority Queueing
- Weighted Random Early Detection
- Allocating Bandwidth to Multicast Queues
- Pre-calculating Available QoS CAM Space
- Viewing QoS CAM Entries
- Routing Information Protocol
- Remote Monitoring
- Rapid Spanning Tree Protocol
- Protocol Overview
- Configuring Rapid Spanning Tree
- Important Points to Remember
- Configure Interfaces for Layer 2 Mode
- Enable Rapid Spanning Tree Protocol Globally
- Add and Remove Interfaces
- Modify Global Parameters
- Modify Interface Parameters
- Configure an EdgePort
- Influence RSTP Root Selection
- SNMP Traps for Root Elections and Topology Changes
- Fast Hellos for Link State Detection
- Configure a Root Guard
- Configure a Loop Guard
- Displaying STP Guard Configuration
- Security
- Service Provider Bridging
- VLAN Stacking
- VLAN Stacking Packet Drop Precedence
- Dynamic Mode CoS for VLAN Stacking
- Layer 2 Protocol Tunneling
- Provider Backbone Bridging
- sFlow
- Simple Network Management Protocol
- Protocol Overview
- Implementation Information
- Configure Simple Network Management Protocol
- Important Points to Remember
- Create a Community
- Read Managed Object Values
- Write Managed Object Values
- Configure Contact and Location Information using SNMP
- Subscribe to Managed Object Value Updates using SNMP
- Copy Configuration Files Using SNMP
- Manage VLANs using SNMP
- Enable and Disable a Port using SNMP
- Fetch Dynamic MAC Entries using SNMP
- Deriving Interface Indices
- Monitor Port-channels
- Troubleshooting SNMP Operation
- SONET/SDH
- Stacking S-Series Switches
- Broadcast Storm Control
- Spanning Tree Protocol
- Protocol Overview
- Configuring Spanning Tree
- Related Configuration Tasks
- Important Points to Remember
- Configuring Interfaces for Layer 2 Mode
- Enabling Spanning Tree Protocol Globally
- Adding an Interface to the Spanning Tree Group
- Removing an Interface from the Spanning Tree Group
- Modifying Global Parameters
- Modifying Interface STP Parameters
- Enabling PortFast
- Preventing Network Disruptions with BPDU Guard
- STP Root Selection
- STP Root Guard
- SNMP Traps for Root Elections and Topology Changes
- Configuring Spanning Trees as Hitless
- STP Loop Guard
- Displaying STP Guard Configuration
- System Time and Date
- Uplink Failure Detection (UFD)
- Upgrade Procedures
- VLAN
- Virtual Routing and Forwarding (VRF)
- Virtual Router Redundancy Protocol (VRRP)
- FTOS XML Feature
- C-Series Debugging and Diagnostics
- E-Series TeraScale Debugging and Diagnostics
- S-Series Debugging and Diagnostics
- Standards Compliance
Security | 929
Specify a RADIUS server host
When configuring a RADIUS server host, you can set different communication parameters, such as the
UDP port, the key password, the number of retries, and the timeout.
To specify a RADIUS server host and configure its communication parameters, use the following
command in the CONFIGURATION mode:
To specify multiple RADIUS server hosts, configure the
radius-server host command multiple times. If
multiple RADIUS server hosts are configured, FTOS attempts to connect with them in the order in which
they were configured. When FTOS attempts to authenticate a user, the software connects with the
RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject
response.
If you want to change an optional parameter setting for a specific host, use the
radius-server host
command. To change the global communication settings to all RADIUS server hosts, refer to Set global
communication parameters for all RADIUS server hosts.
To view the RADIUS configuration, use the
show running-config radius command in the EXEC Privilege
mode.
To delete a RADIUS server host, use the
no radius-server host {hostname | ip-address} command.
Set global communication parameters for all RADIUS server hosts
You can configure global communication parameters (auth-port, key, retransmit, and timeout parameters)
and specific host communication parameters on the same system. However, if both global and specific host
parameters are configured, the specific host parameters override the global parameters for that RADIUS
server host.
Command Syntax Command Mode Purpose
radius-server host {hostname |
ipv4-address | ipv6-address}
[
auth-port port-number] [retransmit
retries] [timeout seconds] [key
[
encryption-type] key]
CONFIGURATION Enter the host name or IP address of the RADIUS server
host. Configure the optional communication parameters
for the specific host:
•
auth-port port-number range: 0 to 65335. Enter a
UDP port number. The default is 1812.
•
retransmit retries range: 0 to 100. Default is 3.
•
timeout seconds range: 0 to 1000. Default is 5
seconds.
•
key [encryption-type] key: Enter 0 for plain text or 7
for encrypted text, and a string for the key. The key
can be up to 42 characters long. This key must match
the key configured on the RADIUS server host.
If these optional parameters are not configured, the
global default values for all RADIUS host are applied.