CLI Reference Guide
Table Of Contents
- AS5700-54X
- AS6700-32X
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Command Line Interface
- Using the Command Line Interface
- General Commands
- System Management Commands
- SNMP Commands
- Remote Monitoring Commands
- Authentication Commands
- General Security Measures
- Port Security
- Network Access (MAC Address Authentication)
- network-access aging
- network-access mac-filter
- mac-authentication reauth-time
- network-access dynamic-qos
- network-access dynamic-vlan
- network-access guest-vlan
- network-access link-detection
- network-access link- detection link-down
- network-access link- detection link-up
- network-access link- detection link-up- down
- network-access max- mac-count
- network-access mode mac-authentication
- network-access port- mac-filter
- mac-authentication intrusion-action
- mac-authentication max-mac-count
- clear network-access
- show network-access
- show network-access mac-address-table
- show network-access mac-filter
- Web Authentication
- DHCPv4 Snooping
- ip dhcp snooping
- ip dhcp snooping information option
- ip dhcp snooping information option encode no-subtype
- ip dhcp snooping information option remote-id
- ip dhcp snooping information policy
- ip dhcp snooping limit rate
- ip dhcp snooping verify mac-address
- ip dhcp snooping vlan
- ip dhcp snooping information option circuit-id
- ip dhcp snooping trust
- clear ip dhcp snooping binding
- clear ip dhcp snooping database flash
- ip dhcp snooping database flash
- show ip dhcp snooping
- show ip dhcp snooping binding
- DHCPv6 Snooping
- ipv6 dhcp snooping
- ipv6 dhcp snooping option remote-id
- ipv6 dhcp snooping option remote-id policy
- ipv6 dhcp snooping vlan
- ipv6 dhcp snooping max-binding
- ipv6 dhcp snooping trust
- clear ipv6 dhcp snooping binding
- clear ipv6 dhcp snooping statistics
- show ipv6 dhcp snooping
- show ipv6 dhcp snooping binding
- show ipv6 dhcp snooping statistics
- IPv4 Source Guard
- IPv6 Source Guard
- IPv6 Source Guard
- ARP Inspection
- ip arp inspection
- ip arp inspection filter
- ip arp inspection log-buffer logs
- ip arp inspection validate
- ip arp inspection vlan
- ip arp inspection limit
- ip arp inspection trust
- show ip arp inspection configuration
- show ip arp inspection interface
- show ip arp inspection log
- show ip arp inspection statistics
- show ip arp inspection vlan
- Port-based Traffic Segmentation
- Access Control Lists
- Interface Commands
- Link Aggregation Commands
- Port Mirroring Commands
- Congestion Control Commands
- Loopback Detection Commands
- UniDirectional Link Detection Commands
- Address Table Commands
- Spanning Tree Commands
- spanning-tree
- spanning-tree forward-time
- spanning-tree hello-time
- spanning-tree max-age
- spanning-tree mode
- spanning-tree pathcost method
- spanning-tree priority
- spanning-tree mst configuration
- spanning-tree system- bpdu-flooding
- spanning-tree transmission-limit
- max-hops
- mst priority
- mst vlan
- name
- revision
- spanning-tree bpdu-filter
- spanning-tree bpdu-guard
- spanning-tree cost
- spanning-tree edge-port
- spanning-tree link-type
- spanning-tree mst cost
- spanning-tree mst port-priority
- spanning-tree port-priority
- spanning-tree root-guard
- spanning-tree spanning-disabled
- spanning-tree tc-prop-stop
- spanning-tree protocol-migration
- show spanning-tree
- show spanning-tree mst configuration
- VLAN Commands
- Class of Service Commands
- Priority Commands (Layer 2)
- Priority Commands (Layer 3 and 4)
- qos map phb-queue
- qos map cos-dscp
- qos map default-drop- precedence
- qos map dscp-cos
- qos map dscp-mutation
- qos map ip-port-dscp
- qos map ip-prec-dscp
- qos map trust-mode
- show qos map cos-dscp
- show map default- drop-precedence
- show map dscp-cos
- show qos map dscp- mutation
- show qos map ip-port-dscp
- show qos map ip-prec-dscp
- show qos map phb-queue
- show qos map trust-mode
- Quality of Service Commands
- Data Center Bridging Commands
- Multicast Filtering Commands
- IGMP Snooping
- ip igmp snooping
- ip igmp snooping priority
- ip igmp snooping proxy-reporting
- ip igmp snooping querier
- ip igmp snooping router-alert-option- check
- ip igmp snooping router-port-expire- time
- ip igmp snooping tcn-flood
- ip igmp snooping tcn-query-solicit
- ip igmp snooping unregistered-data- flood
- ip igmp snooping unsolicited-report- interval
- ip igmp snooping version
- ip igmp snooping version-exclusive
- ip igmp snooping vlan general-query- suppression
- ip igmp snooping vlan immediate-leave
- ip igmp snooping vlan last-memb-query- count
- ip igmp snooping vlan last-memb-query- intvl
- ip igmp snooping vlan mrd
- ip igmp snooping vlan proxy-address
- ip igmp snooping vlan query-interval
- ip igmp snooping vlan query-resp-intvl
- ip igmp snooping vlan static
- clear ip igmp snooping groups dynamic
- clear ip igmp snooping statistics
- show ip igmp snooping
- show ip igmp snooping group
- show ip igmp snooping mrouter
- show ip igmp snooping statistics
- Static Multicast Routing
- IGMP Filtering and Throttling
- ip igmp filter (Global Configuration)
- ip igmp profile
- permit, deny
- range
- ip igmp authentication
- ip igmp filter (Interface Configuration)
- ip igmp max-groups
- ip igmp max-groups action
- ip igmp query-drop
- show ip igmp authentication
- show ip igmp filter
- show ip igmp profile
- show ip igmp query-drop
- show ip igmp throttle interface
- MLD Snooping
- ipv6 mld snooping
- ipv6 mld snooping querier
- ipv6 mld snooping query-interval
- ipv6 mld snooping query-max-response- time
- ipv6 mld snooping robustness
- ipv6 mld snooping router-port-expire- time
- ipv6 mld snooping unknown-multicast mode
- ipv6 mld snooping version
- ipv6 mld snooping vlan immediate-leave
- ipv6 mld snooping vlan mrouter
- ipv6 mld snooping vlan static
- clear ipv6 mld snooping groups dynamic
- clear ipv6 mld snooping statistics
- show ipv6 mld snooping
- show ipv6 mld snooping group
- show ipv6 mld snooping group source-list
- show ipv6 mld snooping mrouter
- IGMP (Layer 3)
- IGMP Proxy Routing
- MLD (Layer 3)
- MLD Proxy Routing
- IGMP Snooping
- LLDP Commands
- lldp
- lldp holdtime- multiplier
- lldp med-fast-start- count
- lldp notification- interval
- lldp refresh-interval
- lldp reinit-delay
- lldp tx-delay
- lldp admin-status
- lldp basic-tlv management-ip- address
- lldp basic-tlv port-description
- lldp basic-tlv system-capabilities
- lldp basic-tlv system-description
- lldp basic-tlv system-name
- lldp dcbx-tlv ets-config
- lldp dcbx-tlv ets-recommend
- lldp dcbx-tlv pfc-config
- lldp dot1-tlv proto-ident
- lldp dot1-tlv proto-vid
- lldp dot1-tlv pvid
- lldp dot1-tlv vlan-name
- lldp dot3-tlv link-agg
- lldp dot3-tlv mac-phy
- lldp dot3-tlv max-frame
- lldp med-location civic-addr
- lldp med-notification
- lldp med-tlv inventory
- lldp med-tlv location
- lldp med-tlv med-cap
- lldp med-tlv network- policy
- lldp notification
- show lldp config
- show lldp info local-device
- show lldp info remote-device
- show lldp info statistics
- CFM Commands
- Defining CFM Structures
- ethernet cfm ais level
- ethernet cfm ais ma
- ethernet cfm ais period
- ethernet cfm ais suppress alarm
- ethernet cfm domain
- ethernet cfm enable
- ma index name
- ma index name-format
- ethernet cfm mep
- ethernet cfm port-enable
- clear ethernet cfm ais mpid
- show ethernet cfm configuration
- show ethernet cfm md
- show ethernet cfm ma
- show ethernet cfm maintenance-points local
- show ethernet cfm maintenance-points local detail mep
- show ethernet cfm maintenance-points remote detail
- Continuity Check Operations
- Cross Check Operations
- Link Trace Operations
- Loopback Operations
- Fault Generator Operations
- Delay Measure Operations
- Defining CFM Structures
- Domain Name Service Commands
- DHCP Commands
- IP Interface Commands
- IPv4 Interface
- IPv6 Interface
- ND Snooping
- ipv6 nd snooping
- ipv6 nd snooping auto-detect
- ipv6 nd snooping auto-detect retransmit count
- ipv6 nd snooping auto-detect retransmit interval
- ipv6 nd snooping prefix timeout
- ipv6 nd snooping max-binding
- ipv6 nd snooping trust
- clear ipv6 nd snooping binding
- clear ipv6 nd snooping prefix
- show ipv6 nd snooping
- show ipv6 nd snooping binding
- show ipv6 nd snooping prefix
- VRRP Commands
- IP Routing Commands
- Global Routing Configuration
- IPv4 Commands
- ECMP Commands
- ecmp load-balance
- hash-selection list
- maximum-paths
- dst-mac (MAC Hash)
- ethertype (MAC Hash)
- src-mac (MAC Hash)
- vlan (MAC Hash)
- dst-ip (IPv4 Hash)
- dst-l4-port (IPv4 Hash)
- protocol-id (IPv4 Hash)
- src-ip (IPv4 Hash)
- src-l4-port (IPv4 Hash)
- vlan (IPv4 Hash)
- collapsed-dst-ip (IPv6 Hash)
- collapsed-src-ip (IPv6 Hash)
- dst-l4-port (IPv6 Hash)
- next-header (IPv6 Hash)
- src-l4-port (IPv6 Hash)
- vlan (IPv6 Hash)
- show ecmp load-balance
- show hash-selection list
- IPv6 Commands
- Routing Information Protocol (RIP)
- router rip
- default-information originate
- default-metric
- distance
- maximum-prefix
- neighbor
- network
- passive-interface
- redistribute
- timers basic
- version
- ip rip authentication mode
- ip rip authentication string
- ip rip receive version
- ip rip receive-packet
- ip rip send version
- ip rip send-packet
- ip rip split-horizon
- clear ip rip route
- show ip protocols rip
- show ip rip
- Open Shortest Path First (OSPFv2)
- Open Shortest Path First (OSPFv3)
- Border Gateway Protocol (BGPv4)
- BGP Overview
- External and Internal BGP
- BGP Routing Basics
- Internal BGP Scalability
- Route Flap Dampening
- BGP Command List
- General Configuration
- router bgp
- ip as-path access-list
- ip community-list
- ip extcommunity-list
- ip prefix-list
- aggregate-address
- bgp client-to-client reflection
- bgp cluster-id
- bgp confederation identifier
- bgp confederation peer
- bgp dampening
- bgp enforce-first-as
- bgp fast-external- failover
- bgp log-neighbor- changes
- bgp network import-check
- bgp router-id
- bgp scan-time
- network
- redistribute
- timers bgp
- clear ip bgp
- clear ip bgp dampening
- Route Metrics and Selection
- Neighbor Configuration
- neighbor activate
- neighbor advertisement- interval
- neighbor allowas-in
- neighbor attribute- unchanged
- neighbor capability dynamic
- neighbor capability orf prefix-list
- neighbor default- originate
- neighbor description
- neighbor distribute- list
- neighbor dont- capability-negotiate
- neighbor ebgp- multihop
- neighbor enforce- multihop
- neighbor filter-list
- neighbor interface
- neighbor maximum- prefix
- neighbor next-hop- self
- neighbor override- capability
- neighbor passive
- neighbor password
- neighbor peer-group (Creating)
- neighbor peer-group (Group Members)
- neighbor port
- neighbor prefix-list
- neighbor remote-as
- neighbor remove- private-as
- neighbor route-map
- neighbor route- reflector-client
- neighbor route- server-client
- neighbor send- community
- neighbor shutdown
- neighbor soft- reconfiguration inbound
- neighbor strict- capability-match
- neighbor timers
- neighbor timers connect
- neighbor unsuppress- map
- neighbor update- source
- neighbor weight
- Display Information
- show ip bgp
- show ip bgp attribute-info
- show ip bgp cidr-only
- show ip bgp community
- show ip bgp community-info
- show ip bgp community-list
- show ip bgp dampening
- show ip bgp filter-list
- show ip bgp neighbors
- show ip bgp paths
- show ip bgp prefix-list
- show ip bgp regexp
- show ip bgp route-map
- show ip bgp scan
- show ip bgp summary
- show ip community-list
- show ip extcommunity-list
- show ip prefix-list
- show ip prefix-list detail
- show ip prefix-list summary
- show ip protocols bgp
- General Configuration
- Policy-based Routing for BGP
- route-map
- call
- continue
- description
- match as-path
- match community
- match extcommunity
- match ip address
- match ip next-hop
- match ip route-source
- match metric
- match origin
- match pathlimit
- match peer
- on-match
- set aggregator as
- set as-path
- set atomic-aggregate
- set comm-list delete
- set community
- set extcommunity
- set ip next-hop
- set local-preference
- set metric
- set origin
- set originator-id
- set pathlimit ttl
- set weight
- show route-map
- Global Routing Configuration
- Multicast Routing Commands
- Appendices
- Glossary
- List of CLI Commands
- Index
Chapter 8
| General Security Measures
Network Access (MAC Address Authentication)
– 266 –
◆ When the dynamic VLAN assignment status is changed on a port, all
authenticated addresses are cleared from the secure MAC address table.
Example
The following example enables dynamic VLAN assignment on port 1.
Console(config)#interface ethernet 1/1
Console(config-if)#network-access dynamic-vlan
Console(config-if)#
network-access
guest-vlan
Use this command to assign all traffic on a port to a guest VLAN when 802.1x
authentication or MAC authentication is rejected. Use the no form of this command
to disable guest VLAN assignment.
Syntax
network-access guest-vlan vlan-id
no network-access guest-vlan
vlan-id - VLAN ID (Range: 1-4094)
Default Setting
Disabled
Command Mode
Interface Configuration
Command Usage
◆ The VLAN to be used as the guest VLAN must be defined and set as active (See
the vlan database command).
◆ When used with 802.1X authentication, the intrusion-action must be set for
“guest-vlan” to be effective (see the dot1x intrusion-action command).
◆ A port can only be assigned to the guest VLAN in case of failed authentication,
if switchport mode is set to Hybrid.
Example
Console(config)#interface ethernet 1/1
Console(config-if)#network-access guest-vlan 25
Console(config-if)#