AS5800-EC Series CLI Reference Guide R02
Table Of Contents
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Command Line Interface
- Using the Command Line Interface
- General Commands
- System Management Commands
- SNMP Commands
- Remote Monitoring Commands
- Authentication Commands
- General Security Measures
- Port Security
- Network Access (MAC Address Authentication)
- network-access aging
- network-access mac-filter
- mac-authentication reauth-time
- network-access dynamic-qos
- network-access dynamic-vlan
- network-access guest-vlan
- network-access link-detection
- network-access link- detection link-down
- network-access link- detection link-up
- network-access link- detection link-up- down
- network-access max- mac-count
- network-access mode mac-authentication
- network-access port- mac-filter
- mac-authentication intrusion-action
- mac-authentication max-mac-count
- clear network-access
- show network-access
- show network-access mac-address-table
- show network-access mac-filter
- Web Authentication
- DHCPv4 Snooping
- ip dhcp snooping
- ip dhcp snooping information option
- ip dhcp snooping information option encode no-subtype
- ip dhcp snooping information option remote-id
- ip dhcp snooping information policy
- ip dhcp snooping limit rate
- ip dhcp snooping verify mac-address
- ip dhcp snooping vlan
- ip dhcp snooping information option circuit-id
- ip dhcp snooping trust
- clear ip dhcp snooping binding
- clear ip dhcp snooping database flash
- ip dhcp snooping database flash
- show ip dhcp snooping
- show ip dhcp snooping binding
- DHCPv6 Snooping
- ipv6 dhcp snooping
- ipv6 dhcp snooping option remote-id
- ipv6 dhcp snooping option remote-id policy
- ipv6 dhcp snooping vlan
- ipv6 dhcp snooping max-binding
- ipv6 dhcp snooping trust
- clear ipv6 dhcp snooping binding
- clear ipv6 dhcp snooping statistics
- show ipv6 dhcp snooping
- show ipv6 dhcp snooping binding
- show ipv6 dhcp snooping statistics
- IPv4 Source Guard
- IPv6 Source Guard
- IPv6 Source Guard
- ARP Inspection
- ip arp inspection
- ip arp inspection filter
- ip arp inspection log-buffer logs
- ip arp inspection validate
- ip arp inspection vlan
- ip arp inspection limit
- ip arp inspection trust
- show ip arp inspection configuration
- show ip arp inspection interface
- show ip arp inspection log
- show ip arp inspection statistics
- show ip arp inspection vlan
- Port-based Traffic Segmentation
- Access Control Lists
- Interface Commands
- Link Aggregation Commands
- Port Mirroring Commands
- Congestion Control Commands
- Loopback Detection Commands
- UniDirectional Link Detection Commands
- Address Table Commands
- Spanning Tree Commands
- spanning-tree
- spanning-tree forward-time
- spanning-tree hello-time
- spanning-tree max-age
- spanning-tree mode
- spanning-tree pathcost method
- spanning-tree priority
- spanning-tree mst configuration
- spanning-tree transmission-limit
- max-hops
- mst priority
- mst vlan
- name
- revision
- spanning-tree bpdu-filter
- spanning-tree bpdu-guard
- spanning-tree cost
- spanning-tree edge-port
- spanning-tree link-type
- spanning-tree mst cost
- spanning-tree mst port-priority
- spanning-tree port-priority
- spanning-tree root-guard
- spanning-tree spanning-disabled
- spanning-tree tc-prop-stop
- spanning-tree protocol-migration
- show spanning-tree
- show spanning-tree mst configuration
- VLAN Commands
- Class of Service Commands
- Priority Commands (Layer 2)
- Priority Commands (Layer 3 and 4)
- qos map phb-queue
- qos map cos-dscp
- qos map default-drop- precedence
- qos map dscp-cos
- qos map dscp-mutation
- qos map ip-port-dscp
- qos map ip-prec-dscp
- qos map trust-mode
- show qos map cos-dscp
- show map default- drop-precedence
- show map dscp-cos
- show qos map dscp- mutation
- show qos map ip-port-dscp
- show qos map ip-prec-dscp
- show qos map phb-queue
- show qos map trust-mode
- Quality of Service Commands
- Data Center Bridging Commands
- Multicast Filtering Commands
- IGMP Snooping
- ip igmp snooping
- ip igmp snooping priority
- ip igmp snooping proxy-reporting
- ip igmp snooping querier
- ip igmp snooping router-alert-option- check
- ip igmp snooping router-port-expire- time
- ip igmp snooping tcn-flood
- ip igmp snooping tcn-query-solicit
- ip igmp snooping unregistered-data- flood
- ip igmp snooping unsolicited-report- interval
- ip igmp snooping version
- ip igmp snooping version-exclusive
- ip igmp snooping vlan general-query- suppression
- ip igmp snooping vlan immediate-leave
- ip igmp snooping vlan last-memb-query- count
- ip igmp snooping vlan last-memb-query- intvl
- ip igmp snooping vlan mrd
- ip igmp snooping vlan proxy-address
- ip igmp snooping vlan query-interval
- ip igmp snooping vlan query-resp-intvl
- ip igmp snooping vlan static
- clear ip igmp snooping groups dynamic
- clear ip igmp snooping statistics
- show ip igmp snooping
- show ip igmp snooping group
- show ip igmp snooping mrouter
- show ip igmp snooping statistics
- Static Multicast Routing
- IGMP Filtering and Throttling
- ip igmp filter (Global Configuration)
- ip igmp profile
- permit, deny
- range
- ip igmp authentication
- ip igmp filter (Interface Configuration)
- ip igmp max-groups
- ip igmp max-groups action
- ip igmp query-drop
- show ip igmp authentication
- show ip igmp filter
- show ip igmp profile
- show ip igmp query-drop
- show ip igmp throttle interface
- MLD Snooping
- ipv6 mld snooping
- ipv6 mld snooping querier
- ipv6 mld snooping query-interval
- ipv6 mld snooping query-max-response- time
- ipv6 mld snooping robustness
- ipv6 mld snooping router-port-expire- time
- ipv6 mld snooping unknown-multicast mode
- ipv6 mld snooping version
- ipv6 mld snooping vlan immediate-leave
- ipv6 mld snooping vlan mrouter
- ipv6 mld snooping vlan static
- clear ipv6 mld snooping groups dynamic
- clear ipv6 mld snooping statistics
- show ipv6 mld snooping
- show ipv6 mld snooping group
- show ipv6 mld snooping group source-list
- show ipv6 mld snooping mrouter
- IGMP (Layer 3)
- IGMP Proxy Routing
- MLD (Layer 3)
- MLD Proxy Routing
- IGMP Snooping
- LLDP Commands
- lldp
- lldp holdtime- multiplier
- lldp med-fast-start- count
- lldp notification- interval
- lldp refresh-interval
- lldp reinit-delay
- lldp tx-delay
- lldp admin-status
- lldp basic-tlv management-ip- address
- lldp basic-tlv port-description
- lldp basic-tlv system-capabilities
- lldp basic-tlv system-description
- lldp basic-tlv system-name
- lldp dcbx-tlv ets-config
- lldp dcbx-tlv ets-recommend
- lldp dcbx-tlv pfc-config
- lldp dot1-tlv proto-ident
- lldp dot1-tlv proto-vid
- lldp dot1-tlv pvid
- lldp dot1-tlv vlan-name
- lldp dot3-tlv link-agg
- lldp dot3-tlv mac-phy
- lldp dot3-tlv max-frame
- lldp med-location civic-addr
- lldp med-notification
- lldp med-tlv inventory
- lldp med-tlv location
- lldp med-tlv med-cap
- lldp med-tlv network- policy
- lldp notification
- show lldp config
- show lldp info local-device
- show lldp info remote-device
- show lldp info statistics
- CFM Commands
- Defining CFM Structures
- ethernet cfm ais level
- ethernet cfm ais ma
- ethernet cfm ais period
- ethernet cfm ais suppress alarm
- ethernet cfm domain
- ethernet cfm enable
- ma index name
- ma index name-format
- ethernet cfm mep
- ethernet cfm port-enable
- clear ethernet cfm ais mpid
- show ethernet cfm configuration
- show ethernet cfm md
- show ethernet cfm ma
- show ethernet cfm maintenance-points local
- show ethernet cfm maintenance-points local detail mep
- show ethernet cfm maintenance-points remote detail
- Continuity Check Operations
- Cross Check Operations
- Link Trace Operations
- Loopback Operations
- Fault Generator Operations
- Delay Measure Operations
- Defining CFM Structures
- Domain Name Service Commands
- DHCP Commands
- IP Interface Commands
- IPv4 Interface
- IPv6 Interface
- ND Snooping
- ipv6 nd snooping
- ipv6 nd snooping auto-detect
- ipv6 nd snooping auto-detect retransmit count
- ipv6 nd snooping auto-detect retransmit interval
- ipv6 nd snooping prefix timeout
- ipv6 nd snooping max-binding
- ipv6 nd snooping trust
- clear ipv6 nd snooping binding
- clear ipv6 nd snooping prefix
- show ipv6 nd snooping
- show ipv6 nd snooping binding
- show ipv6 nd snooping prefix
- VRRP Commands
- IP Routing Commands
- Global Routing Configuration
- IPv4 Commands
- ECMP Commands
- ecmp load-balance
- hash-selection list
- maximum-paths
- dst-mac (MAC Hash)
- ethertype (MAC Hash)
- src-mac (MAC Hash)
- vlan (MAC Hash)
- dst-ip (IPv4 Hash)
- dst-l4-port (IPv4 Hash)
- protocol-id (IPv4 Hash)
- src-ip (IPv4 Hash)
- src-l4-port (IPv4 Hash)
- vlan (IPv4 Hash)
- collapsed-dst-ip (IPv6 Hash)
- collapsed-src-ip (IPv6 Hash)
- dst-l4-port (IPv6 Hash)
- next-header (IPv6 Hash)
- src-l4-port (IPv6 Hash)
- vlan (IPv6 Hash)
- show ecmp load-balance
- show hash-selection list
- IPv6 Commands
- Routing Information Protocol (RIP)
- router rip
- default-information originate
- default-metric
- distance
- maximum-prefix
- neighbor
- network
- passive-interface
- redistribute
- timers basic
- version
- ip rip authentication mode
- ip rip authentication string
- ip rip receive version
- ip rip receive-packet
- ip rip send version
- ip rip send-packet
- ip rip split-horizon
- clear ip rip route
- show ip protocols rip
- show ip rip
- Open Shortest Path First (OSPFv2)
- Open Shortest Path First (OSPFv3)
- Border Gateway Protocol (BGPv4)
- BGP Overview
- External and Internal BGP
- BGP Routing Basics
- Internal BGP Scalability
- Route Flap Dampening
- BGP Command List
- General Configuration
- router bgp
- ip as-path access-list
- ip community-list
- ip extcommunity-list
- ip prefix-list
- aggregate-address
- bgp client-to-client reflection
- bgp cluster-id
- bgp confederation identifier
- bgp confederation peer
- bgp dampening
- bgp enforce-first-as
- bgp fast-external- failover
- bgp log-neighbor- changes
- bgp network import-check
- bgp router-id
- bgp scan-time
- network
- redistribute
- timers bgp
- clear ip bgp
- clear ip bgp dampening
- Route Metrics and Selection
- Neighbor Configuration
- neighbor activate
- neighbor advertisement- interval
- neighbor allowas-in
- neighbor attribute- unchanged
- neighbor capability dynamic
- neighbor capability orf prefix-list
- neighbor default- originate
- neighbor description
- neighbor distribute- list
- neighbor dont- capability-negotiate
- neighbor ebgp- multihop
- neighbor enforce- multihop
- neighbor filter-list
- neighbor interface
- neighbor maximum- prefix
- neighbor next-hop- self
- neighbor override- capability
- neighbor passive
- neighbor password
- neighbor peer-group (Creating)
- neighbor peer-group (Group Members)
- neighbor port
- neighbor prefix-list
- neighbor remote-as
- neighbor remove- private-as
- neighbor route-map
- neighbor route- reflector-client
- neighbor route- server-client
- neighbor send- community
- neighbor shutdown
- neighbor soft- reconfiguration inbound
- neighbor strict- capability-match
- neighbor timers
- neighbor timers connect
- neighbor unsuppress- map
- neighbor update- source
- neighbor weight
- Display Information
- show ip bgp
- show ip bgp attribute-info
- show ip bgp cidr-only
- show ip bgp community
- show ip bgp community-info
- show ip bgp community-list
- show ip bgp dampening
- show ip bgp filter-list
- show ip bgp neighbors
- show ip bgp paths
- show ip bgp prefix-list
- show ip bgp regexp
- show ip bgp route-map
- show ip bgp scan
- show ip bgp summary
- show ip community-list
- show ip extcommunity-list
- show ip prefix-list
- show ip prefix-list detail
- show ip prefix-list summary
- show ip protocols bgp
- General Configuration
- Policy-based Routing for BGP
- route-map
- call
- continue
- description
- match as-path
- match community
- match extcommunity
- match ip address
- match ip next-hop
- match ip route-source
- match metric
- match origin
- match pathlimit
- match peer
- on-match
- set aggregator as
- set as-path
- set atomic-aggregate
- set comm-list delete
- set community
- set extcommunity
- set ip next-hop
- set local-preference
- set metric
- set origin
- set originator-id
- set pathlimit ttl
- set weight
- show route-map
- Global Routing Configuration
- Multicast Routing Commands
- Appendices
- Glossary
- List of CLI Commands
- Index
Chapter 9
| General Security Measures
Network Access (MAC Address Authentication)
– 259 –
Command Mode
Global Configuration
Command Usage
◆ Specified addresses are exempt from network access authentication.
◆ This command is different from configuring static addresses with the mac-
address-table static command in that it allows you configure a range of
addresses when using a mask, and then to assign these addresses to one or
more ports with the network-access port-mac-filter command.
◆ Up to 64 filter tables can be defined.
◆ There is no limitation on the number of entries that can entered in a filter table.
Example
Console(config)#network-access mac-filter 1 mac-address 11-22-33-44-55-66
Console(config)#
mac-authentication
reauth-time
Use this command to set the time period after which an authenticated MAC
address is removed from the secure address table. Use the no form of this
command to restore the default value.
Syntax
mac-authentication reauth-time seconds
no mac-authentication reauth-time
seconds - The reauthentication time period. (Range: 120-1000000 seconds)
Default Setting
1800
Command Mode
Global Configuration
Command Usage
◆ The reauthentication time is a global setting and applies to all ports.
◆ When the reauthentication time expires for a secure MAC address it is removed
by the switch from the secure MAC table, and the switch will only perform the
authentication process the next time it receives the MAC address packet.
Example
Console(config)#mac-authentication reauth-time 300
Console(config)#