CLI Reference Guide-R03
Table Of Contents
- How to Use This Guide
- Contents
- Figures
- Tables
- Getting Started
- Command Line Interface
- Using the Command Line Interface
- General Commands
- System Management Commands
- SNMP Commands
- Remote Monitoring Commands
- Authentication Commands
- User Accounts and Privilege Levels
- Authentication Sequence
- RADIUS Client
- TACACS+ Client
- AAA
- Web Server
- Telnet Server
- Secure Shell
- 802.1X Port Authentication
- Management IP Filter
- PPPoE Intermediate Agent
- pppoe intermediate-agent
- pppoe intermediate- agent format-type
- pppoe intermediate- agent port-enable
- pppoe intermediate- agent port-format- type
- pppoe intermediate- agent trust
- pppoe intermediate- agent vendor-tag strip
- clear pppoe intermediate-agent statistics
- show pppoe intermediate-agent info
- show pppoe intermediate-agent statistics
- General Security Measures
- Port Security
- Network Access (MAC Address Authentication)
- network-access aging
- network-access mac-filter
- mac-authentication reauth-time
- network-access dynamic-qos
- network-access dynamic-vlan
- network-access guest-vlan
- network-access link-detection
- network-access link- detection link-down
- network-access link- detection link-up
- network-access link- detection link-up- down
- network-access max- mac-count
- network-access mode mac-authentication
- network-access port- mac-filter
- mac-authentication intrusion-action
- mac-authentication max-mac-count
- clear network-access
- show network-access
- show network-access mac-address-table
- show network-access mac-filter
- Web Authentication
- DHCP Snooping
- ip dhcp snooping
- ip dhcp snooping information option
- ip dhcp snooping information policy
- ip dhcp snooping verify mac-address
- ip dhcp snooping vlan
- ip dhcp snooping information option circuit-id
- ip dhcp snooping trust
- clear ip dhcp snooping binding
- clear ip dhcp snooping database flash
- ip dhcp snooping database flash
- show ip dhcp snooping
- show ip dhcp snooping binding
- IP Source Guard
- ARP Inspection
- ip arp inspection
- ip arp inspection filter
- ip arp inspection log-buffer logs
- ip arp inspection validate
- ip arp inspection vlan
- ip arp inspection limit
- ip arp inspection trust
- show ip arp inspection configuration
- show ip arp inspection interface
- show ip arp inspection log
- show ip arp inspection statistics
- show ip arp inspection vlan
- Denial of Service Protection
- Global Protection
- Protection for ICMP
- Protection for IPv4
- Protection for IPv6
- Protection for TCP
- dos-protection tcp blat-block
- dos-protection tcp invalid-header-length
- dos-protection tcp null-scan
- dos-protection tcp syn-ack-psh-block
- dos-protection tcp syn-fin-scan
- dos-protection tcp syn-flood
- dos-protection tcp syn-psh-block
- dos-protection tcp syn-rst-scan
- dos-protection tcp syn-urg-block
- dos-protection tcp xmas-scan
- Protection for UDP
- Other Protection Commands
- DoS Configuration Information
- Port Isolation
- Port-based Traffic Segmentation
- Access Control Lists
- Interface Commands
- Link Aggregation Commands
- Power over Ethernet Commands
- Port Mirroring Commands
- Congestion Control Commands
- Rate Limit Commands
- Storm Control Commands
- Automatic Traffic Control Commands
- Threshold Commands
- SNMP Trap Commands
- snmp-server enable port-traps atc broadcast-alarm-clear
- snmp-server enable port-traps atc broadcast-alarm-fire
- snmp-server enable port-traps atc broadcast-control- apply
- snmp-server enable port-traps atc broadcast-control- release
- snmp-server enable port-traps atc multicast-alarm-clear
- snmp-server enable port-traps atc multicast-alarm-fire
- snmp-server enable port-traps atc multicast-control- apply
- snmp-server enable port-traps atc multicast-control- release
- ATC Display Commands
- UniDirectional Link Detection Commands
- Loopback Detection Commands
- Address Table Commands
- mac-address-table action
- mac-address-table aging-time
- mac-address-table mac-isolation
- mac-address-table max-mac-count
- mac-address-table movable-static
- mac-address-table static
- mac-address-table sticky-dynamic
- mac-address-table static isolation
- clear mac-address- table dynamic
- show mac-address- table
- show mac-address- table aging-time
- show mac-address- table count
- show mac-address- table max-mac-count
- show mac-address- table movable-static
- show mac-address- table sticky-dynamic
- Spanning Tree Commands
- spanning-tree
- spanning-tree cisco-prestandard
- spanning-tree forward-time
- spanning-tree hello-time
- spanning-tree max-age
- spanning-tree mode
- spanning-tree pathcost method
- spanning-tree priority
- spanning-tree mst configuration
- spanning-tree system- bpdu-flooding
- spanning-tree transmission-limit
- max-hops
- mst priority
- mst vlan
- name
- revision
- spanning-tree bpdu-filter
- spanning-tree bpdu-guard
- spanning-tree cost
- spanning-tree edge-port
- spanning-tree link-type
- spanning-tree loopback-detection
- spanning-tree loopback-detection action
- spanning-tree loopback-detection release-mode
- spanning-tree loopback-detection trap
- spanning-tree mst cost
- spanning-tree mst port-priority
- spanning-tree port-bpdu-flooding
- spanning-tree port-priority
- spanning-tree root-guard
- spanning-tree spanning-disabled
- spanning-tree loopback-detection release
- spanning-tree protocol-migration
- show spanning-tree
- show spanning-tree mst configuration
- VLAN Commands
- Class of Service Commands
- Quality of Service Commands
- Multicast Filtering Commands
- IGMP Snooping
- ip igmp snooping
- ip igmp snooping proxy-reporting
- ip igmp snooping querier
- ip igmp snooping router-alert-option- check
- ip igmp snooping router-port-expire- time
- ip igmp snooping tcn-flood
- ip igmp snooping tcn-query-solicit
- ip igmp snooping unregistered-data- flood
- ip igmp snooping unsolicited-report- interval
- ip igmp snooping version
- ip igmp snooping version-exclusive
- ip igmp snooping vlan general-query- suppression
- ip igmp snooping vlan immediate-leave
- ip igmp snooping vlan last-memb- query-count
- ip igmp snooping vlan last-memb- query-intvl
- ip igmp snooping vlan mrd
- ip igmp snooping vlan proxy-address
- ip igmp snooping vlan query-interval
- ip igmp snooping vlan query-resp-intvl
- ip igmp snooping vlan static
- clear ip igmp snooping groups dynamic
- clear ip igmp snooping statistics
- show ip igmp snooping
- show ip igmp snooping group
- show ip igmp snooping mrouter
- show ip igmp snooping statistics
- Static Multicast Routing
- IGMP Filtering and Throttling
- MLD Snooping
- ipv6 mld snooping
- ipv6 mld snooping querier
- ipv6 mld snooping query-interval
- ipv6 mld snooping query-max-response- time
- ipv6 mld snooping robustness
- ipv6 mld snooping router-port- expire-time
- ipv6 mld snooping unknown-multicast mode
- ipv6 mld snooping version
- ipv6 mld snooping vlan mrouter
- ipv6 mld snooping vlan static
- ipv6 mld snooping vlan immediate-leave
- show ipv6 mld snooping
- show ipv6 mld snooping group
- show ipv6 mld snooping group source-list
- show ipv6 mld snooping mrouter
- Multicast VLAN Registration
- mvr
- mvr associated-profile
- mvr domain
- mvr profile
- mvr proxy-query- interval
- mvr proxy-switching
- mvr robustness-value
- mvr source-port- mode dynamic
- mvr upstream- source-ip
- mvr vlan
- mvr immediate-leave
- mvr type
- mvr vlan group
- show mvr
- show mvr associated-profile
- show mvr interface
- show mvr members
- show mvr profile
- show mvr statistics
- IGMP Snooping
- LLDP Commands
- lldp
- lldp holdtime-multiplier
- lldp med-fast-start- count
- lldp notification-interval
- lldp refresh-interval
- lldp reinit-delay
- lldp tx-delay
- lldp admin-status
- lldp basic-tlv management-ip- address
- lldp basic-tlv port-description
- lldp basic-tlv system-capabilities
- lldp basic-tlv system-description
- lldp basic-tlv system-name
- lldp dot1-tlv proto-ident
- lldp dot1-tlv proto-vid
- lldp dot1-tlv pvid
- lldp dot1-tlv vlan-name
- lldp dot3-tlv link-agg
- lldp dot3-tlv mac-phy
- lldp dot3-tlv max-frame
- lldp dot3-tlv poe
- lldp med-location civic-addr
- lldp med-notification
- lldp med-tlv ext-poe
- lldp med-tlv inventory
- lldp med-tlv location
- lldp med-tlv med-cap
- lldp med-tlv network-policy
- lldp notification
- show lldp config
- show lldp info local-device
- show lldp info remote-device
- show lldp info statistics
- Domain Name Service Commands
- DHCP Commands
- IP Interface Commands
- Appendices
- Glossary
- Index of CLI Commands
- Index
Chapter 7
| Authentication Commands
802.1X Port Authentication
– 232 –
◆ Authenticator Parameters – Shows whether or not EAPOL pass-through is
enabled (page 220).
◆ Supplicant Parameters – Shows the supplicant user name used when the switch
responds to an MD5 challenge from an authenticator (page 228).
◆ 802.1X Port Summary – Displays the port access control parameters for each
interface that has enabled 802.1X, including the following items:
■
Type – Administrative state for port access control (Enabled, Authenticator,
or Supplicant).
■
Operation Mode–Allows single or multiple hosts (page 223).
■
Control Mode – Dot1x port control mode (page 224).
■
Authorized– Authorization status (yes or n/a - not authorized).
◆ 802.1X Port Details – Displays the port access control parameters for each
interface, including the following items:
■
Reauthentication – Periodic re-authentication (page 224).
■
Reauth Period – Time after which a connected client must be re-
authenticated (page 225).
■
Quiet Period – Time a port waits after Max Request Count is exceeded
before attempting to acquire a new client (page 225).
■
TX Period – Time a port waits during authentication session before re-
transmitting EAP packet (page 227).
■
Supplicant Timeout – Supplicant timeout.
■
Server Timeout – Server timeout. A RADIUS server must be set before the
correct operational value of 10 seconds will be displayed in this field.
■
Reauth Max Retries – Maximum number of reauthentication attempts.
■
Max Request – Maximum number of times a port will retransmit an EAP
request/identity packet to the client before it times out the authentication
session (page 222).
■
Operation Mode– Shows if single or multiple hosts (clients) can connect to
an 802.1X-authorized port.
■
Port Control–Shows the dot1x mode on a port as auto, force-authorized, or
force-unauthorized (page 224).
■
Intrusion Action– Shows the port response to intrusion when
authentication fails (page 221).
■
Supplicant– MAC address of authorized client.
◆ Authenticator PAE State Machine
■
State – Current state (including initialize, disconnected,
connecting,
authenticating, authenticated, aborting,
held, force_authorized,
force_unauthorized).
■
Reauth Count– Number of times connecting state is re-entered.
■
Current Identifier– The integer (0-255) used by the Authenticator to identify
the current authentication session.