GS-4210-Series (V2) User Manual
Table Of Contents
- Chapter 1 COMMAND LINE INTERFACE
- Chapter 2 CONSOLE CLI MANAGEMENT
- Chapter 3 TELNET CLI MANAGEMENT
- Chapter 4 Commands for CLI Configuration
- 4.1 802.1x
- 4.1.1 dot1x
- 4.1.2 dot1x authentication
- 4.1.3 dot1x reauthentication
- 4.1.4 dot1x timeout reauth-period
- 4.1.5 dot1x timeout quiet-period
- 4.1.6 dot1x timeout supp-timeout
- 4.1.7 dot1x max-req
- 4.1.8 dot1x guest-vlan
- 4.1.9 dot1x guest-vlan
- 4.1.10 show dot1x
- 4.1.11 show dot1x authenticated-hosts
- 4.1.12 show dot1x interface
- 4.1.13 show dot1x guest-vlan
- 4.2 AAA
- 4.2.1 aaa authentication
- 4.2.2 login authentication
- 4.2.3 ip http login authentication
- 4.2.4 enable authentication
- 4.2.5 show aaa authentication
- 4.2.6 show line lists
- 4.2.7 tacacs default-config
- 4.2.8 tacacs host
- 4.2.9 show tacacs default-config
- 4.2.10 show tacacs
- 4.2.11 radius default-config
- 4.2.12 radius host
- 4.2.13 show radius default-config
- 4.2.14 show radius
- 4.3 ACL
- 4.4 Administration
- 4.4.1 enable
- 4.4.2 exit
- 4.4.3 configure
- 4.4.4 interface
- 4.4.5 line
- 4.4.6 end
- 4.4.7 reboot
- 4.4.8 system name
- 4.4.9 system contact
- 4.4.10 system location
- 4.4.11 username
- 4.4.12 enable password
- 4.4.13 ip address
- 4.4.14 ip default-gateway
- 4.4.15 ip dns
- 4.4.16 ip dhcp
- 4.4.17 ipv6 autoconfig
- 4.4.18 ipv6 address
- 4.4.19 ipv6 default-gateway
- 4.4.20 ipv6 dhcp
- 4.4.21 ip service
- 4.4.22 ip session-timeout
- 4.4.23 exec-timeout
- 4.4.24 password-thresh
- 4.4.25 silent-time
- 4.4.26 history
- 4.4.27 clear service
- 4.4.28 ssl
- 4.4.29 ping
- 4.4.30 traceroute
- 4.4.31 clear arp
- 4.4.32 show version
- 4.4.33 show info
- 4.4.34 show history
- 4.4.35 show username
- 4.4.36 show ip
- 4.4.37 show ip dhcp
- 4.4.38 show ipv6
- 4.4.39 show ipv6 dhcp
- 4.4.40 show line
- 4.5 Cable Diagnostics
- 4.6 DHCP Snooping
- 4.6.1 Ip dhcp snooping
- 4.6.2 ip dhcp snooping vlan
- 4.6.3 ip dhcp snooping trust
- 4.6.4 ip dhcp snooping verify
- 4.6.5 ip dhcp snooping limit rate
- 4.6.6 clear ip dhcp snooping statistics
- 4.6.7 show ip dhcp snooping
- 4.6.8 show ip dhcp snooping interface
- 4.6.9 show ip dhcp snooping binding
- 4.6.10 ip dhcp snooping option
- 4.6.11 ip dhcp snooping option action
- 4.6.12 ip dhcp snooping option circuit-id
- 4.6.13 ip dhcp snooping option remote-id
- 4.6.14 show ip dhcp snooping option
- 4.6.15 ip dhcp snooping database
- 4.6.16 ip dhcp snooping database write-deley
- 4.6.17 ip dhcp snooping database timeout
- 4.6.18 clear ip dhcp snooping database statistics
- 4.6.19 renew ip dhcp snooping database
- 4.6.20 show ip dhcp snooping database
- 4.7 DoS
- 4.8 Dynamic ARP Inspection
- 4.9 GVRP
- 4.10 IGMP Snooping
- 4.10.1 Ip igmp snooping
- 4.10.2 ip igmp snooping report-suppression
- 4.10.3 ip igmp snooping version
- 4.10.4 ip igmp snooping unknown-multicast action
- 4.10.5 ip igmp snooping forward-method
- 4.10.6 ip igmp snooping querier
- 4.10.7 ip igmp snooping vlan
- 4.10.8 ip igmp snooping vlan parameters
- 4.10.9 ip igmp snooping static port
- 4.10.10 ip igmp snooping vlan static router port
- 4.10.11 ip igmp snooping static group
- 4.10.12 ip igmp profile
- 4.10.13 ip igmp filter
- 4.10.14 ip igmp max-group
- 4.10.15 clear ip igmp snooping groups
- 4.10.16 clear ip igmp snooping statistics
- 4.10.17 show ip igmp snooping counters
- 4.10.18 show ip igmp snooping groups
- 4.10.19 show ip igmp snooping router
- 4.10.20 show ip igmp snooping querier
- 4.10.21 show ip igmp snooping
- 4.10.22 show ip igmp snooping vlan
- 4.10.23 show ip igmp snooping forward-all
- 4.10.24 show ip igmp profile
- 4.10.25 show ip igmp port filter
- 4.10.26 show ip igmp port max-group
- 4.10.27 show ip igmp port max-group action
- 4.11 IP Source Guard
- 4.12 Link Aggregation
- 4.13 LLDP
- 4.13.1 lldp
- 4.13.2 lldp tx-interval
- 4.13.3 lldp reinit-delay
- 4.13.4 lldp holdtime-multiplier
- 4.13.5 lldp tx-delay
- 4.13.6 lldp tlv-select
- 4.13.7 lldp tlv-select pvid
- 4.13.8 lldp tlv-select vlan-name
- 4.13.9 lldp lldpdu
- 4.13.10 lldp tx/rx
- 4.13.11 lldp med
- 4.13.12 lldp med tlv-select
- 4.13.13 lldp med fast-start-report-count
- 4.13.14 lldp med network-policy
- 4.13.15 lldp med network-policy add | remove
- 4.13.16 lldp med network-policy auto
- 4.13.17 lldp med location
- 4.13.18 show lldp
- 4.13.19 show lldp local-device
- 4.13.20 show lldp neighbor
- 4.13.21 show lldp med
- 4.13.22 show lldp statistics
- 4.13.23 show lldp tlv-overloading
- 4.14 Logging
- 4.15 MAC Address Table
- 4.16 Mirror
- 4.17 MLD Snooping
- 4.17.1 ipv6 mld snooping
- 4.17.2 ipv6 mld snooping report-suppression
- 4.17.3 ipv6 mld snooping version
- 4.17.4 ipv6 mld snooping vlan
- 4.17.5 ipv6 mld snooping vlan parameters
- 4.17.6 ipv6 mld snooping vlan static-port
- 4.17.7 ipv6 mld snooping vlan static-router-port
- 4.17.8 ipv6 mld snooping vlan static-group
- 4.17.9 ipv6 mld profile
- 4.17.10 ipv6 mld filter
- 4.17.11 ipv6 mld max-groups
- 4.17.12 clear ipv6 mld snooping groups
- 4.17.13 clear ipv6 mld snooping statistics
- 4.17.14 show ipv6 mld snooping groups counters
- 4.17.15 show ipv6 mld snooping groups
- 4.17.16 show ipv6 mld snooping router
- 4.17.17 show ipv6 mld snooping
- 4.17.18 show ipv6 mld snooping vlan
- 4.17.19 show ipv6 mld snooping forward-all
- 4.17.20 show ipv6 mld profile
- 4.17.21 show ipv6 mld filter
- 4.17.22 show ipv6 mld max-group
- 4.17.23 show ipv6 mld max-group action
- 4.18 Port Security
- 4.19 Port Error Disable
- 4.20 Port
- 4.21 QoS
- 4.22 Rate Limit
- 4.23 RMON
- 4.24 SNMP
- 4.24.1 snmp
- 4.24.2 snmp trap
- 4.24.3 snmp view
- 4.24.4 snmp access group
- 4.24.5 snmp community
- 4.24.6 snmp user
- 4.24.7 snmp engineID
- 4.24.8 snmp host
- 4.24.9 show snmp
- 4.24.10 show snmp trap
- 4.24.11 show snmp view
- 4.24.12 show snmp group
- 4.24.13 show snmp community
- 4.24.14 show snmp host
- 4.24.15 show snmp user
- 4.24.16 show snmp engineid
- 4.25 Storm Control
- 4.26 Spanning Tree
- 4.26.1 spanning-tree
- 4.26.2 spanning-tree bpdu
- 4.26.3 spanning-tree mode
- 4.26.4 spanning-tree priority
- 4.26.5 spanning-tree hello-time
- 4.26.6 spanning-tree max-hops
- 4.26.7 spanning-tree forward-delay
- 4.26.8 spanning-tree maximum-age
- 4.26.9 spanning-tree tx-hold-count
- 4.26.10 spanning-tree pathcost method
- 4.26.11 spanning-tree port-priority
- 4.26.12 spanning-tree cost
- 4.26.13 spanning-tree edge
- 4.26.14 spanning-tree bpdu-filter
- 4.26.15 spanning-tree bpdu-guard
- 4.26.16 spanning-tree link-type
- 4.26.17 spanning-tree mst configuration
- 4.26.18 spanning-tree mst priority
- 4.26.19 spanning-tree mst cost
- 4.26.20 spanning-tree mst port-priority
- 4.27 System File
- 4.28 Time
- 4.29 VLAN
- 4.29.1 vlan
- 4.29.2 vlan name
- 4.29.3 switchport mode
- 4.29.4 switchport hybrid pvid
- 4.29.5 switchport hybrid ingress-filtering
- 4.29.6 switchport hybrid acceptable-frame-type
- 4.29.7 switchport hybrid allowed vlan add
- 4.29.8 switchport hybrid allowed vlan remove
- 4.29.9 switchport access vlan
- 4.29.10 switchport tunnel vlan
- 4.29.11 switchport trunk native vlan
- 4.29.12 switchport trunk allowed vlan
- 4.29.13 switchport default-vlan tagged
- 4.29.14 switchport forbidden default-vlan
- 4.29.15 switchport forbidden vlan
- 4.29.16 management-vlan
- 4.29.17 show management-vlan
- 4.29.18 protocol-vlan group
- 4.29.19 protocol vlan binding
- 4.29.20 show protocol vlan group
- 4.29.21 show protocol vlan interfaces
- 4.30 Voice VLAN
- 4.1 802.1x
Command Guide of GS-4210 Series
35
4.2 AAA
4.2.1 aaa authentication
Command:
aaa authentication (login | enable) (default | LISTNAME) METHODLIST
[METHODLIST] [METHODLIST] [METHODLIST]
no aaa authentication (login | enable) LISTNAME
Parameter:
login
Add/Edit login authentication list
enable
Add/Edit enable authentication list
default
Edit default authentication list
LISTNAME
Specify the list name for authentication type
METHODLIST
Specify the authenticate method, including none, local, enable, tacacs+, radius.
Default:
Default authentication list name for type login is “default” and default method is “local”.
Default authentication list name for type enable is “default” and default method is “enable”
Mode:
Global Configuration
Usage Guide:
Login authentication is used when user try to login into the switch. Such as CLI login dialog and WEBUI login web
page.
Enable authentication is used only on CLI for user trying to switch from User EXEC mode to Privileged EXEC mode.
Both of them support following authenticate methods.
Local: Use local user account database to authenticate. (This method is not supported for enable authentication)
Enable: Use local enable password database to authenticate.
Tacacs+: Use remote Tacas+ server to authenticate.
Radius: Use remote Radius server to authenticate.
None: Do nothing and just make user to be authenticated.
Each list allows you to combine these methods with different orders. For example, we want to authenticate login user
with remote Tacacs+ server, but server may be crashed. Therefore, we need a backup plan, such as another Radius
server. So we can configure the list with Tacacs+ server as first authentication method and Radius server as second
one.
Use no form to delete the existing list. However, “default” list is not allowed to remove.