Command Line Interface Guide
Page 68
... the source IP address that will be used for the communication with a Port-channel. 68 Command Modes Sets the timeout value. Establishes a username-based authentication system. Enables forwarding all TACACS+ communications between the device and the TACACS+ daemon. spanning-tree bpdu spanning-tree forward-time spanning-... specified spanning-tree instance. Configures the Spanning Tree priority. Configures the forwarding state of unregistered multicast addresses. Sets the default pathcost method. Associates a port with TACACS+ servers. Enters the VLAN database configuration mode.
... the source IP address that will be used for the communication with a Port-channel. 68 Command Modes Sets the timeout value. Establishes a username-based authentication system. Enables forwarding all TACACS+ communications between the device and the TACACS+ daemon. spanning-tree bpdu spanning-tree forward-time spanning-... specified spanning-tree instance. Configures the Spanning Tree priority. Configures the forwarding state of unregistered multicast addresses. Sets the default pathcost method. Associates a port with TACACS+ servers. Enters the VLAN database configuration mode.
Command Line Interface Guide
Page 81
... login The aaa authentication login Global Configuration mode command defines login authentication. Syntax • aaa authentication login {default | list-name} method1 [method2...] • no authentication. Character string used to the default configuration. Uses the local username database for authentication. Command Mode Global Configuration mode. Uses the line password for authentication. This has the...
... login The aaa authentication login Global Configuration mode command defines login authentication. Syntax • aaa authentication login {default | list-name} method1 [method2...] • no authentication. Character string used to the default configuration. Uses the local username database for authentication. Command Mode Global Configuration mode. Uses the line password for authentication. This has the...
Command Line Interface Guide
Page 83
Uses username "$enabx$." If no form of authentication are used only if the previous method returns an error, not if it exists. Uses the list of all RADIUS servers for authentication. Default Configuration If the default list is not set, only the enable password is set, the ... the login authentication method list for authentication when accessing higher privilege levels. Uses username $enabx$., where x is the privilege level. This has the same effect as the command aaa authentication enable default enable. radius tacacs Uses the list of all methods return an error, specify...
Uses username "$enabx$." If no form of authentication are used only if the previous method returns an error, not if it exists. Uses the list of all RADIUS servers for authentication. Default Configuration If the default list is not set, only the enable password is set, the ... the login authentication method list for authentication when accessing higher privilege levels. Uses username $enabx$., where x is the privilege level. This has the same effect as the command aaa authentication enable default enable. radius tacacs Uses the list of all methods return an error, specify...
Command Line Interface Guide
Page 85
... http authentication The ip http authentication Global Configuration mode command specifies authentication methods for this command to return to the default configuration. This has the same effect as the final method in the command line. Command Mode Global Configuration mode. Uses the list of this command. ... only if the previous method returns an error, not if it fails. Example The following table: Keyword local none radius tacacs Description Uses the local username database for authentication.
... http authentication The ip http authentication Global Configuration mode command specifies authentication methods for this command to return to the default configuration. This has the same effect as the final method in the command line. Command Mode Global Configuration mode. Uses the list of this command. ... only if the previous method returns an error, not if it fails. Example The following table: Keyword local none radius tacacs Description Uses the local username database for authentication.
Command Line Interface Guide
Page 86
... the no ip https authentication • method1 [method2...] - Uses the list of this command to return to the default configuration. Default Configuration The local user database is checked. Syntax • ip https authentication method1 [method2...] • no form of...methods of all RADIUS servers for authentication. Example The following table: Keyword local none radius tacacs Source or destination Uses the local username database for HTTPS server users. Example The following example configures the HTTP authentication. Uses no authentication. Console(config)# ip http ...
... the no ip https authentication • method1 [method2...] - Uses the list of this command to return to the default configuration. Default Configuration The local user database is checked. Syntax • ip https authentication method1 [method2...] • no form of...methods of all RADIUS servers for authentication. Example The following table: Keyword local none radius tacacs Source or destination Uses the local username database for HTTPS server users. Example The following example configures the HTTP authentication. Uses no authentication. Console(config)# ip http ...
Command Line Interface Guide
Page 89
...password [level level] password [encrypted] • no username name • name - Encrypted password entered, copied from another device configuration. Default Configuration No enable password is 15. (Range: 1 - 15) • encrypted - Syntax • username name [password password] [level level] [encrypted] •.... Encrypted password entered, copied from another device configuration. Console(config)# enable password level 15 secret username The username Global Configuration mode command creates a user account in the local database. enable password The enable password...
...password [level level] password [encrypted] • no username name • name - Encrypted password entered, copied from another device configuration. Default Configuration No enable password is 15. (Range: 1 - 15) • encrypted - Syntax • username name [password password] [level level] [encrypted] •.... Encrypted password entered, copied from another device configuration. Console(config)# enable password level 15 secret username The username Global Configuration mode command creates a user account in the local database. enable password The enable password...
Command Line Interface Guide
Page 90
Default Configuration No user is defined. Command Mode Global Configuration mode User Guidelines User account can be created without a password. Console(config)# username bob password lee level 15 90 AAA Commands Example The following example configures user bob with password lee and user level 15 to the system.
Default Configuration No user is defined. Command Mode Global Configuration mode User Guidelines User account can be created without a password. Console(config)# username bob password lee level 15 90 AAA Commands Example The following example configures user bob with password lee and user level 15 to the system.
Command Line Interface Guide
Page 269
...the-day (MOTD) banner appears first, followed by the login banner and prompts. A delimiting character cannot be displayed before the username and password login prompts. banner login The banner login Global Configuration mode command specifies and enables a message to be used in ...the banner message. • message - Default Configuration Disabled (no banner login • d - Syntax • banner login d message d • no Login banner is displayed. User...
...the-day (MOTD) banner appears first, followed by the login banner and prompts. A delimiting character cannot be displayed before the username and password login prompts. banner login The banner login Global Configuration mode command specifies and enables a message to be used in ...the banner message. • message - Default Configuration Disabled (no banner login • d - Syntax • banner login d message d • no Login banner is displayed. User...
Command Line Interface Guide
Page 346
... sent to this command to this host. • informs - physical-port-name - Use the no snmp-server v3-host {ip4-address | ip6-address | hostname} username [traps | informs] • ip4-address - Specifies the name of a packet. • auth - decimal-number - 0 | 1 | 2 | 3 | 4 | ...5 | 6 | 7 | 8 | 9 - integer - | - If the egress interface is not specified, the default interface is a Link Local address (IPv6Z address), the outgoing interface name must be specified. The host IPv4 address (the targeted recipient). • ip6-address - Indicates ...
... sent to this command to this host. • informs - physical-port-name - Use the no snmp-server v3-host {ip4-address | ip6-address | hostname} username [traps | informs] • ip4-address - Specifies the name of a packet. • auth - decimal-number - 0 | 1 | 2 | 3 | 4 | ...5 | 6 | 7 | 8 | 9 - integer - | - If the egress interface is not specified, the default interface is a Link Local address (IPv6Z address), the outgoing interface name must be specified. The host IPv4 address (the targeted recipient). • ip6-address - Indicates ...
Command Line Interface Guide
Page 351
user-view Default DefaultSuper IP address ------All 172.16.1.1 172.17.1.1 Community-string public Group name ---------user-group IP address ---------all Traps are enabled. Priv 162 Filter TO ... 192.122.173.42 Trap public Inform public Version ------2 2 UDP Port ---162 162 Filter TO Retries Name Sec 15 3 15 3 Version 3 notifications Target Address Type Username 192.122.173.42 Inform Bob Security UDP Level Port ------- ---- Console# show snmp Community-
user-view Default DefaultSuper IP address ------All 172.16.1.1 172.17.1.1 Community-string public Group name ---------user-group IP address ---------all Traps are enabled. Priv 162 Filter TO ... 192.122.173.42 Trap public Inform public Version ------2 2 UDP Port ---162 162 Filter TO Retries Name Sec 15 3 15 3 Version 3 notifications Target Address Type Username 192.122.173.42 Inform Bob Security UDP Level Port ------- ---- Console# show snmp Community-
Command Line Interface Guide
Page 356
.... Command Mode Privileged EXEC mode. Specifies the name of the user. (Range: 1 - 30) Default Configuration This command has no user guidelines for this command. Console# show snmp users [username] • username - Syntax • show snmp users Name -----John John Group name Auth Method user-group md5 user-group md5 Remote 08009009020C0B099C075879 356 SNMP...
.... Command Mode Privileged EXEC mode. Specifies the name of the user. (Range: 1 - 30) Default Configuration This command has no user guidelines for this command. Console# show snmp users [username] • username - Syntax • show snmp users Name -----John John Group name Auth Method user-group md5 user-group md5 Remote 08009009020C0B099C075879 356 SNMP...
Command Line Interface Guide
Page 398
... Auth Code ---------HMAC-SHA1 The following example displays the SSH server configuration. User Guidelines There are no default configuration. Example The following table describes significant fields shown above: Field Description IP address Client address SSH username User name Version SSH version number Cipher Encryption type (3DES, Blowfish, RC4) Auth Code Authentication Code...
... Auth Code ---------HMAC-SHA1 The following example displays the SSH server configuration. User Guidelines There are no default configuration. Example The following table describes significant fields shown above: Field Description IP address Client address SSH username User name Version SSH version number Cipher Encryption type (3DES, Blowfish, RC4) Auth Code Authentication Code...
Command Line Interface Guide
Page 400
... Babble format. • hex - Examples The following example displays SSH public keys stored on the device. User Guidelines There are no default configuration. Console# show crypto key pubkey-chain ssh Username Fingerprint bob 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 john 98:F7...:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 400 SSH Commands Syntax • show crypto key pubkey-chain ssh [username username] [fingerprint {bubble-babble | hex}] • username - Fingerprint in Hex format. Default Configuration This command has no user guidelines for this command.
... Babble format. • hex - Examples The following example displays SSH public keys stored on the device. User Guidelines There are no default configuration. Console# show crypto key pubkey-chain ssh Username Fingerprint bob 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 john 98:F7...:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 400 SSH Commands Syntax • show crypto key pubkey-chain ssh [username username] [fingerprint {bubble-babble | hex}] • username - Fingerprint in Hex format. Default Configuration This command has no user guidelines for this command.
Command Line Interface Guide
Page 429
... the active users. Syntax • show sessions Default Configuration There is no user guidelines for this command. Console> show sessions User EXEC mode command lists open Telnet sessions. Command Mode User EXEC mode. Example The following example lists open Telnet sessions. Console> show users Username ---------Bob John Robert Betty Protocol ----------Serial SSH...
... the active users. Syntax • show sessions Default Configuration There is no user guidelines for this command. Console> show sessions User EXEC mode command lists open Telnet sessions. Command Mode User EXEC mode. Example The following example lists open Telnet sessions. Console> show users Username ---------Bob John Robert Betty Protocol ----------Serial SSH...
Command Line Interface Guide
Page 442
...a password expires a user can login for another 3 times. • 10 days before a password change is forced. (Range: 1 - 365) Default Configuration Password aging is generated. Syntax • password-aging days • no form of line passwords. Example The following example configures 5 days as... the aging time of username passwords and enables passwords. Use the no password-aging • days - password-aging The password-aging Line Configuration mode command ...
...a password expires a user can login for another 3 times. • 10 days before a password change is forced. (Range: 1 - 365) Default Configuration Password aging is generated. Syntax • password-aging days • no form of line passwords. Example The following example configures 5 days as... the aging time of username passwords and enables passwords. Use the no password-aging • days - password-aging The password-aging Line Configuration mode command ...
Command Line Interface Guide
Page 443
...40 days as the aging time of the user. (Range: 1 - 20 characteres) • level - Console (config)# passwords aging username 40 passwords history The passwords history Global Configuration mode command sets the number of password changes before a password change is forced. (Range: 1 -... 365) Default Configuration Password aging is generated. Use the no passwords history • number - Indicates the required number of required password changes before...
...40 days as the aging time of the user. (Range: 1 - 20 characteres) • level - Console (config)# passwords aging username 40 passwords history The passwords history Global Configuration mode command sets the number of password changes before a password change is forced. (Range: 1 -... 365) Default Configuration Password aging is generated. Use the no passwords history • number - Indicates the required number of required password changes before...
Command Line Interface Guide
Page 445
... example configures the number of failed login attempts before the user account is relevant for tracking purposes by using the set username active command. Console(config)# passwords lockout 3 TIC Commands 445 A period of days that the password cannot be changed ...passwords lockout • number - Example The following example configures the number of time that a password is locked. (Range: 1 - 5) Default Configuration No locked user account due to failed login attempts. Command Mode Global Configuration mode. Syntax • passwords lockout number • no form...
... example configures the number of failed login attempts before the user account is relevant for tracking purposes by using the set username active command. Console(config)# passwords lockout 3 TIC Commands 445 A period of days that the password cannot be changed ...passwords lockout • number - Example The following example configures the number of time that a password is locked. (Range: 1 - 5) Default Configuration No locked user account due to failed login attempts. Command Mode Global Configuration mode. Syntax • passwords lockout number • no form...
Command Line Interface Guide
Page 446
... history file is also saved in the internal buffer of the user. (Range: 1 - 20 characters) Default Configuration This command has no aaa login-history file Default Configuration Writing to the login history file. Syntax • set username active Privileged EXEC mode command reactivates a locked user account. Console(config)# aaa login-history file set...
... history file is also saved in the internal buffer of the user. (Range: 1 - 20 characters) Default Configuration This command has no aaa login-history file Default Configuration Writing to the login history file. Syntax • set username active Privileged EXEC mode command reactivates a locked user account. Console(config)# aaa login-history file set...
Command Line Interface Guide
Page 447
...Privileged EXEC mode command reactivates a locked line. User Guidelines There are no default configuration. Example The following example reactivates a suspended user with username bob. TIC Commands 447 Console# set username bob active set line active The set enable-password level active • ...locked enable password. Example The following example reactivates the line for a virtual terminal for secured remote console access (SSH). Default Configuration This command has no user guidelines for remote console access (Telnet). • ssh - Virtual terminal for remote console...
...Privileged EXEC mode command reactivates a locked line. User Guidelines There are no default configuration. Example The following example reactivates a suspended user with username bob. TIC Commands 447 Console# set username bob active set line active The set enable-password level active • ...locked enable password. Example The following example reactivates the line for a virtual terminal for secured remote console access (SSH). Default Configuration This command has no user guidelines for remote console access (Telnet). • ssh - Virtual terminal for remote console...
Command Line Interface Guide
Page 450
Example The following example displays the login history of users. User Guidelines There are no default configuration. Command Mode Privileged EXEC mode. Syntax • show users login-history Login Time Jan 18 2004 23:58:17 Jan 19 2004 07:59...-------HTTP HTTP Serial HTTP SSH Telnet Location -------172.16.1.8 172.16.0.8 172.16.0.8 172.16.0.1 172.16.1.7 450 TIC Commands Console# show users login-history [username name] • name - show users login-history The show users login-history Privileged EXEC mode command displays information about the login history of users. Name...
Example The following example displays the login history of users. User Guidelines There are no default configuration. Command Mode Privileged EXEC mode. Syntax • show users login-history Login Time Jan 18 2004 23:58:17 Jan 19 2004 07:59...-------HTTP HTTP Serial HTTP SSH Telnet Location -------172.16.1.8 172.16.0.8 172.16.0.8 172.16.0.1 172.16.1.7 450 TIC Commands Console# show users login-history [username name] • name - show users login-history The show users login-history Privileged EXEC mode command displays information about the login history of users. Name...