The Command Line Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, the user has greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
A device can be configured and maintained by entering commands from the CLI, which is based solely on textual input, and output with commands being entered by a terminal keyboard and the output displayed as text via a terminal monitor. The CLI can be accessed from a console terminal connected to an EIA/TIA-232 port or through a Telnet session.
This guide describes the Command Line Interface (CLI) structure, the command syntax, and command functionality. The following table contains the functional groups for commands.
Command Group
| Description
|
AAA
| Configures connection security including authorization and passwords.
|
Address Table
| Configures bridging address tables.
|
Configuration and Image Files
| Manages the device configuration files.
|
Ethernet Configuration
| Configures all port configuration options, for example ports, storm control, port speed and auto-negotiation.
|
GVRP
| Configures and displays GVRP configuration and information.
|
IGMP Snooping
| Configures IGMP snooping and displays IGMP configuration and IGMP information.
|
IP Addressing
| Configures and manages IP addresses on the device.
|
LACP
| Configures and displays LACP information.
|
Line
| Configures the console and remote Telnet.
|
Management ACL
| Configures and displays management access-list information.
|
Port Channel
| Configures and displays port-channeling information.
|
Port Monitor
| Monitors activity on specific target ports.
|
QoS and ACL
| Configures and displays ACL and QoS information.
|
Radius
| Configures and displays the Radius information.
|
RMON
| Displays RMON statistics.
|
SNMP
| Configures SNMP communities, traps and displays SNMP information.
|
Spanning Tree
| Configures and reports on the Spanning Tree protocol.
|
SSH
| Configures SSH authentication.
|
Syslog Commands
| Manages and displays syslog messages.
|
System Management
| Configures the device clock, name and authorized users.
|
User Interface
| Describes user commands used for entering CLI commands.
|
VLAN
| Configures VLANS and displays VLAN information.
|
Web Server
| Configures access to the device.
|
Command
| Description
| Mode |
aaa authentication login
| Defines login authentication.
| GC
|
aaa authentication enable
| Defines authentication method lists for accessing higher privilege levels.
| GC
|
login authentication
| Specifies the login authentication method list for a remote Telnet or console.
| GC
|
enable authentication
| Specifies the authentication method list when accessing a higher privilege level from a remote Telnet or console.
| LC
|
ip http authentication
| Specifies authentication methods for http.
| GC
|
ip https authentication
| Specifies authentication methods for https.
| GC
|
show authentication methods
| Displays information about the authentication methods.
| PE
|
password
| Specifies a password on a line.
| LC
|
enable password
| Sets a local password to control access to normal and privilege levels.
| GC
|
username
| Establishes a user name-based authentication system.
| GC
|
show users accounts
| Displays information about the local user database.
| PE
|
Command
| Description
| Mode
|
bridge address
| Adds a static MAC-layer station source address to the bridge table.
| VC
|
bridge aging-time
| Sets the address table aging time.
| GC
|
clear bridge
| Removes any learned entries from the forwarding database.
| PE
|
show bridge address-table
| Displays dynamically created entries in the bridge-forwarding database.
| PE
|
show bridge address-table static
| Displays statically entered entries in the bridge-forwarding database.
| PE
|
port security
| Disables new address learning on an interface.
| IC
|
show ports security
| Displays the port-lock status.
| PE
|
bridge multicast filtering
| Enables filtering of multicast addresses.
| GC
|
bridge multicast address
| Registers MAC-layer multicast addresses to the bridge table, and adds static ports to the group.
| IC
|
bridge multicast forbidden address
| Forbids adding a specific multicast address to specific ports.
| IC
|
bridge multicast forward-all
| Enables forwarding of all multicast packets on a port.
| IC
|
bridge multicast forbidden forward-all
| Forbids forwarding of all multicast packets to a port.
| IC
|
show bridge multicast address-table
| Displays multicast MAC address table information.
| PE
|
show bridge multicast filtering
| Displays the multicast filtering configuration.
| PE
|
Command
| Description
| Mode
|
configure
| Enters global configuration mode.
| PE
|
copy
| Copies any file from a source to a destination.
| PE
|
delete startup-config
| Deletes the startup-config file.
| PE
|
boot system
| Specifies the system image that the device loads at startup.
| GC
|
show running-config
| Displays the contents of the currently running configuration file.
| PE
|
show startup-config
| Displays the startup configuration file contents.
| PE
|
show backup-config
| Displays the backup configuration file contents.
| PE
|
show bootvar
| Displays the active system image file that the device loads at startup.
| PE
|
Command
| Description
| Mode
|
port storm-control enable
| Enables broadcast storm control.
| IC
|
port storm-control rate
| Configures the maximum broadcast rate.
| IC
|
interface ethernet
| Enters the Interface Configuration Mode to configure an ethernet type interface.
| GC
|
interface range ethernet
| Enters the Interface Configuration Mode to configure multiple ethernet type interfaces.
| GC
|
shutdown
| Disables interfaces.
| IC
|
description
| Adds a description to an Interface.
| IC
|
speed
| Configures the speed of a given ethernet interface when not using auto negotiation.
| IC
|
duplex
| Configures the full/half duplex operation of a given ethernet interface when not using auto negotiation.
| IC
|
negotiation
| Enables auto negotiation operation for the speed and duplex parameters of a given interface.
| IC
|
flowcontrol
| Configures the flow control on a given interface.
| IC
|
mdix
| Enables automatic cable crossover on a given interface.
| IC
|
back-pressure
| Enables back pressure on a given interface.
| IC
|
clear counters
| Clears statistics on an interface.
| PE
|
set interface active
| Reactivates an interface suspended by the system.
| PE
|
show interfaces configuration
| Displays the configuration for all configured interfaces.
| PE
|
show interfaces status
| Displays the status for all configured interfaces.
| PE
|
show interfaces description
| Displays the description for all configured interfaces.
| PE
|
show interfaces counters
| Displays traffic seen by the physical interface.
| PE
|
show ports storm-control
| Displays the storm control configuration.
| PE
|
Command
| Description
| Mode
|
gvrp enable (global)
| Enables GVRP globally.
| GC
|
gvrp enable (interface)
| Enables GVRP on an interface.
| IC
|
garp timer
| Adjusts the GARP application join, leave, and leaveall GARP timer values.
| IC
|
gvrp vlan-creation-forbid
| Disables dynamic VLAN creation.
| IC
|
gvrp registration-forbid
| De-registers all VLANs, and prevents dynamic VLAN registration on the port.
| IC
|
clear gvrp statistics
| Clears all the GVRP statistics information.
| GC
|
show gvrp configuration
| Displays GVRP configuration information.
| PE
|
show gvrp statistics
| Displays GVRP statistics.
| PE
|
show gvrp error-statistics
| Displays GVRP error statistics.
| PE
|
Command
| Description
| Mode
|
ip igmp snooping (Global)
| Enables Internet Group Management Protocol (IGMP) snooping.
| GC
|
ip igmp snooping (Interface)
| Enables Internet Group Management Protocol (IGMP) snooping on a specific VLAN.
| VC
|
ip igmp snooping mrouter
| Enables automatic learning of multicast device ports in the context of a specific VLAN.
| VC
|
ip igmp snooping host-time-out
| Configures the host-time-out.
| VC
|
ip igmp snooping mrouter-time-out
| Configures the mrouter-time-out.
| VC
|
ip igmp snooping leave-time-out
| Configures the leave-time-out.
| VC
|
show ip igmp snooping mrouter
| Displays information on dynamically learned multicast router interfaces.
| PE
|
show ip igmp snooping interface
| Displays IGMP snooping configuration.
| PE
|
show ip igmp snooping groups
| Displays multicast groups learned by IGMP snooping.
| PE
|
Command
| Description
| Mode
|
ip access-list
| Creates IP ACLs and enters IP-Access list configuration mode.
| GC
|
permit (IP)
| Allows traffic if the conditions defined in the permit statement are matched.
| IP
|
deny (IP)
| Denies traffic if the conditions defined in the deny statement are matched
| IP
|
mac access-list
| Creates Layer 2 MAC ACLs, and enters to MAC-Access list configuration mode.
| GC
|
permit (MAC)
| Allows traffic if the conditions defined in the permit statement are matched.
| ML
|
deny (MAC)
| Allows traffic if the conditions defined in the permit statement are matched.
| ML
|
service-acl
| Applies an access-list to the input of an interface.
| IC
|
show access-lists
| Displays access control lists (ACLs) defined on the device
| PE
|
show interfaces access-lists
| Displays access lists applied on interfaces.
| PE
|
qos
| Enables quality of service (QoS) on the device.
| GC
|
show qos
| Displays the QoS activity status.
| GC
|
wrr-queue cos-map
| Maps assigned CoS values to the egress queues.
| GC
|
wrr-queue bandwidth
| Assigns Weighted Round Robin (WRR) weights to egress queues.
| IC
|
priority-queue out num-of-queues
| Enables the egress queues to be expedite queues.
| IC
|
show qos interface
| Displays interface QoS data.
| UE
|
qos map dscp-queue
| Modifies the DSCP to CoS map.
| GC
|
qos trust(Global)
| Configures the system trust state.
| GC
|
qos trust(Interface)
| Enables each port trust state.
| IC
|
qos cos
| Configures the default port CoS value.
| IC
|
qos map tcp-port-queue
| Modifies the TCP-Port to DSCP table.
| GC
|
qos map udp-port-queue
| Modifies the UDP-Port to DSCP table.
| GC
|
show qos map
| Displays all the QoS maps.
| UE
|
Command
| Description
| Mode
|
show rmon statistics
| Displays RMON ethernet statistics.
| PE
|
rmon collection history
| Enables a Remote Monitoring (RMON) MIB history statistics group on an interface.
| IC
|
show rmon collection history
| Displays the requested history group configuration.
| PE
|
show rmon history
| Displays RMON ethernet statistics history.
| PE
|
rmon alarm
| Configures alarm conditions.
| GC
|
show rmon alarm-table
| Displays the alarms summary table.
| PE
|
show rmon alarm
| Displays alarm configurations.
| PE
|
rmon event
| Configures a RMON event.
| GC
|
show rmon events
| Displays the RMON event table.
| PE
|
show rmon log
| Displays the RMON logging table.
| PE
|
rmon table-size
| Configures the maximum RMON tables sizes.
| GC
|
Command
| Description
| Mode
|
snmp-server community
| Sets up the community access string to permit access to SNMP protocol.
| GC
|
snmp-server contact
| Sets up a system contact.
| GC
|
snmp-server location
| Enters information on where the device is located.
| GC
|
snmp-server enable traps
| Enables the switch to send SNMP traps or SNMP notifications.
| GC
|
snmp-server trap authentication
| Enables the switch to send SNMP traps when authentication failed.
| GC
|
snmp-server host
| Specifies the recipient of SNMP notification operation.
| GC
|
snmp-server set
| Sets SNMP MIB value by the CLI.
| GC
|
show snmp
| Displays the SNMP status.
| PE
|
Command
| Description
| Mode
|
spanning-tree
| Enables spanning tree functionality.
| GC
|
spanning-tree mode
| Configures the spanning tree protocol currently running.
| GC
|
spanning-tree forward-time
| Configures the spanning tree bridge forward time.
| GC
|
spanning-tree hello-time
| Configures the spanning tree bridge hello time.
| GC
|
spanning-tree max-age
| Configures the spanning tree bridge maximum age.
| GC
|
spanning-tree priority
| Configures the spanning tree priority.
| GC
|
spanning-tree disable
| Disables spanning tree on a specific port.
| IC
|
spanning-tree cost
| Configure the spanning tree path cost for a port.
| IC
|
spanning-tree port-priority
| Configures the port priority.
| IC
|
spanning-tree portfast
| Enable PortFast mode.
| IC
|
clear spanning-tree detected-protocols
| Restarts the protocol migration process on all interfaces or on the specified interface.
| PE
|
spanning-tree link-type
| Overrides the default link-type setting.
| IC
|
show spanning-tree
| Displays spanning tree configuration.
| PE
|
Command
| Description
| Mode
|
ip ssh port
| Specifies the port for use by the SSH server.
| GC
|
ip ssh server
| Enables device configuration from a SSH server.
| GC
|
crypto key generate dsa
| Generates DSA key pairs.
| GC
|
crypto key generate rsa
| Generates RSA key pairs.
| GC
|
ip ssh pubkey-auth
| Enables public key authentication for incoming SSH sessions.
| GC
|
crypto key pubkey-chain ssh
| Enters SSH public key-chain configuration mode.
| GC
|
user-key
| Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command.
| KC
|
key-string
| Manually specifies a SSH public key.
| KC
|
show ip ssh
| Displays the SSH server configuration.
| PE
|
show crypto key mypubkey
| Manually specifies a SSH public key.
| PE
|
show crypto key pubkey-chain ssh
| Displays SSH public keys stored on the device.
| PE
|
Command
| Description
| Mode
|
logging on
| Controls error messages logging.
| GC
|
logging
| Logs messages to a syslog server.
| GC
|
logging console
| Limits messages logged to the console based on severity.
| GC
|
logging buffered
| Limits syslog messages displayed from an internal buffer based on severity.
| GC
|
logging buffered size
| Changes the number of syslog messages stored in the internal buffer.
| GC
|
clear logging
| Clears messages from the internal logging buffer.
| PE
|
logging file
| Limits syslog messages sent to the logging file based on severity.
| GC
|
clear logging file
| Clears messages from the logging file.
| PE
|
show logging
| Displays the state of logging and the syslog messages stored in the internal buffer.
| PE
|
show logging file
| Displays the state of logging and the syslog messages stored in the logging file.
| PE
|
show syslog-servers
| Displays the syslog servers settings.
| PE
|
Command
| Description
| Mode
|
ping
| Sends ICMP echo request packets to another node on the network.
| UE
|
reload
| Reloads the operating system.
| PE
|
clock set
| Manually sets the system clock.
| UE
|
hostname
| Specifies or modifies the device host name.
| GC
|
asset-tag
| Specifies the device asset-tag.
| GC
|
stack order
| configures the unit physical order in the stack.
| GC
|
show users
| Displays information about the active users.
| UE
|
show clock
| Displays the time and date from the system clock.
| UE
|
show system
| Displays system information.
| UE
|
show version
| Displays the system version information.
| PE
|
show system id
| Displays the system identification information.
| PE
|
Command
| Description
| Mode
|
enable
| Enters the privileged EXEC mode.
| UE
|
disable
| Returns the prompt to user EXEC mode.
| PE
|
login
| Exits the EXEC mode and re-logs on as a new user.
| PE
|
exit(configuration)
| Exits any configuration mode to the next highest mode in the CLI mode hierarchy.
|
|
exit(EXEC)
| Closes an active terminal session by logging off the device.
| UE
|
end
| Ends the current configuration session and returns to the previous command mode.
| GC
|
help
| Displays a brief description of the help system.
|
|
history
| Enables the command history function.
| LC
|
history size
| Changes the command history buffer size for a particular line.
| LC
|
debug-mode
| Switches the mode to debug the device.
| PE
|
show history
| Lists the commands entered in the current session.
| PE
|
show privilege
| Displays the current privilege level.
| PE
|
Command
| Description
| Mode
|
vlan database
| Enters the VLAN database configuration mode.
| GC
|
vlan
| Creates a VLAN.
| VC
|
interface vlan
| Enters the interface configuration (VLAN) mode to configure an existing VLAN.
| GC
|
interface range vlan
| Enters the VLAN configuration mode to configure multiple VLANs.
| GC
|
name
| Configures a name to a VLAN.
| VC
|
switchport mode
| Configures the VLAN membership mode for a port.
| IC
|
switchport access vlan
| Configures the VLAN ID when the interface is in access mode.
| IC
|
switchport trunk allowed vlan
| Adds or removes VLANs from a trunk port.
| IC
|
switchport trunk native vlan
| Defines the port as a member of the specified VLAN, and the VLAN ID is the port default VLAN ID (PVID).
| IC
|
switchport general allowed vlan
| Adds or removes VLANs from a port in general mode.
| IC
|
switchport general pvid
| Configures the PVID when the interface is in general mode.
| IC
|
switchport general ingress-filtering disable
| Disables port ingress filtering
| IC
|
switchport general acceptable-frame-types tagged-only
| Discards untagged frames at ingress.
| IC
|
switchport forbidden vlan
| Forbids adding specific VLANs to a port.
| IC
|
show vlan
| Displays VLAN information.
| PE
|
show interfaces switchport
| Displays switchport configuration.
| PE
|
