The Command Line Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, the user has greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
A device can be configured and maintained by entering commands from the CLI, which is based solely on textual input, and output with commands being entered by a terminal keyboard and the output displayed as text via a terminal monitor. The CLI can be accessed from a console terminal connected to an EIA/TIA-232 port or through a Telnet session.
This guide describes the Command Line Interface (CLI) structure, the command syntax, and command functionality. The following table contains the functional groups for commands.
Command Group
Description
AAA
Configures connection security including authorization and passwords.
Address Table
Configures bridging address tables.
Configuration and Image Files
Manages the device configuration files.
Ethernet Configuration
Configures all port configuration options, for example ports, storm control, port speed and auto-negotiation.
GVRP
Configures and displays GVRP configuration and information.
IGMP Snooping
Configures IGMP snooping and displays IGMP configuration and IGMP information.
IP Addressing
Configures and manages IP addresses on the device.
LACP
Configures and displays LACP information.
Line
Configures the console and remote Telnet.
Management ACL
Configures and displays management access-list information.
Port Channel
Configures and displays port-channeling information.
Port Monitor
Monitors activity on specific target ports.
QoS and ACL
Configures and displays ACL and QoS information.
Radius
Configures and displays the Radius information.
RMON
Displays RMON statistics.
SNMP
Configures SNMP communities, traps and displays SNMP information.
Spanning Tree
Configures and reports on the Spanning Tree protocol.
SSH
Configures SSH authentication.
Syslog Commands
Manages and displays syslog messages.
System Management
Configures the device clock, name and authorized users.
User Interface
Describes user commands used for entering CLI commands.
VLAN
Configures VLANS and displays VLAN information.
Web Server
Configures access to the device.
Command Groups
NOTE: The access mode shown in the following tables is indicated by these
abbreviations: UE (User EXEC Mode), PE (Privileged EXEC Mode), GC (Global
Configuration Mode), IC (Interface Configuration Mode), LC (Line Configuration) MA
(Management Access-level), KC (Key Chain), and VC (VLAN Configuration).
AAA Commands
Command
Description
Mode
aaa authentication login
Defines login authentication.
GC
aaa authentication enable
Defines authentication method lists for accessing higher privilege levels.
GC
login authentication
Specifies the login authentication method list for a remote Telnet or console.
GC
enable authentication
Specifies the authentication method list when accessing a higher privilege level from a remote Telnet or console.
LC
ip http authentication
Specifies authentication methods for http.
GC
ip https authentication
Specifies authentication methods for https.
GC
show authentication methods
Displays information about the authentication methods.
PE
password
Specifies a password on a line.
LC
enable password
Sets a local password to control access to normal and privilege levels.
GC
username
Establishes a user name-based authentication system.
GC
show users accounts
Displays information about the local user database.
PE
Address Table Commands
Command
Description
Mode
bridge address
Adds a static MAC-layer station source address to the bridge table.
VC
bridge aging-time
Sets the address table aging time.
GC
clear bridge
Removes any learned entries from the forwarding database.
PE
show bridge address-table
Displays dynamically created entries in the bridge-forwarding database.
PE
show bridge address-table static
Displays statically entered entries in the bridge-forwarding database.
PE
port security
Disables new address learning on an interface.
IC
show ports security
Displays the port-lock status.
PE
bridge multicast filtering
Enables filtering of multicast addresses.
GC
bridge multicast address
Registers MAC-layer multicast addresses to the bridge table, and adds static ports to the group.
IC
bridge multicast forbidden address
Forbids adding a specific multicast address to specific ports.
IC
bridge multicast forward-all
Enables forwarding of all multicast packets on a port.
IC
bridge multicast forbidden forward-all
Forbids forwarding of all multicast packets to a port.
IC
show bridge multicast address-table
Displays multicast MAC address table information.
PE
show bridge multicast filtering
Displays the multicast filtering configuration.
PE
Configuration and Image Files Commands
Command
Description
Mode
configure
Enters global configuration mode.
PE
copy
Copies any file from a source to a destination.
PE
delete startup-config
Deletes the startup-config file.
PE
boot system
Specifies the system image that the device loads at startup.
GC
show running-config
Displays the contents of the currently running configuration file.
PE
show startup-config
Displays the startup configuration file contents.
PE
show backup-config
Displays the backup configuration file contents.
PE
show bootvar
Displays the active system image file that the device loads at startup.
PE
Ethernet Configuration Commands
Command
Description
Mode
port storm-control enable
Enables broadcast storm control.
IC
port storm-control rate
Configures the maximum broadcast rate.
IC
interface ethernet
Enters the Interface Configuration Mode to configure an ethernet type interface.
GC
interface range ethernet
Enters the Interface Configuration Mode to configure multiple ethernet type interfaces.
GC
shutdown
Disables interfaces.
IC
description
Adds a description to an Interface.
IC
speed
Configures the speed of a given ethernet interface when not using auto negotiation.
IC
duplex
Configures the full/half duplex operation of a given ethernet interface when not using auto negotiation.
IC
negotiation
Enables auto negotiation operation for the speed and duplex parameters of a given interface.
IC
flowcontrol
Configures the flow control on a given interface.
IC
mdix
Enables automatic cable crossover on a given interface.
IC
back-pressure
Enables back pressure on a given interface.
IC
clear counters
Clears statistics on an interface.
PE
set interface active
Reactivates an interface suspended by the system.
PE
show interfaces configuration
Displays the configuration for all configured interfaces.
PE
show interfaces status
Displays the status for all configured interfaces.
PE
show interfaces description
Displays the description for all configured interfaces.
PE
show interfaces counters
Displays traffic seen by the physical interface.
PE
show ports storm-control
Displays the storm control configuration.
PE
GVRP Commands
Command
Description
Mode
gvrp enable (global)
Enables GVRP globally.
GC
gvrp enable (interface)
Enables GVRP on an interface.
IC
garp timer
Adjusts the GARP application join, leave, and leaveall GARP timer values.
IC
gvrp vlan-creation-forbid
Disables dynamic VLAN creation.
IC
gvrp registration-forbid
De-registers all VLANs, and prevents dynamic VLAN registration on the port.
IC
clear gvrp statistics
Clears all the GVRP statistics information.
GC
show gvrp configuration
Displays GVRP configuration information.
PE
show gvrp statistics
Displays GVRP statistics.
PE
show gvrp error-statistics
Displays GVRP error statistics.
PE
IGMP Snooping Commands
Command
Description
Mode
ip igmp snooping (Global)
Enables Internet Group Management Protocol (IGMP) snooping.
GC
ip igmp snooping (Interface)
Enables Internet Group Management Protocol (IGMP) snooping on a specific VLAN.
VC
ip igmp snooping mrouter
Enables automatic learning of multicast device ports in the context of a specific VLAN.
VC
ip igmp snooping host-time-out
Configures the host-time-out.
VC
ip igmp snooping mrouter-time-out
Configures the mrouter-time-out.
VC
ip igmp snooping leave-time-out
Configures the leave-time-out.
VC
show ip igmp snooping mrouter
Displays information on dynamically learned multicast router interfaces.
PE
show ip igmp snooping interface
Displays IGMP snooping configuration.
PE
show ip igmp snooping groups
Displays multicast groups learned by IGMP snooping.
PE
IP Addressing
Command
Description
Mode
ip address
Sets an IP address on the device.
IC
ip address-dhcp
Acquires an IP address on an interface from the DHCP server.
IC
ip default-gateway
Defines default gateways.
IC
show ip interface
Displays a list of IP interfaces configured on the device.
PE
arp
Adds a static entry in the ARP cache.
GC
arp timeout
Configures how long an entry remains in the ARP cache
GC
clear arp-cache
Deletes all dynamic entries from the ARP cache.
PE
show arp
Displays entries in the ARP table.
PE
LACP Commands
Command
Description
Mode
lacp system-priority
Configures the system LACP priority.
GC
lacp port-priority
Configures the priority value for physical ports.
IC
lacp timeout
Assigns an administrative LACP timeout.
IC
show lacp ethernet
Displays LACP information for ethernet ports.
PE
show lacp port-channel
Displays LACP information for a port-channel.
PE
Line Commands
Command
Description
Mode
line
Identifies a specific line for configuration and enters the line configuration command mode.
LC
speed
Sets the line baud rate.
LC
exec-timeout
Configures the interval that the system waits until user input is detected.
LC
show line
Displays line parameters.
UE
Management ACL Commands
Command
Description
Mode
management access-list
Defines an access-list for management, and enters the access-list for configuration.
GC
permit (management)
Defines a permit rule.
MA
deny (management)
Defines a deny rule.
MA
management access-class
Defines which management access-list is used.
GC
show management access-list
Displays the management access-list.
UE
show management access-class
Displays the active management access-list.
UE
Port Channel Commands
Command
Description
Mode
interface port-channel
Enters the interface configuration mode for a specific port-channel.
GC
interface range port-channel
Enters the interface configuration mode to configure multiple port channels.
GC
channel-group
Associates a port with a port-channel.
IC
show interfaces port-channel
Displays port-channel information.
PE
Port Monitor Commands
Command
Description
Mode
port monitor
Starts a port monitoring session.
IC
show ports monitor
Displays the port monitoring status.
UE
QoS and ACL Commands
Command
Description
Mode
ip access-list
Creates IP ACLs and enters IP-Access list configuration mode.
GC
permit (IP)
Allows traffic if the conditions defined in the permit statement are matched.
IP
deny (IP)
Denies traffic if the conditions defined in the deny statement are matched
IP
mac access-list
Creates Layer 2 MAC ACLs, and enters to MAC-Access list configuration mode.
GC
permit (MAC)
Allows traffic if the conditions defined in the permit statement are matched.
ML
deny (MAC)
Allows traffic if the conditions defined in the permit statement are matched.
ML
service-acl
Applies an access-list to the input of an interface.
IC
show access-lists
Displays access control lists (ACLs) defined on the device
PE
show interfaces access-lists
Displays access lists applied on interfaces.
PE
qos
Enables quality of service (QoS) on the device.
GC
show qos
Displays the QoS activity status.
GC
wrr-queue cos-map
Maps assigned CoS values to the egress queues.
GC
wrr-queue bandwidth
Assigns Weighted Round Robin (WRR) weights to egress queues.
IC
priority-queue out num-of-queues
Enables the egress queues to be expedite queues.
IC
show qos interface
Displays interface QoS data.
UE
qos map dscp-queue
Modifies the DSCP to CoS map.
GC
qos trust(Global)
Configures the system trust state.
GC
qos trust(Interface)
Enables each port trust state.
IC
qos cos
Configures the default port CoS value.
IC
qos map tcp-port-queue
Modifies the TCP-Port to DSCP table.
GC
qos map udp-port-queue
Modifies the UDP-Port to DSCP table.
GC
show qos map
Displays all the QoS maps.
UE
Radius Commands
Command
Description
Mode
radius-server host
Specifies a RADIUS server host.
GC
radius-server key
Sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon.
GC
radius-server retransmit
Specifies the number of times the software searches the list of RADIUS server hosts.
GC
radius-server source-ip
Specifies the source IP address used for communication with RADIUS servers.
GC
radius-server timeout
Sets the interval for which a device waits for a server host to reply.
GC
radius-server deadtime
Improves RADIUS response times when servers are unavailable.
GC
show radius-servers
Displays the RADIUS server settings.
UE
RMON Commands
Command
Description
Mode
show rmon statistics
Displays RMON ethernet statistics.
PE
rmon collection history
Enables a Remote Monitoring (RMON) MIB history statistics group on an interface.
IC
show rmon collection history
Displays the requested history group configuration.
PE
show rmon history
Displays RMON ethernet statistics history.
PE
rmon alarm
Configures alarm conditions.
GC
show rmon alarm-table
Displays the alarms summary table.
PE
show rmon alarm
Displays alarm configurations.
PE
rmon event
Configures a RMON event.
GC
show rmon events
Displays the RMON event table.
PE
show rmon log
Displays the RMON logging table.
PE
rmon table-size
Configures the maximum RMON tables sizes.
GC
SNMP Commands
Command
Description
Mode
snmp-server community
Sets up the community access string to permit access to SNMP protocol.
GC
snmp-server contact
Sets up a system contact.
GC
snmp-server location
Enters information on where the device is located.
GC
snmp-server enable traps
Enables the switch to send SNMP traps or SNMP notifications.
GC
snmp-server trap authentication
Enables the switch to send SNMP traps when authentication failed.
GC
snmp-server host
Specifies the recipient of SNMP notification operation.
GC
snmp-server set
Sets SNMP MIB value by the CLI.
GC
show snmp
Displays the SNMP status.
PE
Spanning Tree Commands
Command
Description
Mode
spanning-tree
Enables spanning tree functionality.
GC
spanning-tree mode
Configures the spanning tree protocol currently running.
GC
spanning-tree forward-time
Configures the spanning tree bridge forward time.
GC
spanning-tree hello-time
Configures the spanning tree bridge hello time.
GC
spanning-tree max-age
Configures the spanning tree bridge maximum age.
GC
spanning-tree priority
Configures the spanning tree priority.
GC
spanning-tree disable
Disables spanning tree on a specific port.
IC
spanning-tree cost
Configure the spanning tree path cost for a port.
IC
spanning-tree port-priority
Configures the port priority.
IC
spanning-tree portfast
Enable PortFast mode.
IC
clear spanning-tree detected-protocols
Restarts the protocol migration process on all interfaces or on the specified interface.
PE
spanning-tree link-type
Overrides the default link-type setting.
IC
show spanning-tree
Displays spanning tree configuration.
PE
SSH Commands
Command
Description
Mode
ip ssh port
Specifies the port for use by the SSH server.
GC
ip ssh server
Enables device configuration from a SSH server.
GC
crypto key generate dsa
Generates DSA key pairs.
GC
crypto key generate rsa
Generates RSA key pairs.
GC
ip ssh pubkey-auth
Enables public key authentication for incoming SSH sessions.
GC
crypto key pubkey-chain ssh
Enters SSH public key-chain configuration mode.
GC
user-key
Specifies which SSH public key is manually configured and enters the SSH public key-string configuration command.
KC
key-string
Manually specifies a SSH public key.
KC
show ip ssh
Displays the SSH server configuration.
PE
show crypto key mypubkey
Manually specifies a SSH public key.
PE
show crypto key pubkey-chain ssh
Displays SSH public keys stored on the device.
PE
Syslog Commands
Command
Description
Mode
logging on
Controls error messages logging.
GC
logging
Logs messages to a syslog server.
GC
logging console
Limits messages logged to the console based on severity.
GC
logging buffered
Limits syslog messages displayed from an internal buffer based on severity.
GC
logging buffered size
Changes the number of syslog messages stored in the internal buffer.
GC
clear logging
Clears messages from the internal logging buffer.
PE
logging file
Limits syslog messages sent to the logging file based on severity.
GC
clear logging file
Clears messages from the logging file.
PE
show logging
Displays the state of logging and the syslog messages stored in the internal buffer.
PE
show logging file
Displays the state of logging and the syslog messages stored in the logging file.
PE
show syslog-servers
Displays the syslog servers settings.
PE
System Management Commands
Command
Description
Mode
ping
Sends ICMP echo request packets to another node on the network.
UE
reload
Reloads the operating system.
PE
clock set
Manually sets the system clock.
UE
hostname
Specifies or modifies the device host name.
GC
asset-tag
Specifies the device asset-tag.
GC
stack order
configures the unit physical order in the stack.
GC
show users
Displays information about the active users.
UE
show clock
Displays the time and date from the system clock.
UE
show system
Displays system information.
UE
show version
Displays the system version information.
PE
show system id
Displays the system identification information.
PE
User Interface Commands
Command
Description
Mode
enable
Enters the privileged EXEC mode.
UE
disable
Returns the prompt to user EXEC mode.
PE
login
Exits the EXEC mode and re-logs on as a new user.
PE
exit(configuration)
Exits any configuration mode to the next highest mode in the CLI mode hierarchy.
exit(EXEC)
Closes an active terminal session by logging off the device.
UE
end
Ends the current configuration session and returns to the previous command mode.
GC
help
Displays a brief description of the help system.
history
Enables the command history function.
LC
history size
Changes the command history buffer size for a particular line.
LC
debug-mode
Switches the mode to debug the device.
PE
show history
Lists the commands entered in the current session.
PE
show privilege
Displays the current privilege level.
PE
VLAN Commands
Command
Description
Mode
vlan database
Enters the VLAN database configuration mode.
GC
vlan
Creates a VLAN.
VC
interface vlan
Enters the interface configuration (VLAN) mode to configure an existing VLAN.
GC
interface range vlan
Enters the VLAN configuration mode to configure multiple VLANs.
GC
name
Configures a name to a VLAN.
VC
switchport mode
Configures the VLAN membership mode for a port.
IC
switchport access vlan
Configures the VLAN ID when the interface is in access mode.
IC
switchport trunk allowed vlan
Adds or removes VLANs from a trunk port.
IC
switchport trunk native vlan
Defines the port as a member of the specified VLAN, and the VLAN ID is the port default VLAN ID (PVID).
IC
switchport general allowed vlan
Adds or removes VLANs from a port in general mode.
IC
switchport general pvid
Configures the PVID when the interface is in general mode.
IC
switchport general ingress-filtering disable
Disables port ingress filtering
IC
switchport general acceptable-frame-types tagged-only
Discards untagged frames at ingress.
IC
switchport forbidden vlan
Forbids adding specific VLANs to a port.
IC
show vlan
Displays VLAN information.
PE
show interfaces switchport
Displays switchport configuration.
PE
Web Server Commands
Command
Description
Mode
ip http port
Specifies the TCP port for use by a web browser to configure the device.
GC
ip http server
Enables the device to be configured from a browser.
GC
ip https port
Configures a TCP port for use by a secure web browser to configure the device.
GC
ip https server
Enables the device to be configured from a secured browser.
