Home » Netgear Manuals » Hubs & Switches » Netgear GSM7312 » Manual Viewer

Netgear GSM7312 FSM7326P User Manual - Page 161

Security Commands, authentication login

UPC - 606449030693

Add to My Manuals
Save this manual to your list of manuals

Page 161 highlights

User Manual for the NETGEAR 7300 Series Layer 3 Managed Switch Software Security Commands This section describes commands used for configuring security settings for login users and port users. authentication login This command creates an authentication login list. The is up to 15 alphanumeric characters and is not case sensitive. Up to 10 authentication login lists can be configured on the switch. When a list is created, the authentication method "local" is set as the first method. When the optional parameters "Option1", "Option2" and/or "Option3" are used, an ordered list of methods are set in the authentication login list. If the authentication login list does not exist, a new authentication login list os first created and then the authentication methods are set in the authentication login list. The maximum number of authentication login methods is three. The possible method values are local, radius and reject. The value of local indicates that the user's locally stored ID and password are used for authentication. The value of radius indicates that the user's ID and password will be authenticated using the RADIUS server. The value of reject indicates that the user is never authenticated. To authenticate a user, the authentication methods in the user's login will be attempted in order until an authentication attempt succeeds or fails. Note that the default login list included with the default configuration can not be changed. Format authentication login [method1 [method2 [method3]]] Mode Global Config no authentication login This command deletes the specified authentication login list. The attempt to delete will fail if any of the following conditions are true: • The login list name is invalid or does not match an existing authentication login list • The specified authentication login list is assigned to any user or to the nonconfigured user for any component • The login list is the default login list included with the default configuration and was not created using 'config authentication login create'. The default login list cannot be deleted. Switching Commands 202-10009-01_060204 8-95

Section	Page
User Manual for the NETGEAR 7300 Series Layer 3 Managed Switch Software	1
Technical Support	2
Trademarks	2
Statement of Conditions	2
Regulatory Compliance Information	2
Canadian Department of Communications Compliance Statement	3
EN 55 022 Declaration of Conformance	3
Contents	5
Chapter 1 About This Guide	27
Audience	27
Why the Document was Created	27
How to Use This Document	27
Typographical Conventions	28
Special Message Formats	28
Features of the HTML Version of this Manual	29
How to Print this Manual	30
Chapter 2 Switch Management Overview	31
Scope	31
Switch Management Overview	31
Chapter 3 Administration Console Telnet Interface	33
Set Up Your Switch Using Direct Console Access	33
Chapter 4 Web-Based Management Interface	37
Web Based Management Overview	37
How to Log In to the Managed Switch	38
Web-Based Management Utility Features	40
Interactive Switch Image	41
Menus	41
Main Menus	42
Secondary Menus	43
Management	43
Switch	43
Routing	44
Traffic Management	44
Smart Wizard	44
System-Wide Popup Menus	44
Port-Specific Popup Menus	45
Chapter 5 Command Line Interface Structure	47
CLI Command Format	47
Command	47
Parameters	48
Values	48
Conventions	49
Annotations	50
Chapter 6 Quick Start up	51
Quick Starting the Switch	51
System Info and System Setup	52
Quick Start up Software Version Information	52
Quick Start up Physical Port Data	52
Quick Start up User Account Management	53
Quick Start up IP Address	53
Quick Start up Uploading from Switch to Out-of-Band PC (Only XMODEM)	55
Quick Start up Downloading from Out-of-Band PC to Switch (Only XMODEM)	56
Quick Start up Downloading from TFTP Server	56
Quick Start up Factory Defaults	57
Chapter 7 Mode-based CLI	59
Mode-based Topology	61
Mode-based Command Hierarchy	63
Flow of Operation	65
“No” Form of a Command	66
Support for “No” Form	66
Behavior of Command Help (\	66
Chapter 8 Switching Commands	67
System Information and Statistics Commands	67
show arp switch	67
show eventlog	68
show hardware	68
show interface	69
show interface ethernet	70
show logging	78
show mac-addr-table	79
show msglog	80
show running-config	80
show sysinfo	80
snmp-server	81
Management VLAN Commands	81
network mgmt_vlan	81
Dot1P Commands	82
classofservice dot1pmapping	82
show classofservice dot1pmapping	82
vlan port priority all	82
vlan priority	83
LAG/Port-Channel (802.3ad) Commands	83
port-channel staticcapability	83
no port-channel staticcapability	83
show port-channel brief	83
Management Commands	84
bridge aging-time	84
no bridge aging-time	84
mtu	85
no mtu	85
network javamode	85
no network javamode	85
network mac-address	86
network mac-type	86
no network mac-type	86
network parms	86
network protocol	87
remotecon maxsessions	87
no remotecon maxsessions	87
remotecon timeout	88
no remotecon timeout	88
serial baudrate	88
no serial baudrate	88
serial timeout	89
no serial timeout	89
set prompt	89
show forwardingdb agetime	89
show network	90
show remotecon	91
show serial	91
show serviceport	92
show snmpcommunity	92
show snmptrap	93
show trapflags	94
snmp-server community	95
no snmp-server community	95
snmp-server community ipaddr	95
no snmp-server community ipaddr	96
snmp-server community ipmask	96
no snmp-server community ipmask	96
snmp-server community mode	96
no snmp-server community mode	97
snmp-server community ro	97
snmp-server community rw	97
snmp-server enable traps	97
no snmp-server enable traps	97
snmp-server enable traps bcaststorm	98
no snmp-server enable traps bcaststorm	98
snmp-server enable traps linkmode	98
no snmp-server enable traps linkmode	98
snmp-server enable traps multiusers	99
no snmp-server enable traps multiusers	99
snmp-server enable traps stpmode	99
no snmp-server enable traps stpmode	99
snmptrap	99
no snmptrap	100
snmptrap ipaddr	100
snmptrap mode	100
no snmptrap mode	100
telnet	101
no telnet	101
HTTP Commands	101
ip http secure-port	101
no ip http secure-port	101
ip http secure-protocol	102
no ip http secure-protocol	102
ip http secure-server	102
no ip http secure-server	102
ip http server	102
no ip http server	103
show ip http	103
Secure Shell (SSH) Commands	103
ip ssh	103
no ip ssh	104
ip ssh protocol	104
show ip ssh	104
Device Configuration Commands	104
addport	104
auto-negotiate	105
no auto-negotiate	105
auto-negotiate all	105
no auto-negotiate all	105
delete interface	105
deleteport	106
deleteport	106
monitor session	106
no monitor session	106
monitor session mode	107
no monitor session mode	107
port lacpmode	107
no port lacpmode	107
port lacpmode all	107
no port lacpmode all	108
port-channel	108
port-channel adminmode	108
no port-channel adminmode	108
port-channel linktrap	108
no port-channel linktrap	109
port-channel name	109
protocol group	109
no protocol group	109
protocol vlan group	110
no protocol vlan group	110
protocol vlan group all	110
no protocol vlan group all	110
set garp timer join	111
no set garp timer join	111
set garp timer join all	111
no set garp timer join all	111
set garp timer leave	112
no set garp timer leave	112
set garp timer leave all	112
no set garp timer leave all	112
set garp timer leaveall	113
no set garp timer leaveall	113
set garp timer leaveall all	113
no set garp timer leaveall all	114
set gmrp adminmode	114
no set gmrp adminmode	114
set gmrp interfacemode	114
no set gmrp interfacemode	115
set gmrp interfacemode all	115
no set gmrp interfacemode all	115
set gvrp adminmode	115
no set gvrp adminmode	116
set gvrp interfacemode	116
no set gvrp interfacemode	116
set gvrp interfacemode all	116
no set gvrp interfacemode all	116
set igmp	117
no set igmp	117
set igmp	117
no set igmp	117
set igmp groupmembershipinterval	118
no set igmp groupmembershipinterval	118
set igmp interfacemode all	118
no set igmp interfacemode all	118
set igmp maxresponse	119
no set igmp maxresponse	119
set igmp mcrtrexpiretime	119
no set igmp mcrtrexpiretime	119
show garp	119
show gmrp configuration	120
show gvrp configuration	121
show igmpsnooping	122
show mac-address-table gmrp	123
show mac-address-table igmpsnooping	124
show mac-address-table multicast	124
show mac-address-table static	125
show mac-address-table staticfiltering	125
show mac-address-table stats	126
show monitor	126
show port	127
show port protocol	127
show port-channel	128
show storm-control	129
show vlan	129
show vlan brief	130
show vlan port	131
shutdown	131
no shutdown	132
shutdown all	132
no shutdown all	132
snmp trap link-status	132
no snmp trap link-status	132
snmp trap link-status all	133
no snmp trap link-status all	133
spanning-tree	133
spanning-tree bpdumigrationcheck	134
no spanning-tree bpdumigrationcheck	134
speed	134
speed all	134
storm-control broadcast	135
no storm-control broadcast	135
storm-control flowcontrol	136
no storm-control flowcontrol	136
vlan	136
no vlan	137
vlan acceptframe	137
no vlan acceptframe	137
vlan ingressfilter	137
no vlan ingressfilter	138
vlan makestatic	138
vlan name	138
no vlan name	138
vlan participation	138
vlan participation all	139
vlan port acceptframe all	140
no vlan port acceptframe all	140
vlan port ingressfilter all	140
no vlan port ingressfilter all	140
vlan port pvid all	141
no vlan port pvid all	141
vlan port tagging all	141
no vlan port tagging all	141
vlan protocol group	141
vlan protocol group add protocol	142
no vlan protocol group add protocol	142
vlan protocol group remove	142
vlan pvid	142
no vlan pvid	143
vlan tagging	143
no vlan tagging	143
Spanning Tree Commands	143
show spanning-tree	143
show spanning-tree interface	145
show spanning-tree mst detailed	145
show spanning-tree mst port detailed	146
LAN	146
show spanning-tree mst port summary	147
show spanning-tree mst summary	148
show spanning-tree summary	148
show spanning-tree vlan	149
spanning-tree	149
no spanning-tree	149
spanning-tree configuration name	149
no spanning-tree configuration name	150
spanning-tree configuration revision	150
no spanning-tree configuration revision	150
spanning-tree edgeport	150
no spanning-tree edgeport	151
spanning-tree forceversion	151
no spanning-tree forceversion	151
spanning-tree forward-time	151
no spanning-tree forward-time	152
spanning-tree hello-time	152
no spanning-tree hello-time	152
spanning-tree max-age	152
no spanning-tree max-age	153
spanning-tree mst	153
no spanning-tree mst	153
spanning-tree mst instance	154
no spanning-tree mst instance	154
spanning-tree mst priority	154
no spanning-tree mst priority	155
spanning-tree mst vlan	155
no spanning-tree mst vlan	155
spanning-tree port mode	156
no spanning-tree port mode	156
spanning-tree port mode all	156
no spanning-tree port mode all	156
User Account Management Commands	156
disconnect	157
show loginsession	157
show users	157
users name	158
no users name	158
users passwd	159
no users passwd	159
users snmpv3 accessmode	159
no users snmpv3 accessmode	159
users snmpv3 authentication	160
no users snmpv3 authentication	160
users snmpv3 encryption	160
no users snmpv3 encryption	160
Security Commands	161
authentication login	161
no authentication login	161
clear dot1x statistics	162
clear radius statistics	162
dot1x defaultlogin	162
dot1x initialize	162
dot1x login	163
dot1x max-req	163
no dot1x max-req	163
dot1x port-control	163
no dot1x port-control	164
dot1x port-control All	164
no dot1x port-control All	164
dot1x re-authenticate	165
dot1x re-authentication	165
no dot1x re-authentication	165
dot1x system-auth-control	165
no dot1x system-auth-control	165
dot1x timeout	166
no dot1x timeout	167
dot1x user	167
no dot1x user	167
radius accounting mode	167
no radius accounting mode	167
radius server host	168
no radius server host	168
radius server key	169
radius server msgauth	169
radius server primary	169
radius server retransmit	169
no radius server retransmit	170
radius server timeout	170
no radius server timeout	170
show accounting	170
show authentication	172
show authentication users	172
show dot1x	172
show dot1x users	175
show radius	175
show radius statistics	176
show users authentication	177
users defaultlogin	178
users login	178
System Utilities	178
clear config	178
clear counters	179
clear igmpsnooping	179
clear pass	179
clear port-channel	179
clear traplog	179
clear vlan	180
copy	180
logout	181
ping	181
reload	181
Chapter 9 Routing Commands	183
Routing Commands	183
1583compatibility	183
no 1583compatibility	183
area authentication	184
no area authentication	184
area default-cost	184
area nssa	184
no area nssa	184
area nssa default-info-originate	185
area nssa no-redistribute (OSPF)	185
area nssa no-summary (OSPF)	185
area nssa translator-role (OSPF)	185
area nssa translator-stab-intv	186
area range	186
no area range	186
area stub	186
no area stub	187
area stub summarylsa	187
no area stub summarylsa	187
area virtual-link	187
no area virtual-link	187
area virtual-link authentication	188
no area virtual-link authentication	188
area virtual-link dead-interval	188
no area virtual-link dead-interval	189
area virtual-link hello-interval	189
no area virtual-link hello-interval	189
area virtual-link retransmit-interval	189
no area virtual-link retransmit-interval	190
area virtual-link transmit-delay	190
no area virtual-link transmit-delay	190
arp	190
no arp	191
arp cachesize	191
no arp cachesize	191
arp dynamicrenew	191
no arp dynamicrenew	192
arp purge	192
arp resptime	192
no arp resptime	192
arp retries	192
no arp retries	193
arp timeout	193
no arp timeout	193
auto-summary	193
no auto-summary	194
bootpdhcprelay cidoptmode	194
no bootpdhcprelay cidoptmode	194
bootpdhcprelay disable	194
no bootpdhcprelay disable	194
bootpdhcprelay maxhopcount	195
no bootpdhcprelay maxhopcount	195
bootpdhcprelay minwaittime	195
no bootpdhcprelay minwaittime	195
bootpdhcprelay serverip	196
no bootpdhcprelay serverip	196
clear arp-cache	196
default-information originate (OSPF)	196
no default-information originate (OSPF)	196
default-information originate (RIP)	197
no default-information originate (RIP)	197
default-metric (OSPF)	197
no default-metric (OSPF)	197
default-metric (RIP)	197
no default-metric (RIP)	197
enable (OSPF)	198
no enable (OSPF)	198
enable (RIP)	198
no enable (RIP)	198
distance ospf	198
no distance ospf	199
distance rip	199
no distance rip	199
distribute-list out	199
no distribute-list out	200
distribute-list out	200
no distribute-list out	200
no default-information originate	200
encapsulation	200
exit-overflow-interval	201
no exit-overflow-interval	201
external-lsdb-limit	201
no external-lsdb-limit	201
hostroutesaccept	202
no hostroutesaccept	202
ip address	202
no ip address	202
ip ecmpmode	203
no ip ecmpmode	203
ip forwarding	203
no ip forwarding	203
ip irdp	203
no ip irdp	204
ip irdp address	204
no ip irdp address	204
ip irdp holdtime	204
no ip irdp holdtime	204
ip irdp maxadvertinterval	205
no ip irdp maxadvertinterval	205
ip irdp minadvertinterval	205
no ip irdp minadvertinterval	205
ip irdp preference	205
no ip irdp preference	206
ip netdirbcast	206
no ip netdirbcast	206
ip ospf	206
no ip ospf	206
ip ospf areaid	207

Match case Limit results 1 per page

User Manual for the NETGEAR 7300 Series Layer 3 Managed Switch Software

Switching Commands

8-95

202-10009-01_060204

Security Commands

This section describes commands used for configuring security settings for login users and port

users.

authentication login

This command creates an authentication login list. The <

listname>

is up to 15 alphanumeric

characters and is not case sensitive. Up to 10 authentication login lists can be configured on the

switch. When a list is created, the authentication method “local” is set as the first method.

When the optional parameters “Option1”, “Option2” and/or “Option3” are used, an ordered list of

methods are set in the authentication login list. If the authentication login list does not exist, a new

authentication login list os first created and then the authentication methods are set in the

authentication login list. The maximum number of authentication login methods is three. The

possible method values are

local, radius

and

reject

The value of

local

indicates that the user’s locally stored ID and password are used for

authentication. The value of

radius

indicates that the user’s ID and password will be authenticated

using the RADIUS server. The value of

reject

indicates that the user is never authenticated.

To authenticate a user, the authentication methods in the user’s login will be attempted in order

until an authentication attempt succeeds or fails

Note that the default login list included with the default configuration can not be changed.

Format

authentication login <listname> [method1 [method2

[method3]]]

Mode

Global Config

no authentication login

This command deletes the specified authentication login list. The attempt to delete will fail if any

of the following conditions are true:

•

The login list name is invalid or does not match an existing authentication login list

•

The specified authentication login list is assigned to any user or to the nonconfigured user for

any component

•

The login list is the default login list included with the default configuration and was not

created using ‘config authentication login create’. The default login list cannot be deleted.