Table Of Contents
set
set accounting commands
set accounting connect
set accounting exec
set accounting suppress
set accounting system
set accounting update
set alias
set arp
set authentication enable
set authentication login
set authorization commands
set authorization enable
set authorization exec
set banner motd
set banner telnet
set boot auto-config
set boot config-register
set boot sync now
set boot system flash
set cam
set cam agingtime
set cam notification
set cdp
set cdp holdtime
set cdp interval
set cdp version
set cgmp
set cgmp fastleave
set cgmp leave
set channel cost
set channelprotocol
set channel vlancost
set config mode
set crypto key rsa
set dot1q-all-tagged
set dot1x
set
To display all of the ROM monitor command variable names, along with their values, use the set command.
set
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Types
ROM monitor command
Command Modes
Normal
Examples
This example shows how to use the set command to display all of the monitor variable names along with their values:
Related Commands
varname=
set accounting commands
To enable command event accounting on the switch, use the set accounting commands command.
set accounting commands enable {config | enable | all} [stop-only]{tacacs+}
set accounting commands disable
Syntax Description
enable
|
Enables the specified accounting method for commands.
|
config
|
Enables accounting for configuration commands only.
|
enable
|
Enables accounting for enable mode commands only.
|
all
|
Enables accounting for all commands.
|
stop-only
|
(Optional) Accounting method that applies at the conclusion of the command.
|
tacacs+
|
TACACS+ accounting for commands.
|
disable
|
Disables accounting for commands.
|
Defaults
Accounting is disabled.
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines
You must configure the TACACS+ servers before you enable accounting.
Examples
This example shows how to enable accounting for configuration commands when sending records only upon termination of the event, using a TACACS+ server:
Console> (enable) set accounting commands enable config stop-only tacacs+
Accounting set to enable for commands-config events in stop-only mode.
This example shows how to enable accounting for all commands when sending records only upon termination of an event, using a TACACS+ server:
Console> (enable) set accounting commands enable all stop-only tacacs+
Accounting set to enable for commands-all events in stop-only mode.
Console> (enable) reset cancel
This example shows how to disable command accounting:
Console> (enable) set accounting commands disable
Accounting set to disable for commands-config events.
This example shows how to configure accounting for enable mode commands:
Console> (enable) set accounting commands enable enable stop-only tacacs+
Accounting set to enable for commands-enable-mode event in stop-only mode.
Related Commands
set accounting connect
set accounting exec
set accounting suppress
set accounting system
set accounting update
set tacacs server
show accounting
set accounting connect
To enable tracking of outbound connection events on the switch, use the set accounting connect command.
set accounting connect enable {start-stop | stop-only} {tacacs+ | radius}
set accounting connect disable
Syntax Description
enable
|
Enables the specified accounting method for connection events.
|
start-stop
|
Accounting method that applies at the start and stop of the connection event.
|
stop-only
|
Accounting method that applies at the conclusion of the connection event.
|
tacacs+
|
TACACS+ accounting for connection events.
|
radius
|
RADIUS accounting for connection events.
|
disable
|
Disables accounting of connection events.
|
Defaults
Accounting is disabled.
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared keys before enabling accounting.
Examples
This example shows how to enable accounting on Telnet and rlogin sessions when generating records at stop only, using a TACACS+ server:
Console> (enable) set accounting connect enable stop-only tacacs+
Accounting set to enable for connect events in stop-only mode.
This example shows how to disable accounting:
Console> (enable) set accounting connect disable
Accounting set to disable for connect events.
Related Commands
set accounting commands
set accounting exec
set accounting suppress
set accounting system
set accounting update
set radius key
set tacacs key
set tacacs server
show accounting
set accounting exec
To enable tracking of Normal mode sessions on the switch, use the set accounting exec command.
set accounting exec enable {start-stop | stop-only} {tacacs+ | radius}
set accounting exec disable
Syntax Description
enable
|
Enables the specified accounting method for Normal mode events.
|
start-stop
|
Accounting method applied at the start and stop of the Normal mode event.
|
stop-only
|
Accounting method applied at the conclusion of the Normal mode event.
|
tacacs+
|
TACACS+ accounting for Normal mode events.
|
radius
|
RADIUS accounting for Normal mode events.
|
disable
|
Disables accounting for Normal mode events.
|
Defaults
Accounting is disabled.
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared keys before enabling accounting.
Examples
This example shows how to enable accounting of Normal login mode events when generating records at start and stop, using a RADIUS server:
Console> (enable) set accounting exec enable start-stop radius
Accounting set to enable for exec events in start-stop mode.
This example shows how to enable accounting of Normal login mode events when generating records at stop only, using a RADIUS server:
Console> (enable) set accounting exec enable stop-only radius
Accounting set to enable for exec events in stop-only mode.
This example shows how to enable accounting of Normal login mode events when generating records at start and stop, using a TACACS+ server:
Console> (enable) set accounting exec enable start-stop tacacs+
Accounting set to enable for exec events in start-stop mode.
This example shows how to enable accounting of Normal login mode events when generating records at stop only, using a TACACS+ server:
Console> (enable) set accounting exec enable stop-only tacacs+
Accounting set to enable for exec events in stop-only mode.
This example shows how to disable accounting of Normal login mode events:
Console> (enable) set accounting exec disable
Accounting set to disable for exec events in start-stop mode.
Related Commands
set accounting commands
set accounting connect
set accounting suppress
set accounting system
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accounting
set accounting suppress
To enable or disable suppression of accounting information for a user who has logged in without a username, use the set accounting suppress command.
set accounting suppress null-username {enable | disable}
Syntax Description
null-username
|
Unknown users.
|
enable
|
Enables suppression for unknown users.
|
disable
|
Disables suppression for unknown users.
|
Defaults
Accounting is disabled.
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines
You must configure the TACACS+ servers and shared keys before enabling accounting.
Examples
This example shows how to suppress accounting information for users who have logged in without a username:
Console> (enable) set accounting suppress null-username enable
Accounting will be suppressed for user with no username.
This example shows how to include accounting-event information of users who have logged in without a username:
Console> (enable) set accounting suppress null-username disable
Accounting will be not be suppressed for user with no username.
Related Commands
set accounting commands
set accounting connect
set accounting exec
set accounting system
set accounting update
set tacacs key
set tacacs server
show accounting
set accounting system
to enable accounting of system events on the switch, use the set accounting system command.
set accounting system enable {start-stop | stop-only} {tacacs+ | radius}
set accounting system disable
Syntax Description
enable
|
Enables the specified accounting method for system events.
|
start-stop
|
Accounting method applied at the start and stop of the system event.
|
stop-only
|
Accounting method applied at the conclusion of the system event.
|
tacacs+
|
TACACS+ accounting for system events.
|
radius
|
RADIUS accounting for system events.
|
disable
|
Disables accounting for system events.
|
Defaults
Accounting is disabled.
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared keys before enabling accounting.
Examples
This example shows how to enable accounting for system events when sending records only upon termination of the event, using a RADIUS server:
Console> (enable) set accounting system enable stop-only radius
Accounting set to enable for system events in start-stop mode.
This example shows how to enable accounting for system events when sending records upon the start-stop of the event, using a RADIUS server:
Console> (enable) set accounting system enable start-stop radius
Accounting set to enable for system events in start-stop mode.
This example shows how to enable accounting for system events when sending records only upon termination of the event, using a TACACS+ server:
Console> (enable) set accounting system enable stop-only tacacs+
Accounting set to enable for system events in start-stop mode.
This example shows how to enable accounting for system events when sending records upon the start-stop of the event, using a TACACS server:
Console> (enable) set accounting system enable start-stop tacacs+
Accounting set to enable for system events in start-stop mode.
This example shows how to disable accounting for system events:
Console> (enable) set accounting system disable
Accounting set to disable for system events.
Related Commands
set accounting commands
set accounting connect
set accounting exec
set accounting suppress
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accounting
set accounting update
To configure the frequency of accounting updates, use the set accounting update command.
set accounting update {new-info | periodic [interval]}
Syntax Description
new-info
|
Update only when new information is available.
|
periodic
|
Update periodically.
|
interval
|
(Optional) Periodic update interval time in minutes; valid intervals are from 1 to 71582 minutes.
|
Defaults
Accounting is disabled.
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines
You must configure the TACACS+ servers and shared keys before enabling accounting.
Examples
This example shows how to send accounting updates every 200 minutes:
Console> (enable) set accounting update periodic 200
Accounting updates will be periodic at 200 minute intervals.
This example shows how to send accounting updates only when there is new information:
Console> (enable) set accounting update new-info
Accounting updates will be sent on new information only.
Related Commands
set accounting commands
set accounting connect
set accounting exec
set accounting suppress
set accounting system
set radius key
set radius server
set tacacs key
set tacacs server
show accounting
set alias
To define command aliases (shortened versions of command names), use the set alias command.
set alias name command [parameter]
Syntax Description
name
|
Name for the alias being created.
|
command
|
Command for which the alias is being created.
|
parameter
|
(Optional) Parameter that applies to the command for which an alias is being created. See the specific command for valid parameters.
|
Defaults
No aliases are configured.
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines
The name all cannot be defined as an alias. Reserved words cannot be defined as aliases.
Examples
This example shows how to set arpdel as the alias for the clear arp command:
Console> (enable) set alias arpdel clear arp
Related Commands
show alias
set arp
To add IP address-to-MAC address mapping entries to the ARP table and to set the ARP aging time for the table, use the set arp command.
set arp [dynamic | permanent | static] [ip_addr | hw_addr]
set arp agingtime agingtime
Syntax Description
dynamic
|
(Optional) Entries are subject to ARP aging updates.
|
permanent
|
(Optional) Stores permanent entries in NVRAM until they are cleared by the clear arp or clear config command.
|
static
|
(Optional) Entries are not subject to ARP aging updates.
|
ip_addr
|
(Optional) IP address or IP alias to map to the specified MAC address.
|
hw_addr
|
(Optional) MAC address to map to the specified IP address or IP alias.
|
agingtime
|
Period of time after which an ARP entry is deleted from the ARP table.
|
agingtime
|
Number of seconds (from 0 to 1000000) for which entries will remain in the ARP table before being deleted. Setting this value to 0 disables aging.
|
Defaults
The default settings are as follows:
•
No ARP table entries exist
•
ARP aging is 1200 seconds
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines
hw_addr is 6-hexbyte MAC address expressed in canonical (00-11-22-33-44-55) or noncanonical (00:11:22:33:44:55) format.
Examples
This example shows how to configure a dynamic ARP entry mapping that will age out after the configured ARP aging time:
Console> (enable) set arp dynamic 198.133.219.232 00-00-0c-40-0f-bc
This example shows how to set the aging time for the ARP table to 1800 seconds (30 minutes):
Console> (enable) set arp agingtime 1800
ARP aging time set to 1800 seconds.
This example shows how to configure a permanent ARP entry, which will remain in the ARP cache after a system reset:
Console> (enable) set arp permanent 198.146.232.23 00-00-0c-30-0f-bc
Permanent ARP entry added as 198.146.232.23 at 00-00-0c-30-0f-bc on vlan 5
This example shows how to configure a static ARP entry, which will be deleted from the ARP cache after a system reset:
Console> (enable) set arp static 198.144.239.22 00-00-0c-50-0f-bc
Static ARP entry added as 198.144.239.22 at 00-00-0c-50-0f-bc on vlan 5
Related Commands
clear arp
show arp
set authentication enable
To configure the switch to use RADIUS, TACACS+, Kerberos, or local authentication to authenticate privileged (enable) mode access on the switch, use the set authentication enable command.
set authentication enable {radius | tacacs | kerberos} {enable} [console | telnet | http | all]
[primary]
set authentication enable {radius | tacacs | kerberos} {disable} [console | telnet | http | all]
set authentication enable local {enable | disable} [console | telnet | http | all]
set authentication enable attempt {count} [console | remote]
set authentication enable lockout {time} [console | remote]
Syntax Description
radius
|
RADIUS authentication for privileged mode access.
|
tacacs
|
TACACS+ authentication for privileged mode access.
|
kerberos
|
Kerberos authentication for privileged mode access.
|
enable
|
Enables the specified authentication method for privileged mode access.
|
console
|
(Optional) Applies the authentication method to console sessions.
|
telnet
|
(Optional) Applies the authentication method to Telnet sessions.
|
http
|
(Optional) Applies the authentication method to HTTP sessions.
|
all
|
(Optional) Applies the authentication method to all sessions.
|
primary
|
(Optional) Authentication method must be tried first.
|
disable
|
Disables the specified authentication method for privileged mode access.
|
local
|
Local authentication for privileged mode access.
|
attempt
|
Number of login attempts.
|
count
|
Number of allowed login attempts; valid configurable login attempt range is between 3 (default) to 10. Setting the maximum attempts to zero (0) disables limit checking.
|
remote
|
(Optional) Applies the authentication method to remote logins such as Telnet, SSH, Kerberos, and HTTP.
|
lockout
|
Period of time a user is locked out of the switch after unsuccessfully attempting to log in.
|
time
|
Period of time a user is locked out in seconds.; valid configurable lockout range is between 30 to 7200 seconds (1/2 minute to 2 hours). Setting the time to zero (0) disables the lockout time.
|
Defaults
The default settings are as follows:
•
Local authentication is enabled for console and Telnet sessions.
•
RADIUS, TACACS+, and Kerberos are disabled for all session types.
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines
You can specify TACACS+ or RADIUS as the primary authentication method for login and enable access by entering the primary keyword. If you enter the primary keyword, the specified authentication method will be tried first. If you do not specify a primary authentication, authentication will be tried in the order in which you enabled the authentication methods.
You can specify that the authentication method applies to console sessions, Telnet sessions, or both, by entering the console or telnet keyword. If you do not specify console or telnet the authentication method applies to both console and Telnet sessions.
Examples
This example shows how to use the TACACS+ server to determine if a user has privileged access permission:
Console> (enable) set authentication enable tacacs enable
tacacs enable authentication set to enable for console, telnet and http session.
This example shows how to use the local password to determine if the user has privileged access permission:
Console> (enable) set authentication enable local enable
local enable authentication set to enable for console, telnet and http session.
This example shows how to use the RADIUS server to determine if a user has privileged access permission for all session types:
Console> (enable) set authentication enable radius enable
radius enable authentication set to enable for console, telnet and http session.
This example shows how to use the TACACS+ server to determine if a user has privileged access permission for a console session:
Console> (enable) set authentication enable tacacs enable console
tacacs enable authentication set to enable for console session.
This example shows how to set the Kerberos server to be used first:
Console> (enable) set authentication enable kerberos enable primary
kerberos enable authentication set to enable for console, telnet and http session
n as primary authentication method.
This example shows how to set the enable login attempt to 5 for both console and remote sessions:
Console> (enable) set authentication enable attempt 5
Enable mode authentication attempts for console and remote login set to 5.
This example shows how to set the enable login attempt to 7 for remote sessions:
Console> (enable) set authentication enable attempt 7 remote
Enable mode authentication attempts for remote login set to 7.
This example shows how to set the enable login attempt to 8 for console sessions:
Console> (enable) set authentication enable attempt 8 console
Enable mode authentication attempts for console login set to 8.
This example shows how to set the enable lockout time for both console and remote sessions to 50 seconds:
Console> (enable) set authentication enable lockout 50
Enable mode lockout time for console and remote login set to 50 seconds.
This example shows how to set the enable lockout time for console sessions to 5 minutes:
Console> (enable) set authentication enable lockout 300 console
Enable mode lockout time for console login set to 5 minutes.
This example shows how to set the enable lockout time for remote sessions to 7 minutes and 10 seconds:
Console> (enable) set authentication enable lockout 430 remote
Enable mode lockout time for console and remote login set to 7 minutes and 10 seconds.
Related Commands
set authentication login
show authentication
set authentication login
To configure the switch to use TACACS+, Kerberos, RADIUS, or local authentication to authenticate Normal (login) mode access on the switch, use the set authentication login command.
set authentication login attempt count [console | remote]
set authentication login lockout time [console | remote]
set authentication login {radius | tacacs | kerberos} enable [console | telnet | http | all]
[primary]
set authentication login {radius | tacacs | kerberos} disable [console | telnet | http | all]
set authentication login local {enable | disable} [console | telnet | http | all]
Syntax Description
attempt count
|
Number of login attempts.
|
remote
|
(Optional) Authentication method applies to remote logins such as Telnet, SSH, kerberos, and HTTP.
|
lockout time
|
Period of time a user is locked out of the switch after unsuccessfully attempting to log in.
The configurable range is 30 to 7200 seconds. Setting the lockout time to zero (0) disables this function.
|
radius
|
RADIUS authentication for Normal mode access.
|
tacacs
|
TACACS+ authentication for Normal mode access.
|
kerberos
|
Kerberos authentication for Normal mode access.
|
enable
|
Enables the specified authentication method for Normal mode access.
|
console
|
(Optional) Applies the authentication method to console sessions.
|
telnet
|
(Optional) Applies the authentication method to Telnet sessions.
|
http
|
(Optional) Applies the authentication method to HTTP sessions.
|
all
|
(Optional) Applies the authentication method to all sessions.
|
primary
|
(Optional) Authentication method be tried first.
|
disable
|
Disables the specified authentication method for Normal mode access.
|
local
|
Local authentication for Normal mode access.
|
Defaults
The defaults settings are as follows:
•
Three login attempts.
•
Local authentication is the primary authentication method for login.
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines
This command allows you to choose the authentication method for the web interface. If you configure the authentication method for the HTTP session as RADIUS, then the username or password is validated using the RADIUS protocol, and TACACS+ and Kerberos authentication is set to disable for the HTTP sessions. By default, the HTTP login is validated using the local login password.
You can specify the authentication method for console, telnet, http, or all by entering the console, telnet, http, or all keywords. If you do not specify console, telnet, http, or all, the authentication method default is for all sessions.
The maximum number of login attempts from SNMP and the command-line interface (CLI) can be configured. The configurable range is from 0 to 10. To disable login attempts, set the level to 0. Failed login system logs are generated after five unsuccessful login attempts. If you are attempting access to enable mode, and the password fails more than the number of attempts allowed, the system will disable the execution of the enable command for the lockout time.
The lockout time is configurable from SNMP and the CLI. The configurable range is from 30 to 600 seconds (half a minute to ten minutes). For console login, the console will not allow logging in during that time. For remote logins the connection will be closed when the limit is reached, and any subsequent log in attempts from that station will be closed immediately by the switch.
When attempt limit checking is disabled, the lockout restriction is no longer applicable.
Examples
This example shows how to set the login attempt to 5 for both console and remote sessions:
Console> (enable) set authentication login attempt 5
Login authentication attempts for console and remote login set to 5.
This example shows how to set the login attempt to 7 for remote sessions:
Console> (enable) set authentication login attempt 7 remote
Login authentication attempts for remote login set to 7.
This example shows how to set the login attempt to 8 for console sessions:
Console> (enable) set authentication login attempt 8 console
Login authentication attempts for console login set to 8.
This example shows how to set the lockout time for both console and remote sessions to 50 seconds:
Console> (enable) set authentication login lockout 50
Login lockout time for console and remote login set to 50 seconds.
This example shows how to set the lockout time for console sessions to 5 minutes:
Console> (enable) set authentication login lockout 300 console
Login lockout time for console login set to 5 minutes.
This example shows how to set the lockout time for remote sessions to 7 minutes and 10 seconds:
Console> (enable) set authentication login lockout 430 remote
Login lockout time for console and remote login set to 7 minutes and 10 seconds.
This example shows how to disable TACACS+ authentication access for Telnet sessions:
Console> (enable) set authentication login tacacs disable telnet
tacacs login authentication set to disable for the telnet sessions.
This example shows how to disable RADIUS authentication access for console sessions:
Console> (enable) set authentication login radius disable console
radius login authentication set to disable for the console sessions.
This example shows how to disable Kerberos authentication access for Telnet sessions:
Console> (enable) set authentication login kerberos disable telnet
kerberos login authentication set to disable for the telnet sessions.
This example shows how to set TACACS+ authentication access as the primary method for HTTP sessions:
Console> (enable) set authentication login tacacs enable http primary
tacacs login authentication set to enable for HTTP sessions as primary authentication
method.
Related Commands
set authentication enable
show authentication
set authorization commands
To enable authorization of command events on the switch, use the set authorization commands command.
set authorization commands enable {config | enable | all} {option} {fallbackoption} [console |
telnet | both]
set authorization commands disable [console | telnet | both]
Syntax Description
enable
|
Enables the specified authorization method for commands.
|
config
|
Enables authorization for configuration commands only.
|
enable
|
Enables authorization for enable mode commands only.
|
all
|
Enables authorization for all commands.
|
option
|
Switch response to an authorization request. Valid values are tacacs+, if-authenticated, and none. See "Usage Guidelines" for more information.
|
fallbackoption
|
Switch fallback response to an authorization request if the TACACS+ server is down or not responding. Valid values are tacacs+, deny, if-authenticated, and none. See "Usage Guidelines" for more information.
|
console
|
(Optional) Applies the authorization method to console sessions.
|
telnet
|
(Optional) Applies the authorization method to Telnet sessions.
|
both
|
(Optional) Applies the authorization method to both console and Telnet sessions.
|
disable
|
Disables authorization for commands.
|
Defaults
Authorization is disabled.
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines
When you define the option and fallbackoption values, the following occurs:
•
tacacs+ specifies the TACACS+ authorization method.
•
deny does not let you proceed.
•
if-authenticated allows you to proceed with your action if you have been authenticated.
•
none allows you to proceed without further authorization in case the TACACS+ server does not respond.
Examples
This example shows how to enable authorization for all commands with an if-authenticated option and no fallback option, in case the TACACS+ daemon is down or does not respond:
Console> (enable) set authorization commands enable all if-authenticated none
Successfully enabled commands authorization.
This example shows how to disable command authorization:
Console> (enable) set authorization commands disable
Successfully disabled commands authorization.
This example shows how to configure authorization for enable mode commands:
Console> (enable) set authorization commands enable enable tacacs+ deny telnet
Successfully enabled commands authorization.
Related Commands
set authorization enable
set authorization exec
show authorization
set authorization enable
To authorize enable (privileged mode) session events on the switch, use the set authorization enable command.
set authorization enable enable {option} {fallbackoption} [console | telnet | both]
set authorization enable disable [console | telnet | both]
Syntax Description
enable
|
Enables the specified authorization method.
|
option
|
Switch response to an authorization request. Valid values are tacacs+, if-authenticated, and none. See "Usage Guidelines" for more information.
|
fallbackoption
|
Switch fallback response to an authorization request if the TACACS+ server is down or not responding. Valid values are tacacs+, deny, if-authenticated, and none. See "Usage Guidelines" for more information.
|
console
|
(Optional) Applies the authorization method to console sessions.
|
telnet
|
(Optional) Applies the authorization method to Telnet sessions.
|
both
|
(Optional) Applies the authorization method to both console and Telnet sessions.
|
disable
|
Disables the specified authorization method.
|
Defaults
Authorization is disabled.
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines
The tacacs+ value allows you to proceed with your action if you have authorization.
The deny value does not let you proceed if the TACACS+ server does not respond.
The if-authenticated value allows you to proceed with your action if you have been authenticated.
The none value allows you to proceed without further authorization in case the TACACS+ server does not respond.
Examples
This example shows how to enable authorization of configuration commands in enable mode sessions:
Console> (enable) set authorization enable enable if-authenticated
Successfully enabled enable authorization.
This example shows how to disable enable mode authorization:
Console> (enable) set authorization enable disable
Successfully disabled enable authorization.
Related Commands
set authorization commands
set authorization exec
show authorization
set authorization exec
To enable authorization of exec (Normal mode) session events on the switch, use the set authorization exec command.
set authorization exec enable {option} {fallbackoption} [console | telnet | both]
set authorization exec disable [console | telnet | both]
Syntax Description
enable
|
Enables the specified authorization method.
|
option
|
Switch response to an authorization request; valid values are tacacs+, if-authenticated, and none. See "Usage Guidelines" for more information.
|
fallbackoption
|
Switch fallback response to an authorization request if the TACACS+ server is down or not responding; valid values are tacacs+, deny, if-authenticated, and none. See "Usage Guidelines" for more information.
|
console
|
(Optional) Applies the authorization method to console sessions.
|
telnet
|
(Optional) Applies the authorization method to Telnet sessions.
|
both
|
(Optional) Applies the authorization method to console and Telnet sessions.
|
disable
|
Disables the specified authorization method.
|
Defaults
Authorization is disabled.
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines
The tacacs+ value allows you to proceed with your action if you have authorization.
The deny value does not let you proceed if the TACACS+ server does not respond.
The if-authenticated value allows you to proceed with your action if you have been authenticated.
The none value allows you to proceed without further authorization in case the TACACS+ server does not respond.
Examples
This example shows how to enable authorization of configuration commands in exec mode sessions:
Console> (enable) set authorization exec enable if-authenticated
Successfully enabled exec authorization.
This example shows how to disable exec mode authorization:
Console> (enable) set authorization exec disable
Successfully disabled exec authorization.
Related Commands
set authorization commands
set authorization enable
show authorization
set banner motd
To create a login banner that is displayed when users access the switch, use the set banner motd command.
set banner motd c [text] c
Syntax Description
c
|
Delimiting character used to begin and end the message.
|
text
|
(Optional) Message of the day.
|
Defaults
The MOTD banner is not displayed.
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines
The banner cannot contain more than 3070 characters, including tabs. Tabs display as eight characters but use only one character of space in memory.
You can use either the clear banner motd command or the set banner motd command to clear the message-of-the-day banner.
Examples
This example shows how to set the message of the day using the pound sign (#) as the delimiting character:
Console> (enable) set banner motd #
** System upgrade: starting: 6:00am Tuesday.
** Please log out before leaving on Monday. #
This example shows how to clear the message of the day using the set banner motd command:
Console> (enable) set banner motd ##
Related Commands
clear banner motd
set banner telnet
To create a login banner that is displayed when users access the switch using Telnet, use the set banner telnet command.
set banner telnet {enable | disable}
Syntax Description
enable
|
Displays the default console banner.
|
disable
|
Suppresses the default console banner.
|
Defaults
The default console banner is displayed.
Command Types
Switch command
Command Modes
Privileged
Examples
This example shows how to enable the default console banner:
Console> (enable) set banner telnet enable
Cisco Systems Console banner will be printed at telnet.
This example shows how to disable the default console banner:
Console> (enable) set banner telnet disable
Cisco Systems Console banner will not be printed at telnet.
set boot auto-config
To specify one or more configuration files to use to configure the switch at startup and to set the recurrence option. A list of configuration files is stored in the CONFIG_FILE environment variable, use the set boot auto-config command.
set boot auto-config device:filename [;device:filename...] [mod]
Syntax Description
device:
|
Device where the startup configuration file resides.
|
filename
|
Name of the startup configuration file.
|
mod
|
(Optional) Module number of the supervisor engine containing the Flash device.
|
Defaults
The default settings are as follows:
•
The set boot auto-config command is non-recurring.
•
The CONFIG_FILE environment variable is not defined.
Command Types
Switch command
Command Modes
Privileged
Usage Guidelines