Catalyst 4500 Series Command Reference, 7.5
set through set dot1x
Download this chapter
set through set dot1xset through set dot1x
Download the complete book
Book-length PDF: Catalyst 4500 Series Software Command Reference Guide, Release 7.5 Book-length PDF: Catalyst 4500 Series Software Command Reference Guide, Release 7.5 (PDF - 6 MB)
give_us_feedback

Table Of Contents

set

set accounting commands

set accounting connect

set accounting exec

set accounting suppress

set accounting system

set accounting update

set alias

set arp

set authentication enable

set authentication login

set authorization commands

set authorization enable

set authorization exec

set banner motd

set banner telnet

set boot auto-config

set boot config-register

set boot sync now

set boot system flash

set cam

set cam agingtime

set cam notification

set cdp

set cdp holdtime

set cdp interval

set cdp version

set cgmp

set cgmp fastleave

set cgmp leave

set channel cost

set channelprotocol

set channel vlancost

set config mode

set crypto key rsa

set dot1q-all-tagged

set dot1x


set

To display all of the ROM monitor command variable names, along with their values, use the set command.

set

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default settings.

Command Types

ROM monitor command

Command Modes

Normal

Examples

This example shows how to use the set command to display all of the monitor variable names along with their values: 

rommon 1 > set 

PS1=rommon ! > 

BOOT=

?=0

rommon 2 >

Related Commands

varname=

set accounting commands

To enable command event accounting on the switch, use the set accounting commands command.

set accounting commands enable {config | enable | all} [stop-only]{tacacs+}

set accounting commands disable

Syntax Description

enable

Enables the specified accounting method for commands.

config

Enables accounting for configuration commands only.

enable

Enables accounting for enable mode commands only.

all

Enables accounting for all commands.

stop-only

(Optional) Accounting method that applies at the conclusion of the command.

tacacs+

TACACS+ accounting for commands.

disable

Disables accounting for commands.


Defaults

Accounting is disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

You must configure the TACACS+ servers before you enable accounting.

Examples

This example shows how to enable accounting for configuration commands when sending records only upon termination of the event, using a TACACS+ server: 

Console> (enable) set accounting commands enable config stop-only tacacs+

Accounting set to enable for commands-config events in stop-only mode.

Console> (enable)

This example shows how to enable accounting for all commands when sending records only upon termination of an event, using a TACACS+ server: 

Console> (enable) set accounting commands enable all stop-only tacacs+

Accounting set to enable for commands-all events in stop-only mode.

Console> (enable) reset cancel

This example shows how to disable command accounting: 

Console> (enable) set accounting commands disable

Accounting set to disable for commands-config events.

Console> (enable)

This example shows how to configure accounting for enable mode commands: 

Console> (enable) set accounting commands enable enable stop-only tacacs+

Accounting set to enable for commands-enable-mode event in stop-only mode.

Related Commands

set accounting connect
set accounting exec
set accounting suppress
set accounting system
set accounting update
set tacacs server
show accounting

set accounting connect

To enable tracking of outbound connection events on the switch, use the set accounting connect command.

set accounting connect enable {start-stop | stop-only} {tacacs+ | radius}

set accounting connect disable

Syntax Description

enable

Enables the specified accounting method for connection events.

start-stop

Accounting method that applies at the start and stop of the connection event.

stop-only

Accounting method that applies at the conclusion of the connection event.

tacacs+

TACACS+ accounting for connection events.

radius

RADIUS accounting for connection events.

disable

Disables accounting of connection events.


Defaults

Accounting is disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

You must configure the RADIUS or TACACS+ servers and shared keys before enabling accounting.

Examples

This example shows how to enable accounting on Telnet and rlogin sessions when generating records at stop only, using a TACACS+ server: 

Console> (enable) set accounting connect enable stop-only tacacs+

Accounting set to enable for connect events in stop-only mode.

Console> (enable)

This example shows how to disable accounting: 

Console> (enable) set accounting connect disable

Accounting set to disable for connect events.

Console> (enable)

Related Commands

set accounting commands
set accounting exec
set accounting suppress
set accounting system
set accounting update
set radius key
set tacacs key
set tacacs server
show accounting

set accounting exec

To enable tracking of Normal mode sessions on the switch, use the set accounting exec command.

set accounting exec enable {start-stop | stop-only} {tacacs+ | radius}

set accounting exec disable

Syntax Description

enable

Enables the specified accounting method for Normal mode events.

start-stop

Accounting method applied at the start and stop of the Normal mode event.

stop-only

Accounting method applied at the conclusion of the Normal mode event.

tacacs+

TACACS+ accounting for Normal mode events.

radius

RADIUS accounting for Normal mode events.

disable

Disables accounting for Normal mode events.


Defaults

Accounting is disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

You must configure the RADIUS or TACACS+ servers and shared keys before enabling accounting.

Examples

This example shows how to enable accounting of Normal login mode events when generating records at start and stop, using a RADIUS server: 

Console> (enable) set accounting exec enable start-stop radius

Accounting set to enable for exec events in start-stop mode.

Console> (enable)

This example shows how to enable accounting of Normal login mode events when generating records at stop only, using a RADIUS server: 

Console> (enable) set accounting exec enable stop-only radius

Accounting set to enable for exec events in stop-only mode.

Console> (enable)

This example shows how to enable accounting of Normal login mode events when generating records at start and stop, using a TACACS+ server: 

Console> (enable) set accounting exec enable start-stop tacacs+

Accounting set to enable for exec events in start-stop mode.

Console> (enable)

This example shows how to enable accounting of Normal login mode events when generating records at stop only, using a TACACS+ server: 

Console> (enable) set accounting exec enable stop-only tacacs+

Accounting set to enable for exec events in stop-only mode.

Console> (enable)

This example shows how to disable accounting of Normal login mode events: 

Console> (enable) set accounting exec disable

Accounting set to disable for exec events in start-stop mode.

Console> (enable)

Related Commands

set accounting commands
set accounting connect
set accounting suppress
set accounting system
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accounting

set accounting suppress

To enable or disable suppression of accounting information for a user who has logged in without a username, use the set accounting suppress command.

set accounting suppress null-username {enable | disable}

Syntax Description

null-username

Unknown users.

enable

Enables suppression for unknown users.

disable

Disables suppression for unknown users.


Defaults

Accounting is disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

You must configure the TACACS+ servers and shared keys before enabling accounting.

Examples

This example shows how to suppress accounting information for users who have logged in without a username: 

Console> (enable) set accounting suppress null-username enable

Accounting will be suppressed for user with no username.

Console> (enable)

This example shows how to include accounting-event information of users who have logged in without a username: 

Console> (enable) set accounting suppress null-username disable

Accounting will be not be suppressed for user with no username.

Console> (enable)

Related Commands

set accounting commands
set accounting connect
set accounting exec
set accounting system
set accounting update
set tacacs key
set tacacs server
show accounting

set accounting system

to enable accounting of system events on the switch, use the set accounting system command.

set accounting system enable {start-stop | stop-only} {tacacs+ | radius}

set accounting system disable

Syntax Description

enable

Enables the specified accounting method for system events.

start-stop

Accounting method applied at the start and stop of the system event.

stop-only

Accounting method applied at the conclusion of the system event.

tacacs+

TACACS+ accounting for system events.

radius

RADIUS accounting for system events.

disable

Disables accounting for system events.


Defaults

Accounting is disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

You must configure the RADIUS or TACACS+ servers and shared keys before enabling accounting.

Examples

This example shows how to enable accounting for system events when sending records only upon termination of the event, using a RADIUS server: 

Console> (enable) set accounting system enable stop-only radius

Accounting set to enable for system events in start-stop mode.

Console> (enable)

This example shows how to enable accounting for system events when sending records upon the start-stop of the event, using a RADIUS server: 

Console> (enable) set accounting system enable start-stop radius

Accounting set to enable for system events in start-stop mode.

Console> (enable)

This example shows how to enable accounting for system events when sending records only upon termination of the event, using a TACACS+ server: 

Console> (enable) set accounting system enable stop-only tacacs+

Accounting set to enable for system events in start-stop mode.

Console> (enable)

This example shows how to enable accounting for system events when sending records upon the start-stop of the event, using a TACACS server: 

Console> (enable) set accounting system enable start-stop tacacs+

Accounting set to enable for system events in start-stop mode.

Console> (enable)

This example shows how to disable accounting for system events: 

Console> (enable) set accounting system disable

Accounting set to disable for system events.

Console> (enable)

Related Commands

set accounting commands
set accounting connect
set accounting exec
set accounting suppress
set accounting update
set radius key
set radius server
set tacacs key
set tacacs server
show accounting

set accounting update

To configure the frequency of accounting updates, use the set accounting update command.

set accounting update {new-info | periodic [interval]}

Syntax Description

new-info

Update only when new information is available.

periodic

Update periodically.

interval

(Optional) Periodic update interval time in minutes; valid intervals are from 1 to 71582 minutes.


Defaults

Accounting is disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

You must configure the TACACS+ servers and shared keys before enabling accounting.

Examples

This example shows how to send accounting updates every 200 minutes: 

Console> (enable) set accounting update periodic 200

Accounting updates will be periodic at 200 minute intervals.

Console> (enable)

This example shows how to send accounting updates only when there is new information: 

Console> (enable) set accounting update new-info

Accounting updates will be sent on new information only.

Console> (enable)

Related Commands

set accounting commands
set accounting connect
set accounting exec
set accounting suppress
set accounting system
set radius key
set radius server
set tacacs key
set tacacs server
show accounting

set alias

To define command aliases (shortened versions of command names), use the set alias command.

set alias name command [parameter]

Syntax Description

name

Name for the alias being created.

command

Command for which the alias is being created.

parameter

(Optional) Parameter that applies to the command for which an alias is being created. See the specific command for valid parameters.


Defaults

No aliases are configured.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

The name all cannot be defined as an alias. Reserved words cannot be defined as aliases.

Examples

This example shows how to set arpdel as the alias for the clear arp command: 

Console> (enable) set alias arpdel clear arp

Command alias added.

Console> (enable)

Related Commands

show alias

set arp

To add IP address-to-MAC address mapping entries to the ARP table and to set the ARP aging time for the table, use the set arp command.

set arp [dynamic | permanent | static] [ip_addr | hw_addr]

set arp agingtime agingtime

Syntax Description

dynamic

(Optional) Entries are subject to ARP aging updates.

permanent

(Optional) Stores permanent entries in NVRAM until they are cleared by the clear arp or clear config command.

static

(Optional) Entries are not subject to ARP aging updates.

ip_addr

(Optional) IP address or IP alias to map to the specified MAC address.

hw_addr

(Optional) MAC address to map to the specified IP address or IP alias.

agingtime

Period of time after which an ARP entry is deleted from the ARP table.

agingtime

Number of seconds (from 0 to 1000000) for which entries will remain in the ARP table before being deleted. Setting this value to 0 disables aging.


Defaults

The default settings are as follows:

No ARP table entries exist

ARP aging is 1200 seconds

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

hw_addr is 6-hexbyte MAC address expressed in canonical (00-11-22-33-44-55) or noncanonical (00:11:22:33:44:55) format.

Examples

This example shows how to configure a dynamic ARP entry mapping that will age out after the configured ARP aging time: 

Console> (enable) set arp dynamic 198.133.219.232 00-00-0c-40-0f-bc

ARP entry added.

Console> (enable)

This example shows how to set the aging time for the ARP table to 1800 seconds (30 minutes): 

Console> (enable) set arp agingtime 1800

ARP aging time set to 1800 seconds.

Console> (enable)

This example shows how to configure a permanent ARP entry, which will remain in the ARP cache after a system reset: 

Console> (enable) set arp permanent 198.146.232.23 00-00-0c-30-0f-bc

Permanent ARP entry added as 198.146.232.23 at 00-00-0c-30-0f-bc on vlan 5

Console> (enable)

This example shows how to configure a static ARP entry, which will be deleted from the ARP cache after a system reset: 

Console> (enable) set arp static 198.144.239.22 00-00-0c-50-0f-bc

Static ARP entry added as 198.144.239.22 at 00-00-0c-50-0f-bc on vlan 5

Console> (enable)

Related Commands

clear arp
show arp

set authentication enable

To configure the switch to use RADIUS, TACACS+, Kerberos, or local authentication to authenticate privileged (enable) mode access on the switch, use the set authentication enable command.

set authentication enable {radius | tacacs | kerberos} {enable} [console | telnet | http | all] [primary]

set authentication enable {radius | tacacs | kerberos} {disable} [console | telnet | http | all]

set authentication enable local {enable | disable} [console | telnet | http | all]

set authentication enable attempt {count} [console | remote]

set authentication enable lockout {time} [console | remote]

Syntax Description

radius

RADIUS authentication for privileged mode access.

tacacs

TACACS+ authentication for privileged mode access.

kerberos

Kerberos authentication for privileged mode access.

enable

Enables the specified authentication method for privileged mode access.

console

(Optional) Applies the authentication method to console sessions.

telnet

(Optional) Applies the authentication method to Telnet sessions.

http

(Optional) Applies the authentication method to HTTP sessions.

all

(Optional) Applies the authentication method to all sessions.

primary

(Optional) Authentication method must be tried first.

disable

Disables the specified authentication method for privileged mode access.

local

Local authentication for privileged mode access.

attempt

Number of login attempts.

count

Number of allowed login attempts; valid configurable login attempt range is between 3 (default) to 10. Setting the maximum attempts to zero (0) disables limit checking.

remote

(Optional) Applies the authentication method to remote logins such as Telnet, SSH, Kerberos, and HTTP.

lockout

Period of time a user is locked out of the switch after unsuccessfully attempting to log in.

time

Period of time a user is locked out in seconds.; valid configurable lockout range is between 30 to 7200 seconds (1/2 minute to 2 hours). Setting the time to zero (0) disables the lockout time.


Defaults

The default settings are as follows:

Local authentication is enabled for console and Telnet sessions.

RADIUS, TACACS+, and Kerberos are disabled for all session types.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

You can specify TACACS+ or RADIUS as the primary authentication method for login and enable access by entering the primary keyword. If you enter the primary keyword, the specified authentication method will be tried first. If you do not specify a primary authentication, authentication will be tried in the order in which you enabled the authentication methods.

You can specify that the authentication method applies to console sessions, Telnet sessions, or both, by entering the console or telnet keyword. If you do not specify console or telnet the authentication method applies to both console and Telnet sessions.

Examples

This example shows how to use the TACACS+ server to determine if a user has privileged access permission: 

Console> (enable) set authentication enable tacacs enable

tacacs enable authentication set to enable for console, telnet and http session.

Console> (enable)

This example shows how to use the local password to determine if the user has privileged access permission: 

Console> (enable) set authentication enable local enable

local enable authentication set to enable for console, telnet and http session.

Console> (enable)

This example shows how to use the RADIUS server to determine if a user has privileged access permission for all session types: 

Console> (enable) set authentication enable radius enable 

radius enable authentication set to enable for console, telnet and http session.

Console> (enable)

This example shows how to use the TACACS+ server to determine if a user has privileged access permission for a console session: 

Console> (enable) set authentication enable tacacs enable console

tacacs enable authentication set to enable for console session.

Console> (enable)

This example shows how to set the Kerberos server to be used first: 

Console> (enable) set authentication enable kerberos enable primary

kerberos enable authentication set to enable for console, telnet and http session

n as primary authentication method.

Console> (enable)

This example shows how to set the enable login attempt to 5 for both console and remote sessions: 

Console> (enable) set authentication enable attempt 5

Enable mode authentication attempts for console and remote login set to 5.

Console> (enable)

This example shows how to set the enable login attempt to 7 for remote sessions: 

Console> (enable) set authentication enable attempt 7 remote

Enable mode authentication attempts for remote login set to 7.

Console> (enable)

This example shows how to set the enable login attempt to 8 for console sessions: 

Console> (enable) set authentication enable attempt 8 console

Enable mode authentication attempts for console login set to 8.

Console> (enable)

This example shows how to set the enable lockout time for both console and remote sessions to 50 seconds: 

Console> (enable) set authentication enable lockout 50

Enable mode lockout time for console and remote login set to 50 seconds.

Console> (enable)

This example shows how to set the enable lockout time for console sessions to 5 minutes: 

Console> (enable) set authentication enable lockout 300 console

Enable mode lockout time for console login set to 5 minutes.

Console> (enable)

This example shows how to set the enable lockout time for remote sessions to 7 minutes and 10 seconds: 

Console> (enable) set authentication enable lockout 430 remote

Enable mode lockout time for console and remote login set to 7 minutes and 10 seconds.

Console> (enable)

Related Commands

set authentication login
show authentication

set authentication login

To configure the switch to use TACACS+, Kerberos, RADIUS, or local authentication to authenticate Normal (login) mode access on the switch, use the set authentication login command.

set authentication login attempt count [console | remote]

set authentication login lockout time [console | remote]

set authentication login {radius | tacacs | kerberos} enable [console | telnet | http | all] [primary]

set authentication login {radius | tacacs | kerberos} disable [console | telnet | http | all]

set authentication login local {enable | disable} [console | telnet | http | all]

Syntax Description

attempt count

Number of login attempts.

remote

(Optional) Authentication method applies to remote logins such as Telnet, SSH, kerberos, and HTTP.

lockout time

Period of time a user is locked out of the switch after unsuccessfully attempting to log in.

The configurable range is 30 to 7200 seconds. Setting the lockout time to zero (0) disables this function.

radius

RADIUS authentication for Normal mode access.

tacacs

TACACS+ authentication for Normal mode access.

kerberos

Kerberos authentication for Normal mode access.

enable

Enables the specified authentication method for Normal mode access.

console

(Optional) Applies the authentication method to console sessions.

telnet

(Optional) Applies the authentication method to Telnet sessions.

http

(Optional) Applies the authentication method to HTTP sessions.

all

(Optional) Applies the authentication method to all sessions.

primary

(Optional) Authentication method be tried first.

disable

Disables the specified authentication method for Normal mode access.

local

Local authentication for Normal mode access.


Defaults

The defaults settings are as follows:

Three login attempts.

Local authentication is the primary authentication method for login.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

This command allows you to choose the authentication method for the web interface. If you configure the authentication method for the HTTP session as RADIUS, then the username or password is validated using the RADIUS protocol, and TACACS+ and Kerberos authentication is set to disable for the HTTP sessions. By default, the HTTP login is validated using the local login password.

You can specify the authentication method for console, telnet, http, or all by entering the console, telnet, http, or all keywords. If you do not specify console, telnet, http, or all, the authentication method default is for all sessions.

The maximum number of login attempts from SNMP and the command-line interface (CLI) can be configured. The configurable range is from 0 to 10. To disable login attempts, set the level to 0. Failed login system logs are generated after five unsuccessful login attempts. If you are attempting access to enable mode, and the password fails more than the number of attempts allowed, the system will disable the execution of the enable command for the lockout time.

The lockout time is configurable from SNMP and the CLI. The configurable range is from 30 to 600 seconds (half a minute to ten minutes). For console login, the console will not allow logging in during that time. For remote logins the connection will be closed when the limit is reached, and any subsequent log in attempts from that station will be closed immediately by the switch.

When attempt limit checking is disabled, the lockout restriction is no longer applicable.

Examples

This example shows how to set the login attempt to 5 for both console and remote sessions: 

Console> (enable) set authentication login attempt 5

Login authentication attempts for console and remote login set to 5.

Console> (enable)

This example shows how to set the login attempt to 7 for remote sessions: 

Console> (enable) set authentication login attempt 7 remote

Login authentication attempts for remote login set to 7.

Console> (enable)

This example shows how to set the login attempt to 8 for console sessions: 

Console> (enable) set authentication login attempt 8 console

Login authentication attempts for console login set to 8.

Console> (enable)

This example shows how to set the lockout time for both console and remote sessions to 50 seconds: 

Console> (enable) set authentication login lockout 50

Login lockout time for console and remote login set to 50 seconds.

Console> (enable)

This example shows how to set the lockout time for console sessions to 5 minutes: 

Console> (enable) set authentication login lockout 300 console

Login lockout time for console login set to 5 minutes.

Console> (enable)

This example shows how to set the lockout time for remote sessions to 7 minutes and 10 seconds: 

Console> (enable) set authentication login lockout 430 remote

Login lockout time for console and remote login set to 7 minutes and 10 seconds.

Console> (enable)

This example shows how to disable TACACS+ authentication access for Telnet sessions: 

Console> (enable) set authentication login tacacs disable telnet

tacacs login authentication set to disable for the telnet sessions.

Console> (enable)

This example shows how to disable RADIUS authentication access for console sessions: 

Console> (enable) set authentication login radius disable console

radius login authentication set to disable for the console sessions.

Console> (enable)

This example shows how to disable Kerberos authentication access for Telnet sessions: 

Console> (enable) set authentication login kerberos disable telnet

kerberos login authentication set to disable for the telnet sessions.

Console> (enable)

This example shows how to set TACACS+ authentication access as the primary method for HTTP sessions: 

Console> (enable) set authentication login tacacs enable http primary

tacacs login authentication set to enable for HTTP sessions as primary authentication 
method.

Console> (enable)

Related Commands

set authentication enable
show authentication

set authorization commands

To enable authorization of command events on the switch, use the set authorization commands command.

set authorization commands enable {config | enable | all} {option} {fallbackoption} [console | telnet | both]

set authorization commands disable [console | telnet | both]

Syntax Description

enable

Enables the specified authorization method for commands.

config

Enables authorization for configuration commands only.

enable

Enables authorization for enable mode commands only.

all

Enables authorization for all commands.

option

Switch response to an authorization request. Valid values are tacacs+, if-authenticated, and none. See "Usage Guidelines" for more information.

fallbackoption

Switch fallback response to an authorization request if the TACACS+ server is down or not responding. Valid values are tacacs+, deny, if-authenticated, and none. See "Usage Guidelines" for more information.

console

(Optional) Applies the authorization method to console sessions.

telnet

(Optional) Applies the authorization method to Telnet sessions.

both

(Optional) Applies the authorization method to both console and Telnet sessions.

disable

Disables authorization for commands.


Defaults

Authorization is disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

When you define the option and fallbackoption values, the following occurs:

tacacs+ specifies the TACACS+ authorization method.

deny does not let you proceed.

if-authenticated allows you to proceed with your action if you have been authenticated.

none allows you to proceed without further authorization in case the TACACS+ server does not respond.

Examples

This example shows how to enable authorization for all commands with an if-authenticated option and no fallback option, in case the TACACS+ daemon is down or does not respond: 

Console> (enable) set authorization commands enable all if-authenticated none

Successfully enabled commands authorization.

Console> (enable)

This example shows how to disable command authorization: 

Console> (enable) set authorization commands disable

Successfully disabled commands authorization.

Console> (enable)

This example shows how to configure authorization for enable mode commands: 

Console> (enable) set authorization commands enable enable tacacs+ deny telnet 

Successfully enabled commands authorization.

Console> (enable)

Related Commands

set authorization enable
set authorization exec
show authorization

set authorization enable

To authorize enable (privileged mode) session events on the switch, use the set authorization enable command.

set authorization enable enable {option} {fallbackoption} [console | telnet | both]

set authorization enable disable [console | telnet | both]

Syntax Description

enable

Enables the specified authorization method.

option

Switch response to an authorization request. Valid values are tacacs+, if-authenticated, and none. See "Usage Guidelines" for more information.

fallbackoption

Switch fallback response to an authorization request if the TACACS+ server is down or not responding. Valid values are tacacs+, deny, if-authenticated, and none. See "Usage Guidelines" for more information.

console

(Optional) Applies the authorization method to console sessions.

telnet

(Optional) Applies the authorization method to Telnet sessions.

both

(Optional) Applies the authorization method to both console and Telnet sessions.

disable

Disables the specified authorization method.


Defaults

Authorization is disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

The tacacs+ value allows you to proceed with your action if you have authorization.

The deny value does not let you proceed if the TACACS+ server does not respond.

The if-authenticated value allows you to proceed with your action if you have been authenticated.

The none value allows you to proceed without further authorization in case the TACACS+ server does not respond.

Examples

This example shows how to enable authorization of configuration commands in enable mode sessions: 

Console> (enable) set authorization enable enable if-authenticated

Successfully enabled enable authorization.

Console> (enable)

This example shows how to disable enable mode authorization: 

Console> (enable) set authorization enable disable

Successfully disabled enable authorization.

Console> (enable)

Related Commands

set authorization commands
set authorization exec
show authorization

set authorization exec

To enable authorization of exec (Normal mode) session events on the switch, use the set authorization exec command.

set authorization exec enable {option} {fallbackoption} [console | telnet | both]

set authorization exec disable [console | telnet | both]

Syntax Description

enable

Enables the specified authorization method.

option

Switch response to an authorization request; valid values are tacacs+, if-authenticated, and none. See "Usage Guidelines" for more information.

fallbackoption

Switch fallback response to an authorization request if the TACACS+ server is down or not responding; valid values are tacacs+, deny, if-authenticated, and none. See "Usage Guidelines" for more information.

console

(Optional) Applies the authorization method to console sessions.

telnet

(Optional) Applies the authorization method to Telnet sessions.

both

(Optional) Applies the authorization method to console and Telnet sessions.

disable

Disables the specified authorization method.


Defaults

Authorization is disabled.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

The tacacs+ value allows you to proceed with your action if you have authorization.

The deny value does not let you proceed if the TACACS+ server does not respond.

The if-authenticated value allows you to proceed with your action if you have been authenticated.

The none value allows you to proceed without further authorization in case the TACACS+ server does not respond.

Examples

This example shows how to enable authorization of configuration commands in exec mode sessions: 

Console> (enable) set authorization exec enable if-authenticated 

Successfully enabled exec authorization.

Console> (enable)

This example shows how to disable exec mode authorization: 

Console> (enable) set authorization exec disable

Successfully disabled exec authorization.

Console> (enable)

Related Commands

set authorization commands
set authorization enable
show authorization

set banner motd

To create a login banner that is displayed when users access the switch, use the set banner motd command.

set banner motd c [text] c

Syntax Description

c

Delimiting character used to begin and end the message.

text

(Optional) Message of the day.


Defaults

The MOTD banner is not displayed.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines

The banner cannot contain more than 3070 characters, including tabs. Tabs display as eight characters but use only one character of space in memory.

You can use either the clear banner motd command or the set banner motd command to clear the message-of-the-day banner.

Examples

This example shows how to set the message of the day using the pound sign (#) as the delimiting character: 

Console> (enable) set banner motd #

** System upgrade: starting: 6:00am Tuesday.

** Please log out before leaving on Monday. #

MOTD banner set.

Console> (enable>

This example shows how to clear the message of the day using the set banner motd command: 

Console> (enable) set banner motd ##

MOTD banner cleared.

Console> (enable>

Related Commands

clear banner motd

set banner telnet

To create a login banner that is displayed when users access the switch using Telnet, use the set banner telnet command.

set banner telnet {enable | disable}

Syntax Description

enable

Displays the default console banner.

disable

Suppresses the default console banner.


Defaults

The default console banner is displayed.

Command Types

Switch command

Command Modes

Privileged

Examples

This example shows how to enable the default console banner: 

Console> (enable) set banner telnet enable

Cisco Systems Console banner will be printed at telnet.

Console> (enable>

This example shows how to disable the default console banner: 

Console> (enable) set banner telnet disable

Cisco Systems Console banner will not be printed at telnet.

Console> (enable>

set boot auto-config

To specify one or more configuration files to use to configure the switch at startup and to set the recurrence option. A list of configuration files is stored in the CONFIG_FILE environment variable, use the set boot auto-config command.

set boot auto-config device:filename [;device:filename...] [mod]

Syntax Description

device:

Device where the startup configuration file resides.

filename

Name of the startup configuration file.

mod

(Optional) Module number of the supervisor engine containing the Flash device.


Defaults

The default settings are as follows:

The set boot auto-config command is non-recurring.

The CONFIG_FILE environment variable is not defined.

Command Types

Switch command

Command Modes

Privileged

Usage Guidelines