78 10558
78 10558
78 10558
Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Access Registrar, AccessPath, Aironet, Any to Any, AtmDirector, Browse with Me, CCDA, CCDE, CCDP, CCIE, CCNA, CCNP, CCSI, CD-PAC, the Cisco logo, Cisco Certified Internetwork Expert logo, CiscoLink, the Cisco Management Connection logo, the Cisco NetWorks logo, the Cisco Powered Network logo, Cisco Systems Capital, the Cisco Systems Capital logo, Cisco Systems Networking Academy, the Cisco Systems Networking Academy logo, the Cisco Technologies logo, ConnectWay, Fast Step, FireRunner, Follow Me Browsing, FormShare, GigaStack, IGX, Intelligence in the Optical Core, Internet Quotient, IP/VC, Kernel Proxy, MGX, Natural Network Viewer, NetSonar, Network Registrar, the Networkers logo, Packet, PIX, Point and Click Internetworking, Policy Builder, Precept, RateMUX, ScriptShare, Secure Script, ServiceWay, Shop with Me, SlideCast, SMARTnet, SVX, The Cell, TrafficDirector, TransPath, ViewRunner, Virtual Loop Carrier System, Virtual Voice Line, VlanDirector, Voice LAN, Wavelength Router, Workgroup Director, and Workgroup Stack are trademarks; Changing the Way We Work, Live, Play, and Learn, Empowering the Internet Generation, The Internet Economy, and The New Internet Economy are service marks; and ASIST, BPX, Catalyst, Cisco, Cisco IOS, the Cisco IOS logo, Cisco Systems, the Cisco Systems logo, the Cisco Systems Cisco Press logo, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastLink, FastPAD, FastSwitch, GeoTel, IOS, IP/TV, IPX, LightStream, LightSwitch, MICA, NetRanger, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any of its resellers. (0004R) Catalyst 6000 Family Command Reference Copyright 2000, Cisco Systems, Inc. All rights reserved.
C O N T E N T S
Preface
Audience
Organization Conventions
Related Documentation
xx
xxi
Documentation CD-ROM Ordering Documentation Obtaining Technical Assistance Cisco Connection Online Documentation Feedback
1
CHAPTER
1-1
Accessing the Switch CLI Operating the Switch CLI ROM Monitor CLI
1-12
1-1 1-3
Accessing the ROM Monitor CLI Operating the ROM Monitor CLI
2
1-12 1-13
CHAPTER
Catalyst 6000 Family Switch and ROM Monitor Commands alias boot cd
2-2 2-4 2-5 2-6 2-7 2-8 2-9
2-1
iii
Contents
2-12 2-13
clear counters
clear gmrp statistics clear gvrp statistics clear igmp statistics clear ip alias
2-23
clear ip dns domain clear ip dns server clear ip permit clear ip route
2-26 2-28
2-24 2-25
clear kerberos clients mandatory clear kerberos credentials forward clear kerberos creds clear kerberos realm clear kerberos server clear key config-key clear lda clear log
2-35 2-37 2-38 2-39 2-31 2-32 2-33 2-34
2-29 2-30
clear mls exclude protocol clear mls multicast statistics clear mls nde flow clear multicast router clear ntp server clear port cops clear port qos cos clear port security
2-48 2-49 2-45
2-43 2-44
2-46 2-47
2-51 2-52
iv
78-10558-02
Contents
2-53
clear qos cos-dscp-map clear qos dscp-cos-map clear qos ipprec-dscp-map clear qos mac-cos clear qos map clear qos policer clear qos statistics clear radius
2-67 2-61 2-60
2-63
2-68
2-69 2-70
clear security acl capture-ports clear security acl map clear snmp access clear snmp group clear snmp notify
2-74 2-75 2-76 2-77 2-71 2-73
clear snmp targetaddr clear snmp targetparams clear snmp trap clear snmp user clear snmp view
2-78 2-79 2-80
2-81 2-82
clear spantree statistics clear spantree uplinkfast clear tacacs key clear tacacs server clear timezone clear top clear trunk clear vlan
2-89 2-90 2-91 2-88 2-86 2-87
2-84 2-85
Contents
2-93
clear vtp pruneeligible clear vtp statistics commit configure confreg context copy delete dev
2-97 2-98 2-99 2-101 2-103 2-105 2-110 2-111 2-96
2-95
commit lda
2-112
2-134
vi
78-10558-02
Contents
set accounting exec set accounting system set accounting update set alias set arp
2-150 2-151
set authentication enable set authentication login set authorization enable set authorization exec set banner motd
2-163 2-164
2-159
set boot config-register set boot device set cam set cdp
2-175 2-177 2-179 2-171
2-166 2-168
2-180
set default portstatus set enablepass set errordetection set feature mdg set garp timer set gmrp
2-193 2-194 2-186
2-185
set errdisable-timeout
2-189 2-190 2-191
2-187
2-195
2-199
vii
Contents
set gvrp dynamic-vlan-creation set gvrp registration set gvrp timer set igmp
2-205 2-206 2-203 2-201
2-200
set igmp fastleave set igmp mode set interface set ip alias set ip dns
2-207 2-208
set ip dns domain set ip dns server set ip http port set ip http server set ip permit set ip redirect set ip route set ip fragmentation
2-217 2-218
set ip unreachable
set kerberos clients mandatory set kerberos credentials forward set kerberos local-realm set kerberos realm set kerberos server
2-228 2-229 2-230 2-227
set kerberos srvtab entry set kerberos srvtab remote set key config-key set lcperroraction set lda
2-235 2-238 2-239 2-240 2-241 2-244 2-247 2-233 2-234
2-232
set length
set logging console set logging history set logging level set logging server set logging session
viii
78-10558-02
Contents
set logout
set mls agingtime set mls multicast set mls nde set module
2-255
2-258
set module name set module power set msmautostate set multicast router
2-263
set ntp broadcastclient set ntp broadcastdelay set ntp client set ntp server set password
2-268 2-269 2-270
set port auxiliaryvlan set port broadcast set port channel set port cops set port disable set port duplex set port enable set port gmrp set port gvrp set port host set port jumbo set port name set port protocol set port qos
2-277 2-278 2-279 2-280
2-271 2-273
2-274
2-281
2-287
2-290
2-292
2-293
ix
Contents
set port qos trust-ext set port security set port speed set port trap
set port voice interface dhcp set power redundancy set prompt set pvlan set qos
2-309 2-310 2-308
2-306
set protocolfilter
2-311
2-313
set qos acl default-action set qos acl ip set qos acl ipx set qos acl mac set qos acl map
2-317 2-322 2-325 2-327
2-315
set qos bridged-microflow-policing set qos cos-dscp-map set qos drop-threshold set qos dscp-cos-map set qos ipprec-dscp-map set qos mac-cos set qos map set qos policer set qos rsvp
2-335 2-336 2-338 2-329 2-330 2-332 2-333
2-328
2-341
2-344 2-345
2-348
78-10558-02
Contents
set radius retransmit set radius server set radius timeout set rcp username set rgmp set rspan
2-354 2-355
2-350
set security acl capture-ports set security acl ip set security acl ipx set security acl mac set security acl map set snmp access set snmp community set snmp group set snmp notify set snmp rmon
2-375 2-376 2-378 2-379 2-381 2-359 2-364 2-367 2-369
2-358
set snmp targetaddr set snmp targetparams set snmp trap set snmp user set snmp view set span
2-389 2-383 2-385 2-387
set spantree backbonefast set spantree disable set spantree enable set spantree fwddelay set spantree hello set spantree maxage set spantree portcost set spantree portfast set spantree portpri set spantree portstate
2-393 2-394
2-392
2-395
xi
Contents
set spantree portvlanpri set spantree priority set spantree root set summertime set system baud set system contact set spantree uplinkfast
2-411 2-413 2-414 2-407
2-405
2-406
2-409
set system countrycode set system highavailability set system location set system modem set system name set tacacs attempts set tacacs key set tacacs server set tacacs timeout set test diaglevel set time set trunk set udld
2-428 2-429 2-424 2-425 2-426 2-427
set timezone
set udld aggressive-mode set udld interval set vlan set vtp
2-437 2-440 2-436
2-444
2-445
2-450 2-451
xii
78-10558-02
Contents
2-453
show cam agingtime show cam count show cam msfc show cdp
2-459 2-462 2-458
2-456
2-457
2-469
2-479
show environment
show environment power show errdisable-timeout show errordetection show file show flash
2-490 2-491 2-489
show gmrp configuration show gmrp statistics show gmrp timer show gvrp statistics show ifindex
2-502 2-503 2-497
2-494
2-496
2-498
2-500
show igmp mode show imagemib show interface show ip alias show ip dns show ip http show ip permit show ip route show kerberos
2-504
2-506
2-518
xiii
Contents
2-519
2-529
show microcode
2-534
2-533
2-536 2-541
show mls exclude protocol show mls multicast show mls statistics show module
2-548 2-551 2-553 2-554 2-542 2-545
show moduleinit
show multicast group count show multicast router show netstat show ntp show port
2-560 2-567 2-569 2-558
2-556 2-557
show port auxiliaryvlan show port broadcast show port capabilities show port cdp show port cops
2-583
2-584
show port flowcontrol show port inlinepower show port jumbo show port protocol show port qos
2-597
2-598
2-599
xiv
78-10558-02
Contents
show port voice active show port voice fdl show proc show pvlan
2-617
2-614 2-616
show pvlan mapping show qos acl editbuffer show qos acl info show qos acl map
2-623 2-625
show qos acl resource-usage show qos info show qos maps show qos policer show qos rsvp show radius show reset
2-632 2-637 2-639 2-642 2-644
2-646
2-650 2-651
2-654 2-656
show security acl capture-ports show security acl map show snmp
2-659 2-661 2-662 2-657
show security acl resource-usage show snmp access show snmp counters
2-658
xv
Contents
show snmp targetaddr show snmp targetparams show snmp user show snmp view show span
2-679 2-681 2-675 2-677
show spantree
show spantree backbonefast show spantree blockedports show spantree portvlancost show spantree statistics show spantree summary show spantree uplinkfast show summertime show system show tacacs show test show time show top show trace show trunk show udld show users show version show vlan show voicevlan show vtp domain show vtp statistics slip
2-733 2-695 2-694
2-697
show tech-support
2-702 2-707
show timezone
2-709
2-708
2-711
xvi
78-10558-02
Contents
switch console
2-738 2-739 2-740
test snmp trap traceroute unalias undelete unset= upload verify wait write
A
2-745 2-746 2-747 2-748
2-741
2-742
varname=
2-750 2-751
2-749
whichboot
2-753
2-752
APPENDIX
Acronyms
17
A-1
INDEX
Catalyst 6000 Family Switch and ROM Monitor Commands A Commands B Commands C Commands D Commands E Commands F Commands H Commands M Commands P Commands Q Commands R Commands S Commands
17 17 17 19 20 20 20 20 20 20 20 21
17
xvii
Contents
21 26
xviii
78-10558-02
Preface
This preface describes the audience, organization, and conventions of this publication and provides information on how to obtain related documentation.
Audience
This publication is for experienced network administrators who are responsible for configuring and maintaining Catalyst 6000 family switches.
Organization
This guide is organized as follows: Chapter Chapter 1 Chapter 2 Title Command-Line Interfaces Catalyst 6000 Family Switch and ROM Monitor Commands Acronyms Description Describes the two types of CLIs found on Catalyst 6000 family switches Lists alphabetically and provides detailed information for all Catalyst 6000 family switch and ROM-monitor commands Defines the acronyms used in this publication
Appendix A
Related Documentation
Other documents in the Catalyst 6000 family switch documentation set include:
Catalyst 6000 Family Installation Guide Catalyst 6000 Family Module Installation Guide Catalyst 6000 Family Software Configuration Guide System Message GuideCatalyst 6000 Family, 5000 Family, 4000 Family, Catalyst 2926G Series, Catalyst 2948G, and Catalyst 2980G Switches Catalyst 6000 Family Quick Software Configuration
xix
Preface Conventions
Catalyst 6000 Family Multilayer Switch Feature Card and Policy Feature Card Configuration Guide Release Notes for Catalyst 6000 Family Software Release 6.1 ATM Software Configuration Guide and Command Reference for the Catalyst 5000 Family and 6000 Family Switches
Conventions
This document uses the following conventions: Convention boldface font italic font [ ] {x|y|z} [x|y|z] string Description Commands and keywords are in boldface. Arguments for which you supply values are in italics. Elements in square brackets are optional. Alternative keywords are grouped in braces and separated by vertical bars. Optional alternative keywords are grouped in brackets and separated by vertical bars. A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks. font Terminal sessions and information the system displays are in screen font. Information you must enter is in boldface screen font. Arguments for which you supply values are in italic screen font. The symbol ^ represents the key labeled Controlfor example, the key combination ^D in a screen display means hold down the Control key while you press the D key. Nonprinting characters, such as passwords are in angle brackets. Default responses to system prompts are in square brackets. An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.
screen
boldface screen
< > [ ] !, #
Note
Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication.
xx
78-10558-02
Caution
Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.
Obtaining Documentation
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
Documentation CD-ROM
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly. Therefore, it is probably more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Ordering Documentation
Registered CCO users can order the Documentation CD-ROM and other Cisco Product documentation through our online Subscription Services at http://www.cisco.com/cgi-bin/subcat/kaojump.cgi. Nonregistered CCO users can order documentation through a local account representative by calling Ciscos corporate headquarters (California, USA) at 408 526-4000 or, in North America, call 800 553-NETS (6387).
xxi
WWW: www.cisco.com Telnet: cco.cisco.com Modem using standard connection rates and the following terminal settings: VT100 emulation; 8 data bits; no parity; and 1 stop bit.
From North America, call 408 526-8070 From Europe, call 33 1 64 46 40 82
In North America, TAC can be reached at 800 553-2447 or 408 526-7209. For other telephone numbers and TAC e-mail addresses worldwide, consult the following web site: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.
xxii
78-10558-02
Documentation Feedback
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. You can e-mail your comments to bug-doc@cisco.com. To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address: Cisco Systems, Inc. Document Resource Connection 170 West Tasman Drive San Jose, CA 95134-9883 We appreciate and value your comments.
xxiii
xxiv
78-10558-02
C H A P T E R
Command-Line Interfaces
This chapter describes the command-line interfaces (CLI) available on the Catalyst 6000 family switches and contains these sections:
For definitions of terms and acronyms listed in this publication, see Appendix A, Acronyms.
Switch CLI
The Catalyst 6000 family switches are multimodule systems. Commands you enter from the CLI can apply to the entire system or to a specific module, port, or VLAN. You can configure and maintain the Catalyst 6000 family switches by entering commands from the switch CLI. The CLI is a basic command-line interpreter similar to the UNIX C shell. Using the CLI session command, you can access the router configuration software and perform tasks such as history substitution and alias creation.
Note
The Catalyst 6000 family consists of the Catalyst 6000 and 6500 series switches. The Catalyst 6000 series consists of the Catalyst 6006 and 6009 switches; the Catalyst 6500 series consists of the Catalyst 6506 and 6509 switches. Throughout this publication and all Catalyst 6000 family documents, the phrase Catalyst 6000 family switches refers to all four switches, unless otherwise noted.
Note
EIA/TIA-232 was known as RS-232 before its acceptance as a standard by the Electronic Industries Alliance and Telecommunications Industry Association.
1-1
Command-Line Interfaces
Command
From the Cisco Systems Console prompt, press Return. At the prompt, enter the system <password> password. The Console> prompt appears indicating that you have accessed the CLI in normal mode. Enter the necessary commands to complete your desired tasks. When finished, exit the session. Appropriate commands quit
Step 3 Step 4
After connecting through the console port, you see this display:
Cisco Systems Console Enter password: Console> Console>
Command
From the remote host, enter the telnet hostname | ip_addr telnet command and the name or IP address of the switch you want to access. At the prompt, enter the password <password> for the CLI. If no password has been configured, press Return. Enter the necessary commands to complete your desired tasks. When finished, exit the Telnet session. Appropriate commands quit
Step 2
Step 3 Step 4
1-2
78-10558-02
Chapter 1
Keystroke Ctrl-A Ctrl-B or the left arrow key Ctrl-C Ctrl-D Ctrl-E Ctrl-F or the right arrow key Ctrl-K Ctrl-L; Ctrl-R Ctrl-N or the down arrow key Ctrl-P or the up arrow key Ctrl-U; Ctrl-X Ctrl-W
1 1 1
Function Jumps to the first character of the command line. Moves the cursor back one character. Escapes and terminates prompts and tasks. Deletes the character at the cursor. Jumps to the end of the current command line. Moves the cursor forward one character. Deletes from the cursor to the end of the command line. Repeats current command line on a new line. Enters next command line in the history buffer. Enters previous command line in the history buffer. Deletes from the cursor to the beginning of the command line. Deletes last word typed.
1-3
Command-Line Interfaces
Table 1-1
Function Moves the cursor back one word. Deletes from the cursor to the end of the word. Moves the cursor forward one word. Erases mistake when entering a command; reenter command after using this key.
Keystrokes Press Ctrl-B or press the left arrow key1. Press Ctrl-F or press the right arrow key1. Press Ctrl-A. Press Ctrl-E. Press Esc B.
Move the cursor back one character. Move the cursor forward one character. Move the cursor to the beginning of the command line. Move the cursor to the end of the command line. Move the cursor back one word.
1-4
78-10558-02
Chapter 1
If your keyboard does not have a Tab key, press Ctrl-I instead. In the following example, when you enter the letters conf and press the Tab key, the system provides the complete command:
Console> (enable) conf<Tab> Console> (enable) configure
If you enter a set of characters that could indicate more than one command, the system beeps to indicate an error. Enter a question mark (?) to obtain a list of commands that begin with that set of characters. Do not leave a space between the last letter and the question mark (?). For example, three commands in privileged mode start with co. To see what they are, enter co? at the privileged prompt. The system displays all commands that begin with co, as follows:
Console> (enable) co? configure connect copy
Recall the most recent entry in the buffer. Recall the next buffer entry.
The buffer contains only the last ten items you have deleted or cut. If you press Esc Y more than ten times, you cycle back to the first buffer entry.
Use line wrapping with the command history feature to recall and modify previous complex command entries. See the Using History Substitution section on page 1-8 for information about recalling previous command entries. The system assumes your terminal screen is 80 columns wide. If your screen has a different width, enter the terminal width command to tell the router the correct width of your screen.
1-5
Command-Line Interfaces
Deleting Entries
Perform one of these tasks to delete command entries if you make a mistake or change your mind: Task
Keystrokes Press the Delete or Backspace key. Press Ctrl-D. Press Ctrl-K. Press Ctrl-U or Ctrl-X.
Erase the character to the left of the cursor. Delete the character at the cursor. Delete from the cursor to the end of the command line. Delete from the cursor to the beginning of the command line. Delete from the cursor to the end of the word.
Delete the word to the left of the cursor. Press Ctrl-W. Press Esc D.
Note
The ---More--- prompt is used for any output that has more lines than can be displayed on the terminal screen, including show command output.
1-6
78-10558-02
Chapter 1
Controlling Capitalization
You can change words to uppercase or lowercase, or capitalize a set of letters, with simple keystroke sequences: Task
Capitalize at the cursor. Change the word at the cursor to lowercase. Capitalize letters from the cursor to the end of the word.
Insert a code to indicate to the system that the Press Ctrl-V or Esc Q. keystroke immediately following should be treated as a command entry, not an editing key.
1-7
Command-Line Interfaces
Command
To repeat recent commands:
Function Repeat the most recent command. Repeat the nnth most recent command. Repeat command n. Repeat the command beginning with string aaa. Repeat the command containing the string aaa. Replace string aaa with string bbb in the most recent command. Add string aaa to the end of the most recent command. Add string aaa to the end of command n. Add string bbb to the end of the command beginning with string aaa. Add string bbb to the end of the command containing string aaa.
1-8
78-10558-02
Chapter 1
Exit from the Admin session Tunnel to ATM or Router module Set, use 'set help' for more info Show, use 'show help' for more info Trace the route to a host Verify checksum of file on flash device Wait for x seconds Which file booted Console>
In privileged mode, enter the help or ? command to display a list of top-level commands and command categories, as follows:
Console> (enable) help Commands: ---------------------------------------------------------------------cd Set default flash device clear Clear, use 'clear help' for more info configure Configure system from network copy Copy files between TFTP/module/flash devices delete Delete a file on flash device dir Show list of files on flash device disable Disable privileged mode disconnect Disconnect user session download Download code to a processor enable Enable privileged mode format Format a flash device help Show this message history Show contents of history substitution buffer ping Send echo packets to hosts pwd Show default flash device quit Exit from the Admin session reconfirm Reconfirm VMPS reload Force software reload to linecard reset Reset system or module session Tunnel to ATM or Router module set Set, use 'set help' for more info show Show, use 'show help' for more info slip Attach/detach Serial Line IP interface squeeze Reclaim space used by deleted files switch Switch to standby <clock|supervisor> telnet Telnet to a remote host test Test, use 'test help' for more info traceroute Trace the route to a host undelete Undelete a file on flash device upload Upload code from a processor verify Verify checksum of file on flash device wait Wait for x seconds whichboot Which file booted write Write system configuration to terminal/network Console> (enable)
1-9
Command-Line Interfaces
Command Categories
On some commands (such as clear, set, and show), typing help or ? after the command provides a list of commands in that category. For example, this display shows a partial list of commands for the clear category:
Console> (enable) clear help Clear commands: ---------------------------------------------------------------------------clear alias Clear aliases of commands clear arp Clear ARP table entries clear banner Clear Message Of The Day banner clear boot Clear booting environment variable clear cam Clear CAM table entries clear channel Clear PAgP statistical information ...
Context-Sensitive Help
Usage and syntax information for individual commands can be seen by appending help or ? to any specific command. For example, the following display shows usage and syntax information for the set length command:
Console> set length help Usage: set length <screenlength> [default] (screenlength = 5..512, 0 to disable 'more' feature) Console>
1-10
78-10558-02
Chapter 1
Some commands require an IP address. The IP address format is 32 bits, written as four octets separated by periods (dotted decimal format). IP addresses are made up of a network section, an optional subnet section, and a host section, as shown in this example:
126.2.54.1
If DNS is configured properly on the switch, you can use IP hostnames instead of IP addresses. For information on configuring DNS, refer to the Software Configuration Guide for your switch. If the IP alias table is configured, you can use IP aliases in place of the dotted decimal IP address. This is true for most commands that use an IP address, except commands that define the IP address or IP alias. When entering the IPX address syntax, use the following format:
IPX net address1..FFFFFFFE IPX node addressx.x.x where x is 0..FFFF IPX addressipx_net.ipx_node (for example 3.0034.1245.AB45, A43.0000.0000.0001)
Use the command self-repeat function to display matches to all possible keywords if a string represents a unique match. If a unique match is not found, the longest matching string is provided. To display the matches, enter a space after the last parameter and enter ?. Once the matches are displayed, the system comes back to the prompt and displays the last command without the ?. In the example below, notice how the system repeats the command entered without the ?.
Console> (enable) set mls nde disable Disable multilayer switching data export filter enable Enable multilayer switching data export filter engineer Engineer setting of the export filter flow Setting multilayer switching export filter <collector_ip> IP address Console> (enable) set mls nde
1-11
Command-Line Interfaces
Use the keyword-lookup function to display a list of valid keywords and arguments for a command. To display the matches, enter a space after the last parameter and enter ?. For example, eight parameters are used by the set mls command. To see these parameters, enter set mls ? at the privileged prompt. In the example below, notice how the system repeats the command entered without the ?:
Console> (enable) set mls ? agingtime disable enable nde flow include multicast statistics Console> (enable) set mls Set agingtime for MLS cache entry Disable MLS in the switch Enable MLS in the switch Configure Netflow Data Export Set minimum flow mask Include MLS-RP Set MLS feature for multicast Add protocols to protocol statistics list
Use the partial-keyword-lookup function to display a list of commands that begin with a specific set of characters. To display the matches, enter ? immediately after the last parameter. For example, enter co? at the privileged prompt to display a list of commands that start with co. The system displays all commands that begin with co and repeats the command entered without the ?:
Console> (enable) co? configure copy Console> (enable) co Configure system from network Copy files between TFTP/RCP/module/flash devices
Use the command completion function to complete a command or keyword. When you enter a unique partial character string and press Tab, the system completes the command or keyword on the command line. For example, if you enter co at the privileged prompt and press Tab, the system completes the command as configure because it is the only command that matches the criteria. If no completion can be done, no action is carried out and the system returns to the prompt and the last command. The cursor appears immediately after the keyword, allowing you to enter additional information.
Note
Break is always enabled for 60 seconds after rebooting the system, regardless of whether Break is configured to be off by configuration register settings. To connect through a terminal server, escape to the Telnet prompt, and enter the send break command to break back to the ROM-monitor mode.
1-12
78-10558-02
Chapter 1
Note
Enter the copy file-id {tftp | flash | file-id} command to obtain an image from the network.
bootBoot from ROM boot [-xv] [device:][imagename]Boot from the local device. If you do not specify an image name, the system defaults to the first valid file in the device. The image name is case sensitive.
Once you are in ROM-monitor mode, the prompt changes to rommon 1>. While you are in ROM-monitor mode, each time you enter a command, the number in the prompt increments by one.
1-13
Command-Line Interfaces
1-14
78-10558-02
C H A P T E R
2-1
Chapter 2 alias
alias
Use the alias command to set and display aliases. alias [name=value]
Syntax Description
name= value
(Optional) Name you give to the alias. (Optional) Value of the alias.
Defaults
Command Types
Command Modes
Normal.
Usage Guidelines
If value contains white space or other special (shell) characters, you must use quotation marks. If value has a space as its last character, the next command line word is checked for an alias (normally, only the first word on a command line is checked). Without an argument, this command prints a list of all aliased names with their values. An equal sign (=) is required between the name and value of the alias. You must issue a sync command to save your change. If you do not issue a sync command, the change is not saved and a reset removes your change.
Examples
This example shows how to display a list of available alias commands and how to create an alias for the set command:
rommon 1 > alias r=repeat h=history ?=help b=boot ls=dir i=reset k=stack rommon 2 > alias s=set rommon 3 > alias r=repeat h=history ?=help b=boot ls=dir i=reset
2-2
78-10558-02
Chapter 2
Related Commands
unalias
2-3
Chapter 2 boot
boot
Use the boot command to boot up an external process. boot [-x] [-v] [device:][imagename]
Syntax Description
-x -v device: imagename
(Optional) Load the image but do not execute. (Optional) Toggle verbose mode. (Optional) ID of the device. (Optional) Name of the image.
Defaults
Command Types
Command Modes
Normal.
Usage Guidelines
With no arguments, boot will boot the first image in bootflash. Specify an image by typing its name. Specify the device by typing the device ID. If no device is given with an imagename, the image is not booted. If a device name is not recognized by the monitor, the monitor passes the device ID to the boot helper image. This command will not boot the MSFC if the PFC is not present in the Catalyst 6000 family switch.
Examples
2-4
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands cd
cd
Use the cd command to set the default Flash device for the system. cd [[m/]device:]
Syntax Description
m/ device:
(Optional) Module number of the supervisor engine containing the Flash device. (Optional) Valid devices include bootflash and slot0.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
A colon (:) is required after the specified device. For those commands where device is an option, the device set by cd is used if the default device is not specified.
Examples
This example shows how to set the system default Flash device to bootflash:
Console> cd bootflash: Default flash device set to bootflash. Console>
Related Commands
pwd
2-5
clear alias
Use the clear alias command to clear the shorthand versions of commands. clear alias {name | all}
Syntax Description
name all
Alternate identifier of the command. Keyword that clears every alternate identifier previously created.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-6
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear arp
clear arp
Use the clear arp command to delete a specific entry or all entries from the ARP table. clear arp [all | dynamic | permanent | static] {ip_addr}
Syntax Description
(Optional) Keyword to clear all ARP entries. (Optional) Keyword to clear all dynamic ARP entries. (Optional) Keyword to clear all permanent ARP entries. (Optional) Keyword to clear all static ARP entries. IP address to clear from the ARP table.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to remove IP address 198.133.219.209 from the ARP table:
Console> (enable) clear arp 198.133.219.209 ARP entry deleted. Console> (enable)
This example shows how to remove all entries from the ARP table:
Console> (enable) clear arp all ARP table cleared. (1) Console> (enable)
(1) indicates the number of entries cleared. This example shows how to remove all dynamically learned ARP entries:
Console> (enable) clear arp dynamic Unknown host Dynamic ARP entries cleared. (3) Console> (enable)
This example shows how to clear all permanently entered ARP entries:
Console> (enable) clear arp permanent Unknown host Permanent ARP entries cleared.(5) Console> (enable)
Related Commands
2-7
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-8
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear boot auto-config
Syntax Description
mod
(Optional) Module number of the supervisor engine containing the Flash device.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-9
Syntax Description
mod
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows how to clear the NAM boot string from NVRAM for module 2:
Console> (enable) clear boot device 2 Device BOOT variable = Console> (enable)
Related Commands
2-10
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear boot system
Syntax Description
Keyword to clear the whole BOOT environment variable. (Optional) Module number of the supervisor engine containing the Flash device. (Optional) Keyword to clear the Flash device. Name of the Flash device. (Optional) Filename of the Flash device.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the whole BOOT environment variable:
Console> (enable) clear boot system all BOOT variable = Console> (enable)
Related Commands
2-11
clear cam
Use the clear cam command to delete a specific entry or all entries from the CAM table. clear cam {mac_addr | dynamic | static | permanent} [vlan]
Syntax Description
One or more MAC addresses. Keyword to clear the dynamic CAM entries from the CAM table. Keyword to clear the static CAM entries from the CAM table. Keyword to clear the permanent CAM entries from the CAM table. (Optional) Number of the VLAN; valid values are 1 to 1005.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to remove MAC address 00-40-0b-a0-03-fa from the CAM table:
Console> (enable) clear cam 00-40-0b-a0-03-fa CAM table entry cleared. Console> (enable)
This example shows how to clear dynamic entries from the CAM table:
Console> (enable) clear cam dynamic Dynamic CAM entries cleared. Console> (enable)
Related Commands
2-12
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear channel statistics
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
show channel
2-13
clear config
Use the clear config command to clear the system or module configuration information stored in NVRAM. clear config {mod | rmon | all | snmp | acl {nvram}}
Syntax Description
Number of the module. Keyword to clear all RMON configurations, including the historyControlTable, the alarmTable, the eventTable, and the ringStation ControlTable. Keyword to clear all module and system configuration information, including the IP address. Keyword to clear all SNMP configurations. Keywords to clear all ACL configurations.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When using an MSM, clear config clears the portion of the MSM configuration kept by the Catalyst 6000 series switch supervisor engine. The portion of the configuration kept by the MSM must be cleared at the router level (router> prompt). Before using the clear config all command, save a backup of the configuration using the copy command.
Examples
This example shows how to delete the configuration information in NVRAM on module 2:
Console> (enable) clear config 2 This command will clear module 2 configuration. Do you want to continue (y/n) [n]? y .............................. Module 2 configuration cleared. Console> (enable)
2-14
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear config
This example shows how to delete the configuration information stored in NVRAM on module 1 (the supervisor engine):
Console> (enable) clear config 1 This command will clear module 1 configuration. Do you want to continue (y/n) [n]? y ...... Module 1 configuration cleared. host%
This example shows how to delete all the configuration information for the Catalyst 6000 family switches:
Console> (enable) clear config all This command will clear all configuration in NVRAM. Do you want to continue (y/n) [n]? y ........................................... Connection closed by foreign host host%
This example shows how to delete all the SNMP configuration information for the Catalyst 6000 family switches:
Console> (enable) clear config snmp This command will clear SNMP configuration in NVRAM. Do you want to continue (y/n) [n]? y ........................................... Connection closed by foreign host host%
This example shows how to delete all ACL configuration information from NVRAM:
Console> (enable) clear config acl nvram ACL configuration has been deleted from NVRAM. Warning: Use the copy commands to save the ACL configuration to a file and the 'set boot config-register auto-config' commands to configure the auto-config feature. Console> (enable)
Related Commands
2-15
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear all private VLAN configurations in the system:
Console> (enable) clear config pvlan This command will clear all private VLAN configurations. Do you want to continue (y/n) [n]? y VLAN 15 deleted VLAN 16 deleted VLAN 17 deleted VLAN 18 deleted Private VLAN configuration cleared. Console> (enable)
Related Commands
set vlan show vlan set pvlan set pvlan mapping clear vlan clear pvlan mapping show pvlan show pvlan mapping configure show config
2-16
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear cops
clear cops
Use the clear cops command to clear COPS configurations. clear cops roles role1 [role2]... clear cops all-roles clear cops server all clear cops server ipaddress [primary] [diff-serv | rsvp] clear cops server ipaddress [diff-serv | rsvp] clear cops domain-name
Syntax Description
roles role# all-roles server all ipaddress primary diff-serv rsvp domain-name
Keyword and variable to specify the roles to clear. Keyword to clear all roles. Keyword to specify the COPS server. Keyword to clear all servers. Keyword and variable to specify the IP address or IP alias of the server. (Optional) Keyword to specify the primary server. (Optional) Keyword to specify the differentiated services server table. (Optional) Keyword to specify the RSVP+ server table. Domain name of the server.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can use the clear cops all-roles command to clear all roles from all ports.
Examples
2-17
Related Commands
2-18
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear counters
clear counters
Use the clear counters command to clear MAC and port counters. clear counters
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to reset MAC and port counters to zero:
Console> (enable) clear counters This command will reset all MAC and port counters reported in CLI and SNMP. Do you want to continue (y/n) [n]? y MAC and Port counters cleared. Console> (enable)
Related Commands
2-19
Syntax Description
vlan all
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear GMRP statistical information from all VLANs:
Console> (enable) clear gmrp statistics GMRP statistics cleared. Console> (enable)
This example shows how to clear GMRP statistical information from VLAN 1:
Console> (enable) clear gmrp statistics 1 GMRP statistics cleared from VLAN 1. Console> (enable)
Related Commands
2-20
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear gvrp statistics
Syntax Description
mod/port all
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear GVRP statistical information for module 2, port 1:
Console> (enable) clear gvrp statistics 2/1 GVRP statistics cleared on port 2/1. Console> (enable)
Related Commands
2-21
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-22
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear ip alias
clear ip alias
Use the clear ip alias command to clear IP aliases set using the set ip alias command. clear ip alias {name | all}
Syntax Description
name all
IP address alias to delete. Keyword to specify that all previously set IP address aliases be deleted.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to delete a previously defined IP alias named babar:
Console> (enable) clear ip alias babar IP alias deleted. Console> (enable)
Related Commands
2-23
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the default DNS domain name:
Console> (enable) clear ip dns domain Default DNS domain name cleared. Console> (enable)
Related Commands
2-24
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear ip dns server
Syntax Description
ip_addr all
IP address of the DNS server you want to remove. An IP alias or a host name that can be resolved through DNS can also be used. Keyword to specify all the IP addresses in the DNS server listing to be removed.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to remove the DNS server at IP address 198.92.30.32 from the DNS server listing:
Console> (enable) clear ip dns server 198.92.30.32 198.92.30.32 cleared from DNS table. Console> (enable)
This example shows how to remove all DNS servers from the DNS server listing:
Console> (enable) clear ip dns server all All DNS servers cleared Console> (enable)
Related Commands
2-25
clear ip permit
Use the clear ip permit command to remove a specified IP address and mask or all IP addresses and masks from the permit list. clear ip permit {ip_addr} [mask] [snmp | telnet | all]
Syntax Description
IP address to be cleared. An IP alias or a host name that can be resolved through DNS can also be used. (Optional) Subnet mask of the specified IP address. (Optional) Keyword to specify removal from the SNMP IP permit list. (Optional) Keyword to specify removal from the Telnet IP permit list. (Optional) Keyword to specify all entries in the IP permit list to be removed.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The clear ip permit all command clears the permit list but does not change the state of the IP permit feature. A warning is displayed if all IP addresses are cleared from the permit list, and the feature is enabled. If a mask other than the default (255.255.255.255) has been configured, you must provide both the address and mask to clear a specific entry. If the snmp, telnet, or all keyword is not specified, the IP address is removed from both the SNMP and Telnet permit lists.
2-26
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear ip permit
Examples
Related Commands
2-27
clear ip route
Use the clear ip route command to delete IP routing table entries. clear ip route destination gateway
Syntax Description
destination gateway
IP address of the host or network. An IP alias or a host name that can be resolved through DNS can also be used. IP address or alias of the gateway router.
Defaults
The default is destination. If the destination is not the active default gateway, the actual destination is the default.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to delete the route table entries using the clear ip route command:
Console> (enable) clear ip route 134.12.3.0 elvis Route deleted. Console> (enable)
Related Commands
2-28
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear kerberos clients mandatory
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not make Kerberos authentication mandatory and Kerberos authentication fails, the application attempts to authenticate users using the default method of authentication for that network service. For example, Telnet prompts for a password.
Examples
Related Commands
2-29
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you have a TGT and are authenticated to a Kerberized switch, you can use the TGT to authenticate to a host on the network. However, if forwarding is not enabled and you try to list credentials after authenticating to a host, the output will show no Kerberos credentials present.
Examples
Related Commands
set kerberos credentials forward set kerberos clients mandatory show kerberos creds
2-30
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear kerberos creds
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you have a TGT and are authenticated to a Kerberized switch, you can use the TGT to authenticate to a host on the network.
Examples
Related Commands
2-31
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear an entry mapping a kerberos-realm to a domain name:
Console> (enable) clear kerberos realm CISCO CISCO.COM Kerberos DnsDomain-Realm entry CISCO - CISCO.COM deleted Console> (enable)
Related Commands
2-32
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear kerberos server
Syntax Description
Name of the Kerberos realm. Name of the host running the KDC. IP address of the host running the KDC. (Optional) Number of the port on the module.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can specify to the switch which KDC to use in a Kerberos realm. This command clears a server entry from the table.
Examples
This example shows how to clear a KDC server entered on the switch:
Console> (enable) clear kerberos server CISCO.COM 187.0.2.1 750 Kerberos Realm-Server-Port entry CISCO.COM-187.0.2.1-750 deleted Console> (enable)
Related Commands
2-33
Syntax Description
string
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-34
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear lda
clear lda
Use the clear lda command set to remove the ASLB MLS entries or MAC addresses from the switch. clear lda mls clear lda mls [destination ip_addr_spec] [source ip_addr_spec] [protocol protocol src-port src_port dst-port dst_port] clear lda vip {all | vip | vip tcp_port} clear lda mac {all | router_mac_address}
Syntax Description
Keyword to remove configured LDs. (Optional) Full destination IP address or a subnet address in these formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit. (Optional) Full source IP address or a subnet address in these formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit. (Optional) Keyword and variable to specify additional flow information (protocol family and protocol port pair) to be matched; valid values include tcp, udp, icmp, or a decimal number for other protocol families. (Optional) Keyword and variable to specify the number of the TCP/UDP source port (decimal). Used with dst-port to specify the port pair if the protocol is tcp or udp. 0 indicates do not care. (Optional) Keyword and variable to specify the number of the TCP/UDP destination port (decimal). Used with src-port to specify the port pair if the protocol is tcp or udp. 0 indicates do not care. Keywords to remove all VIP couples (set using the set lda command). Keyword and variable to specify a VIP. Keyword and variables to specify a VIP and port couple. Keywords to clear all ASLB router MAC addresses. Keyword and variable to clear a specific router MAC address.
src-port src_port dst-port dst_port vip all vip vip vip vip tcp_port mac all mac router_mac_ address
Defaults
Command Types
Switch command.
Command Modes
Privileged.
2-35
Usage Guidelines
Entering the destination keyword specifies the entries matching the destination IP address specification, entering the source keyword specifies the entries matching the source IP address specification, and entering an ip_addr_spec can specify a full IP address or a subnet address. If you do not specify a keyword, it is treated as a wildcard, and all entries are displayed. When entering the ip_addr_spec, use the full IP address or a subnet address in one of the following formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit. If you do not enter any keywords, the LD is removed from the switch and the LD configuration is removed from NVRAM. If you do not enter any keywords with the clear lda mls command, all ASLB MLS entries are cleared.
Examples
This example shows how to clear the ASLB MLS entry at a specific destination address:
Console> (enable) clear lda mls destination 172.20.26.22 MLS IP entry cleared. Console> (enable)
This example shows how to delete a VIP and port pair (VIP 10.0.0.8, port 8):
Console> (enable) clear lda vip 10.0.0.8 8 Successfully deleted vip/port pairs. Console> (enable)
This example shows how to clear all ASLB router MAC addresses:
Console> (enable) clear lda mac all Successfully cleared Router MAC address. Console> (enable)
This example shows how to clear a specific ASLB router MAC address:
Console> (enable) clear lda mac 1-2-3-4-5-6 Successfully cleared Router MAC address. Console> (enable)
Related Commands
2-36
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear log
clear log
Use the clear log command set to delete module, system error log, or dump log entries. clear log [mod] clear log dump
Syntax Description
mod dump
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a module number, the system error log for the entire system is erased.
Examples
Related Commands
show log
2-37
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-38
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands clear logging server
Syntax Description
ip_addr
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to delete a syslog server from the configuration:
Console> (enable) clear logging server 171.69.192.207 System log server 171.69.192.207 removed from system log server table. Console> (enable)
Related Commands
2-39
clear mls
Use the clear mls command set to clear the IP or IPX MLS features in the Catalyst 6000 family switches. clear mls statistics clear mls statistics protocol {protocol} {port} | all clear mls entry [ip | ipx] all clear mls entry [ip] [destination ip_addr_spec] [source ip_addr_spec] [protocol protocol] [src-port src_port] [dst-port dst_port] clear mls entry [ipx] [destination ipx_addr_spec] [source ipx_net_addr]
Syntax Description
statistics statistics protocol protocol port all entry ip ipx destination ip_addr_spec source protocol protocol
Keyword to clear total packets switched and total packets exported (for NDE). Keywords to clear protocols for statistics collection. Number of the protocol in the protocol statistics list. Number of the port. Keyword to clear all entries from the statistics protocol list. Keyword to purge the specified MLS entry or all entries if all is specified. All matching MLS entries are purged. (Optional) Keyword to specify IP MLS. (Optional) Keyword to specify IPX MLS. (Optional) Keyword to specify the destination IP address. (Optional) Full IP address or a subnet address in these formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit. (Optional) Keyword to specify the source IP address. (Optional) Keyword and variable to specify additional flow information (protocol family and protocol port pair) to be matched; valid values are from 1 to 255, ip, ipinip, icmp, igmp, tcp, and udp. (Optional) Keyword and variable to specify the source port IP address. (Optional) Keyword and variable to specify the destination port IP address. (Optional) Full IPX address or a subnet address in these formats: src_net/[mask], dest_net.dest_node, or dest_net/mask. (Optional) Source IPX net address.
Defaults
Command Types
Switch command.
2-40
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear mls
Command Modes
Privileged.
Usage Guidelines
When specifying the ip | ipx keyword, if you specify ip or do not enter a keyword, this means that the command is for IP MLS. If you specify ipx, this means the command is for IPX only. When entering the IPX address syntax, use the following format:
IPX net address1..FFFFFFFE IPX node addressx.x.x where x is 0..FFFF IPX addressipx_net.ipx_node (for example 3.0034.1245.AB45, A43.0000.0000.0001)
Up to 16 routers can be included explicitly as MLS-RPs. To use a router as an MLS, you must meet these conditions:
The router must be included (either explicitly or automatically) in the MLS-SE. The MLS feature must be enabled in the Catalyst 6000 family switches. The Catalyst 6000 family switches must know the routers MAC-VLAN pairs. ip_subnet_addrThis is the short subnet address format. The trailing decimal number 00 in an IP address YY.YY.YY.00 specifies the boundary for an IP subnet address. For example, 172.22.36.00 indicates a 24-bit subnet address (subnet mask 172.22.36.00/255.255.255.0), and 173.24.00.00 indicates a 16-bit subnet address (subnet mask 173.24.00.00/255.255.0.0). However, this format can identify only a subnet address of 8, 16, or 24 bits. ip_addr/subnet_maskThis is the long subnet address format. For example, 172.22.252.00/255.255.252.00 indicates a 22-bit subnet address. This format can specify a subnet address of any bit number. To provide more flexibility, the ip_addr is a full host address, such as 172.22.253.1/255.255.252.00. ip_addr/maskbitsThis is the simplified long subnet address format. The mask bits specify the number of bits of the network masks. For example, 172.22.252.00/22 indicates a 22-bit subnet address. The ip_addr is a full host address, such as 193.22.253.1/22, which has the same subnet address as the ip_subnet_addr.
If you do not use the all argument in the clear mls entry command, you must specify at least one of the other three keywords (source, destination, or protocol) and its arguments. A 0 value for source_port and destination_port clears all entries. Unspecified options are treated as wildcards, and all entries are cleared. If you enter any of the clear mls commands on a Catalyst 6000 family switch without MLS, this warning message displays:
Feature not supported in hardware.
When you remove an MSM from the Catalyst 6000 family switch, it is removed immediately from the inclusion list and all the MLS entries for the MSM are removed.
2-41
Examples
This example shows how to disable IP MLS for the Stargate router (IP address 172.20.15.1):
Console> (enable) clear mls include Stargate Multilayer switching is disabled for router 172.20.15.1 (Stargate) Console> (enable)
This example shows how to clear IP MLS statistics, including total packets switched and total packets exported (for NDE):
Console> (enable) clear mls statistics Netflow data export statistics cleared. Console> (enable)
This example shows how to clear protocol 17, port 19344 from statistics collection:
Console> (enable) clear mls statistics protocol 17 19344 Protocol 17 port 1934 cleared from protocol statistics list. Console> (enable)
This example shows how to clear the MLS entries with destination IP address 172.20.26.22:
Console> (enable) clear mls entry destination 172.20.26.22 Multilayer switching entry cleared. Console> (enable)
This example shows how to clear specific IP MLS entries for destination IP address 172.20.26.22:
Console> (enable) clear mls entry ip destination 172.20.26.22 source 172.20.22.113 protocol tcp 520 320 Multilayer switching entry cleared Console> (enable)
This example shows how to clear specific IPX MLS entries for a destination IPX address:
Console> (enable) clear mls entry ipx destination 1.00e0.fefc.6000 source 3.0034.1245.AB45 IPX Multilayer switching entry cleared Console> (enable)
Related Commands
set mls agingtime set mls exclude protocol set mls nde set mls statistics protocol show mls
2-42
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear mls exclude protocol
Syntax Description
Keyword to specify a TCP port. Keyword to specify a UDP port. Keyword to specify that the port be applied to both TCP and UDP traffic. Number of the port.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set TCP packets in a protocol port to be hardware switched:
Console> (enable) clear mls exclude protocol tcp 25 TCP packets with protocol port 25 will be MLS switched. Console> (enable)
Related Commands
2-43
Syntax Description
mod
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you enter the clear mls multicast statistics command on a Catalyst 6000 family switch without MLS, this warning message is displayed:
MLS Multicast is not supported on feature card.
If you place the MFSC on a supervisor engine installed in slot 1, then the MFSC is recognized as module 15. If you install the supervisor engine in slot 2, the MFSC is recognized as module 16.
Examples
Related Commands
2-44
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear mls nde flow
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Clearing both exclusion and inclusion filters results in exporting of all flows.
Examples
This example shows how to clear the NDE exclusion and inclusion filters and export all flows:
Console> (enable) clear mls nde flow Netflow data export filter cleared. Console> (enable)
Related Commands
2-45
Syntax Description
mod
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is supported by the NAM only. The password [username] command is a NAM command and not a supervisor engine console command. A message is displayed when the password is successfully cleared. See the Examples section for an example of the message.
Examples
This example shows how to clear the password from the NAM:
Console> (enable) clear module password 6 Module 6 password cleared. Console> (enable) 2000 Apr 07 11:03:06 %SYS-5-MOD_PASSWDCLR:Module 6 password cl eared from telnet/10.6.1.10/tester Console> (enable)
Related Commands
password
2-46
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear multicast router
Syntax Description
mod/port all
Number of the module and the port on the module. Keyword to specify all multicast router ports to be cleared.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-47
Syntax Description
ip_addr all
IP address of the server to remove from the server table. Keyword to specify all server addresses in the server table to be removed.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to remove a specific NTP server from the server table:
Console> (enable) clear ntp server 172.20.22.191 NTP server 172.20.22.191 removed. Console> (enable)
This example shows how to remove all NTP servers from the server table:
Console> (enable) clear ntp server all All NTP servers cleared. Console> (enable)
Related Commands
2-48
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear port broadcast
Syntax Description
mod/port
Defaults
The default configuration has broadcast/multicast suppression cleared (that is, unlimited broadcast/multicast traffic allowed).
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-49
Syntax Description
Number of the module and the port on the module. Keyword and variable to specify the roles to clear. Keyword to clear all roles.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The clear port cops command detaches the roles from the port only; it does not remove them from the global table.
Examples
Related Commands
2-50
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear port qos cos
Syntax Description
mod/ports..
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to return the values set by the set port qos cos command to the factory-set default values for module 2, port 1:
Console> (enable) clear port qos 2/1 cos Port 2/1 qos cos setting cleared. Console> (enable)
Related Commands
2-51
Syntax Description
Number of the module and the port on the module. MAC address to be deleted. Keyword to remove all MAC addresses.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to remove a specific MAC address from a ports list of secure addresses:
Console> (enable) clear port security 4/1 00-11-22-33-44-55 00-11-22-33-44-55 cleared from secure address list list for port 4/1. Console> (enable)
Related Commands
2-52
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear pvlan mapping
Syntax Description
Number of the primary VLAN. Number of the isolated VLAN. Number of the community VLAN. Number of the module and promiscuous port.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify the mapping to clear, all the mappings of the specified promiscuous ports are cleared.
Examples
This example shows how to clear the mapping of VLAN 902 to 901, previously set on ports 3/2-5:
Console> (enable) clear pvlan mapping 901 902 3/2-5 Successfully cleared mapping between 901 and 902 on 3/2-5 Console> (enable)
Related Commands
set vlan show vlan set pvlan set pvlan mapping clear vlan clear config pvlan show pvlan show pvlan mapping
2-53
Syntax Description
acl_name editbuffer_index default-action ip ipx mac all map mod/port vlan all
Unique name that identifies the list to which the entry belongs. (Optional) ACE position in the ACL. Keyword to remove default actions. Keyword to clear IP ACE default actions. Keyword to clear IPX ACE default actions. Keyword to clear MAC-layer ACE default actions. Keyword to clear all ACE default actions. Keyword to detach an ACL. Number of the module and the port on the module. Number of the VLAN. Keyword to detach an ACL from all interfaces.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Changes you make by entering this command are saved to NVRAM and hardware only after you enter the commit command. Use the show qos acl editbuffer command to display the ACL list.
Examples
2-54
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear qos acl
This example shows how to detach a specific ACL from all interfaces:
Console> (enable) clear qos acl map my_acl all Hardware programming in progress... ACL my_acl is detached from all interfaces. Console> (enable)
This example shows how to detach a specific ACL from a specific VLAN:
Console> (enable) clear qos acl map ftp_acl 4 Hardware programming in progress... ACL ftp_acl is detached from vlan 4. Console> (enable)
This example shows how to delete IP ACE default actions configured by the set qos acl default-action command:
Console> (enable) clear qos acl default-action ip Hardware programming in progress... QoS default-action for IP ACL is restored to default setting. Console> (enable)
Related Commands
2-55
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to return the values set by the set qos command to the factory-set default values and delete the CoS assigned to MAC addresses:
Console> (enable) clear qos config This command will disable QoS and take values back to factory default. Do you want to continue (y/n) [n]? y QoS config cleared. Console> (enable)
Related Commands
2-56
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear qos cos-dscp-map
Syntax Description
Defaults
0 0
1 8
2 16
3 24
4 32
5 40
6 48
7 56
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-57
Syntax Description
Defaults
0 to 7 0
8 to 15 1
16 to 23 24 to 31 32 to 39 40 to 47 48 to 55 56 to 63 2 3 4 5 6 7
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-58
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear qos ipprec-dscp-map
Syntax Description
Defaults
0 0
1 8
2 16
3 24
4 32
5 40
6 48
7 56
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-59
Syntax Description
Number of the destination host MAC address. (Optional) Number of the VLAN. Keyword to clear CoS values for all MAC/VLAN pairs.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If the vlan number is not entered, all entries for the MAC address are cleared.
Examples
This example shows how to clear the values set by the set qos mac-cos command and return to the factory-set default values for all MAC address and VLAN pairs:
Console> (enable) clear qos mac-cos all All CoS to Mac/Vlan entries are cleared. Console> (enable)
This example shows how to clear the values set by the set qos mac-cos command and return to the factory-set default values for a specific MAC address:
Console> (enable) clear qos mac-cos 1-2-3-4-5-6 1 CoS to Mac/Vlan entry for mac 01-02-03-04-05-06 vlan 1 is cleared. Console> (enable)
Related Commands
2-60
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear qos map
Syntax Description
port_type tx | rx
Port type; valid values are 2q2t and 1p2q2t for transmit and 1p1q4t for receive. Keyword to specify the transmit or receive queue.
Defaults
The default mappings for all ports are shown in Table 2-4 and Table 2-5 and applies to all ports.
Table 2-4 Default Transmit Queue and Drop Threshold Mapping of CoS Values
Low drop (Threshold 2) 7, 6 High drop (Threshold 1) 5, 4 Low drop (Threshold 2) 7 High drop (Threshold 1) 5, 4
Table 2-5
Threshold 2 2, 3 2, 3
Threshold 3 4, 5 4, 5
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to return the values to the factory-set default values:
Console> (enable) clear qos map 2q2t This command will take map values back to factory default. QoS map cleared. Console> (enable)
2-61
Related Commands
2-62
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear qos policed-dscp-map
Syntax Description
Defaults
The default is the identity function; for example, DSCP 63 to policed DSCP 63 and DSCP 62 to policed DSCP 62.
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-63
Syntax Description
Keyword and variable to specify the name of the microflow policing rule. Keyword and variable to specify the name of the aggregate policing rule. Keyword to clear all policing rules.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Policing is the process by which the switch limits the bandwidth consumed by a flow of traffic. Policing can mark or drop traffic. You cannot clear an entry that is currently being used in an ACE. You must first detach the ACEs from the interface. You cannot use the all keyword if a microflow rate limit is currently being used in an ACE.
Examples
2-64
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear qos policer
Related Commands
2-65
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-66
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear radius
clear radius
Use the clear radius command set to clear one or all of the RADIUS servers from the RADIUS server table. clear radius server all clear radius server ipaddr clear radius key
Syntax Description
Keyword to specify RADIUS servers. Keyword to specify all RADIUS servers. Number of the IP address or IP alias. Keyword to specify the RADIUS shared key.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows how to clear a specific RADIUS server from the RADIUS server table:
Console> (enable) clear radius server 128.56.45.32 128.56.45.32 cleared from radius server table. Console> (enable)
Related Commands
2-67
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the RGMP statistics on the switch:
Console> (enable) clear rgmp statistics RGMP statistics cleared. Console> (enable)
Related Commands
2-68
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear security acl
Syntax Description
Keyword to remove ACEs for all the ACLs. Name of the VACL whose ACEs are to be removed. (Optional) Index number of the ACE in the ACL.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Changes you make by entering this command are saved to NVRAM and hardware only after you enter the commit command. Use the show security acl command to display the ACL list.
Examples
This example shows how to remove ACEs for all the ACLs:
Console> (enable) clear security acl all All editbuffer modified. Use commit command to apply changes. Console> (enable)
This example shows how to remove a specific ACE from a specific ACL:
Console> (enable) clear security acl IPACL1 2 IPACL1 editbuffer modified. Use commit command to apply changes. Console> (enable)
Related Commands
2-69
Syntax Description
mod/ports...
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Configurations you make by entering this command are saved in NVRAM. This command does not require that you enter the commit command. If you have a given number of ports and a few are removed, the remaining ports continue to capture the traffic.
Examples
This example shows how to remove entries from the capture port list:
Console> (enable) clear security acl capture-ports 1/1,2/1 Successfully cleared the following ports: 1/1,2/1 Console> (enable)
Related Commands
2-70
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear security acl map
Syntax Description
Name of the VACL whose VLAN is to be deleted. Number of the VLAN whose mapping is to be deleted. Keyword to remove all VACL-to-VLAN mappings.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Changes you make by entering this command are saved to NVRAM and do not require you to enter the commit command. Use the show security acl command to display the ACL list.
Examples
This example shows how to remove a VACL-to-VLAN mapping from a specific VLAN:
Console> (enable) clear security acl map ip1 3 Map deletion in progress. Successfully cleared mapping between ACL ip1 and VLAN 3. Console> (enable)
This example shows how to remove a specific VACL-to-VLAN mapping from all VLANs:
Console> (enable) clear security acl map ip1 Map deletion in progress. Successfully cleared mapping between ACL ip1 and VLAN 5. Successfully cleared mapping between ACL ip1 and VLAN 8. Console> (enable)
2-71
This example shows how to remove all VACL-to-VLAN mappings from a specific VLAN:
Console> (enable) clear security acl map 5 Map deletion in progress. Successfully cleared mapping between ACL ipx1 and VLAN 5. Successfully cleared mapping between ACL mac2 and VLAN 5. Console> (enable)
This example shows how to remove all VACL-to-VLAN mappings from all VLANs:
Console> (enable) clear security acl map all Map deletion in progress. Successfully cleared mapping between ACL ip2 and VLAN 12. Successfully cleared mapping between ACL ipx1 and VLAN 12. Successfully cleared mapping between ACL ipx1 and VLAN 45. Successfully cleared mapping between ACL ip2 and VLAN 47. Successfully cleared mapping between ACL ip3 and VLAN 56. Console> (enable)
Related Commands
2-72
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear snmp access
Syntax Description
(Optional) Keyword to display the groupname as a hexadecimal format. SNMP access table name. Keywords to specify security model v3. Keyword to specify groups with security model type set to noauthentication. Keyword to specify groups with security model type authentication protocol. Keyword to specify groups with security model type privacy.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for groupname (nonprintable delimiters for this parameter), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.
Examples
Related Commands
2-73
Syntax Description
(Optional) Keyword to display the groupname and username as a hexadecimal format. Name of the SNMP group that defines an access control. Keyword to specify the SNMP group user name. Name of the SNMP user. Keywords to specify security model v1, v2c, or v3.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for groupname or username (nonprintable delimiters for these parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.
Examples
Related Commands
2-74
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear snmp notify
Syntax Description
-hex notifyname
(Optional) Keyword to display the notifyname as a hexadecimal format. Identifier to index the snmpNotifyTable.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for notifyname (nonprintable delimiters for this parameter), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.
Examples
This example shows how to clear an SNMP notifyname from the snmpNotifyTable:
Console> (enable) clear snmp notify joe Cleared SNMP notify table joe. Console> (enable)
Related Commands
2-75
Syntax Description
-hex addrname
(Optional) Keyword to display the addrname as a hexadecimal format. Name of the target agent; the maximum length is 32 bytes.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for addrname (nonprintable delimiters for this parameter), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.
Examples
This example shows how to clear an SNMP target address entry in the snmpTargetAddressTable:
Console> (enable) clear snmp targetaddr joe Cleared SNMP targetaddr joe. Console> (enable)
Related Commands
2-76
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear snmp targetparams
Syntax Description
-hex
paramsname Name of the target parameter in the snmpTargetParamsTable; maximum length is 32 bytes.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for paramsname (nonprintable delimiters for this parameter), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.
Examples
Related Commands
2-77
Syntax Description
rcvr_addr all
IP address or IP alias of the trap receiver (the SNMP management station) to clear. (Optional) Keyword to specify every entry in the SNMP trap receiver table.
Defaults
The default configuration has no entries in the SNMP trap receiver table.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear an entry from the SNMP trap receiver table:
Console> (enable) clear snmp trap 192.122.173.82 SNMP trap receiver deleted. Console> (enable)
Related Commands
2-78
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear snmp user
Syntax Description
(Optional) Keyword to display the username as a hexadecimal format. Name of the user on the host that connects to the agent. (Optional) Keyword and variable to specify the username on a remote SNMP engine.
Defaults
If a remote engine ID is not provided, the default local SNMP engine ID is used.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for username (nonprintable delimiters for this parameter), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.
Examples
Related Commands
2-79
Syntax Description
(Optional) Keyword to display the viewname as a hexadecimal format. Name of a MIB view. Name of the subtree.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for viewname (nonprintable delimiters for this parameter), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34. A MIB subtree used with a mask defines a view subtree that can be in OID format or a text name mapped to a valid OID.
Examples
Related Commands
2-80
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear spantree portvlancost
Syntax Description
mod/port vlan_list
Number of the module and the port on the module. (Optional) List of VLANs to clear. If not specified, all VLANs are cleared.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
These examples show how to restore the default path cost to a VLAN on a port:
Console> (enable) clear spantree portvlancost 2/10 1-10 Port 2/10 VLANs 11-21 have path cost 6 Port 2/10 VLANs 1-10,22-1000 have path cost 10. Console> (enable) Console> (enable) clear spantree portvlancost 2/10 Port 2/10 VLANs 1-1000 have path cost 10. Console> (enable)
Related Commands
2-81
Syntax Description
mod/port vlans
Number of the module and the port on the module. (Optional) One or more VLANs.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to reset the spanning tree port VLAN priority:
Console> Port 1/2 Port 1/2 Console> (enable) clear spantree portvlanpri 1/2 23-40 vlans 3,6-20,23-1000 using portpri 32 vlans 1-2,4-5,21-22 using portpri 30 (enable)
Related Commands
2-82
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear spantree root
Syntax Description
vlan_list
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the spantree root on a range of VLANs:
Console> (enable) VLANs 1-20 bridge VLANs 1-20 bridge VLANs 1-20 bridge VLANs 1-20 bridge clear spantree root 1-20 priority set to 32678. hello time set to 2 seconds. max aging time set to 20 seconds. forward delay set to 15 seconds.
This example shows how to clear the spantree root on two specific VLANs:
Console> (enable) clear spantree root 22,24 VLANs 22,24 bridge priority set to 32678. VLANs 22,24 bridge hello time set to 2 seconds. VLANs 22,24 bridge max aging time set to 20 seconds. VLANs 22,24 bridge forward delay set to 15 seconds. Console> (enable)
Related Commands
2-83
Syntax Description
vlan_list
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the spanning tree statistics for VLAN 1:
Console> (enable) clear spantree statistics 1 Cleared all VLAN counters for VLAN 1 Statistics cleared for vlans 1 Console> (enable)
Related Commands
2-84
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear spantree uplinkfast
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command could cause load balancing on the switch to be lost in some cases.
Examples
This example shows how to turn off the UplinkFast feature and to return the switch priority to the factory-set default values:
Console> (enable) clear spantree uplinkfast This command will cause all portcosts, portvlancosts, and the bridge priority on all vlans to be set to default. Do you want to continue (y/n) [n]? y VLANs 1-1005 bridge priority set to 32768. The port cost of all bridge ports set to default value. The portvlancost of all bridge ports set to default value. uplinkfast disabled for bridge. Console> (enable)
Related Commands
2-85
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the key setting used for authentication and encryption:
Console> (enable) clear tacacs key TACACS server key cleared. Console> (enable)
Related Commands
2-86
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear tacacs server
Syntax Description
ip_addr
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to remove a server from the list of TACACS+ servers:
Console> (enable) clear tacacs server 170.1.2.20 170.1.2.20 cleared from TACACS table Console> (enable)
Related Commands
show tacacs
2-87
clear timezone
Use the clear timezone command to return the time zone to its default, UTC. clear timezone
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The clear timezone command functions only when NTP is running. If you set the time manually and NTP is disengaged, the clear timezone command has no effect.
Examples
Related Commands
set timezone
2-88
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear top
clear top
Use the clear top command to stop the TopN process. clear top {all | report_num}
Syntax Description
all report_num
Keyword to stop all nonpending TopN results. TopN report number to kill; valid values are from 1 to 5.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The clear top all command will not kill any pending TopN reports. Only the reports with a done status are killed. You can terminate TopN processes without the background option (use the show top background command to find out if the background option is used) by pressing Ctrl-C in the same Telnet/console session, or by entering the clear top [report_num] command from a separate Telnet/console session. The prompt is not printed before the TopN report is completely displayed. Other commands will be blocked until the report has been displayed.
Examples
This example shows how to stop the TopN 1 process from a console session:
Console> (enable) clear top 1 10/29/1998,12:05:38:MGMT-5: TopN report 1 killed by Console//. Console> (enable)
This example shows how to stop the TopN 4 process from a Telnet session:
Console> (enable) clear top 4 10/29/1998,12:06:00:MGMT-5: TopN report 4 killed by telnet/172.22.34.2/. Console> (enable)
Related Commands
2-89
clear trunk
Use the clear trunk command to restore a trunk port to its default trunk type and mode or to clear specific VLANs from the allowed VLAN list for a trunk port. clear trunk mod/port [vlans]
Syntax Description
mod/port vlans
Number of the module and the port on the module. (Optional) Number of the VLAN to remove from the allowed VLAN list; valid values are from 1 to 1000 and 1025 to 4094.
Defaults
For all ports except MSM ports, the default is auto negotiate. For MSM ports, the default is off negotiate mode.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you specify VLANs, those VLANs are removed from the list of VLANs allowed on the trunk. Default VLANs cannot be cleared on the trunk. Traffic for the removed VLANs are not forwarded over a trunk port. To add VLANs that you have removed, use the set trunk mod/port vlans command.
Examples
This example shows how to clear VLANs 200 through 500 from the trunk port on port 2 of module 1:
Console> Removing Port 1/2 Console> (enable) clear trunk 1/2 200-500 Vlan(s) 200-500 from allowed list. allowed vlans modified to 1-199,501-1000. (enable)
Related Commands
2-90
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear vlan
clear vlan
Use the clear vlan command to delete an existing VLAN from a management domain. clear vlan vlan_num
Syntax Description
vlan_num
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you delete a normal-range Ethernet VLAN in VTP server mode, the VLAN is removed from all switches in the same VTP domain. When you delete a normal-range VLAN in VTP transparent mode, the VLAN is deleted only on the current switch. To delete a Token Ring TrBRF VLAN, you must first reassign its child TrCRFs to another parent TrBRF, or delete the child TrCRFs.
Caution
When you clear a VLAN, all ports assigned to that VLAN become inactive. However, the VLAN port assignments are retained until you move the ports to another VLAN. If the cleared VLAN is reactivated, all ports still configured on that VLAN are also reactivated. A warning is displayed if you clear a VLAN that exists in the mapping table. When you clear a private VLAN (primary, isolated, or community), the ports are set to inactive and are not assigned to any VLAN. The private VLAN mappings for the selected VLAN are also cleared. ACL to VLAN mappings are also deleted. When you clear a private VLAN (primary, isolated, or community), the ports are set to inactive and are not assigned to any VLAN. The private VLAN mappings for the selected VLAN are also cleared.
Examples
This example shows how to clear existing VLAN 4 from a management domain:
Console> (enable) clear vlan 4 This command will de-activate all ports on vlan 4 in the entire management domain Do you want to continue(y/n) [n]? y VTP: VLAN 4 deletion successful Console> (enable)
2-91
Related Commands
2-92
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear vlan mapping
Syntax Description
Keyword to specify the VLAN type as 802.1Q. Number identifying the 802.1Q VLAN. Keyword to clear the mapping table of all entries.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you clear a VLAN, all ports assigned to that VLAN become inactive. However, the VLAN port assignments are retained until you move the ports to another VLAN. If the cleared VLAN is reactivated, all ports still configured on that VLAN are also reactivated.
Examples
This example shows how to clear an existing mapped VLAN (VLAN 4) from the mapping table:
Console> (enable) clear vlan mapping dot1q 444 Vlan Mapping 444 Deleted. Console> (enable)
This example shows how to clear all mapped VLANs from the mapping table:
Console> (enable) clear vlan mapping dot1q all All Vlan Mapping Deleted. Console> (enable)
Related Commands
2-93
clear voicevlan
Use the clear voicevlan command to put all ports back to the 802.1p default values. clear voicevlan {mod/port | vlan}
Syntax Description
mod/port vlan
Number of the module and the port on the module. Number of the auxiliary VLAN; valid values are from 1 to 4094.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you specify the mod or port, only those specific modules or ports are changed to the 802.1p default value. The internal value is 0.
Examples
This example shows how to return all ports to the 802.1p default values for a specific auxiliary VLAN:
Console> (enable) clear voicevlan 2993 Voicevlan 2993 cleared. All ports belong to it configured for 802.1p. Console> (enable)
This example shows how to return all ports to the 802.1p default values for a specific module and port:
Console> (enable) clear voicevlan 3/4 Port 3/4 cleared from voicevlan 2993 and configured for 802.1p Console> (enable)
This example shows how to return all ports to the 802.1p default values for a specific module and range of ports:
Console> (enable) clear voicevlan 3/6-9 Ports 3/6-9 cleared from voice vlan 2993 and configured for 802.1p. Console> (enable)
2-94
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands clear vtp pruning
Syntax Description
vlan_num
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
VTP pruning causes information about each pruning-eligible VLAN to be removed from VTP updates if no stations belong to that VLAN out a particular switch port. Use the set vtp command to enable VTP pruning. By default, VLANs 2 through 1000 are pruning eligible. Use the clear vtp pruning command to make VLANs pruning ineligible. If VLANs are pruning ineligible, use the set vtp pruneeligible command to make the VLANs pruning eligible again.
Examples
This example shows how to make VLANs 200 through 500 pruning ineligible:
Console> (enable) clear vtp pruning 200-500 Vlans 1,200-500,1001-1005 will not be pruned on this device. VTP domain Company modified. Console> (enable)
Related Commands
2-95
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-96
78-10558-02
Chapter 2
commit
Use the commit command to commit all or a specific ACE in NVRAM that have not been written to hardware. commit qos acl acl_name | all commit security acl acl_name | all
Syntax Description
Keywords to specify QoS ACEs. Name that identifies the VACL whose ACEs are to be committed. Keyword to commit ACEs for all the ACLs. Keywords to specify security ACEs.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The commit command commits all ACEs in NVRAM that have not been written to hardware. Any committed ACL with no ACEs are deleted. We recommend that you enter ACEs in batches and issue the commit command to save all of them in hardware and NVRAM.
Examples
Related Commands
rollback
2-97
commit lda
Use the commit lda command to commit ASLB configuration that has not been written to hardware to NVRAM. commit lda
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-98
78-10558-02
Chapter 2
configure
Use the configure command to download a configuration file from an rcp server or the network and execute each command in that file. configure {host file}[rcp] configure network
Syntax Description
IP address or IP alias of the host. Name of the file. (Optional) Keyword to specify rcp as the file transfer method. Keyword to specify interactive prompting for the host and the file.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Refer to the Catalyst 6000 Family Software Configuration Guide on how to construct a configuration file to download using the configure command. Following is a sample file called system5.cfg in the /tftpboot directory:
begin show time set ip alias conc7 198.133.219.207 set ip alias montreux 198.133.119.42 set ip alias cres 192.122.174.42 set prompt system5> set password # empty string old password pingpong pingpong end #
2-99
Chapter 2 configure
Examples
This example shows how to download the system5.cfg configuration file from the 192.122.174.42 host:
Console> (enable) configure 192.122.174.42 system5.cfg Configure using system5.cfg from 192.122.174.42 (y/n) [n]? y / Done. Finished Network Download. (446 bytes) >> show time Wed May 19 1999, 17:42:50 >> set ip alias conc7 198.133.219.207 IP alias added. >> set ip alias montreux 198.133.219.40 IP alias added. >> set ip alias cres 192.122.174.42 IP alias added. >> set prompt system5> >> set password Enter old password: Enter new password: pingpong Retype new password: pingpong Password changed. system5> (enable)
Related Commands
2-100
78-10558-02
Chapter 2
confreg
Use the confreg command to configure the configuration register utility. confreg [num]
Syntax Description
num
(Optional) Valid values are 0 = ROM monitor, 1 = boot helper image, and 2 to 15 = boot system.
Defaults
Command Types
Command Modes
Normal.
Usage Guidelines
Executed with the argument num, confreg changes the VCR to match the number specified. Without the argument, confreg dumps the contents of the VCR in English and allows you to alter the contents. You are prompted to change or keep the information held in each bit of the VCR. In either case, the new VCR value is written into NVRAM and does not take effect until you reset or power cycle the platform. You must issue a sync command to save your change. Otherwise, the change is not saved and a reset removes your change.
Examples
[0]:
2-101
Chapter 2 confreg
enter to boot: 0 = ROM Monitor 1 = the boot helper image 2-15 = boot system [0]: 0
Configuration Summary enabled are: diagnostic mode console baud: 9600 boot: the ROM Monitor do you wish to change the configuration? y/n [n]:
You must reset or power cycle for new config to take effect
Related Commands
show boot
2-102
78-10558-02
Chapter 2
context
Use the context command to display the context of a loaded image. context
Syntax Description
Defaults
Command Types
Command Modes
Normal.
Usage Guidelines
The context from the kernel mode and process mode of a booted image are displayed, if available.
Examples
| | | | | | | | | | | | | | | | | | | | |
MSW LSW ---------- ---------: 00000000 34008301 : 00000000 00000001 : 00000000 00000003 : 00000000 00000000 : 00000000 60276af8 : ffffffff ffffffff : 00000000 60276c58 : 00000000 0000000a : 00000000 34008300 : ffffffff ac000000 : 00000000 00000400 : 00000000 6024eb5c : 00000000 60252920 : 00000000 60276a98 : 00000000 601fbf33 : 00000000 6006d380 : 00000000 00000000 : ffffffff bfc070c8 : 00002020
2-103
Chapter 2 context
Process Level Context: Reg MSW LSW ------ ---------- ---------zero : 00000000 00000000 AT : 00000000 3e820000 v0 : 00000000 00000081 v1 : 00000000 00000074 a0 : 00000000 00000400 a1 : 00000000 60276c58 a2 : 00000000 00000074 a3 : 00000000 00000000 t0 : 00000000 00000400 t1 : 00000000 00000400 t2 : 00000000 00000000 t3 : ffffffff ffff00ff t4 : 00000000 600dcc10 t5 : 00000000 0000003f t6 : 00000000 00000000 t7 : ffffffff ffffffff HI : 00000000 00000008 EPC : 00000000 600dfd38 Stat : 34008303
| | | | | | | | | | | | | | | | | | | | |
MSW LSW ---------- ---------: 00000000 00000074 : 00000000 60276c58 : 00000000 601fbac0 : 00000000 00000036 : 00000000 0000000f : ffffffff ffffffff : 00000000 60276c58 : 00000000 0000000a : 00000000 34008300 : ffffffff ac000000 : 00000000 30408401 : 00000000 30410000 : 00000000 60252920 : ffffffff 80007ce8 : 00000000 601fbf33 : 00000000 600dfd20 : 00000000 00000000 : ffffffff ffffffff : ffffffff
2-104
78-10558-02
Chapter 2
copy
Use the copy command set to upload or download a Flash image or a switch configuration to or from a Flash device, rcp server, or TFTP server. copy file-id {tftp | rcp | flash | file-id | config} copy tftp {flash | file-id | config} copy rcp {flash | file-id | config} copy flash {tftp | rcp | file-id | config} copy config {flash | file-id | tftp | rcp} [all] copy acl config {flash | file-id | tftp | rcp} copy cfg1 {tftp | rcp | flash | config | cfg2} [all] copy cfg2 {tftp | rcp | flash | config | cfg1} [all]
Syntax Description
file-id
Format used to specify the file on the Flash device, where the format is m/device:filename. m/ = Option that gives access to different modules, such as the standby supervisor engine or an Ethernet module. device: = Device where the Flash resides. filename = Name of the configuration file. Keyword to allow you to copy to or from a TFTP server. Keyword to specify the file be copied to or from an rcp server. Keyword to support downloading of multiple modules. Keyword to allow you to copy the configuration to Flash memory, another Flash device, or a file on a TFTP server. Keywords to copy the ACL configuration manually to a file. See the Usage Guidelines section before using this command. Keyword to specify the first startup configuration file on the supervisor engine. Keyword to specify the second startup configuration file on the supervisor engine. (Optional) Keyword to specify that the entire configuration be copied to the specified destination configuration file.
Defaults
If a source or destination device is not given, the one specified by the cd command is used. If a destination filename is omitted, the source filename is used.
Command Types
Switch command.
2-105
Chapter 2 copy
Command Modes
Privileged.
Usage Guidelines
Download a system image or configuration file from a TFTP or rcp server to a Flash device. Upload a system image or configuration file from a Flash device to a TFTP or rcp server. Configure the switch using a configuration file on a Flash device or on a TFTP or rcp server. Copy the current configuration to a Flash device or to a TFTP or rcp server. Manually copy the ACL configuration to a file.
Caution
Manual copying can only be used if acl config is set to flash and you enable the auto-config append option. If you disable the append option, the configuration clears before executing the auto-config file; see the set boot config-register auto-config command. If you do not specify the source or destination device, the command uses the ones specified by the cd command. If you omit the destination filename, the source filename is used. The copy config, copy cfg1, and copy cfg2 commands copy only nondefault commands to the destination configuration file. Use the keyword all to copy both default and nondefault configurations. If you do not specify a source or destination Flash device, the default Flash device (specified by the cd command) is used. Use the pwd command to display the current default Flash device. If you omit the destination filename, the system uses the source filename. The system stores image and configuration files in the sysname.cfg file when you define a system name using the set system name command; otherwise, it uses the default myswitch.cfg file. A colon (:) is required after the specified device. If you use the flash keyword as the copy source or destination, you are prompted for the Flash device name. If you are copying a software image to multiple intelligent switching modules of the same type, use the flash keyword as the copy destination. The switch automatically determines which modules to copy the image to based on the header in the source image file. If you want to copy a software image to a single intelligent switching module in a switch with multiple modules of the same type, you must specify the destination file-id as m/bootflash: (do not specify a filename).
2-106
78-10558-02
Chapter 2
Examples
This example shows how to use the copy command to upload the switch configuration to a file named cat.cfg on the slot0 Flash device:
Console> (enable) copy config slot0:cat.cfg Upload configuration to slot0:cat.cfg 649324 bytes available on device slot0, proceed (y/n) [n]? y ......... ......... ......... ........ ......... . / Configuration has been copied successfully. (10200 bytes) Console> (enable)
This example shows how to use the copy command to upload the switch configuration to a file named lab2.cfg on the TFTP server:
Console> (enable) copy config tftp:lab2.cfg IP address or name of remote host [172.20.22.7]? y Upload configuration to tftp:lab2.cfg (y/n) [n]? y ......... ......... ......... . / Configuration has been copied successfully. (10299 bytes). Console> (enable)
This example shows how to use the copy command to upload the switch configuration to the cat.cfg file on the slot0 Flash device:
Console> (enable) copy config flash Flash device [bootflash]? slot0: Name of file to copy to [test_image]? cat.cfg Upload configuration to slot0:cat.cfg 749124 bytes available on device slot0, proceed (y/n) [n]? y ......... ......... ......... ........ . / Configuration has been copied successfully. (200345 bytes). Console> (enable)
These examples show how to use the copy command to download a configuration from a TFTP server:
Console> (enable) copy slot0:cat.cfg config Configure using slot0:cat.cfg (y/n) [n]? y / Finished download. (10900 bytes) >> set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 Password changed. >> set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 Password changed. >> set prompt Console> >> set length 24 default Screen length set to 24. >> set logout 20 .......... Console> (enable)
2-107
Chapter 2 copy
Console> (enable) copy tftp config IP address or name of remote host? 172.20.22.7 Name of configuration file? cat.cfg Configure using cat.cfg from 172.20.22.7 (y/n) [n]? y / Finished network download. (10900 bytes) >> set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 Password changed. >> set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 Password changed. >> set prompt Console> >> set length 24 default Screen length set to 24. >> set logout 20 ........... Console> (enable) Console> (enable) copy flash config Flash device [bootflash]? Name of configuration file? test.cfg Configure using bootflash:test.cfg (y/n) [n]? y / Finished download. (10900 bytes) >> set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 Password changed. >> set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 Password changed. >> set prompt Console> >> set length 24 default Screen length set to 24. >> set logout 20 ..... Console> (enable)
This example shows how to copy the running configuration to an rcp server for storage:
Console> (enable) copy config rcp IP address or name of remote host []? 172.20.52.3 Name of file to copy to []? cat6000_config.cfg Upload configuration to rcp:cat6000_config.cfg, (y/n) [n]? y ..... .......... ....... .......... ........... .. / Configuration has been copied successfully. Console> (enable)
2-108
78-10558-02
Chapter 2
This example shows how to configure a Catalyst 6000 family switch using a configuration file downloaded from an rcp server:
Console> (enable) copy rcp config IP address or name of remote host []? 172.20.52.3 Name of file to copy from []? dns-config.cfg Configure using rcp:dns-config.cfg (y/n) [n]? y / Finished network download. (134 bytes) >> >> set ip dns server 172.16.10.70 primary 172.16.10.70 added to DNS server table as primary server. >> set ip dns server 172.16.10.140 172.16.10.140 added to DNS server table as backup server. >> set ip dns enable DNS is enabled >> set ip dns domain corp.com Default DNS domain name set to corp.com Console> (enable)
This example shows how to upload an image from a remote host into Flash using an rcp server:
Console> (enable) copy rcp flash IP address or name of remote host []? 172.20.52.3 Name of file to copy from []? cat6000-sup-d.5-5-1.bin Flash device [bootflash]? Name of file to copy to [cat6000-sup-d.5-5-1.bin]? 4369664 bytes available on device bootflash, proceed (y/n) [n]? y CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCCC File has been copied successfully. Console> (enable)
This example shows how to download a configuration to the first startup configuration file (cfg1) on a supervisor engine:
Console> (enable) copy tftp cfg1 IP address or name of remote host [172.20.32.10]? Name of file to copy from [/tftpboot/my.cfg]? Download config file from /tftpboot/my.cfg to cfg1 (y/n) [n]? ......... File has been copied to cfg1. Console> (enable)
This example shows how to copy the ACL configuration to a bootflash file manually:
Console> (enable) copy config-acl bootflash:switchapp.cfg Upload configuration to bootflash:dan.cfg 2843644 bytes available on device bootflash, proceed (y/n) [n]? y ......... ......... / Configuration has been copied successfully. Console> (enable)
Related Commands
2-109
Chapter 2 delete
delete
Use the delete command to delete a configuration file. delete [[m/]device:]filename
Syntax Description
m/ device: filename
(Optional) Module number of the supervisor engine containing the Flash device. (Optional) Device where the Flash resides. Name of the configuration file.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows how to delete the cat6000-sup-d.5-5-1.bin configuration file from the Flash device and then verify the deletion by entering the show flash command:
Console> (enable) delete bootflash:cat6000-sup-d.5-5-1.bin Console> (enable) Console> (enable) show flash -#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name 1 .D ffffffff 5415406e 3300b8 25 3080247 Jan 12 2000 13:22:46 cat6000-sup-d.5-5-1.bin 2 .. ffffffff 762950d6 6234d0 25 3093399 Jan 13 2000 12:33:14 cat6000-sup-d.5-5-1.bin 1428272 bytes available (6173904 bytes used) Console> (enable)
Related Commands
2-110
78-10558-02
Chapter 2
dev
Use the dev command to list the device IDs available on a switch. dev
Syntax Description
Defaults
Command Types
Command Modes
Normal.
Examples
2-111
dirROM monitor
Use the dir command to list the files of the named device. dir device
Syntax Description
device
ID of the device.
Defaults
Command Types
Command Modes
Normal.
Examples
2-112
78-10558-02
Chapter 2
dirswitch
Use the dir command to display a list of files on a Flash memory device. dir [[m/]device:][filename] [all | deleted | long]
Syntax Description
(Optional) Module number of the supervisor engine containing the Flash device. (Optional) Device where the Flash resides. (Optional) Name of the configuration file. (Optional) Keyword to display all files, deleted or not. (Optional) Keyword to display only deleted files. (Optional) Keyword to display files that have not been deleted, in long format.
Defaults
Command Types
Switch command.
Command Modes
Usage Guidelines
A colon (:) is required after the specified device. When you specify the all keyword, the file information is displayed in long format. When you omit all keywords (all, deleted, or long), the system displays file information in short format. Short format is shown in Table 2-6.
Table 2-6 Short Format
Description File index number File length Date and time the file was created Filename
2-113
Chapter 2 dirswitch
When you use one of the keywords (all, deleted, or long), the system displays file information in long format. The long format is shown in Table 2-7.
Table 2-7 Long Format
Description File index number Letter to indicate whether the file contains an error (E) or is deleted (D) File type (1 = configuration file, 2 = image file); when the file type is unknown, the system displays a zero or FFFFFFFF in this field File cyclic redundancy check Offset into the file system of the next file Filename length File length Date and time the file was created Filename
Examples
This example shows how to display the file information in short format:
Console> (enable) dir -#- -length- -----date/time------ name 1 6061822 Mar 03 2000 15:42:49 cat6000-sup.5-5-1.bin 2 6165044 Mar 13 2000 14:40:15 cat6000-sup.5-5-1.bin 3763660 bytes available (12227124 bytes used) Console> (enable)
This example shows how to display the file information in long format:
Console> (enable) dir long -#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name 1 .. ffffffff f3a3e7c1 607f80 24 6061822 Mar 03 2000 15:42:49 cat6000-sup. 5-5-1.bin 2 .. ffffffff aa825ac6 be9234 24 6165044 Mar 13 2000 14:40:15 cat6000-sup. 5-5-1.bin 3763660 bytes available (12227124 bytes used) Console> (enable)
Related Commands
show flash
2-114
78-10558-02
Chapter 2
disable
Use the disable command to return to normal mode from privileged mode. disable
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
enable
2-115
Chapter 2 disconnect
disconnect
Use the disconnect command to close an active console port or Telnet session. disconnect {ip_addr | console}
Syntax Description
ip_addr console
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If multiple sessions from the same IP address exist, the disconnect command checks if the current process is also from the same IP address. If it is not, all Telnet sessions from the specified IP address are disconnected. If it is, all sessions, other than the current session, are disconnected. The system prompts whether to disconnect the current Telnet session. You can answer n and remain connected or answer y and be disconnected.
Examples
Related Commands
telnet
2-116
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands download
download
Use the download command to copy a software image from a specified host to the Flash memory of a designated module. download host file [mod] [rcp] download serial
Syntax Description
Name or IP address of host. Name of file to be downloaded. (Optional) Number of the module to receive the downloaded image. (Optional) Keyword to specify rcp protocol as the file transfer method. Keyword to specify download through a serial port.
Defaults
If a module number is not specified, the image is downloaded to all modules for which the image is valid.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The Catalyst 6000 family switches download new code to the processors using Kermit serial download through the EIA/TIA-232 console port. The download command downloads code to the module Flash memory. Catalyst 6000 family switch software rejects an image if it is not a valid image for the module. The download serial command uses Kermit through the serial EIA/TIA-232 console port. The download serial command is not allowed from a Telnet session. If you specify the module number, the download goes to the specified module, but the download will fail if the module is of a different type than is indicated by the download header. If you do not specify the module number, the download goes to all modules of that type.
Caution
After starting the serial download using Kermit, do not attempt to abort the serial download by pressing Ctrl-C. Pressing Ctrl-C interrupts the download process and could leave the switch in a problematic state. If this occurs, reboot the switch.
2-117
Chapter 2 download
Examples
This example shows how to download the c6000_spv11.bin file from the mercury host to the supervisor engine (by default):
Console> Download \ Finished FLASH on (enable) download mercury c6000_spv11.bin image c6000_spv11.bin from mercury to module 1FLASH (y/n) [n]? y network single module download. (2418396 bytes) Catalyst: Address 20000000 Location NMP (P3) 4MB SIM
Erasing flash sector...done. Programming flash sector...done. Erasing flash sector...done. Programming flash sector...done. The system needs to be reset to run the new image. Console> (enable)
This example shows how to download the acpflash_1111.bbi file from the mercury host to module 3:
Console> (enable) download mercury acpflash_1111.bbi 3 This command will reset Module 3. Download image acpflash_1111.bbi from mercury to Module 3 FLASH (y/n) [n]? y / Done. Finished network download. (1964012 bytes) Console> (enable)
This sample session shows how to connect to a remote terminal from a Sun workstation and how to use the download serial command to copy a software image to the supervisor engine:
[At local Sun workstation] host% kermit C-Kermit 5A(172) ALPHA, 30 Jun 95, SUNOS 4.0 (BSD) Type ? or help for help C-Kermit> set line /dev/ttyb C-Kermit> c Connecting to /dev/ttyb, speed 9600. The escape character is ^ (ASCII 28). Type the escape character followed by C to get back, or followed by ? to see other options. Console> enable Enter Password: Console> (enable) set system baud 19200 ^\C [Back at local Sun workstation] C-Kermit> set speed 19200 /dev/ttyb, 19200 bps C-Kermit> c Connecting to /dev/ttyb, speed 19200. The escape character is ^ (ASCII 28). Type the escape character followed by C to get back, or followed by ? to see other options. Console> (enable) download serial Download Supervisor image via console port (y/n) [n]? y Concentrator Boot ROM (Ver 1.00) Waiting for DOWNLOAD!! Return to your local Machine by typing its escape sequence Issue Kermit send command from there[ Send Filename]
2-118
78-10558-02
Chapter 2
^\C [Back at Local System] C-Kermit> send c6000_xx.bin SF c6000_xx.bin => C6000_XX.BIN, Size: 1233266 X to cancel file, CR to resend current packet Z to cancel group, A for status report E to send Error packet, Ctrl-C to quit immediately: .......................... ............................................................................... ...... [OK] ZB C-Kermit> quit host%
Related Commands
2-119
Chapter 2 enable
enable
Use the enable command to activate privileged mode. In privileged mode, additional commands are available, and certain commands display additional information. enable
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
The (enable) in the prompt indicates that the system is in privileged mode and that commands can be entered.
Examples
Related Commands
disable
2-120
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands format
format
Use the format command to mat bootflash or a Flash PC card (a Flash device must be formatted before it can be used). format [spare spare-num] [m/]device1: [[device2:][monlib-filename]]
Syntax Description
(Optional) Number of spare sectors to reserve when other sectors fail. (Optional) Module number of the supervisor engine containing the Flash device. Flash device to be formatted. (Optional) Flash device that contains the monlib file to be used to format device1:. (Optional) Name of the monlib file.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
A colon (:) is required after the specified device. You can reserve up to 16 spare sectors for use when other sectors fail. If you do not reserve a spare sector and later some sectors fail, you will have to reformat the entire Flash memory, which will erase all existing data. The monlib file is the ROM monitor library used by the ROM monitor to access files in the Flash file system. It is also compiled into the system image. In the command syntax, device1: is the device to format and device2: contains the monlib file to use. When you omit the [[device2:][monlib-filename]] argument, the system formats device1: using the monlib that is bundled with the system software. When you omit device2: from the [[device2:][monlib-filename]] argument, the system formats device1: using the named monlib file from the device specified by the cd command. When you omit monlib-filename from the [[device2:][monlib-filename]] argument, the system formats device1: using the monlib file from device2:. When you specify the whole [[device2:][monlib-filename]] argument, the system formats device1: using the specified monlib file from the specified device.
2-121
Chapter 2 format
You can also specify device1:monlib-filename as the device and filename to be used, as follows: format device1: [device1: [monlib-filename]] If monlib-filename is omitted, the system formats device1: using the built-in monlib file on the device.
Note
If the Flash device has a volume ID, you must provide the volume ID to format the device. The volume ID is displayed using the show flash m/device: filesys command
Note
When the system cannot find a monlib file, the system terminates the formatting process.
Examples
2-122
78-10558-02
Chapter 2
frame
Use the frame command to display an individual stack frame. frame [-d | -p] [num]
Syntax Description
-d -p num
(Optional) Keyword to specify a monitor context. (Optional) Keyword to specify a booted image process level context. (Optional) Number of the frame to display, where 0 = youngest frame.
Defaults
Command Types
Command Types
Normal.
Usage Guidelines
Examples
This example shows how to use the frame command to specify a booted image process level context, frame 1:
rommon 6 > frame -p 1 Stack Frame 1, SP = 0x80007ed8, Size = 32 bytes [0x80007ed8 : sp + 0x000] = 0x6031de50 [0x80007edc : sp + 0x004] = 0x6031c000 [0x80007ee0 : sp + 0x008] = 0x00000000 [0x80007ee4 : sp + 0x00c] = 0x80007ec4 [0x80007ee8 : sp + 0x010] = 0x00000002 [0x80007eec : sp + 0x014] = 0x00000000 [0x80007ef0 : sp + 0x018] = 0x60008770 [0x80007ef4 : sp + 0x01c] = 0x600087f0
2-123
historyROM monitor
Use the history command to display the command history (the last 16 commands executed in the ROM monitor environment). This command is aliased to h by the ROM monitor for convenience. history
Syntax Description
Defaults
Command Types
Command Modes
Normal.
Examples
2-124
78-10558-02
Chapter 2
historyswitch
Use the history command to show the contents of the command history buffer. history
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
The history buffer size is fixed at 20 commands. See the Command-Line Interfaces chapter for detailed information about the command history feature.
Examples
In this example, the history command lists the contents of the command history buffer:
Console> 1 2 Console> history 1 2 3 Console> history help history !2 help history history
2-125
Chapter 2 meminfo
meminfo
Use the meminfo command to display information about the main memory, packet memory, and NVRAM. With the -l option, the supported DRAM configurations are displayed. meminfo [-l]
Syntax Description
-l
Defaults
Command Types
Command Modes
Normal.
Usage Guidelines
Examples
2-126
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands ping
ping
Use the ping command to send ICMP echo-request packets to another node on the network. ping [-s] host [packet_size] [packet_count]
Syntax Description
(Optional) Keyword to cause ping to send one datagram per second, printing one line of output for every response received. IP address or IP alias of the host. (Optional) Number of bytes in a packet, from 56 to 1472 bytes. (Optional) Number of packets to send.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
Press Ctrl-C to stop pinging. Following are sample results of the ping command:
Normal responseThe normal response occurs in 1 to 10 seconds, depending on network traffic. Destination does not respondIf the host does not respond, a no answer from host appears in 10 seconds. Destination unreachableThe gateway for this destination indicates that the destination is unreachable. Network or host unreachableThe switch found no corresponding entry in the route table.
The actual packet size will be 8 bytes larger than the size you specify because the switch adds header information. The ping command returns output only when a response is received.
Examples
This example shows how to ping a host with IP alias elvis a single time:
Console> ping elvis elvis is alive Console>
2-127
Chapter 2 ping
This example shows how to ping a host with IP alias elvis once per second until you press Ctrl-C to stop pinging:
Console> ping -s elvis ping elvis: 56 data bytes 64 bytes from elvis: icmp_seq=0. 64 bytes from elvis: icmp_seq=1. 64 bytes from elvis: icmp_seq=2. 64 bytes from elvis: icmp_seq=3. 64 bytes from elvis: icmp_seq=4. 64 bytes from elvis: icmp_seq=5. 64 bytes from elvis: icmp_seq=6. ^C
----elvis PING Statistics---7 packets transmitted, 7 packets received, 0% packet loss round-trip (ms) min/avg/max = 7/8/11 Console>
Related Commands
2-128
78-10558-02
Chapter 2
pwd
Use the pwd command to show the current setting of the cd command. pwd [[m/]device:]
Syntax Description
m/ device:
(Optional) Module number of the supervisor engine containing the Flash device. (Optional) Device where the Flash resides.
Defaults
If no module number or device is specified, pwd defaults to the first module of the active device.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows how to use the pwd command to display the current listing of the cd command:
Console> cd slot0: Default flash device set to slot0. Console> pwd slot0
Related Commands
cd
2-129
Chapter 2 quit
quit
Use the quit command to exit a CLI session. quit
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
The exit and logout commands perform the same function as the quit command.
Examples
2-130
78-10558-02
Chapter 2
reload
Use the reload command to force a module to accept a download via SCP. This command resets the module and prompts you to initiate a download when the reset is complete. reload module
Syntax Description
module
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is used if a module is accidently reset during the downloading of an image. After the reset, a normal download will not work. You must enter the reload module command followed by the download host file [mod] command.
Examples
This example shows how to reset module 3 and download the acpflash_1111.bbi file from the mercury host to the module:
Console (enable) reload 3 Console> (enable) download mercury acpflash_1111.bbi 3 This command will reset Module 3. Download image acpflash_1111.bbi from mercury to Module 3 FLASH (y/n) [n]? y / Done. Finished network download. (1964012 bytes) Console> (enable)
Related Commands
download
2-131
Chapter 2 repeat
repeat
Use the repeat command to repeat a command. repeat [num | string]
Syntax Description
number string
Defaults
Command Types
Command Modes
Normal.
Usage Guidelines
The optional command number (from the history buffer list) or match string specifies which command to repeat. In the match string, the most recent command to begin with the specified string is executed again. If the string contains white space, you must use quotation marks. This command is usually aliased to the letter r.
Examples
These examples show how to use the repeat command. You use the history command to display the list of previously entered commands:
rommon 22 > history 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 dir dir bootflash: dis dis 0xa0001000 dis 0xbe000000 history meminfo meminfo -l meminfo meminfo -l meninfo meminfo meminfo -l meminfo -l history
2-132
78-10558-02
Chapter 2
rommon 23 > repeat dir dir bootflash: File size 1973032 bytes (0x1e1b28) rommon 24 > repeat dir bootflash: File size 1973032 bytes (0x1e1b28) rommon 25 > repeat 15 meminfo -l
Main memory size: 16 MB. Packet memory size: 0 MB Main memory size: 0x1000000 Available main memory starts at 0xa000e000, size 0xff2000 NVRAM size: 0x20000 Parity Map for the DRAM Banks Socket 0 in Bank 0 Has No Parity Socket 1 in Bank 0 Has No Parity Socket 0 in Bank 1 Has No Parity Socket 1 in Bank 1 Has No Parity ==========================================================================
2-133
resetROM monitor
Use the reset ROM monitor command to perform a soft reset of the switch. reset [-s]
Syntax Description
-s
Defaults
Command Types
Command Modes
Normal.
Usage Guidelines
This command will not boot the MSFC if the PFC is not present in the Catalyst 6000 family switch.
Examples
2-134
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands resetswitch
resetswitch
Use the reset command set to restart the system or an individual module, schedule a system reset, or cancel a scheduled reset. reset [mod | system | mindown] reset [mindown] at {hh:mm} [mm/dd] [reason] reset [mindown] in [hh:] {mm} [reason] reset [cancel] reset {nam_mod} [bootdevice[,bootdevice]]
Syntax Description
(Optional) Number of the module to be restarted. (Optional) Keyword to reset the system. (Optional) Keyword to perform a reset as part of a minimal downtime software upgrade in a system with a redundant supervisor engine. Keyword to schedule a system reset at a specific future time. Hour and minute of the scheduled reset. (Optional) Month and day of the scheduled reset. (Optional) Reason for the reset. Keyword to schedule a system reset in a specific time. (Optional) Number of hours into the future to reset the switch. Number of minutes into the future to reset the switch. (Optional) Keyword to cancel the scheduled reset. Number of the NAM. (Optional) Boot device identification; for format guidelines, see the Usage Guidelines section.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a module number (either a switching module or the active supervisor engine module), the command resets the entire system. You can use the reset mod command to switch to the standby supervisor engine, where mod is the module number of the active supervisor engine.
2-135
Chapter 2 resetswitch
You can use the reset mindown command to reset the switch as part of a minimal downtime software upgrade in a system with redundant supervisor engine. For complete information on performing a minimal downtime software upgrade, refer to the Catalyst 6000 Family Software Configuration Guide.
Caution
If you make configuration changes after entering the reset mindown command but before the active supervisor engine resets, the changes are not saved. Input from the CLI is still accepted by the switch while the standby supervisor engine is reset, but any changes you make to the configuration between the time when you enter the reset mindown command and the time when the supervisor engine comes online running the new software image are not saved or synchronized with the standby supervisor engine. If you reset an intelligent module (such as the Catalyst 6000 family MSM or MSFC), both the module hardware and software are completely reset. When entering the bootdevice, use the format device[:device_qualifier] where:
device = pcmcia, hdd, network device_qualifier hdd = number from 1 to 99 pcmcia = slot0 or slot1
Examples
This example shows how to reset the supervisor engine on a Catalyst 6000 family switch with redundant supervisor engines:
Console> (enable) reset 1 This command will force a switch-over to the standby supervisor module and disconnect your telnet session. Do you want to continue (y/n) [n]? y Connection closed by foreign host. host%
This example shows how to schedule a system reset for a specific future time:
Console> (enable) reset at 20:00 Reset scheduled at 20:00:00, Wed Mar 15 2000. Proceed with scheduled reset? (y/n) [n]? y Reset scheduled for 20:00:00, Wed Mar 15 2000 (in 0 day 5 hours 40 minutes). Console> (enable)
This example shows how to schedule a reset for a specific future time and include a reason for the reset:
Console> (enable) reset at 23:00 3/15 Software upgrade to 6.1(1). Reset scheduled at 23:00:00, Wed Mar 15 2000. Reset reason: Software upgrade to 6.1(1). Proceed with scheduled reset? (y/n) [n]? y Reset scheduled for 23:00:00, Wed Mar 15 2000 (in 0 day 8 hours 39 minutes). Console> (enable)
2-136
78-10558-02
Chapter 2
This example shows how to schedule a reset with minimum downtime for a specific future time and include a reason for the reset:
Console> (enable) reset mindown at 23:00 3/15 Software upgrade to 6.1(1). Reset scheduled at 23:00:00, Wed Mar 15 2000. Reset reason: Software upgrade to 6.1(1). Proceed with scheduled reset? (y/n) [n]? y Reset mindown scheduled for 23:00:00, Wed Mar 15 2000 (in 0 day 8 hours 39 minutes). Console> (enable)
Related Commands
2-137
Chapter 2 rollback
rollback
Use the rollback command set to clear changes made to the ACL edit buffer since its last save. The ACL is rolled back to its state at the last commit command. rollback qos acl acl_name rollback security acl acl_name
Syntax Description
Keyword to specify QoS ACEs. Keywords to specify security ACEs. Name that identifies the VACL whose ACEs are to be affected.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to clear the edit buffer of a specific QoS ACL:
Console (enable) rollback qos acl ip-8-1 Rollback for QoS ACL ip-8-1 is successful. Console> (enable)
This example shows how to clear the edit buffer of a specific security ACL:
Console> (enable) rollback security acl IPACL1 IPACL1 editbuffer modifications cleared. Console> (enable)
Related Commands
2-138
78-10558-02
Chapter 2
session
Use the session command to open a session with a module (for example, the MSM or ATM), allowing you to use the module-specific CLI. session mod
Syntax Description
mod
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
After you enter this command, the system responds with the Enter Password: prompt, if one is configured on the module. To end the session, enter the quit command. Use the session command to toggle between router and switch sessions. For information on ATM commands, refer to the ATM Software Configuration Guide and Command Reference for the Catalyst 5000 Family and 6000 Family Switches.
Examples
This example shows how to open a session with an MSM (module 4):
Console> session 4 Trying Router-4... Connected to Router-4. Escape character is `^]'. Router>
Related Commands
2-139
Chapter 2 set
set
Use the set command to display all of the ROM monitor variable names with their values. set
Syntax Description
Defaults
Command Types
Command Modes
Normal.
Examples
This example shows how to display all of the ROM monitor variable names with their values:
rommon 2 > set PS1=rommon ! > BOOT= ?=0
Related Commands
varname=
2-140
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set accounting commands
Syntax Description
Keyword to enable the specified accounting method for commands. Keyword to permit accounting for configuration commands only. Keyword to permit accounting for all commands. (Optional) Keyword to apply the accounting method at the command end. Keyword to specify TACACS+ accounting for commands. Keyword to disable accounting for commands.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the TACACS+ servers before you enable accounting.
Examples
This example shows how to send records at the end of the event only using a TACACS+ server:
Console> (enable) set accounting commands enable config stop-only tacacs+ Accounting set to enable for commands-config events in stop-only mode. Console> (enable)
Related Commands
set accounting connect set accounting exec set accounting suppress set accounting system set accounting update set tacacs server show accounting
2-141
Syntax Description
Keyword to enable the specified accounting method for connection events. Keyword to specify the accounting method applies at the start and stop of the connection event. Keyword to specify the accounting method applies at the end of the connection event. Keyword to specify TACACS+ accounting for connection events. Keyword to specify RADIUS accounting for connection events. Keyword to disable accounting of connection events.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable accounting.
Examples
This example shows how to enable accounting on Telnet and remote login sessions, generating records at stop only using a TACACS+ server:
Console> (enable) set accounting connect enable stop-only tacacs+ Accounting set to enable for connect events in stop-only mode.. Console> (enable)
2-142
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set accounting connect
Related Commands
set accounting commands set accounting exec set accounting suppress set accounting system set accounting update set radius key set radius server set tacacs key set tacacs server show accounting
2-143
Syntax Description
Keyword to enable the specified accounting method for normal login sessions. Keyword to specify the accounting method applies at the start and stop of the normal login sessions. Keyword to specify the accounting method applies at the end of the normal login sessions. Keyword to specify TACACS+ accounting for normal login sessions. Keyword to specify RADIUS accounting for normal login sessions. Keyword to disable accounting for normal login sessions.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable accounting.
Examples
This example shows how to enable accounting of normal login sessions, generating records at start and stop using a RADIUS server:
Console> (enable) set accounting exec enable start-stop radius Accounting set to enable for exec events in start-stop mode. Console> (enable)
This example shows how to enable accounting of normal login sessions, generating records at stop using a TACACS+ server:
Console> (enable) set accounting exec enable stop-only tacacs+ Accounting set to enable for exec events in stop-only mode. Console> (enable)
2-144
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set accounting exec
Related Commands
set accounting commands set accounting connect set accounting suppress set accounting system set accounting update set radius key set radius server set tacacs key set tacacs server show accounting
2-145
Syntax Description
Keyword to specify users must have a user ID. Keyword to enable suppression for a specified user. Keyword to disable suppression for a specified user.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the TACACS+ servers before you enable accounting.
Examples
This example shows how to suppress accounting information for users without a username:
Console> (enable) set accounting suppress null-username enable Accounting will be suppressed for user with no username. Console> (enable)
This example shows how to include users without the usernames accounting event information:
Console> (enable) set accounting suppress null-username disable Accounting will be not be suppressed for user with no username. Console> (enable)
Related Commands
set accounting commands set accounting connect set accounting exec set accounting system set accounting update set tacacs server show accounting
2-146
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set accounting system
Syntax Description
Keyword to enable the specified accounting method for system events. Keyword to specify the accounting method applies at the start and stop of the system event. Keyword to specify the accounting method applies at the end of the system event. Keyword to specify TACACS+ accounting for system events. Keyword to specify RADIUS accounting for system events. Keyword to disable accounting for system events.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the RADIUS or TACACS+ servers and shared secret keys before you enable accounting.
Examples
This example shows how to enable accounting for system events, sending records only at the end of the event using a RADIUS server:
Console> (enable) set accounting system enable stop-only radius Accounting set to enable for system events in start-stop mode.. Console> (enable)
This example shows how to enable accounting for system events, sending records only at the end of the event using a TACACS+ server:
Console> (enable) set accounting system enable stop-only tacacs+ Accounting set to enable for system events in start-stop mode.. Console> (enable)
2-147
Related Commands
set accounting commands set accounting connect set accounting exec set accounting suppress set accounting update set radius key set radius server set tacacs key set tacacs server show accounting
2-148
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set accounting update
Syntax Description
Keyword to specify update when new information in available. Keyword to update on a periodic basis. (Optional) Periodic update interval time; valid values are from 1 to 71582 minutes.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must configure the TACACS+ servers before you enable accounting.
Examples
This example shows how to send accounting updates every 200 minutes:
Console> (enable) set accounting update periodic 200 Accounting updates will be periodic at 200 minute intervals. Console> (enable)
This example shows how to send accounting updates only when there is new information:
Console> (enable) set accounting update new-info Accounting updates will be sent on new information only. Console> (enable)
Related Commands
set accounting commands set accounting connect set accounting exec set accounting suppress set accounting system set tacacs server show accounting
2-149
set alias
Use the set alias command to define aliases (shorthand versions) of commands. set alias name command [parameter] [parameter]
Syntax Description
Alias being created. Command for which the alias is being created. (Optional) Parameters that apply to the command for which an alias is being created.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The name all cannot be defined as an alias. Reserved words cannot be defined as aliases. For additional information about parameter, see the specific command for information about applicable parameters.
Examples
This example shows how to set the alias for the clear arp command as arpdel:
Console> (enable) set alias arpdel clear arp Command alias added. Console> (enable)
Related Commands
2-150
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set arp
set arp
Use the set arp command set to add IP address-to-MAC address mapping entries to the ARP table and to set the ARP aging time for the table. set arp [dynamic | permanent | static] {ip_addr hw_addr} set arp agingtime agingtime
Syntax Description
(Optional) Keyword to specify that entries are subject to ARP aging updates. (Optional) Keyword to specify that permanent entries are stored in NVRAM until they are removed by the clear arp or clear config command. (Optional) Keyword to specify that entries are not subject to ARP aging updates. IP address or IP alias to map to the specified MAC address. MAC address to map to the specified IP address or IP alias. Keyword to set the period of time after which an ARP entry is removed from the ARP table. Number of seconds that entries will remain in the ARP table before being deleted; valid values are from 0 to 1,000,000 seconds. Setting this value to 0 disables aging.
Defaults
The default is no ARP table entries exist; ARP aging is set to 1200 seconds.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When entering the hw_addr, use a 6-hexadecimal byte MAC address in canonical (00-11-22-33-44-55) or noncanonical (00:11:22:33:44:55) format. Static (nonpermanent) entries remain in the ARP table until you reset the active supervisor engine.
Examples
This example shows how to configure a dynamic ARP entry mapping that will age out after the configured ARP aging time:
Console> (enable) set arp dynamic 198.133.219.232 00-00-0c-40-0f-bc ARP entry added. Console> (enable)
2-151
This example shows how to set the aging time for the ARP table to 1800 seconds:
Console> (enable) set arp agingtime 1800 ARP aging time set to 1800 seconds. Console> (enable)
This example shows how to configure a permanent ARP entry, which will remain in the ARP cache after a system reset:
Console> (enable) set arp permanent 198.146.232.23 00-00-0c-30-0f-bc Permanent ARP entry added as 198.146.232.23 at 00-00-0c-30-0f-bc on vlan 5 Console> (enable)
This example shows how to configure a static ARP entry, which will be removed from the ARP cache after a system reset:
Console> (enable) set arp static 198.144.239.22 00-00-0c-50-0f-bc Static ARP entry added as 198.144.239.22 at 00-00-0c-50-0f-bc on vlan 5 Console> (enable)
Related Commands
2-152
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set authentication enable
Syntax Description
tacacs enable disable all console http telnet primary radius local kerberos
Keyword to specify TACACS+ authentication for login. Keyword to enable the specified authentication method for login. Keyword to disable the specified authentication method for login. (Optional) Keyword to apply the authentication method to all session types. (Optional) Keyword to specify the authentication method for console sessions. (Optional) Keyword to specify the specified authentication method HTTP sessions. (Optional) Keyword to specify the authentication method for Telnet sessions. (Optional) Keyword to specify the specified authentication method be tried first. Keyword to specify RADIUS authentication for login. Keyword to specify local authentication for login. Keyword to specify Kerberos authentication for login.
Defaults
The default is local authentication is enabled for console and Telnet sessions. RADIUS, TACACS+, and Kerberos are disabled for all session types.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Use authentication configuration for both console and Telnet connection attempts unless you use the console and telnet keywords to specify the authentication methods for each connection type individually.
2-153
Examples
This example shows how to use the TACACS+ server to determine if a user has privileged access permission:
Console> (enable) set authentication enable tacacs enable tacacs enable authentication set to enable for console, telnet and http session. Console> (enable)
This example shows how to use the local password to determine if the user has privileged access permission:
Console> (enable) set authentication enable local enable local enable authentication set to enable for console, telnet and http session. Console> (enable)
This example shows how to use the RADIUS server to determine if a user has privileged access permission for all session types:
Console> (enable) set authentication enable radius enable radius enable authentication set to enable for console, telnet and http session. Console> (enable)
This example shows how to use the TACACS+ server to determine if a user has privileged access permission for all session types:
Console> (enable) set authentication enable tacacs enable console tacacs enable authentication set to enable for console session. Console> (enable)
This example shows how to set the Kerberos server to be used first:
Console> (enable) set authentication enable kerberos enable primary kerberos enable authentication set to enable for console, telnet and http sessio n as primary authentication method. Console> (enable)
Related Commands
2-154
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set authentication login
Syntax Description
local enable disable all console http telnet tacacs radius kerberos
Keyword to specify local password to determine if you have access permission to the switch. Keyword to enable the specified authentication method for login. Keyword to disable the specified authentication method for login. (Optional) Keyword to specify the authentication method for all session types. (Optional) Keyword to specify the authentication method for console sessions. (Optional) Keyword to specify the authentication method for HTTP sessions or to set HTTP sessions as the primary authentication method. (Optional) Keyword to specify the authentication method for Telnet sessions. Keyword to specify the use of the TACACS+ server password to determine if you have access permission to the switch. Keyword to specify the use of the RADIUS server password to determine if you have access permission to the switch. Keyword to specify the Kerberos server password to determine if you have access permission to the switch.
Defaults
The default is local authentication is the primary authentication method for login.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command allows you to choose the authentification method for the web interface. If you configure the authentification method for the HTTP session as RADIUS, then the username or password is validated using the RADIUS protocol and TACACS+ and Kerberos authentication is set to disable for the HTTP sessions. By default, the HTTP login is validated using the local login password. You can specify that the authentication method for console, telnet, http, or all by entering the console, telnet, http, or all keywords. If you do not specify console, telnet, http, or all, the authentication method default is for all sessions.
2-155
Examples
This example shows how to disable TACACS+ authentication access for Telnet sessions:
Console> (enable) set authentication login tacacs disable telnet tacacs login authentication set to disable for the telnet sessions. Console> (enable)
This example shows how to disable RADIUS authentication access for console sessions:
Console> (enable) set authentication login radius disable console radius login authentication set to disable for the console sessions. Console> (enable)
This example shows how to disable Kerberos authentication access for Telnet sessions:
Console> (enable) set authentication login kerberos disable telnet kerberos login authentication set to disable for the telnet sessions. Console> (enable)
This example shows how to set TACACS+ authentication access as the primary method for HTTP sessions:
Console> (enable) set authentication login tacacs enable http primary tacacs login authentication set to enable for HTTP sessions as primary authentification method. Console> (enable)
Related Commands
2-156
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set authorization commands
Syntax Description
Keyword to enable the specified authorization method for commands. Keyword to permit authorization for configuration commands only. Keyword to permit authorization for all commands. Switch response to an authorization request; valid values are tacacs+, if-authenticated, and none. See the Usage Guidelines section for valid value definitions. Switch fallback response to an authorization request if the TACACS+ server is down or not responding; valid values are tacacs+, deny, if-authenticated, and none. See the Usage Guidelines section for valid value definitions. (Optional) Keyword to specify the authorization method for console sessions. (Optional) Keyword to specify the authorization method for Telnet sessions. (Optional) Keyword to specify the authorization method for both console and Telnet sessions. Keyword to disable authorization of command events.
fallbackoption
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
tacacs+ specifies the TACACS+ authorization method. deny does not let you proceed. if-authenticated allows you to proceed with your action if you have been authenticated. none allows you to proceed without further authorization in case the TACACS+ server does not respond.
2-157
Examples
This example shows how to enable authorization for all commands with the if-authenticated option and none fallbackoption:
Console> (enable) set authorization commands enable all if-authenticated none Successfully enabled commands authorization. Console> (enable)
Related Commands
2-158
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set authorization enable
Syntax Description
enable option
Keyword to enable the specified authorization method. Switch response to an authorization request; valid values are tacacs+, if-authenticated, and none. See the Usage Guidelines section for valid value definitions. Switch fallback response to an authorization request if the TACACS+ server is down or not responding; valid values are tacacs+, deny, if-authenticated, and none. See the Usage Guidelines section for valid value definitions. (Optional) Keyword to specify the authorization method for console sessions. (Optional) Keyword to specify the authorization method for Telnet sessions. (Optional) Keyword to specify the authorization method for both console and Telnet sessions. Keyword to disable the authorization method.
fallbackoption
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
tacacs+ specifies the TACACS+ authorization method. deny does not let you proceed. if-authenticated allows you to proceed with your action if you have authentication. none allows you to proceed without further authorization in case the TACACS+ server does not respond.
2-159
Examples
This example shows how to enable authorization of configuration commands in enable, privileged login mode, sessions:
Console> (enable) set authorization enable enable if-authenticated none Successfully enabled enable authorization. Console> (enable)
Related Commands
2-160
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set authorization exec
Syntax Description
enable option
Keyword to enable the specified authorization method. Switch response to an authorization request; valid values are tacacs+, if-authenticated, and none. See the Usage Guidelines section for valid value definitions. Switch fallback response to an authorization request if the TACACS+ server is down or not responding; valid values are tacacs+, deny, if-authenticated, and none. See the Usage Guidelines section for valid value definitions. (Optional) Keyword to specify the authorization method for console sessions. (Optional) Keyword to specify the authorization method for Telnet sessions. (Optional) Keyword to specify the authorization method for both console and Telnet sessions. Keyword to disable authorization method.
fallbackoption
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
tacacs+ specifies the TACACS+ authorization method. deny fails authorization if the TACACS+ server does not respond. if-authenticated allows you to proceed with your action if the TACACS+ server does not respond and you have authentication. none allows you to proceed without further authorization if the TACACS+ server does not respond.
2-161
Examples
This example shows how to enable authorization of configuration commands in exec, normal login mode, sessions:
Console> (enable) set authorization exec enable if-authenticated none Successfully enabled exec authorization. Console> (enable)
Related Commands
2-162
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set banner motd
Syntax Description
c text
Delimiting character used to begin and end the message. (Optional) Message of the day.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The banner may contain no more than 3,070 characters, including tabs. Tabs display as eight characters but take only one character of memory. You can use either the clear banner motd command or the set banner motd cc command to clear the message-of-the-day banner.
Examples
This example shows how to set the message of the day using the pound sign (#) as the delimiting character:
Console> (enable) set banner motd # ** System upgrade at 6:00am Tuesday. ** Please log out before leaving on Monday. # MOTD banner set. Console> (enable)
Related Commands
2-163
Syntax Description
Device where the startup configuration file resides. Name of the startup configuration file. (Optional) Module number of the supervisor engine containing the Flash device.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set boot auto-config command always overwrites the existing CONFIG_FILE environment variable settings (you cannot prepend or append a file to the variable contents). If you specify multiple configuration files, you must separate the files with a semicolon (;). To set the recurrence on other supervisor engines and switches, use the set boot config-register auto-config command.
Examples
This example shows how to specify a single configuration file environment variable:
Console> (enable) set boot auto-config slot0:cfgfile2 CONFIG_FILE variable = slot0:cfgfile2 WARNING: nvram configuration may be lost during next bootup, and re-configured using the file(s) specified. Console> (enable)
This example shows how to specify multiple configuration file environment variables:
Console> (enable) set boot auto-config slot0:cfgfile;slot0:cfgfile2 CONFIG_FILE variable = slot0:cfgfile1;slot0:cfgfile2 WARNING: nvram configuration may be lost during next bootup, and re-configured using the file(s) specified. Console> (enable)
2-164
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set boot auto-config
Related Commands
2-165
Syntax Description
0xvalue mod
Keyword to set the 16-bit configuration register value. (Optional) Module number of the supervisor engine containing the Flash device.
baud 1200 | 2400 Keywords to specify the console baud rate. | 4800 | 9600 ignore-config enable disable boot rommon bootflash system Keywords to set the ignore-config feature. Keyword to enable the specified feature. Keyword to disable the specified feature. Keyword to specify the boot image to use on the next restart. Keyword to specify booting from the ROM monitor. Keyword to specify booting from the bootflash. Keyword to specify booting from the system.
Defaults
Configuration register value is 0x10F, which causes the switch to boot from what is specified by the BOOT environment variable. Baud rate is set to 9600. ignore-config parameter is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
We recommend that you use only the rommon and system options to the set boot config-register boot command. Each time you enter one of the set boot config-register commands, the system displays all current configuration-register information (the equivalent of entering the show boot command). The baud rate specified in the configuration register is used by the ROM monitor only and is different from the baud rate specified by the set system baud command.
2-166
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set boot config-register
When you enable the ignore-config feature, the system software ignores the configuration. Enabling the ignore-config parameter is the same as entering the clear config all command; that is, it clears the entire configuration stored in NVRAM the next time the switch is restarted.
Examples
This example shows how to specify booting from the ROM monitor:
Console> (enable) set boot config-register boot rommon Configuration register is 0x100 ignore-config: disabled console baud: 9600 boot: the ROM monitor Console> (enable)
This example shows how to specify the default 16-bit configuration register value:
Console> (enable) set boot config-register 0x12f Configuration register is 0x12f break: disabled ignore-config: disabled console baud: 9600 boot: image specified by the boot system commands Console> (enable)
This example shows how to change the ROM monitor baud rate to 4800:
Console> (enable) set boot config-register baud 4800 Configuration register is 0x90f ignore-config: disabled console baud: 4800 boot: image specified by the boot system commands Console> (enable)
This example shows how to ignore the configuration information stored in NVRAM the next time the switch is restarted:
Console> (enable) set boot config-register ignore-config enable Configuration register is 0x94f ignore-config: enabled console baud: 4800 boot: image specified by the boot system commands Console> (enable)
This example shows how to specify rommon as the boot image to use on the next restart:
Console> (enable) set boot config-register boot rommon Configuration register is 0x100 ignore-config: disabled console baud: 9600 boot: the ROM monitor Console> (enable)
Related Commands
set config acl set boot auto-config set boot system flash show boot copy show config
2-167
Syntax Description
recurring
Keyword to set auto-config to recurring and specify the switch retains the contents of the CONFIG_FILE environment variable after the switch is reset or power cycled and configured. Keyword to set auto-config to nonrecurring and cause the switch to clear the contents of the CONFIG_FILE environment variable after the switch is reset or power cycled and before the switch is configured. (Optional) Module number of the supervisor engine containing the Flash device. Keyword to cause the auto-config file to overwrite the NVRAM configuration. Keyword to cause the auto-config file to append to the file currently in the NVRAM configuration. Keywords to enable or disable synchronization of the auto-config file.
non-recurring
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The auto-config overwrite command clears the NVRAM configuration before executing the Flash configuration file. The auto-config append command executes the Flash configuration file before clearing the NVRAM configuration. If you delete the auto-config Flash file(s) on the supervisor engine, the files will also be deleted on the standby supervisor engine.
2-168
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set boot config-register auto-config
If you enable synchronization, the CONFIG_FILE variable from the active file is made identical on the standby supervisor engine. Each auto-config file on the active supervisor engine is compared against each corresponding auto-config file on the standby supervisor engine. Two files are considered identical if the CRC is the same. If a file on the standby and active supervisor engine is not identical, a new file is generated on the standby supervisor engine. If a file already exists on the standby supervisor engine, it is overwritten with the file from the active supervisor engine. If you use the set boot auto-config bootflash:switch.cfg with the overwrite option, you must use the copy config bootflash:switch.cfg command to save the switch configuration to the auto-config file. If you use the set boot auto-config bootflash:switchapp.cfg with the append option, you can use the copy acl config bootflash:switchapp.cfg command to save the switch configuration to the auto-config file. If the ACL configuration location is set to Flash memory, the following message is displayed after every commit operation for either security or QoS. Use the copy commands to save your ACL configuration to Flash memory. If you reset the system and you made one or more commits but did not copy commands to one of the files specified in the CONFIG_FILE variable, the following message displays:
Warning: System ACL configuration has been modified but not saved to Flash.
The files used with the recurring and non-recurring options are those specified by the CONFIG_FILE environment variable.
Examples
This example shows how to specify the ACL configuration Flash file at system startup:
Console> (enable) set boot auto-config bootflash:switchapp.cfg Console> (enable) set boot config-register auto-config recurring Console> (enable)
This example shows how to ignore the configuration information stored in NVRAM the next time the switch is restarted:
Console> (enable) set boot config-register auto-config non-recurring Configuration register is 0x2102 ignore-config: disabled auto-config: non-recurring, overwrite, auto-sync disabled console baud: 9600 boot: image specified by the boot system commands Console> (enable)
This example shows how to append the auto-config file to the file currently in the NVRAM configuration:
Console> (enable) set boot config-register auto-config append Configuration register is 0x2102 ignore-config: disabled auto-config: non-recurring, append, auto-sync disabled console baud: 9600 boot: image specified by the boot system commands Console> (enable)
This example shows how to use the auto-config overwrite option to save the ACL configuration to a bootflash file:
Console> Console> Console> Console> (enable) copy config bootflash: switch.cfg (enable) set boot auto-config bootflash:switch.cfg (enable) set boot config-register auto-config overwrite (enable)
2-169
Caution
The following two examples assume that you have saved the ACL configuration to the bootflash:switchapp.cfg file. This example shows how to enable synchronization of the auto-config file:
Console> (enable) set boot config-register auto-config sync enable Configuration register is 0x2102 ignore-config: disabled auto-config: non-recurring, append, auto-sync enabled console baud: 9600 boot: image specified by the boot system commands Console> (enable)
Related Commands
2-170
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set boot device
Syntax Description
bootseq
Device where the startup configuration file resides; see the Usage Guidelines section for format guidelines. The second bootseq is optional. Number of the module containing the Flash device.
mod
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enter the set boot device command, the existing boot string in the supervisor engine NVRAM is always overwritten. When you enter the bootseq, use the following guidelines:
bootseq = bootdevice[:bootdevice-qualifier] bootdevice is the device where the startup configuration file resides; valid values are pcmcia, hdd, or network. bootdevice-qualifier is the name of the startup configuration file; valid values for hdd are from 1 to 99, and for pcmcia, valid values are slot0 or slot1. The colon between bootdevice and bootdevice-qualifier is required. You can enter multiple bootseq by separating each entry with a comma; 15 is the maximum number of boot sequences you can enter.
The supervisor engine does not validate the boot device you specify, but simply stores the boot device list in NVRAM. This command is supported by the NAM module only.
Examples
This example shows how to specify the boot environment to boot to the maintenance partition of the NAM on module 2:
Console> (enable) set boot device hdd:2 2 Device BOOT variable = hdd:2 Warning: Device list is not verified but still set in the boot string. Console> (enable)
2-171
Related Commands
2-172
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set boot system flash
Syntax Description
Device where the Flash resides. (Optional) Name of the configuration file. (Optional) Keyword to place the device first in the list of boot devices. (Optional) Module number of the supervisor engine containing the Flash device.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
A colon (:) is required after the specified device. You can enter several boot system commands to provide a fail-safe method for booting the switch. The system stores and executes the boot system commands in the order in which you enter them. Remember to clear the old entry when building a new image with a different filename in order to use the new image. If the file does not exist (for example, if you entered the wrong filename), then the filename is appended to the bootstring, and this message displays, Warning: File not found but still added in the bootstring. If the file does exist, but is not a supervisor engine image, the file is not added to the bootstring, and this message displays, Warning: file found but it is not a valid boot image.
Examples
This example shows how to append the filename cat6000-sup.5-5-1.bin on device bootflash to the BOOT environment variable:
Console> (enable) set boot system flash bootflash:cat6000-sup.5-5-1.bin BOOT variable = bootflash:cat6000-sup.5-4-1.bin,1;bootflash:cat6000-sup.5-5-1.bin,1; Console> (enable)
This example shows how to prepend cat6000-sup.5-5-1.bin to the beginning of the boot string:
Console> (enable) set boot system flash bootflash:cat6000-sup.5-5-1.bin prepend BOOT variable = bootflash:cat6000-sup.5-5-1.bin,1;bootflash:cat6000-sup.5-4-1.bin,1; Console> (enable)
2-173
Related Commands
2-174
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set cam
set cam
Use the set cam command set to add entries into the CAM table and set the aging time for the CAM table. set cam {dynamic | static | permanent} {unicast_mac | route_descr} mod/port [vlan] set cam {static | permanent} {multicast_mac} mod/ports.. [vlan] set cam agingtime vlan agingtime
Syntax Description
dynamic static permanent unicast_mac route_descr mod/port vlan multicast_mac mod/ports.. agingtime agingtime
Keyword to specify that entries are subject to aging. Keyword to specify that entries are not subject to aging. Keyword to specify that permanent entries are stored in NVRAM until they are removed by the clear cam or clear config command. MAC address of the destination host used for a unicast. Route descriptor of the next hop relative to this switch; valid values are from 0 to 0xffff. Number of the module and the port on the module. (Optional) Number of the VLAN. MAC address of the destination host used for a multicast. Number of the module and the ports on the module. Keyword to set the period of time after which an entry is removed from the table. Number of seconds (0 to 1,000,000) that dynamic entries remain in the table before being deleted. Setting the aging time to 0 disables aging.
Defaults
The default configuration has a local MAC address, spanning tree address (01-80-c2-00-00-00), and CDP multicast address for destination port 1/3 (the NMP). The default aging time for all configured VLANs is 300 seconds.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If the given MAC address is a multicast address (the least significant bit of the most significant byte is set to 1) or broadcast address (ff-ff-ff-ff-ff-ff) and you specify multiple ports, the ports must all be in the same VLAN. If the given address is a unicast address and you specify multiple ports, the ports must be in different VLANs. The set cam command does not support the MSM.
2-175
If you enter a route descriptor with no VLAN parameter specified, the default is the VLAN already associated with the port. If you enter a route descriptor, you may only use a single port number (of the associated port). The vlan number is optional unless you are setting CAM entries to dynamic, static, or permanent for a trunk port, or if you are using the agingtime keyword. If port(s) are trunk ports, you must specify the VLAN. Static (nonpermanent) entries will remain in the table until the active supervisor engine is reset. The route_descr variable is entered as two hexadecimal bytes in the following format: 004F. Do not use a - to separate the bytes.
Examples
This example shows how to set the CAM table aging time to 300 seconds:
Console> (enable) set cam agingtime 1 300 Vlan 1 CAM aging time set to 300 seconds. Console> (enable)
This example shows how to add a unicast entry to the table for module 2, port 9:
Console> (enable) set cam static 00-00-0c-a0-03-fa 2/9 Static unicast entry added to CAM table. Console> (enable)
This example shows how to add a permanent multicast entry to the table for module 1, port 1, and module 2, ports 1, 3, and 8 through 12:
Console> (enable) set cam permanent 01-40-0b-a0-03-fa 1/1,2/1,2/3,2/8-12 Permanent multicast entry added to CAM table. Console> (enable)
Related Commands
2-176
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set cdp
set cdp
Use the set cdp command set to enable, disable, or configure CDP features globally on all ports or on specified ports. set cdp {enable | disable} {mod/ports...} set cdp interval interval set cdp holdtime holdtime set cdp version v1 | v2
Syntax Description
Keyword to enable the CDP feature. Keyword to disable the CDP feature. Number of the module and the ports on the module. Keyword to specify the CDP message interval value. Number of seconds the system waits before sending a message; valid values are from 5 to 900 seconds. Keyword to specify the global Time-To-Live value. Number of seconds for the global Time-To-Live value; valid values are from 10 to 255 seconds. Keywords to specify the CDP version number.
Defaults
The default system configuration has CDP enabled. The message interval is set to 60 seconds for every port; the default Time-To-Live value has the message interval globally set to 180 seconds. The default CDP version is version 2.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set cdp version command allows you to globally set the highest version number of CDP packets to send. If you enter the global set cdp enable or disable command, CDP is globally configured. If CDP is globally disabled, CDP is automatically disabled on all interfaces, but the per-port enable (or disable) configuration is not changed. If CDP is globally enabled, whether CDP is running on an interface or not depends on its per-port configuration. If you configure CDP on a per-port basis, you can enter the mod/port as a single module and port or a range of ports; for example, 2/1-12,3/5-12.
2-177
Examples
This example shows how to enable the CDP message display for port 1 on module 2:
Console> (enable) set cdp enable 2/1 CDP enabled on port 2/1. Console> (enable)
This example shows how to disable the CDP message display for port 1 on module 2:
Console> (enable) set cdp disable 2/1 CDP disabled on port 2/1. Console> (enable)
This example shows how to specify the CDP message interval value:
Console> (enable) set cdp interval 400 CDP interval set to 400 seconds. Console> (enable)
Related Commands
show cdp
2-178
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set channel cost
Syntax Description
Number of the channel identification. Keyword to configure all channels. (Optional) Port costs of the ports in the channel.
Defaults
The default is the port cost is updated automatically based on the current port costs.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you do not enter the cost, the cost is updated based on the current port costs of the channeling ports. If you change the channel cost, member ports in the channel might be modified and saved to NVRAM. If this is the case, a message appears to list the ports whose port path costs were updated due to the channel cost modification.
Examples
This example shows how to set the channel 768 path cost to 23:
Console> (enable) set channel cost 768 23 Port(s) 1/1-2,7/3,7/5 port path cost are updated to 60. Channel 768 cost is set to 23. Warning:channel cost may not be applicable if channel is broken. Console> (enable)
This example shows how to set all channel path costs to 15:
Console> (enable) set channel cost all 15 Port(s) 4/1-4 port path cost are updated to 39. Channel 768 cost is set to 15. Warning:channel cost may not be applicable if channel is broken.
Related Commands
show channel
2-179
Syntax Description
channel_id cost
Number of the channel identification; valid values are from 769 to 896. Port costs of the ports in the channel.
Defaults
The default is the VLAN cost is updated automatically based on the current port VLAN costs of the channeling ports.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you do not enter the cost, the cost is updated based on the current port VLAN costs of the channeling ports. You can configure only one channel at a time. If you change the channel VLAN cost, member ports in the channel might be modified and saved to NVRAM. If this is the case, a message appears to list the ports whose port path costs were updated due to the channel cost modification.
Examples
This example shows how to set the channel 769 path cost to 10:
Console> (enable) set channel vlancost 769 10 Port(s) 1/1-2 vlan cost are updated to 24. Channel 769 vlancost is set to 10. Console> (enable)
Related Commands
show channel
2-180
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set config acl
Syntax Description
nvram
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Once the configuration is moved to a Flash file, you must set up the auto-config feature by using the overwrite and append options from the set boot config-register auto-config command. You can also set the recurrence on other supervisor engines and switches by using this command. If you specify multiple configuration files, you must separate the files with a semicolon (;). If the ACL configuration location is set to flash, the following message displays after every commit operation for either Security or QoS:
Warning: Use the copy commands to save your ACL configuration to Flash.
If you reset the system and there were one or more commits done but no copy commands to one of the files specified in the CONFIG_FILE variable, the following message displays:
Warning: System ACL configuration has been modified but not saved to Flash.
Examples
This example shows how to copy the ACL configuration to the bootflash file:
Console> (enable) set config acl flash switchapp.cfg Upload ACL configuration to bootflash:switchapp.cfg 2843644 bytes available on device bootflash, proceed (y/n) [n]? y Configuration has been copied successfully. WARNING: Use the set boot config-register auto-config commands to configure the auto-config feature. Console> (enable)
2-181
Related Commands
set boot config-register set boot system flash show boot copy clear config
2-182
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set cops
set cops
Use the set cops command set to configure COPS functionality. set cops server ipaddress [port] [primary] [diff-serv | rsvp] set cops domain-name domain_name set cops retry-interval initial incr max
Syntax Description
server ipaddress port primary diff-serv rsvp domain-name domain_name retry-interval initial incr max
Keyword to set the name of the COPS server. IP address or IP alias of the server. (Optional) Number of the TCP port the switch connects to on the server. (Optional) Keyword to specify the primary server. (Optional) Keyword to set the COPS server for differentiated services. (Optional) Keyword to set the COPS server for RSVP+. Keyword and variable to specify the domain name of the switch. Keyword to specify the retry interval in seconds. Initial timeout value; valid values are from 0 to 65535 seconds. Incremental value; valid values are from 0 to 65535 seconds. Maximum timeout value; valid values are from 0 to 65535 seconds.
Defaults
The retry interval default values are initial = 30 seconds, incr = 30 seconds, max = 5 minutes. The default domain-name is a string of length zero. No PDP servers are configured.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure the names or addresses of up to two PDP servers. One must be the primary, and the optional second server is a secondary, or backup, PDP server. The COPS domain name can be set globally only; there is no option to set it for each COPS client. Names such as the server, domain-name, and roles can contain a maximum of 31 characters; longer names are truncated to 31 characters. Valid letters are a-z, A-Z, 0-9, ., - and _. Names cannot start with an underscore (_). The names are not case sensitive for matching, but are case sensitive for display.
2-183
When specifying the retry-interval, the total of the initial timeout value and the incremental value (increment on each subsequent failure) may not exceed the maximum timeout value.
Examples
This example shows how to configure a server as a secondary (or backup) server:
Console> (enable) set cops server my_server2 my_server2 added to the COPS server table as backup server. Console> (enable)
This example shows the display output if the total of the initial timeout value and the incremental value you entered exceeds the maximum timeout value:
Console> (enable) set cops retry-interval 15 1 10 The initial timeout plus the increment value may not exceed the max value. Console> (enable)
Related Commands
2-184
78-10558-02
222
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands set default portstatus
Syntax Description
enable disable
Keyword to activate default port status. Keyword to deactivate default port status.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enter the clear config all command or in the event of a configuration loss, all ports collapse into VLAN 1. This might cause a security and network instability problem. Entering the set default portstatus command puts all ports into a disable state and blocks the traffic flowing through the ports during a configuration loss. You can then manually configure the ports back to the enable state. After you enter the set default portstatus command, you must reset the system so the new configuration setup can take effect. This command is not saved in the configuration file. Once you set the default port status, the default port status does not clear when you enter the clear config all command.
Examples
Related Commands
show default
2-185
set enablepass
Use the set enablepass command to change the password for the privileged level of the CLI. set enablepass
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Passwords are case sensitive and may be 0 to 19 characters in length, including spaces. The command prompts you for the old password. If the password you enter is valid, you are prompted to enter a new password and to verify the new password.
Examples
Related Commands
2-186
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set errdisable-timeout
set errdisable-timeout
Use the set errdisable-timeout command to configure a timeout for ports in errdisable state, after which the ports are reenabled automatically. set errdisable-timeout {enable | disable} {reason} set errdisable-timeout interval {interval}
Syntax Description
Keyword to enable errdisable timeout. Keyword to disable errdisable timeout. Reason for the port being in the errdisable state; valid values are bpdu-guard, channel-misconfig, duplex-mismatch, udld, other, and all. Timeout interval; valid values are from 30 to 86400 seconds (30 seconds to 24 hours).
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The errdisable timeout feature allows you to configure a timeout period for ports in errdisable state. When this feature is enabled, ports are reenabled automatically after the timeout interval has elapsed. A port enters errdisable state for the following reasons (these reasons appear as configuration options with the set errdisable-timeout enable command):
Channel misconfiguration Duplex mismatch BPDU port-guard UDLD Other (reasons other than the above) All (apply errdisable timeout to all reasons)
You can enable or disable errdisable timeout for each of the above listed reasons. The ports in errdisable state for reasons other than the first four reasons are considered "other." If you specify other, all ports errdisabled by causes other than the first four reasons are enabled for errdisable timeout. If you specify "all," all ports errdisabled for any reason are enabled for errdisable timeout.
2-187
Examples
This example shows how to enable an errdisable timeout for BPDU guard causes:
Console> (enable) set errdisable-timeout enable bpdu-guard Successfully enabled errdisable-timeout for bpdu-guard. Console> (enable)
This example shows how to set an errdisable timeout interval to 450 seconds:
Console> (enable) set errdisable-timeout interval 450 Successfully set errdisable timeout to 450 seconds. Console> (enable)
Related Commands
show errdisable-timeout
2-188
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set errordetection
set errordetection
Use the set errordetection command set to enable or disable various error detections. set errordetection inband {enable | disable} set errordetection memory {enable | disable}
Syntax Description
Keyword to enable the specified error detection. Keyword to disable the specified error detection. Keyword to specify inband error detection. Keyword to specify memory error detection.
Defaults
The default is portcounters error detection is enabled, and memory and inband error detection is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
Related Commands
show errordetection
2-189
Syntax Description
enable disable
Keyword to enable the multiple default gateway. Keyword to disable the multiple default gateway.
Defaults
Command Types
Switch command.
Command Modes
Privilege.
Usage Guidelines
If you enable the multiple default gateway feature, the Catalyst 6000 family switch pings the default gateways every 10 seconds to verify the gateways are still available.
Examples
This example shows how to enable the multiple default gateway feature:
Console> (enable) set feature mdg enable Multiple Gateway feature enabled. Console> (enable)
This example shows how to disable the multiple default gateway feature:
Console> (enable) set feature mdg disable Multiple Gateway feature disabled. Console> (enable)
2-190
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set garp timer
Syntax Description
timer_type timer_value
Type of timer; valid values are join, leave, and leaveall. Timer values in milliseconds; valid values are from 1 to 2147483647 milliseconds.
Defaults
The default is the join timer default is 200 ms, the leave timer default is 600 ms, and the leaveall timer default is 10000 ms.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must maintain the following relationship for the various timer values:
Leave time must be greater than or equal to three times the join time. Leaveall time must be greater than the leave time.
Caution
Set the same GARP application (for example, GMRP and GVRP) timer values on all Layer 2-connected devices. If the GARP timers are set differently on the Layer 2-connected devices, GARP applications will not operate successfully.
Note
The modified timer values are applied to all GARP application (for example, GMRP and GVRP) timer values.
Examples
This example shows how to set the join timer value to 100 ms for all the ports on all the VLANs:
Console> (enable) set garp timer join 100 GMRP/GARP Join timer value is set to 100 milliseconds. Console> (enable)
This example shows how to set the leave timer value to 300 ms for all the ports on all the VLANs:
Console> (enable) set garp timer leave 300 GMRP/GARP Leave timer value is set to 300 milliseconds. Console> (enable)
2-191
This example shows how to set the leaveall timer value to 20000 ms for all the ports on all the VLANs:
Console> (enable) set garp timer leaveall 20000 GMRP/GARP LeaveAll timer value is set to 20000 milliseconds. Console> (enable)
Related Commands
2-192
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set gmrp
set gmrp
Use the set gmrp command to enable or disable GMRP on the switch in all VLANs on all ports. set gmrp {enable | disable}
Syntax Description
enable disable
Keyword to enable GMRP on the switch. Keyword to disable GMRP on the switch.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows the display if you try to enable GMRP on the switch with IGMP enabled:
Console> (enable) set gmrp enable Disable IGMP to enable GMRP snooping feature. Console> (enable)
Related Commands
2-193
Syntax Description
Keyword to enable GMRP Forward All on a specified port. Keyword to disable GMRP Forward All on a specified port. Number of the module and the ports on the module.
Defaults
The default is the Forward All feature is disabled for all ports.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Forward All indicates that a port is interested in receiving all the traffic for all the multicast groups. If the port is trunking, then this feature is applied to all the VLANs on that port.
Examples
This example shows how to enable GMRP Forward All on module 5, port 5:
Console> (enable) set gmrp fwdall enable 5/5 GMRP Forward All groups option enabled on port(s) 5/5. Console> (enable)
This example shows how to disable the GMRP Forward All on module 3, port 2:
Console> (enable) set gmrp service fwdall disable 3/2 GMRP Forward All groups option disabled on port(s) 3/2. Console> (enable)
Related Commands
2-194
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set gmrp registration
Syntax Description
normal fixed
Keyword to specify dynamic GMRP multicast registration and deregistration on the port. Keyword to specify the multicast groups currently registered on the switch are applied to the port, but any subsequent registrations or deregistrations do not affect the port. Any registered multicast groups on the port are not deregistered based on the GARP timers. Keyword to specify that all GMRP multicasts are deregistered and prevent any further GMRP multicast registration on the port. Number of the module and the ports on the module.
forbidden mod/port...
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must return the port to normal registration mode to deregister multicast groups on the port. GMRP supports a total of 3072 multicast addresses for the whole switch.
Examples
This example shows how to set the registration type to fixed on module 3, port 3:
Console> (enable) set gmrp registration fixed 3/3 GMRP Registration is set to Fixed for port(s) 3/3. Console> (enable)
This example shows how to set the registration type to forbidden on module 1, port 1:
Console> (enable) set gmrp registration forbidden 1/1 GMRP Registration is set to Forbidden for port(s) 1/1. Console> (enable)
Related Commands
2-195
Syntax Description
timer_type timer_value
Type of timer; valid values are join, leave, and leaveall. Timer values in milliseconds; valid values are from 1 to 2147483647 milliseconds.
Defaults
The default is the join timer is 200 ms, the leave timer is 600 ms, and the leaveall timer is 10000 ms.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must maintain the following relationship for the various timer values:
Leave time must be greater than or equal to three times the join time. Leaveall time must be greater than the leave time.
Caution
Set the same GARP application (for example, GMRP and GVRP) timer values on all Layer 2-connected devices. If the GARP timers are set differently on the Layer 2-connected devices, GARP applications will not operate successfully.
Note
The modified timer values are applied to all GARP application (for example, GMRP and GVRP) timer values.
Examples
This example shows how to set the join timer value to 100 ms for all the ports on all the VLANs:
Console> (enable) set gmrp timer join 100 GARP Join timer value is set to 100 milliseconds. Console> (enable)
This example shows how to set the leave timer value to 300 ms for all the ports on all the VLANs:
Console> (enable) set gmrp timer leave 300 GARP Leave timer value is set to 300 milliseconds. Console> (enable)
2-196
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set gmrp timer
This example shows how to set the leaveall timer value to 20000 ms for all the ports on all the VLANs:
Console> (enable) set gmrp timer leaveall 20000 GARP LeaveAll timer value is set to 20000 milliseconds. Console> (enable)
Related Commands
2-197
set gvrp
Use the set gvrp command to enable or disable GVRP globally in the switch or on a per-port basis. set gvrp {enable | disable} [mod/port]
Syntax Description
Keyword to enable GVRP on the switch. Keyword to disable GVRP on the switch. (Optional) Number of the module and port on the module.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enable VTP pruning, VTP pruning runs on all the GVRP-disabled trunks. To run GVRP on a trunk, you need to enable GVRP both globally on the switch and individually on the trunk.
Examples
Related Commands
show gmrp timer show gvrp configuration set gvrp timer set garp timer
2-198
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set gvrp applicant
Syntax Description
Keyword to disallow the declaration of any VLAN out of blocking ports. Keyword to enforce the declaration of all active VLANs out of blocking ports. Number of the module and the ports on the module.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To run GVRP on a trunk, you need to enable GVRP both globally on the switch and individually on the trunk. On a port connected to a device that does not support the per-VLAN mode of STP, the port state may continuously cycle from blocking to listening to learning to learning, and back to blocking. To prevent this, you must enter the set gvrp applicant active mod/port... command on the port to send GVRP VLAN declarations when the port is in the STP blocking state.
Examples
This example shows how to enforce the declaration of all active VLANs out of specified blocking ports:
Console> (enable) set gvrp applicant active 4/2-3,4/9-10,4/12-24 Applicant was set to active on port(s) 4/2-3,4/9-10,4/12-24. Console> (enable)
This example shows how to disallow the declaration of any VLAN out of specified blocking ports:
Console> (enable) set gvrp applicant normal 4/2-3,4/9-10,4/12-24 Applicant was set to normal on port(s) 4/2-3,4/9-10,4/12-24. Console> (enable)
Related Commands
2-199
Syntax Description
enable disable
Keyword to enable dynamic VLAN creation. Keyword to disable dynamic VLAN creation.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can enable dynamic VLAN creation only when VTP is in transparent mode and no ISL trunks exist in the switch. This feature is not allowed when there are 802.1q trunks that are not configured with GVRP.
Examples
This example shows what happens if you try to enable dynamic VLAN creation and VTP is not in transparent mode:
Console> (enable) set gvrp dynamic-vlan-creation enable VTP has to be in TRANSPARENT mode to enable this feature. Console> (enable)
Related Commands
2-200
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set gvrp registration
Syntax Description
normal fixed
Keyword to allow dynamic registering and deregistering each VLAN (except VLAN 1) on the port. Keyword to support manual VLAN creation and registration, prevent VLAN deregistration, and register all VLANs known to other ports. Keyword to specify that all the VLANs (except VLAN 1) are statically deregistered from the port. Number of the module and the ports on the module.
forbidden mod/port..
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you set VLAN registration, you are telling the switch that the VLAN is interested in the user(s) connecting to this port and the VLANs broadcast and multicast traffic is allowed to send to the port. For static VLAN configuration, you should set the mod/port.. control to fixed or forbidden if the mod/port.. will not receive or process any GVRP message. For each dynamically configured VLAN on a port, you should set the mod/port.. control to normal (default), except for VLAN 1; GVRP registration mode for VLAN 1 is always fixed and is not configurable. VLAN 1 is always carried by 802.1Q trunks on which GVRP is enabled. When GVRP is running, you can create a VLAN through a GVRP trunk port only if you enter the set gvrp dynamic-vlan-creation enable and the set gvrp registration normal commands.
Examples
This example shows how to set the administrative control to normal on module 3, port 7:
Console> (enable) set gvrp registration normal 3/7 Registrar Administrative Control set to normal on port 3/7. Console> (enable)
This example shows how to set the administrative control to fixed on module 5, port 10:
Console> (enable) set gvrp registration fixed 5/10 Registrar Administrative Control set to fixed on Port 5/10. Console> (enable)
2-201
This example shows how to set the administrative control to forbidden on module 5, port 2:
Console> (enable) set gvrp registration forbidden 5/2 Registrar Administrative Control set to forbidden on port 5/2. Console> (enable)
Related Commands
2-202
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set gvrp timer
Syntax Description
timer_type timer_value
Type of timer; valid values are join, leave, and leaveall. TimTimer values in milliseconds; valid values are from 1 to 2147483647 milliseconds.
Defaults
The default is the join timer is 200 ms, the leave timer is 600 ms, and the leaveall timer is 10000 ms.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must maintain the following relationship for the various timer values:
Leave time must be greater than or equal to three times the join time. Leaveall time must be greater than the leave time.
Caution
Set the same GARP application (for example, GMRP and GVRP) timer values on all Layer 2-connected devices. If the GARP timers are set differently on the Layer 2-connected devices, GARP applications will not operate successfully.
Note
The modified timer values are applied to all GARP application (for example, GMRP and GVRP) timer values.
Examples
This example shows how to set the join timer value to 100 ms for all the ports on all the VLANs:
Console> (enable) set gvrp timer join 100 GVRP/GARP Join timer value is set to 100 milliseconds. Console> (enable)
This example shows how to set the leave timer value to 300 ms for all the ports on all the VLANs:
Console> (enable) set gvrp timer leave 300 GVRP/GARP Leave timer value is set to 300 milliseconds. Console> (enable)
2-203
This example shows how to set the leaveall timer value to 20000 ms for all the ports on all the VLANs:
Console> (enable) set gvrp timer leaveall 20000 GVRP/GARP LeaveAll timer value is set to 20000 milliseconds. Console> (enable)
Related Commands
2-204
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set igmp
set igmp
Use the set igmp command to enable or disable IGMP snooping on the switch. set igmp {enable | disable}
Syntax Description
enable disable
Keyword to enable IGMP snooping on the switch. Keyword to disable IGMP snooping on the switch.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows the display if you try to enable GMRP on the switch with IGMP enabled:
Console> (enable) set igmp enable Disable GMRP to enable IGMP snooping feature. Console> (enable)
Related Commands
2-205
Syntax Description
enable disable
Keyword to enable IGMP fastleave processing. Keyword to disable IGMP fastleave processing.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-206
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set igmp mode
Syntax Description
Keyword to specify IGMP snooping only. Keyword to specify IGMP and CGMP modes. Keyword to override the dynamic switching of IGMP snooping modes.
Defaults
Command Types
Switch.
Command Modes
Privileged.
Usage Guidelines
The switch dynamically chooses either IGMP-only or IGMP-CGMP mode, depending on the traffic present on the network. IGMP-only mode is used in networks with no CGMP devices. IGMP-CGMP mode is used in networks with both IGMP and CGMP devices. Auto mode overrides the dynamic switching of the modes.
Examples
This example shows how to set the IGMP mode to IGMP only:
Console> (enable) set igmp mode igmp-only IGMP mode set to igmp-only Console> (enable)
Related Commands
2-207
Syntax Description
value
Default power allocation; valid values are from 2000 to 12500 mW.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the default power allocation to 2000 mW:
Console> (enable) set inlinepower defaultallocation 2000 Default inline power allocation set to 9500 mWatt per applicable port. Console> (enable)
Related Commands
2-208
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set interface
set interface
Use the set interface command set to configure the in-band and SLIP interfaces on the switch. set interface {sc0 | sl0} {up | down} set interface sc0 [vlan] [ip_addr[/netmask] [broadcast]] set interface sl0 slip_addr dest_addr set interface sc0 dchp {renew | release | requestnew}
Syntax Description
sc0 sl0 up down vlan ip_addr /netmask broadcast slip_addr dest_addr dhcp renew release requestnew
Keyword to specify the in-band interface. Keyword to specify the SLIP interface. Keyword to bring the interface into operation. Keyword to bring the interface out of operation. (Optional) Number of the VLAN to be assigned to the interface. (Optional) IP address. (Optional) Subnet mask. (Optional) Broadcast address. IP address of the console port. IP address of the host to which the console port will be connected. Keyword to perform DHCP operations on the sc0 interface. Keyword to renew the lease on a DHCP-learned IP address. Keyword to release a DHCP-learned IP address back to the DHCP IP address pool. Keyword used to request a new lease on a DHCP-learned IP address.
Defaults
The default configuration is the in-band interface (sc0) in VLAN 1 with the IP address, subnet mask, and broadcast address set to 0.0.0.0. The default configuration for the SLIP interface (sl0) is that the IP address and broadcast address are set to 0.0.0.0.0.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Two configurable network interfaces are on a Catalyst 6000 family switch: in-band (sc0) and SLIP (sl0). Configuring the sc0 interface with an IP address and subnet mask allows you to access the switch CLI via Telnet from a remote host. You should assign the sc0 interface to an active VLAN configured on the switch (the default is VLAN 1). Make sure the IP address you assign is in the same subnet as other stations in that VLAN.
2-209
Configuring the sl0 interface with an IP address and destination address allows you to make a point-to-point connection to a host through the console port. Use the slip attach command to activate SLIP on the console port (you will not be able to access the CLI via a terminal connected to the console port until you use the slip detach command to deactivate SLIP on the console port). When you specify the netmask, this indicates the number of bits allocated to subnetting in the hostid section of the given Class A, B, or C address. For example, if you enter an IP address for the sc0 interface as 172.22.20.7, the hostid bits for this Class B address is 16. Any number of bits in the hostid bits can be allocated to the subnet field. If you do not enter the netmask, the number of bits is assumed to be the natural netmask. The set interface sc0 dchp command is valid only when the address is learned from the DHCP server and available in privileged mode only.
Examples
This example shows how to use set interface sc0 and set interface sl0 from the console port. It also shows how to bring down interface sc0 using a terminal connected to the console port:
Console> (enable) set interface sc0 192.20.11.44/255.255.255.0 Interface sc0 IP address and netmask set. Console> (enable) set interface sl0 192.200.10.45 192.200.10.103 Interface sl0 SLIP and destination address set. Console> (enable) set interface sc0 down. Interface sc0 administratively down. Console> (enable)
This example shows how to set the IP address for sc0 through a Telnet session. Note that the default netmask for that IP address class is used (for example, a Class C address uses 255.255.255.0, and a Class B uses 255.255.0.0):
Console> (enable) set interface sc0 192.200.11.40 This command may disconnect active telnet sessions. Do you want to continue (y/n) [n]? y Interface sc0 IP address set.
This example shows how to take the interface out of operation through a Telnet session:
Console> (enable) set interface sc0 down This command will inactivate telnet sessions. Do you want to continue (y/n) [n]? y Interface sc0 administratively down.
This example shows how to assign the sc0 interface to a particular VLAN:
Console> (enable) set interface sc0 5 Interface sc0 vlan set. Console> (enable)
This example shows what happens when you assign the sc0 interface to a nonactive VLAN:
Console> (enable) set interface sc0 200 Vlan is not active, user needs to set vlan 200 active Interface sc0 vlan set. Console> (enable)
This example shows how to release a DHCP-learned IP address back to the DHCP IP address pool:
Console> (enable) set interface sc0 dhcp release Releasing IP address...Done Console> (enable)
2-210
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set interface
Related Commands
2-211
set ip alias
Use the set ip alias command to add aliases of IP addresses. set ip alias name ip_addr
Syntax Description
name ip_addr
Name of the alias being defined. IP address of the alias being defined.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to define an IP alias of mercury for IP address 192.122.174.234:
Console> (enable) set ip alias mercury 192.122.174.234 IP alias added. Console> (enable)
Related Commands
2-212
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set ip dns
set ip dns
Use the set ip dns command to enable or disable DNS. set ip dns {enable | disable}
Syntax Description
enable disable
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
show ip dns
2-213
Syntax Description
name
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you specify a domain name on the command line, the system attempts to resolve the host name as entered. If the system cannot resolve the host name as entered, it appends the default DNS domain name as defined with the set ip dns domain command. If you specify a domain name with a trailing dot, the program considers this an absolute domain name.
Examples
This example shows how to set the default DNS domain name:
Console> (enable) set ip dns domain yow.com DNS domain name set to yow.com. Console> (enable)
Related Commands
2-214
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set ip dns server
Syntax Description
ip_addr primary
IP address of the DNS server. (Optional) Keyword to configure a DNS server as the primary server.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure up to three DNS name servers as backup. You can also configure any DNS server as the primary server. The primary server is queried first. If the primary server fails, the backup servers are queried. If DNS is disabled, you must use the IP address with all commands that require explicit IP addresses or manually define an alias for that address. The alias has priority over DNS.
Examples
This example shows what happens if you enter more than three DNS name servers as backup:
Console> (enable) set ip dns server 161.44.128.70 DNS server table is full. 161.44.128.70 not added to DNS server table.
Related Commands
2-215
set ip fragmentation
Use the set ip fragmentation command to enable or disable the fragmentation of IP packets bridged between FDDI and Ethernet networks. Note that FDDI and Ethernet networks have different MTUs. set ip fragmentation {enable | disable}
Syntax Description
enable disable
Keyword to permit fragmentation for IP packets bridged between FDDI and Ethernet networks. Keyword to disable fragmentation for IP packets bridged between FDDI and Ethernet networks.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
Related Commands
show ip route
2-216
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set ip http port
Syntax Description
default port-num
Keyword to specify the default HTTP server port number (80). Number of the TCP port for the HTTP server; valid values are from 1 to 65535.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-217
Syntax Description
enable disable
Keyword to enable the HTTP server. Keyword to disable the HTTP server.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows the system response when the HTTP server enabled command is not supported:
Console> (enable) set ip http server enable Feature not supported. Console> (enable)
Related Commands
2-218
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set ip permit
set ip permit
Use the set ip permit command set to enable or disable the IP permit list and to specify IP addresses to be added to the IP permit list. set ip permit {enable | disable} set ip permit {enable | disable} [telnet | snmp] set ip permit ip_addr [mask] [telnet | snmp | all]
Syntax Description
Keyword to enable the IP permit list. Keyword to disable the IP permit list. (Optional) Keyword to specify removal from the Telnet IP permit list. (Optional) Keyword to specify removal from the SNMP IP permit list. Keyword to specify all entries in the IP permit list be removed. IP address to be added to the IP permit list. An IP alias or host name that can be resolved through DNS can also be used. (Optional) Subnet mask of the specified IP address.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The same functionality of the IP permit list can be achieved by using VACLs. VACLs are handled by hardware (PFC) and the processing is considerably faster. For VACL configuration information, refer to the Catalyst 6000 Family Multilayer Switch Feature Card and Policy Feature Card Configuration Guide. You can configure up to 100 entries in the permit list. If you enable the IP permit list, but the permit list has no entries configured, a caution displays on the screen. Make sure you enter the entire disable keyword when entering the set ip permit disable command. If you abbreviate the keyword, the abbreviation is interpreted as a host name to add to the IP permit list. If you do not specfiy the snmp, telnet, or all keyword, the IP address is added to both the SNMP and Telnet permit lists. You enter the mask in dotted decimal format, for example, 255.255.0.0.
2-219
Examples
This example shows how to add an IP address using an IP alias or host name to both the SNMP and Telnet permit lists:
Console> (enable) set ip permit batboy batboy added to IP permit list. Console> (enable)
This example shows how to add a subnet mask of the IP address to both the SNMP and Telnet permit lists:
Console> (enable) set ip permit 192.168.255.255 255.255.192.0 192.168.255.255 with mask 255.255.192.0 added to IP permit list. Console> (enable)
This example shows how to add an IP address to the Telnet IP permit list:
Console> (enable) set ip permit 172.16.0.0 255.255.0.0 telnet 172.16.0.0 with mask 255.255.0.0 added to telnet permit list. Console> (enable)
This example shows how to add an IP address to the SNMP IP permit list:
Console> (enable) set ip permit 172.20.52.32 255.255.255.224 snmp 172.20.52.32 with mask 255.255.255.224 added to snmp permit list. Console> (enable)
Related Commands
2-220
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set ip redirect
set ip redirect
Use the set ip redirect command to enable or disable ICMP redirect messages on the Catalyst 6000 family switches. set ip redirect {enable | disable}
Syntax Description
enable disable
Keyword to permit ICMP redirect messages to be returned to the source host. Keyword to prevent ICMP redirect messages from being returned to the source host.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-221
set ip route
Use the set ip route command to add IP addresses or aliases to the IP routing table. set ip route {destination}[/netmask] {gateway} [metric] [primary]
Syntax Description
IP address, IP alias of the network, or specific host to be added. Use default as the destination to set the new entry as the default route. (Optional) Number of bits in netmask or dot format (for example, 172.20.22.7/24 or 172.20.22.7/255.255.255.0). IP address or IP alias of the router. (Optional) Value used to indicate the number of hops between the switch and the gateway. (Optional) Keyword used with the Multiple IP Gateways feature to specify the default IP gateway with the highest priority.
Defaults
The default configuration routes the local network through the sc0 interface with metric 0 as soon as sc0 is configured.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure up to three default gateways. The primary is the highest priority. If you do not designate a primary gateway, priority is based on the order of input. If you enter two primary definitions, the second definition becomes the primary and the first definition is now the secondary default IP gateway. You can only specify the primary keyword for a default route. When you enter the destination or gateway, enter it in dot notation, for example, a.b.c.d. When you specify the netmask, this indicates the number of bits allocated to subnetting in the hostid section of the given Class A, B, or C address. For example, if you enter an IP address for the sc0 interface as 172.22.20.7, the hostid bits for this Class B address is 16. Any number of bits in the hostid bits can be allocated to the netmask field. If you do not enter the netmask, the number of bits is assumed to be the natural netmask. When you enter the netmask, enter it as the number of bits or dot format, for example, destination/24 or destination/255.255.255.0. If you enter the netmask in dot format, you must have contiguous 1s.
2-222
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set ip route
Examples
These examples show how to add three default routes to the IP routing table, checking after each addition using the show ip route command:
Console> (enable) set ip route default 192.122.173.42 1 primary Route added. Console> (enable) Console> (enable) show ip route Fragmentation Redirect Unreachable -----------------------------enabled enabled enabled Destination Gateway Flags Use Interface --------------- --------------- ------ ---------- --------default 192.122.173.42 UG 59444 sc0 192.22.74.0 192.22.74.223 U 5 sc0 Console> (enable) Console> (enable) set ip route default 192.122.173.43 1 Route added. Console> (enable) Console> (enable) show ip route Fragmentation Redirect Unreachable -----------------------------enabled enabled enabled Destination Gateway Flags --------------- --------------- -----default 192.122.173.43 UG default 192.122.173.42 UG 192.22.74.0 192.22.74.223 U Console> (enable)
Console> (enable) set ip route default 192.122.173.44 1 Route added. Console> (enable) Console> (enable) show ip route Fragmentation Redirect Unreachable -----------------------------enabled enabled enabled Destination Gateway Flags --------------- --------------- -----default 192.122.173.44 UG default 192.122.173.43 UG default 192.122.173.42 UG 192.22.74.0 192.22.74.223 U Console> (enable)
Use Interface ---------- --------59444 sc0 59444 sc0 59444 sc0 5 sc0
Related Commands
2-223
set ip unreachable
Use the set ip unreachable command to enable or disable ICMP unreachable messages on the Catalyst 6000 family switch. set ip unreachable {enable | disable}
Syntax Description
enable disable
Keyword to allow IP unreachable messages to be returned to the source host. Keyword to prevent IP unreachable messages from being returned to the source host.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enable ICMP unreachable messages, the switch returns an ICMP unreachable message to the source host whenever it receives an IP datagram that it cannot deliver. When you disable ICMP unreachable messages, the switch does not notify the source host when it receives an IP datagram that it cannot deliver. For example, a switch has the ICMP unreachable message function enabled and IP fragmentation disabled. If a FDDI frame is received and needs to transmit to an Ethernet port, the switch cannot fragment the packet. The switch drops the packet and returns an IP unreachable message to the Internet source host.
Examples
Related Commands
show ip route
2-224
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set kerberos clients mandatory
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
As an added layer of security, you can optionally configure the switch so that after users authenticate to it, they can authenticate to other services on the network only with Kerberos clients. If you do not make Kerberos authentication mandatory and Kerberos authentication fails, the application attempts to authenticate users using the default method of authentication for that network service. For example, Telnet prompts for a password.
Examples
Related Commands
set kerberos credentials forward clear kerberos clients mandatory show kerberos
2-225
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
A user authenticated to a Kerberized switch has a ticket granting ticket (TGT) and can use it to authenticate to a host on the network. However, if forwarding is not enabled and a user tries to list credentials after authenticating to a host, the output will show no Kerberos credentials present. You can optionally configure the switch to forward user TGTs as they authenticate from the switch to Kerberized remote hosts on the network by using Kerberized Telnet.
Examples
Related Commands
set kerberos credentials forward set kerberos clients mandatory show kerberos creds
2-226
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set kerberos local-realm
Syntax Description
kerberos_realm
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To authenticate a user defined in the Kerberos database, you must configure the switch to know the host name or IP address of the host running the KDC and the name of the Kerberos realm. You must enter Kerberos realms in uppercase characters.
Examples
This example shows how to set a default Kerberos local realm for the switch:
Console> (enable) set kerberos local-realm CISCO.COM Kerberos local realm for this switch set to CISCO.COM. Console> (enable)
Related Commands
2-227
Syntax Description
DNS domain name to map to Kerberos realm. IP address or name to map to Kerberos host realm. IP address or name of Kerberos realm.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can map the name of the Kerberos realm to a DNS domain name or a host name by entering the set kerberos realm command. The information entered with this command is stored in a table with one entry for each Kerberos realm. The maximum number of entries in the table is 100. You must enter Kerberos realms in uppercase characters.
Examples
This example shows how to map the Kerberos realm to a domain name:
Console> (enable) set kerberos realm CISCO CISCO.COM Kerberos DnsDomain-Realm entry set to CISCO - CISCO.COM Console> (enable)
Related Commands
2-228
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set kerberos server
Syntax Description
Keyword specifying Kerberos realm. Name of host running the KDC. IP address of host running the KDC. (Optional) Number of the port.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can specify to the switch which KDC to use in a Kerberos realm. Optionally, you can also specify the port number which the KDC is monitoring. The Kerberos server information you enter is maintained in a table with one entry for each Kerberos realm. The maximum number of entries in the table is 100. The KDC is a Kerberos server and database program running on a network host that allocates the Kerberos credentials to different users or network services.
Examples
Related Commands
2-229
Syntax Description
Service on the switch. Version of the Kerberos SRVTAB. Number representing the date and time the SRVTAB entry was created. Version of the encrypted key format. Type of encryption used. Length, in bytes, of the encryption key. Secret key the switch shares with the KDC.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To make it possible for remote users to authenticate to the switch using Kerberos credentials, the switch must share a secret key with the KDC. To do this, you must give the switch a copy of the file that is stored in the KDC, which contains the secret key. These files are called SRVTAB files. When you enter the SRVTAB directly into the switch, create an entry for each Kerberos principal (service) on the switch. The entries are maintained in the SRVTAB table. The maximum table size is 20 entries. The KDC is a Kerberos server and database program running on a network host that allocates the Kerberos credentials to different users or network services. The key is encrypted with the private DES key when you copy the configuration to a file or enter the show config command.
2-230
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set kerberos srvtab entry
Examples
This example shows how to enter a SRVTAB file directly into the switch:
Console> (enable) set kerberos srvtab entry host/niners.cisco.com@CISCO.COM 0 932423923 1 1 8 03;;5>00>50;0=0=0 Kerberos SRVTAB entry set to Principal:host/niners.cisco.com@CISCO.COM Principal Type:0 Timestamp:932423923 Key version number:1 Key type:1 Key length:8 Encrypted key tab:03;;5>00>50;0=0=0
Related Commands
2-231
Syntax Description
Name of host running the KDC. IP address of host running the KDC. Name of the SRVTAB file.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To make it possible for remote users to authenticate to the switch using Kerberos credentials, the switch must share a secret key with the KDC. To do this, you must give the switch a copy of the file that is stored in the KDC, which contains the secret key. These files are called SRVTAB files. The KDC is a Kerberos server and database program running on a network host that allocates the Kerberos credentials to different users or network services. The most secure method to copy SRVTAB files to the hosts in your Kerberos realm is to copy them onto physical media and go to each host in turn and manually copy the files onto the system. To copy SRVTAB files to the switch, which does not have a physical media drive, you must transfer them through the network using TFTP.
Examples
This example shows how to copy SRVTAB files to the switch remotely from the KDC:
Console> (enable) set kerberos srvtab remote 187.20.32.10 /users/jdoe/krb5/ninerskeytab Console> (enable)
Related Commands
2-232
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set key config-key
Syntax Description
string
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can define a private DES key for the switch. You can use the private DES key to encrypt the secret key that the switch shares with the KDC. If you set the DES key, the secret key is not displayed in clear text when you execute the show kerberos command. The key length should be eight characters or less.
Examples
Related Commands
2-233
set lcperroraction
Use the set lcperroraction command to configure how your system handles LCP errors when a module reports an ASIC problem to the NMP. set lcperroraction action
Syntax Description
action
Action for handling LCP errors. See Usage Guidelines for more information about valid values for action levels.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
operatorThe system displays a recommended action for you to take. The system also logs the LCP error. systemThe system automatically takes an action to handle the LCP error. The system also logs the LCP error. ignoreNo action is taken. The system only logs the LCP error.
Note
Be careful when using the system value because the switch automatically takes action, including possibly resetting or power cycling modules.
Examples
This example shows how to set the action that handles an LCP error:
Console> (enable) set lcperroraction ignore Console> (enable)
Related Commands
show lcperroraction
2-234
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set lda
set lda
Use the set lda command set to configure the ASLB information on the Catalyst 6000 family switch. set lda enable | disable set lda vip {server_virtual_ip} {destination_tcp_port} [{server_virtual_ip} {destination_tcp_port}] ... set lda mac ld {ld_mac_address} set lda mac router {mac_address}... set lda router {router_vlan} {ld_mod/port} [backup_ld_mod/port] set lda server {server_vlan} {ld_mod/port} [backup_ld_mod/port] set lda udpage {udpagetime}
Syntax Description
enable | disable vip server_virtual_ip destination_tcp_port mac ld ld_mac_address mac router mac_address... router router_vlan ld_mod/port backup_ld_mod/port server server_vlan udpage udpagetime
Keyword to enable or disable the ASLB feature. Keyword and variables to specify the virtual IP address of the server and the number of the destination TCP port that will be accelerated by the switch (up to 1024). Keyword and variables to specify the LD MAC address. Keyword and variable to specify the router MAC address. Keyword and variable to specify the router VLAN. Module and port number of the port connected to the LD on the VLAN. (Optional) Module and port number of the port connected to the backup LD. Keyword and variable to specify the server VLAN. Keyword and variable to specify the UDP aging time for LocalDirector acceleration.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
2-235
Usage Guidelines
You can enter a zero (0) as a wildcard (don't care) digit for the destination_tcp_port. You can enter up to 1024 server_virtual_ip destination_tcp_port entries separated by a space. To cancel a previously entered VIP, use the clear lda vip command. To cancel a previously entered MAC LD or router, use the clear lda mac command. You need to enter the set lda commands to provide all the necessary information before using the commit lda command to program the setup into hardware. The information you enter through the set lda commands are immediately saved into NVRAM, but you must enter the commit lda command for the setting to take effect. When you disable the ASLB feature, you can enter the set lda commands, but the commit lda command will fail. When you enter the set lda mac router command, you can enter up to 32 MAC addresses. You can enter the value zero (0) to disable the udpage option. The udpagingtime is specified in milliseconds; values are from 0 ms to 2024000 ms.
Examples
This example shows how to specify the MAC address for the LocalDirector:
Console> (enable) set lda mac ld 1-2-3-4-5-6 Successfully set mac address. Use commit lda command to save settings to hardware. Console> (enable)
2-236
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set lda
Related Commands
2-237
set length
Use the set length command to configure the number of lines in the terminal display screen. set length number [default]
Syntax Description
number default
Number of lines to display on the screen; valid values are from 0 to 512. (Optional) Keyword to set the number of lines in the terminal display screen for the current administration session and all other sessions.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Output from a single command that overflows a single display screen is followed by the --More-prompt. At the --More-- prompt, you can press Ctrl-C, q, or Q to interrupt the output and return to the prompt, press the Spacebar to display an additional screen of output, or press Return to display one more line of output. Setting the screen length to 0 turns off the scrolling feature and causes the entire output to display at once. Unless you use the default keyword, a change to the terminal length value applies only to the current session. When you change the value in a session, it applies only to that session. When you use the clear config command, the number of lines in the terminal display screen is reset to the factory-set default of 100. The default keyword is available in privileged mode only.
Examples
This example shows how to set the default screen length to 40 lines:
Console> (enable) set length 40 default Screen length set to 40. Console> (enable)
2-238
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set logging console
Syntax Description
enable disable
Keyword to enable system message logging to the console. Keyword to disable system message logging to the console.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to enable system message logging to the console:
Console> (enable) set logging console enable System logging messages will be sent to the console. Console> (enable)
This example shows how to disable system message logging to the console:
Console> (enable) set logging console disable System logging messages will not be sent to the console.
Related Commands
set logging level set logging session show logging show logging buffer
2-239
Syntax Description
syslog_history_table_size
Size of the syslog history table; valid values are from 0 to 500.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the size of the syslog history table to 400:
Console> (enable) set logging history 400 System logging history table size set to <400>. Console> (enable)
Related Commands
2-240
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set logging level
Syntax Description
Value that specifies the type of system messages to capture; facility types are listed in Table 2-8. Value that specifies the severity level of system messages to capture; severity level definitions are listed in Table 2-9. (Optional) Keyword to cause the specified logging level to apply to all sessions.
Table 2-8
Facility Types
Facility Name all acl cdp dtp drip earl fddi gvrp ip kernel ld mcast mgmt mls pagp protfilt pruning privatevlan radius security snmp
Definition All facilities ACL facility Cisco Discovery Protocol Dynamic Trunking Protocol DRIP facility Enhanced Address Recognition Logic FDDI facility GARP VLAN Registration Protocol Internet Protocol Kernel ASLB facility Multicast Management Multilayer Switching Port Aggregation Protocol Protocol Filter VTP pruning Private VLAN facility Remote Access Dial-In User Service Security Simple Network Management Protocol
2-241
Table 2-8
Facility Name spantree sys tac tcp telnet tftp udld vtp
Definition Spanning Tree Protocol System Terminal Access Controller Transmission Control Protocol Terminal Emulation Protocol Trivial File Transfer Protocol User Datagram Protocol Virtual Terminal Protocol
Table 2-9
Description System unusable Immediate action required Critical condition Error conditions Warning conditions Normal bug significant condition Debugging messages
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can also set the logging level by using the set logging server command. If you do not use the default keyword, the specified logging level applies only to the current session.
2-242
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set logging level
Examples
This example shows how to set the default facility and severity level for system message logging:
Console> (enable) set logging level snmp 2 default System logging facility <snmp> set to severity 2(critical). Console> (enable)
Related Commands
2-243
Syntax Description
Keyword to enable system message logging to configured syslog servers. Keyword to disable system message logging to configured syslog servers. IP address of the syslog server to be added to the configuration. Keyword and variable to globally set the syslog maximum severity control for all message types; severity level definitions are listed in Table 2-9. Type of system messages to capture; server facility types are listed in Table 2-10.
Severity Level local 0 local 1 local 2 local 3 local 4 local 5 local 6 local 7 syslog
Description Server facility local 0 Server facility local 1 Server facility local 2 Server facility local 3 Server facility local 4 Server facility local 5 Server facility local 6 Server facility local 7 syslog facility
Defaults
Command Types
Switch command.
2-244
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set logging server
Command Modes
Privileged.
Usage Guidelines
You can also set the logging level by using the set logging level command. If you do not enter the facility or server keywords, the parameter is applied to all levels. Severity logging to a configured syslog server depends on the configuration set by set logging level command. The server severity level must be greater than or equal to the default severity level of those message facility that you expect to receive in syslog messages on the syslog server. An IP alias or a host name that can be resolved through DNS can also be used.
Examples
This example shows how to enable system message logging to the server:
Console> (enable) set logging server enable System logging messages will be sent to the configured syslog servers. Console> (enable)
This example shows how to disable system message logging to the server:
Console> (enable) set logging server disable System logging messages will not be sent to the configured syslog servers. Console> (enable)
This example shows how to add a server to the system logging server table using its IP address:
Console> (enable) set logging server 171.69.192.205 171.69.192.205 added to the System logging server table. Console> (enable)
This example shows how to globally set the syslog maximum severity control for all message types:
Console> (enable) set logging server severity 4 System logging server severity set to 4(warnings). Console> (enable)
Related Commands
2-245
2-246
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands set logging session
Syntax Description
enable disable
Keyword to enable the sending of system logging messages to the current login session. Keyword to disable the sending of system logging messages to the current login session.
Defaults
The default is system message logging to the current login session is enabled.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to prevent system logging messages from being sent to the current login session:
Console> (enable) set logging session disable System logging messages will not be sent to the current login session. Console> (enable)
This example shows how to cause system logging messages to be sent to the current login session:
Console> (enable) set logging session enable System logging messages will be sent to the current login session. Console> (enable)
Related Commands
set logging console set logging level show logging show logging buffer
2-247
set logout
Use the set logout command to set the number of minutes until the system disconnects an idle session automatically. set logout timeout
Syntax Description
timeout
Number of minutes until the system disconnects an idle session automatically; valid values are from 0 to 10,000 minutes.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows how to set the number of minutes until the system disconnects an idle session automatically:
Console> (enable) set logout 20 Sessions will be automatically logged out after 20 minutes of idle time. Console> (enable)
This example shows how to disable the automatic disconnection of idle sessions:
Console> (enable) set logout 0 Sessions will not be automatically logged out. Console> (enable)
2-248
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set mls agingtime
Syntax Description
(Optional) Keyword to specify IP MLS. (Optional) Keyword to specify IPX MLS. MLS aging time of shortcuts to an MLS entry; valid values are multiples of 8 to any value in the range of 8 to 2032 seconds. Keyword to specify the MLS aging time of shortcuts to an MLS entry that has no more than pkt_threshold packets switched within fastagingtime seconds after it is created. MLS aging time of shortcuts to an MLS entry; valid values are multiples of 8 to any value in the range from 0 to 128 seconds. Packet threshold value; valid values are 0, 1, 3, 7, 15, 31, 63, and 127 packets.
fastagingtime pkt_threshold
Defaults
The default agingtime is 256 seconds. The default fastagingtime is 0, no fast aging. The default pkt_threshold is 0.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use the ip keyword, you are specifying a shortcut for IP MLS. If you use the ipx keyword, you are specifying a shortcut for IPX MLS. If you enter fastagingtime 0, fast aging is disabled. If you do not specify fastagingtime or pkt_threshold, the default value is used. If you enter any of the set mls commands on a Catalyst 6000 family switch without MLS, this warning message displays:
MLS not supported on feature card.
agingtime can be configured as multiples of 8 in the range of 8 to 2024 seconds. The values are picked up in numerical order to achieve efficient aging. Any value for agingtime that is not a multiple of 8 seconds is adjusted to the closest one. For example, 65 is adjusted to 64, while 127 is adjusted to 128. fastagingtime can be configured as multiples of 8 to any value in the range of 0 to 128 seconds.
2-249
The default pkt_threshold is 0. It can be configured as 0, 1, 3, 7, 15, 31, 63, or 127 (the values picked for efficient aging). If you do not configure fastagingtime exactly the same for these values, it adjusts to the closest value. A typical value for fastagingtime and pkt_threshold is 32 seconds and 0 packet, respectively (it means no packet switched within 32 seconds after the entry was created). Agingtime applies to an MLS entry that has no more than pkt_threshold packets switched within fastagingtime seconds after it is created. A typical example is the MLS entry destined to/sourced from a DNS or TFTP server. This entry may never be used again once it is created. For example, only one request goes to a server and one reply returns from the server, and then the connection is closed. The agingtime fast option is used to purge entries associated with very short flows, such as DNS and TFTP. Keep the number of MLS entries in the MLS cache below 32K. If the number of MLS entries exceed 32K, some flows (less than 1 percent) are sent to the router. To keep the number of MLS cache entries below 32K, decrease the aging time up to 8 seconds. If your switch has a lot of short flows used by only a few packets, then you can use fast aging. If cache entries continue to exceed 32K, decrease the normal aging time in 64-second increments from the 256-second default.
Examples
Related Commands
2-250
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set mls exclude protocol
Syntax Description
Keyword to specify a TCP port. Keyword to specify a UDP port. Keyword to specify that the port be applied to both TCP and UDP traffic. Number of the protocol port.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you enter any of the set mls commands on a Catalyst 6000 family switch without MLS, this warning message displays:
MLS not supported on feature card.
You can add a maximum of four protocol ports to the exclude table.
Examples
This example shows how to exclude TCP packets on protocol port 6017:
Console> (enable) set mls exclude protocol tcp 6017 TCP packets with protocol port 6017 will be switched by RP. Console> (enable)
This example shows how to exclude UDP packets on protocol port 6017:
Console> (enable) set mls exclude protocol udp 6017 TCP and UDP packets with protocol port 6017 will be switched by RP. Console> (enable)
This example shows the output if you exceed the exclude table maximum:
Console> (enable) set mls exclude protocol tcp 6019 Failed to exclude protocol. Exclude table full. Use clear mls exclude command to remove an existing entry. Console> (enable)
2-251
Related Commands
2-252
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set mls multicast
Syntax Description
enable disable
Keyword to enable IP multicast MLS functions on the switch and allow new shortcut entries to be established. Keyword to disable IP multicast MLS functions on the Catalyst 6000 family switches, delete any existing shortcut entries, and prevent new shortcut entries from being established.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
IPX MLS is disabled globally by default, but can be enabled and disabled on a specified interface. To enable or disable IPX MLS on a specified interface, refer to the Catalyst 6000 Family Multilayer Switch Feature Card and Policy Feature Card Configuration Guide. Your system needs to be configured with a Layer 3 switching engine-based system to enable MLS. If you enter any set mls multicast commands on a Catalyst 6000 family switch without MLS, this warning message displays:
This feature is not supported on this device
If you enter any set mls multicast services on a Catalyst 6000 family switch and none of the multicast protocols (such as IGMP snooping, CGMP, and GMRP) are enabled, this warning message displays:
Enable IGMP Snooping/CGMP/GMRP to make this feature operational.
You can configure a maximum of two participating routers, but they must be internally or directly attached to a Catalyst 6000 family switch. Refer to the Catalyst 6000 Family Software Configuration Guide for router configuration information. Use the set mls include command to specify routers for IP multicast MLS.
2-253
Examples
This example shows how to use the set mls multicast command to enable MLS for IP multicast traffic:
Console> (enable) set mls multicast enable Multilayer switching for Multicast is enabled for this device. Console> (enable)
This example shows how to use the set mls multicast command to disable MLS for IP multicast traffic:
Console> (enable) set mls multicast disable Multilayer switching for Multicast is disabled for this device. Console> (enable)
Related Commands
2-254
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set mls nde
Syntax Description
enable disable collector_ip collector_name udp_port_num version 1|7|8 flow exclude include destination ip_addr_spec source protocol protocol
Keyword to enable NDE. Keyword to disable NDE. IP address of the collector if DNS is enabled. Name of the collector if DNS is enabled. Number of the UDP port to receive the exported statistics. Keyword to specify the version of the Netflow Data Export; valid versions are 1, 7, and 8. Version of the NDE feature. Keyword to add filtering to NDE. (Optional) Keyword to allow exporting of all flows except the flows matching the given filter. (Optional) Keyword to allow exporting of all flows matching the given filter. (Optional) Keyword to specify the destination IP address. (Optional) Full IP address or a subnet address in these formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit. (Optional) Keyword to specify the source IP address. (Optional) Keyword to specify the protocol type. (Optional) Protocol type; valid values can be 0, tcp, udp, icmp, or a decimal number for other protocol families. 0 indicates do not care.
src-port src_port (Optional) Keyword and variable to specify the number of the TCP/UDP source port (decimal). Used with dst-port to specify the port pair if the protocol is tcp or udp. 0 indicates do not care. dst-port dst_port (Optional) Keyword and variable to specify the number of the TCP/UDP destination port (decimal). Used with src-port to specify the port pair if the protocol is tcp or udp. 0 indicates do not care.
Defaults
The defaults are Netflow Data Export version 7, and all expired flows are exported until the filter is specified explicitly.
Command Types
Switch command.
2-255
Command Modes
Privileged.
Usage Guidelines
If you enter any set mls nde commands on a Catalyst 6000 family switch without MLS, this warning message displays:
mls not supported on feature card.
Before you use the set mls nde command for the first time, you must configure the host to collect MLS statistics. The host name and UDP port number are saved in NVRAM, so you do not need to specify them. If you specify a host name and UDP port, values in NVRAM overwrite the old values. Collector values in NVRAM do not clear when NDE is disabled, because this command configures the collector, but does not enable NDE automatically. The set mls nde enable command enables NDE, exporting statistics to the preconfigured collector. If the protocol is not tcp or udp, set the dst-port dst_port and src-port src_port values to 0; otherwise, no flows are displayed. If you try to enable NDE without first specifying a collector, you see this display:
Console> (enable) set mls nde enable Please set host name and UDP port number with set mls nde <collector_name | collector_ip> <udp_port_number>. Console> (enable)
The set mls nde flow command adds filtering to the NDE. Expired flows matching the specified criteria are exported. These values are stored in NVRAM and do not clear when NDE is disabled. If any option is not specified in this command, it is treated as a wildcard. The NDE filter in NVRAM does not clear when NDE is disabled. Only one filter can be active at a time. If you do not enter the exclude or include keyword, the filter is assumed to be an inclusion filter. Use the following syntax to specify an IP subnet address:
ip_subnet_addrThis is the short subnet address format. The trailing decimal number 00 in an IP address YY.YY.YY.00 specifies the boundary for an IP subnet address. For example, 172.22.36.00 indicates a 24-bit subnet address (subnet mask 172.22.36.00/255.255.255.0), and 173.24.00.00 indicates a 16-bit subnet address (subnet mask 173.24.00.00/255.255.0.0). However, this format can identify only a subnet address of 8, 16, or 24 bits. ip_addr/subnet_maskThis is the long subnet address format. For example, 172.22.252.00/255.255.252.00 indicates a 22-bit subnet address. This format can specify a subnet address of any bit number. To provide more flexibility, the ip_addr is a full host address, such as 172.22.253.1/255.255.252.00. ip_addr/maskbitsThis is the simplified long subnet address format. The mask bits specify the number of bits of the network masks. For example, 172.22.252.00/22 indicates a 22-bit subnet address. The ip_addr is a full host address, such as 193.22.253.1/22, which has the same subnet address as the ip_subnet_addr.
When you use the set mls nde {collector_ip | collector_name} {udp_port_num} command, the host name and UDP port number are saved in NVRAM and need not be specified again. If you specify a host name and UDP port, the new values overwrite the values in NVRAM. Collector values in NVRAM do not clear when you disable NDE.
2-256
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set mls nde
Examples
This example shows how to specify that only expired flows to a specific subnet are exported:
Console> (enable) set mls nde flow include destination 171.69.194.140/24 NDE destination filter set to 171.69.194.0/24 Console> (enable)
This example shows how to specify that only expired flows to a specific host are exported:
Console> (enable) set mls nde flow include destination 171.69.194.140 NDE destination filter set to 171.69.194.140/32. Console> (enable)
This example shows how to specify that only expired flows from a specific subnet to a specific host are exported:
Console> (enable) set mls nde flow include destination 171.69.194.140/24 source 171.69.173.5/24 NDE destination filter set to 171.69.194.0/24, source filter set to 171.69.173.0/24 Console> (enable)
This example shows how to specify that only flows from a specific port are exported:
Console> (enable) set mls nde flow include dst_port 23 NDE source port filter set to 23. Console> (enable)
This example shows how to specify that only expired flows from a specific host that are of a specified protocol are exported:
Console> (enable) set mls nde flow include source 171.69.194.140 protocol 51 NDE destination filter set to 171.69.194.140/32, protocol set to 51. Console> (enable)
This example shows how to specify that only expired flows from a specific host to a specific destination port are exported:
Console> (enable) set mls nde flow include source 171.69.194.140 dst_port 23 NDE destination filter set to 171.69.194.140/32, source port filter set to 23. Console> (enable)
This example shows how to specify that all expired flows except those from a specific host to a specific destination port are exported:
Console> (enable) set mls nde flow exclude source 171.69.194.140 dst_port 23 NDE destination filter set to 171.69.194.140/32, source port filter set to 23. Flows matching the filter will be excluded. Console> (enable)
This example shows how to specify that all flows are exported:
Console> (enable) clear mls nde flow both NDE filter cleared. Console> (enable)
Related Commands
2-257
Syntax Description
protocol src_port
Name or number of the protocol; valid values are from 1 to 255, ip, ipinip, icmp, igmp, tcp, and udp. Number or type of the source port; valid values are from 1 to 65535, dns, ftp, smtp, telnet, x, and www.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you enter any set mls commands on a Catalyst 6000 family switch without MLS, this warning message displays:
MLS not supported on feature card.
You can configure a maximum of 64 ports using the set mls statistics protocol command.
Examples
Related Commands
2-258
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set module
set module
Use the set module command to enable or disable a module. set module enable | disable mod
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Avoid disabling a module when you are connected via a Telnet session; if you disable your session, you will disconnect your Telnet session. If there are no other network connections to a Catalyst 6000 family switch (for example, on another module), you have to reenable the module from the console. You can specify a series of modules by entering a comma between each module number (for example, 2,3,5). You can specify a range of modules by entering a dash between module numbers (for example, 2-5). The set module disable command does not cut off the power to a module, it only disables the module. To turn off power to a module, refer to the set module power command. If an individual port on a module was previously disabled, enabling the module does not enable the disabled port.
Examples
This example shows how to disable module 3 when connected via the console port:
Console> (enable) set module disable 3 Module 3 disabled. Console> (enable)
2-259
This example shows how to disable module 2 when connected via a Telnet session:
Console> (enable) set module disable 2 This command may disconnect your telnet session. Do you want to continue (y/n) [n]? y Module 2 disabled.
Related Commands
show module
2-260
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set module name
Syntax Description
mod mod_name
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If no module name is specified, any previously specified name is cleared. Use the set module name command to set the module for the RSM. Additional set module commands are not supported by the RSM.
Examples
This example shows how to set the name for module 1 to Supervisor:
Console> (enable) set module name 1 Supervisor Module name set. Console> (enable)
Related Commands
show module
2-261
Syntax Description
up down mod
Keyword to turn on the power to a module. Keyword to turn off the power to a module. Number of the module.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set module power up command allows you to check if adequate power is available in the system to turn the power on. If not enough power is available, the module status changes from power-down to power-deny, and this message displays:
Module 4 could not be powered up due to insufficient power.
Examples
Related Commands
show environment
2-262
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set module shutdown
Syntax Description
all mod
Keyword to shutdown all NAM and IDS modules. Number of the module.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use the set module shutdown command, the configuration is not saved in NVRAM. The next time when the module boots up, it will come online. You can either reinsert or reset the module to bring it online. If there are no other network connections to a Catalyst 6000 family switch (for example, on another module), you have to reenable the module from the console. You can specify a series of modules by entering a comma between each module number (for example, 2,3,5).
Examples
Console> (enable)
2-263
set msmautostate
Use the set msmautostate command to enable or disable the line protocol state determination of the MSMs due to port state changes. set msmautostate {enable | disable}
Syntax Description
enable disable
Keyword to activate the line protocol state determination. Keyword to deactivate the line protocol state determination.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This feature is useful for discontinuing the advertisement of routing paths when access to them is severed (either through fault or administrative disabling). When you enable msmautostate, VLAN interfaces on the MSM are active only when there is at least one other active interface within the Catalyst 6000 family switch. This could be a physical end-user port, a trunk connection for which the VLAN is active, or even another MSM with an equivalent VLAN interface. If you disable msmautostate, you might have to use the shutdown and no shutdown commands to disable and then restart the VLAN interface to bring the MSM back up.
Examples
This example shows how to enable the line protocol state determination of the MSM:
Console> (enable) set msmautostate enable Console> (enable)
This example shows how to disable the line protocol state determination of the MSM:
Console> (enable) set msmautostate disable Console> (enable)
Related Commands
show msmautostate
2-264
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set multicast router
Syntax Description
mod/port
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enable IGMP snooping, the ports to which a multicast-capable router is attached are identified automatically. The set multicast router command allows you to configure multicast router ports statically.
Examples
Related Commands
clear multicast router set igmp show multicast router show multicast group count
2-265
Syntax Description
enable disable
Keyword to enable NTP in broadcast-client mode. Keyword to disable NTP in broadcast-client mode.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The broadcast-client mode assumes that a broadcast server, such as a router, sends time-of-day information regularly to a Catalyst 6000 family switch.
Examples
Related Commands
show ntp
2-266
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set ntp broadcastdelay
Syntax Description
microseconds
Estimated round-trip time, in microseconds, for NTP broadcasts; valid values are from 1 to 999999.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the NTP broadcast delay to 4000 ms:
Console> (enable) set ntp broadcastdelay 4000 NTP broadcast delay set to 4000 microseconds. Console> (enable)
Related Commands
show ntp
2-267
Syntax Description
enable disable
Keyword to enable a Catalyst 6000 family switch as an NTP client. Keyword to disable a Catalyst 6000 family switch as an NTP client.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure NTP in either broadcast-client mode or client mode. The broadcast-client mode assumes that a broadcast server, such as a router, sends time-of-day information regularly to a Catalyst 6000 family switch. The client mode assumes that the client (a Catalyst 6000 family switch) regularly sends time-of-day requests to the NTP server.
Examples
Related Commands
show ntp
2-268
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set ntp server
Syntax Description
ip_addr
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The client mode assumes that the client (a Catalyst 6000 family switch) sends time-of-day requests regularly to the NTP server. A maximum of ten servers per client is allowed.
Examples
Related Commands
2-269
set password
Use the set password command to change the login password on the CLI. set password
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Passwords are case sensitive and may be from 0 to 19 characters in length, including spaces. The command prompts you for the old password. If the password you enter is valid, you are prompted to enter a new password and to verify the new password. A zero-length password is allowed by pressing Return.
Examples
2-270
78-10558-02
2
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands set port auxiliaryvlan
Syntax Description
Number of the module and (optional) ports. Number of the VLAN; valid values are from 1 to 1000. Keyword to specify the IP Phone 7960 send untagged packets without 802.1p priority. Keyword to specify the IP Phone 7960 send packets with 802.1p priority. Keyword to specify that the switch does not send any auxiliary VLAN information in the CDP packets from that port.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a port, all ports are selected. This command is not supported by the NAM. The vlan option specifies that the IP Phone 7960 send packets tagged with a specific VLAN.
Examples
This example shows how to set the auxiliary VLAN port to untagged:
Console> (enable) set port auxiliaryvlan 5/7 untagged Port 5/7 allows the connected device send and receive untagged packets and without 802.1p priority. Console> (enable)
This example shows how to set the auxiliary VLAN port to dot1p:
Console> (enable) set port auxiliaryvlan 5/9 dot1p Port 5/9 allows the connected device send and receive packets with 802.1p priority. Console> (enable)
This example shows how to set the auxiliary VLAN port to none:
Console> (enable) set port auxiliaryvlan 5/12 none Port 5/12 will not allow sending CDP packets with AuxiliaryVLAN information. Console> (enable)
2-271
This example shows how to set the auxiliary VLAN port to a specific module, port, and VLAN:
Console> (enable) set port auxiliaryvlan 2/1-3 222 Auxiliaryvlan 222 configuration successful. AuxiliaryVlan AuxVlanStatus Mod/Ports ------------- ------------- ------------------------222 active 1/2,2/1-3 Console> (enable)
Related Commands
2-272
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port broadcast
Syntax Description
mod/port threshold%
Number of the module and the port on the module. Percentage of total available bandwidth that can be used by broadcast traffic.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows how to limit broadcast traffic to 20 percent to all ports on module 4:
Console> (enable) set port broadcast 4/3 20% Port 4/1-24 broadcast traffic limited to 20.00%. Console> (enable)
This example shows how to allow unlimited broadcast traffic to all ports on module 4:
Console> (enable) set port broadcast 4/3 100% Port 4/1-24 broadcast traffic unlimited. Console> (enable)
Related Commands
2-273
Syntax Description
Number of the module and the port on the module. (Optional) Number of administrative group; valid values are from 1 to 1024. Keyword to specify the EtherChannel mode. Keyword to enable and force specified ports to channel without PAgP. Keyword to prevent ports from channeling. Keyword to set a PAgP mode that places a port into an active negotiating state, in which the port initiates negotiations with other ports by sending PAgP packets. Keyword to set a PAgP mode that places a port into a passive negotiating state, in which the port responds to PAgP packets it receives, but does not initiate PAgP packet negotiation. (Optional) Keyword to use with auto or desirable when no traffic is expected from the other device to prevent the link from being reported to STP as down. (Optional) Keyword to use with auto or desirable when traffic is expected from the other device. Keywords to apply frame distribution to all ports in the switch. Keyword to specify the frame distribution method using IP address values. Keyword to specify the frame distribution method using MAC address values. (Optional) Keyword to specify the frame distribution method using source address values. (Optional) Keyword to specify the frame distribution method using destination address values. (Optional) Keyword to specify the frame distribution method using source and destination address values.
auto
silent
Defaults
The default is EtherChannel is set to auto and silent on all module ports. The defaults for frame distribution are ip and both.
Command Types
Switch command.
2-274
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port channel
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. Make sure that all ports in the channel are configured with the same port speed, duplex mode, and so forth. For more information on EtherChannel, refer to the Catalyst 6000 Family Software Configuration Guide. With the on mode, a usable EtherChannel exists only when a port group in on mode is connected to another port group in on mode. If you are running QoS, make sure that bundled ports are all of the same trust types and have similar queueing and drop capabilities. Disable the port security feature on the channeled ports (see the set port security command). If you enable port security for a channeled port, the port shuts down when it receives packets with source addresses that do not match the secure address of the port. You can configure up to eight ports on the same switch in each administrative group. When you assign ports to an existing admin group, the original ports associated with the admin group will move to an automatically picked new admin group. You cannot add ports to the same admin group. If you do not enter an admin_group, it means that you want to create a new administrative group with admin_group selected automatically. The next available admin_group is automatically selected. If you do not enter the channel mode, the channel mode of the ports addressed are not modified. The silent | non-silent parameters only apply if desirable or auto modes are entered. If you do not specify silent or non-silent, the current setting is not affected. This command is not supported by non-EtherChannel-capable modules.
Examples
This example shows how to group ports 4/1 through 4 in an admin group:
Console> (enable) set port channel 4/1-4 96 Port(s) 4/1-4 are assigned to admin group 96. Console> (enable)
This example shows the display when the port list is exceeded:
Console> (enable) set port channel 2/1-9 1 No more than 8 ports can be assigned to an admin group. Console> (enable)
2-275
This example shows the display output when you assign ports to an existing admin group. This example moves ports in admin group 96 to another admin group and assigns ports 4/4 through 6 to admin group 96:
Console> (enable) set port channel 4/4-6 96 Port(s) 4/1-3 are moved to admin group 97. Port(s) 4/4-6 are assigned to admin group 96. Console> (enable)
This example shows how to set the channel mode to off for ports 4/4 through 6 and assign ports 4/4 through 6 to an automatically selected admin group:
Console> (enable) set port channel 4/4-6 off Port(s) 4/4-6 channel mode set to off. Port(s) 4/4-6 are assigned to admin group 23. Console> (enable)
Related Commands
2-276
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port cops
Syntax Description
Number of the module and the port on the module. Keyword and variable to specify the roles.
Defaults
The default is all ports have a default role of null string, for example, the string of length 0.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. A port may have multiple roles. You can configure a maximum of 64 total roles per switch. You can specify multiple roles in a single command.
Examples
This example shows the display if you attempt to create a roll and exceed the maximum allowable number of roles:
Console> (enable) set port cops 3/1 roles access_port Unable to add new role. Maximum number of roles is 64. Console> (enable)
Related Commands
2-277
Syntax Description
mod/port
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. It takes approximately 30 seconds for this command to take effect.
Examples
This example shows how to disable a port using the set port disable command:
Console> (enable) set port disable 5/10 Port 5/10 disabled. Console> (enable)
Related Commands
2-278
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port duplex
Syntax Description
Number of the module and the port on the module. Keyword to specify full-duplex transmission. Keyword to specify half-duplex transmission.
Defaults
The default configuration for 10-Mbps and 100-Mbps modules has all Ethernet ports set to half duplex.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure Ethernet and Fast Ethernet interfaces to either full duplex or half duplex. Gigabit ports only support full-duplex mode.
Examples
Related Commands
show port
2-279
Syntax Description
mod/port
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. It takes approximately 30 seconds for this command to take effect.
Examples
Related Commands
2-280
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port flowcontrol
Syntax Description
Number of the module and the port on the module. Keyword to specify a port processes pause frames. Keyword to specify a port sends pause frames. Keyword to prevent a local port from receiving and processing pause frames from remote ports or from sending pause frames to remote ports. Keyword to enable a local port to receive and process pause frames from remote ports or send pause frames to remote ports. Keyword to obtain predictable results regardless of whether a remote port is set to on, off, or desired.
Defaults
Gigabit Ethernet ports default to off for receive (Rx) and desired for transmit (Tx) Fast Ethernet ports default to off for receive and on for transmit
On the 24-port 100BaseFX and 48-port 10/100 BaseTX RJ-45 modules, the default is off for receive and off for send.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. When you configure the 24-port 100BaseFX and 48-port 10/100 BaseTX RJ-45 modules, you can set the receive flow control to on or off and the send flow control to off. All Catalyst Gigabit Ethernet ports can receive and process pause frames from remote devices. To obtain predictable results, use these guidelines:
Use send on only when remote ports are set to receive on or receive desired. Use send off only when remote ports are set to receive off or receive desired. Use receive on only when remote ports are set to send on or send desired. Use send off only when remote ports are set to receive off or receive desired.
2-281
Table 2-11 describes guidelines for different configurations of the send and receive keywords.
Table 2-11 send and receive Keyword Configurations
Configuration send on send off send desired receive on receive off receive desired
Description Enables a local port to send pause frames to remote ports. Prevents a local port from sending pause frames to remote ports. Obtains predictable results whether a remote port is set to receive on, receive off, or receive desired. Enables a local port to process pause frames that a remote port sends. Prevents a local port from sending pause frames to remote ports. Obtains predictable results whether a remote port is set to send on, send off, or send desired.
Examples
This example shows how to configure port 1 of module 5 to receive and process pause frames:
Console> (enable) set port flowcontrol receive 5/1 on Port 5/1 flow control receive administration status set to on (port will require far end to send flowcontrol) Console> (enable)
This example shows how to configure port 1 of module 5 to receive and process pause frames if the remote port is configured to send pause frames:
Console> (enable) set port flowcontrol receive 5/1 desired Port 5/1 flow control receive administration status set to desired (port will allow far end to send flowcontrol if far end supports it) Console> (enable)
This example shows how to configure port 1 of module 5 to receive but NOT process pause frames on port 1 of module 5:
Console> (enable) set port flowcontrol receive 5/1 off Port 5/1 flow control receive administration status set to off (port will not allow far end to send flowcontrol) Console> (enable)
This example shows how to configure port 1 of module 5 to send pause frames:
Console> (enable) set port flowcontrol send 5/1 on Port 5/1 flow control send administration status set to on (port will send flowcontrol to far end) Console> (enable)
This example shows how to configure port 1 of module 5 to send pause frames and yield predictable results even if the remote port is set to receive off:
Console> (enable) set port flowcontrol send 5/1 desired Port 5/1 flow control send administration status set to desired (port will send flowcontrol to far end if far end supports it) Console> (enable)
Related Commands
2-282
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port gmrp
Syntax Description
Number of the module and the port on the module. Keyword to enable GVRP on a specified port. Keyword to disable GVRP on a specified port.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. You can enter this command even when GMRP is not enabled, but the values come into effect only when you enable GMRP using the set gmrp enable command.
Examples
Related Commands
2-283
Syntax Description
Number of the module and the port on the module. Keyword to enable GVRP on a specified port. Keyword to disable GVRP on a specified port.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. When you enable VTP pruning, it runs on all the GVRP-disabled trunks. To run GVRP on a trunk, you need to enable GVRP both globally on the switch and individually on the trunk. You can configure GVRP on a port even when you globally enable GVRP. However, the port will not become a GVRP participant until you globally enable GVRP. You can enable GVRP on an 802.1Q trunk only. If you enter the set port gvrp command without specifying the port number, GVRP is affected globally in the switch.
Examples
This example shows what happens if you try to enable GVRP on a port that is not an 802.1Q trunk:
Console> (enable) set port gvrp 4/1 enable Failed to set port 4/1 to GVRP enable. Port not allow GVRP. Console> (enable)
2-284
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port gvrp
This example shows what happens if you try to enable GVRP on a specific port when GVRP has not first been enabled using the set gvrp command:
Console> (enable) set port gvrp 5/1 enable GVRP enabled on port(s) 5/1. GVRP feature is currently disabled on the switch. Console> (enable)
Related Commands
2-285
Syntax Description
mod/port
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. The set port host command sets channel mode to off, enables spanning tree PortFast, and sets the trunk mode to off. Only an end station can accept this configuration. Because spanning tree PortFast is enabled, you should enter the set port host command only on ports connected to a single host. Connecting hubs, concentrators, switches, and bridges to a fast-start port can cause temporary spanning tree loops. Enable the set port host command to decrease the time it takes to start up packet forwarding.
Examples
This example shows how to optimize the port configuration for end station/host connections on ports 2/1 and 3/1:
Console> (enable) set port host 2/1,3/1 Warning: Span tree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can cause temporary spanning tree loops. Use with caution. Spantree ports 2/1,3/1 fast start enabled. Port(s) 2/1,3/1 trunk mode set to off. Port(s) 2/1 channel mode set to off. Console> (enable)
Related Commands
2-286
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port inlinepower
Syntax Description
Number of the module and the ports on the module. Keyword to not power up the port even if an unpowered phone is connected. Keyword to power up the port only if the switching module has discovered the phone.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. If you enter this command on a port that does not support the IP phone power feature, an error message is displayed. You can enter a single port or a range of ports, but you cannot enter the module number only. An inline power-capable device can still be detected even if the inlinepower mode is set to off.
Caution
Damage can occur to equipment connected to the port if you are not using a phone that can be configured for the IP phone phantom power feature.
Examples
This example shows the output if the inlinepower feature is not supported:
Console> (enable) set port inlinepower 2/3-9 auto Feature not supported on module 2. Console> (enable)
Related Commands
2-287
Syntax Description
Number of the module and the port on the module. Keyword to enable jumbo frames on a specified port. Keyword to disable jumbo frames on a specified port.
Defaults
If you enable the jumbo frame feature, the MTU size for packet acceptance is 9216 bytes for nontrunking ports.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. You can use the jumbo frame feature to transfer large frames or jumbo frames through Catalyst 6000 family switches to optimize server-to-server performance. The jumbo frames feature is only supported on Layer 2-switched frames. The MSFC and MSM do not support the routing of jumbo frames; if jumbo frames are sent to these routers, router performance is significantly degraded. The GSR supports jumbo frames. To enable the jumbo frame feature on a port, the port must meet the following conditions:
The port must be a Gigabit Ethernet port. The trunking mode on the port must be set to OFF. The channeling mode on the port must be set to OFF.
For information on how to set the jumbo frame MTU size, contact Ciscos Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com.
Examples
This example shows how to enable the jumbo frames feature on module 3, port 2:
Console> (enable) set port jumbo 3/2 enable Jumbo frames enabled on port 5/3. Console> (enable)
2-288
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port jumbo
This example shows how to disable the jumbo frames feature on module 3, port 2:
Console> (enable) set port jumbo 3/2 disable Jumbo frames disabled on port 3/2. Console> (enable)
This example shows what happens if you try to enable the jumbo frames feature on a port that is not a Gigabit Ethernet port:
Console> (enable) set port jumbo 3/1 enable Feature not supported on port 3/1. Console> (enable)
This example shows what happens if you try to enable the jumbo frames feature on a port that does not have the trunking mode set to OFF:
Console> (enable) set port jumbo 6/1 enable Failed to enable the port jumbo frame feature on port 6/1. The trunking mode for jumbo enabled ports must be set to off. Console> (enable)
This example shows what happens if you try to enable the jumbo frames feature on a port that does not have the channeling mode set to OFF:
Console> (enable) set port jumbo 6/2 enable Failed to enable the port jumbo frame feature on port 6/2. The channelling mode for jumbo enabled ports must be set to off. Console> (enable)
Related Commands
2-289
Syntax Description
Number of the module and the port on the module. Keyword to specify the port become a member of dynamic VLANs. Keyword to specify the port become a member of static VLANs.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the port membership VLAN assignment to dynamic:
Console> Port 5/5 Spantree Console> (enable) set port membership 5/5 dynamic vlan assignment set to dynamic. port fast start option enabled for ports 5/5. (enable)
This example shows how to set the port membership VLAN assignment to static:
Console> (enable) set port membership 5/5 static Port 5/5 vlan assignment set to static. Console> (enable)
Related Commands
set vlan set vlan mapping set pvlan set pvlan mapping
2-290
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port name
Syntax Description
mod/port port_name
Number of the module and the port on the module. (Optional) Name of the module.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. If you do not specify the name string, the port name is cleared.
Examples
Related Commands
show port
2-291
Syntax Description
Number of the module and the port on the module. Keyword to enable the link negotiation protocol. Keyword to disable the link negotiation protocol.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set port negotiation command is supported on 1000Base (SX, LX, and ZX) modules only. If the port does not support this command, the following message appears:
Feature not supported on Port N/N.
where N/N is the module and port number. When you enable link negotiation, the system autonegotiates flow control, duplex mode, and remote fault information. You must either enable or disable link negotiation on both ends of the link. Both ends of the link must be set to the same value or the link cannot connect.
Examples
This example shows how to disable link negotiation protocol on port 1, module 4:
Console> (enable) set port negotiation 4/1 disable Link negotiation protocol disabled on port 4/1. Console> (enable)
Related Commands
2-292
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port protocol
Syntax Description
Number of the module and the port on the module. Keyword to specify IP. Keyword to specify IPX. Keyword to specify VINES, AppleTalk, and DECnet protocols. Keyword to indicate the port will receive all the flood traffic for that protocol. Keyword to indicate the port will not receive any flood traffic for that protocol. Keyword to indicate the port will not receive any flood traffic for that protocol.
Defaults
The default is that the ports are configured to on for the IP protocol groups and auto for IPX and group protocols.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. Protocol filtering is supported only on nontrunking EtherChannel ports. Trunking ports are always members of all the protocol groups. If the port configuration is set to auto, the port initially does not receive any flood packets for that protocol. When the corresponding protocol packets are received on that port, the supervisor engine detects this and adds the port to the protocol group. Ports configured as auto are removed from the protocol group if no packets are received for that protocol within a certain period of time. This aging time is set to 60 minutes. They are also removed from the protocol group on detection of a link down.
Examples
This example shows how to disable IPX protocol membership of port 1 on module 2:
Console> (enable) set port protocol 2/1 ipx off IPX protocol disabled on port 2/1. Console> (enable)
2-293
Related Commands
2-294
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port qos
Syntax Description
Number of the module and the ports on the module. Keyword to interpret the interface as a physical port. Keyword to interpret the interface as part of a VLAN.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. Changing a port from port-based to VLAN-based QoS detaches all ACLs from the port. Any ACLs attached to the VLAN apply to the port immediately. When you set a port to VLAN-based using the set port qos command with RSVP or COPS enabled on that port, the QoS policy-source is COPS or DSBM-election is enabled. The VLAN-based setting has been saved in NVRAM only.
Examples
This example shows the output if you change from port-based to VLAN-based with either RSVP or COPS enabled on the port:
Console> (enable) set port qos 3/1-48 vlan Qos interface is set to vlan-based for ports 3/1-48 Port(s) 3/1-48 - QoS policy-source is Cops or DSBM-election is enabled. Vlan-based setting has been saved in NVRAM only. Console> (enable)
2-295
Related Commands
show port qos set port qos cos set port qos trust show qos info
2-296
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port qos cos
Syntax Description
Number of the module and ports. Keyword and variable to specify the CoS value for a port; valid values are from 0 to 7. Keyword and variable to specify the CoS extension for a phone port; valid values are from 0 to 8.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. If the default is enforced when you disable QoS, CoS is enforced when you enable QoS.
Examples
This example shows how to set the CoS default value on a port:
Console> (enable) set port qos 2/1 cos 3 Port 2/1 qos cos set to 3. Console> (enable)
This example shows how to set the CoS-ext default value on a port:
Console> (enable) set port qos 2/1 cos-ext 3 Port 2/1 qos cos-ext set to 3. Console> (enable)
Related Commands
clear port qos cos show port qos show qos info set port qos trust set port qos show qos info
2-297
Syntax Description
Number of the module and the ports on the module. Keyword to specify that packets need to be reclassified from the matching ACE. Keyword to specify that although the CoS bits in the incoming packets are trusted, the ToS is invalid and a valid value needs to be derived from the CoS bits.
trust-ipprec Keyword to specify that although the ToS/CoS bits in the incoming packets are trusted, the ToS is invalid and the ToS is set as IP Precedence. trust-dscp Keyword to specify that the ToS/CoS bits in the incoming packets can be accepted as is with no change.
Defaults
The default when you enable QoS is untrusted; when you disable QoS, the default is trust-cos on Layer 2 switches and trust-dscp on Layer 3 switches.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you disable QoS, the default is trust-cos on Layer 2 switches and trust-dscp on Layer 3 switches. This command is not supported by the NAM. On 10/100 ports, you can use only the set port qos trust command to activate the receive drop thresholds. To configure a trusted state, you have to convert the port to port-based QoS, define an ACL that defines all (or the desired subset) of ACEs to be trusted, and attach the ACL to that port.
Examples
This example shows how to set the trust extension on ports on the connected phone to a trusted state:
Console> (enable) set port qos 3/7 trust-ext trusted Port in the phone device connected to port 3/7 is configured to be trusted. Console> (enable)
2-298
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port qos trust
Related Commands
show qos info show port qos set port qos set port qos cos
2-299
Syntax Description
Number of the module and the ports on the module. Keyword to specify that all traffic in 802.1Q or 802.1p frames received through the access port is marked with a configured Layer 2 CoS value. Keyword to specify that all traffic received through the access port passes through the phone switch unchanged.
Defaults
The default when the phone is connected to a Cisco LAN switch is untrusted mode; trusted mode is the default when the phone is not connected to a Cisco LAN switch.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. Traffic in frame types other than 802.1Q or 802.1p passes through the phone switch unchanged, regardless of the access port trust state.
Examples
This example shows how to set the trust extension on ports on the connected phone to a trusted state:
Console> (enable) set port qos 3/7 trust-ext trusted Port in the phone device connected to port 3/7 is configured to be trusted. Console> (enable)
Related Commands
show qos info show port qos set port qos set port qos cos
2-300
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port rsvp dsbm-election
Syntax Description
Number of the module and the port. Keyword to enable participation in the DSBM election. Keyword to disable participation in the DSBM election. (Optional) DSBM priority; valid values are from 128 to 255.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
Console> (enable) set port rsvp 2/1,3/2 dsbm-election enable 232 DSBM election enabled for ports 2/1,3/2. DSBM priority set to 232 for ports 2/1,3/2. This DSBM priority will be used during the next election process. Console> (enable)
This example shows the output when you enable participation in the DSBM election on a port that is not forwarding:
Console> (enable) set port rsvp 2/1,3/2 dsbm-election enable 232 DSBM enabled and priority set to 232 for ports 2/1,3/2. Warning: Port 2/1 not forwarding. DSBM negotiation will start after port starts forwarding on the native vlan. Console> (enable)
Related Commands
2-301
Syntax Description
Number of the module and the ports on the module. (Optional) Keyword to enable port security. (Optional) Keyword to disable port security. (Optional) Secure MAC address of the enabled port. (Optional) Keyword and variable to specify the duration for which addresses on the port will be secured; valid values are 0 (to disable) and from 10 to 1440 (minutes). (Optional) Keyword and variable to specify the maximum number of MAC addresses to secure on the port; valid values are from 1 to 1025. (Optional) Keyword and variable to specify the duration for which a port will remain disabled in case of a security violation; valid values are 0 (to disable) and from 10 to 1440 (minutes). (Optional) Keyword to specify the action to be taken in the event of a security violation. Keyword to shut down the port in the event of a security violation. Keyword to restrict packets from unsecure hosts.
Defaults
Port security is disabled. Number of secure addresses per port is one. Violation action is shutdown. Age is permanent (addresses are not aged out). Shutdown time is indefinite.
Command Types
Switch command.
2-302
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port security
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. If you enter the set port security enable command but do not specify a MAC address, the first MAC address seen on the port becomes the secure MAC address. You can specify the number of MAC addresses to secure on a port. You can add MAC addresses to this list of secure addresses. The maximum number is 1024. The set port security violation command allows you to specify whether you want the port to shut down or to restrict access to insecure MAC addresses only. The shutdown time allows you to specify the duration of shutdown in the event of a security violation.
Examples
This example shows how to set port security with a learned MAC address:
Console> (enable) set port security 3/1 enable Port 3/1 port security enabled with the learned mac address. Console> (enable)
This example shows how to set port security with a specific MAC address:
Console> (enable) set port security 3/1 enable 01-02-03-04-05-06 Port 3/1 port security enabled with 01-02-03-04-05-06 as the secure mac address. Console> (enable)
This example sets the shutdown time to 600 minutes on port 7/7:
Console> (enable) set port security 7/7 shutdown 600 Secure address shutdown time set to 600 minutes for port 7/7. Console> (enable)
This example sets the port to drop all packets that are coming in on the port from insecure hosts:
Console> (enable) set port security 7/7 violation restrict Port security violation on port 7/7 will cause insecure packets to be dropped. Console> (enable)
Related Commands
2-303
Syntax Description
Number of the module and the port on the module. Keyword to set a port speed to 10 Mbps, 100 Mbps, or autospeed detection mode.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure Fast Ethernet interfaces on the 10/100-Mbps Fast Ethernet switching module to either 10 or 100 Mbps, or to autosensing mode, allowing the interfaces to sense and distinguish between 10- and 100-Mbps port transmission speeds and full-duplex or half-duplex port transmission types at a remote port connection. If you set the interfaces to autosensing, they configure themselves automatically to operate at the proper speed and transmission type. This command is not supported by the Gigabit Ethernet switching module or the NAM.
Examples
This example shows how to configure the port speed on port 2, module 2 to 10 Mbps:
Console> (enable) set port speed 2/2 10 Port 2/2 speed set to 10 Mbps. Console> (enable)
Related Commands
show port
2-304
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port trap
Syntax Description
Number of the module and the port on the module. Keyword to activate the SNMP link trap. Keyword to deactivate the SNMP link trap.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. To set SNMP traps, enter the set snmp trap command.
Examples
This example shows how to enable the SNMP link trap for module 1, port 2:
Console> (enable) set port trap 1/2 enable Port 1/2 up/down trap enabled. Console> (enable)
Related Commands
set port disable set port duplex set port enable set port speed show port
2-305
Syntax Description
mod/port enable vlan vlan disable ipaddrspec tftp ipaddr gateway ipaddr dns ipaddr domain_name
Number of the module and the port on the module. Keyword to activate the SNMP link trap. (Optional) Keyword and variable to specify a VLAN interface. Keyword to deactivate the SNMP link trap. IP address and mask; see the Usage Guidelines section for format instructions. Keyword and variable to specify the number of the TFTP server IP address or IP alias in dot notation a.b.c.d. (Optional) Keyword and variable to specify the number of the gateway server IP address or IP alias in dot notation a.b.c.d. (Optional) Keyword to specify the DNS server. (Optional) Number of the DNS IP address or IP alias in dot notation a.b.c.d. (Optional) Name of the domain.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The ipaddrspec format is {ipaddr} {mask} or {ipaddr}/{mask} {mask}. The mask is a dotted format (255.255.255.0) or number of bits (0 to 31). You can specify a single port only when setting the IP address. If you enable DHCP on a port, the port obtains all other configuration information from the TFTP server. When you disable DHCP on a port, the following mandatory parameters must be specified:
If you do not specify DNS parameters, the software uses the system DNS configuration on the supervisor engine to configure the port. You cannot specify more than one port at a time because a unique IP address must be set for each port.
2-306
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set port voice interface dhcp
Examples
This example shows how to enable the port voice interface for the DHCP server:
Console> (enable) set port voice interface 7/4-8 dhcp enable Port 7/4 DHCP enabled. Console> (enable)
This example shows how to disable the set port voice interface DHCP server:
Console> (enable) set port voice interface 7/3 dhcp disable 171.68.111.41/24 tftp 173.32.43.11 dns 172.20.34.204 cisco.com Port 7/3 dhcp disabled. System DNS configurations applied. Console> (enable)
This example shows how to enable the port voice interface for the DHCP server with a specified VLAN:
Console> (enable) set port voice interface 7/4-6 dhcp enable vlan 3 Vlan 3 configuration successful Ports 7/4-6 DHCP enabled. Console> (enable)
This example shows how to enable the port voice interface for the TFTP, DHCP, and DNS servers:
Console> (enable) set port voice interface dhcp enable 4/2 171.68.111.41 tftp 173.32.43.11 dhcp 198.98.4.1 dns 189.69.24.192 Port 4/2 interface set. IP address: 171.68.111.41 netmask 255.255.0.0 TFTP server: 173.32.43.11 DHCP server: 198.98.4.1 DNS server: 189.69.24.192 Console> (enable)
Related Commands
2-307
Syntax Description
enable disable
Keyword to activate redundancy between the power supplies. Keyword to deactivate redundancy between the power supplies.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
In a system with dual power supplies, this command turns redundancy between the power supplies on or off. In a redundant configuration, the power available to the system is the maximum power capability of the weakest supply. In a nonredundant configuration, the power available to the system is the sum of the power capability of both supplies.
Examples
Related Commands
2-308
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set prompt
set prompt
Use the set prompt command to change the prompt for the CLI. set prompt prompt_string
Syntax Description
prompt_string
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use the set system name command to assign a name to the switch, the switch name is used as the prompt string. However, if you specify a different prompt string using the set prompt command, that string is used for the prompt.
Examples
Related Commands
2-309
set protocolfilter
Use the set protocolfilter command to activate or deactivate protocol filtering on Ethernet VLANs and on nontrunking Ethernet, Fast Ethernet, and Gigabit Ethernet ports. set protocolfilter {enable | disable}
Syntax Description
enable disable
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. Protocol filtering is supported only on Ethernet VLANs and on nontrunking EtherChannel ports.
Examples
Related Commands
show protocolfilter
2-310
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set pvlan
set pvlan
Use the set pvlan command to bind the isolated or community VLAN to the primary VLAN and assign the isolated or community ports to the private VLAN. set pvlan primary_vlan {isolated_vlan | community_vlan} [mod/port]
Caution
We recommend that you read and understand the Configuring VLANs chapter in the Catalyst 6000 Family Software Configuration Guide before using this command.
Syntax Description
Number of the primary VLAN. Number of the isolated VLAN. Number of the community VLAN. (Optional) Module and port numbers of the isolated or community ports.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must set the primary VLAN, isolated VLAN, and community VLANs using the set vlan pvlan-type command before making the association with the set pvlan command. Each isolated or community VLAN can have only one primary VLAN associated with it. A primary VLAN may have one isolated and/or multiple community VLANs associated to it.
Examples
This example shows how to map VLANs 901, 902, and 903 (isolated or community VLANs) to VLAN 7 (the primary VLAN):
Console> (enable) set pvlan 7 901 4/3 Port 4/3 is successfully assigned to vlan 7, 901 and is made an isolated port. Console> (enable) set pvlan 7 902 4/4-5 Ports 4/4-5 are successfully assigned to vlan 7, 902 and are made community ports. Console> (enable) set pvlan 7 903 4/6-7 Ports 4/6-7 are successfully assigned to vlan 7, 903 and are made community ports. Console> (enable)
2-311
Related Commands
set vlan show vlan set pvlan mapping clear vlan clear config pvlan clear pvlan mapping show pvlan show pvlan mapping
2-312
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set pvlan mapping
Syntax Description
Number of the primary VLAN. Number of the isolated VLAN. Number of the community VLAN. Module and port number of the promiscuous port.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You must set the primary VLAN, isolated VLANs, and community VLANs using the set vlan pvlan-type command bound with the set pvlan command, before you can apply the VLANs on any of the promiscuous ports with the set pvlan mapping command. You should connect the promiscuous port to an external device for the ports in the private VLAN to communicate with any other device outside the private VLAN. You should apply this command for each primary or isolated (community) association in the private VLAN.
Examples
This example shows how to remap community VLAN 903 to the primary VLAN 901 on ports 3 through 5 on module 8:
Console> (enable) set pvlan mapping 901 903 8/3-5 Successfully set mapping between 901 and 903 on 8/3-5. Console> (enable)
Related Commands
set vlan show vlan set pvlan clear vlan clear pvlan mapping show pvlan show pvlan mapping
2-313
set qos
Use the set qos command to turn on or turn off QoS functionality on the switch. set qos enable | disable
Syntax Description
enable disable
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Refer to the Catalyst 6000 Family Software Configuration Guide for information on how to change the QoS default configurations. When you enable and disable QoS in quick succession, a bus timeout might occur. If you enable or disable QoS on channel ports with different port types, channels might break or form.
Examples
Related Commands
2-314
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos acl default-action
Syntax Description
ip dscp dscp trust-cos trust-ipprec trust-dscp microflow microflow_name aggregate aggregate_name ipx mac
Keyword to specify the IP ACL default actions. Keyword and variable to set the DSCP to be associated with packets matching this stream. Keyword to specify DSCP is derived from the packet CoS. Keyword to specify DSCP is derived from the packet's IP precedence. Keyword to specify DSCP is contained in the packet already. (Optional) Keyword and variable to specify the name of the microflow policing rule to be applied to packets matching the ACE. (Optional) Keyword and variable to specify the name of the aggregate policing rule to be applied to packets matching the ACE. Keyword to specify the IPX ACL default actions. Keyword to specify the MAC ACL default actions.
Defaults
The default is no ACL is set up. When you enable QoS, the default-action is to classify everything to best effort and to do no policing. When you disable QoS, the default-action is trust-dscp on all packets and no policing.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Configurations you make by entering this command are saved to NVRAM and the switch and do not require that you enter the commit command.
2-315
Examples
Console> (enable) set qos acl default-action ip dscp 5 microflow micro aggregate agg QoS default-action for IP ACL is set successfully. Console> (enable)
This example shows how to set up the IPX ACL default actions:
Console> (enable) set qos acl default-action ipx dscp 5 microflow micro aggregate agg QoS default-action for IPX ACL is set successfully. Console> (enable)
This example shows how to set up the MAC ACL default actions:
Console> (enable) set qos acl default-action mac dscp 5 microflow micro aggregate agg QoS default-action for MAC ACL is set successfully. Console> (enable)
Related Commands
2-316
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos acl ip
Syntax Description
acl_name dscp dscp trust-cos trust-ipprec trust-dscp microflow microflow_name aggregate aggregate_name src_ip_spec before editbuffer_index modify editbuffer_index
Unique name that identifies the list to which the entry belongs. Keyword and variable to set CoS and DSCP from configured DSCP values. Keyword to specify DSCP is derived from the packet CoS. Keyword to specify DSCP is derived from the packet's IP precedence. Keyword to specify DSCP is contained in the packet already. (Optional) Keyword and variable to specify the name of the microflow policing rule to be applied to packets matching the ACE. (Optional) Keyword and variable to specify the name of the aggregate policing rule to be applied to packets matching the ACE. Source IP address and the source mask. See the Usage Guidelines section for the format. (Optional) Keyword and variable to insert the new ACE in front of another ACE. (Optional) Keyword and variable to replace an ACE with the new ACE.
2-317
protocol
Keyword or number of an IP protocol; valid numbers are from 0 to 255 representing an IP protocol number. See the Usage Guidelines section for the list of valid keywords and corresponding numbers. Destination IP address and the destination mask. See the Usage Guidelines section for the format. (Optional) Keyword and variable to specify the precedence level to compare with in incoming packet; valid values are from 0 to 7 or by name. See the Usage Guidelines section for a list of valid names. (Optional) Keyword and variable to specify the DSCP field level to compare with an incoming packet. Valid values are from 0 to 7 or by name; valid names are critical, flash, flash-override, immediate, internet, network, priority, and routine. Keyword to specify ICMP. (Optional) ICMP message type; valid values are from 0 to 255. (Optional) ICMP message code; valid values are from 0 to 255. (Optional) ICMP message type name or ICMP message type and code name. See the Usage Guidelines section for a list of valid names. Keyword to specify IGMP. (Optional) IGMP message type or message name; valid message type numbers are from 0 to 15. See the Usage Guidelines section for a list of valid names and numbers. Keyword to specify TCP. (Optional) Operands; valid values include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range). (Optional) TCP or UDP port number or name; valid port numbers are from 0 to 65535. See the Usage Guidelines section for a list of valid names. (Optional) For TCP protocol onlyKeyword to specify an established connection. Keyword to specify UDP.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Configurations you make by entering any of these commands are saved to NVRAM and the switch only after you enter the commit command. Enter ACEs in batches and then enter the commit command to save them in NVRAM and the switch. Use the show qos acl info command to view the edit buffer.
2-318
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos acl ip
The dscp dscp, trust-cos, trust-ipprec, and trust-dscp keywords and variables are used to select a marking rule. Refer to the Catalyst 6000 Family Software Configuration Guide for additional marking rule information. The optional microflow microflow_name, aggregate aggregate_name keywords and variables are used to configure policing in the ACE. Refer to the Catalyst 6000 Family Software Configuration Guide for additional policing rule information. The src_ip_spec, optional precedence precedence, or dscp-field dscp keywords and variables, are used to configure filtering. When you enter the ACL name, follow these naming conventions:
Maximum of 31 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.) Must start with an alpha character and must be unique across all ACLs of all types Case sensitive Cannot be a number Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
When you specify the source IP address and the source mask, use the form source_ip_address source_mask and follow these guidelines:
The source_mask is required; 0 indicates a care bit, 1 indicates a dont-care bit. Use a 32-bit quantity in four-part dotted-decimal format. Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255. Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
When you enter a destination IP address and the destination mask, use the form destination_ip_address destination_mask. The destination mask is required.
Use a 32-bit quantity in a four-part dotted-decimal format Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255 Use host/source as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0
Valid names for precedence are critical, flash, flash-override, immediate, internet, network, priority, and routine. Valid names for tos are max-reliability, max-throughput, min-delay, min-monetary-cost, and normal. Valid protocol keywords include icmp (1), igmp (2), ip (0), ipinip (4), tcp (6), udp (17), igrp (9), eigrp (88), gre (47), nos (94), ospf (89), ahp (51), esp (50), pcp (108), and pim (103). The IP protocol number is displayed in parentheses. Use the keyword ip to match any Internet Protocol. ICMP packets that are matched by ICMP message type can also be matched by the ICMP message code. Valid names for icmp_type and icmp_code are administratively-prohibited, alternate-address, conversion-error, dod-host-prohibited, dod-net-prohibited, echo, echo-reply, general-parameter-problem, host-isolated, host-precedence-unreachable, host-redirect, host-tos-redirect, host-tos-unreachable, host-unknown, host-unreachable, information-reply, information-request, mask-reply, mask-request, mobile-redirect, net-redirect, net-tos-redirect, net-tos-unreachable, net-unreachable, network-unknown, no-room-for-option, option-missing, packet-too-big, parameter-problem, port-unreachable, precedence-unreachable, protocol-unreachable,
2-319
reassembly-timeout, redirect, router-advertisement, router-solicitation, source-quench, source-route-failed, time-exceeded, timestamp-reply, timestamp-request, traceroute, ttl-exceeded, and unreachable. Valid names and corresponding numbers for igmp_message are dvmrp (3), host-query (1), host-report (2), pim (4), and trace (5). If the operator is positioned after the source and source-wildcard, it must match the source port. If the operator is positioned after the destination and destination-wildcard, it must match the destination port. The range operator requires two port numbers. All other operators require one port number only. TCP port names can be used only when filtering TCP. Valid names for TCP ports are bgp, chargen, daytime, discard, domain, echo, finger, ftp, ftp-data, gopher, hostname, irc, klogin, kshell, lpd, nntp, pop2, pop3, smtp, sunrpc, syslog, tacacs-ds, talk, telnet, time, uucp, whois, and www. UDP port names can be used only when filtering UDP. Valid names for UDP ports are biff, bootpc, bootps, discard, dns, dnsix, echo, mobile-ip, nameserver, netbios-dgm, netbios-ns, ntp, rip, snmp, snmptrap, sunrpc, syslog, tacacs-ds, talk, tftp, time, who, and xdmcp. If no layer protocol number is entered, you can use this syntax: set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp} [microflow microflow_name] [aggregate aggregate_name] {src_ip_spec} [before editbuffer_index | modify editbuffer_index] If a Layer 4 protocol is specified, you can use this syntax: set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp} [microflow microflow_name] [aggregate aggregate_name] {protocol} {src_ip_spec} {dest_ip_spec} [precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index] If ICMP is used, you can use this syntax: set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp} [microflow microflow_name] [aggregate aggregate_name] icmp {src_ip_spec} {dest_ip_spec} [icmp_type [icmp_code] | icmp_message] [precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index] If IGMP is used, you can use this syntax: set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp} [microflow microflow_name] [aggregate aggregate_name] igmp {src_ip_spec} {dest_ip_spec} [igmp_type] [precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index] If TCP is used, you can use this syntax: set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp} [microflow microflow_name] [aggregate aggregate_name] tcp {src_ip_spec} [{operator} {port} [port]] {dest_ip_spec} [{operator} {port} [port]] [established] [precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
2-320
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos acl ip
If UDP is used, you can use this syntax: set qos acl ip {acl_name} {dscp dscp | trust-cos | trust-ipprec | trust-dscp} [microflow microflow_name] [aggregate aggregate_name] udp {src_ip_spec} [{operator} {port} [port]] {dest_ip_spec} [{operator {port} [port]] [precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
Examples
Related Commands
2-321
Syntax Description
Unique name that identifies the list to which the entry belongs. Keyword and variable to set CoS and DSCP from configured DSCP values. Keyword to specify that the DSCP is derived from the packet CoS. (Optional) Keyword and variable to specify the name of the aggregate policing rule to be applied to packets matching the ACE. Keyword or number of an IPX protocol; valid values are from 0 to 255 representing an IPX protocol number. See the Usage Guidelines section for a list of valid keywords and corresponding numbers. Number of the network from which the packet is being sent. See the Usage Guidelines section for format guidelines. (Optional) Mask to be applied to destination-node. See the Usage Guidelines section for format guidelines. (Optional) Node on destination-network of the packet being sent. (Optional) Mask to be applied to the the destination network. See the Usage Guidelines section for format guidelines. (Optional) Mask to be applied to destination-node. See the Usage Guidelines section for format guidelines. (Optional) Keyword and variable to insert the new ACE in front of another ACE. (Optional) Keyword and variable to replace an ACE with the new ACE.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
2-322
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos acl ipx
Usage Guidelines
The dscp dscp and trust-cos keywords and variables are used to select a marking rule. Refer to the Catalyst 6000 Family Software Configuration Guide for additional marking rule information. The optional aggregate aggregate_name keyword and variable are used to configure policing in the ACE. Refer to the Catalyst 6000 Family Software Configuration Guide for additional policing rule information. The src_ip_spec, optional precedence precedence, or dscp-field dscp keywords and variables, are used to configure filtering. When you enter the ACL name, follow these naming conventions:
Maximum of 31 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.) Must start with an alpha character and must be unique across all ACLs of all types Case sensitive Cannot be a number Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
Valid protocol keywords include ncp (17), rip (1), sap (4), and spx (5). The IP network number is listed in parentheses. The src_net and dest_net variables are eight-digit hexadecimal numbers that uniquely identify network cable segments. When you specify the src_net or dest_net, use the following guidelines:
It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.
The dest_node is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers (xxxx.xxxx.xxxx). The destination_mask is of the form N.H.H.H or H.H.H where N is the destination network mask and H is the node mask. It can be specified only when the destination node is also specified for the destination address. The dest_net_mask is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask. The mask must be immediately followed by a period, which must in turn be immediately followed by destination-node-mask. You can enter this value only when dest_node is specified. The dest_node_mask is a 48-bit value represented as a dotted triplet of 4-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask. You can enter this value only when dest_node is specified. The dest_net_mask is an eight-digit hexadecimal number that uniquely identifies the network cable segment. It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA. Following are dest_net_mask examples:
2-323
Examples
Console> (enable) set qos acl ipx my_IPXacl trust-cos aggregate my-agg -1 my_IPXacl editbuffer modified. Use `commit' command to apply changes. Console> (enable)
Related Commands
2-324
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos acl mac
Syntax Description
Unique name that identifies the list to which the entry belongs. Keyword and variable to set CoS and DSCP from configured DSCP values. Keyword to specify that the DSCP is derived from the packet CoS. (Optional) Keyword and variable to specify the name of the aggregate policing rule to be applied to packets matching the ACE. Number of the source MAC address in the form source_mac_address source_mac_address_mask. (Optional) Number of the destination MAC address. (Optional) Name or number that matches the ethertype for Ethernet-encapsulated packets. See the Usage Guidelines section for a list of valid names and numbers. (Optional) Keyword and variable to insert the new ACE in front of another ACE. (Optional) Keyword and variable to replace an ACE with the new ACE.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The dscp dscp and trust-cos keywords and variables are used to select a marking rule. Refer to the Catalyst 6000 Family Software Configuration Guide for additional marking rule information. The optional aggregate aggregate_name keyword and variable are used to configure policing in the ACE. Refer to the Catalyst 6000 Family Software Configuration Guide for additional policing rule information. When you enter the ACL name, follow these naming conventions:
Maximum of 31 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.) Must start with an alpha character and must be unique across all ACLs of all types Case sensitive
2-325
Cannot be a number Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
The src_mac_addr_spec is a 48-bit source MAC address and mask and entered in the form of source_mac_address source_mac_address_mask (for example, 08-11-22-33-44-55 ff-ff-ff-ff-ff-ff). Place ones in the bit positions you want to mask. When you specify the src_mac_addr_spec, follow these guidelines:
The source_mask is required; 0 indicates a care bit, 1 indicates a dont-care bit. Use a 32-bit quantity in 4-part dotted-decimal format. Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255. Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
The dest_mac_spec is a 48-bit destination MAC address and mask and entered in the form of dest_mac_address dest_mac_address_mask (for example, 08-00-00-00-02-00/ff-ff-ff-00-00-00). Place ones in the bit positions you want to mask. The destination mask is mandatory. When you specify the dest_mac_spec, use the following guidelines:
Use a 48-bit quantity in 6-part dotted-hexadecimal format for source address and mask. Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 ff-ff-ff-ff-ff-ff. Use host source as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.
Valid names for Ethertypes (and corresponding numbers) are Ethertalk (0x809B), AARP (0x8053), dec-mop-dump (0x6001), dec-mop-remote-console (0x6002), dec-phase-iv (0x6003), dec-lat (0x6004), dec-diagnostic-protocol (0x6005), dec-lavc-sca (0x6007), dec-amber (0x6008), dec-mumps (0x6009), dec-lanbridge (0x8038), dec-dsm (0x8039), dec-netbios (0x8040), dec-msdos (0x8041), banyan-vines-echo (0x0baf), xerox-ns-idp (0x0600), and xerox-address-translation (0x0601). The ether-type is a 16-bit hexadecimal number written with a leading 0x. Use the show security acl command to display the list.
Examples
Related Commands
2-326
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos acl map
Syntax Description
Name of the list to which the entry belongs. Number of the module and the port on the module. Number of the VLAN.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Caution
Use the copy command to save the ACL configuration to Flash memory.
Examples
This example shows what happens if you try to attach an ACL that has not been committed:
Console> (enable) set qos acl map new_acl 4 Commit ACL new_acl before mapping. Console> (enable)
Related Commands
2-327
Syntax Description
Keyword to activate microflow policing functionality. Keyword to deactivate microflow policing functionality. List of VLANs; valid values are from 1 to 1000.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Layer 3 switching engine-based systems do not create NetFlow entries for bridged packets. Without a NetFlow entry, these packets cannot be policed at the microflow level. You must enter the set qos bridged-microflow-policing enable command if you want the bridged packets to be microflow policed. This command is supported on systems configured with a Layer 3 switching engine only.
Examples
Related Commands
2-328
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos cos-dscp-map
Syntax Description
dscp#
Defaults
CoS DSCP
0 0
1 8
2 16
3 24
4 32
5 40
6 48
7 56
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The CoS-to-DSCP map is used to map the CoS of packets arriving on trusted ports (or flows) to a DSCP where the trust type is trust-cos. This map is a table of eight CoS values (0 through 7) and their corresponding DSCP values. The switch has one map. This command is supported on systems configured with a Layer 3 switching engine only.
Examples
Related Commands
2-329
Syntax Description
Keywords to specify the transmit drop threshold. Keywords to specify the receive drop threshold. Keyword and variable to specify the queue; valid values are 1 and 2. Threshold percentage; valid values are from 1 to 100.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The number preceding the t letter in the port_type (2q2t, 1q4t, or 1p1q4t) determines the number of threshold values the hardware supports. For example, with 2q2t, the number of thresholds specified is two; with 1q4t and 1p1q4t, the number of thresholds specified is four. Due to the granularity of programming the hardware, the values set in hardware will be close approximations of the values provided.
2-330
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos drop-threshold
The number preceding the q letter in the port_type determines the number of the queues that the hardware supports. For example, with 2q2t, the number of queues specified is two; with 1q4t and 1p1q4t, the number of queues specified is four. The system defaults for the transmit queues attempt to keep the maximum latency through a port at a maximum of 10 ms. The number preceding the p letter in the 1p1q4t port types determines the threshold in the priority queue. When you configure the drop threshold for 1q1q4t, the drop threshold for the second queue is 100 percent and is not configurable. The thresholds are all specified as percentages; 10 indicates a threshold when the buffer is 10 percent full. The single-port ATM OC-12 module does not support transmit queue drop thresholds.
Examples
Related Commands
2-331
Syntax Description
dscp_list cos_value...
Number of the DSCP; valid values are from 0 to 63. Number of the CoS; valid values are from 0 to 7.
Defaults
DSCP CoS
0 to 7 0
8 to 15 1
16 to 23 24 to 31 32 to 39 40 to 47 48 to 55 56 to 63 2 3 4 5 6 7
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The DSCP-to-CoS map is used to map the final DSCP classification to a final CoS. This final map determines the output queue and threshold to which the packet is assigned. The CoS map is written into the ISL header or 802.1Q tag of the transmitted packet on trunk ports and contains a table of 64 DSCP values and their corresponding CoS values. The switch has one map. This command is supported on systems configured with a Layer 3 switching engine only.
Examples
Related Commands
2-332
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos ipprec-dscp-map
Syntax Description
dscp1#
Defaults
IPPREC DSCP
0 0
1 8
2 16
3 24
4 32
5 40
6 48
7 56
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Use this command to map the IP precedence of IP packets arriving on trusted ports (or flows) to a DSCP when the trust type is trust-ipprec. This map is a table of eight precedence values (0 through 7) and their corresponding DSCP values. The switch has one map. The IP precedence values are as follows:
This command is supported on systems configured with a Layer 3 switching engine only.
Examples
This example shows how to assign IP precedence-to-DSCP mapping and return to the default:
Console> (enable) set qos ipprec-dscp-map 20 30 1 43 63 12 13 8 QoS ipprec-dscp-map set successfully. Console> (enable)
2-333
Related Commands
2-334
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos mac-cos
Syntax Description
MAC address of the destination host. Number of the VLAN; valid values are from 1 to 1001. CoS value; valid values are from 0 to 7, higher numbers represent higher priority.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command has no effect on a switch configured with a PFC because the Layer 3 switching engine's result always overrides the Layer 2 result. The set qos mac-cos command creates a permanent CAM entry in the CAM table until you reset the active supervisor engine. The port associated with the MAC address is learned when the first packet with this source MAC address is received. These entries do not age out. The CoS for a packet going to the specified MAC address is overwritten even if it is coming from a trusted port. If you enter the show cam command, entries made with the set qos mac-cos command display as dynamic because QoS considers them to be dynamic, but they do not age out.
Examples
Related Commands
2-335
Syntax Description
Port type; valid values are 2q2t and 1p2q2t for transmit and 1p1q4t for receive. The same mapping is used for both the receive and transmit directions. Keyword to specify the transmit queue. Keyword to specify the receive queue. Value determined by the number of priority queues provided at the transmit or receive end; valid values are 1 and 2, with the higher value indicating a higher priority queue. Value determined by the number of drop thresholds available at a port; valid values are 1 and 2, with the higher value indicating lower chances of being dropped. Keyword and variable to specify CoS values; valid values are from 0 through 7, with the higher numbers representing a higher priority.
Defaults
The default mappings for all ports are shown in Table 2-4 and Table 2-5.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can enter the cos_list variable as a single CoS value, multiple noncontiguous CoS values, a range of CoS values, or a mix of values. For example, you can enter any of the following: 0, or 0,2,3, or 0-3,7. When specifying the priority queue for the 1p2q2t port_type, the priority queue number is 3 and the threshold number is 1. The receive and transmit drop thresholds have this relationship:
Receive queue 1 (standard) threshold 1 = transmit queue 1 (standard low priority) threshold 1 Receive queue 1 (standard) threshold 2 = transmit queue 1 (standard low priority) threshold 2 Receive queue 1 (standard) threshold 3 = transmit queue 2 (standard high priority) threshold 1 Receive queue 1 (standard) threshold 4 = transmit queue 2 (standard high priority) threshold 2
Examples
This example shows how to assign the CoS values 1, 2, and 5 to the first queue and the first drop threshold in that queue:
Console> (enable) set qos map 2q2t tx 1 1 cos 1,2,5 Qos tx priority queue and threshold mapped to cos successfully. Console> (enable)
2-336
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos map
This example shows how to assign the CoS values to queue 1 and threshold 2 in that queue:
Console> (enable) set qos map 2q2t tx 1 2 cos 3-4,7 Qos tx priority queue and threshold mapped to cos successfully. Console> (enable)
This example shows how to assign the CoS values 1, 2, and 5 to the first queue and the first drop threshold in that queue:
Console> (enable) set qos map 1p2q2t tx 1 1 cos 1,2,5 Qos tx priority queue and threshold mapped to cos successfully. Console> (enable)
This example shows how to map the CoS value 7 to strict priority transmit queue 3/drop threshold 1:
Console> (enable) set qos map 1p2q2t tx 3 1 cos 7 Qos tx strict queue and threshold mapped to cos successfully. Console> (enable)
Related Commands
2-337
Syntax Description
in_profile_dscp :policed_dscp
Number of the in-profile DSCP; valid values are from 0 through 63. Number of the policed DSCP; valid values are 0 through 63.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can enter in_profile_dscp as a single DSCP, multiple DSCPs, or a range of DSCPs (for example, 1 or 1,2,3 or 1-3,7). The colon between in_profile_dscp and policed_dscp is required. This command is supported on systems configured with a Layer 3 switching engine only.
Examples
This example shows how to set the mapping of policed in-profile DSCPs:
Console> (enable) set qos policed-dscp-map 60-63:60 20-40:5 QoS policed-dscp-map set successfully. Console> (enable)
Related Commands
2-338
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos policer
Syntax Description
microflow microflow_name rate rate burst burst drop policed-dscp aggregate aggregate_name
Keyword and variable to specify the name of the microflow policing rule. Keyword and variable to specify the average rate; valid values are from 0 and 32 Kbps to 8 Gbps. Keyword and variable to specify the burst size; valid values are from 1 Kb to 32 Mb. Keyword to specify drop traffic. Keyword to specify policed DSCP. Keyword and variable to specify the name of the aggregate policing rule.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Before microflow policing can occur, you must define a microflow policing rule. Policing allows the switch to limit the bandwidth consumed by a flow of traffic. The Catalyst 6000 family switch supports up to 63 microflow policing rules. When a microflow policer is used in any ACL that is attached to any port or VLAN, the NetFlow flowmask is bumped up to full flow. Before aggregate policing can occur, you must create an aggregate and a policing rule for that aggregate. The Catalyst 6000 family switch supports up to 1023 aggregates and 1023 policing rules. The set qos policer aggregate command allows you to configure an aggregate flow and a policing rule for that aggregate. When you enter the microflow microflow_name rate rate burst burst, the range for the average rate is 32 Kbps to 8 Gbps and the range for the burst size is 1 Kb (entered as 1) to 32 Mb (entered as 32000). The burst can be set lower, higher, or equal to the rate. Modifying an existing aggregate rate limit entry causes that entry to be modified in NVRAM and in the switch if that entry is currently being used.
2-339
Note
We recommend a 32-Kb minimum value burst size. Due to the nature of the traffic at different customer sites, coupled with the hardware granularity, smaller values occasionally result in lower rates than the specified rate. If you experiment with smaller values but problems occur, increase the burst rate to this minimum recommended value. Modifying an existing microflow or aggregate rate limit modifies that entry in NVRAM as well as in the switch if it is currently being used. When you enter the policing name, follow these naming conventions:
Maximum of 31 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.) Must start with an alpha character and must be unique across all ACLs of all types Case sensitive Cannot be a number Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
Examples
This example shows how to create a microflow policing rule for ACL:
Console> (enable) set qos policer microflow my-micro rate 1000 burst 10000 policed-dscp QoS policer for microflow my-micro set successfully. Console> (enable)
This example shows how to create an aggregate policing rule for ACL:
Console> (enable) set qos policer aggregate my-agg rate 1000 burst 2000 drop QoS policer for aggregate my-aggset successfully. Console> (enable)
Related Commands
2-340
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos policy-source
Syntax Description
local cops
Keyword to set the policy source to local NVRAM configuration. Keyword to set the policy source to COPS configuration.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you set the policy source to local, the QoS policy is taken from local configuration stored in NVRAM. If you set the policy source to local after it was set to COPS, the QoS policy reverts back to the local configuration stored in NVRAM. When you set the policy source to COPS, all configuration that is global to the device, such as the DSCP to marked-down DSCP, is taken from policy downloaded to the PEP by the PDP. Configuration of each physical port, however, is taken from COPS only if the policy source for that port has been set to COPS.
Examples
This example shows how to set the policy source to local NVRAM:
Console> (enable) set qos policy-source local QoS policy source for the switch set to local. Console> (enable)
This example shows the output if you attempt to set the policy source to COPS and no COPS servers are available:
Console> (enable) set qos policy-source cops QoS policy source for the switch set to COPS. Warning: No COPS servers configured. Use the set cops server command to configure COPS servers. Console> (enable)
Related Commands
2-341
Syntax Description
Keyword to activate the RSVP+ feature. Keyword to deactivate the RSVP+ feature. Keyword and variable to specify the time in minutes after which the RSVP+ databases get flushed; valid values are from 1 to 65535 minutes. Keywords to specify the policy configuration local to the network device to either accept existing flows and forward them or not accept new flows.
Defaults
The default is the RSVP+ feature is disabled, policy-timeout is 30 minutes, and local-policy is forward.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
There is no connection with the policy server New flows that come up after connection with the policy server has been lost Old flows after the PDP policy times out
Examples
2-342
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos rsvp
Related Commands
2-343
Syntax Description
Port type; valid values are 2q2t and 1p2q2t. Percentage of low-priority traffic; valid values are from 1 to 99 and must total 100 with the queue2_val value. Percentage of high-priority traffic; valid values are from 1 to 99 and must total 100 with the queue1_val value. Percentage of strict-priority traffic; valid values are from 1 to 99 and must total 100.
Defaults
The default for 2q2t is 80:20 if you enable QoS, and 100:0 if you disable QoS. The default for 1p2q2t is 70:15:15 if you enable QoS and 100:0:0 if you disable QoS.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Use caution when using this command. When entering the set qos txq-ratio command, all ports go through a link up and down condition. The values set in hardware will be close approximations of the values provided. For example, even if you specify 0 percent, the actual value programmed will not necessarily be 0. The txq ratio is determined by the traffic mix in the network. Since high-priority traffic is typically a smaller fraction of the traffic and since the high-priority queue gets more service, you should set the high-priority queue lower than the low-priority queue. The strict priority queue requires no configuration.
Examples
This example shows how to set the transmit queue size ratio:
Console> (enable) set qos txq-ratio 2q2t 75 25 QoS txq-ratio is set successfully. Console> (enable)
Related Commands
2-344
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos wred-threshold
Syntax Description
Keyword to specify the port type; only valid value is 1p2q2t. Keyword to specify the parameters for output queuing; only valid value is tx. Keyword and variable to specify the queue to which the arguments apply. Percentage of the buffer size.
Defaults
The defaults are queue type is tx, threshold 1 is 80 percent, threshold 2 is 100 percent, and the low threshold is picked automatically by the system.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The queue number is 1 for the low-priority standard transmit queue and 2 for the high-priority standard transmit queue. The strict priority queue is not configurable; it uses threshold 2 as specified for queue 2. The thresholds are all specified as percentages, ranging from 1 to 100. A value of 10 indicates a threshold when the buffer is 10 percent full.
Examples
This example shows how to configure the low-priority transmit queue drop thresholds:
Console> (enable) set qos wred-threshold 1p2q2t tx queue 1 50 60 WRED thresholds for queue 1 set to 50%,60% on all WRED-capable 1p2q2t ports. Console> (enable)
Related Commands
2-345
Syntax Description
Port type; valid values are 2q2t and 1p2q2t. Number of weights for queues 1 and 2; valid values are from 1 to 255.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The WRR weights are used to partition the bandwidth between the queues in the event all queues are not empty. For example, weights of 1:3 mean that one queue gets 25 percent of the bandwidth and the other gets 75 percent as long as both queues have data. Weights of 1:3 do not necessarily lead to the same results as when the weights are 10:30. In the latter case, more data is serviced from each queue and the latency of packets serviced from the other queue goes up. For best results, set the weights so that at least one packet (maximum size) can be serviced from the lower priority queue at a time. For the higher priority queue, set the weights so that multiple packets are serviced at any one time. The values set in hardware will be close approximations of the values provided. For example, even if you specify 0 percent, the actual value programmed will not necessarily be 0. Whatever weights you choose, make sure that the resulting byte values programmed (see the show qos info command with the runtime keyword) are at least equal to the MTU size. The ratio achieved is only an approximation of what you specify since the cutoff is on a packet and midway through a packet. For example, if you specify that the ratio services 1000 bytes out of the low-priority queue, and there is a 1500-byte packet in the low-priority queue, the entire 1500-byte packet is transmitted because the hardware services an entire packet. For 1p2q2t, only two queues can be set; the third queue is strict priority.
Examples
This example shows how to specify the weights for queue 1 and queue 2 to 30 and 70:
Console> (enable) set qos wrr 2q2t 30 70 QoS wrr ratio is set successfully. Console> (enable)
2-346
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set qos wrr
Related Commands
2-347
Syntax Description
minutes
Length of time a RADIUS server does not respond to an authentication request; valid values are from 0 to 1440 minutes.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If only one RADIUS server is configured or if all the configured servers are marked dead, deadtime will be ignored since no alternate servers are available. By default, the deadtime is 0 minutes; the RADIUS servers are not marked dead if they do not respond.
Examples
Related Commands
show radius
2-348
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set radius key
Syntax Description
key
Key to authenticate the transactions between the RADIUS client and the server.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The key you set must be the same one as configured in the RADIUS server. All leading spaces are ignored; spaces within and at the end of the key are not ignored. Double quotes are not required even if there are spaces in the key, unless the quotes themselves are part of the key. The length of the key is limited to 65 characters; it can include any printable ASCII characters except tabs. If you configure a RADIUS key on the switch, make sure you configure an identical key on the RADIUS server.
Examples
This example shows how to set the RADIUS encryption and authentication key to Make my day:
Console> (enable) set radius key Make my day Radius key set to Make my day. Console> (enable)
Related Commands
show radius
2-349
Syntax Description
count
Number of times the RADIUS servers are tried before giving up on the server; valid values are from 1 to 100.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
show radius
2-350
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set radius server
Syntax Description
Number of the IP address or IP alias in dot notation a.b.c.d. (Optional) Keyword and variable to specify a destination UDP port for RADIUS authentication messages. (Optional) Keyword and variable to specify a destination UDP port for RADIUS accounting messages. (Optional) Keyword to specify this server be contacted first.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you configure multiple RADIUS servers, the first server configured is the primary. Authentication requests are sent to this server first. You can specify a particular server as primary by using the primary keyword. You can add up to three RADIUS servers. The ipaddr value can be entered as an IP alias or an IP address in dot notation a.b.c.d. If you set the auth-port port to 0, the RADIUS server will not be used for authentication. If you set the acct-port port to 0, the RADIUS server will not be used for accounting. If you configure a RADIUS key on the switch, make sure you configure an identical key on the RADIUS server. You must specify a RADIUS server before enabling RADIUS on the switch.
Examples
Console> (enable) set radius server everquest.com auth-port 0 acct-port 1646 primary everquest.com added to RADIUS server table as primary server. Console> (enable)
Related Commands
show radius
2-351
Syntax Description
seconds
Number of seconds to wait for a reply; valid values are from 1 to 1000 seconds.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the time between retransmissions to 7 seconds:
Console> (enable) set radius timeout 7 Radius timeout set to 7 seconds. Console> (enable)
Related Commands
show radius
2-352
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands set rcp username
Syntax Description
username
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The username must be different from root and not a null string. The only case where you cannot configure the rcp username is for the VMPS database where you will use an rcp VMPS username.
Examples
2-353
set rgmp
Use the set rgmp command to enable or disable the RGMP feature on the switch. set rgmp {enable | disable}
Syntax Description
enable disable
Keyword to enable RGMP on the switch. Keyword to disable RGMP on the switch.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
RGMP is a global command. You cannot enable or disable RGMP on a per-VLAN basis. The RGMP feature is operational only if IGMP snooping is enabled on the switch (see the set igmp command).
Examples
Related Commands
show rgmp group show rgmp statistics clear rgmp statistics set igmp
2-354
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set rspan
set rspan
Use the set rspan command set to create remote SPAN sessions. set rspan disable source [rspan_vlan | all] set rpsan disable destination [mod/port | all] set rspan source {src_mod/src_ports... | vlans... | sc0} {rspan_vlan} [rx | tx | both] [multicast {enable | disable}] [filter vlans...] [create] set rspan destination {mod/port} {rspan_vlan} [inpkts {enable | disable}] [learning {enable | disable}] [create]
Syntax Description
disable source rspan_vlan all disable destination mod/port src_mod/src_ports... vlans... sc0 rx tx both
Keywords to disable remote SPAN source information. (Optional) Remote SPAN VLAN. (Optional) Keyword to disable all remote SPAN source or destination sessions. Keywords to disable remote SPAN destination information. (Optional) Remote SPAN destination port. Monitored ports (remote SPAN source). Monitored VLANs (remote SPAN source). Keyword to specify the inband port is a valid source. (Optional) Keyword to specify that information received at the source (ingress SPAN) is monitored. (Optional) Keyword to specify that information transmitted from the source (egress SPAN) is monitored. (Optional) Keyword to specify that information both transmitted from the source (ingress SPAN) and received (egress SPAN) at the source are monitored. (Optional) Keywords to enable monitoring multicast traffic (egress traffic only). (Optional) Keywords to disable monitoring multicast traffic (egress traffic only). (Optional) Keywords to monitor traffic on selected VLANs on source trunk ports. (Optional) Keyword to create a new remote SPAN session instead of overwriting the previous SPAN session. (Optional) Keywords to allow the remote SPAN destination port to receive normal ingress traffic (from the network to the bus) while forwarding the remote SPAN traffic.
2-355
(Optional) Keywords to disable the receiving of normal inbound traffic on the remote SPAN destination port. (Optional) Keywords to enable learning for the remote SPAN destination port. (Optional) Keywords to disable learning for the remote SPAN destination port.
Defaults
Remote SPAN is disabled. No VLAN filtering. Monitoring multicast traffic is enabled. Learning is enabled. inpkts is disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. The rspan_vlan variable is optional in the set rspan disable source command and required in the set rspan source and set rspan destination command set. After you enable SPAN, system defaults are used if no parameters were ever set. If you changed parameters, these are stored in NVRAM, and the new parameters are used. Use a network analyzer to monitor ports. Use the inpkts keyword with the enable option to allow the remote SPAN destination port to receive normal incoming traffic in addition to the traffic mirrored from the remote SPAN source. Use the disable option to prevent the remote SPAN destination port from receiving normal incoming traffic. You can specify an MSM port as the remote SPAN source port. However, you cannot specify an MSM port as the remote SPAN destination port. When you enable the inpkts option, a warning message notifies you that the destination port does not join STP and may cause loops if this option is enabled. If you do not specify the keyword create and you have only one session, the session will be overwritten. If a matching rspan_vlan or destination port exists, the particular session will be overwritten (with or without specifying create). If you specify the keyword create and there is no matching rspan_vlan or destination port, the session will be created. Each switch can source only one remote SPAN session (ingress, egress, or both). When you configure a remote ingress or bidirectional SPAN session in a source switch, the limit for local ingress or bidirectional SPAN session is reduced to one. There are no limits on the number of remote SPAN sessions carried across the network within the remote SPAN session limits.
2-356
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set rspan
You can configure any VLAN as a remote SPAN VLAN as long as these conditions are met:
The same remote SPAN VLAN is used for a remote SPAN session in the switches. All the participating switches have appropriate hardware and software. No unwanted access port is configured in the remote SPAN VLAN.
Examples
This example shows how to disable one source session to a specific VLAN:
Console> (enable) set rspan disable source 903 Disabled monitoring of all source(s) on the switch for rspan_vlan 903. Console> (enable)
This example shows how to disable one destination session to a specific port:
Console> (enable) set rspan disable destination 4/1 Disabled monitoring of remote span traffic on port 4/1. Console> (enable)
Related Commands
show rspan
2-357
Syntax Description
mod/ports...
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Configurations you make by entering this command are saved in NVRAM. This command does not require that you enter the commit command. The module and port specified in this command are added to the current ports configuration list. This command works with Ethernet ports only; you cannot set ATM ports. The ACL capture will not work unless the capture port is in the spanning tree forwarding state for the VLAN.
Examples
Related Commands
2-358
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set security acl ip
Syntax Description
acl_name permit deny src_ip_spec before editbuffer_index modify editbuffer_index redirect mod_num/port_num protocol
Unique name that identifies the lists to which the entry belongs. Keyword to allow traffic from the source IP address. Keyword to block traffic from the source IP address. Source IP address and the source mask. See the Usage Guidelines section for the format. (Optional) Keyword and variable to insert the new ACE in front of another ACE. (Optional) Keyword and variable to replace an ACE with the new ACE. Keyword to specify to which switched ports the packet is redirected. Number of the module and port. Keyword or number of an IP protocol; valid numbers are from 0 to 255 representing an IP protocol number. See the Usage Guidelines section for the list of valid keywords.
2-359
Destination IP address and the destination mask. See the Usage Guidelines section for the format. (Optional) Keyword and variable to specify the precedence level; valid values are from 0 to 7 or by name. See the Usage Guidelines section for a list of valid names. (Optional) Keyword and variable to specify the type of service level; valid values are from 0 to 15 or by name. See the Usage Guidelines section for a list of valid names. (Optional) Keyword to specify packets are switched normally and captured; permit must also be enabled. (Optional) Keyword or number to match any Internet Protocol packets. (Optional) Keyword or number to match ICMP packets. (Optional) ICMP message type name or a number; valid values are from 0 to 255. See the Usage Guidelines section for a list of valid names. (Optional) ICMP message code name or a number; valid values are from 0 to 255. See the Usage Guidelines section for a list of valid names. (Optional) ICMP message type name or ICMP message type and code name. See the Usage Guidelines section for a list of valid names. (Optional) Keyword or number to match IGMP packets. (Optional) IGMP message type or message name; valid message type numbers are from 0 to 15. See the Usage Guidelines section for a list of valid names and corresponding numbers. (Optional) Keyword or number to match TCP packets. (Optional) Operands; valid values include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range). (Optional) Number or name of a TCP or UDP port; valid port numbers are from 0 to 65535. See the Usage Guidelines section for a list of valid names. (Optional) Keyword to specify an established connection; used only for TCP protocol. (Optional) Keyword or number to match UDP packets.
icmp-code
icmp-message
igmp | 2 igmp-type
established udp | 17
Defaults
Command Types
Switch command.
Command Modes
Privileged.
2-360
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set security acl ip
Usage Guidelines
Configurations you make by entering this command are saved to NVRAM and hardware only after you enter the commit command. Enter ACEs in batches and then enter the commit command to save them in NVRAM and in the hardware. If you use the redirect keyword, the destination must be 255.255.255.255. If you use the capture keyword, the ports that capture the traffic and transmit out are specified by entering the set security acl capture-ports command. When you enter the ACL name, follow these naming conventions:
Maximum of 32 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.) Must start with an alpha character and must be unique across all ACLs of all types Case sensitive Cannot be a number Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
When you specify the source IP address and the source mask, use the form source_ip_address source_mask and follow these guidelines:
The source_mask is required; 0 indicates a care bit, 1 indicates a dont-care bit. Use a 32-bit quantity in four-part dotted-decimal format. Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255. Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
When you enter a destination IP address and the destination mask, use the form destination_ip_address destination_mask. The destination mask is required.
Use a 32-bit quantity in a four-part dotted-decimal format. Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255. Use host/source as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.
Valid names for precedence are critical, flash, flash-override, immediate, internet, network, priority, and routine. Valid names for tos are max-reliability, max-throughput, min-delay, min-monetary-cost, and normal. Valid protocol keywords include icmp (1), igmp (2), ip (0), ipinip (4), tcp (6), udp (17), igrp (9), eigrp (88), gre (47), nos (94), ospf (89), ahp (51), esp (50), pcp (108), and pim (103). The IP number is displayed in parentheses. Use the keyword ip to match any Internet Protocol. ICMP packets that are matched by ICMP message type can also be matched by the ICMP message code. Valid names for icmp_type and icmp_code are administratively-prohibited, alternate-address, conversion-error, dod-host-prohibited, dod-net-prohibited, echo, echo-reply, general-parameter-problem, host-isolated, host-precedence-unreachable, host-redirect, host-tos-redirect, host-tos-unreachable, host-unknown, host-unreachable, information-reply, information-request, mask-reply, mask-request, mobile-redirect, net-redirect, net-tos-redirect, net-tos-unreachable, net-unreachable, network-unknown, no-room-for-option, option-missing, packet-too-big, parameter-problem, port-unreachable, precedence-unreachable, protocol-unreachable,
2-361
reassembly-timeout, redirect, router-advertisement, router-solicitation, source-quench, source-route-failed, time-exceeded, timestamp-reply, timestamp-request, traceroute, ttl-exceeded, and unreachable. Valid names and corresponding numbers for igmp_message are dvmrp (3), host-query (1), host-report (2), pim (4), and trace (5). If the operator is positioned after the source and source-wildcard, it must match the source port. If the operator is positioned after the destination and destination-wildcard, it must match the destination port. The range operator requires two port numbers. All other operators require one port number. TCP port names can be used only when filtering TCP. Valid names for TCP ports are bgp, chargen, daytime, discard, domain, echo, finger, ftp, ftp-data, gopher, hostname, irc, klogin, kshell, lpd, nntp, pop2, pop3, smtp, sunrpc, syslog, tacacs-ds, talk, telnet, time, uucp, whois, and www. UDP port names can be used only when filtering UDP. Valid names for UDP ports are biff, bootpc, bootps, discard, dns, dnsix, echo, mobile-ip, nameserver, netbios-dgm, netbios-ns, ntp, rip, snmp, snmptrap, sunrpc, syslog, tacacs-ds, talk, tftp, time, who, and xdmcp. The number listed with the protocol type is the layer protocol number (for example, udp | 17). If no layer protocol number is entered, you can enter the following syntax: set security acl ip {acl_name} {permit | deny} {src_ip_spec} [before editbuffer_index | modify editbuffer_index] If a Layer 4 protocol is specified, you can enter the following syntax: set security acl ip {acl_name} {permit | deny | redirect mod_num/port_num} {protocol} {src_ip_spec} {dest_ip_spec} [precedence precedence] [tos tos] [capture] [before editbuffer_index | modify editbuffer_index] For IP, you can enter the following syntax: set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [ip | 0] {src_ip_spec} {dest_ip_spec} [precedence precedence] [tos tos] [capture] [before editbuffer_index | modify editbuffer_index] For ICMP, you can enter the following syntax: set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [icmp | 1] {src_ip_spec} {dest_ip_spec} [icmp_type] [icmp_code] | [icmp_message] [precedence precedence] [tos tos] [capture] [before editbuffer_index | modify editbuffer_index] For IGMP, you can use the following syntax: set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [igmp | 2] {src_ip_spec} {dest_ip_spec} [igmp_type] [precedence precedence] [tos tos] [capture] [before editbuffer_index | modify editbuffer_index] For TCP, you can use the following syntax: set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [tcp | 6] {src_ip_spec} [operator port [port]] {dest_ip_spec} [operator port [port]] [established] [precedence precedence] [tos tos] [capture] [before editbuffer_index | modify editbuffer_index]
2-362
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set security acl ip
For UDP, you can use the following syntax: set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [udp | 17] {src_ip_spec} [operator port [port]] {dest_ip_spec} [operator port [port]] [precedence precedence] [tos tos] [capture] [before editbuffer_index | modify editbuffer_index]
Examples
These examples show different ways to use the set security acl ip commands to configure IP security ACL:
Console> (enable) set security acl ip IPACL1 deny 1.2.3.4 0.0.0.0 IPACL1 editbuffer modified. Use commit command to apply changes. Console> (enable) Console> (enable) set security acl ip IPACL1 deny host 171.3.8.2 before 2 IPACL1 editbuffer modified. Use commit command to apply changes. Console> (enable) Console> (enable) set security acl ip IPACL1 permit any any IPACL1 editbuffer modified. Use commit command to apply changes. Console> (enable) Console> (enable) set security acl ip IPACL1 redirect 3/1 ip 3.7.1.2 0.0.0.255 host 255.255.255.255 precedence 1 tos min-delay IPACL1 editbuffer modified. Use commit command to apply changes. Console> (enable) Console> (enable) set security acl ip IPACL1 permit ip host 60.1.1.1 host 60.1.1.98 capture IPACL1 editbuffer modified. Use commit command to apply changes.
Related Commands
clear security acl clear security acl capture-ports clear security acl map commit show security acl show security acl capture-ports set security acl map set security acl capture-ports
2-363
Syntax Description
Unique name that identifies the list to which the entry belongs. Keyword to allow traffic from the specified source IPX address. Keyword to block traffic from the specified source IPX address. Keyword to redirect traffic from the specified source IPX address. Keyword or number of an IPX protocol; valid values are from 0 to 255 representing an IPX protocol number. See the Usage Guidelines section for a list of valid keywords amd corresponding numbers. Number of the network from which the packet is being sent. See the Usage Guidelines section for format guidelines. (Optional) Number of the network from which the packet is being sent. (Optional) Node on destination-network to which the packet is being sent. (Optional) Mask to be applied to the destination network. See the Usage Guidelines section for format guidelines. (Optional) Mask to be applied to the destination-node. See the Usage Guidelines section for format guidelines. (Optional) Keyword to specify packets are switched normally and captured. (Optional) Keyword and variable to insert the new ACE in front of another ACE. (Optional) Keyword and variable to replace an ACE with the new ACE.
src_net dest_net. .dest_node dest_net_mask. dest_node_mask capture before editbuffer_index modify editbuffer_index
Defaults
Command Types
Switch command.
Command Modes
Privileged.
2-364
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set security acl ipx
Usage Guidelines
Configurations you make by entering this command are saved to NVRAM and hardware only after you enter the commit command. Enter ACEs in batches and then enter the commit command to save all of them in NVRAM and in the hardware. If you use the capture keyword, the ports that capture the traffic and transmit out are specified by entering the set security acl capture-ports command. When you enter the ACL name, follow these naming conventions:
Maximum of 32 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.) Must start with an alpha character and must be unique across all ACLs of all types Case sensitive Cannot be a number Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
Valid protocol keywords include ncp (17), netbios (20), rip (1), sap (4), and spx (5). The src_net and dest_net variables are eight-digit hexadecimal numbers that uniquely identify network cable segments. When you specify the src_net or dest_net, use the following guidelines:
It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.
The .dest_node is a 48-bit value represented by a dotted triplet of 4-digit hexadecimal numbers (xxxx.xxxx.xxxx). The dest_net_mask is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask. The mask must be immediately followed by a period, which must in turn be immediately followed by the destination-node-mask. You can enter this value only when dest_node is specified. The dest_node_mask is a 48-bit value represented as a dotted triplet of 4-digit hexadecimal numbers (xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask. You can enter this value only when dest_node is specified. The dest_net_mask is an eight-digit hexadecimal number that uniquely identifies the network cable segment. It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all networks. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA. Following are dest_net_mask examples:
Examples
This example shows how to block traffic from a specified source IP address:
Console> (enable) set security acl ipx IPXACL1 deny 1.a IPXACL1 editbuffer modified. Use commit command to apply changes. Console> (enable)
2-365
Related Commands
clear security acl clear security acl capture-ports clear security acl map commit show security acl show security acl capture-ports set security acl map set security acl capture-ports
2-366
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set security acl mac
Syntax Description
Unique name that identifies the list to which the entry belongs. Keyword to allow traffic from the specified source MAC address. Keyword to block traffic from the specified source MAC address. Source MAC address and mask in the form source_mac_address source_mac_address_mask. Destination MAC address and mask. (Optional) Number or name that matches the ethertype for Ethernet-encapsulated packets; valid values are 0x0600, 0x0601, 0x0BAD, 0x0BAF, 0x6000-0x6009, 0x8038-0x8042, 0x809b, and 0x80f3. See the Usage Guidelines section for a list of valid names. (Optional) Keyword to specify packets are switched normally and captured.
capture
before editbuffer_index (Optional) Keyword and variable to insert the new ACE in front of another ACE. modify editbuffer_index (Optional) Keyword and variable to replace an ACE with the new ACE.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Configurations you make by entering this command are saved to NVRAM and hardware only after you enter the commit command. Enter ACEs in batches and then enter the commit command to save all of them in NVRAM and in the hardware. If you use the capture keyword, the ports that capture the traffic and transmit out are specified by entering the set security acl capture-ports command. When you enter the ACL name, follow these naming conventions:
Maximum of 32 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.) Must start with an alpha character and must be unique across all ACLs of all types
2-367
Case sensitive Cannot be a number Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
The src_mac_addr_spec is a 48-bit source MAC address and mask and entered in the form of source_mac_address source_mac_address_mask (for example, 08-11-22-33-44-55 ff-ff-ff-ff-ff-ff). Place ones in the bit positions you want to mask. When you specify the src_mac_addr_spec, follow these guidelines:
The source_mask is required; 0 indicates a care bit, 1 indicates a dont care bit. Use a 32-bit quantity in four-part dotted-decimal format. Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255. Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
The dest_mac_spec is a 48-bit destination MAC address and mask and entered in the form of dest_mac_address dest_mac_address_mask (for example, 08-00-00-00-02-00/ff-ff-ff-00-00-00). Place ones in the bit positions you want to mask. The destination mask is mandatory. When you specify the dest_mac_spec, use the following guidelines:
Use a 48-bit quantity in 6-part dotted-hexadecimal format for source address and mask. Use the keyword any as an abbreviation for a source and source-wildcard of 0-0-0-0-0-0-0 ff-ff-ff-ff-ff-ff. Use host source as an abbreviation for a destination and destination-wildcard of destination 0-0-0-0-0-0.
Valid names for Ethertypes (and corresponding numbers) are Ethertalk (0x809B), AARP (0x8053), dec-mop-dump (0x6001), dec-mop-remote-console (0x6002), dec-phase-iv (0x6003), dec-lat (0x6004), dec-diagnostic-protocol (0x6005), dec-lavc-sca (0x6007), dec-amber (0x6008), dec-mumps (0x6009), dec-lanbridge (0x8038), dec-dsm (0x8039), dec-netbios (0x8040), dec-msdos (0x8041), banyan-vines-echo (0x0baf), xerox-ns-idp (0x0600), and xerox-address-translation (0x0601). Use the show security acl command to display the list.
Examples
Related Commands
clear security acl clear security acl capture-ports clear security acl map commit show security acl show security acl capture-ports set security acl map set security acl capture-ports
2-368
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set security acl map
Syntax Description
acl_name vlan
Unique name that identifies the list to which the entry belongs. Number of the VLAN to be mapped to the VACL.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Configurations you make by entering this command are saved in NVRAM. This command does not require that you enter the commit command. Each VLAN can be mapped to only one ACL of each type (IP, IPX, and MAC). An ACL can be mapped to a VLAN only after you have committed the ACL. When you enter the ACL name, follow these naming conventions:
Maximum of 32 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.) Must start with an alpha character and must be unique across all ACLs of all types Case sensitive Cannot be a number Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
Caution
Use the copy command to save the ACL configuration to Flash memory.
Examples
This example shows the output if you try to map an ACL that has not been committed:
Console> (enable) set security acl map IPACL1 1 Commit ACL IPACL1 before mapping. Console> (enable)
2-369
This example shows the output if you try to map an ACL that is already mapped to a VLAN for the ACL type (IP, IPX, or MAC):
Console> (enable) set security acl map IPACL2 1 Mapping for this type already exists for this VLAN. Console> (enable)
Related Commands
clear security acl clear security acl map commit show security acl
2-370
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set snmp access
Syntax Description
-hex groupname security-model v1 | v2c read readview write writeview notify notifyview v3 noauthentication authentication privacy volatile nonvolatile
(Optional) Keyword to display the groupname, readview, writeview, and notifyview in a hexadecimal format. Name of the SNMP group. Keywords to specify security-model v1 or v2c. (Optional) Keyword and variable to specify the name of the view that allows you to see the MIB objects. (Optional) Keyword and variable to specify the name of the view that allows you to configure the contents of the agent. (Optional) Keyword and variable to specify the name of the view that allows you to send a trap about MIB objects. Keyword to specify security model v3. Keyword to specify security model is not set to use authentication protocol. Keyword to specify the type of authentication protocol. Keyword to specify that the messages sent on behalf of the user are protected from disclosure. (Optional) Keyword to specify that the storage type is defined as temporary memory and the content is deleted if the device is turned off. (Optional) Keyword to specify that the storage type is defined as persistent memory and the content remains after the device is turned off and on again.
Defaults
storage type is nonvolatile. read readview is Internet OID space. write writeview is NULL OID. notify notifyview is NULL OID.
Command Types
Switch command.
2-371
Command Modes
Privileged.
Usage Guidelines
If you use special characters for groupname, readview, writeview, and notifyview (nonprintable delimiters for these parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34. readview is assumed to be every object belonging to the Internet (1.3.6.1) OID space; you can use the read option to override this state. For writeview, you must also configure write access. For notifyview, if a view is specified, any notifications in that view are sent to all users associated with the group (an SNMP server host configuration must exist for the user).
Examples
This example shows how to set the SNMP access rights for a group:
Console> (enable) set snmp access cisco-group security-model v3 authentication SNMP access group was set to cisco-group version v3 level authentication, readview internet, nonvolatile. Console> (enable)
Related Commands
2-372
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set snmp community
Syntax Description
Keyword to assign read-only access to the specified SNMP community. Keyword to assign read-write access to the specified SNMP community. Keyword to assign read-write access to the specified SNMP community. (Optional) Name of the SNMP community.
Defaults
The default is the following communities and access types are defined:
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. There are three configurable SNMP communities, one for each access type. If you do not specify the community string, the community string configured for that access type is cleared. To support the access types, you also need to configure four MIB tables: vacmContextTable, vacmSecurityToGroupTable, vacmAccessTable, and vacmViewTreeFamilyTable. Use the clear config snmp command to reset these tables to the default values.
Examples
This example shows how to set read-write access to the SNMP community called yappledapple:
Console> (enable) set snmp community read-write yappledapple SNMP read-write community string set to yappledapple. Console> (enable)
This example shows how to clear the community string defined for read-only access:
Console> (enable) set snmp community read-only SNMP read-only community string cleared. Console> (enable)
Related Commands
2-373
Syntax Description
Keyword to enable the extended RMON support. Keyword to disable the extended RMON support. Module number of the extended RMON NAM.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows the response when the SNMP-extended RMON NetFlow feature is not supported:
Console> (enable) set snmp extendedrmon enable 4 NAM card is not installed. Console> (enable)
Related Commands
2-374
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set snmp group
Syntax Description
(Optional) Keyword to display the groupname and username in a hexadecimal format. Name of the SNMP group that defines an access control; the maximum length is 32 bytes. Keyword to specify the SNMP group user name. Name of the SNMP user that belongs to the SNMP group; the maximum length is 32 bytes. Keywords to specify security-model v1, v2c, or v3. (Optional) Keyword to specify that the storage type is defined as temporary memory and the content is deleted if the device is turned off. (Optional) Keyword to specify that the storage type is defined as persistent memory and the content remains after the device is turned off and on again.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for groupname or username (nonprintable delimiters for these parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.
Examples
Related Commands
2-375
Syntax Description
(Optional) Keyword to display the notifyname and notifytag in a hexadecimal format. Identifier to index the snmpNotifyTable. Keyword to specify the tag name in the taglist. Name of entries in the snmpTargetAddrTable. (Optional) Keyword to specify all messages that contain snmpv2-Trap PDUs. (Optional) Keyword to specify all messages that contain InfoRequest PDUs. (Optional) Keyword to specify that the storage type is defined as temporary memory and the content is deleted if the device is turned off. (Optional) Keyword to specify that the storage type is defined as persistent memory and the content remains after the device is turned off and on again.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the notifyname and notifytag (nonprintable delimiters for these parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.
Examples
This example shows how to set the SNMP notify for a specific notifyname:
Console> (enable) set snmp notify hello tag world inform SNMP notify name was set to hello with tag world notifyType inform, and storageType nonvolatile. Console> (enable)
2-376
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set snmp notify
Related Commands
2-377
Syntax Description
enable disable
Keyword to activate SNMP RMON support. Keyword to deactivate SNMP RMON support.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. RMON statistics are collected on a segment basis. The RMON feature deinstalls all of the domains for all of the interfaces on an Ethernet module that has been removed from the system. When you enable RMON, the supported RMON groups for Ethernet ports are Statistics, History, Alarms, and Events as specified in RFC 1757. Use of this command requires a separate software license.
Examples
Related Commands
2-378
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set snmp targetaddr
Syntax Description
(Optional) Keyword to display addrname, paramsname, tagvalue, and tag in a hexadecimal format. Unique identifier to index the snmpTargetAddrTable; the maximum length is 32 bytes. Keyword to specify an entry in the snmpTargetParamsTable that provides parameters to be used when generating a message to the target; the maximum length is 32 bytes. Entry in the snmpTargetParamsTable; the maximum length is 32 bytes. IP address of the target. (Optional) Keyword and variable to specify which UDP port of the target host to use. (Optional) Keyword and variable to specify the number of timeouts. (Optional) Keyword and variable to specify the number of retries. (Optional) Keyword to specify that the storage type is defined as temporary memory and the content is deleted if the device is turned off. (Optional) Keyword to specify that the storage type is defined as persistent memory and the content remains after the device is turned off and on again. (Optional) Keyword and variable to specify a tag name in the taglist. (Optional) Keyword and variable to specify the tag name.
nonvolatile
Defaults
storage type is nonvolatile. udpport is 162. timeout is 1500. retries is 3. taglist is NULL.
Command Types
Switch command.
Command Modes
Privileged.
2-379
Usage Guidelines
If you use special characters for the addrname, paramsname, tag, and tagvalue (nonprintable delimiters for these parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34. The maximum tagvalue and taglist length is 255 bytes.
Examples
This example shows how to set the target address in the snmpTargetAddressTable:
Console> (enable) set snmp targetaddr foo param bar 10.1.2.4 udp 160 timeout 10 retries 3 taglist tag1 tag2 tag3 SNMP targetaddr name was set to foo with param bar ipAddr 10.1.2.4, udpport 160, timeout 10, retries 3, storageType nonvolatile with taglist tag1 tag2 tag3. Console> (enable)
Related Commands
2-380
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set snmp targetparams
Syntax Description
(Optional) Keyword to display the paramsname and username in a hexadecimal format. Name of the parameter in the snmpTargetParamsTable; the maximum length is 32 bytes. Keyword to specify the SNMP group username. Name of the SNMP user that belongs to the SNMP group; the maximum length is 32 bytes. Keywords to specify security-model v1 or v2c.
message-processing Keywords to specify the version number used by the message processing model. v1 | v2c | v3 security-model v3 Keyword to specify security-model v3. message-processing Keywords to specify v3 is used by the message-processing model. v3 noauthentication authentication privacy volatile nonvolatile Keyword to specify security model is not set to use authentication protocol. Keyword to specify the type of authentication protocol. Keyword to specify the messages sent on behalf of the user are protected from disclosure. (Optional) Keyword to specify that the storage type is defined as temporary memory and the content is deleted if the device is turned off. (Optional) Keyword to specify that the storage type is defined as persistent memory and the content remains after the device is turned off and on again.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
2-381
Usage Guidelines
If you use special characters for the paramsname and username (nonprintable delimiters for these parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34.
Examples
Related Commands
2-382
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set snmp trap
Syntax Description
enable disable all auth bridge chassis config entity ippermit module stpx syslog vmps vtp rcvr_addr rcvr_community
Keyword to enable SNMP traps. Keyword to disable SNMP traps. (Optional) Keyword to specify all trap types and all port traps. See the Usage Guidelines section before using this option. (Optional) Keyword to specify the authenticationFailure trap from RFC 1157. (Optional) Keyword to specify the newRoot and topologyChange traps from RFC 1493 (the BRIDGE-MIB). (Optional) Keyword to specify the chassisAlarmOn and chassisAlarmOff traps from the CISCO-STACK-MIB. (Optional) Keyword to specify the sysConfigChange trap from the CISCO-STACK-MIB. (Optional) Keyword to specify the entityMIB trap from the ENTITY-MIB. (Optional) Keyword to specify the IP Permit Denied access from the CISCO-STACK-MIB. (Optional) Keyword to specify the moduleUp and moduleDown traps from the CISCO-STACK-MIB. (Optional) Keyword to specify the STPX trap. (Optional) Keyword to specify the syslog notification traps. (Optional) Keyword to specify the vmVmpsChange trap from the CISCO-VLAN-MEMBERSHIP-MIB. (Optional) Keyword to specify the VTP from the CISCO-VTP-MIB. IP address or IP alias of the system to receive SNMP traps. Community string to use when sending authentication traps.
Defaults
Command Types
Switch command.
2-383
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. An IP permit trap is sent when unauthorized access based on the IP permit list is attempted. Use the show snmp command to verify the appropriate traps were configured. To use this command, you must configure all notification tables: snmpTargetAddrTable, snmpTargetParamsTable, and snmpNotifyTable. Use the all option to enable or disable all trap types and all port traps. Use the set port trap command to enable or disable a single port or a range of ports.
Examples
This example shows how to add an entry in the SNMP trap receiver table:
Console> (enable) set snmp trap 192.122.173.42 public SNMP trap receiver added. Console> (enable)
Related Commands
show snmp test snmp trap clear snmp trap set port trap
2-384
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set snmp user
Syntax Description
-hex username remote engineid authentication md5 sha authpassword privacy privpassword volatile
(Optional) Keyword to display username in a hexadecimal format. Name of the SNMP user. Keyword and variable to specify the remote SNMP engine ID. (Optional) Keyword to specify the authentication protocol. Keyword to specify HMAC-MD5-96 authentication protocol. Keyword to specify HMAC-SHA-96 authentication protocol. Password for authentication. (Optional) Keyword and variable to enable the host to encrypt the contents of the message sent to or from the agent; the maximum length is 32 bytes. (Optional) Keyword to specify that the storage type is defined as temporary memory and the content is deleted if the device is turned off. (Optional) Keyword to specify that the storage type is defined as persistent memory and the content remains after the device is turned off and on again.
nonvolatile
Defaults
The default storage type is volatile. If you do not specify authentication, the security level default will be noauthentication. If you do not specify privacy, the default will be no privacy.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for username (nonprintable delimiters for this parameter), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34. authpassword and privpassword must be hexadecimal characters without delimiters in between.
2-385
Examples
This example shows how to set a specific username, authentication, and authpassword:
Console> (enable) set snmp user John authentication md5 arizona2 Snmp user was set to John authProt md5 authPasswd arizona2. privProt no-priv wi. Console> (enable)
Related Commands
2-386
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set snmp view
Syntax Description
(Optional) Keyword to display the viewname in a hexadecimal format. Name of a MIB view. MIB subtree. (Optional) Keyword to specify that the bit mask is used with the subtree. A bit mask can be all ones, all zeros, or any combination; the maximum length is 3 bytes. (Optional) Keywords to specify that the MIB subtree is included or excluded. (Optional) Keyword to specify that the storage type is defined as temporary memory and the content is deleted if the device is turned off. (Optional) Keyword to specify that the storage type is defined as persistent memory and the content remains after the device is turned off and on again.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for viewname (nonprintable delimiters for this parameter), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34. A MIB subtree with a mask defines a view subtree. The MIB subtree can be in OID format or a text name mapped to a valid OID.
2-387
Examples
Related Commands
2-388
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set span
set span
Use the set span command set to configure and display SPAN. set span disable [dest_mod/dest_port | all] set span {src_mod/src_ports | src_vlans | sc0} {dest_mod/dest_port} [rx | tx | both] [inpkts {enable | disable}] [learning {enable | disable}] [multicast {enable | disable}] [filter vlans...] [create]
Syntax Description
disable dest_mod dest_port all src_mod src_ports src_vlans sc0 rx tx both inpkts enable inpkts disable learning enable learning disable multicast enable multicast disable filter vlans create
Keyword to disable SPAN. (Optional) Monitoring module (SPAN destination). (Optional) Monitoring port (SPAN destination). (Optional) Keyword to disable all SPAN sessions. Monitored module (SPAN source). Monitored ports (SPAN source). Monitored VLANs (SPAN source). Keyword to specify the inband port is a valid source. (Optional) Keyword to specify that information received at the source (ingress SPAN) is monitored. (Optional) Keyword to specify that information transmitted from the source (egress SPAN) is monitored. (Optional) Keyword to specify that information both transmitted from the source (ingress SPAN) and received (egress SPAN) at the source are monitored. (Optional) Keywords to enable the receiving of normal inbound traffic on the SPAN destination port. (Optional) Keywords to disable the receiving of normal inbound traffic on the SPAN destination port. (Optional) Keywords to enable learning for the SPAN destination port. (Optional) Keywords to disable learning for the SPAN destination port. (Optional) Keywords to enable monitoring multicast traffic (egress traffic only). (Optional) Keywords to disable monitoring multicast traffic (egress traffic only). (Optional) Keyword and variable to monitor traffic on selected VLANs on source trunk ports. (Optional) Keyword to create a SPAN port.
Defaults
The default is SPAN is disabled, no VLAN filtering is enabled, multicast is enabled, input packets are disabled, and learning is enabled.
Command Types
Switch command.
Command Modes
Privileged.
2-389
Usage Guidelines
After you enable SPAN, system defaults are used if no parameters were ever set. If you changed parameters, the old parameters are stored in NVRAM, and the new parameters are used. Use a network analyzer to monitor ports. If you specify multiple SPAN source ports, the ports can belong to different VLANs. A maximum of two rx or both SPAN sessions and four tx SPAN sessions can exist simultaneously. If you use a remote SPAN station, the maximum number of rx or both SPAN sessions is one. Use the inpkts keyword with the enable option to allow the SPAN destination port to receive normal incoming traffic in addition to the traffic mirrored from the SPAN source. Use the disable option to prevent the SPAN destination port from receiving normal incoming traffic. You can specify an MSM port as the SPAN source port. However, you cannot specify an MSM port as the SPAN destination port. When you enable the inpkts option, a warning message notifies you that the destination port does not join STP and may cause loops if this option is enabled. When you configure multiple SPAN sessions, the destination module number/port number must be known to index the particular SPAN session. If you do not specify the keyword create and you have only one session, the session will be overwritten. If a matching destination port exists, the particular session will be overwritten (with or without specifying create). If you specify the keyword create and there is no matching destination port, the session will be created.
Examples
This example shows how to configure SPAN so that both transmit and receive traffic from port 1/1 (the SPAN source) is mirrored on port 2/1 (the SPAN destination):
Console> (enable) set span 1/1 2/1 Enabled monitoring of Port 1/1 transmit/receive traffic by Port 2/1 Console> (enable)
This example shows how to set VLAN 522 as the SPAN source and port 2/1 as the SPAN destination:
Console> (enable) set span 522 2/1 Enabled monitoring of VLAN 522 transmit/receive traffic by Port 2/1 Console> (enable)
This example shows how to set VLAN 522 as the SPAN source and port 3/12 as the SPAN destination. Only transmit traffic is monitored. Normal incoming packets on the SPAN destination port are allowed.
Console> (enable) set span 522 2/12 tx inpkts enable SPAN destination port incoming packets enabled. Enabled monitoring of VLAN 522 transmit traffic by Port 2/12 Console> (enable)
This example shows how to set port 3/2 as the SPAN source and port 2/2 as the SPAN destination:
Console> (enable) set span 3/2 2/2 tx create Enabled monitoring of port 3/2 transmit traffic by Port 2/1 Console> (enable)
This example shows what happens if you try to enter the set span disable command (without the destination module number/port number defined) and multiple SPAN sessions are defined:
Console> (enable) set span disable Multiple active span sessions. Please specify span destination to disable. Console> (enable)
2-390
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set span
Related Commands
2-391
Syntax Description
enable disable
Keyword to enable Backbone Fast Convergence. Keyword to disable Backbone Fast Convergence.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. For Backbone Fast Convergence to work, you must enable it on all switches in the network.
Examples
Related Commands
show spantree
2-392
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set spantree disable
Syntax Description
vlan all
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows how to disable the spanning tree algorithm for VLAN 1:
Console> (enable) set spantree disable 1 VLAN 1 bridge spanning tree disabled. Console> (enable)
Related Commands
2-393
Syntax Description
vlan all
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows how to activate the spanning tree algorithm for VLAN 1:
Console> (enable) set spantree enable 1 VLAN 1 bridge spanning tree enabled. Console> (enable)
Related Commands
2-394
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set spantree fwddelay
Syntax Description
delay vlan
Number of seconds for the bridge forward delay; valid values are from 4 to 30 seconds. (Optional) Number of the VLAN.
Defaults
The default is the bridge forward delay is set to 15 seconds for all VLANs.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Usage Guidelines
Examples
This example shows how to set the bridge forward delay for VLAN 100 to 16 seconds:
Console> (enable) set spantree fwddelay 16 100 Spantree 100 forward delay set to 16 seconds. Console> (enable)
Related Commands
show spantree
2-395
Syntax Description
interval
Number of seconds the system waits before sending a bridge hello message (a multicast message indicating that the system is active); valid values are from 1 to 10 seconds. (Optional) Number of the VLAN.
vlan
Defaults
The default is the bridge hello time is set to 2 seconds for all VLANs.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Usage Guidelines
Examples
This example shows how to set the spantree hello time for VLAN 100 to 3 seconds:
Console> (enable) set spantree hello 3 100 Spantree 100 hello time set to 3 seconds. Console> (enable)
Related Commands
show spantree
2-396
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set spantree maxage
Syntax Description
agingtime
Maximum number of seconds that the system retains the information received from other bridges through Spanning Tree Protocol; valid values are from 6 to 40 seconds. (Optional) Number of the VLAN.
vlan
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Usage Guidelines
Examples
This example shows how to set the maximum aging time for VLAN 1000 to 25 seconds:
Console> (enable) set spantree maxage 25 1000 Spantree 1000 max aging time set to 25 seconds. Console> (enable)
Related Commands
show spantree
2-397
Syntax Description
mod/port cost
Number of the module and the port on the module. Number of the path cost; valid values are from 0 to 65535, where 0 is low cost and 65535 is high cost.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. The Spanning Tree Protocol uses port path costs to determine which port to select as a forwarding port. You should assign lower numbers to ports attached to faster media (such as full duplex) and higher numbers to ports attached to slower media. This example shows how to set the port cost for port 12 on module 2 to 19:
Console> (enable) set spantree portcost 2/12 19 Spantree port 2/12 path cost set to 19. Console> (enable)
Related Commands
show spantree
2-398
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set spantree portfast
Syntax Description
Number of the module and the port on the module. Keyword to enable the spanning tree port fast-start feature on the port. Keyword to disable the spanning tree port fast-start feature on the port.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. When a port configured with the spantree portfast enable command is connected, the port immediately enters the spanning tree forwarding state rather than going through the normal spanning tree states such as listening and learning. Use this command on ports that are connected to a single workstation or PC only; do not use it on ports that are connected to networking devices such as hubs, routers, switches, bridges, or concentrators.
Examples
This example shows how to enable the spanning tree port fast-start feature on port 2 on module 1:
Console> (enable) set spantree portfast 1/2 enable Warning: Spantree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can cause temporary spanning tree loops. Use with caution. Spantree port 1/2 fast start enabled. Console> (enable)
Related Commands
show spantree
2-399
Syntax Description
enable disable
Keyword to enable the spanning tree PortFast BPDU guard. Keyword to disable the spanning tree PortFast BPDU guard.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. When you enable PortFast BPDU guard, a nontrunking PortFast-enabled port is moved into an errdisable state when a BPDU is received on that port. When you disable a PortFast BPDU guard, a PortFast enabled nontrunking port will stay up when it receives BPDUs, which may cause spanning tree loops.
Examples
This example shows how to enable the spanning tree PortFast BPDU guard:
Console> (enable) set spantree portfast bpdu-guard enable Spantree portfast bpdu-guard enabled on this switch. Console> (enable)
This example shows how to disable the spanning tree PortFast BPDU guard:
Console> (enable) set spantree portfast bpdu-guard disable Spantree portfast bpdu-guard disabled on this switch. Console> (enable)
Related Commands
2-400
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set spantree portpri
Syntax Description
Number of the module and the port on the module. Keyword to specify the number of the TrCRF for which you are setting the bridge priority. (Optional) Number that represents the cost of a link in a spanning tree bridge; valid values are from 0 to 63, with 0 indicating high priority and 63, low priority. (Optional) Number that represents the cost of the TrCRF; valid values are from 0 to 7, with 0 indicating high priority and 7, low priority.
trcrf_priority
Defaults
The default is all ports with bridge priority are set to 32.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows how to set the priority of port 1 on module 4 to 63:
Console> (enable) set spantree portpri 4/1 63 Bridge port 4/1 priority set to 63. Console> (enable)
Related Commands
show spantree
2-401
Syntax Description
trcrf
Number of the TrCRF for which you are manually setting the state.
block | Keywords to set the TrCRF to a blocked state (block), forwarding state forward | auto (forward), or to have the Spanning Tree Protocol determine the correct state automatically (auto). trbrf (Optional) Number of the parent TrBRF.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. Use this command only to set the port state when the TrCRF is in SRT mode and the TrBRF is running the IBM Spanning Tree Protocol, or the TrCRF is in SRB mode and the TrBRF is running the IEEE Spanning Tree Protocol. When you enable Spanning Tree Protocol, every switch in the network goes through the blocking state and the transitory states of listening and learning at power up. If properly configured, the ports then stabilize to the forwarding or blocking state. However, with TrBRFs and TrCRFs, there are two exceptions to this rule that require you to set the state of the logical ports of a TrBRF manually:
The TrBRF is running the IBM Spanning Tree Protocol, and the TrCRF is in SRT mode. The TrBRF is running the IEEE Spanning Tree Protocol, and the TrCRF is in SRB mode.
If either condition exists, use the set spantree portstate command to set the state of a TrCRF manually to blocked or forwarding mode or set the Spanning Tree Protocol to determine the correct state automatically.
Examples
This example shows the manual setting of TrCRF 900 to a forwarding state:
Console> (enable) set spantree portstate 900 forward reserve_nvram : requested by block = 0 reserve_nvram : granted to block = 0 release_nvram : releasing block = 0 Console> (enable)
Related Commands
show spantree
2-402
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set spantree portvlancost
Syntax Description
Number of the module and the port on the module. (Optional) Keyword to indicate the path cost. The portvlancost applies only to trunk ports. (Optional) If you do not list a VLAN explicitly, the VLANs listed in prior invocations of this command are affected. If no cost is listed explicitly, and previous cost values are specified in prior invocations, then the portvlancost is set to 1 less than the current port cost for a port. However, this may not assure load balancing in all cases.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Follow these guidelines when you set the path cost for VLANs on a port:
The cost value specified is used as the path cost of the port for the specified set of VLANs. The rest of the VLANs have a path cost equal to the port path cost set through the set spantree portcost command. If not set, the value is the default path cost of the port. You must supply a vlan_list argument when you first set the cost value. When you subsequently set a new cost value, all cost values previously set by entering this command are changed to the new cost value. If you have never explicitly set a cost value for a VLAN by entering this command, the cost value for the VLAN does not change. If you do not explicitly specify a cost value but cost values were specified previously, the port VLAN cost is set to 1 less than the current port cost for a port. However, this reduction might not assure load balancing in all cases. When setting the path cost for extended-range VLANs, you can create a maximum of 64 nondefault entries or create entries until NVRAM is full.
2-403
Examples
These examples show various ways to use the set spantree portvlancost command:
Console> (enable) set spantree portvlancost 2/10 cost 25 1-20 Cannot set portvlancost to a higher value than the port cost, 10, for port 2/10. Console> (enable) Console> (enable) set spantree portvlancost 2/10 1-20 Port 2/10 VLANs 1-20 have a path cost of 9. Console> (enable) Console> (enable) set spantree portvlancost 2/10 cost 4 1-20 Port 2/10 VLANs 1-20 have path cost 4. Port 2/10 VLANs 21-1000 have path cost 10. Console> (enable) Console> (enable) set spantree portvlancost 2/10 cost 6 21 Port 2/10 VLANs 1-21 have path cost 6. Port 2/10 VLANs 22-1000 have path cost 10. Console> (enable)
These examples show how to use the set spantree portvlancost command without explicitly specifying cost:
Console> (enable) set spantree portvlancost 1/2 Port 1/2 VLANs 1-1005 have path cost 3100. Console> (enable) Console> Port 1/2 Port 1/2 Console> (enable) set spantree portvlancost 1/2 21 VLANs 1-20,22-1005 have path cost 3100. VLANs 21 have path cost 3099. (enable)
Related Commands
show spantree
2-404
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set spantree portvlanpri
Syntax Description
mod/port priority
Number of the module and the port on the module. Number that represents the cost of a link in a spanning tree bridge. The priority level is from 0 to 63, with 0 indicating high priority and 63 indicating low priority. (Optional) VLANs that use the specified priority level.
vlans
Defaults
The default is the port VLAN priority is set to 0, with no VLANs specified.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. Use this command to add VLANs to a specified port priority level. Subsequent calls to this command do not replace VLANs that are already set at a specified port priority level. This feature is not supported for the MSM. The set spantree portvlanpri command applies only to trunk ports. If you enter this command, you see this message:
Port xx is not a trunk-capable port
Examples
This example shows how to set the port priority for module 1, port 2, on VLANs 21 to 40:
Console> Port 1/2 Port 1/2 Console> (enable) set spantree portvlanpri 1/2 16 21-40 vlans 3,6-20,41-1000 using portpri 32 vlans 1-2,4-5,21-40 using portpri 16 (enable)
Related Commands
2-405
Syntax Description
bridge_priority
Number representing the priority of the bridge. The priority level is from 0 to 65535, with 0 indicating high priority and 65535, low priority. (Optional) Number of the VLAN. If you do not specify a VLAN number, VLAN 1 is used.
vlan
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. This feature is not supported for the MSM.
Examples
This example shows how to set the bridge priority of VLAN 1 to 4096:
Console> (enable) set spantree priority 4096 VLAN 1 bridge priority set to 4096. Console> (enable)
Related Commands
show spantree
2-406
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set spantree root
Syntax Description
secondary vlan_list
(Optional) Keyword to designate this switch as a secondary root, should the primary root fail. (Optional) Number of the VLAN.
dia network_diameter (Optional) Keyword to specify the maximum number of bridges between any two points of attachment of end stations; valid values are from 1 through 7. hello hello_time (Optional) Keyword to specify in seconds, the duration between the generation of configuration messages by the root switch.
Defaults
If you do not specify the secondary keyword, the default is to make the switch the primary root. The default value of the network diameter is 7. If you do not specify the hello_time, the current value of hello_time from the NVRAM is used.
Usage Guidelines
If you do not specify a VLAN number, VLAN 1 is assumed. This command is not supported by the NAM. This command is run on backbone or distribution switches. You can run the secondary root many times to create backup switches in case of a root failure. The secondary command reduces the bridge priority value to 16384. This command increases path costs to a value greater than 3000.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to use the set spantree root command:
Console> (enable) VLANs 1-10 bridge VLANs 1-10 bridge VLANs 1-10 bridge VLANs 1-10 bridge Switch is now the Console> (enable) set spantree root 1-10 dia 4 priority set to 8192 max aging time set to 14 seconds. hello time set to 2 seconds. forward delay set to 9 seconds. root switch for active VLANs 1-6.
2-407
These examples show that setting the bridge priority to 8192 was not sufficient to make this switch the root. So, the priority was further reduced to 7192 (100 less than the current root switch) to make this switch the root switch. However, reducing it to this value did not make it the root switch for active VLANs 16 and 17.
Console> (enable) set spantree root 11-20. VLANs 11-20 bridge priority set to 7192 VLANs 11-10 bridge max aging time set to 20 seconds. VLANs 1-10 bridge hello time set to 2 seconds. VLANs 1-10 bridge forward delay set to 13 seconds. Switch is now the root switch for active VLANs 11-15,18-20. Switch could not become root switch for active VLAN 16-17. Console> (enable) Console> (enable) set spantree root secondary 22,24 dia 5 hello 1 VLANs 22,24 bridge priority set to 16384. VLANs 22,24 bridge max aging time set to 10 seconds. VLANs 22,24 bridge hello time set to 1 second. VLANs 22,24 bridge forward delay set to 7 seconds. Console> (enable)
Related Commands
show spantree
2-408
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set spantree uplinkfast
Syntax Description
Keyword to enable fast switchover. Keyword to disable fast switchover. (Optional) Keyword to specify the number of multicast packets transmitted per 100 ms when an alternate port is chosen after the root port goes down. (Optional) Number of multicast packets transmitted per 100 ms when an alternate port is chosen after the root port goes down. (Optional) Keyword to specify whether or not to generate multicast packets for all protocols (IP, IPX, AppleTalk, and Layer 2 packets). (Optional) Keyword to turn off the all-protocols feature. (Optional) Keyword to turn on the all-protocols feature.
station_update_rate all-protocols
off on
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. The set spantree uplinkfast enable command has the following results:
Changes the bridge priority to 49152 for all VLANs (allowed VLANs). Increases the path cost and portvlancost of all ports to a value greater than 3000. On detecting the failure of a root port, an instant cutover occurs to an alternate port selected by Spanning Tree Protocol.
If you run set spantree uplinkfast enable on a switch that has this feature already enabled, only the station update rate is updated. The rest of the parameters are not modified. If you run set spantree uplinkfast disable on a switch, the UplinkFast feature is disabled but the switch priority and port cost values are not reset to the factory-set defaults. To reset the values to the factory-set defaults, enter the clear spantree uplinkfast command. The default station_update_rate value is 15 packets per 100 ms, which is equivalent to a 1 percent load on a 10-Mbps Ethernet. If you specify this value as 0, the generation of these packets is turned off.
2-409
You do not have to turn on the all-protocols feature on Catalyst 6000 family switches that have both the UplinkFast and protocol filtering features enabled. Use the all-protocols feature only on Catalyst 6000 family switches that have UplinkFast enabled but do not have protocol filtering; upstream switches in the network use protocol filtering. You must enter the all-protocols option to inform the UplinkFast task whether or not to generate multicast packets for all protocols.
Examples
This example shows how to enable spantree UplinkFast and specify the number of multicast packets transmitted to 40 packets per 100 ms:
Console> (enable) set spantree uplinkfast enable rate 40 VLANs 1-1000 bridge priority set to 49152. The port cost and portvlancost of all ports increased to above 3000. Station update rate set to 40 packets/100ms. uplinkfast turned on for bridge. Console> (enable)
Related Commands
show spantree
2-410
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands set summertime
set summertime
Use the set summertime command to specify whether the system should set the clock ahead one hour during daylight saving time. set summertime {enable | disable} [zone] set summertime recurring [{week} {day} {month} {hh:mm} {week | day | month | hh:mm} [offset]] set summertime date {month} {date} {year} {hh:mm}{month | date | year | hh:mm} [offset]
Syntax Description
enable disable zone recurring week day month hh:mm offset date year
Keyword to cause the system to set the clock ahead one hour during daylight saving time. Keyword to prevent the system from setting the clock ahead one hour during daylight saving time. (Optional) Time zone used by the set summertime command. Keyword to specify the summertime dates which recur every year. Week of the month (first, second, third, fourth, last, 1...5). Day of the week (Sunday, Monday, Tuesday, and so forth). Month of the year (January, February, March, and so forth). Hours and minutes. (Optional) Amount of offset in minutes (1 to 1440 minutes). Day of the month (1 to 31). Number of the year (1993 to 2035).
Defaults
By default, the set summertime command is disabled. Once enabled, the default for offset is 60 minutes, following U.S. standards.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
After you enter the clear config command, the dates and times are set to default. Unless you configure it otherwise, this command advances the clock one hour at 2:00 a.m. on the first Sunday in April and moves back the clock one hour at 2:00 a.m. on the last Sunday in October.
2-411
Examples
This example shows how to cause the system to set the clock ahead one hour during daylight saving time:
Console> (enable) set summertime enable PDT Summertime is enabled and set to PDT. Console> (enable)
This example shows how to prevent the system from setting the clock ahead one hour during daylight saving time:
Console> (enable) set summertime disable Summertime disabled. Console> (enable)
This example shows how to set daylight saving time to the zonename AUS and repeat every year, starting from the third Monday of February at noon and ending at the second Saturday of August at 3:00 p.m. with an offset of 30 minutes:
Console> (enable) set summertime AUS recurring 3 Mon Feb 12:00 2 Saturday Aug 15:00 30 Summer time is disabled and set to AUS with offset 30 minutes. start: 12:00:00 Sun Feb 13 2000 end: 14:00:00 Sat Aug 26 2000 Recurring, starting at 12:00:00 on Sunday of the third week of February and ending on Saturday of the fourth week of August. Console> (enable)
This example shows how to set the daylight saving time to start on January 29, 1999 at 2:00 a.m. and end on August 19, 2004 at 3:00 p.m. with an offset of 30 minutes:
Console> (enable) set summertime date jan 29 1999 02:00 aug 19 2004 15:00 30 Summertime is disabled and set to '' Start : Fri Jan 29 1999, 02:00:00 End : Thu Aug 19 2004, 15:00:00 Offset: 30 minutes Recurring: no Console> (enable)
Related Commands
show summertime
2-412
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set system baud
Syntax Description
rate
Baud rate; valid rates are 600, 1200, 2400, 4800, 9600, 19200, and 38400.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the system baud rate to 19200:
Console> (enable) set system baud 19200 System console port baud rate set to 19200. Console> (enable)
Related Commands
show system
2-413
Syntax Description
contact_string
(Optional) Text string that contains the name of the person to contact for system administration. If you do not specify a contact string, the system contact string is cleared.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
show system
2-414
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set system countrycode
Syntax Description
code
Country code; see the Usage Guidelines section for format information.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The country code is a 2-letter country code taken from ISO-3166 (for example, VA=Holy See (Vatican City State) , VU=Vanuatu, and TF=French Southern Territories).
Examples
2-415
Syntax Description
enable disable
Keyword to activate system high availability. Keyword to deactivate system high availability.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
High availability provides Layer 2 to Layer 3 protocol redundancy. If you enable high availability while the standby supervisor engine is running, the switch checks the version compatibility between the two supervisor engines. If the versions are compatible, database synchronization occurs. When you disable high availability, database synchronization does not occur and protocols restart on the standby supervisor engine after switchover. If you disable high availability from the enabled state, synchronization from the active supervisor engine is stopped. On the standby supervisor engine, current synchronization data is discarded. If you enable high availability from the disabled state, synchronization from the active to standby supervisor engines starts (if you have a standby supervisor engine and the standby supervisor engine image version is compatible).
Examples
Related Commands
2-416
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set system highavailability versioning
Syntax Description
enable disable
Keyword to activate system high availability versioning. Keyword to deactivate system high availability versioning.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The high availability versioning feature allows the Catalyst 6000 family switch to run different images on the active and standby supervisor engines. When you enable image versioning, Flash image synchronization (from active to the standby supervisor engines) does not occur, allowing active and standby supervisor engines to run different images.
Caution
When you disable image versioning, the active and standby supervisor engines must run the same image version. If you disable the image versioning option from the enabled state, no additional action is necessary on the standby supervisor engine (the standby supervisor engine should be running the same image as the active supervisor engine). If you want to load a different images, you have to restart the standby supervisor engine. If you enable the image versioning option from the disabled state, and you have a standby supervisor engine and active supervisor engine running different images, Flash synchronization will copy the active supervisor engine image to the standby supervisor engine image and then restart it. If you enable the image versioning option on the active supervisor engine, and the standby supervisor engine is running a different image, the NVRAM synchronization cannot occur because the NVRAM versions are not compatible. If this is the case, after switchover, the old NVRAM configuration on the supervisor engine is used.
2-417
Examples
Related Commands
2-418
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set system location
Syntax Description
location_string
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
Related Commands
show system
2-419
Syntax Description
enable disable
Keyword to activate modem control lines on the console port. Keyword to deactivate modem control lines on the console port.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to disable modem control lines on the console port:
Console> (enable) set system modem disable Modem control lines disabled on console port. Console> (enable)
Related Commands
show system
2-420
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set system name
Syntax Description
name_string
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use the set system name command to assign a name to the switch, the switch name is used as the prompt string. However, if you specify a different prompt string using the set prompt command, that string is used for the prompt. If you do not specify a system name, the system name is cleared, and a DNS lookup is initiated for a system name. If a name is found, that is the name used; if no name is found, no name is designated. The system name can be 255 characters long, and the prompt can be 20 characters long. The system name is truncated appropriately when used as a prompt; a greater-than symbol (>) is appended to the truncated system name. If the system name was found from a DNS lookup, it is truncated to remove the domain name. If the prompt is obtained using the system name, it is updated whenever the system name changes. You can overwrite this prompt any time by setting the prompt manually. Any change in the prompt is reflected in all current open sessions. If you do not specify a name, the system name is cleared.
Examples
This example shows how to set the system name to Information Systems:
Console> (enable) set system name Information Systems System name set. Console> (enable)
Related Commands
2-421
Syntax Description
count
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to configure the TACACS+ server to allow a maximum of six login attempts:
Console> (enable) set tacacs attempts 6 Tacacs number of attempts set to 6. Console> (enable)
Related Commands
show tacacs
2-422
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set tacacs directedrequest
Syntax Description
enable disable
Keyword to send the portion of the address before the @ sign (the username) to the host specified after the @ sign. Keyword to send the entire address string to the default TACACS+ server.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
When you enable TACACS+ directed-request, you must specify a configured TACACS+ server after the @ sign. If the specified host name does not match the IP address of a configured TACACS+ server, the request is rejected. When TACACS+ directed-request is disabled, the Catalyst 6000 family switch queries the list of servers beginning with the first server in the list and then sends the entire string, accepting the first response from the server. This command is useful for sites that have developed their own TACACS+ server software to parse the entire address string and make decisions based on the contents of the string.
Examples
Related Commands
show tacacs
2-423
Syntax Description
key
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The key must be the same key used on the TACACS+ server. All leading spaces are ignored. Spaces within the key and at the end of the key are included. Double quotation marks are not required, even if there are spaces between words in the key, unless the quotation marks themselves are part of the key. The key can consist of any printable ASCII characters except the tab character. The key length must be less than 100 characters.
Examples
This example shows how to set the authentication and encryption key:
Console> (enable) set tacacs key Who Goes There The tacacs key has been set to Who Goes There. Console> (enable)
Related Commands
2-424
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set tacacs server
Syntax Description
ip_addr primary
IP address of the server on which the TACACS+ server resides. (Optional) Keyword to designate the specified server as the primary TACACS+ server.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can configure a maximum of three servers. The primary server, if configured, is contacted first. If no primary server is configured, the first server configured becomes the primary server.
Examples
This example shows how to configure the server on which the TACACS+ server resides and to designate it as the primary server:
Console> (enable) set tacacs server 170.1.2.20 primary 170.1.2.20 added to TACACS server table as primary server. Console> (enable)
Related Commands
2-425
Syntax Description
seconds
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the response timeout interval for the TACACS+ server to 8 seconds:
Console> (enable) set tacacs timeout 8 Tacacs timeout set to 8 seconds. Console> (enable)
Related Commands
show tacacs
2-426
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set test diaglevel
Syntax Description
Keyword to specify complete diagnostics. Keyword to specify minimal diagnostics. Keyword to specify bypass diagnostics.
Defaults
The default is minimal diagnostics. See the Usage Guidelines section for more information about the three diagnostic levels.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Setting the diagnostic level determines the level of testing that occurs when the system or module is reset. The three levels are as follows:
completeThis level runs all tests. minimalThis level runs only EARL tests for the supervisor engine and loopback tests for all ports in the system. bypassThis level skips all tests.
Note
Although the default is minimal, we recommend that you set the diagnostic level at complete.
Examples
Related Commands
show test
2-427
set time
Use the set time command to change the time of day on the system clock. set time [day_of_week] [mm/dd/yy] [hh:mm:ss]
Syntax Description
day_of_week (Optional) Day of the week. mm/dd/yy hh:mm:ss (Optional) Month, day, and year. (Optional) Current time in 24-hour format.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to set the system clock to Saturday, October 31, 1998, 7:50 a.m:
Console> (enable) set time sat 10/31/98 7:50 Sat Oct 31 1998, 07:50:00 Console> (enable)
Related Commands
show time
2-428
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set timezone
set timezone
Use the set timezone command to set the time zone for the system. set timezone [zone_name] [hours [minutes]]
Syntax Description
(Optional) Name of the time zone to be displayed. (Optional) Number of hours offset from UTC. (Optional) Number of minutes offset from UTC. If the specified hours value is a negative number, then the minutes value is assumed to be negative as well.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The set timezone command is effective only when NTP is running. If you set the time explicitly and NTP is disengaged, the set timezone command has no effect. If you have enabled NTP and have not entered the set timezone command, the Catalyst 6000 family switch displays UTC by default.
Examples
This example shows how to set the time zone to Pacific Standard Time with an offset of minus 8 hours from UTC:
Console> (enable) set timezone PST -8 Timezone set to PST, offset from UTC is -8 hours. Console> (enable)
Related Commands
2-429
set trunk
Use the set trunk command to configure trunk ports and to add VLANs to the allowed VLAN list for existing trunks. set trunk mod/port {on | off | desirable | auto | nonegotiate}[vlans] [isl | dot1q | negotiate]
Syntax Description
mod/port on
Number of the module and the port on the module. Keyword to force the port to become a trunk port and persuade the neighboring port to become a trunk port. The port becomes a trunk port even if the neighboring port does not agree to become a trunk. Keyword to force the port to become a nontrunk port and persuade the neighboring port to become a nontrunk port. The port becomes a nontrunk port even if the neighboring port does not agree to become a nontrunk port. Keyword to cause the port to negotiate actively with the neighboring port to become a trunk link. Keyword to cause the port to become a trunk port if the neighboring port tries to negotiate a trunk link. This is the default mode for EtherChannel ports. Keyword to force the port to become a trunk port but prevent it from sending DTP frames to its neighbor. (Optional) Keyword to specify an ISL trunk on a Fast or Gigabit Ethernet port. (Optional) Keyword to specify an IEEE 802.1Q trunk on a Fast or Gigabit Ethernet port. (Optional) Keyword to specify that the port become an ISL (preferred) or 802.1Q trunk, depending on the configuration and capabilities of the neighboring port. (Optional) VLANs to add to the list of allowed VLANs on the trunk; valid values are from 1 to 1000 and 1025 to 4094.
off
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. The following usage guidelines apply when using the set trunk command:
If a trunk-type keyword (isl, dot1q, negotiate) is not specified when configuring an EtherChannel trunk, the current trunk type is not affected. To return a trunk to its default trunk type and mode, enter the clear trunk mod/port command.
2-430
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set trunk
Trunking capabilities are hardware-dependent. Refer to the Catalyst 6000 Family Module Installation Guide to determine the trunking capabilities of your hardware, or enter the show port capabilities command. The Catalyst 6000 family switches use the DTP to negotiate trunk links automatically on EtherChannel ports. Whether a port will negotiate to become a trunk port depends on both the mode and the trunk type specified for that port. Refer to the Catalyst 6000 Family Software Configuration Guide for detailed information on how trunk ports are negotiated. DTP is a point-to-point protocol. However, some internetworking devices might improperly forward DTP frames. You can avoid this problem by ensuring that trunking is turned off on ports connected to non-Catalyst 6000 family switch devices if you do not intend to trunk across those links. When enabling trunking on a link to a Cisco router, enter the noneg keyword to cause the port to become a trunk but not generate DTP frames. For trunking to be negotiated on EtherChannel ports, the ports must be in the same VTP domain. However, you can use the on or noneg mode to force a port to become a trunk, even if it is in a different domain. To remove VLANs from the allowed list for a trunk, enter the clear trunk mod/port vlans command. When you first configure a port as a trunk, the set trunk command always adds all VLANs to the allowed VLAN list for the trunk, even if you specify a VLAN range (the specified VLAN range is ignored). To remove VLANs from the allowed list, enter the clear trunk mod/port vlans command. To later add VLANs that were removed, enter the set trunk mod/port vlans command. You cannot change the allowed VLAN range on the MSM port. The MSM port can be configured only as an IEEE 802.1Q-type trunk.
The following configuration guidelines and restrictions apply when using 802.1Q trunks impose some limitations on the trunking strategy for a network. Note these restrictions when using 802.1Q trunks:
When connecting Cisco switches through an 802.1q trunk, make sure the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning tree loops might result. Disabling spanning tree on the native VLAN of an 802.1Q trunk without disabling spanning tree on every VLAN in the network can cause spanning tree loops. We recommend that you leave spanning tree enabled on the native VLAN of an 802.1Q trunk. If this is not possible, disable spanning tree on every VLAN in the network. Make sure your network is free of physical loops before disabling spanning tree. When you connect two Cisco switches through 802.1Q trunks, the switches exchange spanning-tree BPDUs on each VLAN allowed on the trunks. The BPDUs on the native VLAN of the trunk are sent untagged to the reserved IEEE 802.1d spanning-tree multicast MAC address (01-80-C2-00-00-00). The BPDUs on all other VLANs on the trunk are sent tagged to the reserved Cisco Shared Spanning Tree (SSTP) multicast MAC address (01-00-0c-cc-cc-cd). Non-Cisco 802.1Q switches maintain only a single instance of spanning tree (the Mono Spanning Tree, or MST) that defines the spanning-tree topology for all VLANs. When you connect a Cisco switch to a non-Cisco switch through an 802.1Q trunk, the MST of the non-Cisco switch and the native VLAN spanning-tree of the Cisco switch combine to form a single spanning-tree topology known as the Common Spanning Tree (CST).
2-431
Because Cisco switches transmit BPDUs to the SSTP multicast MAC address on VLANs other than the native VLAN of the trunk, non-Cisco switches do not recognize these frames as BPDUs and flood them on all ports in the corresponding VLAN. Other Cisco switches connected to the non-Cisco 802.1q cloud receive these flooded BPDUs. This allows Cisco switches to maintain a per-VLAN spanning tree topology across a cloud of non-Cisco 802.1Q switches. The non-Cisco 802.1Q cloud separating the Cisco switches is treated as a single broadcast segment between all switches connected to the non-Cisco 802.1q cloud through 802.1q trunks. Make certain that the native VLAN is the same on ALL of the 802.1q trunks connecting the Cisco switches to the non-Cisco 802.1q cloud. If you are connecting multiple Cisco switches to a non-Cisco 802.1q cloud, all of the connections must be through 802.1q trunks. You cannot connect Cisco switches to a non-Cisco 802.1q cloud through ISL trunks or through access ports. Doing so will cause the switch to place the ISL trunk port or access port into the spanning tree port inconsistent state and no traffic will pass through the port.
Examples
This example shows how to add VLANs 5 through 50 to the allowed VLAN list for a trunk port (VLANs were previously removed from the allowed list with the clear trunk command):
Console> (enable) set trunk 1/1 5-50 Adding vlans 5-50 to allowed list. Port(s) 1/1 allowed vlans modified to 1,5-50,101-1005. Console> (enable)
This example shows how to set port 5 on module 4 as an 802.1Q trunk port in desirable mode:
Console> (enable) set trunk 4/5 desirable dot1q Port(s) 4/5 trunk mode set to desirable. Port(s) 4/5 trunk type set to dot1q. Console> (enable)
Related Commands
2-432
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands set udld
set udld
Use the set udld command to enable or disable the UDLD information display on specified ports or globally on all ports. set udld enable | disable [mod/port]
Syntax Description
Keyword to enable the UDLD information display. Keyword to disable the UDLD information display. (Optional) Number of the module and port on the module.
Defaults
UDLD global enable stateGlobally disabled. UDLD per-port enable state for fiber-optic mediaEnabled on all Ethernet fiber-optic ports. UDLD per-port enable state for twisted-pair (copper) mediaDisabled on all Ethernet 10/100 and 1000BaseTX ports.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows how to enable the UDLD message display for port 1 on module 2:
Console> (enable) set udld enable 2/1 UDLD enabled on port 2/1. Warning:UniDirectional Link Detection should be enabled only on ports not connected to hubs, media converters or similar devices. Console> (enable)
This example shows how to disable the UDLD message display for port 1 on module 2:
Console> (enable) set udld disable 2/1 UDLD disabled on port 2/1. Warning:UniDirectional Link Detection should be enabled only on ports not connected to hubs, media converters or similar devices. Console> (enable)
2-433
This example shows how to enable the UDLD message display for all ports on all modules:
Console> (enable) set udld enable UDLD enabled globally. Console> (enable)
This example shows how to disable the UDLD message display for all ports on all modules:
Console> (enable) set udld disable UDLD disabled globally Console> (enable)
Related Commands
show udld
2-434
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set udld aggressive-mode
Syntax Description
Keyword to enable UDLD aggressive mode. Keyword to disable UDLD aggressive mode. Number of the module and port on the module.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can use the aggressive mode in cases in which a port that sits on a bidirectional link stops receiving packets from its neighbor. When this happens, if aggressive mode is enabled on the port, UDLD will try to reestablish the connection with the neighbor. If connection is not reestablished after eight failed retries, the port is error disabled. We recommend that you use this command on point-to-point links between Cisco switches only. This command is not supported by the NAM.
Examples
Related Commands
2-435
Syntax Description
interval
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
Related Commands
2-436
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set vlan
set vlan
Use the set vlan command set to group ports into a VLAN or set the private VLAN type. set vlan {vlan_num}{mod/ports} set vlan {vlan_num} [name {name}] [type {type}] [state {state}] [said {said}] [mtu {mtu}] [bridge {bridge_num}] [mode {bridge_mode}] [stp {stp_type}] [translation {vlan_num}] [aremaxhop {hopcount}] [pvlan-type {pvlan_type}] [ring {hex_ring_number}] [decring {decimal_ring_number}] [parent {vlan_num}] [backupcrf {off | on}] [stemaxhop {hopcount}] [rspan]
Syntax Description
Number identifying the VLAN. Number of the module and ports on the module belonging to the VLAN. (Optional) Keyword and variable to define a text string used as the name of the VLAN; valid values are from 1 to 32 characters. (Optional) Keyword and variable to identify the VLAN type. (Optional) Keyword and variable to specify whether the state of the VLAN is active or suspended. (Optional) Keyword and variable to specify the security association identifier; valid values are from 1 to 4294967294. (Optional) Keyword and variable to specify the maximum transmission unit (packet size, in bytes) that the VLAN can use; valid values are from 576 to 18190. (Optional) Keyword and variable to specify the identification number of the bridge; valid values are hexadecimal numbers from 0x1 to 0xF. (Optional) Keyword and variable to specify the bridge mode; valid values are srt and srb. (Optional) Keyword and variable to specify the STP type; valid values are ieee, ibm, and auto. (Optional) Keyword and variable to specify a translational VLAN used to translate FDDI or Token Ring to Ethernet; valid values are from 1 to 1005. (Optional) Keyword and variable to specify the maximum number of hops for All-Routes Explorer frames; valid values are from 1 to 13. (Optional) Keyword and options to specify the private VLAN type. See the Usage Guidelines section for valid values. (Optional) Keyword to specify the VLAN as the primary VLAN in a private VLAN. (Optional) Keyword and variable to specify the decimal ring number; valid values are from 1 to 4095. (Optional) Keyword and variable to specify the VLAN number of the parent VLAN; valid values are from 2 to 1005.
bridge bridge_num
aremaxhop hopcount
2-437
(Optional) Keywords to specify whether the TrCRF is a backup path for traffic. (Optional) Keyword and variable to specify the maximum number of hops for Spanning Tree Explorer frames; valid values are from 1 to 14. (Optional) Keyword to create a VLAN for remote SPAN.
rspan
Defaults
Switched Ethernet ports and Ethernet repeater ports are in VLAN 1. said is 100001 for VLAN 1, 100002 for VLAN 2, 100003 for VLAN 3, and so forth. type is Ethernet. mtu is 1500 bytes. state is active. hopcount is 7. pvlan type is none.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. You cannot use the set vlan command until the Catalyst 6000 family switch is either in VTP transparent mode (set vtp mode transparent) or until a VTP domain name has been set (set vtp domain name). To create a private VLAN, UTP mode must be transparent. You cannot set multiple VLANs for ISL ports using this command. The VLAN name can be from 1 to 32 characters in length. If you are adding a new VLAN, the VLAN number must be within the range 2 to 1001. When you are modifying a VLAN, the valid range for the VLAN number is from 2 to 1005. If you use the rspan keyword for remote SPAN VLANs, you should not configure an access port (except the remote SPAN destination ports) on these VLANs. Learning is disabled for remote SPAN VLANs. If you use the rspan keyword for remote SPAN VLANs, only the name name and the state {active | suspend} variables are supported. The stemaxhop hopcount parameter is valid only when defining or configuring TrCRFs. The bridge bridge_num, mode bridge_mode, stp stp_type, and translation vlan_num keywords and values are supported only when the Catalyst 6000 family switch is used as a VTP server for Catalyst 5000 family switches in the Token Ring and FDDI networks. You must configure a private VLAN on the supervisor engine.
2-438
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set vlan
primary specifies the VLAN as the primary VLAN in a private VLAN. isolated specifies the VLAN as the isolated VLAN in a private VLAN. community specifies the VLAN as the community VLAN in a private VLAN. none specifies that the VLAN is a normal Ethernet VLAN, not a private VLAN.
Only regular VLANs with no access ports assigned to them can be used in private VLANs. Do not use the set vlan command to add ports to a private VLAN; use the set pvlan command to add ports to a private VLAN. VLANs 1001, 1002, 1003, 1004, and 1005 cannot be used in private VLANs. VLANs in a suspended state do not pass packets.
Examples
This example shows how to set VLAN 850 to include ports 3 through 7 on module 3:
Console> (enable) set vlan 850 3/4-7 VLAN 850 modified. VLAN Mod/Ports ---- ----------------------850 3/4-7 Console> (enable)
Related Commands
set vlan mapping show vlan set pvlan clear config pvlan clear pvlan mapping show pvlan show pvlan mapping clear vlan
2-439
Syntax Description
Keyword and variable to specify the 802.1Q VLAN; valid values are from 1001 to 4095. Keyword to specify the ISL VLAN; valid values are from 1 to 1024.
Defaults
The default is all switched Ethernet ports and Ethernet repeater ports are in VLAN 1.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
IEEE 802.1Q VLAN trunks support VLANs 1 through 4095. ISL VLAN trunks support VLANs 1 through 1024 (1005 to 1024 are reserved). The switch automatically maps 802.1Q VLANs 1000 and lower to ISL VLANs with the same number. Use this feature to map 802.1Q VLANs above 1000 to ISL VLANs. You can map up to eight VLANs. Only one 802.1Q VLAN can be mapped to an ISL VLAN. For example, if 802.1Q VLAN 800 has been automatically mapped to ISL VLAN 800, do not manually map any other 802.1Q VLANs to ISL VLAN 800. You cannot overwrite existing 802.1Q VLAN mapping. If the 802.1Q VLAN number already exists, the command is aborted. You must first clear that mapping. If vlan_num does not exist, then either of the following occurs:
If the switch is in server or transparent mode, the VLAN is created with all default values. If the switch is in client mode, then the command proceeds without creating the VLAN. A warning will be given indicating that the VLAN does not exist.
If the table is full, the command is aborted with an error message indicating the table is full.
Examples
This example shows how to map VLAN 850 to ISL VLAN 1022:
Console> (enable) set vlan mapping dot1q 850 isl 1022 Vlan 850 configuration successful Vlan mapping successful Console> (enable)
2-440
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set vlan mapping
This example shows the display if you enter a VLAN that does not exist:
Console> (enable) set vlan mapping dot1q 2 isl 1016 Vlan Mapping Set Warning: Vlan 2 Nonexistent Console> (enable)
Related Commands
2-441
set vtp
Use the set vtp command to set the options for VTP. set vtp [domain domain_name] [mode {client | server | transparent}] [passwd passwd] [pruning {enable | disable}] [v2 {enable | disable}]
Syntax Description
(Optional) Keywords to define the name that identifies the VLAN management domain. The domain_name can be from 1 to 32 characters in length. (Optional) Keywords to specify the VTP mode.
(Optional) Keyword and variable to define the VTP password; the VTP password can be from 8 to 64 characters in length.
pruning {enable | (Optional) Keywords to enable or disable VTP pruning for the entire disable} management domain. v2 {enable | disable} (Optional) Keywords to enable or disable version 2 mode.
Defaults
The defaults are as follows: server mode, no password, pruning disabled, and v2 disabled.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
This command is not supported by the NAM. All switches in a VTP domain must run the same version of VTP. VTP version 1 and VTP version 2 do not operate on switches in the same VTP domain. If all switches in a domain are VTP version 2-capable, you only need to enable VTP version 2 on one switch (using the set vtp v2 enable command); the version number is then propagated to the other version 2-capable switches in the VTP domain. If the VTP password has already been defined, entering passwd 0 (zero) clears the VTP password. VTP supports three different modes: server, client, and transparent. If you make a change to the VTP or VLAN configuration on a switch in server mode, that change is propagated to all of the switches in the same VTP domain. If the receiving switch is in server mode and its revision number is higher than the sending switch, the configuration is not changed. If the revision number is lower, the configuration is duplicated. VTP can be set to either server or client mode only when dynamic VLAN creation is disabled. If the receiving switch is in server mode, the configuration is not changed.
2-442
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands set vtp
If the receiving switch is in client mode, the client switch changes its configuration to duplicate the configuration of the server. Make sure to make all VTP or VLAN configuration changes on a switch in server mode. If the receiving switch is in transparent mode, the configuration is not changed. Switches in transparent mode do not participate in VTP. If you make VTP or VLAN configuration changes on a switch in transparent mode, the changes are not propagated to the other switches in the network. The pruning keyword is used to enable or disable VTP pruning for the VTP domain. VTP pruning causes information about each pruning-eligible VLAN to be removed from VTP updates if there are no stations belonging to that VLAN out a particular switch port. Use the set vtp pruneeligible and clear vtp pruning commands to specify which VLANs should or should not be pruned when pruning is enabled for the domain. To disable VTP, enter the set vtp mode transparent command. This command disables VTP from the domain but does not remove the domain from the switch. Use the clear config all command to remove the domain from the switch.
Caution
Be careful when you use the clear config all command. This command clears the entire switch configuration, not just the VTP domain.
Examples
This example shows what happens if you try to change VTP to server or client mode and dynamic VLAN creation is enabled:
Console> (enable) set vtp mode server Failed to Set VTP to Server. Please disable Dynamic VLAN Creation First. Console> (enable)
Related Commands
show vtp domain set vlan clear vlan show vlan set vtp pruneeligible clear vtp pruning
2-443
Syntax Description
vlan_range
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
VTP pruning causes information about each pruning-eligible VLAN to be removed from VTP updates if there are no stations belonging to that VLAN out a particular switch port. Use the set vtp command to enable VTP pruning. By default, VLANs 2 through 1000 are pruning eligible. You do not need to use the set vtp pruneeligible command unless you have previously used the clear vtp pruning command to make some VLANs pruning ineligible. If VLANs have been made pruning ineligible, use the set vtp pruneeligible command to make them pruning eligible again.
Examples
This example shows how to configure pruning eligibility for VLANs 120 and 150:
Console> set vtp pruneeligible 120,150 Vlans 120,150 eligible for pruning on this device. VTP domain nada modified. Console>
In this example, VLANs 200500 were made pruning ineligible using the clear vtp pruning command. This example shows how to make VLANs 220 through 320 pruning eligible again:
Console> set vtp pruneeligible 220-320 Vlans 2-199,220-320,501-1000 eligible for pruning on this device. VTP domain Company modified. Console>
Related Commands
2-444
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands show accounting
show accounting
Use the show accounting command to display accounting setup and configuration information on the switch. show accounting
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows the configuration details of a switch with RADIUS accounting enabled:
Console> (enable) Event Method1 ----------exec: Radius connect: Radius system: commands: config: all: show accounting Mode ----stop-only stop-only -
TACACS+ Suppress for no username: disabled Update Frequency: newinfo Accounting information: ----------------------Active Accounted actions on tty2168059284l, User NULL Priv 15 Task ID 3, EXEC Accounting record, 0,00:00:22 Elapsed task_id=3 start_time=934463479 timezone=UTC service=shell Active Accounted actions on tty0l, User kannank Priv 15 Task ID 2, EXEC Accounting record, 0,00:01:23 Elapsed task_id=2 start_time=934463418 timezone=UTC service=shell Active Accounted actions on tty2168059284l, User danny Priv 15 Task ID 4, Connection Accounting record, 0,00:00:07 Elapsed task_id=4 start_time=934463495 timezone=UTC service=connection protocol=telnet addr=-1407968771 cmd=telnet 172.20.25.253
2-445
This example shows the configuration details of a switch with TACACS+ accounting enabled:
Console> (enable) show accounting TACACS+: Update: periodic (25 seconds) Supress: disabled Status -------disabled disabled disabled disabled disabled disabled Mode ----------stop-only stop-only stop-only stop-only stop-only stop-only
TACACS+ Suppress for no username: disabled Update Frequency: newinfo Accounting information: ----------------------Active Accounted actions on tty2168059284l, User NULL Priv 15 Task ID 3, EXEC Accounting record, 0,00:00:22 Elapsed task_id=3 start_time=934463479 timezone=UTC service=shell Active Accounted actions on tty0l, User kannank Priv 15 Task ID 2, EXEC Accounting record, 0,00:01:23 Elapsed task_id=2 start_time=934463418 timezone=UTC service=shell Active Accounted actions on tty2168059284l, User danny Priv 15 Task ID 4, Connection Accounting record, 0,00:00:07 Elapsed task_id=4 start_time=934463495 timezone=UTC service=connection protocol=telnet addr=-1407968771 cmd=telnet 172.20.25.253 Overall Accounting Starts Exec 1 Connect 0 Command 0 System 0 Console> (enable) Traffic: Stops Active 0 2 0 1 0 0 0 0
2-446
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show accounting
Related Commands
set accounting commands set accounting connect set accounting exec set accounting suppress set accounting system set accounting update
2-447
show alias
Use the show alias command to display a listing of defined command aliases. show alias [name]
Syntax Description
name
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
Examples
Related Commands
2-448
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show arp
show arp
Use the show arp command to display the ARP table. show arp [ip_addr | hostname] [noalias]
Syntax Description
(Optional) Number of the IP address. (Optional) Name of the host. (Optional) Keyword to force the display to show only IP addresses, not IP aliases.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
ARP aging time is the period of time that indicates when an ARP entry is removed from the ARP table. Set this value by entering the set arp agingtime command. The remaining lines of the display show the mappings of IP addresses (or IP aliases) to MAC addresses. Use the ip_addr or the hostname options to specify an IP host when the ARP cache is large.
Examples
Related Commands
2-449
show authentication
Use the show authentication command to display authentication information. show authentication
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Related Commands
2-450
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show authorization
show authorization
Use the show authorizaton command to display authorization setup and configuration information on the switch. show authorization
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display authorization setup and configuration information:
Console> (enable) show authorization Telnet: ------Primary Fallback -------------exec: tacacs+ deny enable: tacacs+ deny commands: config: tacacs+ deny all: Console: -------Primary ------tacacs+ tacacs+ tacacs+ Fallback -------deny deny deny -
Console> (enable)
Related Commands
2-451
show boot
Use the show boot command to display the contents of the BOOT environment variables and the configuration register setting. show boot [mod]
Syntax Description
mod
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Related Commands
set boot auto-config set boot config-register set boot system flash
2-452
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show boot device
Syntax Description
mod
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
Examples
This example shows how to display the boot device information for module 2:
Console> show boot device 2 Device BOOT variable = hdd:2 Console>
Related Commands
2-453
show cam
Use the show cam command set to display CAM table entries. show cam {dynamic | static | permanent | system} mod/port show cam mac_addr [vlan]
Syntax Description
Keyword to display dynamic CAM entries. Keyword to display static CAM entries. Keyword to display permanent CAM entries. Keyword to display system CAM entries. Number of the module and the port on the module. MAC address. (Optional) Number of the VLAN.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you specify a VLAN, then only those CAM entries matching the VLAN number are displayed. If you do not specify a VLAN, all VLANs are displayed. If the MAC address belongs to a router, it is shown by appending an R to the MAC address.
Examples
This example shows how to display dynamic CAM entries for all VLANs:
Console> show cam dynamic * = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry. VLAN ---1 1 1 1 1 1 1 Dest MAC/Route Des -----------------00-60-5c-86-5b-81 00-60-2f-35-48-17 00-80-24-f3-47-20 00-60-09-78-96-fb 00-80-24-1d-d9-ed 00-80-24-1d-da-01 08-00-20-7a-63-01 Destination Ports or VCs / [Protocol Type] ---------------------------------------------------4/1 [ALL] 4/1 [ALL] 1/2 [ALL] 4/1 [ALL] 1/2 [ALL] 1/2 [ALL] 4/1 [ALL]
2-454
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show cam
Related Commands
2-455
Syntax Description
vlan
(Optional) Number of the VLAN or range of VLANs; valid values are from 1 to 1005 and from 1025 to 4094.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display CAM aging time information for a specific VLAN:
Console> show cam agingtime 1005 VLAN 1005 aging time = 300 sec Console>
Related Commands
2-456
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show cam count
Syntax Description
Keyword to display dynamic CAM entries. Keyword to display static CAM entries. Keyword to display permanent CAM entries. Keyword to display system CAM entries. (Optional) Number of the VLAN.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
Examples
This example shows how to display the number of dynamic CAM entries:
Console> (enable) show cam count dynamic Total Matching CAM Entries = 6 Console> (enable)
Related Commands
2-457
Syntax Description
mod vlan
Number of the module for which MSFC information is displayed. (Optional) Number of the VLAN.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you specify the VLAN, only CAM entries that belong to that VLAN are displayed.
Examples
This example shows how to display CAM entries for a specific VLAN:
Console> show cam msfc 15 192 VLAN Destination MAC Destination-Ports or VCs ---- ----------------------------------------------192 00-00-0c-07-ac-c0R 7/1 192 00-e0-f9-d1-2c-00R 7/1 Console> Xtag ---2 2 Status -----H H
Related Commands
show cam
2-458
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show cdp
show cdp
Use the show cdp command set to display CDP information. show cdp show cdp neighbors [mod[/port]] [vlan | duplex | capabilities | detail] show cdp port [mod[/port]]
Syntax Description
Keyword to show CDP information for Cisco products connected to the switch. (Optional) Number of the module for which CDP information is displayed and optionally, the number of the port for which CDP information is displayed. (Optional) Keyword to show the native VLAN number for the neighboring Cisco products. (Optional) Keyword to show the duplex type of the neighboring Cisco products. (Optional) Keyword to show the capability codes for the neighboring Cisco products; valid values are R, T, B, S, H, I, and r (R = Router, T = Trans Bridge, B = Source Route Bridge, S = Switch, H = Host, I = IGMP, and r = Repeater). (Optional) Keyword to show detailed information about neighboring Cisco products. Keyword to show CDP port settings.
detail port
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
The per-port output of the show cdp port command is not displayed if you globally disable CDP. If you globally enable CDP, the per-port status is displayed. If you enter the show cdp neighbors command for a device that supports earlier versions of CDP, unknown is displayed in the VTP Management Domain, Native VLAN, and Duplex fields. If you do not specify a module number, CDP information for the entire switch is displayed.
Examples
This example shows how to display CDP information for the system:
Console> show cdp CDP :enabled Message Interval :60 Hold Time :180
2-459
This example shows how to display detailed CDP neighbor information. The display varies depending on your network configuration at the time you run the command.
Console> show cdp neighbors 4 detail Port (Our Port):4/4 Device-ID:69046406 Device Addresses: IP Address:172.20.25.161 Holdtime:150 sec Capabilities:TRANSPARENT_BRIDGE SWITCH Version: WS-C6009 Software, Version NmpSW: 5.4(1)CSX Copyright (c) 1995-1999 by Cisco Systems Port-ID (Port on Device):4/8 Platform:WS-C6009 VTP Management Domain:unknown Native VLAN:1 Duplex:half Console>
This example shows how to display CDP information about neighboring systems:
Console> show cdp neighbors * - indicates vlan mismatch. # - indicates duplex mismatch. Port -------3/5 3/6 4/1 4/2 4/20 5/1 5/1 5/1 5/1 Console> Device-ID ------------------------------002267619 002267619 002267619 002267619 069000057 005763872 066506245 066508595 066508596 Port-ID ------------------------3/6 * 3/5 4/2 4/1 # 8/5 2/1 2/1 5/12 *# 5/1 Platform -----------WS-C6000 WS-C6000 WS-C6000 WS-C6000 WS-C6000 WS-C6009 WS-C6009 WS-C6009 WS-C6009
This example shows how to display duplex information about neighboring systems:
Console> show cdp neighbors duplex * - indicates vlan mismatch. # - indicates duplex mismatch. Port -------3/5 3/6 4/1 4/2 4/20 5/1 5/1 5/1 5/1 Console> Device-ID ------------------------------002267619 002267619 002267619 002267619 069000057 005763872 066506245 066508595 066508596 Port-ID ------------------------3/6 * 3/5 4/2 4/1 # 8/5 2/1 2/1 5/12 *# 5/1 Duplex -----half half full full half half
2-460
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show cdp
This example shows how to display VLAN information about neighboring systems:
Console> show cdp vlan * - indicates vlan mismatch. # - indicates duplex mismatch. Port -------3/5 3/6 4/1 4/2 4/20 5/1 5/1 5/1 5/1 Console> Device-ID ------------------------------002267619 002267619 002267619 002267619 069000057 005763872 066506245 066508595 066508596 Port-ID ------------------------3/6 * 3/5 4/2 4/1 # 8/5 2/1 2/1 5/12 *# 5/1 NativeVLAN ---------1 1 1 1 1 1
This example shows how to display capability information about neighboring systems:
Console> show cdp neighbors capabilities * - indicates vlan mismatch. # - indicates duplex mismatch. Port -------3/5 3/6 4/1 4/2 4/20 5/1 5/1 5/1 5/1 Console> Device-ID ------------------------------002267619 002267619 002267619 002267619 069000057 005763872 066506245 066508595 066508596 Port-ID ------------------------3/6 * 3/5 4/2 4/1 # 8/5 2/1 2/1 5/12 *# 5/1 Capabilities -----------T S T S T S T S T B S T B S T B S T B S T B S
This example shows how to display CDP information for all ports:
Console> show cdp CDP Message Interval Hold Time Port -------2/1 2/2 5/1 5/2 5/3 5/4 5/5 5/6 5/7 5/8 Console> port :enabled :60 :180
CDP Status ---------enabled enabled enabled enabled enabled enabled enabled enabled enabled enabled
2-461
Related Commands
set cdp
2-462
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show channel
show channel
Use the show channel command to display EtherChannel information for a channel. show channel [channel_id] [info | statistics | mac] show channel [channel_id] [info [spantree | trunk | protcol | gmrp | gvrp | qos]]
Syntax Description
(Optional) Number of the channel. (Optional) Keyword to display channel information. (Optional) Keyword to display statistics about the port (PAgP packets sent and received). (Optional) Keyword to display MAC information about the channel.
spantree | trunk | (Optional) Keyword to display feature-related parameters. protcol | gmrp | gvrp | qos
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify channel_id, EtherChannel information is shown for all channels. No information is displayed if the channel specified is not in use. If you enter the optional info keyword with any of the options (spantree | trunk | protcol | gmrp | gvrp | qos), the specified feature-related parameters are displayed in the output.
Examples
This example shows how to display channel information for a specific channel:
Console> show channel 768 Channel Ports Status Channel id Mode ------- ----------------------------------------------- --------- -------768 2/1-2 connected on Console>
2-463
This example shows how to display channel information for all channels:
Console> show channel Channel Id Ports ----------- ----------------------------------------------768 2/1-2 769 4/3-4 770 4/7-8 Console>
This example shows how to display port information for a specific channel:
Console> show channel 769 info Chan Port Status Channel Admin Speed Duplex Vlan PortSecurity/ id mode group Dynamic Port ---- ----- ---------- --------- ----- ----- ------ ---- ------------769 1/1 notconnect on 195 1000 full 1 769 1/2 notconnect on 195 1000 full 1 Chan id ---769 769 Chan id ---769 769 Port ifOper-group Neighbor Chan Oper-Distribution Index Oper-group cost Method ----- ----- ---------- ---------- ----- ----------------1/1 1 0 ip both 1/2 1 0 ip both Port Device-ID Port-ID Platform
Chan Port Trunk-status Trunk-type Trunk-vlans id ----- ----- ------------ ----------------------------------------------------769 1/1 not-trunking negotiate 1-1005 769 1/2 not-trunking negotiate 1-1005 Chan id ---769 769 Chan id ---769 769 Chan id ---769 769 Chan id ---769 769 Port Portvlancost-vlans
----- -------------------------------------------------------------------1/1 1/2 Port Port Portfast Port Port priority vlanpri vlanpri-vlans ----- -------- -------- ------- -----------------------------------------1/1 32 disabled 0 1/2 32 disabled 0 Port IP IPX Group
----- -------- -------- -------1/1 on auto-on auto-on 1/2 on auto-on auto-on Port GMRP GMRP GMRP status registration forwardAll ----- -------- ------------ ---------1/1 enabled normal disabled 1/2 enabled normal disabled
2-464
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show channel
Chan Port id ---- ----769 1/1 769 1/2 Chan Port id ---- ----769 1/1 769 1/2
------ ------ ------------ ---------- -------------2q2t 1q4t untrusted 0 false 2q2t 1q4t untrusted 0 false
Chan Port ACL name Protocol id ---- ----- -------------------------------- -------769 1/1 IP IPX MAC 769 1/2 IP IPX MAC Console
This example shows how to display port information for all channels:
Console> show channel Chan Port Status id ---- ----- ---------769 1/1 notconnect 769 1/2 notconnect 865 4/1 notconnect 865 4/2 notconnect Chan Port id ---- ----769 1/1 769 1/2 865 4/1 865 4/2 info Channel Admin Speed Duplex Vlan PortSecurity/ mode group Dynamic Port --------- ----- ----- ------ ---- ------------on 195 1000 full 1 on 195 1000 full 1 on 194 100 half 1 on 194 100 half 1 -
ifOper-group Neighbor Chan Oper-Distribution Index Oper-group cost Method ----- ---------- ---------- ----- ----------------1 0 ip both 1 0 ip both 1 0 ip both 1 0 ip both
Chan Port Device-ID Port-ID Platform id ---- ----- ------------------------------- ------------------------- ---------769 1/1 769 1/2 865 4/1 865 4/2 Chan Port Trunk-status Trunk-type Trunk-vlans id ----- ----- ------------ ----------------------------------------------------769 1/1 not-trunking negotiate 1-1005 769 1/2 not-trunking negotiate 1-1005 865 4/1 not-trunking negotiate 1-1005 865 4/2 not-trunking negotiate 1-1005 Chan Port Portvlancost-vlans id ---- ----- -------------------------------------------------------------------769 1/1 769 1/2
2-465
865 865
4/1 4/2 Portfast Port Port vlanpri vlanpri-vlans -------- ------- -----------------------------------------disabled 0 disabled 0 disabled 0 disabled 0 IPX -------auto-on auto-on auto-on auto-on Group -------auto-on auto-on auto-on auto-on GMRP forwardAll ---------disabled disabled disabled disabled GVRP applicant --------normal normal normal normal Qos-DefCos Qos-Port-based
Chan Port Port id priority ---- ----- -------769 1/1 32 769 1/2 32 865 4/1 32 865 4/2 32 Chan Port id ---- ----769 1/1 769 1/2 865 4/1 865 4/2 Chan Port id ---- ----769 1/1 769 1/2 865 4/1 865 4/2 Chan Port id ---- ----769 1/1 769 1/2 865 4/1 865 4/2 Chan Port id ---- ----769 1/1 769 1/2 865 4/1 865 4/2 IP -------on on on on GMRP status -------enabled enabled enabled enabled GVRP status -------disabled disabled disabled disabled
Qos-Tx Qos-Rx Qos-Trust -----2q2t 2q2t 2q2t 2q2t -----1q4t 1q4t 1q4t 1q4t
------------ ---------- -------------untrusted 0 false untrusted 0 false untrusted 0 false untrusted 0 false
Chan Port ACL name Protocol id ---- ----- -------------------------------- -------769 1/1 IP IPX MAC 769 1/2 IP IPX MAC 865 4/1 IP IPX MAC 865 4/2 IP IPX MAC Console>
2-466
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show channel
This example shows how to display PAgP information for all channels:
Console> show channel statistics Port Channel PAgP Pkts PAgP Pkts PAgP Pkts PAgP Pkts PAgP Pkts PAgP Pkts id Transmitted Received InFlush RetnFlush OutFlush InError ----- ------- ----------- --------- --------- --------- --------- --------2/1 768 0 0 0 0 0 0 2/2 768 0 0 0 0 0 0 4/3 769 0 0 0 0 0 0 4/4 769 0 0 0 0 0 0 4/7 770 0 92 0 0 0 0 4/8 770 0 0 0 0 0 0 Console>
This example shows how to display PAgP information for a specific channel:
Console> show channel 768 statistics Port Channel PAgP Pkts PAgP Pkts PAgP Pkts PAgP Pkts PAgP Pkts PAgP Pkts id Transmitted Received InFlush RetnFlush OutFlush InError ----- ------- ----------- --------- --------- --------- --------- --------2/1 768 0 0 0 0 0 0 2/2 768 0 0 0 0 0 0 Console>
Channel Dely-Exced MTU-Exced In-Discard Lrn-Discrd In-Lost Out-Lost -------- ---------- ---------- ---------- ---------- ---------- ---------768 0 0 0 0 0 0 Console>
2-467
Channel Dely-Exced MTU-Exced In-Discard Lrn-Discrd In-Lost Out-Lost -------- ---------- ---------- ---------- ---------- ---------- ---------768 0 0 0 0 0 0 769 0 0 0 0 0 0 771 0 18 0 0 0 0 Last-Time-Cleared -------------------------Wed Jun 10 1999, 20:31:13 Console>
2-468
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show channel
Console> show channel 769 info qos Chan Port Qos-Tx Qos-Rx Qos-Trust Qos-DefCos Qos-Interface id PortType PortType Type Type ---- ----- -------- -------- ------------ ---------- -------------769 1/1 2q2t 1q4t untrusted 0 port-based 769 1/2 2q2t 1q4t untrusted 0 port-based Chan Port ACL name Type id ---- ----- -------------------------------- ---769 1/1 IP IPX MAC 769 1/2 IP IPX MAC Console>
Related Commands
2-469
Syntax Description
(Optional) Number of the administrative group; valid values are from 1 to 1024. (Optional) Keyword to display group information. (Optional) Keyword to display statistics about the group. (Optional) Keyword to display feature-related parameters.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify admin_group, EtherChannel information is shown for all admin groups. If you enter the optional info keyword with any of the options (spantree | trunk | protcol | gmrp | gvrp | qos), the specified feature-related parameters are displayed in the output.
Examples
This example shows how to display Ethernet channeling information for all admin groups:
Console> show channel group Admin Group Ports ----------- ----------------------------------------------7 1/1-2 Console>
This example shows how to display Ethernet channeling information for a specific group:
Console> show channel group 154 Admin Port Status Channel Channel group Mode id ----- ----- ---------- --------- -------154 1/1 notconnect on 769 154 1/2 connected on 769
2-470
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show channel group
Admin Port Device-ID Port-ID Platform group ----- ----- ------------------------------- ------------------------- ---------154 1/1 154 1/2 066510644(cat26-lnf(NET25)) 2/1 WS-C5505 Console>
ifOper-group Neighbor Chan Oper-Distribution Index Oper-group cost Method ----- ---------- ---------- ----- ----------------1 0 mac both 868 1 0 mac both
Admin Port Device-ID Port-ID Platform group ----- ----- ------------------------------- ------------------------- ---------154 1/1 154 1/2 066510644(cat26-lnf(NET25)) 2/1 WS-C5505 Admin Port group ----- ----154 1/1 154 1/2 Trunk-status Trunk-type Trunk-vlans
Admin Port Portvlancost-vlans group ----- ----- -------------------------------------------------------------------154 1/1 154 1/2 Admin Port Port group priority ----- ----- -------154 1/1 32 154 1/2 32 Admin Port group ----- ----154 1/1 154 1/2 Admin Port group ----- ----154 1/1 154 1/2 Admin Port group ----- ----154 1/1 154 1/2 IP Portfast Port Port vlanpri vlanpri-vlans -------- ------- -----------------------------------------disabled 0 disabled 0 IPX Group
-------- -------- -------on auto-on auto-on on auto-on auto-on GMRP status -------enabled enabled GVRP status -------disabled disabled GMRP registration -----------normal normal GMRP forwardAll ---------disabled disabled
2-471
Qos-DefCos Qos-Port-based
------ ------ ------------ ---------- -------------2q2t 1q4t untrusted 0 false 2q2t 1q4t untrusted 0 false Protocol -------IP IPX MAC IP IPX MAC
Admin Port ACL name group ----- ----- -------------------------------154 1/1 ip_acl ipx_acl mac_acl 154 1/2
Console>
Console> show channel group 154 info protcol Admin Port IP IPX Group group ----- ----- -------- -------- -------154 1/1 on auto-on auto-on 154 1/2 on auto-on auto-on Console> Console> show channel group 154 info gmrp Admin Port GMRP GMRP GMRP group status registration forwardAll ----- ----- -------- ------------ ---------154 1/1 enabled normal disabled 154 1/2 enabled normal disabled Console>
2-472
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show channel group
Console> show channel group 154 info gvrp Admin Port GVRP GVRP GVRP group status registeration applicant ----- ----- -------- ------------- --------154 1/1 disabled normal normal 154 1/2 disabled normal normal Console> Console> show channel group 769 info qos Chan Port Qos-Tx Qos-Rx Qos-Trust Qos-DefCos Qos-Interface id PortType PortType Type Type ---- ----- -------- -------- ------------ ---------- -------------769 1/1 2q2t 1q4t untrusted 0 port-based 769 1/2 2q2t 1q4t untrusted 0 port-based Chan Port ACL name Type id ---- ----- -------------------------------- ---769 1/1 IP IPX MAC 769 1/2 IP IPX MAC Console>
Related Commands
2-473
show config
Use the show config command to display the nondefault system or module configuration. show config {system | mod} [all]
Syntax Description
Keyword to display system configuration. Keyword to display module configuration. (Optional) Keyword to specify all module and system configuration information, including the IP address.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the nondefault system and module configuration:
Console> (enable) show config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. ........ .. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Mon Apr 17 2000, 08:33:09 ! #version 5.5(1) #System Web Interface Version 5.0(0.25) ! set editing disable ! #frame distribution method set port channel all distribution mac unknown ! #snmp set snmp trap 0.0.0.0 set snmp trap 0.0.0.0 ! #kerberos set kerberos server 0.0.0.0 set kerberos server 0.0.0.0 set kerberos realm set kerberos realm !
2-474
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show config
#vtp set vtp domain Lab_Network set vtp v2 enable set vtp pruning enable set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 2 name VLAN0002 type ethernet mtu 1500 said 100002 state active set vlan 6 name VLAN0006 type ethernet mtu 1500 said 100006 state active set vlan 10 name VLAN0010 type ethernet mtu 1500 said 100010 state active set vlan 20 name VLAN0020 type ethernet mtu 1500 said 100020 state active set vlan 50 name VLAN0050 type ethernet mtu 1500 said 100050 state active set vlan 100 name VLAN0100 type ethernet mtu 1500 said 100100 state active set vlan 152 name VLAN0152 type ethernet mtu 1500 said 100152 state active set vlan 200 name VLAN0200 type ethernet mtu 1500 said 100200 state active set vlan 300 name VLAN0300 type ethernet mtu 1500 said 100300 state active set vlan 303 name VLAN0303 type fddi mtu 1500 said 100303 state active set vlan 400 name VLAN0400 type ethernet mtu 1500 said 100400 state active set vlan 500 name VLAN0500 type ethernet mtu 1500 said 100500 state active set vlan 521 name VLAN0521 type ethernet mtu 1500 said 100521 state active set vlan 524 name VLAN0524 type ethernet mtu 1500 said 100524 state active set vlan 570 name VLAN0570 type ethernet mtu 1500 said 100570 state active set vlan 801 name VLAN0801 type trbrf mtu 4472 said 100801 state active bridge set vlan 850 name VLAN0850 type ethernet mtu 1500 said 100850 state active set vlan 917 name VLAN0917 type ethernet mtu 1500 said 100917 state active set vlan 999 name VLAN0999 type ethernet mtu 1500 said 100999 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state acti set vlan 1005 name trbrf-default type trbrf mtu 4472 said 101005 state active b set vlan 802 name VLAN0802 type trcrf mtu 4472 said 100802 state active parent set vlan 1003 name trcrf-default type trcrf mtu 4472 said 101003 state active p set vlan 3 translation 303 translation 0 set vlan 4 translation 304 translation 0 set vlan 5 translation 305 translation 0 set vlan 303 translation 3 translation 0 set vlan 304 translation 4 translation 0 set vlan 305 translation 5 translation 0 set vlan 351 translation 524 translation 0 set vlan 524 translation 351 translation 0 ! #ip set interface sc0 1 1.10.11.212/255.255.255.0 1.10.11.255 set ip route 0.0.0.0/0.0.0.0 172.20.52.126 set ip route 0.0.0.0/0.0.0.0 172.20.52.125 set ip route 0.0.0.0/0.0.0.0 172.20.52.121 ! #rcp set rcp username 1 ! #dns set ip dns server 171.68.10.70 primary set ip dns server 171.68.10.140 set ip dns enable set ip dns domain cisco.com ! #spantree set spantree fwddelay 4 801 set spantree maxage 10 801 #portfast set spantree portfast bpdu-guard enable #vlan 802 set spantree fwddelay 4 802 set spantree maxage 10 802 set spantree portstate 802 block 801 #vlan 1003
2-475
set spantree fwddelay 4 1003 set spantree maxage 10 1003 set spantree portstate 1003 block 1005 ! #syslog set logging server 172.20.101.182 ! #set boot command set boot config-register 0x100 set boot system flash bootflash:cat6000-sup.5-5-1.bin ! #HTTP commands set ip http server enable set ip http port 1922 ! # default port status is disable ! #mls set mls nde disable ! #qos set qos enable set qos map 1q4t 1 1 cos 2 set qos map 1q4t 1 1 cos 3 set qos map 1q4t 1 1 cos 4 set qos map 1q4t 1 1 cos 5 set qos map 1q4t 1 1 cos 6 set qos map 1q4t 1 1 cos 7 ! #Accounting set accounting commands enable config stop-only tacacs+ ! # default port status is enable ! #module 1 : 2-port 1000BaseX Supervisor ! #module 2 empty ! #module 3 : 48-port 10/100BaseTX (RJ-45) set spantree portfast 3/8 enable ! #module 4 empty ! #module 5 : 48-port 10/100BaseTX (RJ-45) ! #module 6 empty ! set vlan 100 6/1 set spantree portcost 6/1 200 ! #module 7 : 24-port 10/100BaseTX Ethernet set vlan 5 7/5 set vlan 100 7/23 set vlan 200 7/9 set port disable 7/5 set set set set set set set set port port port port port port port port name security security security security security security security 7/9 1528 Hub 7/10 enable 7/10 maximum 200 7/10 00-11-22-33-44-55 7/10 00-11-22-33-44-66 7/10 00-11-22-33-44-77 7/10 violation restrict 7/10 age 30
2-476
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show config
set trunk 7/1 desirable isl 1-1005 set trunk 7/2 desirable isl 1-1005 set trunk 7/3 desirable isl 1-1005 set trunk 7/4 desirable isl 1-1005 set trunk 7/10 off negotiate 1-1005 set trunk 7/23 on isl 1-1005 set spantree portcost 7/23 150 set spantree portvlancost 7/23 cost 50 100 ! #module 8 empty ! #module 9 empty ! #module 15 empty ! #module 16 empty end Console>
This example shows how to display default and nondefault configuration information:
Console> show config all begin ! # ***** ALL (DEFAULT and NON-DEFAULT) CONFIGURATION ***** ! #Current time: Mon Apr 17 2000, 08:33:09 ! #version 5.51(1) ! set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 set prompt Console> set length 24 default set logout 20 set banner motd ^C^C ! #system set system baud 9600 set system modem disable set system name set system location set system contact ! ... <truncated display> #gvrp set gvrp dynamic-vlan-creation disable set gvrp disable end console>
2-477
#set boot command set boot config-register 0x2 set boot system flash bootflash:kk1 end Console>
This example shows how to display all system default and nondefault configuration information:
Console> show config system all begin ! #system set system baud 9600 set system modem disable set system name set system location set system contact ! end Console>
This example shows how to display default and nondefault configuration information for a specific module:
Console> show config 1 all begin ! #module 1 : 4-port 10/100BaseTX Supervisor set module name 1 set vlan 1 1/1-4 set port channel 1/1-4 off ... <truncated display> set port flowcontrol 1/1-4 receive on set cdp enable 1/1-4 set trunk 1/1 auto negotiate 1-1005 ... <truncated display> set trunk 1/4 auto negotiate 1-1005 set spantree portfast 1/1-4 disable ... <truncated display> set spantree portvlancost 1/4 cost 99
2-478
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show config
set port set gvrp set gvrp set port set gmrp set gmrp ! end Console>
gvrp 1/1-4 disable registration normal 1/1-4 applicant normal 1/1-4 gmrp 1/1-4 enable registration normal 1/1-4 fwdall disable 1/1-4
Related Commands
2-479
Syntax Description
acl_name all
Unique name that identifies the list to which the entry belongs. Keyword to specify all committed access lists.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Related Commands
commit
2-480
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show cops
show cops
Use the show cops command set to display COPS information. show cops info [diff-serv | rsvp+] [noalias] show cops pib show cops roles
Syntax Description
Keyword to display COPS status and configuration information. (Optional) Keyword to specify the RSVP+ server table. (Optional) Keyword to force the display to show only IP addresses, not IP aliases. Keyword to display the COPS policy tree information. Keyword to display the ports assigned to each role.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
The display output of the show cops pib command is a numeric dump of the PIB in terms of a PRID and its vector of values. For a few minutes after a switchover between active and standby supervisor engines, note that if you enter the show cops roles command, the output may be incorrect. If this is the case, the following warning displays:
COPS High Availability Switch Over in progress, hardware may be programmed differently than as suggested by the output of these commands.
Examples
This example shows how to display COPS status and configuration information:
Console> show cops info COPS general configuration --------------------------COPS domain name : Connection retry intervals : initial = 30 seconds increment = 30 seconds max = 300 seconds
2-481
COPS Diff-Serv client state --------------------------COPS connection state Last active server Primary configured server Secondary configured server COPS RSVP+ client state -----------------------COPS connection state Last active server Primary configured server Secondary configured server Console>
: : : :
This example shows how to display COPS RSVP+ status and configuration information:
Console> show cops info rsvp COPS general configuration --------------------------COPS domain name : Connection retry intervals : initial = 30 seconds increment = 30 seconds max = 300 seconds COPS RSVP+ client state -----------------------COPS connection state Last active server Primary configured server Secondary configured server Console>
: : : :
This example shows how to display the ports assigned to each role:
Console> show cops roles Admin Roles ------------------------------access_port backbone_port branch_office_port net_port Oper Roles ------------------------------access_port backbone_port branch_office_port Console> Mod/Ports --------------------------------------1/1-2,3/1-5,3/8 1/1-2,3/8 3/6-7,4/1-8 Mod/Ports --------------------------------------1/1-2,3/1-5,3/8 1/1-2,3/8 3/6-7,4/1-8
2-482
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show cops
: : : : :
not-connected not-connected -
: : : : :
not-connected not-connected -
Related Commands
2-483
show counters
Use the show counters command to display hardware counters for a port. show counters mod/port
Syntax Description
mod/port
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the counters for module 2, port 1:
Note
The counters displayed may change depending on the module type queried.
Console> (enable) show counters 2/1 Generic counters version 1 64 bit counters 0 rxHCTotalPkts 1 txHCTotalPkts 2 rxHCUnicastPkts 3 txHCUnicastPkts 4 rxHCMulticastPkts 5 txHCMulticastPkts 6 rxHCBroadcastPkts 7 txHCBroadcastPkts 8 rxHCOctets 9 txHCOctets 10 rxTxHCPkts64Octets 11 rxTxHCPkts65to127Octets 12 rxTxHCPkts128to255Octets 13 rxTxHCPkts256to511Octets 14 rxTxHCpkts512to1023Octets 15 rxTxHCpkts1024to1518Octets 16 rxDropEvents
= = = = = = = = = = = = = = = = =
2170558 2588911 2142669 2585457 19552 1789 8332 1665 190513843 227423299 20996 4737279 1170 16 8 0 0
2-484
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show counters
32 bit counters 0 rxCRCAlignErrors 1 rxUndersizedPkts 2 rxOversizedPkts 3 rxFragmentPkts 4 rxJabbers 5 txCollisions 6 ifInErrors 7 ifOutErrors 8 ifInDiscards 9 ifInUnknownProtos 10 ifOutDiscards 11 txDelayExceededDiscards 12 txCRC 13 linkChange Dot3 counters version 1 0 dot3StatsAlignmentErrors 1 dot3StatsFCSErrors 2 dot3StatsSingleColFrames 3 dot3StatsMultiColFrames 4 dot3StatsSQETestErrors 5 dot3StatsDeferredTransmisions 6 dot3StatsLateCollisions 7 dot3StatsExcessiveCollisions 8 dot3StatsInternalMacTransmitErrors 9 dot3StatsCarrierSenseErrors 10 dot3StatsFrameTooLongs 11 dot3StatsInternalMacReceiveErrors Flowcontrol counters version 1 0 txPause 1 rxPause Console> (enable)
= = = = = = = = = = = = = = = = = = = = = = = = = = = =
0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Table 2-15 describes the possible fields in the show counters command output.
Table 2-15 show counters Command Output Fields
Field
64-bit counters
Description Number of packets (including bad packets, broadcast packets, and multicast packets) received on a link. Number of packets (including bad packets, broadcast packets, and multicast packets) transmitted on a link. Number of packets, delivered by this sublayer to a higher (sub)layer, which were not addressed to a multicast or broadcast address at this sublayer. Number of packets that higher-level protocols requested be transmitted, and which were not addressed to a multicast or broadcast address at this sublayer, including those that were discarded or not sent.
rxHCMulticastPkts Number of packets, delivered by this sublayer to a higher (sub)layer, which were addressed to a multicast address at this sublayer. For a MAC layer protocol, this includes both Group and Functional addresses. txHCMulticastPkts Number of packets that higher-level protocols requested be transmitted, and which were addressed to a multicast address at this sublayer, including those that were discarded or not sent. For a MAC layer protocol, this includes both Group and Functional addresses.
2-485
Field
Description
rxHCBroadcastPkts Number of packets, delivered by this sublayer to a higher (sub)layer, which were addressed to a broadcast address at this sublayer. txHCBroadcastPkts Number of packets that higher-level protocols requested be transmitted, and which were addressed to a broadcast address at this sublayer, including those that were discarded or not sent. rxHCOctets txHCOctets Number of octets received on the interface, including framing characters. Number of octets transmitted out of the interface, including framing characters.
rxTxHCPkts64Octe Number of packets (including bad packets) received that were 64 octets in length (excluding ts framing bits but including FCS octets). rxTxHCPkts65to12 Number of packets (including bad packets) received that were between 65 and 127 octets in 7Octets length inclusive (excluding framing bits but including FCS octets). rxTxHCPkts128to2 Number of packets (including bad packets) received that were between 128 and 255 octets in 55Octets length inclusive (excluding framing bits but including FCS octets). rxTxHCPkts256to5 Number of packets (including bad packets) received that were between 256 and 511 octets in 11Octets length inclusive (excluding framing bits but including FCS octets). rxTxHCpkts512to1 Number of packets (including bad packets) received that were between 512 and 1023 octets in 023Octets length inclusive (excluding framing bits but including FCS octets). rxTxHCpkts1024to Number of packets (including bad packets) received that were between 1024 and 1518 octets in 1518Octets length inclusive (excluding framing bits but including FCS octets). rxDropEvents1
32-bit counters
Number of events in which packets were dropped by the probe due to lack of resources. Number of packets received that had a length (excluding framing bits, but including FCS octets) between 64 and 1518 octets, inclusive, and had either a bad FCS with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). Number of packets received that were less than 64 octets long (excluding framing bits, but including FCS octets) and were otherwise well-formed. Number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets) and were otherwise well-formed. Number of packets received that were less than 64 octets in length (excluding framing bits but including FCS octets) and had either a bad FCS with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). Number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either a bad FCS with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). The best estimate of the total number of collisions on this Ethernet segment. The value returned will depend on the location of the RMON probe. Section 8.2.1.3 (10Base5) and section 10.3.1.3 (10Base2) of IEEE standard 802.3 states that a station must detect a collision in the receive mode if three or more stations are transmitting simultaneously. A repeater port must detect a collision when two or more stations are transmitting simultaneously. Thus, a probe placed on a repeater port could record more collisions than a probe connected to a station on the same segment would. Probe location plays a much smaller role when considering 10BaseT.
rxCRCAlignErrors
rxJabbers3
txCollisions4
2-486
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show counters
Field ifInErrors
Description For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Number of octets transmitted out of the interface, including framing characters. Number of inbound packets that were chosen to be discarded even though no errors had been detected to prevent their delivery to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Number of inbound packets chosen to be discarded even though no errors had been detected to prevent their delivery to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space.
ifOutErrors ifInDiscards
txDelayExceededD Number of frames discarded by this port due to excessive transmit delay. iscards txCRC linkChange
Dot3 counters version 1
Number of CRC errors. Number of times the port toggled between a connect state to a non-connect state.
dot3StatsAlignmen A count of frames received on a particular interface that are not an integral number of octets in length and do not pass the FCS check. tErrors5 dot3StatsFCSError s6 A count of frames received on a particular interface that are an integral number of octets in length but do not pass the FCS check.
dot3StatsSingleCol A count of successfully transmitted frames on a particular interface for which transmission is Frames inhibited by exactly one collision. A frame that is counted by an instance of this object is also counted by the corresponding instance of either the ifOutUcastPkts, ifOutMulticastPkts, or ifOutBroadcastPkts, and is not counted by the corresponding instance of the dot3StatsMultipleCollisionFrames object. dot3Stats MultiColFrames A count of successfully transmitted frames on a particular interface for which transmission is inhibited by more than one collision. A frame that is counted by an instance of this object is also counted by the corresponding instance of either the ifOutUcastPkts, ifOutMulticastPkts, or ifOutBroadcastPkts, and is not counted by the corresponding instance of the dot3StatsSingleCollisionFrames object.
dot3StatsSQETestE A count of times that the SQE TEST ERROR message is generated by the PLS sublayer for a rrors particular interface. The SQE TEST ERROR message is defined in section 7.2.2.2.4 of ANSI/IEEE 802.3-1985 and its generation is described in section 7.2.4.6 of the same document. dot3StatsDeferredT A count of frames for which the first transmission attempt on a particular interface is delayed ransmisions because the medium is busy. The count represented by an instance of this object does not include frames involved in collisions. dot3StatsLateCollis Number of times that a collision is detected on a particular interface later than 512 bit-times into the transmission of a packet. ions7 dot3StatsExcessive A count of frames for which transmission on a particular interface fails due to excessive Collisions collisions.
2-487
Field
Description
dot3StatsInternalM A count of frames for which transmission on a particular interface fails due to an internal MAC acTransmitErrors8 sublayer transmit error. A frame is only counted by an instance of this object if it is not counted by the corresponding instance of either the dot3StatsLateCollisions object, the dot3StatsExcessiveCollisions object, or the dot3StatsCarrierSenseErrors object. dot3StatsCarrierSe nseErrors Number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame on a particular interface. The count represented by an instance of this object is incremented at most once per transmission attempt, even if the carrier sense condition fluctuates during a transmission attempt.
dot3StatsFrameToo A count of frames received on a particular interface that exceeds the maximum permitted frame Longs size. The count represented by an instance of this object is incremented when the frameTooLong status is returned by the MAC service to the LLC (or other MAC user). Received frames for which multiple error conditions obtained are counted exclusively according to the error status presented to the LLC. dot3StatsInternalM A count of frames for which reception on a particular interface fails due to an internal MAC sublayer receive error. A frame is only counted by an instance of this object if it is not counted acReceiveErrors9 by the corresponding instance of either the dot3StatsFrameTooLongs object, the dot3StatsAlignmentErrors object, or the dot3StatsFCSErrors object.
Flowcontrol counters version 1
txPause rxPause
Number of control frames transmitted at the gigabit level. This counter is valid only on a Gigabit Ethernet port. Number of control frames received at the gigabit level. This counter is valid only on a Gigabit Ethernet port.
1. This number is not necessarily the number of packets dropped; it is just the number of times this condition has been detected. 2. It is entirely normal for etherStatsFragments to increment because it counts both runts (which are normal occurrences due to collisions) and noise hits. 3. This definition of jabber is different than the definition in IEEE-802.3 section 8.2.1.5 (10Base5) and section 10.3.1.4 (10Base2), which define jabber as the condition where any packet exceeds 20 ms. The allowed range to detect jabber is between 20 ms and 150 ms. 4. An RMON probe inside a repeater should ideally report collisions between the repeater and one or more other hosts (transmit collisions as defined by IEEE 802.3k) plus receiver collisions observed on any coax segments to which the repeater is connected. 5. This number is incremented when the alignmentError status is returned by the MAC service to the LLC (or other MAC user). Received frames for which multiple error conditions obtained are counted exclusively according to the error status presented to the LLC. 6. This number is incremented when the frameCheckError status is returned by the MAC service to the LLC (or other MAC user). Received frames for which multiple error conditions obtained are counted exclusively according to the error status presented to the LLC. 7. 512 bit-times corresponds to 51.2 microseconds on a 10-Mbps system. A (late) collision represented by an instance of this object is also considered as a (generic) collision for other collision-related statistics. 8. The precise meaning of the count represented by an instance of this object is implementation-specific. In particular, an instance of this object may represent a count of transmission errors on a particular interface not otherwise counted. 9. The precise meaning of the count represented by an instance of this object is implementation-specific. In particular, an instance of this object may represent a count of receive errors on a particular interface not otherwise counted.
Related Commands
clear counters
2-488
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands show default
show default
Use the show default command to check the status of the default port status setting. show default
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The command shows whether the set default portstatus command is in disable or enable mode.
Examples
This example shows how to display the status of the default port status:
Console> (enable) show default portstatus: disable Console> (enable)
Related Commands
2-483
show environment
Use the show environment command to display system status information. show environment [temperature | all ]
Syntax Description
temperature (Optional) Keyword to display temperature information. all (Optional) Keyword to display environmental status information (for example, power supply, fan status, and temperature information) and information about the power available to the system.
Defaults
If you do not enter a keyword, environmental status information (for example, power supply, fan status, and temperature information) only is displayed.
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
In the output of the show environment temperature and show environment all commands, you will notice three slot 1 displays. The first slot 1 is the actual supervisor engine. The second slot 1 is the switching engine, which is on the supervisor engine (slot 1) and has its own Intake, Exhaust, Device 1, and Device 2 temperature outputs. The third slot 1 is the MSFC, which is also on the supervisor engine, and has its own Intake, Exhaust, Device 1, and Device 2 temperature outputs.
Examples
2-484
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show environment
Chassis Modules -----------------VTT1: 25C(85C,100C) VTT2: 25C(85C,100C) VTT3: 25C(85C,100C) Console> (enable)
This example shows how to display environmental status information and details about the power available to the system:
Console> show environment all Environmental Status (. = Pass, F = Fail, U = Unknown, N = Not Present) PS1: . PS2: N PS1 Fan: . PS2 Fan: N Chassis-Ser-EEPROM: . Fan: . Clock(A/B): A Clock A: . Clock B: . VTT1: . VTT2: . VTT3: . Intake Temperature -----------24C(50C,65C) N/A 22C(50C,65C) 22C(50C,65C) 26C(50C,65C) Exhaust Temperature -----------32C(60C,75C) N/A 27C(60C,75C) 22C(60C,75C) 30C(60C,75C) Device 1 Temperature -----------27C N/A 28C N/A N/A Device 2 Temperature -----------32C N/A 28C N/A N/A
Chassis Modules -----------------VTT1: 25C(85C,100C) VTT2: 24C(85C,100C) VTT3: 25C(85C,100C) PS1 Capacity: 1153.32 Watts (27.46 Amps @42V) PS2 Capacity: none PS Configuration : PS1 and PS2 in Redundant Configuration. Total Power Available: 1153.32 Watts (27.46 Amps @42V) Total Power Available for Line Card Usage: 1153.32 Watts (27.46 Amps @42V) Total Power Drawn From the System: 453.18 Watts (10.79 Amps @42V) Remaining Power in the System: 700.14 Watts (16.67 Amps @42V) Default Inline Power allocation per port: 2.00 Watts (0.04 Amps @42V) Slot power Requirement/Usage : Slot Card Type PowerRequested Watts A @42V ---- ------------------- ------- -----1 WS-X6K-SUP1A-2GE 138.60 3.30 2 0.00 0.00 3 WS-X6380-NAM 63.00 1.50 5 WS-X6248-RJ-45 112.98 2.69 Console> PowerAllocated Watts A @42V ------- -----138.60 3.30 138.60 3.30 63.00 1.50 112.98 2.69 CardStatus ---------ok none ok ok
Related Commands
2-485
Syntax Description
mod
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you see a partial-deny card status, this is an indication that some module ports are inline powered but not all the ports on the module.
Examples
This example shows how to display the environment power for all modules:
Console> show environment power PS1 Capacity: 1153.32 Watts (27.46 Amps @ 42V) PS2 Capacity: none PS Configuration : PS1 and PS2 in Redundant Configuration. Total Power Available: 1153.32 Watts (27.46 Amps @ 42V) Total Power Available for Line Card Usage: 1153.32 Watts (27.46 Amps @ 42V) Total Power Drawn From the System: 289.80 Watts (6.90 Amps @ 42V) Remaining Power in the System: 863.52 Watts (20.56 Amps @42V) Default inline power allocation: 10.5 Watts/port (0.25 Amps @ 42V) Slot power Requirement/Usage : Slot Card-Type Power-Requested Watts A @ 42V ------- ------0.00 0.00 138.60 3.30 114.24 2.72 109.20 2.60 112.98 2.69 84.84 2.02 105.00 2.50 Power-Allocated Watts A @ 42V ------- ------126.42 3.01 138.60 3.30 151.20 3.60 100.88 2.40 0 0 0 0 0 0 Card-Status -----------none ok ok partial-deny unknown power-bad power-deny
2-486
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show environment power
This example shows how to display the environment power for a specific module:
Console> show environment power 9 Module 9: Default Inline Power allocation per port: 9.500 Watts (0.22 Amps @42V) Total inline power drawn by module 9: 0 Watt Slot power Requirement/Usage : Slot Card Type PowerRequested Watts A @42V ---- ------------------- ------- -----9 WS-X6348 123.06 2.93 PowerAllocated CardStatus Watts A @42V ------- ------ ---------123.06 2.93 ok
Default Inline Power allocation per port: 9.500 Watts (0.22 Amps @42V) Port InlinePowered PowerAllocated Admin Oper Detected mWatt mA @42V ----- ----- ------ -------- ----- -------9/1 auto off no 0 0 9/2 auto off no 0 0 9/3 auto off no 0 0 9/4 auto off no 0 0 9/5 auto off no 0 0 9/6 auto off no 0 0 9/7 auto off no 0 0 9/8 auto off no 0 0 9/9 auto off no 0 0 9/10 auto off no 0 0 9/11 auto off no 0 0 9/12 auto off no 0 0 <<<< output truncated >>>> 9/35 auto off no 0 0 9/36 auto off no 0 0 9/37 auto off no 0 0 9/38 auto off no 0 0 9/39 auto off no 0 0 9/40 auto off no 0 0 9/41 auto off no 0 0 9/42 auto off no 0 0 9/43 auto off no 0 0 9/44 auto off no 0 0 9/45 auto off no 0 0 9/46 auto off no 0 0 9/47 auto off no 0 0 9/48 auto off no 0 0 Console>
Related Commands
2-487
show errdisable-timeout
Use the show errdisable-timeout command to display the errdisable timeout configuration and status. show errdisable-timeout
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to display the errdisable timeout configuration and status:
Console> (enable) show errdisable-timeout ErrDisable Reason Timeout Status ------------------- -----------bpdu-guard Enable channel-misconfig Disable duplex-mismatch Enable udld Enable other Disable Interval: 300 seconds Ports that will be enabled at the next timeout: Port ErrDisable Reason ----- ----------------3/1 udld 3/8 bpdu-guard 6/5 udld 7/24 duplex-mismatch Console>(enable)
Related Commands
set errdisable-timeout
2-488
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show errordetection
show errordetection
Use the show errordetection command to display error detection settings. show errordetection
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
set errordetection
2-489
show file
Use the show file command to display the contents of a file that have been saved to Flash memory. show file [device:]filename [dump]
Syntax Description
(Optional) Device where the Flash memory resides. Name of the configuration file. (Optional) Keyword to show the hexadecimal dump of the file.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows how to display the contents of the configuration file saved to Flash memory:
Console> (enable) show file slot0:cfgfile begin ! #version 5.4 ! set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 set prompt Console> set length 24 default ! #system set system baud 9600 set system modem disable ... Console> (enable)
This example shows how to display the hexadecimal dump from a file:
Console> (enable) show file 8099d140 0A626567 696E0A21 8099d150 6E20352E 3328302E 8099d160 6E670A21 0A736574 8099d170 64202431 24464D46 8099d180 55737A56 48495268 8099d190 0A736574 20656E61 8099d1a0 24312446 4D465124 8099d1b0 7A564849 5268727A ... slot:cfgfile dump 0A237665 7273696F 31312942 4F552D45 20706173 73776F72 51244866 5A523544 727A3468 36563730 626C6570 61737320 48665A52 35445573 34683656 37300A73 .begin.!.#versio n 5.3(0.11)BOU-E ng.!.set passwor n $1$FMFQ$HfZR5D UszVHIRhrz4h6V70 .set enablepass $1$FMFQ$HfZR5DUs zVHIRhrz4h6V70.s
2-490
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show flash
show flash
Use the show flash command to list bootflash or Flash PC card information, including file code names, version numbers, volume ID, and sizes. show flash [[m/]device:] [all | chips | filesys]
Syntax Description
(Optional) Module number of the supervisor engine containing the Flash device. (Optional) Valid devices are bootflash and slot0. (Optional) Keyword to list deleted files, undeleted files, and files with errors on a Flash memory device. (Optional) Keyword to show information about the Flash chip. (Optional) Keyword to show the Device Info Block, the Status Info, the Usage Info, and the volume ID.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
Examples
These following examples show how to list supervisor engine Flash information:
Console> show flash -#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name 1 .D 2 2D6B310A 100fc0 15 1052123 Dec 30 1999 15:43:50 cat6k_r47_1.cbi 2 .. 2 43B312DF 201ed8 15 1052608 Dec 30 1999 10:23:30 cat6k_r47_1.cbi 6283877 bytes available (2104731 bytes used) Console> Console> show flash chips ******** Intel Series 2+ Status/Register Dump ******** ATTRIBUTE MEMORY REGISTERS: Config Option Reg (4000): Config Status Reg (4002): Card Status Reg (4100): Write Protect Reg (4104): Voltage Cntrl Reg (410C): Rdy/Busy Mode Reg (4140):
2 0 1 4 0 2
2-491
Intelligent ID Code : 8989A0A0 Compatible Status Reg: 8080 Global Status Reg: B0B0 Block Status Regs: 0 : B0B0 B0B0 B0B0 B0B0 8 : B0B0 B0B0 B0B0 B0B0 16 : B0B0 B0B0 B0B0 B0B0 24 : B0B0 B0B0 B0B0 B0B0 COMMON MEMORY REGISTERS: Bank 1 Intelligent ID Code : 8989A0A0 Compatible Status Reg: 8080 Global Status Reg: B0B0 Block Status Regs: 0 : B0B0 B0B0 B0B0 B0B0 8 : B0B0 B0B0 B0B0 B0B0 16 : B0B0 B0B0 B0B0 B0B0 24 : B0B0 B0B0 B0B0 B0B0
COMMON MEMORY REGISTERS: Bank 2 Intelligent ID Code : FF00FF IID Not Intel -- assuming bank not populated COMMON MEMORY REGISTERS: Bank 3 Console> Console> show flash all -#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name 1 .D 2 2D6B310A 100fc0 15 1052123 Dec 30 1999 15:43:50 cat6k_r47_1.cbi 2 .. 2 43B312DF 201ed8 15 1052608 Dec 30 1999 10:23:30 cat6k_r47_1.cbi 6283877 bytes available (2104731 bytes used) -------- F I L E S Y S T E M S T A T U S -------Device Number = 0 DEVICE INFO BLOCK: Magic Number = 6887635 File System Vers = 10000 (1.0) Length = 800000 Sector Size = 20000 Programming Algorithm = 4 Erased State = FFFFFFFF File System Offset = 20000 Length = 7A0000 MONLIB Offset = 100 Length = C730 Bad Sector Map Offset = 1FFF8 Length = 8 Squeeze Log Offset = 7C0000 Length = 20000 Squeeze Buffer Offset = 7E0000 Length = 20000 Num Spare Sectors = 0 Spares: STATUS INFO: Writable NO File Open for Write Complete Stats No Unrecovered Errors USAGE INFO: Bytes Used = 201D9B Bytes Available = 5FE265 Bad Sectors = 0 Spared Sectors = 0 OK Files = 1 Bytes = 100FC0 Deleted Files = 1 Bytes = 100DDB Files w/Errors = 0 Bytes = 0 ******** Intel Series 2+ Status/Register Dump ******** ATTRIBUTE MEMORY REGISTERS: Config Option Reg (4000): 2 Config Status Reg (4002): 0 Card Status Reg (4100): 1
2-492
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show flash
Write Protect Reg (4104): 4 Voltage Cntrl Reg (410C): 0 Rdy/Busy Mode Reg (4140): 2 COMMON MEMORY REGISTERS: Bank 0 Intelligent ID Code : 8989A0A0 Compatible Status Reg: 8080 Global Status Reg: B0B0 Block Status Regs: 0 : B0B0 B0B0 B0B0 B0B0 8 : B0B0 B0B0 B0B0 B0B0 16 : B0B0 B0B0 B0B0 B0B0 24 : B0B0 B0B0 B0B0 B0B0 COMMON MEMORY REGISTERS: Bank 1 Intelligent ID Code : 8989A0A0 Compatible Status Reg: 8080 Global Status Reg: B0B0 Block Status Regs: 0 : B0B0 B0B0 B0B0 B0B0 8 : B0B0 B0B0 B0B0 B0B0 16 : B0B0 B0B0 B0B0 B0B0 24 : B0B0 B0B0 B0B0 B0B0
COMMON MEMORY REGISTERS: Bank 2 Intelligent ID Code : FF00FF IID Not Intel -- assuming bank not populated COMMON MEMORY REGISTERS: Bank 3 Intelligent ID Code : FF00FF IID Not Intel -- assuming bank not populated COMMON MEMORY REGISTERS: Bank 4 Intelligent ID Code : FF00FF IID Not Intel -- assuming bank not populated Console>
Related Commands
2-493
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If the port list exceeds the available line spaces, the list wraps to the next line.
Examples
2-494
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show gmrp configuration
Port based GMRP Configuration: GMRP Status Registration Forward All Port -------------------------------------------------------------------Enabled Fixed Disabled 2/1,3/1-2 Disabled Normal Disabled 2/5-6 Enabled Normal Disabled 1/1-2 Console> (enable)
Related Commands
2-495
Syntax Description
vlan
Defaults
The default is that if you do not specify a VLAN, statistics for VLAN 1 are shown.
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display all the GMRP-related statistics for VLAN 23:
Console> show gmrp statistics 23 GMRP Statistics for vlan <23>: Total valid GMRP Packets Received: Join Empties: Join INs: Leaves: Leave Alls: Empties: Fwd Alls: Fwd Unregistered: Total valid GMRP Packets Transmitted: Join Empties: Join INs: Leaves: Leave Alls: Empties: Fwd Alls: Fwd Unregistered: Total valid GMRP Packets Received: Total GMRP packets dropped: Total GMRP Registrations Failed: Console>
Related Commands
2-496
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show gmrp timer
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display all the values of the GMRP timers:
Console> (enable) show gmrp timer Timer Timer Value(milliseconds) --------------------------------------------Join 200 Leave 600 Leave All 10000 Console> (enable)
Related Commands
set gmrp timer set gvrp timer set garp timer show gmrp configuration
2-497
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If the port list exceeds the available line spaces, the list wraps to the next line. If no ports are GVRP participants, the message output changes from:
GVRP Participants running on port_list
to:
GVRP Participants running on no ports.
Examples
2-498
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show gvrp configuration
Related Commands
set gvrp set gvrp dynamic-vlan-creation set gvrp registration set gvrp timer clear gvrp statistics show gvrp statistics
2-499
Syntax Description
mod/port
Defaults
The default is, that if you do not specify a VLAN, statistics for VLAN 1 are shown.
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display GVRP statistics for module 2, port 1:
Console> show gvrp statistics 2/1 GVRP enabled GVRP statistics for port 2/1: Total valid pkts rcvd: Total invalid pkts recvd General Queries recvd Group Specific Queries recvd MAC-Based General Queries recvd Leaves recvd Reports recvd Queries Xmitted GS Queries Xmitted Reports Xmitted Leaves Xmitted Failures to add GDA to EARL Topology Notifications rcvd GVRP packets dropped Console>
Table 2-15 describes the fields in the show gvrp statistics output.
Table 2-15 show gvrp statistics Command Output Fields
Field GVRP Enabled Total valid pkts rcvd Total invalid pkts recvd General Queries recvd Group Specific Queries recvd
Description Status of whether GVRP is enabled or disabled. Total number of valid GVRP packets received. Total number of invalid GVRP packets received. Total number of GVRP general queries received. Total number of GVRP group-specific queries received.
2-500
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show gvrp statistics
Field MAC-Based General Queries recvd Leaves recvd Reports recvd Queries Xmitted GS Queries Xmitted Reports Xmitted Leaves Xmitted Failures to add GDA to EARL Topology Notifications rcvd GVRP packets dropped
Description Total number of MAC-based general queries received. Total number of GVRP leaves received. Total number of GVRP reports received. Total number of GVRP general queries transmitted by the switch. Total number of GVRP group specific-equivalent queries transmitted by the switch. Total number of GVRP reports transmitted by the switch. Total number of GVRP leaves transmitted by the switch. Total number of times the switch failed to add a multicast entry (GDA) to the EARL table. Total number of topology change notifications received by the switch. Total number of GVRP packets dropped by the switch.
Related Commands
set gvrp set gvrp dynamic-vlan-creation set gvrp registration set gvrp timer clear gvrp statistics show gvrp configuration
2-501
show ifindex
Use the show ifindex command to display the information of the specific ifIndex. show ifindex number
Syntax Description
number
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
You can designate multiple ifIndex numbers by separating each number with a comma. To specify a range of numbers, use a dash (-) between the low and high numbers.
Examples
2-502
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show igmp mode
Syntax Description
Defaults
Command Types
Switch.
Command Modes
Normal.
Usage Guidelines
The switch dynamically chooses either IGMP-only or IGMP/CGMP mode, depending on the traffic present on the network. IGMP-only mode is used in networks with no CGMP devices. IGMP/CGMP mode is used in networks with both IGMP and CGMP devices. The show igmp mode command output includes three fields:
IGMP ModePossible values are auto, igmp-only, and igmp-cgmp. IGMP-Operational-ModePossible values are igmp-only and igmp-cgmp. IGMP Address Aliasing ModePossible values are normal and fallback.
Examples
Related Commands
2-503
Syntax Description
vlan_id
Defaults
The default is that if you do not specify a VLAN, statistics for VLAN 1 are shown.
Command Types
Switch command.
Command Modes
Normal.
Examples
Table 2-16 describes the fields in the show igmp statistics output.
Table 2-16 show igmp statistics Command Output Fields
Field IGMP enabled Total valid pkts rcvd Total invalid pkts recvd General Queries recvd Group Specific Queries recvd
Description Status of whether IGMP snooping is enabled or disabled. Number of valid IGMP packets received. Number of invalid IGMP packets received. Number of IGMP general queries received. Number of IGMP group-specific queries received.
2-504
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show igmp statistics
Field MAC-Based General Queries recvd Leaves recvd Reports recvd Queries Xmitted GS Queries Xmitted Reports Xmitted Leaves Xmitted Failures to add GDA to EARL Topology Notifications rcvd IGMP packets dropped
Description Number of MAC-based general queries received. Number of IGMP leaves received. Number of IGMP reports received. Number of IGMP general queries transmitted by the switch. Number of IGMP group-specific equivalent queries transmitted by the switch. Number of IGMP reports transmitted by the switch. Number of IGMP leaves transmitted by the switch. Number of times the switch failed to add a multicast entry (GDA) to the EARL table. Number of topology change notifications received by the switch. Number of IGMP packets dropped by the switch.
Related Commands
clear igmp statistics clear multicast router set igmp set multicast router show multicast router show multicast group count
2-505
show imagemib
Use the show imagemib command to display image information provided in the CISCO-IMAGE-MIB for a particular image. show imagemib filename
Syntax Description
filename
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display CISCO-IMAGE-MIB information for the Flash image:
Console> (enable) show imagemib bootflash:cat6000-sup.5-5-1.bin show mib info for file bootflash:cn50 CW_BEGIN$cat6000-WS-X6K-SUP1$ CW_IMAGE$bootflash:at6000-sup.5-5-1.bin$ CW_FAMILY$Catalyst 6000 Switch$ CW_MODULE$Catalyst Supervisor Module$ CW_VERSION$5.5.1$ CW_MIN_DRAM$ 32 MB$ CW_MIN_BOOTFLASH$ 8 MB$ CW_MIN_NVRAM$ 512 KB$ CW_BUILDTIME$ Mar 24 2000 00:32:33$ CW_SYSDESCR$Catalyst Operating System$ CW_END$cat6000-WS-X6K-SUP1$ Console>
2-506
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show interface
show interface
Use the show interface command to display information on network interfaces. show interface
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Table 2-17 describes the fields in the show interface command output.
Table 2-17 show interface Command Output Fields
Description Information on the SLIP interface. Flags indicating the interface state (decoded in the subsequent field). Interface state (UP, DOWN, BROADCAST, LOOPBACK, POINTOPOINT, or RUNNING). IP address of the SLIP interface.
2-507
Description IP address of the host to which the console port will be connected. Information on the in-band interface. Number of the VLAN to which the sc0 interface has been assigned (known as the management VLAN). IP address of the interface. Network mask for the interface. Broadcast address for the interface. IP address of the DHCP server.
Related Commands
set interface
2-508
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands show ip alias
show ip alias
Use the show ip alias command to show a listing of defined IP aliases. show ip alias [name]
Syntax Description
name
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Related Commands
2-509
show ip dns
Use the show ip dns command to show the DNS name servers and the default DNS domain name. show ip dns
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the DNS name servers and the default DNS domain name:
Console> show ip dns DNS is currently enabled. The default DNS domain name is: cisco.com DNS name server --------------172.16.30.32 192.168.2.132 172.31.128.70 Console> status ------primary
Table 2-18 describes the fields in the show ip dns command output.
Table 2-18 show ip dns Command Output Fields
Field DNS is currently enabled default DNS domain name DNS name server status
Description Status of whether DNS is enabled or disabled. Default DNS domain name. IP addresses or IP aliases of the configured DNS servers. Primary DNS server.
Related Commands
clear ip dns domain clear ip dns server set ip dns set ip dns domain set ip dns server
2-510
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show ip http
show ip http
Use the show ip http command to view the HTTP configuration and the switch web interface information. show ip http
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the HTTP configuration and web interface information if the web interface is supported:
Console> show ip http HTTP Configuration Information: ---------------HTTP Server: enabled HTTP port: 80 Web Interface: Supported Switch Information: -----------------File: applet.html size: 912 bytes version: 5.0(0.26) date: 10/9/99 File: cvembopt.jar size: 3500000 bytes version: 5.0(0.26) date: 10/9/99 Active Web Interface Session: 1 ----------------------------Client IP Address: 192.20.20.45 Request Type: GET Request URI: /all-engine.jar Console>
2-511
This example shows the HTTP configuration and web interface information if the web interface is not supported:
Console> show ip http HTTP Configuration Information: ---------------HTTP Server: disabled HTTP port: 80 Web Interface: Not Supported Console>
Related Commands
2-512
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show ip permit
show ip permit
Use the show ip permit command to display the IP permit list information. show ip permit [noalias]
Syntax Description
noalias
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Table 2-19 describes the fields in the show ip permit command output.
Table 2-19 show ip permit Command Output Fields
Field IP permit list feature enabled Permit List Mask Denied IP Address
Description Status of whether the IP permit list feature is enabled or disabled. IP addresses and IP aliases that are allowed to access the switch. Subnet masks of permitted IP addresses. IP addresses and IP aliases that are not allowed to access the switch.
2-513
Description Date and time of the last attempt to log in to the switch from the address. Login-attempt type.
Related Commands
2-514
78-10558-02
2s2
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands show ip route
show ip route
Use the show ip route command to display IP routing table entries. show ip route [noalias]
Syntax Description
noalias
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Field Fragmentation Redirect Unreachable Destination Gateway RouteMask Flags Use Interface
Description Displays current setting of IP fragmentation. Displays current setting of ICMP redirect. Displays current setting of ICMP unreachable messages. Destination address IP route mask. IP address or IP alias of the gateway router. Determines which path is closer to the destination. Indicates route status; possible values are U=up, G=route to a Gateway, H=route to a Host, and D=Dynamically created by a redirect. Number of times a route entry was used to route packets. Type of interface.
Related Commands
2-515
show kerberos
Use the show kerberos command to display the Kerberos configuration. show kerberos
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Port:750
Table 2-21 describes the fields in the show kerberos command output.
Table 2-21 show kerberos Command Output Fields
Field Kerberos Local Realm Kerberos server entries Kerberos Domain<->Realm entries Kerberos Clients NOT Mandatory
Description Status of whether the local realm is configured. Status of servers entered into the switch. Kerberos domain and realm entries. Status of whether Kerberos has been configured as mandatory on the clients.
2-516
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show kerberos
Field Kerberos Credentials Forwarding Disabled Kerberos Pre Authentication Method Kerberos config key Kerberos SRVTAB entries
Description Status of whether credentials forwarding is enabled or disabled. Status of whether preauthentication is enabled or disabled. Status of whether a DES key has been configured. SRVTAB entries.
Related Commands
clear kerberos clients mandatory clear kerberos credentials forward clear kerberos realm clear kerberos server clear key config-key set kerberos clients mandatory set kerberos credentials forward set kerberos local-realm set kerberos realm set kerberos srvtab entry set kerberos srvtab remote set key config-key show kerberos creds
2-517
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Related Commands
clear kerberos credentials forward set kerberos credentials forward show kerberos
2-518
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show lcperroraction
show lcperroraction
Use the show lcperroraction command to display how your system handles LCP errors when a module reports an ASIC problem to the NMP. show lcperroraction
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to display the action that handles an LCP error:
Console> (enable) show lcperroraction LCP action level is: system Console> (enable)
Related Commands
set lcperroraction
2-519
show lda
Use the show lda command set to display the ASLB configuration information. show lda [committed | uncommitted] show lda mls entry show lda mls entry [destination ip_addr_spec] [source ip_addr_spec] [protocol protocol] [src-port src_port] [dst-port dst_port] [short | long] show lda mls statistics count show lda mls statistics entry show lda mls statistics entry [destination ip_addr_spec] [source ip_addr_spec] [protocol protocol] [src-port src_port] [dst-port dst_port]
Syntax Description
committed uncommitted mls entry destination ip_addr_spec source ip_addr_spec protocol protocol src-port src_port dst-port dst_port short | long count mls statistics entry
(Optional) Keyword to view committed configuration information. (Optional) Keyword to view configuration information that has not been committed. Keywords to display the ASLB MLS entries. (Optional) Full destination IP address or a subnet address in these formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit. (Optional) Full source IP address or a subnet address in these formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit. (Optional) Keyword and variable to specify additional flow information (protocol family and protocol port pair) to be matched; valid values include tcp, udp, icmp, or a decimal number for other protocol families. (Optional) Keyword and variable to specify the number of the TCP/UDP source port (decimal). Used with dst-port to specify the port pair if the protocol is tcp or udp. 0 indicates do not care. (Optional) Keyword and variable to specify the number of the TCP/UDP destination port (decimal). Used with src-port to specify the port pair if the protocol is tcp or udp. 0 indicates do not care. (Optional) Keyword to specify the width of the display. Keyword to display the number of active ASLB MLS entries. Keywords to display statistics information.
Defaults
Command Types
Switch command.
2-520
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show lda
Command Modes
Normal.
Usage Guidelines
Entering the destination keyword specifies the entries matching the destination IP address specification, entering the source keyword specifies the entries matching the source IP address specification, and entering an ip_addr_spec can specify a full IP address or a subnet address. If you do not specify a keyword, it is treated as a wildcard, and all entries are displayed. When entering the ip_addr_spec, use the full IP address or a subnet address in one of the following formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit. Entering the destination keyword specifies the entries matching the destination IP address specification, entering the source keyword specifies the entries matching the source IP address specification, and entering an ip_addr_spec can specify a full IP address or a subnet address. If you do not specify a keyword, it is treated as a wildcard, and all entries are displayed. Use the following syntax to specify an IP subnet address:
ip_subnet_addrThis is the short subnet address format. The trailing decimal number 00 in an IP address YY.YY.YY.00 specifies the boundary for an IP subnet address. For example, 172.22.36.00 indicates a 24-bit subnet address (subnet mask 172.22.36.00/255.255.255.0), and 173.24.00.00 indicates a 16-bit subnet address (subnet mask 173.24.00.00/255.255.0.0). However, this format can identify only a subnet address with a length of 8, 16, or 24 bits. ip_addr/subnet_maskThis is the long subnet address format. For example, 172.22.252.00/255.255.252.00 indicates a 22-bit subnet address. This format can specify a subnet address of any bit number. To provide more flexibility, the ip_addr is allowed to be a full host address, such as 172.22.253.1/255.255.252.00. ip_addr/maskbitsThis is the simplified long subnet address format. The mask bits specify the number of bits of the network masks. For example, 172.22.252.00/22 indicates a 22-bit subnet address. The ip_addr is allowed to be a full host address, such as 172.22.254.1/22, which has the same subnet address as 172.22.252.00/72.
If you have disabled the ASLB feature, you can view the last configuration using the show lda uncommitted command. The short | long options give the flexibility to display the output in regular (80 characters in width) or wide screen. If you enter the show lda mls entry or the show lda mls statistics entry command with no keywords or variables, all entries are displayed.
Examples
2-521
LD Router Side: --------------Router and LD are on VLAN 110 LD is connected to switch port 4/26 on VLAN 110 LD Server Side: --------------Server(s) and LD are on VLAN 105 LD is connected to switch port 4/40 on VLAN 105 Console> (enable)
Note
The examples shown for the show lda mls entry commands are displayed in short format. The display in the long form exceeds the page width and cannot be shown. This example shows how to display ASLB MLS entries in short format:
Console> (enable) show lda mls entry short Destination-IP Source-IP Prot DstPrt SrcPrt Destination-Mac Vlan --------------- --------------- ----- ------ ------ ----------------- ---EDst ESrc DPort SPort Stat-Pkts Stat-Bytes Uptime Age ---- ---- ------ ------ ---------- ----------- -------- -------10.0.0.8 172.20.20.10 TCP 8 64 00-33-66-99-22-44 105 ARPA ARPA 4/25 0 0 00:00:02 00:00:05 10.0.0.8 172.20.20.11 ARPA ARPA 4/25 0 Console> (enable) TCP 0 8 64 00-33-66-99-22-44 105 00:00:05 00:00:08
This example shows how to display ASLB information for the source IP address in short format:
Console> (enable) show lda mls entry source 172.20.20.11 short Destination-IP Source-IP Prot DstPrt SrcPrt Destination-Mac Vlan --------------- --------------- ----- ------ ------ ----------------- ---EDst ESrc DPort SPort Stat-Pkts Stat-Bytes Uptime Age ---- ---- ------ ------ ---------- ----------- -------- -------10.0.0.8 172.20.20.11 TCP 8 64 00-33-66-99-22-44 105 ARPA ARPA 4/25 0 0 00:00:05 00:00:08 Console> (enable)
2-522
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show lda
This example shows how to display the number of active ASLB MLS entries:
Console> (enable) show lda mls statistics count LDA active shortcuts:20 Console> (enable)
This example shows how to display all ASLB MLS entry statistics:
Console> (enable) show lda mls statistics entry Last Used Destination IP Source IP Prot DstPrt SrcPrt --------------- --------------- ---- ------ -----10.0.0.8 172.20.20.10 TCP WWW 64 10.0.0.8 172.20.22.10 TCP WWW 64 Console> (enable)
Stat-Pkts ---------636 0
Stat-Bytes --------------29256 0
This example shows how to display the statistics for a specific destination IP address:
Console> (enable) show lda mls statistics entry destination 172.20.22.14 Last Used Last Used Destination IP Source IP Prot DstPrt SrcPrt Stat-Pkts Stat-Bytes --------------- --------------- ---- ------ ------ ---------- --------------172.20.22.14 172.20.25.10 6 50648 80 3152 347854 Console> (enable)
Related Commands
2-523
show log
Use the show log command to display the error log for the system or a specific module. show log [mod] show log dump [-count]
Syntax Description
(Optional) Number of the module for which the log is displayed. Keyword to display dump log information. (Optional) Number of dump log entries to display.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
To display the contents of ASIC error messages as soon as they are received from SLCP/LCP, see the set logging server command. You can use the dump keyword to display log dump information generated when certain events occur, such as memory corruption.
Examples
This example shows a partial display of the output from the show log command:
Console> show log Network Management Processor (ACTIVE NMP) Log: Reset count: 10 Re-boot History: Mar 22 2000 10:34:09 0, Mar 17 2000 15:35:11 Mar 13 2000 17:40:16 0, Mar 13 2000 13:14:08 Mar 13 2000 11:57:30 0, Feb 24 2000 10:04:18 Feb 17 2000 08:57:19 0, Feb 15 2000 11:51:27 Feb 11 2000 12:45:09 0, Jan 26 2000 15:00:25 Bootrom Checksum Failures: 0 UART Failures: Flash Checksum Failures: 0 Flash Program Failures: Power Supply 1 Failures: 0 Power Supply 2 Failures: Swapped to CLKA: 0 Swapped to CLKB: Swapped to Processor 1: 0 Swapped to Processor 2: DRAM Failures: 0 Exceptions: 0
0 0 0 0 0 0 0 0 0 0
2-524
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show log
Heap Memory Log: Corrupted Block = none NVRAM log: 01. 1/25/2000,17:39:10: convertCiscoMIB:PreSac(0) checksum failed: 0xFFFF(0xE507 ) Module 3 Log: Reset Count: 14 Reset History: Wed Fri Wed Tue
22 17 15 14
Table 2-22 describes the possible fields in the output from the show log command.
Table 2-22 show log Command Output Fields
Field
Description
Network Management Log that applies to the NMP on the supervisor engine. Processor (ACTIVE NMP) Log Reset Count Re-boot History Bootrom Checksum Failures UART Failures Flash Checksum Failures Flash Program Failures Power Supply 1 Failures Power Supply 2 Failures Swapped to CLKA Swapped to CLKB Swapped to Processor 1 Swapped to Processor 2 DRAM Failures Exceptions: Last software reset by user NVRAM log Reset Count Reset History Number of times the system has reset. Date and times the system has rebooted. Number of bootrom checksum failures. Number of times the UART has failed. Number of times the Flash Checksum has failed. Number of times the Flash Program has failed. Number of times Power Supply 1 has failed. Number of times Power Supply 2 has failed. Number of times a switchover to clock A has occurred. Number of times a switchover to clock B has occurred. Number of times a switchover to processor 1 has occurred. Number of times a switchover to processor 2 has occurred. Number of times the DRAM has failed. Exceptions log. Date of the last time the software was reset. Number of times NVRAM errors have occurred. Number of times the system has reset. Date and times the system has reset.
2-525
Related Commands
clear log
2-526
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show logging
show logging
Use the show logging command to display the system message log information. show logging [noalias]
Syntax Description
noalias
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the default system message log configuration:
Console <enable> show logging noalias Logging buffered size: 500 timestamp option: enabled Logging history size: 1 Logging console: enabled Logging server: disabled server facility: LOCAL7 server severity: warnings(4) Current logging session: enabled Facility ------------acl cdp cops dtp dvlan earl filesys gvrp ip kernel ld mcast mgmt mls pagp protfilt pruning privatevlan qos radius rsvp security Severity Current Session Severity ----------------------- -----------------------2 4 2 5 2 2 2 2 2 2 2 2 5 5 5 2 2 2 2 2 2 2 2 4 2 5 2 2 2 2 2 2 2 2 5 5 5 2 2 2 2 2 2 2
2-527
snmp spantree sys tac tcp telnet tftp udld vtp 0(emergencies) 3(errors) 6(information) Console> (enable)
2 2 5 2 2 2 2 4 2 2(critical) 5(notifications)
Table 2-23 describes the fields in the show logging command output.
Table 2-23 show logging Command Output Fields
Field Logging buffered size timestamp option Logging history size Logging console Logging server Facility Server/Severity
Description Size of the logging buffer. Status of whether the timestamp option is enabled or disabled. Size of the logging history buffer. Status of whether logging to the console is enabled or disabled. Status of whether logging to the logging server is enabled or disabled. Name of the facility to be logged. Severity level at which point an error from that facility is logged.
Current Session Severity Severity level at which point an error from that facility is logged during the current session. 0 (emergencies), 1 (alerts)... Key to the numeric severity level codes.
Related Commands
clear logging server set logging console set logging history set logging level set logging server set logging session show logging buffer
2-528
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show logging buffer
Syntax Description
number_of_messages
(Optional) Keyword to force the display to show system messages starting from the end of the buffer. (Optional) Number of system messages to be displayed; valid values are from 1 to 1023.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not enter the keyword, system messages are displayed from the beginning of the buffer. If you do not specify the number_of_messages, all messages in the buffer are displayed.
Examples
This example shows how to display the first four system messages from the internal buffer:
Console <enable> show logging buffer 4 1999 Dec 1999 Dec 1999 Dec 1999 Dec Console> 28 15:18:21 28 15:18:24 28 15:18:31 28 15:18:32 (enable) %SYS-1-SYS_NORMPWRMGMT:System in normal power management on %SYS-5-MOD_PWRON:Module 2 powered up %MLS-5-NDEDISABLED:Netflow Data Export disabled %MLS-5-MCAST_STATUS:IP Multicast Multilayer Switching is ed
This example shows how to display the last four system messages from the internal buffer:
Console <enable> show logging buffer -4 1999 Dec 28 15:18:32 %MLS-5-MCAST_STATUS:IP 1999 Dec 28 15:18:32 %SYS-5-MOD_OK:Module 1 1999 Dec 28 15:19:07 %SYS-5-MOD_OK:Module 2 1999 Dec 28 15:19:27 %PAGP-5-PORTTOSTP:Port Console <enable> Multicast Multilayer Switching is ed is online is online 2/1 joined bridge port 2/1
Related Commands
2-529
show mac
Use the show mac command to display MAC counters. show mac [mod[/port]]
Syntax Description
mod/[/port]
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify a module number, all modules are shown. If you do not specify a port number, all ports are shown. The Out-Discards field displays the number of outbound packets chosen to be discarded even though no errors had been detected to prevent being transmitted. One possibility for discarding such a packet could be to free up buffer space.
Examples
This example shows how to display MAC information for port 1 on module 3:
Console> show mac 3/1 Port Rcv-Unicast Rcv-Multicast Rcv-Broadcast -------- -------------------- -------------------- -------------------3/1 0 22636 1 Port Xmit-Unicast Xmit-Multicast Xmit-Broadcast -------- -------------------- -------------------- -------------------3/1 3690 1888064 305202 Port Rcv-Octet Xmit-Octet -------- -------------------- -------------------3/1 9310072 162180717 MAC Dely-Exced MTU-Exced In-Discard Out-Discard -------- ---------- ---------- ---------- ----------3/1 0 0 0 0 Port Last-Time-Cleared ----- -------------------------3/1 Wed Jan 14 2004, 07:59:35 Console>
Table 2-24 describes the possible fields in the show mac command output.
2-530
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show mac
Field MAC Rcv-Frms Xmit-Frms Rcv-Broad Xmit-Broad Dely-Exced MTU-Exced In-Discard Out-Discard Curr-Path TVX Upstream-Nbr Downstream-Nbr Old-Upstrm-Nbr Rcv-Smt Xmit-Smt Rcv-llc Xmit-llc Rcv-Octet Xmit-Octet Rcv-Unicast Rcv-Broadcast Xmit-Unicast Xmit-Broadcast Tvx-Exp-Ct Last-Time-Cleared
Description Module and port. Frames received on the port. Frames transmitted on the port. Broadcast frames received on the port. Broadcast frames transmitted on the port. Total transmit frames aborted due to excessive deferral. Frames for which the MTU size was exceeded. Incoming frames that were discarded because the frame did not need to be switched. The number of outbound packets chosen to be discarded even though no errors had been detected to prevent their being transmitted. Current path used (primary or secondary). Value of the valid transmission timer. MAC address of the current upstream neighbor. MAC address of the current downstream neighbor. MAC address of the previous upstream neighbor. Number of SMT frames received by the port. Number of NSMT frames transmitted by the port. Number of NLLC frames received by the port. Number of LLC frames transmitted by the port. Number of octet frames received on the port. Number of octet frames transmitted on the port. Number of unicast frames received on the port. Number of broadcast frames received on the port. Number of unicast frames transmitted on the port. Number of broadcast frames transmitted on the port. Number of times the TVX timer expired. Date and time of the last clear counters command.
2-531
show microcode
Use the show microcode command to display the version of the microcode and the module version information. show microcode
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the show microcode output for a supervisor engine:
Console> show microcode Bundled Images Version Size --------------- -------------------- ------LCP SLCP 4.2(0.24)VAI58 302506 LCP LX1000 4.2(0.24)VAI58 288508 LCP LX10100 4.2(0.24)VAI58 379810 Built ----------------12/03/98 03:51:46 12/03/98 03:53:12 12/03/98 03:52:33
Table 2-25 describes possible fields in the show microcode command output.
Table 2-25 show microcode Command Output Fields
Description Name of the bundled image. Version of the image. Size of the image. Date image was built.
2-532
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show mls
show mls
Use the show mls command set to display MLS Layer 3 packet information in the MLS-based Catalyst 6000 family switches. show mls [ip | ipx] [mod] show mls nde
Syntax Description
(Optional) Keyword to specify IP MLS. (Optional) Keyword to specify IPX MLS. (Optional) Number of the MSFC; valid values are 15 and 16. Keyword to display NDE information.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you enter any of the show mls commands on Catalyst 6000 family switches without IP or IPX MLS, one of these warning messages display:
Multilayer switching not supported on feature card.
or
IPX Multilayer switching not supported on feature card.
If you place the MSFC on a supervisor engine installed in slot 1, then the MSFC is recognized as module 15. If you install the supervisor engine in slot 2, the MSFC is recognized as module 16.
Examples
This example shows the display if you enter the show mls command with no arguments:
Console> (enable) show mls Total Active MLS entries = 0 Total packets switched = 0 IP Multilayer switching enabled IP Multilayer switching aging time = 256 seconds IP Multilayer switching fast aging time = 0 seconds, packet threshold = 0 IP Flow mask: Full Flow Configured flow mask is Destination flow Active IP MLS entries = 0 Netflow Data Export version: 8 Netflow Data Export disabled Netflow Data Export port/host is not configured Total packets exported = 0
2-533
MSFC ID Module XTAG MAC Vlans --------------- ------ ---- ----------------- -------------------52.0.03 15 1 01-10-29-8a-0c-00 1,10,123,434,121 222,666,959 IPX Multilayer switching enabled IPX Multilayer switching aging time = 256 seconds IPX Flow mask: Full Flow Active IPX MLS entries = 0 MSFC ID Module XTAG MAC Vlans --------------- ------ ---- ----------------- -------------------52.0.0.3 16 1 00-10-29-8a-0c-00 1,10 Console> (enable)
Related Commands
set mls agingtime set mls exclude protocol set mls nde set mls statistics protocol clear mls
2-534
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show mls entry
Syntax Description
mod short long ip destination ip_addr_spec source protocol protocol src-port src_port
(Optional) MSFC module number; valid values are 15 or 16. (Optional) Keyword to display the output with carriage returns. (Optional) Keyword to display the output on one line. Keyword to specify IP MLS. (Optional) Keyword to specify the destination IP or IPX address. (Optional) Full IP address or a subnet address. (Optional) Keyword to specify the source IP or IPX address. (Optional) Keyword to specify the protocol type. (Optional) Protocol type; valid values can be 0, tcp, udp, icmp, or a decimal number for other protocol families. 0 indicates do not care. (Optional) Keyword and variable to specify the number of the TCP/UDP source port (decimal). Used with dst-port to specify the port pair if the protocol is tcp or udp. 0 indicates do not care. (Optional) Keyword and variable to specify the number of the TCP/UDP destination port (decimal). Used with src-port to specify the port pair if the protocol is tcp or udp. 0 indicates do not care. Keyword to specify IPX MLS. (Optional) Full IPX address or a subnet address.
dst-port dst_port
ipx ipx_addr_spec
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you use the ip keyword, you are specifying a command for IP MLS. If you use the ipx keyword, you are specifying a command for IPX MLS. When entering the ip_addr_spec, use the full IP address or a subnet address in one of the following formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit.
2-535
When entering the ipx_addr_spec, use the full IP address or a subnet address in one of the following formats: src_net/[mask], dest_net.dest_node, or dest_net/mask. If you enter any show mls command on Catalyst 6000 family switches without IP MLS, this warning message displays:
Multilayer switching not supported on feature card.
If you enter any show mls command on Catalyst 6000 family switches without IPX MLS, this warning message displays:
IPX Multilayer switching not supported on feature card.
If you enter the show mls command with no arguments, general IP MLS information and all IP MLS-RP information displays. A value 0 for src_port and dst_port means dont care. Entering the destination keyword specifies the entries matching the destination IP address specification, entering the source keyword specifies the entries matching the source IP address specification, and entering an ip_addr_spec can specify a full IP address or a subnet address. If you do not specify a keyword, it is treated as a wildcard, and all entries are displayed. Use the following syntax to specify an IP subnet address:
ip_subnet_addrThis is the short subnet address format. The trailing decimal number 00 in an IP address YY.YY.YY.00 specifies the boundary for an IP subnet address. For example, 172.22.36.00 indicates a 24-bit subnet address (subnet mask 172.22.36.00/255.255.255.0), and 173.24.00.00 indicates a 16-bit subnet address (subnet mask 173.24.00.00/255.255.0.0). However, this format can identify only a subnet address with a length of 8, 16, or 24 bits. ip_addr/subnet_maskThis is the long subnet address format. For example, 172.22.252.00/255.255.252.00 indicates a 22-bit subnet address. This format can specify a subnet address of any bit number. To provide more flexibility, the ip_addr is allowed to be a full host address, such as 172.22.253.1/255.255.252.00. ip_addr/maskbitsThis is the simplified long subnet address format. The mask bits specify the number of bits of the network masks. For example, 172.22.252.00/22 indicates a 22-bit subnet address. The ip_addr is allowed to be a full host address, such as 172.22.254.1/22, which has the same subnet address as 172.22.252.00/72.
The [long | short] option gives the flexibility to display the output in regular (80 characters in width) or wide screen. Dashes may be displayed for some fields if the fields are not applicable to the type of flow mask. If you place the MSFC on a supervisor engine installed in slot 1, then the MSFC is recognized as module 15. If you install the supervisor engine in slot 2, the MSFC is recognized as module 16.
Examples
Note
The examples shown for the show mls commands are displayed in short format. The display in the long form exceeds the page width and cannot be shown.
2-536
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show mls entry
This example shows how to display all MLS packet entry information:
Console> (enable) show mls entry short Destination-IP Source-IP Prot DstPrt --------------- --------------- ----- -----ESrc EDst SPort DPort Stat-Pkts Stat-Byte ---- ---- ----- ----- --------------------171.69.200.234 171.69.192.41 TCP* 6000 ARPA SNAP 5/8 11/1 3152 347854 171.69.1.133 171.69.192.42 UDP 2049 SNAP ARPA 5/8 1/1 2345 123456 Total IP entries: 2 Destination-IPX Source-IPX-net Destination-Mac Vlan Port ------------------------- -------------- ----------------- ---- ----Stat-Pkts Stat-Bytes --------- ----------BABE.0000.0000.0001 00-a0-c9-0a-89-1d 211 13/37 30230 201.00A0.2451.7423 00-a0-24-51-74-23 201 14/33 30256 31795084 501.0000.3100.0501 31-00-05-01-00-00 501 9/37 12121 323232 401.0000.0000.0401 00-00-04-01-00-00 401 3/1 4633 38676 Total IPX entries: 4 Console> (enable) SrcPrt Destination-Mac ------ ----------------Uptime Age -------- -------59181 00-60-70-6c-fc-22 09:01:19 09:08:20 41636 00-60-70-6c-fc-23 09:03:32 09:08:12 Vlan ----
4 2
1510775
These examples show how to display different IP MLS packet entry information: Full flow:
Console> (enable) show mls entry ip short Destination-IP Source-IP Prot DstPrt SrcPrt Destination-Mac Vlan --------------- --------------- ----- ------ ---------------------- ---EDst ESrc DPort SPort Stat-Pkts Stat-Byte Uptime Age ---- ---- ----- ----- --------------------- -------- -------MSFC 127.0.0.24 (module 16): 171.69.200.234 171.69.192.41 TCP* 6000 59181 00-60-70-6c-fc-22 4 ARPA SNAP 5/8 11/1 3152 347854 09:01:19 09:08:20 171.69.1.133 171.69.192.42 UDP 2049 41636 00-60-70-6c-fc-23 2 SNAP ARPA 5/8 1/1 2345 123456 09:03:32 09:08:12 Total Entries:2 * indicates TCP flow has ended Console> (enable)
2-537
Destination-only flow:
Console> (enable) show mls entry ip short Destination-IP Source-IP Prot DstPrt SrcPrt Destination-Mac --------------- --------------- ----- ------ ------ ----------------ESrc EDst SPort DPort Stat-Pkts Stat-Byte Uptime Age ---- ---- ----- ----- --------------------- -------- -------MSFC 127.0.0.24 (module 16): 171.69.200.234 00-60-70-6c-fc-22 ARPA SNAP 5/8 11/1 3152 347854 09:01:19 09:08:20 171.69.1.133 00-60-70-6c-fc-23 SNAP ARPA 5/8 1/1 2345 123456 09:03:32 09:08:12 Total Entries: 2 * indicates TCP flow has ended Console> (enable) Vlan ----
4 2
Destination-source flow:
Console> (enable) show mls entry ip 16 short Destination-IP Source-IP Prot DstPrt Destination-IP Source-IP Prot DstPrt --------------- --------------- ----- -----ESrc EDst SPort DPort Stat-Pkts Stat-Byte ---- ---- ----- ----- --------------------MSFC 127.0.0.24 (module 16): 171.69.200.234 171.69.192.41 ARPA SNAP 5/8 11/1 3152 347854 171.69.1.133 171.69.192.42 SNAP ARPA 5/8 1/1 2345 123456 Total Entries: 2 * indicates TCP flow has ended Console> (enable) SrcPrt Destination-Mac Vlan ESrc EDst SrcPrt Destination-Mac Vlan ------ ----------------- ---Uptime Age -------- -------00-60-70-6c-fc-22 4 09:01:19 09:08:20 00-60-70-6c-fc-23 2 09:03:32 09:08:12
These examples show how to display different IPX MLS packet entry information: Destination-source:
Console> (enable) show mls entry ipx short Destination-IPX Source-IPX-net Destination-Mac ------------------------- -------------- ----------------Stat-Pkts Stat-Bytes --------- ----------MSFC 127.0.0.22 (Module 15): 201.00A0.2451.7423 1.0002 00-a0-24-51-74-23 30256 31795084 501.0000.3100.0501 1.0003 31-00-05-01-00-00 12121 323232 Total entries: 0 Console> (enable) Vlan Port ---- -----
201 501
14/33 9/37
2-538
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show mls entry
Destination-only flow:
Console> (enable) show mls entry ipx short Destination-IPX Source-IPX-net Destination-Mac ------------------------- -------------- ----------------Stat-Pkts Stat-Bytes --------- ----------MSFC 127.0.0.24 (module 16): BABE.0000.0000.0001 00-a0-c9-0a-89-1d 30230 1510775 201.00A0.2451.7423 00-a0-24-51-74-23 30256 31795084 501.0000.3100.0501 31-00-05-01-00-00 12121 323232 401.0000.0000.0401 00-00-04-01-00-00 4633 38676 Total entries: 4 Console> (enable) Console> (enable) show mls entry ipx 16 short Destination-IPX Source-IPX-net Destination-Mac ------------------------- -------------- ----------------Stat-Pkts Stat-Bytes --------- ----------MSFC 127.0.0.22 (Module 16): 501.0000.3100.0501 31-00-05-01-00-00 12121 323232 401.0000.0000.0401 00-00-04-01-00-00 4633 38676 Console> (enable) Vlan Port ---- -----
501 401
9/37 3/1
Related Commands
clear mls
2-539
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
Examples
This example shows how to display excluded protocols on TCP or UDP from being shortcuts:
Console> (enable) show mls exclude protocol Protocol-Port Excluded-From ------------- ------------89 TCP UDP 5 TCP 10 TCP UDP 122 UDP Note: MLS exclusion only works in full flow mode. Console. (enable)
Related Commands
2-540
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show mls multicast
Syntax Description
entry mod vlan vlan_id group ip_addr source ip_addr all long short statistics
Keyword to specify the IP multicast MLS packet entry. (Optional) Number of the MSFC; valid values are 15 and 16. (Optional) Keyword and variable to specify a VLAN. (Optional) Keyword and variable to specify a multicast group address. (Optional) Keyword and variable to specify a multicast traffic source. (Optional) Keyword to specify all IP multicast MLS entries on the switch. (Optional) Keyword to specify an output appropriate for terminals that support output 80-characters wide. (Optional) Keyword to specify an output appropriate for terminals that support output less than 80-characters wide. Keyword to display statistics for an MSFC.
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you enter the show mls multicast commands on Catalyst 6000 family switches without MLS, this warning message displays:
This feature is not supported on this device.
If you enter the show mls multicast entry commands with no arguments, all the MLS entries for multicast displays. If you disable DNS, no name can be specified or shown. Entering the vlan keyword specifies the VLAN entries matching this address specification, and entering an ip_addr can specify a full IP address or a subnet address. Entering the group keyword specifies the group entries matching this IP address specification. If you do not specify a keyword, it is treated as a wildcard, and all entries are displayed. A warning message is displayed if you disable the Layer 2 multicast protocol when the MMLS feature is running. If you place the MSFC on a supervisor engine installed in slot 1, then the MSFC is recognized as module 15. If you install the supervisor engine in slot 2, the MSFC is recognized as module 16.
2-541
Examples
This example shows how to display statistical information from MSFC 15:
Console> (enable) show mls multicast statistics 15 Router IP Router Name Router MAC -----------------------------------------------170.67.2.12 mothra 00-10-0d-38-a4-00 Transmit: Delete Notifications Acknowledgements: Flow Statistics: Receive Open Connection Requests: Keep Alive Messages: Shortcut Messages: Shortcut Install TLV: Selective Delete TLV: Update TLV: Input VLAN Delete TLV: Output VLAN Delete TLV: Global Delete TLV: MFD Install TLV: MFD Delete TLV: Console> (enable)
10 100 500 2 75 8 0 0 2 2 1 8 0
Note
The following examples for the show mls multicast entry command set are displayed in short format. The display in the long form exceeds the page width and cannot be shown. This example shows how to display IP MMLS entries for a specific MSFC and a specific multicast source address:
Console> (enable) show mls multicast entry 15 1.1.5.252 source 1.1.11.1 short Router IP Dest IP Source IP Pkts Bytes InVlan OutVlans --------------- --------------- --------------- ---------- ------------------------- ------------------------------------------------------172.20.49.159 224.1.1.6 1.1.40.4 368 57776 40 23,25 172.20.49.159 224.1.1.71 1.1.22.2 99 65142 22 30,37 172.20.49.159 224.1.1.8 1.1.22.2 396 235620 22 13,19 Console> (enable)
2-542
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show mls multicast
This example shows how to display IP MMLS entries for a specific multicast group address:
Console> (enable) show mls multicast entry group 224.1.1.1 Router IP Dest IP Source IP Pkts Bytes InVlan OutVlans --------------- --------------- --------------- ---------- ----------- ------- -------1.1.5.252 224.1.1.1 1.1.9.254 224.1.1.1 1.1.5.252 224.1.1.1 1.1.9.254 224.1.1.1 1.1.9.254 224.1.1.1 1.1.5.252 224.1.1.1 1.1.9.254 224.1.1.1 1.1.5.252 224.1.1.1 1.1.9.254 224.1.1.1 Total Entries: 9 Console> (enable) 1.1.11.1 1.1.12.3 1.1.12.3 1.1.11.1 1.1.12.1 1.1.13.1 1.1.13.1 1.1.12.1 1.1.11.3 15870 671400 15759 671853 671400 15840 670950 15840 671847 2761380 116823600 2742066 116902422 116823600 2756160 116745300 2756160 116901378 20 12 20 11 12 20 13 20 11
Related Commands
2-543
Syntax Description
protocol entry mod entry ip destination ip_addr_spec source protocol protocol src-port src_port dst-port dst_port ipx ipx_addr_spec
Keyword to specify a route processor. Keyword to specify the entry type. (Optional) Number of the MSFC; valid values are 15 or 16. Keyword to display statistics based on the specified option. (Optional) Keyword to specify IP MLS. (Optional) Keyword to specify the destination IP address. (Optional) Full IP address or a subnet address in the following formats: ip_addr, ip_addr/netmask, or ip_addr/maskbit. (Optional) Keyword to specify the source IP address. (Optional) Keyword and variable to specify additional flow information (protocol family and protocol port pair) to be matched; valid values are from 1 to 255, ip, ipinip, icmp, igmp, tcp, and udp. (Optional) Keyword and variable to specify the source port IP address. (Optional) Keyword and variable to specify the destination port IP address. Keyword to specify IPX MLS. (Optional) Full IPX address or a subnet address in one of the following formats: src_net/[mask], dest_net.dest_node, or dest_net/mask.
Command Types
Switch command.
Command Modes
Normal.
2-544
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show mls statistics
Usage Guidelines
When specifying the ip | ipx keyword, if you specify ip or do not enter a keyword, this means that the command is for IP MLS. If you specify ipx, this means the command is for IPX only. When entering the IPX address syntax, use the following format:
IPX net address1...FFFFFFFE IPX node addressx.x.x where x is 0...FFFF IPX addressipx_net.ipx_node (for example 3.0034.1245.AB45, A43.0000.0000.0001)
If you enter any of the show mls statistics protocol commands on a Catalyst 6000 family switch without MLS, this warning message displays:
Feature not supported in hardware.
If you enter the show mls statistics protocol command, the statistics in the protocol category, such as Telnet, FTP, or WWW are displayed. Note that this applies for full flowmask only. In flowmasks other than full flow, inapplicable fields will have a dash (similar to show mls entry outputs). A value 0 for src_port and dst_port means dont care. Note that this applies for full flowmask only. Use the following syntax to specify an IP subnet address:
ip_subnet_addrThis is the short subnet address format. The trailing decimal number 00 in an IP address YY.YY.YY.YY specifies the boundary for an IP subnet address. For example, 172.22.36.00 indicates a 24-bit subnet address (subnet mask 255.255.255.0), and 173.24.00.00 indicates a 16-bit subnet address (subnet mask 255.255.0.0). However, this format can identify only a subnet address with a length of 8, 16, or 24 bits. ip_addr/subnet_maskThis is the long subnet address format; for example, 172.22.252.00/255.255.252.00 indicates a 22-bit subnet address. This format can specify a subnet address of any bit number. To provide more flexibility, the ip_addr is allowed to be a full host address, such as 172.22.253.1/255.255.252.00, which has the same subnet address as ip_subnet_addr. ip_addr/maskbitsThis is the simplified long subnet address format. The mask bits specify the number of bits of the network masks. For example, 172.22.252.00/22 indicates a 22-bit subnet address. The ip_addr is allowed to be a full host address, such as 172.22.254.1/22, which has the same subnet address as 172.22.252.00/72.
If you place the MSFC on a supervisor engine installed in slot 1, then the MSFC is recognized as module 15. If you install the supervisor engine in slot 2, the MSFC is recognized as module 16.
Examples
This example shows how to display the statistics for all protocol categories:
Console> (enable) show mls statistics Protocol TotalFlows TotalPackets ---------------- -------------Telnet 900 630 FTP 688 2190 WWW 389 42679 SMTP 802 4966 X 142 2487 DNS 1580 52 Others 82 1 Total 6583 53005 Console> (enable) protocol Total Bytes -----------4298 3105 623686 92873 36870 1046 73 801951
2-545
This example shows how to display the statistics for all protocol categories:
Console> (enable) show mls statistics Last Used Destination IP Source IP Prot DstPrt SrcPrt --------------- --------------- ---- ------ -----172.20.22.14 172.20.25.10 6 50648 80 172.20.22.43 172.20.32.43 44 2323 324 Destination IPX ------------------------201.00A0.2451.7423 501.0000.3100.0501 Console> (enable) Source IPX net -------------1.0002 1.0003
This example shows how to display IP MLS statistics for MSFC 15:
Console> show mls statistics entry ip 15 destination 172.20.22.14 MSFC 127.0.0.12 (Module 15): Last Used Destination IP Source IP Prot DstPrt SrcPrt Stat-Pkts Stat-Bytes --------------- --------------- ---- ------ ------ --------- --------------172.20.22.14 172.20.25.10 6 50648 80 3152 347854 Console>
This example shows how to display the statistics for a specific destination IP address:
Console> show mls statistics entry destination 172.20.22.14 Last Used Last Used Destination IP Source IP Prot DstPrt SrcPrt Stat-Pkts Stat-Bytes --------------- --------------- ---- ------ ------ ---------- --------------172.20.22.14 172.20.25.10 6 50648 80 3152 347854 Console>
This example shows how to display the statistics for a specific destination IPX address:
Console> show mls statistics entry ipx destination 1.0002.00e0.fefc.6000 Destination IPX Source IPX net Stat-Pkts Stat-Bytes ------------------------- -------------- ---------- ---------MLS-RP 10.20.26.64: 1.0002.00e0.fefc.6000 1.0003 11 521 Console>
Related Commands
2-546
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show module
show module
Use the show module command to display module status and information. For supervisor engines, the show module command displays the supervisor engine number but appends the uplink daughter cards module type and information. show module [mod]
Syntax Description
mod
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify a module number, all modules are shown. The MAC addresses for the supervisor engine are displayed in three lines of output. The first line lists the two MAC addresses for inband ports, the second line lists the two MAC addresses for the two gigabit-uplink ports, and the third line lists the allocated 0x3ff MAC address for the chassis backplane. If you place the MSFC on a supervisor engine installed in slot 1, then the MSFC is recognized as module 15. If you install the supervisor engine in slot 2, the MSFC is recognized as module 16. The slot field in the show module command display is required because submodules, such as the RSM, reside in the same slot as the supervisor engine module, but are treated as a separate module. The RSM is referenced by the module number in all other CLI commands and is treated like any other module.
Examples
Console> Mod Slot --- ---1 1 15 1 8 8 9 9
This example shows how to display status and information for all modules:
show module Ports Module-Type ----- ------------------------2 1000BaseX Supervisor 1 Multilayer Switch Feature 48 10/100BaseTX Ethernet 48 10/100BaseTX Ethernet Serial-Num ----------SAD03436055 SAD03432597 SAD03414268 Model ------------------WS-X6K-SUP1A-2GE WS-F6K-MSFC WS-X6248-RJ-45 WS-X6348-RJ-45 Sub --yes no no yes Status -------ok ok ok ok
2-547
Mod MAC-Address(es) --- -------------------------------------1 00-30-80-f7-a5-06 to 00-30-80-f7-a5-07 00-30-80-f7-a5-04 to 00-30-80-f7-a5-05 00-30-a3-4a-a0-00 to 00-30-a3-4a-a3-ff 15 00-d0-bc-ee-d0-dc to 00-d0-bc-ee-d1-1b 8 00-d0-c0-c8-83-ac to 00-d0-c0-c8-83-db 9 00-50-3e-7c-43-00 to 00-50-3e-7c-43-2f Mod Sub-Type --- ----------------------1 L3 Switching Engine 9 Inline Power Module Console>
These examples show the information displayed for different module types. This example shows the display for a 48-port 10/100BaseTX switching services-configured module:
Console> Mod Slot --- ---5 5 show module 5 Ports Module-Type Model Status ----- ------------------------- ------------------- -------48 10/100BaseTX (RJ-45) WS-X6248-RJ-45 ok
Mod Module-Name Serial-Num --- ------------------- ----------5 SAD03181291 Mod MAC-Address(es) Hw Fw Sw --- -------------------------------------- ------ ---------- ----------------5 00-50-f0-ac-30-54 to 00-50-f0-ac-30-83 1.0 4.2(0.24)V 6.1(0.12) Console>
This example shows the display for an 8-port T1/E1 ISDN PRI services-configured module:
Console> Mod Slot --- ---3 3 (enable) show module 3 Ports Module-Type Model Status ----- ------------------------- ------------------- -------8 T1 PSTN WS-X6608-T1 ok
Mod Module-Name Serial-Num --- ------------------- ----------3 T1 SAD02440056 Mod MAC-Address(es) Hw Fw Sw --- -------------------------------------- ------ ---------- ----------------3 00-50-0f-08-bc-a0 to 00-50-0f-08-bc-cf 0.1 5.1(1) 5.4(1) Console>
This example shows the display for a 24-port FXS analog station interface services-configured module:
Console> Mod Slot --- ---3 3 show module 3 Ports Module-Type Model Status ----- ------------------------- ------------------- -------24 FXS WS-X6624-FXS ok
Mod Module-Name Serial-Num --- ------------------- ----------3 Elvis-S SAD02440056 Mod MAC-Address(es) Hw Fw Sw --- -------------------------------------- ------ ---------- ----------------3 00-50-0f-08-bc-a0 to 00-50-0f-08-bc-a0 0.1 5.1(1) 5.4(1) Console>
2-548
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show module
Table 2-26 describes the possible fields in the show module command output.
Table 2-26 show module Command Output Fields
Field Mod Slot Ports Module-Type Model Sub Status Module-Name Serial-Num MAC-Address(es) Hw2 Fw Sw Sub-Type
4 4 3
Description Module number. Number of the slot where the module or submodule resides. Number of ports on the module. Module (such as 100BaseX Ethernet). Model number of the module. Status of whether a submodule is installed. Status of the module. Possible status strings are ok, disable, faulty, other, standby, error, pwr-down,and pwr-deny states1. Name of the module. Serial number of the module. MAC address or MAC address range for the module. Hardware version of the module. Firmware version of the module. Software version on the module. Submodule type. Model number of the submodule. Serial number of the submodule. Hardware version of the submodule.
4
1. The pwr-down and pwr-deny states are supported by the power management feature. 2. Hw for the supervisor engine displays the supervisor engines EARL hardware version. 3. Fw for the supervisor engine displays the supervisor engines boot version. 4. This field displays EARL information.
2-549
show moduleinit
Use the show moduleinit command to display contents of the information stored in the system module initiation log. show moduleinit [mod] [log lognum | -logcount]
Syntax Description
(Optional) Number of the module. (Optional) Keyword to specify a specific log. (Optional) Number of the log to display. (Optional) Number of previous logs to display.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify a module number, contents for all modules are shown.
Examples
This example shows how to show the last two log entries for module 1:
Console> show moduleinit 1 log -2 Module 1: Number of Logs: 3 Log #2: State 1: Entry/Exit/Elapse Time: 14721/14721/0 Success_Exit State 2: Entry/Exit/Elapse Time: 14721/14721/0 Success State 3: Entry/Exit/Elapse Time: 14721/32223/17502 Success_Exit Log #3: State 1: Entry/Exit/Elapse Time: 38302/38302/0 P_PortConfigTokenRingFeatures() ConfigModule() State 2: Entry/Exit/Elapse Time: 38302/38302/0 Success State 3: Entry/Exit/Elapse Time: 38302/38310/8 Success_Exit Console>
2-550
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show moduleinit
This example shows how to display the contents of a specific log for module 1:
Console> show moduleinit 1 log 2 Module 1: Number of Logs: 3 Log #2: State 1: Entry/Exit/Elapse Time: 14721/14721/0 Success_Exit State 2: Entry/Exit/Elapse Time: 14721/14721/0 Success State 3: Entry/Exit/Elapse Time: 14721/32223/17502 Console>
Table 2-27 describes the possible fields in the show moduleinit command output.
Table 2-27 show moduleinit Command Output Fields
Description Number of the log. Number of the module initiation states. Output includes the entry time into and exit time from all the module initiation states, along with the elapsed time, in milliseconds.
2-551
show msmautostate
Use the show msmautostate command to display the current status of the line protocol state determination of the MSM(s) due to Catalyst 6000 family switch port state changes. show msmautostate mod
Syntax Description
mod
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the current status of MSM line protocol state determination:
Console> show msmautostate MSM Auto port state: enabled Console>
Related Commands
set msmautostate
2-552
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show multicast group
Syntax Description
mac_addr vlan_id
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Console> (enable) show multicast group IGMP disabled VLAN ---1 1 1 1 Dest MAC/Route Des -----------------01-00-11-22-33-44* 01-11-22-33-44-55* 01-22-33-44-55-66* 01-33-44-55-66-77* Destination Ports or VCs / [Protocol Type] ---------------------------------------------------2/6-12 2/6-12 2/6-12 2/6-12
Table 2-28 describes the fields in the show multicast group command output.
Table 2-28 show multicast group Command Output Fields
Description Status of whether IGMP is enabled or disabled. VLAN number. Group destination MAC address. Status of whether the port was configured manually as a multicast router port. CoS value.
CGMP enabled/disabled Status of whether CGMP is enabled or disabled. GMRP enabled/disabled Status of whether GMRP is enabled or disabled.
2-553
Field
Description
Destination Ports or VCs List of all the ports that belong to this multicast group. Traffic destined to this group address will be forwarded on all these ports. Protocol Type Type of protocol. Total Number of Entries Total number of entries in the multicast group table that match the criteria specified by the command.
Related Commands
2-554
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show multicast group count
Syntax Description
vlan_id
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
An asterisk in the show multicast group count command output indicates the port was configured manually.
Examples
This example shows how to display the total count of multicast groups in VLAN 5:
Console> show multicast group count 5 Total Number of Entries = 2 Console>
Related Commands
2-555
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the Layer 2 multicast protocol status:
Console> show multicast protocols status IGMP disabled IGMP fastleave enabled RGMP enabled GMRP disabled Console>
Related Commands
2-556
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show multicast router
Syntax Description
Keyword to specify IGMP-capable routers. Keyword to specify RGMP-capable routers. (Optional) Number of the module and the port on the module. (Optional) Number of the VLAN.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the ports that have IGMP-multicast routers assigned to them:
Console> show multicast router igmp Port Vlan ------ -----5/15 1 Total Number of Entries = 1 '*' - Configured '+' - RGMP-capable Console>
This example shows how to display the ports that have RGMP-multicast routers assigned to them:
Console> show multicast router rgmp Port Vlan ------ -----5/1 + 1 5/14 + 2 Total Number of Entries = 2 '*' - Configured '+' - RGMP-capable Console>
2-557
Table 2-29 describes the fields in the show multicast router command output.
Table 2-29 show multicast router Command Output Fields
Description Port through which a multicast router can be reached. Status of whether the port was configured manually or not. Status of whether the router is RGMP capable or not. VLAN associated with the port.
Total Number of Entries Total number of entries in the table that match the criteria specified by the command.
Related Commands
set rgmp set igmp set multicast router show multicast group show multicast group count
2-558
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show netstat
show netstat
Use the show netstat command to display the currently active network connections and to list statistics for the various protocols in the TCP/IP. show netstat [tcp | udp | ip | icmp | routes | stats | interfaces]
Syntax Description
(Optional) Keyword to show TCP statistics. (Optional) Keyword to show UDP statistics. (Optional) Keyword to show IP statistics. (Optional) Keyword to show ICMP statistics. (Optional) Keyword to show the IP routing table. (Optional) Keyword to show all statistics for TCP, UDP, IP, and ICMP. (Optional) Keyword to show interface statistics.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the current active network connections:
Console> show netstat Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address tcp 0 128 172.20.25.142.23 171.68.10.75.44720 tcp 0 0 *.7161 *.* tcp 0 0 *.23 *.* udp 0 0 *.* *.* udp 0 0 *.161 *.* udp 0 0 *.123 *.* Console>
2-559
Table 2-30 describes the fields in the show netstat tcp command output.
Table 2-30 show netstat tcp Command Output Fields
Field packets sent data packets (bytes) data packets (bytes) retransmitted ack-only packets (delayed) URG only packets window probe packets window update packet packets received
Description Total number of TCP packets sent. Number of TCP data packets sent and the size of those packets in bytes. Number of TCP data packets retransmitted and the size of those packets in bytes. Number of TCP acknowledgment-only packets sent and the number of those packets delayed. Number of URG packets. Number of window probe packets. Number of window update packets. Total number of TCP packets received.
2-560
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show netstat
Field acks (for x bytes) duplicate acks acks for unsent data packets (bytes) received in-sequence completely duplicate packets (bytes) packets with some dup. data (bytes duped) out-of-order packets (bytes) packets (bytes) of data after window discarded for bad checksums discarded because packet too short connection requests connection accepts connections established (including accepts) connections closed (including x drops) retransmit timeouts connections dropped by rexmit timeout keepalive timeouts keepalive probes sent connections dropped by keepalive
Description Number of TCP acknowledgments received and the total bytes acknowledged. Number of duplicate TCP acknowledgments received. Number of TCP acknowledgments received for data that was not sent. Number of TCP packets (and the size in bytes) received in sequence. Number of duplicate TCP packets (and the size in bytes) received. Number of TCP packets received with duplicate data (and the number of bytes of duplicated data). Number of out-of-order TCP packets (and the size in bytes) received. Number of TCP packets (and the size in bytes) received outside of the specified data window. Number of TCP packets received and discarded that failed the checksum. Number of TCP packets received and discarded that were truncated. Total number of TCP connection requests sent. Total number of TCP connection accepts sent. Total number of TCP connections established, including those for which a connection accept was sent. Total number of TCP connections closed, including dropped connections. Number of timeouts that occurred when a retransmission was attempted. Number of connections dropped due to retransmission timeouts. Number of keepalive timeouts that occurred. Number of TCP keepalive probes sent. Number of connections dropped.
2-561
Table 2-31 describes the fields in the show netstat udp command output.
Table 2-31 show netstat udp Command Output Fields
Field incomplete headers bad data length fields bad checksums socket overflows no such ports
Description Number of UDP packets received with incomplete packet headers. Number of UDP packets received with a data length field that did not match the actual length of the packet payload. Number of UDP packets received that failed the checksum. Number of socket overflows. Number of UDP packets received destined for nonexistent ports.
Table 2-32 describes the fields in the show netstat ip command output.
Table 2-32 show netstat ip Command Output Fields
Field total packets received bad header checksums with size smaller than minimum with data size < data length with header length < data size
Description Total number of IP packets received. Number of received IP packets that failed the checksum. Number of received IP packets that were smaller than the minimum IP packet size. Number of packets in which the data size was less than the data length. Number of packets in which the header length was less than the data size.
2-562
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show netstat
Field with data length < header length fragments received fragments dropped (dup or out of space) fragments dropped after timeout packets forwarded packets not forwardable redirects sent
Description Number of packets in which the data length was less than the minimum header length. Number of IP packet fragments received. Number of received IP packet fragments that were dropped because of duplicate data or buffer overflow. Number of received IP packet fragments that were dropped. Number of forwarded IP packets. Number of IP packets that the switch did not forward. Number of IP packets that the switch redirected.
Table 2-33 describes the fields in the show netstat icmp command output.
Table 2-33 show netstat icmp Command Output Fields
Field Redirect enabled Output histogram echo reply messages with bad code fields messages < minimum length bad checksums messages with bad length Input histogram
Description Status of whether ICMP redirection is enabled or disabled. Frequency distribution statistics for output ICMP packets. Number of output echo reply ICMP packets. Number of ICMP packets with an invalid code field. Number of ICMP packets with less than the minimum packet length. Number of ICMP packets that failed the checksum. Number of ICMP packets with an invalid length. Frequency distribution statistics for input ICMP packets.
2-563
Description Number of input echo-reply ICMP packets. Number of input destination-unreachable ICMP packets. Number of input-echo ICMP packets. Number of ICMP message responses the system generated.
Table 2-34 describes the fields in the show netstat routes command output.
Table 2-34 show netstat routes Command Output Fields
Description Destination IP address or network. Next hop to the destination. Flags indicating the interface state. Number of times this route was used. Interface out of which packets to the destination should be forwarded.
2-564
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show netstat
Table 2-35 describes the fields in the show netstat interface command output.
Table 2-35 show netstat interface Command Output Fields
Field Interface InPackets InErrors OutPackets OutErrors Rcv-Octet Xmit-Octet Rcv-Unicast Xmit-Unicast
Description Interface number (sl0 is the SLIP interface; sc0 is the in-band interface). Number of input packets on the interface. Number of input errors on the interface. Number of output packets on the interface. Number of output errors on the interface. Number of octet frames received on the port. Number of octet frames transmitted on the port. Number of unicast frames received on the port. Number of unicast frames transmitted on the port.
Related Commands
2-565
show ntp
Use the show ntp command to display the current NTP status. show ntp
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Table 2-36 describes the fields in the show ntp command output.
Table 2-36 show ntp Command Output Fields
Field Current time Timezone Summertime Last NTP update Broadcast client mode Broadcast delay Client mode NTP-Server
Description Current system time. Time zone and the offset in hours from UTC. Time zone for daylight saving time and whether the daylight saving time adjustment is enabled or disabled. Time of the last NTP update. Status of whether NTP broadcast-client mode is enabled or disabled. Configured NTP broadcast delay. Status of whether NTP client mode is enabled or disabled. List of configured NTP servers.
2-566
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show ntp
Related Commands
clear ntp server set ntp broadcastclient set ntp broadcastdelay set ntp client set ntp server
2-567
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands show port
show port
Use the show port command to display port status and counters. show port [mod[/port]]
Syntax Description
mod/port
(Optional) Number of the module and optionally, the number of the port on the module.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify a mod, the ports on all modules are shown. If you do not specify a port, all the ports on the module are shown. The output for an 8-port T1/E1 PSTN interface module configured for transcoding and/or conferencing displays a transcoding port type as mtp (media termination point) or a conference port type as conf bridge. The output for an 8-port T1/E1 PSTN interface module displays a transcoding port type as transcoding or a conference port type as conferencing.
Examples
This example shows how to display the status and counters for a specific module and port:
Console> show port 1/1 Port Name Status Vlan Duplex Speed Type ----- ------------------ ---------- ---------- ------ ----- -----------1/1 notconnect 1 full 1000 No GBIC
Port Security Violation Shutdown-Time Age-Time Max-Addr Trap IfIndex ----- -------- --------- ------------- -------- -------- -------- ------1/1 disabled shutdown 0 0 1 disabled 3 Port Num-Addr Secure-Src-Addr Age-Left Last-Src-Addr Shutdown/Time-Left ----- -------- ----------------- -------- ----------------- -----------------1/1 0 Port Broadcast-Limit Broadcast-Drop -------- --------------- -------------------1/1 0
2-569
Channel Admin Ch Mode Group Id ----- ---------- -------------------- ----- ----1/1 notconnect auto silent 112 0 Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize ----- ---------- ---------- ---------- ---------- --------1/1 0 0 0 0 0 Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants ----- ---------- ---------- ---------- ---------- --------- --------- --------1/1 0 0 0 0 0 0 0 Last-Time-Cleared -------------------------Thu Feb 24 2000, 10:04:20 Console>
This example shows port information on a 48-port 10/100BaseTX module with inline power:
Console> show port 9/5 Port Name Status Vlan Duplex Speed Type ----- ------------------ ---------- ---------- ------ ----- -----------9/5 notconnect 1 auto auto 10/100BaseTX Port InlinePowered Admin Oper Detected ----- ------------- -------------- ----- ------ -------9/5 none none auto off no AuxiliaryVlan AuxVlan-Status PowerAllocated mWatt mA @42V ----- -------0 0
Port Security Violation Shutdown-Time Age-Time Max-Addr Trap IfIndex ----- -------- --------- ------------- -------- -------- -------- ------9/5 disabled shutdown 0 0 1 disabled 126 Port Num-Addr Secure-Src-Addr Age-Left Last-Src-Addr Shutdown/Time-Left ----- -------- ----------------- -------- ----------------- -----------------9/5 0 Port Broadcast-Limit Broadcast-Drop -------- --------------- -------------------9/5 0 Port ----9/5 Port Send FlowControl admin oper -------- -------off off Status Receive FlowControl admin oper -------- -------off off RxPause TxPause Unsupported opcodes ------- ------- ----------0 0 0
Channel Admin Ch Mode Group Id ----- ---------- -------------------- ----- ----9/5 notconnect auto silent 546 0 Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize ----- ---------- ---------- ---------- ---------- --------9/5 0 0 0 0 0
2-570
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port
Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants ----- ---------- ---------- ---------- ---------- --------- --------- --------9/5 0 0 0 0 0 0 0 Last-Time-Cleared -------------------------Wed Mar 15 2000, 21:57:31 Console>
This example shows the port information on an 8-port T1/E1 PSTN interface module configured for transcoding and conferencing:
Console> show port 7 ----- -----------------7/1 7/2 7/3 7/4 7/5 7/6 7/7 7/8 Port -------7/1 7/2 7/3 7/4 7/5 7/6 7/7 7/8 DHCP ------enable enable enable enable enable enable enable enable ---------connected connected disable connected connected connected faulty faulty ---------123 2 1 11 123 1 2 2 -----full full full full full full full full ----1.544 1.544 1.544 1.544 1.544 1.544 1.544 1.544 -----------T1 T1 T1 T1 T1 T1 conf bridge mtp
IP-Address Subnet-Mask --------------- --------------172.20.34.68 255.255.255.0 172.20.34.70 255.255.255.0 172.20.34.64 255.255.255.0 172.20.34.66 255.255.255.0 172.20.34.59 255.255.255.0 172.20.34.67 255.255.255.0 (Port host processor not online) (Port host processor not online) TFTP-Sever Gateway --------------- --------------172.20.34.207 172.20.34.207 172.20.34.207 172.20.34.207 172.20.34.207 172.20.34.207 172.20.34.20 -
Port Call-Manager(s) DHCP-Server -------- ----------------- --------------7/1 172.20.34.207* 172.20.34.207 callm.cisco.com 7/2 172.20.34.207 172.20.34.207 7/3 172.20.34.207 172.20.34.207 7/4 172.20.34.207 172.20.34.207 7/5 172.20.34.207 172.20.34.207 7/6 172.20.34.207 172.20.34.207 7/7 (Port host processor not online) 7/8 (Port host processor not online) Port -------7/1 7/2
7/3 7/4 7/5 7/6 7/7 7/8 Port -------7/1 7/2 7/3
DNS-Server(s) Domain --------------- ------------------------------------------------172.20.34.207 cisco.com 172.20.34.207* int.cisco.com 171.69.45.34 172.78.111.132 172.20.34.207 172.20.34.207 172.20.34.207 172.20.34.207 (Port host processor not online) (Port host processor not online) CallManagerState ---------------registered registered registered DSP-Type -------C549 C549 C549
2-571
7/4 7/5 7/6 7/7 7/8 Port ----7/1 7/2 7/3 7/4 7/5 7/6 7/7 7/8
registered C549 registered C549 notregistered C549 (Port host processor not online) (Port host processor not online) NoiseRegen NonLinearProcessing ---------- ------------------disabled disabled disabled disabled disabled disabled disabled disabled enabled disabled disabled enabled (Port host processor not online) (Port host processor not online)
This example show the port information on a 24-port FXS analog station interface services-configured module:
Console> (enable) show port 3 Port Name Status ----- ------------------ ---------3/1 onhook 3/2 onhook 3/3 onhook 3/4 onhook 3/5 onhook 3/6 onhook 3/7 onhook 3/8 onhook 3/9 onhook 3/10 onhook 3/11 onhook 3/12 onhook 3/13 onhook 3/14 onhook 3/15 onhook 3/16 onhook 3/17 onhook 3/18 onhook 3/19 onhook 3/20 onhook 3/21 onhook 3/22 onhook 3/23 onhook 3/24 onhook Vlan Duplex Speed Type ---------- ------ ----- -----------1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS 1 full 64k FXS
Port DHCP MAC-Address IP-Address Subnet-Mask -------- ------- ----------------- --------------- --------------3/1-24 enable 00-10-7b-00-13-e4 172.20.34.50 255.255.255.0 Port Call-Manager DHCP-Server TFTP-Sever Gateway -------- ----------------- --------------- --------------- --------------3/1-24 172.20.34.207 172.20.34.207 172.20.34.207 Port DNS-Server Domain -------- --------------- -------------------------3/1-24 172.20.34.207 -
2-572
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port
Port EchoCancel(ms) CallManagerState DSP-Type -------- -------------- ---------------- -------3/1-24 4660 registered C549 Port ToneLocal Impedance InputGain(dB) OutputAtten(dB) -------- ------------- --------- ------------- --------------3/1-24 northamerica 0 0 0 Port RingFreq (Hz) -------- -------3/1-24 20 Console> (enable) Timing Digit(ms) --------100 Timing InterDigit(ms) -------------100 Timing Pulse(ms) --------0 Timing PulseDigit(ms) -------------0
Table 2-37 describes the possible fields (depending on the port type queried) in the show port command output.
Table 2-37 show port Command Output Fields
Description Module and port number. Name (if configured) of the port. Status of the port (connected, notconnect, connecting, standby, faulty, inactive, shutdown, disabled, monitor, active, dot1p, untagged, inactive, or onhook). VLANs to which the port belongs.
1
Auxiliary VLANs to which the port belongs. Duplex setting for the port (auto, full, half). Speed setting for the port (auto, 10, 100, 1000). Port type (for example, 1000BaseSX or 100BaseFX, or T1, E1, transcoding, conferencing, mtp, or conf bridge for voice ports). Status of whether port security is enabled or disabled. Secure MAC address for the security-enabled port. Source MAC address of the last packet received by the port. Status of whether the port was shut down because of security. Status of whether port trap is enabled or disabled. Number of the ifIndex. Broadcast threshold configured for the port. Number of broadcast/multicast packets dropped because the broadcast limit for the port was exceeded. Number of frames with alignment errors (frames that do not end with an even number of octets and have a bad CRC) received on the port. Number of valid size frames with FCS errors but no framing errors. Number of transmit errors that occurred on the port (indicating that the internal transmit buffer is full). Number of receive errors that occurred on the port (indicating that the internal receive buffer is full).
Security Secure-Src-Addr Last-Src-Addr Shutdown Trap IfIndex Broadcast-Limit Broadcast-Drop Align-Err FCS-Err Xmit-Err Rcv-Err
2-573
Field UnderSize Single-Coll Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants CE-State Conn-State
Description Number of received frames less than 64 octets long (but are otherwise well-formed). Number of times one collision occurred before the port transmitted a frame to the media successfully. Number of times multiple collisions occurred before the port transmitted a frame to the media successfully. Number of late collisions (collisions outside the collision domain). Number of excessive collisions that occurred on the port (indicating that a frame encountered 16 collisions and was discarded). Number of times the port sensed a carrier (to determine whether the cable is currently being used). Number of received runt frames (frames that are smaller than the minimum IEEE 802.3 frame size) on the port. Number of received giant frames (frames that exceed the maximum IEEE 802.3 frame size) on the port. Connection entity status. Connection state of the port, as follows:
DisabledThe port has no line module or was disabled by the user. ConnectingThe port attempted to connect or was disabled. StandbyThe connection was withheld or was the inactive port of a dual-homing concentrator. ActiveThe port made a connection. OtherThe concentrator was unable to determine the Conn-State.
Type Neig
Type of port, such as AA port and BB port. Type of port attached to this port. The neighbor can be one of these types:
AA port BB port MM port SSlave port UThe concentrator cannot determine the type of the neighbor port.
Status of whether the port is currently in a LER condition. Estimated LER. LER at which a link connection exceeds the LER alarm threshold. LER cutoff value (the LER at which a link connection is flagged as faulty). Number of LEM errors received on the port.
2-574
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port
Field Lem-Rej-Ct
Description Number of times a connection was rejected because of excessive LEM errors. Number of times the port entered the auto-partition state due to excessive consecutive collisions. Number of valid size frames that experienced overrun or underrun. Number of times the last source address changed. Total number of octets in frames with no error. Number of short events received.
1
Last-Time-Cleared Last time the port counters were cleared. Auto-Part Data-rate mismatch Src-addr change Good-bytes Short-event InlinePowered
InlinePowered for Admin (auto, on, off), Oper (on, off, denied), and Detected (yes, no). PowerAllocated for Watts (values displayed as Watts measurement) and Volts (values displayed as Volts measurement). Age timeout setting for the port. Age timeout remaining for the port.
1 1
Maximum number of secured MAC addresses on the port. Operational state of the voice port (Not Registered, Registered, Up, Down, and Alarm). Status of whether noise regeneration is enabled for the port. Status of whether nonlinear processing is enabled for the port. Type of compression algorithm used (for example G.711, G.723, and G.729). IP address associated with the port. Netmask associated with the port. MAC address associated with the port.
IP-address3 Netmask
3
CallManager IP address associated with the port. DHCP server IP address associated with the port. DNS server IP address associated with the port. TFTP server IP address associated with the port.
TFTP-Server-IP
1. This field is applicable to the 48-port 10/100BaseTX switching services-configured module. 2. This field changes according to the system configuration. 3. This field is applicable to the 8-port T1/E1 DSP services-configured module.
Related Commands
2-575
Syntax Description
Number of the VLAN; valid values are from 1 to 1000. Keyword to display the Cisco IP Phone 7960 that sends untagged packets without 802.1p priority. Keyword to display the Cisco IP Phone 7960 that sends packets with 802.1p priority. Keyword to display the switch that does not send any auxiliary VLAN information in the CDP packets from that port.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows how to display the port information for a specific auxiliary VLAN:
port auxiliaryvlan Mod/Ports -----------------------------------------------------8/4-7 8/13-18 8/23,8/31-34 9/12 8/1-3,8/8-12,8/19-22,8/24-30,8/35-48,9/1-11,9/13-48
Console> (enable) show AuxiliaryVlan Status ------------- -------222 active 333 active dot1p dot1p untagged untagged none none
This example shows how to display the port information for a specific auxiliary VLAN:
Console> (enable) show AuxiliaryVlan Status ------------- -------222 active Console> (enable) port auxiliaryvlan 222 Mod/Ports -----------------------------------------------------8/4-7
2-576
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port auxiliaryvlan
This example shows how to display the status of the switch that does not send any auxiliary VLAN information in the CDP packets:
Console> (enable) show AuxiliaryVlan Status ------------- -------none none Console> (enable) port auxiliaryvlan none Mod/Ports -----------------------------------------------------8/1-3,8/8-12,8/19-22,8/24-30,8/35-48,9/1-11,9/13-48
This example shows how to display the status of the Cisco IP Phone 7960 that sends untagged packets without 802.1p priority:
Console> (enable) show AuxiliaryVlan Status ------------- -------untagged untagged Console> (enable) port auxiliaryvlan untagged Mod/Ports -----------------------------------------------------9/12
This example shows how to display the status of the Cisco IP Phone 7960 that sends packets with 802.1p priority:
Console> (enable) show AuxiliaryVlan Status ------------- -------dot1p dot1p Console> (enable) port auxiliaryvlan dot1p Mod/Ports -----------------------------------------------------8/23,8/31-34
Table 2-38 describes the possible fields (depending on the port type queried) in the show port auxiliaryvlan command output.
Table 2-38 show port auxiliaryvlan Command Output Fields
Description Number of the auxiliary VLAN. Status of the auxiliary VLAN. Number of the module and ports assigned to the auxiliary VLAN.
Related Commands
2-577
Syntax Description
mod port
(Optional) Number of the module. (Optional) Number of the port on the module.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a mod, the ports on all modules are shown. If you do not specify a port, all the ports on the module are shown. On the 1000BaseX switching module, when you specify a port for broadcast suppression, the traffic is suppressed only in the network-to-Catalyst 6000 family switch bus direction.
Examples
This example shows how to display broadcast information for port 2 on module 1:
Console> Port -------1/2 Console> (enable) show port broadcast 1/2 Broadcast-Limit Broadcast-Drop --------------- -------------------20.00 % 532 (enable)
Table 2-39 describes the possible fields (depending on the port type queried) in the show port broadcast command output.
Table 2-39 show port broadcast Command Output Fields
Description Module and port number. Broadcast threshold configured for the port. Number of broadcast or multicast packets dropped because the port broadcast limit was exceeded.
Related Commands
2-578
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port capabilities
Syntax Description
mod port
(Optional) Number of the module. (Optional) Number of the port on the module.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify a mod, the ports on all modules are shown. If you do not specify a port, all the ports on the module are shown.
Examples
This example shows how to list the port capabilities on a specific module and port:
Console> show port capabilities 1/1 Model WS-X6K-SUP1-2GE Port 1/1 Type No GBIC Speed 1000 Duplex full Trunk encap type 802.1Q,ISL Trunk mode on,off,desirable,auto,nonegotiate Channel yes Broadcast suppression percentage(0-100) Flow control receive-(off,on,desired),send-(off,on,desired) Security yes Membership static,dynamic Fast start yes QOS scheduling rx-(1p1q4t),tx-(1p2q2t) CoS rewrite yes ToS rewrite DSCP UDLD yes Inline power no AuxiliaryVlan no SPAN source,destination Console>
2-579
This example shows the port capabilities on a 48-port 10/100Bas TX switching services configured-module:
Console> show port capabilities 3/2 Model WS-X6248-RJ-45 Port 3/2 Type 10/100BaseTX Speed auto,10,100 Duplex half,full Trunk encap type 802.1Q,ISL Trunk mode on,off,desirable,auto,nonegotiate Channel yes Broadcast suppression percentage(0-100) Flow control receive-(off,on),send-(off) Security yes Membership static Fast start yes QOS scheduling rx-((null)),tx-((null)) QOS classification layer 2,layer 3 UDLD Capable SPAN source,destination Inline power auto,on,off Auxiliaryvlan 1..1000,dot1p,untagged,none Console>
This example shows the port capabilities on an 8-port T1/E1 ISDN PRI services configured-module:
Console> show port capabilities 3/2 Model WS-X6608-T1 (or WS-X6608-E1) Port 3/2 Type T1, transcoding, conferencing Speed 1.544 Mps (or 2.048Mps) Duplex full Channel no Broadcast suppression no Flow control no Security no Membership no Fast start no QOS scheduling no QOS classification no UDLD no Inline power no Auxiliaryvlan no Console>
This example shows the port capabilities on a 24-port FXS analog station interface services-configured module:
Console> show port capabilities 3/2 Model WS-X6624-FXS Port 3/2 Type FXS Speed 64kps Duplex full Trunk encap type none Trunk mode off Channel no Broadcast suppression no Flow control no Security no Membership no Fast start no
2-580
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port capabilities
no no no no no
Table 2-40 describes the possible fields (depending on the type of port queried) and the values in the show port capabilities command output.
Table 2-40 show port capabilities Command Output Fields
Description Module model number. Module number and port number. Port type (1000BaseSX or 100BaseFX). Speed setting for the port (auto, 10, 100, 1000). Duplex mode (half, full, auto).
2
Speed
Trunk encapsulation type (ISL, 802.1Q, 802.10, or no). Trunk administrative status of the port (on, off, auto, desirable, nonegotiate, or no). Status of which ports can form a channel group. The ports are shown in mod/port format. For example, 3/1-2 indicates module 3, ports 1 and 2. Also, any ports in range [mod/1-mod/high_port] or no ports may be indicated. Percentage of total available bandwidth that can be used by broadcast traffic (0100). Flow-control options you can set (receive-[off, on, desired], send-[off, on, desired], or no). Status of whether port security is enabled (yes, no). Method of membership assignment of a port or range of ports to a VLAN (static, dynamic). Status of whether the spanning tree port fast-start feature on the port is enabled (yes, no). Status of whether the port supports QoS classification (yes, no). Status of whether the port supports QoS scheduling (yes, no). Status of whether the port supports CoS rewrite (yes, no). SPAN type supported. Status of whether the port supports ToS rewrite (IP-Precedence). Status of whether the port is UDLD-capable or not.
Broadcast suppression Flow control Security Membership Fast start Qos classification QoS scheduling CoS rewrite SPAN ToS rewrite UDLD Inline power
2 2
Status of whether the port supports inline power (yes, no). Status of whether the port supports voice VLANs (yes, no).
Auxiliaryvlan
1. This field will change depending on the module configuration. 2. This field is applicable to the 48-port 10/100BaseTX switching services-configured module and the 24-port FXS analog station interface services-configured module.
2-581
Related Commands
set port channel set port broadcast set port security set port speed set spantree portfast set trunk show port voice active show port
2-582
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port cdp
Syntax Description
mod port
(Optional) Number of the module. (Optional) Number of the port on the module.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify a mod, the ports on all modules are shown. If you do not specify a port, all the ports on the module are shown.
Examples
This example shows how to display CDP information for all ports:
Console> show port cdp CDP : enabled Message Interval : 60 Hold Time : 180 Version : V2 Port -------1/1 1/2 Console> CDP Status ---------enabled enabled
Table 2-41 describes the fields in the show port cdp command output.
Table 2-41 show port cdp Command Output Fields
Description Status of whether CDP is enabled or not. Hold time setting. CDP version. Module and port number. CDP status of the port (enabled, disabled).
2-583
Syntax Description
(Optional) Number of the module. (Optional) Number of the port. (Optional) Keyword to display statistics about the port (PAgP packets sent and received). (Optional) Keyword to display port information such as speed, duplex status, priority, secure or dynamic status, and trunk status.
spantree | trunk | (Optional) Keyword to display feature-related parameters. protcol | gmrp | gvrp | qos
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
On indicates the port will receive all the flood traffic for that protocol. Off indicates the port will not receive any flood traffic for that protocol. Auto indicates the port will not receive any flood traffic for that protocol. Normal allows dynamic registering and deregistering each VLAN (except VLAN 1) on the port. Fixed supports manual VLAN creation and registration and prevents VLAN deregistration. Forbidden statically deregisters all the VLANs (except VLAN 1) from the port.
When you enter the option keyword with any of the options (spantree | trunk | protcol | gmrp | gvrp | qos), associated VLANs and the specified feature-related parameters are displayed. If you do not specify a mod or a port, EtherChannel information is shown for all channeling ports on all modules.
2-584
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port channel
Examples
This example shows how to display Ethernet channeling information for module 1:
1 Admin Group ----195 195 Ch Id ----769 769
Console> show port channel Port Status Channel Mode ----- ---------- --------1/1 nonconnect on 1/2 connected on
Port Device-ID Port-ID Platform ----- ------------------------------- ------------------------- ---------------1/1 1/2 Console>
Port Device-ID Port-ID Platform ----- ------------------------------- ------------------------- ---------------1/1 1/2 Port ----1/1 1/2 Trunk-status -----------not-trunking not-trunking Trunk-type ------------negotiate negotiate Trunk-vlans ----------------------------------------------1-1005 1-1005
2-585
Port
Port priority ----- -------1/1 32 1/2 32 Port ----1/1 1/2 Port IP -------on on
Portfast Port Port vlanpri vlanpri-vlans -------- ------- -----------------------------------------------disabled 0 disabled 0 IPX -------auto-on auto-on Group -------auto-on auto-on GMRP forwardAll ---------disabled disabled GVRP applicant --------normal normal
GMRP status ----- -------1/1 enabled 1/2 enabled Port GVRP status ----- -------1/1 disabled 1/2 disabled Port Qos-Tx ----- -----1/1 2q2t 1/2 2q2t Console>
2-586
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port channel
Console> (enable) show port channel 3 info gmrp Port GMRP GMRP GMPR status registration forwardAll ----- -------- ------------ ---------3/1 enabled normal disabled 3/2 enabled normal disabled 3/3 enabled normal disabled 3/4 enabled normal disabled Console> Console> (enable) show port channel 1 info gvrp Port GVRP GVRP GVRP status registeration applicant ----- -------- ------------- --------1/1 disabled normal normal 1/2 disabled normal normal Console> Console> (enable) show port channel 1 info qos Port Qos-Tx Qos-Rx Qos-Trust Qos-DefCos PortType PortType Type ----- -------- -------- ------------ ---------1/1 2q2t 1q4t untrusted 0 1/2 2q2t 1q4t untrusted 0 ----- -------- -------- ------------ ---------Port ACL name Type ----- -------------------------------- ---1/1 IP IPX MAC 1/2 IP IPX MAC ----- -------------------------------- ---Console>
Table 2-42 describes the possible fields (depending on the type of port queried) and the values in the show port channel command outputs.
Table 2-42 show port channel Command Outputs Fields
Field Port Status Channel mode Admin Group PAgP Pkts Transmitted PAgP Pkts Received PAgP Pkts InFlush PAgP Pkts RetnFlush
Description Module and port number. Channeling status of the port (connected, notconnect). Status of whether EtherChannel is on, off, auto, or desirable on the port. Number of the admin group. Number of PAgP packets transmitted. Number of PAgP packets received. Number of PAgP flush packets received. Number of PAgP flush packets returned.
2-587
Field PAgP Pkts OutFlush PAgP Pkts InError Channel ID Neighbor device Neighbor port Speed Duplex Vlan Port priority PortSecurity/Dynamic port ifIndex Oper-group Neighbor device-id Neighbor port-id Neighbor Oper-group Oper-Distribution
Description Number of PAgP flush packets transmitted. Number of PAgP error packets received. Number of the channel group. Neighboring device with which the port is channeling. Port on the neighboring device with which the port is channeling. Speed setting for the port (auto, 10, 100, 1000). Duplex setting for the port (auto, full, half). VLAN to which the port belongs. Priority associated with the port. Status of whether the port is secure or dynamic. Interface number to which the port belongs. Capability of the group. Device ID of the neighboring device with which the port is channeling. Port ID of the neighboring device with which the port is channeling. Capability of the neighboring device. Frame distribution method operating status on a per-port basis (ip source, ip destination, ip both, mac source, mac destination, mac both, hotstandby-active; hotstandby-idle). Status of whether the port is trunking or not. Type of trunk port. VLANs to which the port belongs. Port VLAN cost. Status of whether the fast-start mode is enabled or disabled. Port VLAN priority. Port number. Status of the IP protocol (on, off, auto). Status of the IPX protocol (on, off, auto). Status of the VINES, AppleTalk, and DECnet protocols (on, off, auto). Status of whether GMRP is enabled or disabled. Status of the administrative control of an outbound port (normal, fixed, forbidden). Status of whether the Forward All feature is enabled or disabled. Status of whether GVRP is enabled or disabled.
Trunk-status Trunk-type Trunk-vlans Portvlancost-vlans Portfast Port vlanpri Port vlanpri-vlans IP IPX Group GMRP status GMRP registration GMRP forward/all GVRP status
2-588
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port channel
Field GVRP registration Qos-Tx Qos-Rx Qos-Trust Qos-DefCos Qos Port-based ACL name Protocol
Description Status of the administrative control of an outbound port (normal, fixed, forbidden). Transmit drop threshold. Receive drop threshold. Status of whether the port is trusted or untrusted. CoS value. Status of whether the port is port-based QoS or not. Name of the ACL. Protocol associated with the port.
Related Commands
2-589
Syntax Description
mod port
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify a mod or a port, information is shown for all ports on all modules. For a few minutes after a switchover from the active to the standby supervisor engine, note that if you enter the show port cops command, the output may be incorrect. If this is the case, the following warning displays:
COPS High Availability Switch Over in progress, hardware may be programmed differently than as suggested by the output of these commands.
Examples
This example shows how to display COPS information for all ports:
Console> show port cops Port Admin Roles ------ ------------------------------1/1 backbone_port branch_office_port access_port 1/2 3/1 3/2 backbone_port 3/3 backbone_port 3/4 access_port 3/5 access_port backbone_port branch_office_port net_port 3/6 access_port 3/7 3/8 Console> Oper Roles ------------------------backbone_port backbone_port backbone_port access_port branch_office_port access_port -
2-590
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port cops
This example shows how to display COPS information for a specific port:
Console> show port cops 1/1 Port Admin Roles ------ ------------------------------1/1 backbone_port branch_office_port access_port 1/2 Console> Oper Roles ------------------------backbone_port -
Table 2-43 describes the fields displayed in the show port cops command output.
Table 2-43 show port cops Command Output Fields
Related Commands
2-591
Syntax Description
mod port
(Optional) Number of the module for which to show port counter information. (Optional) Number of the port on the module for which to show port counter information.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify a mod, the ports on all modules are shown. If you do not specify a port, all the ports on the module are shown.
Examples
2-592
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port counters
Table 2-44 describes the possible fields (depending on the port type queried) in the show port counters command output.
Table 2-44 show port counters Command Output Fields
Field Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize Single-Coll Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants
Description Module and port number. Number of frames with alignment errors (frames that do not end with an even number of octets and have a bad CRC) received on the port. Number of frame check sequence errors that occurred on the port. Number of transmit errors that occurred on the port (indicating that the internal transmit buffer is full). Number of receive errors that occurred on the port (indicating that the internal receive buffer is full). Number of received frames less than 64 octets long (but are otherwise well-formed). Number of times one collision occurred before the port successfully transmitted a frame to the media. Number of times multiple collisions occurred before the port successfully transmitted a frame to the media. Number of late collisions (collisions outside the collision domain). Number of excessive collisions that occurred on the port (indicating that a frame encountered 16 collisions and was discarded). Number of times the port sensed a carrier (to determine whether the cable is currently being used). Number of received runt frames (frames that are smaller than the minimum IEEE 802.3 frame size) on the port. Number of received giant frames (frames that exceed the maximum IEEE 802.3 frame size) on the port.
Related Commands
show port
2-593
Syntax Description
mod port
(Optional) Number of the module. (Optional) Number of the port on the module.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify a mod, the ports on all modules are shown. If you do not specify a port, all the ports on the module are shown.
Examples
This example shows how to display the flow-control port status and statistics for module 6:
Console> show port flowcontrol 6 Port Send FlowControl Receive FlowControl admin oper admin oper ----- -------- --------------- -------6/1 desired off off off 6/2 desired off off off 6/3 desired off off off 6/4 desired off off off 6/5 desired off off off 6/6 desired off off off 6/7 desired off off off 6/8 desired off off off Console> RxPause ---------0 0 0 0 0 0 0 0 TxPause ---------0 0 0 0 0 0 0 0
Table 2-45 describes the fields in the show port flowcontrol command output.
Table 2-45 show port flowcontrol Command Output Fields
Field Port
Send-Flowcontrol Flow-control administration. Possible settings: on indicates the local port sends flow control to the far end; off indicates the local port does not send Admin flow control to the far end; desired indicates the local end sends flow control to the far end if the far end supports it.
2-594
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port flowcontrol
Field
Description
Send-Flowcontrol Flow-control operation. Possible setting: disagree indicates the two ports could not agree on a link protocol. Oper Receive-Flowcntl Admin Flow-control administration. Possible settings: on indicates the local port requires the far end to send flow control; off indicates the local port does not allow the far end to send flow control; desired indicates the local end allows the far end to send flow control. Flow-control operation. Possible setting: disagree indicates the two ports could not agree on a link protocol. Number of Pause frames received. Number of Pause frames transmitted.
Related Commands
2-595
Syntax Description
mod port
(Optional) Number of the module. (Optional) Number of the port on the module.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
An inline power capable device can still be detected even if the inlinepower mode is set to off. The Operational (Oper) status field descriptions are onPower is being supplied by the port; offPower is not being supplied by the port; deniedSystem does not have enough available power for the port, power is not being supplied by the port; faultyThe port is unable to provide power to the connected device.
Examples
This example shows how to display the inline power for multiple ports on a specific module:
Console> show port inlinepower 3/2-6 Default Inline Power allocation per port: 9.500 Watts (0.22 Amps @42V) Total inline power drawn by module 3: 0 Watt Port InlinePowered PowerAllocated Admin Oper Detected mWatt mA @42V ----- ----- ------ -------- ----- -------3/2 auto on yes 10.00 0.250 3/3 auto on yes 9.8 0.198 3/4 auto denied yes 0 0 3/5 off off no 0 0 3/6 off off yes 0 0 Console>
Related Commands
2-596
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port jumbo
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the jumbo frame settings for ports with the feature enabled:
Console> show port jumbo Jumbo frames MTU size is 9216 bytes. Jumbo frames enabled on port(s) 6/1-2,7/1-8. Console>
This example shows the display if the jumbo frame feature could not be enabled on some ports at system startup:
Console> show port jumbo Jumbo frames MTU size is 9216 bytes. Jumbo frames enabled on port(s) 6/1-2. Jumbo frames error-disabled on port(s) 7/1-8. Console>
Related Commands
2-597
Syntax Description
mod port
(Optional) Number of the module. (Optional) Number of the port on the module.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the link negotiation protocol settings on module 3, port 1:
Console> show port negotiation 3/1 Port Link Negotiation ------- -------------------3/1 enabled Console>
Related Commands
2-598
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port protocol
Syntax Description
mod port
(Optional) Number of the module. (Optional) Number of the port on the module.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify a port, filters configured on all the ports on the module are shown.
Examples
Related Commands
2-599
Syntax Description
mod port
(Optional) Number of the module. (Optional) Number of the port on the module.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
Note
When a switchover occurs, you cannot view the ACLs and policers deployed using COPS-DS until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy. The runtime fields in the output display will be blank until QoS policy is downloaded to the new active supervisor engine.
Examples
This example shows how to display QoS-related information for a specific module and port:
Console> show port qos 2/1 QoS is enabled for the switch. QoS policy source for the switch set to local. Port Interface Type Interface Type Policy Source Policy Source config runtime config runtime ----- -------------- -------------- ------------- ------------2/1 vlan-based vlan-based COPS local Port Trust Type Trust Type Def CoS Def CoS config runtime config runtime ----- ------------ ------------ ------------ ------------ ------- ------2/1 2q2t 1q4t untrusted untrusted 0 Config: Port ACL name Type ----- -------------------------------- ---No ACL is mapped to port 2/1. TxPort Type RxPort Type
2-600
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port qos
Runtime: Port ACL name Type ----- -------------------------------- ---No ACL is mapped to port 2/1. Console>
This example shows how to display QoS-related information for a single port on a specific module, which, in this example, is connected to a port on a phone device:
Console> (enable) show port qos 3/4 QoS is disabled for the switch. Configured settings are not used. QoS policy source for the switch set to local. Port Interface Type Interface Type Policy Source Policy Source config runtime config runtime ----- -------------- -------------- ------------- ------------3/4 local local Port Trust Type Trust Type Def CoS Def CoS config runtime config runtime ----- ------------ ------------ ------------ ------------- ------- ------3/4 2q2t 1q4t untrusted trust-cos 0 0 Port Ext-Trust Ext-Cos ----- --------- ------3/4 untrusted 0 (*)Trust type set to untrusted. Config: Port ACL name Type ----- -------------------------------- ---No ACL is mapped to port 3/4. Runtime: Port ACL name Type ----- -------------------------------- ---No ACL is mapped to port 3/4. Console> (enable) TxPort Type RxPort Type
Related Commands
set port qos set port qos cos set port qos trust
2-601
Syntax Description
mod port
(Optional) Number of the module. (Optional) Number of the port on the module.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display RSVP+ information for a specific port:
Console> (enable) show Port DSBM Managed Election Segment ----- -------- ------2/1 enabled yes 2/2 disabled no Console> (enable) port rsvp 2 Configured Elected DSBM DSBM IP Address Priority Priority ---------- ------------ --------------232 232 171.21.34.25 128 -
Related Commands
2-602
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port security
Syntax Description
(Optional) Number of the module. (Optional) Number of the port on the module. Keyword to display security statistics. Keyword to display system-wide configuration information.
Defaults
This command has no default setting.
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to display port security configuration information on a specific port that is a secured port:
Console> (enable) show port security 4/1 Port Security Violation Shutdown-Time Age-Time Maximum-Addrs Trap IfIndex ----- -------- --------- ------------- -------- ------------- -------- ------4/1 enabled shutdown 120 1440 25 disabled 3 Port Secure-Src-Addrs ---- ----------------4/1 00-11-22-33-44-55 00-10-14-da-77-f1 Console> (enable) Age-Left Last-Src-Addr Shutdown Shutdown-Time-Left -------- ----------------- -------- -----------------4 00-11-22-33-44-55 No 100
This example shows the display on a port that has experienced a security violation:
Console> (enable) show port security 4/1 Port Security Violation Shutdown-Time Age-Time Maximum-Addrs Trap IfIndex ----- -------- --------- ------------- -------- ------------- -------- ------4/1 enabled shutdown 120 600 25 disabled 3 Port Secure-Src-Addrs ---- ----------------4/1 00-11-22-33-44-55 00-10-14-da-77-f1 00-11-22-33-44-66 Console> (enable) Age-Left Last-Src-Addr Shutdown Shutdown-Time-Left -------- ----------------- -------- -----------------60 00-11-22-33-44-77 Yes 200 200
2-603
This example shows that port 4/1 has been shut down and that the timeout left is 60 minutes before the port will be reenabled:
Console> (enable) show port security 4/1 Port Security Violation Shutdown-Time Age-Time Maximum-Addrs Trap IfIndex ----- -------- --------- ------------- -------- ------------- -------- ------4/1 enabled restrict 120 600 25 disabled 3 Port Secure-Src-Addrs Age-Left Last-Src-Addr Shutdown Shutdown-Time-Left ---- ----------------- -------- ----------------- -------- -----------------4/1 00-11-22-33-44-55 60 00-11-22-33-44-77 Yes 00-10-14-da-77-ff Console> (enable)
This example shows how to display security statistical information for a specific module:
Console> (enable) show port security statistics 2 Port Total-Addrs Maximum-Addrs ----- ----------- ------------Module 2: Total ports: 1 Total secure ports: 0 Total MAC addresses: 0 Total global address space used (out of 1024): 0 Status: removed Console> (enable)
Related Commands
2-604
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port status
Syntax Description
mod port
(Optional) Number of the module. (Optional) Number of the port on the module.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify a mod, the ports on all modules are shown. If you do not specify a port, all the ports on the module are shown.
Examples
This example shows how to display port status information for all ports:
Console> show port status Port Name Status Vlan Duplex Speed Type ----- ------------------ ---------- ---------- ------ ------ -----------1/1 connected 52 half 100 100BaseTX 1/2 notconnect half 100 100BaseTX Console>
Table 2-46 describes the fields in the show port status command output.
Table 2-46 show port status Command Output Fields
Description Module and port number. Name (if configured) of the port. Status of the port (connected, notconnect, connecting, standby, faulty, inactive, shutdown, disabled, or monitor). VLANs to which the port belongs. Duplex setting for the port (auto, full, half). Speed setting for the port (auto, 10, 100, 1000). Port type (100BaseTX).
2-605
Syntax Description
mod[/port]
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
This command is not supported by the NAM. The output for voice-capable modules displays a transcoding port type as mtp (media termination point) or a conference port type as conf bridge.
Examples
This example shows how to display the voice information for multiple ports on a 48-port 10/100Base TX switching services-configured module:
Console> show port voice 3/2-5 Port auxiliaryvlan InlinePowered Admin Oper Admin Oper Detected Watts ----- -------- -------- ----- ------ ----------3/2 222 active auto on yes 10.001 3/3 dot1p dot1p on on yes 9.8 3/4 untagged untagged auto denied yes 0 3/5 3 inactive off off no 0 Console> PowerAllocated A @ 42V ------0.250 0.198 0 0
This example shows how to display the voice information for an 8-port T1/E1 ISDN PRI servicesconfigured module:
Console> show port voice Port Name ----- -----------------7/1 7/2 7/3 7/4 7/5 7/6 7/7 7/8 7/1-8 Status ---------connected connected disable connected connected connected faulty faulty Vlan ---------123 2 1 11 123 1 2 2 Duplex -----full full full full full full full full Speed ----1.544 1.544 1.544 1.544 1.544 1.544 1.544 1.544 Type -----------T1 T1 T1 T1 T1 T1 T1 T1
2-606
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port voice
IP-Address Subnet-Mask --------------- --------------172.20.34.68 255.255.255.0 172.20.34.70 255.255.255.0 172.20.34.64 255.255.255.0 172.20.34.66 255.255.255.0 172.20.34.59 255.255.255.0 172.20.34.67 255.255.255.0 (Port host processor not online) (Port host processor not online) TFTP-Sever Gateway --------------- --------------172.20.34.207 172.20.34.207 172.20.34.207 172.20.34.207 172.20.34.207 172.20.34.207 172.20.34.20 -
Port Call-Manager DHCP-Server -------- ----------------- --------------7/1 172.20.34.207* 172.20.34.207 callm.cisco.com 7/2 172.20.34.207 172.20.34.207 7/3 172.20.34.207 172.20.34.207 7/4 172.20.34.207 172.20.34.207 7/5 172.20.34.207 172.20.34.207 7/6 172.20.34.207 172.20.34.207 7/7 (Port host processor not online) 7/8 (Port host processor not online) Port -------7/1 7/2 7/3 7/4 7/5 7/6 7/7 7/8 Port -------7/1 7/2 7/3 7/4 7/5 7/6 7/7 7/8 Port ----7/1 7/2 7/3 7/4 7/5 7/6 7/7 7/8
DNS-Server Domain --------------- -------------------------172.20.34.207 172.20.34.207 172.20.34.207 172.20.34.207 172.20.34.207 172.20.34.207 (Port host processor not online) (Port host processor not online) EchoCancel(ms) CallManagerState -------------- ---------------0 registered 0 registered 0 registered 0 registered 0 registered 0 registered (Port host processor not online) (Port host processor not online) NonLinearProcessing ------------------disabled disabled disabled disabled disabled disabled processor not online) processor not online)
NoiseRegen ---------disabled disabled disabled disabled disabled disabled (Port host (Port host
2-607
This example shows how to display the voice information for multiple ports on a 24-port FXS analog station interface services-configured module:
Console> show port voice Port Name ----- -----------------3/2 3/3 3/4 Port ----3/2 3/3 3/4 VAD -------enabled disabled enabled 3/2-4 Status ---------notconnect connected connected Vlan ---------222 222 222 Duplex -----Speed ----Type --------FXS FXS FXS RingFreq -------34 Hz 25 Hz 50 Hz
InputGain ---------5 dB 14 dB -6 dB
OutputAtten ----------14 dB 1 dB 0 dB
TimingPulse ----------10 ms 20 ms 15 ms
Table 2-47 describes the possible fields (depending on the port type queried) in the show port voice command output.
Table 2-47 show port voice Command Output Fields
Description Module and port number. Name (if configured) of the port. Status of the port (connected, notconnect, connecting, standby, faulty, inactive, shutdown, disabled, monitor, active, dot1p, untagged, inactive, or onhook). VLANs to which the port belongs. Duplex setting for the port (auto, full, half). Speed setting for the port (auto, 10, 100, 1000). Port type (T1, E1, FXS, DSP, mtp, or conf bridge). Number of the voice VLAN. InlinePowered for Admin (auto, on, off), Oper (on, off, denied), and Detected (yes, no). Power allocated for Watts (values displayed as Watts measurement) and Volts (values displayed as Volts measurement). Status of whether voice activation detection is enabled or disabled. Voice call progress tone locale (australia, brazil, china, france, germany, japan, and northamerica). Terminating impedance of a voice port interface (600c, 600r, or 900c). Amount of gain, in decibels, to be inserted at the receiver side of the interface. Amount of attenuation, in decibels, at the transmit side of the interface.
2-608
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port voice
Description Ring frequency, in hertz, used in the FXS interface. DTMF digit signal duration, in milliseconds, for the voice port. Pulse dialing rate, in pulses per second, for the voice port.
TimingInterDigit DTMF interdigit signal duration, in milliseconds, for the voice port. TimingInterPulse Pulse interdigit timing, in milliseconds, for the voice port.
1. This field changes according to the system configuration.
Related Commands
set port voice interface dhcp show port voice active show port voice fdl show port voice interface
2-609
Syntax Description
(Optional) Number of the module and port on the module. (Optional) Keyword to display all calls (regular calls, conference calls, and transcoding calls) in the system. (Optional) Keyword to display call information for the 24-port FXS analog interface and the 8-port T1/E1 PSTN interface modules. (Optional) Keyword to display call information for the 8-port T1/E1 PSTN interface module configured for conferencing. (Optional) Keyword to display call information for the 8-port T1/E1 PSTN interface module configured for transcoding. (Optional) Remote IP address.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
The information displayed when using the show port voice active command is not available through the supervisor engine SNMP agent. The call keyword is supported by the 24-port FXS analog interface and the 8-port T1/E1 PSTN interface modules. The conference and transcode keywords are supported by the 8-port T1/E1 PSTN interface module. You can use the optional mod or mod/port variables to display calls that belong to the specified module or port in detailed format. There are up to 8 calls per port for the 8-port T1/E1 ISDN PRI services-configured module but only one call per port for the 24-port FXS analog station interface services-configured module. The ipaddr option displays one specific call for the specified IP address. You can also use an IP alias. This command is not supported by the NAM.
2-610
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port voice active
Examples
This example shows how to display all calls (regular calls, conference calls, and transcoding calls) in the system:
Console> show port voice active Port Type Total Conference-ID/ Party-ID IP-Address Transcoding-ID ----- ------------ ----- -------------- -------- --------------6/3 transcoding 1 2 12 192.1.1.12 10 10.6.106.101 8/2 call 1 123.46.1.100 8/5 call 1 123.46.1.101 8/7 conferencing 1 1 8 192.1.1.5 7 123.45.1.52 9 192.1.1.14 Total: 3 Console> (enable)
This example shows the output display for the 8-port T1/E1 PSTN interface module configured for transcoding:
Console> (enable) show port voice active transcode Port Total Transcoding-ID Party-ID IP-Address ----- ----- -------------- -------- --------------6/3 1 2 12 192.1.1.12 10 10.6.106.101 Total: 1 transcoding session Console> (enable)
This example shows the output display for the 8-port T1/E1 PSTN interface module configured for conferencing:
Console> (enable) show port voice active conference Port Total Conference-ID Party-ID IP-Address ----- ----- -------------- -------- --------------8/7 1 1 8 192.1.1.5 7 123.45.1.52 9 192.1.1.14 Total: 1 conferencing session Console> (enable)
2-611
: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : :
165.34.234.111 124 Ringing G.711 35243 438543 sec 34534 sec 123213 123 dB 332433 23004 ms 4 234 ms 23423 ms 2342342332423 23423423402384 23472377 94540 165.34.234.112 125 Ringing G.711 35243 438543 sec 34534 sec 123213 123 dB 332433 23004 ms 4 234 ms 23423 ms 2342342332423 23423423402384 23472377 94540
: : : : : : : : : : : :
192.1.1.5 28848 G729 B CS ACELP VAD 20 123.45.1.52 28888 G711 ULAW PCM 20 192.1.1.14 28898 G711 ULAW PCM 20
2-612
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port voice active
This example shows the output display for a specified IP address on a 24-port FXS analog interface module or the 8-port T1/E1 PSTN interface module:
Console> show port voice active 3/2 171.69.67.91 Remote IP address : 171.69.67.91 Remote UDP port : 125 Call state : Ringing Codec Type : G.711 Coder Type Rate : 35243 Tx duration : 438543 sec Voice Tx duration : 34534 sec ACOM Level Current : 123213 ERL Level : 123 dB Fax Transmit Duration : 332433 Hi Water Playout Delay : 23004 ms Logical If index : 4 Low water playout delay : 234 ms Receive delay : 23423 ms Receive bytes : 2342342332423 Receive packets : 23423423402384 Transmit bytes : 23472377 Transmit packets : 94540 Console>
Related Commands
2-613
Syntax Description
mod[/port]
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
This example shows how to display FDL information on an 8-port T1/E1 ISDN PRI servicesconfigured module:
Console> (enable) show port voice fdl 7/1-3 Port ErrorEvents ErroredSecond SeverlyErroredSecond Last 15 Last 24h Last 15 Last 24h Last 15 Last 24h ----- -------- -------- -------- -------- -------- ----------7/1 17 18 19 20 21 22 7/2 17 18 19 20 21 22 7/3 17 18 19 20 21 22 Port FailedSignalState Last 15 Last 24h ----- -------- -------7/1 37 38 7/2 37 38 7/3 37 38 Port LES Last 15 Last 24h ----- -------- -------7/1 41 48 7/2 41 48 7/3 41 48 Console> (enable) FailedSignalSecond Last 15 Last 24h -------- --------39 40 39 40 39 40 BES Last 15 Last 24h -------- -------49 50 49 50 49 50 LCV Last 15 Last 24h -------- -------53 54 53 54 53 54
2-614
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show port voice fdl
Table 2-48 describes the possible fields (depending on the port type queried) in the show port voice fdl command output.
Table 2-48 show port voice fdl Command Output Fields
Description Count of errored events. Count of errored seconds. Count of severely errored seconds. Count of failed signal state errors. Count of failed signal state. Line errored seconds detected. Bursty errored seconds detected. Line code violation seconds detected.
Related Commands
2-615
Syntax Description
mod[/port]
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
Console> Port -------5/1-24
This example shows how to display the voice interface for a specific module:
show port voice interface DHCP MAC-Address ------- ----------------disable 00-10-7b-00-13-ea 5 IP-Address Subnet-Mask --------------- --------------10.6.15.158 255.255.255.0
Port Call-Manager(s) DHCP-Server TFTP-Server Gateway -------- ----------------- --------------- --------------- --------------5/1-24 10.6.15.155 10.6.15.155 Port DNS-Server(s) Domain -------- ----------------- ------------------------------------------------5/1-24 12.2.2.1* cisco.cisco.com 7.7.7.7 (*): Primary Console>
This example shows the output when the voice interface feature is not supported for a specific module:
Console> (enable) show port voice interface Feature not supported on modules 1, 2, 5, 15. Console> (enable)
Related Commands
set port voice interface dhcp show port voice active show port voice
2-616
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show proc
show proc
Use the show proc command to display CPU, memory allocation, and process utilization information. show proc [cpu | mem]
Syntax Description
cpu mem
(Optional) Keyword to specify CPU information. (Optional) Keyword to specify memory allocation information.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can enter this command only in privileged mode. If you do not specify cpu or mem, process information is displayed. The mem keyword allows you to display memory allocation information, such as how much each process has allocated and how much it has freed.
Examples
2-617
Table 2-49 describes the possible fields in the show proc command outputs:
Table 2-49 show proc Command Output Fields
Field CPU Utilization PID Runtime Invoked uSecs 5sec 1Min 5Min TTY Process Allocated Freed Holding
Description Sum of all the loads from all the processes running on the CPU in the last 5 seconds, 1 minute, and 5 minutes. Process ID. Time the process has run since getting created (in milliseconds). Number of times the process was invoked since getting created. Maximum time a process ran in a single invocation. Percentage of time this process ran on the CPU in the last 5-second interval. Percentage of time this process ran on the CPU in the last 1-minute interval. Percentage of time this process ran on the CPU in the last 5-minute interval. TTY associated with the process. Name of the process. Sum of all the memory allocated by the process since it was created, including the memory previously freed. Sum of memory the process has freed until now. Amount of memory the process is currently holding.
2-618
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show proc
Field Q T PC Stacks
Description Process priority in terms of numbers. Low number means high priority. State of the process (Running, we = waiting for event, st = sleeping, si = sleeping on an interval, rd = ready to run, id = idle, xx = dead/zombie). Calling PC for show_process function. Size of the stack used by the process/the total stack size allocated to the process (in bytes).
2-619
show protocolfilter
Use the show protocolfilter command to list whether protocol filtering is enabled or disabled. show protocolfilter
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display whether protocol filtering is enabled or disabled:
Console> show protocolfilter Protocol filtering is enabled on this switch. Console>
Related Commands
2-620
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show pvlan
show pvlan
Use the show pvlan command to show the configuration for a given private VLAN. show pvlan [vlan | primary | isolated | community]
Syntax Description
(Optional) Number of the private VLAN. (Optional) Keyword to display the primary private VLANs. (Optional) Keyword to display the isolated private VLANs. (Optional) Keyword to display the community private VLANs.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the status for VLAN 10:
Console> show pvlan 10 Primary Secondary Secondary-Type Ports ------- --------- -------------- -----------10 20 isolated 6/1 Console>
This example shows how to display the status for all VLANs set as primary:
Console> show pvlan primary Primary Secondary Secondary-Type ------- --------- -------------10 20 isolated 11 21 isolated 30 Console> Ports -----------6/1 6/2
This example shows how to display the status for all VLANs set as isolated:
Console> show pvlan isolated Primary Secondary Secondary-Type ------- --------- -------------10 20 isolated 11 21 isolated 31 isolated Console> Ports -----------6/1 6/2
2-621
This example shows how to display the status for all VLANs set as community:
Console> show pvlan community Primary Secondary Secondary-Type Ports ------- --------- -------------- -----------7 902 community 2/4-6 Console>
Related Commands
set vlan show vlan set pvlan set pvlan mapping clear vlan clear config pvlan clear pvlan mapping show pvlan mapping
2-622
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show pvlan mapping
Syntax Description
(Optional) Number of the private VLAN. (Optional) Number of the module and port.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the private VLAN mapping by port:
Console> show pvlan mapping Port Primary Secondary ---- ------- --------6/3 10 20 Console>
This example shows how to display the private VLAN mapping for a specific VLAN:
Console> show pvlan mapping 10 Primary Secondary Ports ------- --------- ----10 20 6/3 Console>
This example shows how to display the private VLAN mapping for a specific port:
Console> show pvlan mapping 6/3 Port Primary Secondary ---- ------- --------6/3 10 20 Console>
2-623
Related Commands
set vlan show vlan set pvlan set pvlan mapping clear config pvlan clear vlan clear pvlan mapping show pvlan mapping
2-624
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show qos acl editbuffer
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Enter the show qos acl editbuffer command to display the committed access lists that you configured. The information is helpful when you are adding or deleting ACEs.
Examples
This example shows how to display QoS ACL edit buffer contents:
Console> (enable) show qos acl editbuffer ACL Type Status -------------------------------- ---- ---------ip1 IP Committed ipx1 IPX Committed mac1 MAC Committed
Related Commands
commit rollback
2-625
Syntax Description
Keyword to display default action (using the set qos acl default-action command) for packets that do not match any entry in an access list. Keyword to display QoS IP ACL information. Keyword to display all QoS IPX ACL information. Keyword to display all QoS MAC ACL information. Keyword to display all QoS ACL information. Keyword to display runtime ACE information. Name of the ACL to be displayed. Keyword to display configured ACE information. (Optional) Keyword to display edit buffer information. (Optional) Position of the ACE in the ACL.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
2-626
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show qos acl info
This example shows how to display edit buffer information for a specific ACL:
Console> (enable) show qos acl info my_ip_acl editbuffer set qos acl ip my_ip_acl ---------------------------------------------------1. set qos acl ip my_ip_acl trustdscp microflow my-micro tcp 1.2.3.4 255.0.0.0 eq port 21 172.20.20.1 255.255.255.0 2. set qos acl ip my_ip_acl trustdscp microflow my-micro aggregate agg tcp 173.22.3.4 255.0.0.0 eq port 19 173.22.20.1 255.255.255.0 tos 5 ACL status: Not Committed Console> (enable)
This example shows how to display runtime information for all ACLs:
Console> (enable) show qos acl info runtime all set qos acl IP _Cops_1 ---------------------------------------------1. dscp 0 any set qos acl IP _Cops_2 ---------------------------------------------1. dscp 8 ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 2. dscp 16 tcp any any 3. dscp 24 udp any any Console> (enable)
Related Commands
set qos acl default-action set qos policer clear qos policer
2-627
Syntax Description
Keyword to display NVRAM QoS information. Keyword to display QoS runtime information. Name of the list. Number of the module and the port. VLAN list. Keyword to display information regarding all ACLs.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can enter the config keyword to display information that was configured through the CLI and saved in NVRAM, regardless of the current runtime information.
Note
When a switchover occurs, you cannot view the ACLs and policers deployed using COPS-DS until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy. The runtime fields in the output display will be blank until QoS policy is downloaded to the new active supervisor engine.
Examples
2-628
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show qos acl map
Related Commands
2-629
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Related Commands
commit rollback
2-630
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show qos bridged-packet-policing
Syntax Description
vlan
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you do not specify a VLAN number, the status of all VLANs are displayed.
Examples
Related Commands
2-631
Syntax Description
Keyword to show the current QoS runtime information. (Optional) Keyword to display NVRAM QoS configuration. Number of the module and port. Port type; valid values are 2q2t and 1p2q2t for transmit and 1q4t and 1p1q4t for receive. Keyword to specify the transmit drop threshold. Keyword to specify the receive drop threshold.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
You can enter the show qos info runtime mod/port command to view the currently used values in the hardware or the show qos info runtime mod/port command to view the values that have been configured administratively (present in NVRAM). The outputs differ when QoS has been disabled. When you disable QoS, the values set on all the ports are different from the values present in NVRAM. When you enable QoS, the values in NVRAM are used to program the hardware. The display of show qos info runtime mod/port shows both the absolute values and the percentages you specified for the drop thresholds, queue sizes, and WRR. However, the absolute values may not exactly match the percentages specified due to the granularity of permitted settings in hardware. The number preceding the t letter in the port_type (2q2t, 1p2q2t, 1q4t, or 1p1q4t) determines the number of threshold values the hardware supports. For example, with 2q2t and 1p2q2t, the number of thresholds specified is two; with 1q4t and 1p1q4t, the number of thresholds specified is four. Due to the granularity of programming the hardware, the values set in hardware will be close approximations of the values provided. The number preceding the q letter in the port_type determines the number of the queues that the hardware supports. For example, with 2q2t and 1p2q2t, the number of queues specified is two; with 1q4t and 1p1q4t, the number of queues specified is four. The system defaults for the transmit queues attempt to keep the maximum latency through a port at a maximum of 10 ms. The number preceding the p letter in the 1p2q2t and 1p1q4t port types determines the threshold in the priority queue.
2-632
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show qos info
Note
When a switchover occurs, you cannot view the ACLs and policers deployed using COPS-DS until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy. The runtime fields in the output display will be blank until QoS policy is downloaded to the new active supervisor engine.
Examples
This example shows how to display QoS-related NVRAM transmit threshold information:
Console> (enable) show qos info config 2q2t tx QoS setting in NVRAM for 2q2t transmit: QoS is disabled CoS = 0 Queue and Threshold Mapping: Queue Threshold CoS ----- --------- --------------1 1 0 1 1 2 2 3 2 1 4 5 2 2 6 7 Tx drop thresholds: Queue # Thresholds - percentage (abs values ) ------- ------------------------------------1 40% 100% 2 40% 100% Queue Sizes: Queue # Sizes - percentage (abs values ) ------- ------------------------------------1 80% 2 20% WRR Configuration: Ports have transmit ratios between queue 1 and 2 of 100:256 Console> (enable)
This example shows how to display QoS-related NVRAM receive threshold information:
Console> (enable) show qos info config 1p1q4t rx QoS setting in NVRAM for 1p1q4t receive: QoS is disabled Queue and Threshold Mapping for 1p1q4t (rx): Queue Threshold CoS ----- --------- --------------1 1 0 1 2 2 3 1 3 4 5 1 4 1 6 7 2 1 Rx drop thresholds: Queue # Thresholds - percentage (abs values ) ------- ------------------------------------1 50% 60% 80% 100% Console> (enable)
2-633
This example shows how to display all QoS-related NVRAM threshold information:
Console> (enable) show qos info config 2q2t tx QoS setting in NVRAM for 2q2t transmit: QoS is enabled Queue and Threshold Mapping: Queue Threshold CoS ----- --------- --------------1 1 0 1 1 2 2 3 2 1 4 5 2 2 6 7 Tx drop thresholds: Queue # Thresholds - percentage (abs values ) ------- ------------------------------------1 40% 100% 2 40% 100% Queue Sizes: Queue # Sizes - percentage (abs values ) ------- ------------------------------------1 80% 2 20% WRR Configuration: Ports with 2q2t have ratio of 100:255 between transmit queue 1 and 2 Console> (enable)
This example shows how to display the current QoS runtime information:
Console> (enable) show qos info runtime 1/1 Run time setting of QoS: QoS is enabled on 2/1 Port 2/1 has 2 transmit queue with 2 drop thresholds (2q2t). Port 2/1 has 1 receive queue with 4 drop thresholds (1q4t). The qos trust type is set to trust-cos. CoS = 0 Queue and Threshold Mapping: Queue Threshold CoS ----- --------- --------------1 1 0 1 1 2 2 3 2 1 4 5 2 2 6 7 Rx drop thresholds: Queue # Thresholds - percentage (abs values ) ------- ------------------------------------1 50% (38912 bytes) 60% (46688 bytes) 80% (62240 bytes) 100% (73696 bytes) Tx drop thresholds: Queue # Thresholds - percentage (abs values ) ------- ------------------------------------1 40% (144224 bytes) 100% (360416 bytes) 2 40% (32864 bytes) 100% (77792 bytes) Queue Sizes: Queue # Sizes - percentage (abs values) ------- ------------------------------------1 80% (360416 bytes) 2 20% (81888 bytes) WRR Configuration: Ports with speed 1000Mbps have ratio of 100:255 between transmit queue 1 and 2 (25600:65280 bytes) Console> (enable)
2-634
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show qos info
This example shows how to display the current QoS configuration information:
Console> (enable) show qos info config 8/1 QoS setting in NVRAM: QoS is disabled Port 8/1 has 3 transmit queue with 2 drop thresholds (1p2q2t). Port 8/1 has 2 receive queue with 4 drop thresholds (1p1q4t). ACL attached: The qos trust type is set to untrusted. CoS = 0 Queue and Threshold Mapping for 1p2q2t (tx): Queue Threshold CoS ----- --------- --------------1 1 0 1 1 2 2 3 2 1 4 5 2 2 7 3 1 6 Queue and Threshold Mapping for 1p1q4t (rx): Queue Threshold CoS ----- --------- --------------1 1 0 1 2 2 3 1 3 4 5 1 4 1 6 7 2 1 Rx drop thresholds: Rx drop thresholds are disabled for untrusted ports. Queue # Thresholds - percentage (abs values ) ------- ------------------------------------1 50% 60% 80% 100% Tx drop thresholds: Tx drop-thresholds feature is not supported for this port type. Tx WRED thresholds: Queue # Thresholds in percentage ( in abs values ) ------- -----------------------------------------1 80% 100% 2 80% 100% Queue Sizes: Queue # Sizes - percentage (abs values ) ------- ------------------------------------1 70% 2 15% 3 15% WRR Configuration of ports with speed 1000Mbps: Queue # Ratios (abs values ) ------- ------------------------------------1 100 2 255 Console> (enable)
2-635
This example shows another display of the current QoS configuration information:
Console> (enable) show qos info config 1p2q2t tx QoS setting in NVRAM for 1p2q2t transmit: QoS is enabled Queue and Threshold Mapping: Queue Threshold CoS ----- --------- --------------1 1 0 1 1 2 2 3 2 1 4 5 2 2 6 7 3 1 Tx drop thresholds: Tx drop-thresholds feature is not supported for this port_type. Tx WRED thresholds: Queue # Thresholds in percentage ( in abs values ) ------- -----------------------------------------1 40% 100% 2 40% 100% Queue Sizes: Queue # Sizes - percentage (abs values ) ------- ------------------------------------1 50% 2 30% 3 20% WRR Configuration of ports with 1p2q2t: Queue # Ratios (abs values ) ------- ------------------------------------1 100 2 255 Console> (enable)
Related Commands
set qos
2-636
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show qos mac-cos
Syntax Description
MAC address of the destination host. (Optional) Number of the VLAN; valid values are from 1 to 1005. (Optional) Keyword to display NVRAM QoS configuration. Keyword to specify all MAC address and VLAN pairs.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
You can enter the show qos mac-cos command to display the currently configured QoS-related information. You can enter the config keyword to display information that was configured through the CLI and saved in NVRAM, regardless of the current runtime information.
Examples
This example shows how to display currently configured QoS-related information for all MAC address and VLAN pairs:
Console> (enable) show qos mac-cos all VLAN Dest MAC CoS ---- ------------------ --1 01-02-03-04-05-06 2 9 04-05-06-07-08-09 3 Console> (enable)
This example shows how to display currently configured QoS-related information for a specific MAC address:
Console> (enable) show qos mac-cos 01-02-03-04-05-06 VLAN Dest MAC CoS ---- ------------------ --1 01-02-03-04-05-06 2 Console> (enable)
2-637
Related Commands
2-638
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show qos maps
Syntax Description
(Optional) Keyword to display NVRAM QoS configuration. (Optional) Keyword to display current QoS configuration. (Optional) Keyword to specify the CoS-to-DSCP map. (Optional) Keyword to specify the IP precedence-to-DSCP map. (Optional) Keyword to specify the DSCP-to-CoS map. (Optional) Keyword to specify the policer-to-DSCP map.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
You can enter the config keyword to display information that was configured through the CLI and saved in NVRAM, regardless of the current runtime information. If you do not specify an option, all maps are displayed.
Note
When a switchover occurs, you cannot view the ACLs and policers deployed using COPS-DS until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy. The runtime fields in the output display will be blank until QoS policy is downloaded to the new active supervisor engine.
Examples
2-639
2-640
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show qos maps
CoS ---0 7
DSCP policed-dscp map: In-profile DSCP Policed DSCP --------------- ------------0-20 0 Console>
Related Commands
2-641
Syntax Description
Keyword to display NVRAM QoS configuration. Keyword to show the current QoS runtime information. Keyword to specify microflow policing information. Keyword to specify aggregate policing rule information. Keyword to specify all policing information.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
Note
When a switchover occurs, you cannot view the ACLs and policers deployed using COPS-DS until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy. The runtime fields in the output display will be blank until QoS policy is downloaded to the new active supervisor engine.
Examples
This example shows how to display all currently configured policing information:
Console> show qos policer config all QoS microflow policers: Microflow name Avg. rate Burst size Exceed action ------------------------------- --------- ---------- ------------mic 55 64 drop ACL attached -----------------------------------QoS aggregate policers: No aggregate policer found. Console>
2-642
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show qos policer
Related Commands
2-643
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
This command displays whether the QoS policy source is set to local or COPS.
Examples
Related Commands
2-644
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show qos rsvp
Syntax Description
info flow-info
Keyword to display RSVP+ status information. Keyword to display RSVP+ flow information.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Console> (enable) show qos rsvp info RSVP disabled. RSVP policy timeout set to 30 minutes. RSVP local policy set to forward. Console> (enable)
Related Commands
2-645
Syntax Description
mod/port l3stats
Number of the module and, optionally, the number of the port on the module. Keyword to display Layer 3 statistics information.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
In the show qos statistics output, the Threshold #:Packets dropped field lists each threshold and the number of packets dropped. For example, 1:0 pkt, 2:0 pkts means that threshold 1 and threshold 2 dropped 0 packets.
Examples
This example shows how to display the QoS statistics for module 2, port 1:
Console> (enable) show qos statistics 2/1 Warning: QoS is disabled. On Transmit:Port 2/1 has 2 Queue(s) 2 Threshold(s) Q # Threshold #:Packets dropped --- ----------------------------------------------1 1:0 pkts, 2:0 pkts 2 1:0 pkts, 2:0 pkts On Receive:Port 2/1 has 1 Queue(s) 4 Threshold(s) Q # Threshold #:Packets dropped --- ----------------------------------------------1 1:0 pkts, 2:0 pkts, 3:0 pkts, 4:0 pkts Console> (enable)
2-646
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show qos statistics
This example shows how to display the QoS statistics for module 2:
Console> (enable) show qos statistics 2 Warning: QoS is disabled. On Transmit:Port 2/1 has 2 Queue(s) 2 Threshold(s) Q # Threshold #:Packets dropped --- ----------------------------------------------1 1:0 pkts, 2:0 pkts 2 1:0 pkts, 2:0 pkts On Receive:Port 2/1 has 1 Queue(s) 4 Threshold(s) Q # Threshold #:Packets dropped --- ----------------------------------------------1 1:0 pkts, 2:0 pkts, 3:0 pkts, 4:0 pkts On Transmit:Port 2/2 has 2 Queue(s) 2 Threshold(s) Q # Threshold #:Packets dropped --- ----------------------------------------------1 1:0 pkts, 2:0 pkts 2 1:0 pkts, 2:0 pkts On Receive:Port 2/2 has 1 Queue(s) 4 Threshold(s) Q # Threshold #:Packets dropped --- ----------------------------------------------1 1:0 pkts, 2:0 pkts, 3:0 pkts, 4:0 pkts Console> (enable)
Related Commands
set qos set qos drop-threshold set qos mac-cos set qos txq-ratio set qos wrr
2-647
show radius
Use the show radius command to display configured RADIUS parameters. show radius [noalias]
Syntax Description
noalias
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
You can enter this command in normal or privileged mode, but the RADIUS key is displayed only if this command is entered in privileged mode.
Examples
Related Commands
set radius deadtime set radius key set radius retransmit set radius server set radius timeout
2-648
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show reset
show reset
Use the show reset command to display scheduled reset information. show reset
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Related Commands
resetswitch
2-649
Syntax Description
mac_addr (Optional) MAC destination address reserved for the use of RGMP packets. vlan_id (Optional) Number of the VLAN; valid values are from 1 to 1005.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example displays the total number of entries of VLAN group 1 that are joined by RGMP-capable routers:
Console> show rgmp group count 1 RGMP enabled. Total Number of Entries=2 Console>
Related Commands
2-650
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show rgmp statistics
Syntax Description
vlan
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Related Commands
2-651
show rspan
Use the show rspan command to display the remote SPAN configuration. show rspan
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
The fields displayed depends on the configuration. For example, if this is a source session, the Destination, Incoming Packets, and Learning fields are not displayed. If this is a destination session, the Admin Source, Oper Source, Direction, Multicast, Filter, and Max Bandwidth fields are not displayed. If there is no VLAN filtering on the source session, the Filter field is not displayed.
Examples
This example shows the display output from the show rspan command:
Console> (enable) show rspan Destination : Rspan Vlan : Admin Source : Oper Source : Direction : Incoming Packets: Learning : Multicast : Filter : Status : 900 VLAN 50 Port 2/1,2/3,2/5,2/7,2/9,2/11,2/13,2/15,2/17,2/19 receive disabled 10,20,30,40,500,600,700,800,900 active
-------------------------------------------Destination : Port 3/1 Rspan Vlan : 901 Admin Source : Oper Source : Direction : Incoming Packets: disabled Learning : disabled Multicast : Filter : Status : active --------------------------------------------
2-652
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show rspan
Destination : Rspan Vlan : Admin Source : Oper Source : Direction : Incoming Packets: Learning : Multicast : Filter :
-------------------------------------------Destination : Rspan Vlan : Admin Source : Oper Source : Direction : Incoming Packets: Learning : Multicast : Filter : 903 INBAND INBAND transmit disabled -
-------------------------------------------Destination : Rspan Vlan : Admin Source : Oper Source : Direction : Incoming Packets: Learning : Multicast : Filter : Console> (enable) Port 7/1 902 enabled -
Related Commands
set rspan
2-653
Syntax Description
(Optional) Keyword to display the ACLs in the edit buffer. Name of the ACL to be displayed. Keyword to display the contents of an ACL that were last committed to NVRAM and hardware. Keyword to display all QoS ACL information. (Optional) Position of the ACE in the ACL.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the name and type of the ACLs currently configured:
Console> (enable) show security acl ACL Type -------------------------------- ---ip1 IP ip2 IP ip3 IP ipx1 IPX ipx2 IPX ipx3 IPX mac2 MAC iplast IP Console> (enable) VLANS ----3,5,8 12,47 56 5,12,45
2-654
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show security acl
This example shows how to display the configuration for a specified VACL last committed to NVRAM and hardware:
Console> (enable) show security acl info ip1 set security acl ip ip1 --------------------------------------------------1. permit any Console> (enable)
This example shows how to display the contents of the ACL edit buffer:
Console> (enable) show security acl info ip1 editbuffer set security acl ip ip1 --------------------------------------------------1. permit any ACL Status:Committed Console> (enable)
Related Commands
2-655
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-656
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show security acl map
Syntax Description
acl_name vlan
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Related Commands
commit rollback clear security acl map set security acl map
2-657
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
The switch interface mapping table is a table that associates an interface (for example, VLANs) into flows programmed in TCAM. Hardware resources are used to calculate Layer 4 port operation, for example, if you enter the permit tcp any lt 20 host 1.2.3.4 gt 30 command, lt 20 and gt 30 are the Layer 4 port operation.
Examples
Table 2-50 describes the possible fields in the show security acl resource-usage command output.
Table 2-50 show security acl resource-usage Command Output Fields
Description Status of mask entry usage, where mask is the percentage of mask entries used, and value is the percentage of value entries currently used. Percentage of ACL to switch interface mapping table usage.
Related Commands
2-658
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show snmp
show snmp
Use the show snmp command to display SNMP information. show snmp [noalias]
Syntax Description
noalias
(Optional) Keyword that forces the display to show IP addresses, not IP aliases.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Table 2-51 describes the possible fields (depending on the port type queried) in the show snmp command output.
Table 2-51 show snmp Command Output Fields
Field RMON Extended RMON Traps Enabled Port Traps Enabled Community-Access Community-String
Description Status of whether RMON is enabled or disabled. Status of whether extended RMON is enabled or disabled. Trap types that are enabled. Set of ports whose linkup/linkdown trap is enabled. Configured SNMP communities. SNMP community strings associated with each SNMP community.
2-659
Description IP address or IP alias of trap receiver hosts. SNMP community string used for trap messages to the trap receiver.
Related Commands
2-660
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands show snmp access
Syntax Description
volatile nonvolatile read-only groupname -hex security-model v1 | v2c | v3 noauthentication authentication privacy
(Optional) Keyword to display information for volatile storage types. (Optional) Keyword to display information for nonvolatile storage types. (Optional) Keyword to display information for read-only storage types. Name of the SNMP group or collection of users who have a common access policy. (Optional) Keyword to display groupname and username as a hexadecimal character. Keywords to specify security model v1, v2c, or v3. Keyword to display information for security models not set to use authentication protocol. Keyword to display information for authentication protocol. Keyword to display information regarding messages sent on behalf of the user that are protected from disclosure.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the groupname (nonprintable delimiters for this parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34. The read-only keyword is supported for security model v3 only.
Related Commands
2-661
Syntax Description
Module number. Port number. (Optional) Keyword to specify dot1d counters. (Optional) Keyword to specify dot3 counters. (Optional) Keyword to specify dot5 counters. (Optional) Keyword to specify FDDI counters. (Optional) Keyword to specify HCRMON counters. (Optional) Keyword to specify if-MIB counters. (Optional) Keyword to specify RMON counters. (Optional) Keyword to specify SNMP v3 counters.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
2-662
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show snmp counters
snmpInGetResponses snmpInTraps snmpOutTooBigs snmpOutNoSuchNames snmpOutBadValues snmpOutGenErrs snmpOutGetRequests snmpOutGetNexts snmpOutSetRequests snmpOutGetResponses snmpOutTraps Console>
= = = = = = = = = = =
0 0 0 230 0 0 0 0 0 13960 0
Table 2-52 describes the fields in the show snmp counters command output.
Table 2-52 show snmp counters Command Output Fields
Description Number of messages delivered to the SNMP entity from the transport service. Number of SNMP messages passed from the SNMP protocol entity to the transport service. Number of SNMP messages delivered to the SNMP entity for an unsupported SNMP version. Number of SNMP messages delivered to the SNMP entity that used an SNMP community name not known to said entity. Number of SNMP messages delivered to the SNMP entity that represented an SNMP operation not allowed by the SNMP community named in the message. Number of ASN.1 or BER errors encountered by the SNMP entity when decoding received SNMP messages. Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as tooBig. Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as noSuchName. Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as badValue. Number of valid SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as readOnly.
2-663
Description Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as genErr. Number of MIB objects retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs. Number of MIB objects altered successfully by the SNMP protocol entity as the result of receiving valid SNMP Set-Request PDUs. Number of SNMP Get-Request PDUs accepted and processed by the SNMP protocol entity. Number of messages delivered to the SNMP entity from the transport service. Number of SNMP messages passed from the SNMP protocol entity to the transport service. Number of SNMP messages delivered to the SNMP entity for an unsupported SNMP version. Number of SNMP messages delivered to the SNMP entity that used an SNMP community name not known to said entity. Number of SNMP messages delivered to the SNMP entity that represented an SNMP operation not allowed by the SNMP community named in the message. Number of ASN.1 or BER errors encountered by the SNMP entity when decoding received SNMP messages. Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as tooBig. Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as noSuchName. Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as badValue. Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as genErr. Number of MIB objects retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs. Number of MIB objects altered successfully by the SNMP protocol entity as the result of receiving valid SNMP Set-Request PDUs. Number of SNMP Get-Request PDUs accepted and processed by the SNMP protocol entity. Number of SNMP Get-Next PDUs accepted and processed by the SNMP protocol entity.
snmpInTotalSetVars
snmpInTotalSetVars
snmpInGetRequests snmpInGetNexts
2-664
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show snmp counters
Field snmpInSetRequests snmpInGetResponses snmpInTraps snmpOutTooBigs snmpOutNoSuchNames snmpOutBadValues snmpOutGenErrs snmpOutGetRequests snmpOutGetNexts snmpOutSetRequests snmpOutGetResponses snmpOutTraps usmStatsUnsupportedSecLevels
Description Number of SNMP Set-Request PDUs accepted and processed by the SNMP protocol entity. Number of SNMP Get-Response PDUs accepted and processed by the SNMP protocol entity. Number of SNMP Trap PDUs accepted and processed by the SNMP protocol entity. Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error-status field as tooBig. Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error-status as noSuchName. Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error-status field as badValue. Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error-status field as genErr. Number of SNMP Get-Request PDUs generated by the SNMP protocol entity. Number of SNMP Get-Next PDUs generated by the SNMP protocol entity. Number of SNMP Set-Request PDUs generated by the SNMP protocol entity. Number of SNMP Get-Response PDUs generated by the SNMP protocol entity. Number of SNMP Trap PDUs generated by the SNMP protocol entity. Number of packets received by the SNMP engine that were dropped because they requested a security level that was unknown to the SNMP engine or otherwise unavailable. Number of packets received by the SNMP engine that were dropped because they appeared outside of the authoritative SNMP engines window. Number of packets received by the SNMP engine that were dropped because they referenced a user that was not known to the SNMP engine. Number of packets received by the SNMP engine that were dropped because they referenced an snmpEngineID that was not known to the SNMP engine. Number of packets received by the SNMP engine that were dropped because they did not contain the expected digest value. Number of packets received by the SNMP engine that were dropped because they could not be decrypted.
usmStatsNotInTimeWindows
usmStatsUnknownUserNames
usmStatsUnknownEngineIDs
usmStatsWrongDigests usmStatsDecryptionErrors
1. It is a protocol error to generate an SNMP PDU that contains the value readOnly in the error-status field. This object is provided as a means of detecting incorrect implementations of the SNMP.
2-665
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If the SNMP engine ID is cleared, the system automatically regenerates a local SNMP engine ID. The SNMP engine and SNMP entity has a one-to-one mapping. You can also identify the SNMP entity, which is represented as hexadecimal numbers only, and must be from 5 to 32 bytes long; for example, 00:00:00:09:0a:fe:ff:12:97:33:45:12.
Examples
Table 2-53 describes the fields in the show snmp engineid command output.
Table 2-53 show snmp engineid Command Output Fields
Description String identifying the name of the SNMP copy on the device. Number of times an SNMP engine has been started or reinitialized.
Related Commands
show snmp
2-666
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show snmp group
Syntax Description
volatile nonvolatile
(Optional) Keyword to specify the storage type is defined as temporary memory and the content is deleted if the device is turned off. (Optional) Keyword to specify the storage type is defined as persistent memory and the content remains after the device is turned off and on again. (Optional) Keyword to specify that the storage type is defined as read only. Name of the SNMP group or collection of users who have a common access policy. (Optional) Keyword to display groupname and username as a hexadecimal character. Keyword and variable to specify the SNMP group username. (Optional) Keywords to specify security model v1, v2c, or v3.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the groupname and username (nonprintable delimiters for these parameters), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34. The read-only keyword is supported for security model v3 only.
2-667
Examples
Table 2-54 describes the fields in the show snmp group command output.
Table 2-54 show snmp group Command Output Fields
Field Security Model Security Name Group Name Storage Type Row Status
Description Security model used by the group. Security string definition. Name of the SNMP group or collection of users who have a common access policy. Keyword to indicate whether the settings are volatile or nonvolatile. Status of the entry.
Related Commands
2-668
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show snmp notify
Syntax Description
volatile nonvolatile
(Optional) Keyword to specify the storage type is defined as temporary memory and the content is deleted if the device is turned off. (Optional) Keyword to specify the storage type is defined as persistent memory and the content remains after the device is turned off and on again. (Optional) Keyword to specify that the storage type is defined as read only. (Optional) Keyword to display notifyname as a hexadecimal character. A unique identifier to index the snmpNotifyTable.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the notifyname (nonprintable delimiters for this parameter), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34. The read-only keyword is supported for security model v3 only.
Examples
This example shows how to display the SNMP notify information for a specific notifyname:
Console> (enable) show snmp notify snmpV1Notification Notify Name: snmpV1Notification Notify Tag: snmpV1Trap Notify Type: trap Storage Type: volatile Row Status: active Console> (enable)
2-669
Table 2-55 describes the fields in the show snmp notify command output.
Table 2-55 show snmp notify Command Output Fields
Field Notify Name Notify Tag Notify Type Storage Type Row Status
Description Unique identifier used to index the snmpNotifyTable. Name of the entry in the snmpNotifyTable. Type of notification. Storage type (volatile or nonvolatile). Status of the entry.
Related Commands
2-670
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show snmp targetaddr
Syntax Description
volatile nonvolatile
(Optional) Keyword to specify the storage type is defined as temporary memory and the content is deleted if the device is turned off. (Optional) Keyword to specify the storage type is defined as persistent memory and the content remains after the device is turned off and on again. (Optional) Keyword to specify that the storage type is defined as read only. (Optional) Keyword to display addrname as a hexadecimal character. Name of the target agent; the maximum length is 32 bytes.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the addrname (nonprintable delimiters for this parameter), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34. The read-only keyword is supported for security model v3 only.
Examples
This example shows how to display specific target address information in the snmpTargetAddressTable:
Console> (enable) show snmp targetaddr cisco Target Address Name: cisco IP Address: 170.0.25.1 UDP Port#: 165 Timeout: 100 Retry count: 5 Tag List: tag1 tag2 tag3 Parameters: jeorge Storage Type: nonvolatile Row Status: active Console> (enable)
2-671
Table 2-56 describes the fields in the show snmp targetaddr command output.
Table 2-56 show snmp targetaddr Command Output Fields
Field Target Address Name IP Address UDP Port # Timeout Retry count Tag List Parameters Storage Type Row Status
Description Name of the target address. Target IP address. Number of the UDP port of the target host to use. Number of timeouts. Number of retries. Tags that point to target addresses to send notifications to. Entry in the snmpTargetParamsTable; the maximum length is 32 bytes. Storage type (volatile or nonvolatile). Status of the entry.
Related Commands
2-672
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show snmp targetparams
Syntax Description
volatile nonvolatile
(Optional) Keyword to specify the storage type is defined as temporary memory and the content is deleted if the device is turned off. (Optional) Keyword to specify the storage type is defined as persistent memory and the content remains after the device is turned off and on again. (Optional) Keyword to specify that the storage type is defined as read only. (Optional) Keyword to display paramsname as a hexadecimal character. Name of the parameter in the snmpTargetParamsTable; the maximum length is 32 bytes.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for the paramsname (nonprintable delimiters for this parameter), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34. The read-only keyword is supported for security model v3 only.
Examples
This example shows how to display specific target parameter information in the snmpTargetParamsTable:
Console> (enable) show snmp targetparams snmpV1TrapParams Target Parameter Name: snmpV1TrapParams Message Processing Model: v1 Security Name: public Security Level: noauthentication Storage Type: volatile Row Status: active Console> (enable)
2-673
Table 2-57 describes the fields in the show snmp targetparams command output.
Table 2-57 show snmp targetparams Command Output Fields
Description Version number used by the Message Processing Model. Security string definition. Type of security level (authentication: security level is set to use authentication protocol, noauthentication: security level is not set to use authentication protocol). Storage type (volatile or nonvolatile). Status of the entry.
Related Commands
2-674
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show snmp user
Syntax Description
volatile nonvolatile
(Optional) Keyword to specify the storage type is defined as temporary memory and the content is deleted if the device is turned off. (Optional) Keyword to specify the storage type is defined as persistent memory and the content remains after the device is turned off and on again. (Optional) Keyword to specify that the storage type is defined as read only. (Optional) Keyword to display user as a hexadecimal character. Name of the SNMP user. (Optional) Keyword and variable to specify the username on a remote SNMP engine. Keyword to specify a summary of SNMP users.
Defaults
The default storage type is nonvolatile, and the local SNMP engine ID is used.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for user (nonprintable delimiters for this parameter), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34. The read-only keyword is supported for security model v3 only.
Examples
2-675
Table 2-58 describes the fields in the show snmp user command output.
Table 2-58 show snmp user Command Output Fields
Field EngineId User Name Authentication Protocol Privacy Protocol Storage Type Row Status
Description String identifying the name of the copy of SNMP on the device. String identifying the name of the SNMP user. Type of authentication protocol. Type of privacy authentication protocol. Keyword to indicate whether the settings are volatile or nonvolatile. Status of the entry.
Related Commands
2-676
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show snmp view
Syntax Description
volatile nonvolatile
(Optional) Keyword to specify the storage type is defined as temporary memory and the content is deleted if the device is turned off. (Optional) Keyword to specify the storage type is defined as persistent memory and the content remains after the device is turned off and on again. (Optional) Keyword to specify that the storage type is defined as read only. (Optional) Keyword to display the viewname as a hexadecimal character. Name of a MIB view. Name of the subtree.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
If you use special characters for viewname (nonprintable delimiters for this parameter), you must use a hexadecimal keyword, which is one or two hexadecimal digits separated by a colon (:); for example, 00:ab:34. A MIB subtree used with a mask defines a view subtree; it can be in OID format or a text name mapped to a valid OID. The read-only keyword is supported for security model v3 only.
Examples
2-677
Table 2-59 describes the fields in the show snmp view command output.
Table 2-59 show snmp view Command Output Fields
Field View Name Subtree OID Subtree Mask View Type Storage Type Row Status
Description Name of a MIB view. Name of a MIB subtree in OID format or a text name mapped to a valid OID. Subtree mask can be all ones, all zeros, or a combination of both. Status of whether the MIB subtree is included or excluded. Storage type (volatile or nonvolatile). Status of the entry.
Related Commands
2-678
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show span
show span
Use the show span command to display information about the current SPAN configuration. show span
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display SPAN information for the switch. In this example, the SPAN source is port 2/1 and the SPAN destination is port 2/12. Only transmit traffic is monitored. Normal incoming packets are disabled on the SPAN destination port. Monitoring multicast traffic is enabled.
Console> (enable) show span ---------------------------------------------------------Destination : Port 4/1 Admin Source : Port 2/2 Oper Source : Port 2/2 Direction : transmit/receive Incoming Packets: enabled Learning : Multicast : enabled Filter : 10,20,30,40,50,60,70,80,90,100 Status : inactive Console> (enable)
Table 2-60 describes the fields in the show span command output.
Table 2-60 show span Command Output Fields
Field Destination Admin Source Oper Source Direction Incoming Packets Learning
Description Destination port for SPAN information. Source port or VLAN for SPAN information. Operator port or VLAN for SPAN information. Status of whether transmit, receive, or transmit/receive information is monitored. Status of whether reception of normal incoming packets on the SPAN destination port is enabled or disabled. Status of whether learning is enabled or disabled for the SPAN destination port.
2-679
Description Status of whether monitoring multicast traffic is enabled or disabled. Monitored VLANs in source trunk ports. Bandwidth limits for SPAN traffic, in Mbps.
Related Commands
2-680
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show spantree
show spantree
Use the show spantree command to display spanning tree information for a VLAN. show spantree [vlan | mod/port] [active]
Syntax Description
(Optional) Number of the VLAN. (Optional) Number of the module and the port on the module. (Optional) Keyword to display only the active ports.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify the VLAN number, VLAN 1 is displayed. The maximum length of the channel port list can be 47. The spaces in the Port column may not be enough to display the entire list in one line. If this is the case, the port list is split into multiple lines. For example, in the following display, ports 6/5-8, 6/13, 6/15, 6/17, 6/19 are channeling:
... Port Vlan Port-State Cost Priority Portfast Channel_id ------------------------ ---- ------------- ----- -------- ---------- ---------6/5-8,6/13,6/15,6/17,6/1 9 1 not-connected 0 32 disabled 768 ...
Examples
This example shows how to display the active spanning tree port configuration for VLAN 1:
Console> (enable) show spantree 1 active VLAN 1 Spanning tree enabled Spanning tree type ieee Designated Root 00-50-a7-0c-a0-00 Designated Root Priority 8192 Designated Root Cost 119 Designated Root Port 6/48 Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec Bridge ID MAC ADDR Bridge ID Priority Bridge Max Age 20 sec 00-50-3e-8f-8c-00 32768 Hello Time 2 sec Forward Delay 15 sec
2-681
Port Vlan Port-State Cost Priority Portfast Channel_id ------------------------ ---- ------------- ----- -------- ---------- ---------6/18 1 forwarding 19 32 disabled 0 6/19 1 forwarding 19 32 disabled 0 6/20 1 forwarding 19 32 disabled 0 6/32 1 blocking 19 32 disabled 0 6/33 1 blocking 19 32 disabled 0 6/34 1 blocking 19 32 disabled 0 6/48 1 forwarding 19 32 disabled 0 Console> (enable)
Table 2-61 describes the fields in the show spantree command output:
Table 2-61 show spantree Command Output Fields
Field VLAN Spanning tree Designated Root Designated Root Priority Designated Root Cost Designated Root Port Root Max Age Hello Time Forward Delay Bridge ID MAC ADDR Bridge ID Priority Bridge Max Age Hello Time Forward Delay Port Vlan Port-State Cost Priority Portfast Channel_id
Description VLAN for which spanning tree information is shown. Status of whether Spanning Tree Protocol is enabled or disabled. MAC address of the designated spanning tree root bridge. Priority of the designated root bridge. Total path cost to reach the root. Port through which the root bridge can be reached (shown only on nonroot bridges). Amount of time a BPDU packet should be considered valid. Number of times the root bridge sends BPDUs. Amount of time the port spends in listening or learning mode. Bridge MAC address. Bridge priority. Bridge maximum age. Amount of time the bridge sends BPDUs. Amount of time the bridge spends in listening or learning mode. Port number. VLAN to which the port belongs. Spanning tree port state (disabled, inactive, not-connected, blocking, listening, learning, forwarding, bridging, or type-pvid-inconsistent). Cost associated with the port. Priority associated with the port. Status of whether the port is configured to use the PortFast feature. Channel ID number.
2-682
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show spantree
Related Commands
show spantree backbonefast show spantree blockedports show spantree portvlancost show spantree statistics show spantree summary show spantree uplinkfast
2-683
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display whether the spanning tree Backbone Fast Convergence feature is enabled:
Console> show spantree backbonefast Backbonefast is enabled. Console>
Related Commands
2-684
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show spantree blockedports
Syntax Description
vlan_num
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify a VLAN number, all blocked ports in the system are displayed.
Examples
This example shows how to display the blocked ports for VLAN 1002:
Console> show spantree blockedports 1002 Number of blocked ports (segments) in VLAN 1002 : 0 Console>
Related Commands
show spantree
2-685
Syntax Description
mod/port
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the path cost for the VLANs on port 2/12:
Console> show spantree portvlancost 2/12 Port 2/12 VLANs 1-1005 have path cost 19. Console>
Related Commands
2-686
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show spantree statistics
Syntax Description
mod/port vlan
(Optional) Number of the module and the port on the module. (Optional) Number of the VLAN.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
2-687
INACTIVE 0
VLAN based information & statistics spanningtree type ibm spanningtree multicast address c0-00-00-00-01-00 bridge priority 32768 bridge mac address 00-10-2f-52-eb-ec bridge hello time 2 sec bridge forward delay 4 sec topology change initiator: 1/0 topology change FALSE topology change time 14 topology change detected FALSE topology change count 0 Other port-specific info dynamic max age transitions 0 port bpdu ok count 0 msg age expiry count 0 link loading 1 bpdu in processing FALSE num of similar bpdus to process 0 next state 0 src mac count: 0 total src mac count 0 curr_src_mac 00-00-00-00-00-00 next_src_mac 00-00-00-00-00-00 channel_src_mac 00-00-00-00-00-00 channel src count 0 channel ok count 0 Console> (enable)
Table 2-62 describes the possible fields in the show spantree statistics command output.
Table 2-62 show spantree statistics Command Output Fields
Field
BPDU-related parameters
Description Status of whether Spanning Tree Protocol is enabled or disabled on the port. Spanning tree port state (disabled, listening, learning, forwarding, or blocking). Port identifier of the associated port. Port number. Contribution of the path through this root port. This applies to the total path cost to the root for this bridge. Age of the received protocol information recorded for a port and the value of the Max Age parameter (shown in parentheses) recorded by the switch. MAC address of the designated spanning tree root bridge. Cost of the path to the root offered by the designated port on the LAN to which this port is attached. Bridge identifier of the bridge assumed to be the designated bridge for the LAN associated with the port. Port identifier of the bridge port assumed to be the designated port for the LAN associated with the port.
port spanning tree state port_id port number path cost message age (port/VLAN) designated_root designated_cost designated_bridge designated_port
2-688
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show spantree statistics
Field top_change_ack
Description Value of the Topology Change Acknowledgement flag in the next configured BPDU to be transmitted on the associated port. The flag is set in reply to a Topology Change Notification BPDU. Boolean parameter set to record that a configured BPDU should be transmitted on expiration of the hold timer for the associated port. Status of whether the port is in an inconsistent (PVID or port type) state or not. Number of BPDUs transmitted from the port. The number in parentheses is the number of configured BPDUs transmitted by the switch for this instance of spanning tree. Number of BPDUs received by this port. The number in parentheses is the number of configured BPDUs received by the switch for this instance of spanning tree. Number of TCN BDPUs transmitted on this port. Number of TCN BPDUs received on this port. Number of times the port state transitioned to FORWARDing state. Number of SCP failures. Status of the forward delay timer. This timer monitors the time spent by a port in the listening and learning states. Current value of the forward delay timer. Status of the message age timer. This timer measures the age of the received protocol information recorded for a port. Status of the topology change timer. This timer determines the time period in which configured BPDUs are transmitted with the topology change flag set by the bridge when it is the root following the detection of a topology change. Current value of the topology change timer. Status of the hold timer. This timer ensures that configured BPDUs are not transmitted too frequently through any bridge port. Current value of the hold timer. Status of the delay root port timer. This timer enables fast convergence on linkup when the UplinkFast feature is enabled. Current value of the delay root port timer.
config_pending port_inconsistency config bpdu's xmitted (port/VLAN) config bpdu's received (port/VLAN) tcn bpdu's xmitted (port/VLAN) tcn bpdu's received (port/VLAN) forward trans count scp failure count
Status of Port Timers
forward delay timer forward delay timer value message age timer
message age timer value Current value of the message age timer. topology change timer
topology change timer value hold timer hold timer value delay root port timer delay root port timer value
2-689
Field spanningtree type spanningtree multicast address bridge priority bridge mac address bridge hello time bridge forward delay topology change initiator: topology change topology change time
Description Type of spanning tree (IEEE, IBM, CISCO). Destination address used to send out configured BPDUs on a bridge port. Part of the bridge identifier and is taken as the most significant part bridge ID comparisons. Bridge MAC address. Value of the Hello Time parameter when the bridge is the root or is attempting to become the root. Value of the Forward Delay parameter when the bridge is the root or is attempting to become the root. Number of the port that caused the topology change. Boolean parameter set to record the value of the topology change flag in config BPDUs to be transmitted by the bridge on LANs for which the bridge is the designated bridge Time period for which BPDUs are transmitted with the topology change flag set by the bridge when it is the root following the detection of a topology change. It is equal to the sum of the bridge's Max Age and Forward Delay parameters. Boolean parameter set to TRUE when a topology change has been detected by or notified to the bridge. Number of times the topology change has occurred. MAC address of the bridge that transmitted the last TCN BPDU.
topology change detected topology change count topology change last recvd. from
Other port-specific info
dynamic max age transitions port bpdu ok count msg age expiry count link loading bpdu in processing
Number of dynamic max age transitions. Number of reported port BPDU counts. Number of message age expires. Status of whether the link is oversubscribed. Status of whether the BPDU is under processing.
num of similar bpdus to Number of similar BPDUs to process that are received on a specific port. process received_inferior_bpdu next state src mac count: total src mac count Status of whether the port received an inferior BPDU or in response to an RLQ BPDU. Port state before it is actually set by spanning tree, to faciliate other tasks in using the new value. Number of BPDUs with the same source MAC address. Number of BPDUs with all the source MAC addresses.
2-690
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show spantree statistics
Description Source MAC address of the configured BPDU received on a particular port. It should always be set to NULL for the Catalyst 6000 family switches. MAC address from the different source. It should always be set to NULL for the Catalyst 6000 family switches. Source MAC address of the channel port. It is used to detect channel misconfiguration and avoid spanning tree loops. Number of times channel_src_mac gets changed and if the limit is exceeded, a channel misconfiguration is detected. Number of times the channel ok condition was detected.
Related Commands
show spantree
2-691
Syntax Description
novlan
(Optional) Keyword to display the overall information only; does not display the same information per VLAN.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If the switch is not the root for any VLANs, none is displayed in the Root switch for vlans field.
Examples
Related Commands
show spantree
2-692
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show spantree uplinkfast
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Related Commands
2-693
show summertime
Use the show summertime command to display the current status of the summertime feature. show summertime
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the current status of the summertime feature:
Console> show summertime Summertime is disabled and set to '' Start : Thu Apr 13 2000, 04:30:00 End : Mon Jan 21 2002, 05:30:00 Offset: 1440 minutes (1 day) Recurring: no Console>
Related Commands
set summertime
2-694
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show system
show system
Use the show system command to display system information. show system
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
Examples
2-695
Table 2-63 describes the fields in the show system command output.
Table 2-63 show system Command Output Fields
Field PS1-Status PS2-Status Fan-Status Temp-Alarm Sys-Status Uptime d, h:m:s Logout PS1-Type PS2-Type Modem Baud Traffic Peak Peak-Time PS1 Capacity PS2 Capacity PS Configuration System Name System Location System Contact
Description Status of power supply 1 (ok, fan failed, faulty, or none). Status of power supply 2 (ok, fan failed, faulty, or none). Status of the fan (ok, faulty, or other). Status of whether the temperature alarm is off or on. System status (ok or faulty). Corresponds to system LED status. Amount of time in days, hours, minutes, and seconds, that the system has been up and running. Amount of time after which an idle session is disconnected. Part number of the power supply. Part number of the redundant power supply, if present. Status of the modem status (enable or disable). Baud rate to which the modem is set. Current traffic percentage. Peak percentage of traffic on the backplane. Time stamp when peak percentage was recorded. Power supply 1 maximum capacity. Power supply 2 maximum capacity. Power supply configuration. System name. System location. System contact information.
Related Commands
set system baud set system contact set system location set system modem set system name
2-696
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show system highavailability
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to display the system high availability configuration settings:
Console> (enable) show system highavailability Highavailability:disabled Highavailability versioning:disabled Highavailability Operational-status:OFF(high-availability-not-enabled) Console> (enable)
Related Commands
2-697
show tacacs
Use the show tacacs command to display the TACACS+ protocol configuration. show tacacs [noalias]
Syntax Description
noalias
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Table 2-64 describes the fields in the show tacacs command output.
Table 2-64 show tacacs Command Output Fields
Field Login authentication Console Session Telnet Session Enable Authentication Tacacs login attempts
Description Display of the login authentication types. Status of whether the console session is enabled or disabled. Status of whether the Telnet session is enabled or disabled. Display of the enable authentication types. Number of failed login attempts allowed.
2-698
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show tacacs
Description Time in seconds to wait for a response from the TACACS+ server. Status of whether TACACS+ directed-request option is enabled or disabled. IP addresses or IP aliases of configured TACACS+ servers. Primary TACACS+ server.
Related Commands
set tacacs attempts set tacacs directedrequest set tacacs key set tacacs server set tacacs timeout
2-699
show tech-support
Use the show tech-support command to display system and configuration information you can provide to the Cisco Technical Assistance Center (TAC) when reporting a problem. show tech-support [module mod | port mod/port] [vlan vlan_num] [config | memory]
Syntax Description
(Optional) Keyword and variable to specify the module number of the switch ports. (Optional) Keyword and variable to specify the module and port number of the switch ports. (Optional) Keyword and variable to specify the VLAN. Keyword to display switch configuration. Keyword to display memory and processor state data.
Defaults
By default, this command displays the output for technical-support-related show commands. Use keywords to specify the type of information to be displayed. If you do not specify any parameters, the system displays all configuration, memory, module, port, and VLAN data.
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Caution
Avoid running multiple show tech-support commands on a switch or multiple switches on the network segment. Doing so may cause spanning tree instability. The show tech-support command output is continuous; it does not display one screen at a time. To interrupt the output, press Ctrl-C. If you specify the config keyword, the show tech-support command displays the output of these commands:
show config show flash show log show microcode show module show port show spantree active
2-700
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show tech-support
show spantree summary show system show test show trunk show version show vlan
If you specify the memory keyword, the show tech-support command displays the output of these commands:
ps ps -c show cam static show cam system show flash show memory buffers show microcode show module show proc show proc mem show proc cpu show system show spantree active show version
If you specify a module, port, or VLAN number, the system displays general system information and information for the component you specified.
Related Commands
2-701
show test
Use the show test command to display the errors reported from the diagnostic tests. show test [mod]
Syntax Description
mod
(Optional) Number of the module. If you do not specify a number, test statistics are given for the general system as well as for the supervisor engine.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
Only error conditions are displayed. If there are no errors, PASS is displayed in the Line Card Status field.
Examples
Module 2 Cafe II Status : NewLearnTest: . IndexLearnTest: . DontForwardTest: . DontLearnTest: . ConditionalLearnTest: . BadBpduTest: . TrapTest: . Loopback Status [Reported by Module 2] : Ports 1 2 ----------. .
2-702
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show test
This example shows the display when errors are reported by the LCP for module 3:
Console> show test 3 Module 3 : 12-port 1000BaseX Ethernet Line Card Status for Module 3 : FAIL Error Device Number ------------------------------------------------------------ -----------------------Port asic error 1,2,5,12 CPU error 0 Line Card Diag Status for Module 3 (. = Pass, F = Fail, N = N/A) Loopback Status [Reported by Module 1] : Ports 1 2 3 4 5 6 7 8 9 10 11 12 ----------------------------------------. . . . . . . . . . . . Channel Status : Ports 1 2 3 4 5 6 7 8 9 10 11 12 ----------------------------------------. . . . . . . . . . . .
2-703
Module 1 Earl IV Status : NewLearnTest: . IndexLearnTest: . DontForwardTest: . DontLearnTest: . ConditionalLearnTest: . BadBpduTest: . TrapTest: . MatchTest: . SpanTest: . CaptureTest: . Loopback Status [Reported by Module 1] : Ports 1 2 ----------. . Channel Status : Ports 1 2 ----------. .
Table 2-65 describes the possible fields in the show test command output. The fields shown depend on the module type queried.
Table 2-65 show test Command Output Fields
Description Test results that apply to the general system environment. Test results for the 3.3V power supply. Test results for the 12V power supply. Test results for the 24V power supply.
2-704
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show test
Field PS1 PS2 Temperature Fan Module # Network Management Processor (NMP) Status ROM Flash-EEPROM Ser-EEPROM NVRAM EARL Status NewLearnTest IndexLearnTest DontForwardTest MonitorTest DontLearn FlushPacket ConditionalLearn EarlLearnDiscard EarlTrapTest LCP Diag Status for Module 1 CPU Sprom Bootcsum Archsum RAM LTL CBL DPRAM SAMBA Saints Pkt Bufs Repeater
Description Test results for power supply 1. Test results for power supply 2. Test results for temperature. Test results for the fan. Test results that apply to module #. The module type is indicated as well. Test results that apply to the NMP on the supervisor engine module. Test results for ROM. Test results for the Flash EEPROM. Test results for serial EEPROM. Test results for the NVRAM. Fields that display the EARL status information. Test results for NewLearn test (EARL). Test results for IndexLearn test (EARL). Test results for DontForward test (EARL). Test results for Monitor test (EARL). Test results for DontLearn test (EARL). Test results for FlushPacket test (EARL). Test results for ConditionalLearn test (EARL). Test results for EarlLearnDiscard test (EARL). Test results for EarlTrap test (EARL). Test results for the specified module. Test results for the CPU. Test results for serial PROM. Test results for Boot ROM checksum. Test results for archive Flash checksum. Test results for the RAM. Test results for local-target logic. Test results for color-blocking logic. Test results for dual-port RAM. Test results for SAMBA chip. Test results for SAINT chips. Test results for the packet buffers. Test results for the repeater module.
2-705
Field FLASH EOBC Local Power Phoenix TrafficMeter UplinkSprom PhoenixSprom MII Status SAINT/SAGE Status Phoenix Port Status Packet Buffer Status Phoenix Packet Buffer Status Loopback Status Channel Status
Description Test results for the Flash memory. Channel through which a module exchanges control messages with the other modules in the system. Status of the DC converter on a module that supplies power to the entire module except the power management block on the module. Test results for the Phoenix. Test results for the TrafficMeter. Test results for the Uplink SPROM. Test results for the Phoenix SPROM. Test results for MII ports. Test results for individual SAINT/SAGE chip. Test results for Phoenix ports. Test results for individual packet buffer. Test results for Phoenix packet buffer. Test results for the loopback test. Test results for the channel test.
2-706
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands show time
show time
Use the show time command to display the current time of day in the system clock. show time
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
The output shows the day of the week, month, day, year, hour, minutes, and seconds.
Related Commands
set time
2-707
show timezone
Use the show timezone command to display the current time zone and offset. show timezone
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the current time zone and offset:
Console> show timezone Timezone set to 'pst', offset from UTC is -8 hours Console>
Related Commands
2-708
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show top
show top
Use the show top command to start the TopN process. show top [N] [metric] [interval interval] [port_type] [background]
Syntax Description
N metric
(Optional) Number of ports displayed; valid values are 1 to a maximum number of physical ports. (Optional) Port statistic to sort on; valid values are: utilutilization bytesin/out bytes pktsin/out packets bcstin/out broadcast packets mcstin/out multicast packets in-errorsin errors buf-ovflwbuffer overflow
interval interval
(Optional) Keyword to specify duration of sample (in seconds). (Optional) Number of seconds for sample; valid values are 0 and from 10 to 999 seconds. If the value is 0, the N topmost ports by absolute counter values are displayed. (Optional) Type of switch ports to use for report; valid values are: allAll port types are used ethAll Ethernet port types are used 10e10Mbps Ethenet ports types are used feFast Ethernet port types are used geGigabit Ethernet port types are used
port_type
background
(Optional) Keyword to specify the TopN report not to print to the screen when the task is done. Instead, a notification is sent out when the reports are ready.
Defaults
Number of ports displayed is 20. Port statistics to report on is util. Sample duration is 30 seconds. Switch port type is all.
Command Types
Switch command.
Command Modes
Normal.
2-709
Usage Guidelines
You can terminate TopN processes with the background option specified only by using the clear top [report_num] command. TopN reports with the background option specified are not displayed on the screen unless you enter a show top report [report_num] command. If you do not specify the background option, the output TopN results are dumped to the screen when the task is done, and the results are printed one time only and are not saved. You can terminate TopN processes (without the background option) by pressing Ctrl-C in the same Telnet/console session, or by entering a clear top [report_num] command from a separate Telnet/console session. The prompt is not printed before the TopN report completely displays. Other commands are blocked until the report has displayed.
Examples
This example shows how to start the TopN process with the background option:
Console> show top 10 util interval 600 background 03/09/2000,14:05:38:MGMT-5: TopN report 2 started by telnet/172.20.22.7/. Console> 03/09/2000,14:15:38:MGMT-5: TopN report 2 available.
This example shows how to start the TopN process without the background option:
Console> show top 10 util interval 600 Start Time: 03/19/2000,12:04:16 End Time: 03/19/2000,12:14:18 PortType: all Metric: util Port Band- Uti Tx/Rx-bytes Tx/Rx-pkts Tx/Rx-bcst Tx/Rx-mcst In- Bufwidth % err Ovflw ----- ----- --- -------------------- ---------- ---------- ---------- ---- ----1/1 100 0 65433 824 0 719 0 0 5/48 10 0 3543 45 0 34 0 0 5/47 10 0 45367 124 0 219 0 0 5/46 10 0 23456 49 0 108 0 0 Console>
This example shows how to start the TopN process for a specific port type:
Console> show top 5 10e interval 0 Start Time: 03/09/2000,11:03:21 End Time: 03/09/2000,11:03:21 PortType: 10Mbps Ethernet Metric: util Port Band- Uti Bytes Pkts Bcst Mcst Error Over width % (Tx + Rx) (Tx + Rx) (Tx + Rx) (Tx + Rx) (Rx) flow ----- ----- --- -------------------- ---------- ---------- ---------- ----- ---2/1 10 0 0 0 0 0 0 0 3/12 auto 0 0 0 0 0 0 0 3/11 auto 0 0 0 0 0 0 0 3/10 auto 0 0 0 0 0 0 0 3/9 auto 0 0 0 0 0 0 0 Console>
Related Commands
2-710
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show top report
Syntax Description
report_num
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
If you do not specify report_num, this command lists all the active TopN processes and all the available TopN reports for the switch. Each process is associated with a unique report number. All TopN processes (both with and without a background option) are shown in the list. An asterisk displayed after the pending status field indicates that it is not a background TopN and the results are not saved.
Examples
This example shows how to display all the active TopN processes and all the available TopN reports for the switch:
Int --60 600 300 60 N --20 10 20 20 Metric ---------Tx/Rx-Bytes Util In-Errors In-Errors Status -------done done pending pending* Owner (type/machine/user) ------------------------telnet/172.20.22.7/ telnet/172.34.39.6/ Console// Console//
Console> show top report Rpt Start time --- ------------------1 03/09/2000,11:34:00 2 03/09/2000,11:34:08 4 03/09/2000,11:35:17 5 03/09/2000,11:34:26 Console>
This example shows an attempt to display a TopN report 5 (shown in the first example) that is still in pending status:
Console> show top report Rpt Start time --- ------------------5 03/09/2000,11:34:26 Console> 5 Int N Metric Status Owner (type/machine/user) --- --- ---------- -------- ------------------------60 20 In-Errors pending* Console//
2-711
This example shows how to display the available TopN report 2 (shown in the first example) for the switch:
Console> show top report 2 Start Time: 03/09/2000,11:34:00 End Time: 03/09/2000,11:34:33 PortType: all Metric: util Port Band- Uti Tx/Rx-bytes width % ----- ----- --- -------------------/15 100 88 98765432109876543210 5/48 10 75 44532 5/47 10 67 5432 5/46 10 56 1432 5/45 10 54 432 5/44 10 48 3210 5/43 10 45 432 5/42 10 37 5432 5/41 10 36 1432 5/40 10 14 2732 Console>
Tx/Rx-pkts Tx/Rx-bcst Tx/Rx-mcst Inerr ---------- ---------- ---------- ---9876543210 98765 12345 123 5389 87 2 0 398 87 2 0 398 87 2 0 398 87 2 0 65 10 10 15 5398 87 2 2 398 87 2 0 398 87 2 0 398 87 2 0
BufOvflw ----321 0 0 0 0 5 0 0 0 0
Related Commands
2-712
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show trace
show trace
Use the show trace command to display trace category and level. show trace [all]
Syntax Description
all
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the active trace category and level information only:
Console> show trace Trace monitor is enabled for this session. Trace Category Level -------------- ----HTTP 3 SYNFIG 5 Console>
This example shows how to display all trace category and level information:
Console> show trace all Trace monitor is enabled for this session. Trace Category Level -------------- ----ACCT off ACL off BDD off CDP off CONFIG off COPS off DHCP off DIAG off DNS off DRIP off DTP off DUPFLASH off DUPNVRAM off DYNVLAN off EARL off ENVMON off EOBC off EPLD off ESSR off EVMGR off FCP off FDDI off
2-713
FDDI FILESYS HAMGR HTTP GARP GVRP INBAND IPC KERBEROS L3AGE L3SUP LANE LD LLC LTL MBUF MCAST MDG MEMDBG MLS MLSM MODPORT NTP NVSYNC OOB PAGP PROTFILT PPWR PRUNING PRIVATEVLAN QOS RADIUS REDUN RSFC RSVP RUNTIMECFG SCP SECURITY SLP SNMP SPAN STP SYNCMGR SYNFIG SYSLOG TACACS TEST TFTP TFTPD UDLD VERB VMPS VTP Console>
off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off off 1 off off off off off off 1 off
2-714
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show trunk
show trunk
Use the show trunk command to display trunking information for the switch. show trunk [mod[/port]] [detail]
Syntax Description
(Optional) Number of the module. (Optional) Number of the port. (Optional) Keyword to show detailed information about the specified trunk port.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
Entering the show trunk command without specifying a module or port number displays only the actively trunking ports. To display the trunking configuration for a port that is not actively trunking, specify the module and port number of the port you want to display.The MSM port displays as a port that is always trunking, with allowed and active VLANs for each VLAN configured on the MSM. Entering the show trunk command displays untagged traffic received over the dot1q trunk. For ISL trunks, packets are tagged on all VLANs (including native VLANs). In the show trunk detail command output, the Peer-Port field displays either the module and port number of the peer connection, or multiple or unknown. Multiple is displayed if connected to shared media, and unknown is displayed if DTP is not running on the other side. If you enter the show trunk command on a trunk where a VTP domain mismatch exists, an asterisk is displayed after the trunk status and the following:
* - indicates vtp domain mismatch.
In the show trunk command output, the ports and VLANs listed in the spanning tree forward state and not pruned fields are the same regardless of whether or not VTP or GVRP is running.
Examples
This example shows how to display trunking information for the switch:
Console> (enable) show Port Mode -------- ----------4/9 auto 4/10 desirable Port -------4/9 4/10 trunk Encapsulation ------------isl isl Status -----------trunking trunking Native vlan ----------1 1
2-715
Port Vlans in spanning tree forwarding state and not pruned -------- --------------------------------------------------------------------4/9 1005 4/10 1005 Console> (enable)
This example shows how to display detailed information about the specified trunk port:
Console> (enable) show Port Mode -------- ----------1/1 auto Port -------1/1 Port -------1/1 Port -------1/1 Port -------1/1 Peer-Port --------2/3 trunk 1/1 detail Encapsulation Status ------------- -----------negotiate not-trunking Encapsulation ------------n-isl Native vlan ----------1
Mode ----------auto
TrunkFramesTx -------------------0
TrunkFramesRx -------------------0
Vlans allowed on trunk --------------------------------------------------------------------1-1005 Vlans allowed and active in management domain --------------------------------------------------------------------1
Port Vlans in spanning tree forwarding state and not pruned -------- --------------------------------------------------------------------1/1 Console> (enable)
This example shows how to display detailed information about the specified trunk port that has a VTP domain mismatch:
Console> (enable) show Port Mode -------- ----------3/1 auto Port -------3/1 Port -------3/1 Port -------3/1 Peer-Port --------2/3 trunk 3/1 detail Encapsulation Status Native vlan ------------- ------------ ----------negotiate not-trunking* 1 Encapsulation ------------n-isl Status -----------not-trunking WrongEncap ---------0
Mode ----------auto
TrunkFramesTx -------------------0
TrunkFramesRx -------------------0
2-716
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show trunk
Port -------3/1
Port Vlans in spanning tree forwarding state and not pruned -------- --------------------------------------------------------------------3/1 Console> (enable)
Table 2-66 describes the fields in the show trunk command outputs.
Table 2-66 show trunk Command Output Fields
Description Module and port numbers. Trunk administrative status of the port (on, off, auto, desirable, or nonegotiate). Trunking type configured by administration. Status of whether the port is trunking or nontrunking. Number of the native VLAN for the trunk link (the VLAN for which untagged traffic can be transmitted and received over the dot1q trunk). Range of VLANs allowed to go on the trunk (default is 1 to 1000).
Vlans allowed and active in Range of active VLANs within the allowed range. management domain Vlans in spanning tree forwarding state and not pruned Peer-Port TrunkFramesTx TrunkFramesRx WrongEncap Range of VLANs that actually go on the trunk with Spanning Tree Protocol forwarding state. Peer connection information (module and port number of peer connection, multiple, or unknown). Number of ISL/802.1q frames transmitted on a port. Number of ISL/802.1q frames received on a port. Number of frames with the wrong encapsulation received on a port.
Related Commands
set trunk
2-717
show udld
Use the show udld command to display UDLD information. show udld show udld port [mod[/port]]
Syntax Description
Keyword to specify module and ports or just modules. (Optional) Number of the module for which UDLD information is displayed. (Optional) Number of the port for which UDLD information is displayed.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to find out whether or not UDLD is enabled:
Console> show udld UDLD : enabled Console>
This example shows how to display UDLD information for a specific module and port:
Console> show udld port 2/1 UDLD :enabled Message Interval :60 seconds Port Admin Status Aggressive Mode -------- ------------ --------------2/1 enabled disabled Console>
This example shows how to display UDLD information for all ports on a specific module:
Console> (enable) show udld port 1 UDLD :enabled Message Interval :60 seconds Port Admin Status Aggressive Mode -------- ------------ --------------1/1 disabled disabled 1/2 disabled enabled Console>
2-718
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show udld
Table 2-67 describes the fields in the show udld command output.
Table 2-67 show udld Command Output Fields
Description Status of whether UDLD is enabled or disabled. Module and port numbers. Status of whether administration status is enabled or disabled. Status of whether aggressive mode is enabled or disabled. Status of the link: undetermined (detection in progress, UDLD has been disabled on the neighbors), not applicable (UDLD is not supported on the port, UDLD has been disabled on the port, or the port is disabled), shutdown (unidirectional link has been detected and the port disabled), bidirectional (bidirectional link has been detected).
Related Commands
2-719
show users
Use the show users command to show if the console port is active and to list all active Telnet sessions with the IP address or IP alias of the originating host. show users [noalias]
Syntax Description
noalias
(Optional) Keyword to indicate, not to display, the IP alias; the IP address is displayed.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the users of the active Telnet sessions:
Console> show users Console Port -----------Active Telnet Sessions ---------------------------------------172.16.10.75 172.16.10.75 171.31.1.203 Console> User ------------------------------
The output shows the state of the console port (active or inactive) and the IP address or IP alias of each active Telnet session.
Related Commands
disconnect
2-720
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands show version
show version
Use the show version command to display software, hardware, and web interface version information. show version [mod]
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
This example shows how to display the software and hardware versions:
Console> show version WS-C6009 Software, Version NmpSW: 5.5(1) Copyright (c) 1995-2000 by Cisco Systems NMP S/W compiled on Feb 16 2000, 08:37:13 System Bootstrap Version: 5.2(1) Hardware Version: 1.0 Model: WS-C6009 Serial #: SCA030900JA
Mod Port Model Serial # Versions --- ---- ------------------- ----------- -------------------------------------1 2 WS-X6K-SUP1A-2GE SAD03392376 Hw : 1.0 Fw : 5.2(1) Fw1: 5.1(1)CSX Sw : 5.5(1) Sw1: 5.5(1) 2 1 WS-X6380-NAM JAB0343055Y Hw : 0.201 Fw : 4.2(0.24)DAY68 Sw : 5.5(1) 5 48 WS-X6248-RJ-45 SAD03181291 Hw : 1.0 Fw : 4.2(0.24)VAI78 Sw : 5.5(1) DRAM FLASH NVRAM Module Total Used Free Total Used Free Total Used Free ------ ------- ------- ------- ------- ------- ------- ----- ----- ----1 65408K 37576K 27832K 16384K 12925K 3459K 512K 222K 290K Uptime is 4 days, 7 hours, 15 minutes Console> (enable)
2-721
This example show how to display version information for a specific module:
Console> Mod Port --- ---9 48 (enable) show version 2 Model Serial # Versions ------------------- ----------- -------------------------------------WS-X6348 SAD03414268 Hw :0.201 Fw :5.3(1) Sw :5.5(1) WS-F6K-VPWR Hw :1.0 Console> (enable)
Table 2-68 describes the fields in the show version command output.
Table 2-68 show version Command Output Fields
Field NmpSW NMP S/W compiled on System Bootstrap Version Web Interface Version Hardware Version Model Serial # Module Port Model Serial # Versions Hw Fw Fw1 Sw Sw1 DRAM Total Used Free FLASH Total Used Free NVRAM Total Used
Description Version number of the NMP software. Date and time that the NMP software was compiled. System bootstrap version number. Web interface version number. Hardware version number. Switch model number. Switch serial number. Module number. Number of ports on the module. Model number of the module. Serial number of the module. Hardware, software, and firmware versions of the module. Hardware version of the module. Version of the boot code (for switching modules) or bootstrap (for the supervisor engine). Version of the firmware boot code (on the supervisor engine). Version of the firmware runtime installed (on the switching module) or the software version (on the supervisor engine). Version of the firmware runtime (on the supervisor engine). Total dynamic RAM installed on the module. Amount of DRAM in use. Amount of available DRAM. Total Flash memory installed on the module. Amount of Flash memory in use. Amount of available Flash memory. Total NVRAM installed on the module. Amount of NVRAM in use.
2-722
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show version
Description Amount of available NVRAM. Number of uninterrupted days, hours, minutes, and seconds the system has been up and running.
2-723
show vlan
Use the show vlan command set to display VLAN information. show vlan [trunk] show vlan vlan [notrunk] show vlan mapping show vlan type
Syntax Description
(Optional) Keyword to force the display to show information only on trunk ports. Number of the VLAN. (Optional) Keyword to force the display to show information only on nontrunk ports. Keyword to display VLAN mapping table information. Type of the VLAN; valid values are ethernet, fddi, fddinet, trbrf, or trcrf.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
Each Ethernet switch port and Ethernet repeater group belong to only one VLAN. Trunk ports can be on multiple VLANs. If you do not specify the VLAN number, all VLANs are displayed.
Examples
This example shows how to display information for all VLAN trunks:
Console> show vlan trunk VLAN Name Status IfIndex Mod/Ports, Vlans ---- -------------------------------- --------- ------- -----------------------1 default active 5 2/1-2 6/4-8 10 VLAN0010 active 18 6/1,6/3 11 VLAN0011 active 19 6/2 20 VLAN0020 active 20 21 VLAN0021 active 21 30 VLAN0030 active 22 31 VLAN0031 active 23 1002 fddi-default active 6
2-724
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show vlan
1003 token-ring-default 1004 fddinet-default 1005 trnet-default VLAN ---1 10 11 20 21 30 31 1002 1003 1004 1005 Type ----enet enet enet enet enet enet enet fddi trcrf fdnet trbrf SAID ---------100001 100010 100011 100020 100021 100030 100031 101002 101003 101004 101005 MTU ----1500 1500 1500 1500 1500 1500 1500 1500 1500 1500 1500 Parent -----0 -
DynCreated ---------static static static static static static static static static static static
RSPAN -------disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled
VLAN AREHops STEHops Backup CRF 1q VLAN ---- ------- ------- ---------- ------1003 7 7 off
Primary ------10 11 30 -
Secondary --------20 21 31
This example shows how to display the VLAN mapping table information:
Console> show vlan mapping 802.1q vlan ISL vlan Effective -----------------------------------------3000 300 true Console>
2-725
This example shows how to display information for a specific VLAN and type:
Console> show vlan 2 fddi VLAN Name Status IfIndex Mod/Ports, Vlans ---- -------------------------------- --------- ------- -----------------------1002 fddi-default active 6
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ -----1002 fddi 101002 1500 0 0
This example shows how to display information for nontrunk ports only on a specific VLAN:
Console> (enable) show vlan 2 notrunk VLAN Name Status IfIndex Mod/Ports, Vlans ---- -------------------------------- --------- ------- -----------------------2 VLAN0002 active 60
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ -----2 enet 100002 1500 0 0
VLAN AREHops STEHops Backup CRF 1q VLAN ---- ------- ------- ---------- ------Console>
Table 2-69 describes the fields in the show vlan command output.
Table 2-69 show vlan Command Output Fields
Field VLAN Name Status IfIndex Type SAID MTU Parent RingNo
Description VLAN number. Name, if configured, of the VLAN. Status of the VLAN (active or suspend). Number of the ifIndex. Media type of the VLAN. Security association ID value for the VLAN. Maximum transmission unit size for the VLAN. Parent VLAN, if one exists. Ring number for the VLAN, if applicable.
2-726
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show vlan
Field BrdgNo Stp BrdgMode DynCreated RSPAN AREHops STEHops Backup CRF 802.1Q Vlan ISL Vlan Effective Primary Secondary Secondary-Type Ports
Description Bridge number for the VLAN, if applicable. Spanning Tree Protocol type used on the VLAN. Bridging mode for this VLAN. Possible values are SRB and SRT; the default is SRB. Status of whether the VLAN is created statically or dynamically. Status of whether RSPAN is enabled or disabled. Maximum number of hops for All-Routes Explorer frames. Possible values are 1 through 13; the default is 7. Maximum number of hops for Spanning Tree Explorer frames. Possible values are 1 through 13; the default is 7. Status of whether the TrCRF is a backup path for traffic. Number of the 802.1Q VLAN. Number of the ISL VLAN. Status of the VLAN. If the VLAN is active and its type is Ethernet, true is displayed; if not, false is displayed. Number of the primary VLAN in a private VLAN. Number of the secondary VLAN in a private VLAN. Type of secondary VLAN port. Possible values are isolated, community, or -. Number of the module and ports associated to a specific private VLAN pair.
Related Commands
2-727
show voicevlan
Use the show voicevlan command to show the voice information for a specific VLAN. show voicevlan {mod/port | vlan} show voicevlan vlan
Syntax Description
mod/port vlan
Number of the module and port on the module. Number of the voice VLAN; valid values are from 1 to 4094.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Usage Guidelines
Voice VLAN mode (on or off) Voice VLAN type (untagged or dot1p) Voice value and type
Examples
This example shows how to display the ports associated with a specific voice VLAN:
Console> show voicevlan 2993 V-VLAN Mod/Ports ------ ----------------------2993 2/1-6,3/4-8,5-2-25 Console>
This example shows how to display voice VLAN information for a specific module and range of ports:
Console> show voicevlan 3/4-6 Port V-VLAN Mode ----- -------------- ---3/4 untagged off 3/5 2993 on 3/6 802.1p on Console>
Related Commands
clear voicevlan
2-728
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show vtp domain
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Table 2-70 describes the fields in the show vtp domain command output.
Table 2-70 show vtp domain Command Output Fields
Field Domain Name Domain Index VTP Version Local Mode Password Vlan-count Max-vlan-storage Config Revision Notifications
Description Name of the VTP domain. Domain index number of the domain. VTP version number. VTP mode (server, client, or transparent). Password required or not. Total number of VLANs in the domain. Maximum number of VLANs allowed on the device. VTP revision number used to exchange VLAN information. Notifications to SNMP (enabled or disabled).
2-729
Description IP address through which VTP was last updated. Status on whether VTP V2 mode is enabled or disabled. Status on whether VTP pruning is enabled or disabled. VLANs on which pruning is allowed.
Related Commands
2-730
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands show vtp statistics
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
----- ---------------4/2 0 0
Table 2-71 describes the fields in the show vtp statistics command output.
Table 2-71 show vtp statistics Command Output Fields
Field summary advts received subset advts received request advts received summary advts transmitted subset advts transmitted
Description Total number of summary advts received. Total number of subset advts received. Total number of request advts received. Total number of summary advts transmitted. Total number of subset advts transmitted.
2-731
Field No of config revision errors No of config digest errors Trunk Join Transmitted Join Received
Description Number of config revision errors. Number of config revision digest errors. Trunk port participating in VTP pruning. Number of VTP-Pruning Joins transmitted. Number of VTP-Pruning Joins received.
Summary advts received Number of Summary advts received from nonpruning-capable from nonpruningdevices. capable device GVRP PDU Received Number of GVRP messages received on VTP trunks.
Related Commands
2-732
78-10558-02
Chapter 2
slip
Use the slip command to attach or detach SLIP for the console port. slip {attach | detach}
Syntax Description
attach detach
Keyword to activate SLIP for the console port. Keyword to deactivate SLIP for the console port.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
You can use the slip command from a console port session or a Telnet session.
Examples
This example shows how to enable SLIP for a console port during a console port session:
Console> (enable) slip attach Console port now running SLIP. <console port running SLIP>
This example shows how to disable SLIP for a console port during a Telnet session:
Console> (enable) slip detach SLIP detached on Console port. <console port back to RS-232 Console> Console> (enable)
Related Commands
set interface
2-733
Chapter 2 squeeze
squeeze
Use the squeeze command to delete Flash files permanently. squeeze [m/]device:
Syntax Description
m/ device:
(Optional) Module number of the supervisor engine containing the Flash device. Device where the Flash resides.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
These examples show how to use the squeeze command to delete the slot0 Flash files and then use the show flash command to confirm the deletion:
Console> squeeze slot0: All deleted files will be removed, proceed (y/n) [n]?y Squeeze operation may take a while, proceed (y/n) [n]?y .......................................................... Console> show flash -#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name 1 .. 2 f3a3e7c1 607f80 24 6061822 Mar 31 2000 15:42:49 cat6000-sup. 5-5-1.bin 7336000 bytes available (1052608 bytes used) Console>
Related Commands
2-734
78-10558-02
22
Chapter 2 Catalyst 6000 Family Switch and ROM Monitor Commands stack
stack
Use the stack command to dump a stack trace of frames. stack [-d | -m] [num]
Syntax Description
-d -m num
(Optional) Keyword to dump the ROM monitor stack. (Optional) Keyword to specify addresses to dump. (Optional) Number of frames.
Defaults
Command Types
Command Modes
Normal.
Usage Guidelines
Examples
This example shows how to use the stack command to dump a stack trace of eight frames:
rommon 5 > stack 8 Kernel Level Stack Trace: Initial SP = 0x60276a98, Initial PC = 0x60033054, RA = 0x6006d380 Frame 0 : FP= 0x60276a98, PC= 0x60033054, 0 bytes Frame 1 : FP= 0x60276a98, PC= 0x6006d380, 24 bytes Frame 2 : FP= 0x60276ab0, PC= 0x600e5218, 40 bytes Frame 3 : FP= 0x60276ad8, PC= 0x600dcd48, 32 bytes Frame 4 : FP= 0x60276af8, PC= 0x60033fdc, 0 bytes Process Initial Frame 0 Frame 1 Frame 2 Frame 3 Frame 4 Frame 5 Frame 6 Frame 7 Level Stack Trace: SP = 0x80007ce8, Initial PC = 0x600dfd38, RA = 0x600dfd20 : FP= 0x80007ce8, PC= 0x600dfd38, 24 bytes : FP= 0x80007d00, PC= 0x6005b260, 32 bytes : FP= 0x80007d20, PC= 0x6005c05c, 192 bytes : FP= 0x80007de0, PC= 0x6005b54c, 24 bytes : FP= 0x80007df8, PC= 0x600e82e0, 56 bytes : FP= 0x80007e30, PC= 0x600e9484, 40 bytes : FP= 0x80007e58, PC= 0x600e8b28, 24 bytes : FP= 0x80007e70, PC= 0x600de224, 72 bytes
2-735
Chapter 2 switch
switch
Use the switch command to switch the clock from the supervisor clock to the internal clock or from the active supervisor engine to the standby supervisor engine. switch {clock | supervisor}
Syntax Description
clock supervisor
Keyword to switch the clock from the supervisor clock to the internal clock. Keyword to switch from the active supervisor engine to the standby supervisor engine.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
2-736
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands switch console
switch console
Use the switch console command to switch the console connection physically to the MSFC on the active supervisor engine. switch console [mNo]
Syntax Description
mNo
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The switch console command allows you to change to the MSFC that shares the slot with the active supervisor engine. To use this command, it is necessary to have active and standby supervisor engine consoles. Otherwise, you cannot use the switch console command to switch to the console of the MSFC placed in the standby supervisor engine slot. If you place the MSFC on a supervisor engine installed in slot 1, the MSFC is recognized as module 15. If you install the supervisor engine in slot 2, the MSFC is recognized as module 16. If the optional argument mNo is excluded, the console will switch to MSFC on the active supervisor engine. To exit from the router CLI back to the switch CLI, enter the exit command at the Router> prompt.
Examples
This example shows how to switch the console connection to the MSFC on the active supervisor engine:
Console> (enable) switch console 15 Trying Router-15... Connected to Router-15. Type 'exit' to switch back...
2-737
Chapter 2 sync
sync
Use the sync command to write the working in-core copy of environment variables and the aliases out to NVRAM so they are read on the next reset. sync
Syntax Description
Defaults
Command Types
Command Modes
Normal.
Examples
2-738
78-10558-02
Chapter 2
sysret
Use the sysret command to display the return information from the last booted system image. sysret
Syntax Description
Defaults
Command Types
Command Modes
Normal.
Usage Guidelines
Examples
This example shows how to use the sysret command to display the return information from the last booted system image:
rommon 8 > sysret System Return Info: count: 19, reason: user break pc:0x60043754, error address: 0x0 Stack Trace: FP: 0x80007e78, PC: 0x60043754 FP: 0x80007ed8, PC: 0x6001540c FP: 0x80007ef8, PC: 0x600087f0 FP: 0x80007f18, PC: 0x80008734
2-739
Chapter 2 telnet
telnet
Use the telnet command to start a Telnet connection to a remote host. telnet host [port]
Syntax Description
host port
Name or IP address of the remote host to which you want to connect. (Optional) Specific port connection on the remote host.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
This example shows how to open and close a Telnet session with the host elvis:
Console> (enable) telnet elvis Trying 192.122.174.11... Connected to elvis. Escape character is ^]. UNIX(r) System V Release 4.0 (elvis) login: fred Password: Last login: Thu Oct 15 09:25:01 from forster.cisc.rum Sun Microsystems Inc. SunOS 5.4 Generic July 1994 You have new mail. % logout Console> (enable)
Related Commands
disconnect
2-740
78-10558-02
Chapter 2
Catalyst 6000 Family Switch and ROM Monitor Commands test snmp trap
Syntax Description
trap_num specific_num
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
Related Commands
2-741
Chapter 2 traceroute
traceroute
Use the traceroute command to display a hop-by-hop path through an IP network from the Catalyst 6000 family switch to a specific destination host. traceroute [-n] [-w wait_time] [-i initial_ttl] [-m max_ttl] [-p dest_port] [-q nqueries] [-t tos] host [data_size]
Syntax Description
-n
(Optional) Option that prevents traceroute from performing a DNS lookup for each hop on the path. Only numerical IP addresses are printed.
-w wait_time (Optional) Option used to specify the amount of time (in seconds) that traceroute will wait for an ICMP response message. The allowed range for wait_time is from 1 to 300 seconds; the default is 5 seconds. -i initial_ttl (Optional) Option that causes traceroute to send ICMP datagrams with a TTL value equal to initial_ttl instead of the default TTL of 1. This causes traceroute to skip processing for hosts that are less than initial_ttl hops away. (Optional) Option used to specify the maximum TTL value for outgoing ICMP datagrams. The allowed range for max_ttl is from 1 to 255; the default value is 30. (Optional) Option used to specify the base UDP destination port number used in traceroute datagrams. This value is incremented each time a datagram is sent. The allowed range for dest_port is from 1 to 65535; the default base port is 33434. Use this option in the unlikely event that the destination host is listening to a port in the default traceroute port range. (Optional) Option used to specify the number of datagrams to send for each TTL value. The allowed range for nqueries is from 1 to 1000; the default is 3. (Optional) Option used to specify the ToS to be set in the IP header of the outgoing datagrams. The allowed range for tos is from 0 to 255; the default is 0. Use this option to see if different types of service cause routes to change. IP alias or IP address in dot notation (a.b.c.d) of the destination host. (Optional) Number of bytes, in addition to the default of 40 bytes, of the outgoing datagrams. The allowed range is from 0 to 1420; the default is 0.
-m max_ttl -p dest_port
-q nqueries -t tos
host data_size
Defaults
Entering the traceroute host command without options sends three 40-byte ICMP datagrams with an initial TTL of 1, a maximum TTL of 30, a timeout period of 5 seconds, and a ToS specification of 0 to destination UDP port number 33434. For each host in the processed path, the initial TTL for each host and the destination UDP port number for each packet sent are incremented by one.
Command Types
Switch command.
Command Modes
Privileged.
2-742
78-10558-02
Chapter 2
Usage Guidelines
To interrupt traceroute after the command has been issued, press Ctrl-C. The traceroute command uses the TTL field in the IP header to cause routers and servers to generate specific return messages. Traceroute starts by sending a UDP datagram to the destination host with the TTL field set to 1. If a router finds a TTL value of 1 or 0, it drops the datagram and sends back an ICMP time-exceeded message to the sender. The traceroute facility determines the address of the first hop by examining the source address field of the ICMP time-exceeded message. To identify the next hop, traceroute again sends a UDP packet but this time with a TTL value of 2. The first router decrements the TTL field by 1 and sends the datagram to the next router. The second router sees a TTL value of 1, discards the datagram, and returns the time-exceeded message to the source. This process continues until the TTL is incremented to a value large enough for the datagram to reach the destination host (or until the maximum TTL is reached). To determine when a datagram has reached its destination, traceroute sets the UDP destination port in the datagram to a very large value that the destination host is unlikely to be using. When a host receives a datagram with an unrecognized port number, it sends an ICMP port unreachable error to the source. This message indicates to the traceroute facility that it has reached the destination. Catalyst 6000 family switches can participate as the source or destination of the traceroute command. However, because they are Layer 2 devices, Catalyst 6000 family switches do not examine the TTL field in the IP header and do not decrement the TTL field or send ICMP time-exceeded messages. Thus, a Catalyst 6000 family switch does not appear as a hop in the traceroute command output.
Examples
This example shows how to use the traceroute command to determine the path from the source to the destination host server10:
Console> (enable) traceroute server10 traceroute to server10.company.com (172.16.22.7), 30 hops max, 40 byte packets 1 engineering-1.company.com (172.31.192.206) 2 ms 1 ms 1 ms 2 engineering-2.company.com (172.31.196.204) 2 ms 3 ms 2 ms 3 gateway_a.company.com (172.16.1.201) 6 ms 3 ms 3 ms 4 server10.company.com (172.16.22.7) 3 ms * 2 ms Console> (enable)
Description Maximum TTL value and the size of the ICMP datagrams being sent. Total time (in milliseconds) for each ICMP datagram to reach the router or host plus the time it took for the ICMP time-exceeded message to return to the host. An exclamation point following any of these values (for example, 20 ms !) indicates that the port-unreachable message returned by the destination had a TTL of 0 or 1. Typically, this occurs when the destination uses the TTL value from the arriving datagram as the TTL in its ICMP reply. The reply does not arrive at the source until the destination receives a traceroute datagram with a TTL equal to the number of hops between the source and destination.
3 ms * 2 ms
* indicates that the timeout period (default of 5 seconds) expired before an ICMP time-exceeded message was received for the datagram.
2-743
Chapter 2 traceroute
If traceroute receives an ICMP error message other than a time-exceeded or port-unreachable message, it prints one of the error codes shown in Table 2-73 instead of the round-trip time or an asterisk (*).
Table 2-73 traceroute Error Messages
Meaning No route to host. The network is unreachable. No route to host. The host is unreachable. Connection refused. The protocol is unreachable. Fragmentation needed but do not fragment (DF) bit was set. Source route failed. Communication administratively prohibited. Unknown error occurred.
Related Commands
ping
2-744
78-10558-02
Chapter 2
unalias
Use the unalias command to remove the alias name and associated value from the alias list. unalias name
Syntax Description
name
Defaults
Command Types
Command Modes
Normal.
Usage Guidelines
You must issue a sync command to save your change. Otherwise, the change is not saved and a reset removes your change.
Examples
This example shows how to use the unalias command to remove the s alias and then check to ensure it was removed:
rommon 5 > alias r=repeat h=history ?=help b=boot ls=dir i=reset k=stack s=set rommon 6 > unalias s rommon 7 > alias r=repeat h=history ?=help b=boot ls=dir i=reset k=stack rmmon 8 > s monitor: command "s" not found ===========================================================================
Related Commands
alias
2-745
Chapter 2 undelete
undelete
Use the undelete command to recover a deleted file on a Flash memory device. The deleted file can be recovered using its index (because there could be multiple deleted files with the same name). undelete index [[m/]device:]
Syntax Description
index m/ device:
Index number of the deleted file. (Optional) Module number of the supervisor engine containing the Flash device. (Optional) Device where the Flash resides.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
A colon (:) is required after the specified device. See the dirswitch command to learn the index number of the file to be undeleted. A file cannot be undeleted if a valid file with the same name exists. You must delete the existing file before you can undelete the target file. A file can be deleted and undeleted up to 15 times. To delete all deleted files permanently on a device, use the squeeze command.
Examples
This example shows how to recover the deleted file with index 1 and use the show flash command to confirm:
Console> (enable) undelete 1 bootflash: Console> (enable) Console> (enable) show flash -#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name 1 .. ffffffff f3a3e7c1 607f80 24 6061822 Mar 03 2000 15:42:49 cat6000-sup. 5-5-1.bin 2 .. ffffffff aa825ac6 be9234 24 6165044 Mar 21 2000 14:40:15 cat6000-sup. 5-5-1.bin 1428272 bytes available (6173904 bytes used) Console> (enable)
Related Commands
2-746
78-10558-02
Chapter 2
unset=
Use the unset= command to remove a variable name from the variable list. unset=varname
Syntax Description
varname
Defaults
Command Types
Command Modes
Normal.
Usage Guidelines
You must enter the sync command to save your change to NVRAM. Otherwise, the change is not saved and a reset removes your change.
Examples
This example shows how to use the set command to display the variable list, remove a variable name from the variable list, and then display the variable list to verify:
rommon 2 > PS1=rommon BOOT= ?=0 rommon 3 > rommon 4 > PS1=rommon BOOT= set ! >
Related Commands
varname=
2-747
Chapter 2 upload
upload
Use the upload command to upload a software image to a network host. upload host file [mod]
Syntax Description
IP address or IP alias of the host. Name of the image file. (Optional) Number of the module from which to upload the image file.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
To upload a software image for the MSM, use the session command. This command is not supported by the Gigabit Ethernet switching module. If you do not specify a number, the image is uploaded to module 1.
Examples
This example shows how to upload the supervisor image to the cat6000-sup.5-5-1.bin file on the mercury host:
Console> (enable) upload mercury cat6000-sup.5-5-1.bin 3 Upload Module 1 image to cat6000-sup.5-5-1.bin on mercury (y/n) [n]? y / Done. Finished Network Upload. (153908 bytes) Console> (enable)
Related Commands
download
2-748
78-10558-02
Chapter 2
varname=
Use the varname= command to set the variable VARNAME to varvalue. Note that the syntax varname= sets the variable to a NULL string. varname=value
Syntax Description
varname= value
Defaults
Command Types
Command Modes
Normal.
Usage Guidelines
Do not put a space before or after the equal (=) sign. If there are spaces, you must place the value in quotes. Spell out variable names in uppercase letters to make them conspicuous.
Examples
Related Commands
unset=
2-749
Chapter 2 verify
verify
Use the verify command to confirm the checksum of a file on a Flash device. verify [[m/]device:] filename
Syntax Description
m/ device: filename
(Optional) Module number of the supervisor engine containing the Flash device. (Optional) Device where the Flash resides. Name of the configuration file.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
Examples
2-750
78-10558-02
Chapter 2
wait
Use the wait command to cause the CLI to pause for a specified number of seconds before executing the next command. This command might be included in a configuration file. wait seconds
Syntax Description
seconds
Number of seconds for the CLI to wait before executing the next command.
Defaults
Command Types
Switch command.
Command Modes
Normal.
Examples
Console>
2-751
Chapter 2 whichboot
whichboot
Use the whichboot command to determine which file booted. whichboot
Syntax Description
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Examples
2-752
78-10558-02
Chapter 2
write
Use the write command set to upload the current configuration to the network or display the configuration information currently in running memory. write network [all] write terminal [all] write {host file} [all] [rcp]
Syntax Description
Keyword to specify interactive prompting for the IP address or IP alias of the host and the filename to upload. (Optional) Keyword to specify default and non-default configuration settings. Keyword to display the non-default configuration file on the terminal. IP address or IP alias of the host. Name of the configuration file. (Optional) Keyword to upload a software image to a host using rcp.
Defaults
Command Types
Switch command.
Command Modes
Privileged.
Usage Guidelines
The write terminal command is exactly the same as the show config command. The write host file command is a shorthand version of the write network command. You cannot use the write network command to upload software to the ATM module. With the write network command, the file must already exist on the host (use the UNIX touch filename command to create it).
Examples
This example shows how to upload the system5.cfg file to the mercury host using the write network command:
Console> (enable) write network IP address or name of host? mercury Name of configuration file to write? system5.cfg Upload configuration to system5.cfg on mercury (y/n) [y]? y / Done. Finished Network Upload. (9003 bytes) Console> (enable)
2-753
Chapter 2 write
This example shows how to upload the system5.cfg file to the mercury host using the write host file command as a shorthand method:
Console> (enable) write mercury system5.cfg Upload configuration to system5.cfg on mercury (y/n) [y]? y / Done. Finished Network Upload. (9003 bytes) Console> (enable)
This example shows how to use the write terminal command to display the configuration file on the terminal (partial display):
Console> (enable) write terminal ! .... ............
............ ............
begin ! #version 4.2(0.24)VAI58 set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 set prompt Console> set length 24 default set logout 20 set banner motd ^C^C ! #system set system baud 9600 set system modem disable set system name set system location set system contact ! #power set power redundancy enable ! #snmp set snmp community read-only public set snmp community read-write private set snmp community read-write-all secret set snmp rmon disable set snmp trap disable module ... <<<< output truncated >>>>
Related Commands
2-754
78-10558-02
A P P E N D I X
Acronyms
Table A-1 defines the acronyms used in this publication.
Table A-1 List of Acronyms
Acronym AAL ACE ACL AFI AMP APaRT ARP ASLB ATM BES BPDU BRF BUS CAM CoS CDP CLI COPS CPLD CRC CRF DCC DEC DFI DHCP
Expansion ATM adaptation layer access control entry access control list authority and format identifier Active Monitor Present Automated Packet Recognition/Translation Address Resolution Protocol accelerated server load balancing Asynchronous Transfer Mode bursty errored seconds bridge protocol data unit bridge relay function broadcast and unknown server content-addressable memory class of service Cisco Discovery Protocol command-line interface Common Open Policy Service Complex Programmable Logic Device cyclic redundancy check concentrator relay function Data Country Code Digital Equipment Corporation Domain-Specific Part Format Identifier Dynamic Host Configuration Protocol
A-1
Appendix A
Acronyms
Table A-1
Acronym DISL DMP DNS DRAM DRiP DSAP DSBM DSCP DSP DTP EARL EEPROM ESI FEFI GARP GMRP GSR GVRP HCRMON HDD HTTP ICD ICMP IETF IGMP IDP ILMI IP IPC IPX ISL ISO KDC LAN LANE LCP
Expansion Dynamic Inter-Switch Link data movement processor Domain Name System dynamic RAM Dual Ring Protocol destination service access point Designated Subnet Bandwidth Manager differentiated services code point digital signal processing or processor Dynamic Trunking Protocol Enhanced Address Recognition Logic electrically erasable programmable read-only memory end-system identifier far end fault indication General Attribute Registration Protocol GARP Multicast Registration Protocol Gigabit Switch Router GARP VLAN Registration Protocol High Capacity RMON hard disk drive driver HyperText Transfer Protocol International Code Designator Internet Control Message Protocol Internet Engineering Task Force Internet Group Management Protocol initial domain part Integrated Local Management Interface Internet Protocol interprocessor communication Internetwork Packet Exchange Inter-Switch Link International Organization of Standardization Key Distribution Center local area network LAN Emulation Link Control Protocol
A-2
78-10558-02
Appendix A
Acronyms
Table A-1
Acronym LCV LD LEC LECS LEM LER LES LLC MAC MIB MII MLS MMLS MOP MOTD MSFC MSM MTP MTU NAM NDE NFFC NMP NSAP NTP NVRAM OAM OSI OUI PAgP PCM PCR PDP PDU PEP PFC
Expansion line code violation seconds LocalDirector LAN Emulation Client LAN Emulation Configuration Server link error monitor link error rate LAN Emulation Server or Line Errored Seconds Logical Link Control Media Access Control Management Information Base media-independent interface Multilayer Switching Multicast Multilayer Switching Maintenance Operation Protocol message-of-the-day Multilayer Switch Feature Card Multilayer Switch Module Media Termination Point maximum transmission unit Network Analysis Module NetFlow Data Export NetFlow Feature Card Network Management Processor network service access point Network Time Protocol nonvolatile RAM Operation, Administration, and Maintenance Open System Interconnection organizational unique identifier Port Aggregation Protocol pulse code modulation peak cell rate policy decision point protocol data unit policy enforcement point Policy Feature Card
A-3
Appendix A
Acronyms
Table A-1
Acronym PHY PIB PPP PRID QoS RACL RADIUS RAM rcp RGMP RIF RMON ROM RSPAN RST RSVP SAID SAP SIMM SLCP SLIP SMP SMT SNAP SNMP SPAN SSH STE STP SVC TACACS+ TCP/IP TFTP TGT TopN TOS
Expansion physical sublayer policy information base Point-to-Point Protocol Policy Rule Identifiers quality of service router interface access control list Remote Access Dial-In User Service random-access memory Remote Copy Protocol Router-Ports Group Management Protocol Routing Information Field Remote Monitoring read-only memory remote SPAN reset ReSerVation Protocol Security Association Identifier service access point single in-line memory module Supervisor Line-Card Processor Serial Line Internet Protocol Standby Monitor Present Station Management Subnetwork Access Protocol Simple Network Management Protocol Switched Port Analyzer Secure SHell Spanning Tree Explorer Spanning Tree Protocol switched virtual circuit Terminal Access Controller Access Control System Plus Transmission Control Protocol/Internet Protocol Trivial File Transfer Protocol ticket granting ticket Utility that allows the user to analyze port traffic by reports type of service
A-4
78-10558-02
Appendix A
Acronyms
Table A-1
Acronym TLV TTL TVX UDLD UDP UNI UTC VACL VCC VCI VCR VIP VLAN VMPS VTP VID WRED WRR
Expansion type-length-value Time To Live valid transmission UniDirectional Link Detection Protocol User Datagram Protocol User-Network Interface Coordinated Universal Time VLAN access control list virtual channel connection (in ATM technology), virtual channel circuit virtual circuit identifier Virtual Configuration Register virtual IP address virtual LAN VLAN Membership Policy Server VLAN Trunk Protocol VLAN ID weighted random early detection weighted round-robin
A-5
Appendix A
Acronyms
A-6
78-10558-02
I N D E X
Symbols
? (help) switch CLI
1-8
clearing the NAM boot string displaying the NAM boot string setting the boot environment
2-10 2-453
boot configuration register, setting BOOT environment variable, setting broadcast/multicast suppression disabling
2-630 2-49 2-578
A
ACL displaying the ACL management information acronyms, list of See ARP table alias clearing defining displaying ARP table adding entries clearing entries displaying table ASLB configuring ASLB information displaying ASLB information removing ASLB entries auxiliary VLAN configuring ports
2-271 2-576 2-35 2-98 2-235 2-520 2-151 2-7 2-449 2-151 2-6 2-150 2-448 A-1
C
CAM table adding
2-175 2-12 2-456
deleting an entry
displaying aging time information displaying the table setting the agingtime CDP configuring displaying channel setting the channel path cost setting the channel VLAN cost CLI ROM monitor CLI accessing operating switch CLI accessing
1-12 1-13 2-179 2-177 2-459 2-453 2-175
2-583
2-180
B
boot
command aliases
command completion
Index
command help command modes console port IP addresses IP aliases IPX addresses MAC addresses operating Telnet
1-2 1-3
1-8 1-3
2-126
command-line processing
1-3 1-2 2-130
ending a session
1-11 1-11
1-11 1-11
varname=
1-8
controlling capitalization
designating keystroke as command entry editing wrapping command lines moving around
1-4 1-5
redisplaying the current command line scrolling down a line or screen transposing mistyped characters command-line-interface See CLI command modes switch CLI, normal mode top-level, normal mode Commands ROM Monitor Commands alias
2-2 2-101 2-103 1-3 1-3 1-6 1-7
1-6
clear cam
2-12 2-13
clear counters
clear gmrp statistics clear gvrp statistics clear igmp statistics clear ip alias
1-9 2-23
clear ip dns domain clear ip dns server clear ip permit clear ip route
2-26 2-28
2-24 2-25
clear kerberos clients mandatory clear kerberos credentials forward clear kerberos creds
2-112 2-31 2-32 2-33 2-34
2-29 2-30
2-111
dir--ROM monitor
2-123 2-124
history--ROM monitor
2-124
clear lda
2-35
78-10558-02
Index
clear log
2-88
clear module password clear multicast router clear ntp server clear port cops
2-48
2-93
clear voicevlan
2-94 2-95
commit lda
clear qos cos-dscp-map clear qos dscp-cos-map clear qos mac-cos clear qos map
2-61 2-60
delete disable
clear qos policed-dscp-map clear qos policer clear radius key clear radius server clear rgmp statistics clear security acl
2-64 2-67 2-67 2-68
history--switch
2-127 2-129 2-130 2-131 2-135 2-138 2-139
2-69 2-70
clear security acl capture-ports clear security acl map clear snmp access clear snmp group clear snmp notify
2-73 2-74 2-75 2-76 2-77 2-71
rollback session
clear snmp targetaddress clear snmp targetparams clear snmp trap clear snmp user clear snmp view
2-78 2-79 2-80
set accounting commands set accounting connect set accounting exec set accounting system set accounting suppress
2-144
2-141
2-142
2-81 2-82
Index
set arp
set ip dns server set ip http port set ip http server set ip permit set ip redirect set ip route
2-215 2-216
set ip fragmentation
2-217
set authentication enable set authentication login set authorization enable set authorization exec set banner motd
2-163 2-164
2-218
2-159
set ip unreachable
2-166 2-168
set kerberos clients mandatory set kerberos credentials forward set kerberos local-realm set kerberos realm
2-228 2-229 2-230 2-227
set boot config-register set boot device set cam set cdp
2-175 2-177 2-179 2-171
set kerberos srvtab entry set kerberos srvtab remote set key config-key set lda
2-235 2-238 2-239 2-240 2-241 2-244 2-247 2-249 2-233 2-180
2-232
set length
2-185
set default portstatus set enablepass set feature mdg set garp timer set gmrp
2-193 2-194
set errdisable-timeout
2-190 2-191
set mls multicast disable set mls multicast enable set mls nde
2-255 2-255 2-255 2-255
2-199 2-200
set mls nde disable set mls nde enable set mls nde flow
2-255 2-255
set mls nde flow include set mls nde version set module disable set module enable
2-255
2-258
2-214
78-10558-02
Index
set qos acl default-action set qos acl ip set qos acl ipx set qos acl mac set qos acl map
2-317 2-322 2-325 2-327
2-315
set ntp broadcastclient set ntp broadcastdelay set ntp client set ntp server set password
2-268 2-269 2-270
2-328
set port auxiliaryvlan set port broadcast set port cops set port disable set port duplex set port enable set port gmrp set port gvrp set port host set port jumbo set port name
2-277 2-278 2-279 2-280
set qos dscp-cos-map set qos ip-precmap set qos mac-cos set qos map
2-336
2-273
2-338
2-339 2-341
2-287
2-345
2-348
set port negotiation set port protocol set port qos set port qos cos set port qos trust
2-349 2-350
2-293
set radius retransmit set radius timeout set rcp username set rgmp
2-301 2-354 2-355
set port qos trust-ext set port security set port speed set port trap
set rspan
set security acl capture-ports set security acl ip set security acl ipx set security acl mac set security acl map set snmp access set snmp community set snmp group set snmp notify
2-375 2-376 2-359 2-364 2-367 2-369
2-358
set port voice interface set power redundancy set prompt set pvlan set qos
2-309 2-310
set protocolfilter
2-311
Index
set udld
2-433 2-435
set snmp targetaddr set snmp trap set snmp user set snmp view set span
2-389 2-383 2-385 2-387
set udld aggressive-mode set udld interval set vlan set vtp
2-392 2-437 2-440 2-436
2-444
set spantree backbonefast set spantree disable set spantree enable set spantree hello set spantree fwddelay set spantree maxage set spantree portcost set spantree portfast set spantree portpri set spantree portstate set spantree portvlanpri set spantree priority set spantree root set summertime set system baud set system contact set spantree uplinkfast
2-411 2-413 2-414 2-407
2-445
2-450 2-451
2-453
show cam agingtime show cam count show cam msfc show cdp
2-459 2-462 2-458
2-456
2-457
2-469
2-409
2-479
show environment
2-416 2-417
set system highavailability set system location set system modem set system name set tacacs attempts set tacacs key set tacacs server set tacacs timeout set time set trunk
2-428 2-429 2-424 2-425 2-426 2-419 2-420 2-421 2-422
2-494
2-497 2-498
2-504
set timezone
2-506
2-430
Catalyst 6000 Family Command Reference
78-10558-02
Index
show ip alias show ip dns show ip http show ip route show kerberos show lda show log
show port flowcontrol show port inlinepower show port jumbo show port protocol show port qos show port status show port voice
2-529 2-600 2-597
show ip permit
2-598
2-599
2-614 2-616
show microcode
2-534
2-533
2-536 2-541
2-623 2-625
2-630 2-631
show qos bridged-packet-policing show qos info show qos maps show qos policer show qos policier
2-556 2-557 2-632 2-637
2-554
show multicast group count show multicast router show netstat show ntp show port
2-560 2-567 2-569 2-558
show qos rsvp+ info show qos statistics show radius show reset
2-648 2-649
2-645 2-646
2-650 2-651
show port auxiliaryvlan show port broadcast show port capabilities show port cdp show port cops
2-583 2-584
2-654 2-656
2-590
2-658
Index
show snmp
switch telnet
2-736 2-737
show snmp access show snmp counters show snmp engineid show snmp group show snmp notify
switch console
2-740
2-741
2-742
show snmp targetaddr show snmp user show snmp view show span
2-679 2-681 2-675 2-677
whichboot
show spantree
show spantree backbonefast show spantree blockedports show spantree portvlancost show spantree statistics show spantree summary show spantree uplinkfast show summertime show system show tacacs show test show time show top show trace show trunk show udld show users show version show vlan show voicevlan show vtp domain show vtp statistics slip
2-733 2-734 2-695 2-694
Common Open Policy Service See COPS content-addressable memory See CAM table context-sensitive help COPS clearing domain name clearing roles
2-17 2-17 2-183 2-183 2-17 1-10
2-697
clearing servers
show tech-support
2-702 2-707
show timezone
2-709
2-708
displaying COPS information for RSVP+ displaying the policy tree information displaying the ports assigned to each role setting connection retry interval setting memory usage country code setting
2-415 2-183 2-183
2-480
2-480 2-480
2-711
D
designating ports diagnostic tests setting level
2-427 1-10 1-10
designating VLANs
squeeze
78-10558-02
Index
disabling ports
See GARP, setting timers GMRP clearing statistics information displaying timer values
2-497 2-20 2-496
downloading an image
2-200 2-498
2-524
2-200
E
enabling ports error detection disabling enabling inband memory
2-189 2-489 2-280
I
ifIndex, displaying IGMP clearing statistics information displaying IGMP mode
2-503 2-504 2-207 2-22 2-502
displaying settings
2-189 2-189 2-189 2-189
setting IGMP snooping mode See IGMP Internet Protocol See IP addresses IP addresses clearing IP alias adding clearing
2-212 2-23 1-11 2-26 1-11
port counter
F
Flash configuration file appending overwriting recurrence
2-168 2-168 2-168
designating in CLI
designating in CLI
G
GARP, setting timers See GMRP GARP VLAN Registration Protocol See GVRP General Attribute Registration Protocol
2-191
displaying IP DNS
2-509
clearing the default DNS domain name defining the IP address of a DNS server displaying DNS domain name displaying DNS name server displaying DNS name servers removing a DNS server
2-25 2-510 2-510 2-509
2-24 2-215
Index
1-11
M
MAC addresses clearing MAC address from list of secure MAC addresses 2-52
J
jumbo frames displaying settings enabling feature
2-597 2-288
1-11 2-530
2-240
K
Kerberos authenticating users
2-227
message-of-the-day banner clearing MLS adding protocols to the protocol statistics list clearing IP, IPX MLS, or NDE filter features
2-33 2-258 2-40 2-8 2-163
programming
clearing Kerberos realm to DNS domain name map 2-32 clearing secret key
2-34
clearing mls exclude protocol clearing the NDE filter features disabling the IP multicast MLS displaying excluded protocols
2-43 2-44
disabling mandatory authentication displaying configuration information displaying credentials information enabling mandatory authentication forwarding user credentials
2-226
displaying IP MLS statistics information displaying IP multicast MLS information displaying IPX MLS statistics information displaying IPX state information
2-536
entering SRVTAB file from command line mapping realm to DNS domain name providing file containing secret key specifying which KDC to use
2-229 2-228 2-232
2-534
2-545
L
LCP configuring error detection displaying error detection local director See LDA
2-234 2-519
displaying router processor MLS information enabling the IP multicast MLS setting MLS aging time
2-249 2-249 2-255 2-253
2-536
setting MLS fast aging time setting the MLS NDE feature
specifying a protocol port to be excluded from being shortcut 2-251 modules shutting down the NAM and IDS modules
2-263
10
78-10558-02
Index
2-13
disabling line protocol state displaying line protocol state enabling line protocol state multicast router clearing
2-47 2-265
displaying port or module information displaying port statistics password set enablepass See PAgP
2-558 2-186 2-462
2-584
configuring a port
displaying ports with IGMP-capable routers Multilayer Switch Module See MSM
A-3
defining EtherChannel administrative groups PVLAN binding port to private VLAN clearing configuration deleting mapping
2-374 2-53 2-621 2-623 2-313 2-16 2-311 2-311
N
NAM clearing the NAM boot string clearing the password
2-46 2-10
disabling SNMP extended RMON support displaying the NAM boot string setting the boot environment shutting down the module NTP
2-453
displaying configuration
network interfaces, displaying information on configuring the IP address of the NTP server configuring time-adjustment factor disabling the switch as an NTP client displaying the current NTP status removing servers from table
2-48 2-267 2-268
2-507
Q
QoS
2-269
allocating packet memory buffer clearing mac-cos values clearing map values
2-61 2-66 2-60
2-344 2-138
2-567 2-268
O
open session with module
2-139
clearing the IP precedence-to-DSCP map configuring the access port displaying counters
2-646 2-300
2-330
P
PAgP
displaying current information for the MAC address/VLAN pair 2-637 displaying information for the MAC address and VLAN pair 2-637
11
Index
2-600
displaying policy source information displaying related information enabling microflow policing disabling microflow policing mapping CoS values
2-336 2-328 2-632
2-64 2-64
mapping IP precedence-to-DSCP
2-642 2-338
mapping in-profile DSCPs changes when policed resetting the policed-dscp table to the default specifying a microflow policing rule
2-339
returning to factory-set threshold, queue, and threshold map defaults 2-56 setting CoS values
2-335
2-63
setting default for all packets arriving through an untrusted port 2-297 setting packet buffer memory setting packet value
2-297 2-341 2-341 2-344
R
RADIUS accounting of privileged mode events accounting of system events
2-147 2-67 2-67 2-648, 2-144
clearing the RADIUS server table clearing the RADIUS shared key
2-650 2-295, 2-297
setting the switch to participate in the DSBM election 2-301 setting trusted state
2-298
specifying interface as port or VLAN specifying the CoS-to-DSCP map specifying WRED threshold specifying WRR weights turning QoS off turning QoS on
2-314 2-314 2-342 2-342 2-345 2-346
2-329
setting the encryption and authentication setting the RADIUS deadtime setting up the RADIUS server rcp copying a software image to Flash memory downloading configuration file
2-99 2-348
2-352
2-350
2-117
attaching an ACL to an interface defining default action defining IP access lists defining IPX access lists defining MAC access lists
2-315 2-317 2-322 2-325
2-327 2-138
uploading Flash image or switch configuration Remote Control Protocol See rcp remote span
2-625 2-626
2-355 2-652
12
78-10558-02
Index
security ACL capture displaying capture port list entries setting ports to capture traffic SNMP
2-85 2-656 2-70
schedule reset
2-135
adding a trap receiver table entry clearing target parameters configuring a new user configuring target paramters configuring the MIB view
2-77
2-383 2-78
displaying multicast group count displaying multicast groups enabling accessing operating RSVP+
2-354 2-650
2-651
configuring the target address entry defining group access rights disabling extendedrmon disabling RMON support
2-140 2-371
2-379 2-373
ROM monitor variable names, displaying displaying COPS information for RSVP+ displaying RSVP+ information
2-645
2-480
displaying group or users with common access policy 2-667 displaying information for a specifc user displaying MIB view configuration displaying target address entries displaying target parameter entries displaying the local engine ID enabling extendedrmon enabling RMON support
2-374 2-378 2-677 2-669 2-675
S
security ACL clearing changes from the edit buffer
2-138
2-671 2-673
2-666
creating new entry in a non-IP or non-IPX protocol VACL 2-367 creating new entry in standard IPX VACL displaying the committed ACL displaying the mapped ACL
2-654 2-654 2-364 2-658
establishing the relationship between group and user 2-375 removing an individual user removing a notifyname
2-75 2-74 2-79
removing an SNMP user from an SNMP group removing a target address entry removing group access rights removing the MIB view entry setting the notifyname entry setting the notifytag entry SNMP trap receiver table
2-76 2-73 2-80 2-376 2-376
removing all ACEs from an ACL and removing the ACL from the editbuffer 2-69 removing VACL to VLAN mapping setting security ACL
2-359 2-71
13
Index
adding an entry disabling traps enabling traps spanning tree clearing statistics sending message
disabling displaying
2-84
resetting port VLAN priority restoring default path cost turning off UplinkFast switch CLI accessing aliases
1-7 1-10 1-1
deleting displaying
2-39 2-527
2-81 2-83
T
TACACS+ accounting for commands
2-141 2-142 2-144
command completion
1-8
configuring maximum number of login attempts controlling switch access disable authorization
2-146 2-425 1-3
2-422
command-line editing features command-line processing command modes completion keyword lookup self-repeat console port help switch CLI IP addresses IP aliases operating Telnet setting system log clearing buffer deleting entries
2-38 2-37 1-2 1-8 1-8 1-11 1-2 1-10 1-11 1-11 1-3
disabling TACACS+ directed-request option displaying accounting information displaying authorization information displaying protocol configuration enable authorization
2-157 2-445 2-451
2-423
2-698
designating modules
enable authorization of EXEC mode events enabling TACACS+ directed-request option removing a host
2-87 2-86 2-149
2-161 2-159
2-423
history substitution
1-11 1-11
MAC addresses
1-3
setting authentication and encryption key setting response timeout interval TACACS, RADIUS, KERBEROS
2-426
2-424
system location
2-415
enabling as the primary authentication method for login 2-155 TACACS, RADIUS, KERBEROS, HTTP displaying authentication information Telnet
2-450
14
78-10558-02
Index
connecting
displaying power administration statusr displaying power operational status setting default power allocation setting inline power mode setting port voice interface DHCP server DNS server TFTP server VTP defining the VTP password disabling VTP pruning
2-442 2-442 2-306 2-306 2-306 2-287 2-208
2-596
disconnecting
2-596
displaying all TopN processes and specific TopN reports 2-711 starting stopping
2-709 2-89
U
UDLD disabling aggressive mode displaying information enabling aggressive mode setting message interval See UDLD uploading current configuration to the network
2-753 2-435 2-718 2-435 2-433
displaying VTP domain information displaying VTP statistics enabling VTP pruning setting the options for VTP setting the version 2 mode setting the VTP mode setting the VTP domain name
2-442 2-731 2-442 2-442 2-442 2-442
2-729
specifying pruning-eligible VTP domain VLANs specifying pruning-ineligible VTP domain VLANs 2-95
2-444
W V
variable name, removing VLAN deleting
2-91 2-93 2-724 2-437 2-440 2-747 2-749
web interface configuring TCP port number disabling the HTTP server displaying HTTP configuration displaying version information enabling the HTTP server
2-218 2-217 2-218 2-511 2-713
deleting VLAN-mapped pairs displaying VLAN information grouping ports into a VLAN voice
mapping 802.1Q VLANs to ISL VLANs displaying active call information displaying FDL information displaying inline power status displaying port voice interface
2-614 2-486 2-610
2-606
15
Index
16
78-10558-02