Introduction Overview This chapter describes the CLI command modes, how to access the CLI, and the CLI command editing features. CLI Command Modes The Command Line Interface (CLI) is divided into four command modes. The command modes are (in the order in which they are accessed): •...
Page 17
Introduction To access the next higher mode (Privileged EXEC mode), use the enable command and enter the password for the higher level when prompted. Privileged EXEC Mode Users with levels 7 and 15 initially log into Privileged EXEC mode, which is password-protected to prevent unauthorized use, as many of its commands set operating system parameters.
Introduction Global Configuration Mode The Global Configuration mode is used to configure features at the system level, and not at the interface level. Only users with command level of 7 or 15 can access this mode. To access Global Configuration mode from Privileged EXEC mode, enter the configure command at the Privileged EXEC mode prompt and press Enter.
Page 19
Introduction Console# Console# configure Console(config)# interface range gi1-5 Console(config-if)#speed 10 Console(config-if)#exit Console(config)# The exit command returns to Global Configuration mode. The following submodes are available: • Interface — Contains commands that configure a specific interface (port, VLAN, port channel, or tunnel) or range of interfaces. The Global Configuration mode command interface is used to enter the Interface Configuration mode.
Page 20
Introduction • MAC Access-List — Configures conditions required to allow traffic based on MAC addresses. The mac access-list Global Configuration mode command is used to enter the MAC access-list configuration mode. To return from any Interface Configuration mode to the Global Configuration mode, use the exit command.
Page 21
Introduction Example — Create passwords for level 7 and 15 (by the administrator) Console>configure Console<conf># enable password level 7 level7@abc Console<conf># enable password level 15 level15@abc Console<conf># Create a user with user level 1: Console> Console> username john password john1234 privilege 1 Console>...
Introduction Accessing the Command Line Interface The Command Line Interface (CLI) can be accessed from a terminal or computer by performing one of the following tasks: • Running a terminal application, such as HyperTerminal, on a computer that is directly connected to the Switch’s console port, —or—...
Page 23
Introduction To access the Command Line Interface using the HyperTerminal application, perform the following steps: Click the Start button. STEP 1 Select All Programs > Accessories > Communications > HyperTerminal. STEP 2 Figure 1 Start > All Programs > Accessories > Communications > HyperTerminal Enter a name for this connection.
Page 24
Introduction Using Telnet over an Ethernet Interface Telnet provides a method of connecting to the Command Line Interface over an IP network. To establish a telnet session from the command prompt, perform the following steps: Click Start, then select All Programs > Accessories > Command Prompt to open a STEP 1 command prompt.
Introduction Editing Features Entering Commands A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the show interfaces status command show interfaces status Gigabitethernet 1, are keywords, Gigabitethernet is an argument that specifies the interface type, specifies the port.
Introduction Keyword Description Up-Arrow key Recalls commands in the history buffer, beginning with the most recent command. Ctrl+P Repeat the key sequence to recall successively older commands. Down-Arrow key Returns to more recent commands in the history buffer after recalling commands with the up-arrow key.
Page 27
Introduction Interface Naming Conventions Interface ID Within the CLI, interfaces are denoted by concatenating the following elements: • Type of interface: The following types of interfaces are found on the various types of devices: Fast Ethernet (10/100 bits) - This can be written as FastEthernet or fa. Gigabit Ethernet ports (10/100/1000 bits) - This can be written either Gigabit Ethernet or gi or GE.
Page 28
Introduction Sample of these various options are shown in the example below: console#configure console(config)#interface GigabitEthernet 1 console(config)#interface GE 1 console(config-if)#interface gi1 console(config)#interface FastEthernet 1 console(config)#interface fa1 console(config-if)#interface po1 console(config-if)# interface vlan 1 Interface Range Interfaces may be described on an individual basis or within a range. The interface range command has the following syntax: <interface-range>...
Introduction Range lists can contain either ports and port-channels or VLANs. Combinations of NOTE port/port-channels and VLANs are not allowed The space after the comma is optional. When a range list is defined, a space after the first entry and before the comma (,) must be entered.
Introduction CLI Command Conventions When entering commands there are certain command entry standards that apply to all commands. The following table describes the command conventions. Convention Description In a command line, square brackets indicate an optional entry. In a command line, curly brackets indicate a selection of compulsory parameters separated the | character.
Page 31
Introduction • The commands contain no encrypted data, like encrypted passwords or keys. Encrypted data cannot be copied and pasted into the device except for encrypted passwords where the keyword encrypted is used before the encrypted data (for instance in the enable password command). Layer 2 and Layer 3 The switch can operate in Switch mode (Layer 2) or Router mode (Layer 3).
User Interface Commands User Interface Commands enable The enable EXEC mode command enters the Privileged EXEC mode. Syntax privilege-level enable [ Parameters privilege-level—Specifies the privilege level at which to enter the system. (Range: 1, 7, 15) Default Configuration The default privilege level is 15. Command Mode EXEC mode Example...
User Interface Commands disable The disable Privileged EXEC mode command leaves the Privileged EXEC mode and returns to the User EXEC mode. Syntax privilege-level disable [ Parameters privilege-level—Reduces the privilege level to the specified privileged level. If privilege level is left blank, the level is reduce to 1. Default Configuration The default privilege level is 1.
User Interface Commands Default Configuration Command Mode EXEC mode Example The following example enters Privileged EXEC mode and logs in with username ‘admin’. Console> login User Name:admin Password:***** Console# configure The configure Privileged EXEC mode command enters the Global Configuration mode.
User Interface Commands exit (Configuration) The exit command exits any configuration mode to the next highest mode in the CLI mode hierarchy. Syntax exit Parameters Default Configuration Command Mode All commands in configuration modes. Examples The following examples change the configuration mode from Interface Configuration mode to Privileged EXEC mode.
User Interface Commands Default Configuration Command Mode EXEC mode Example The following example closes an active terminal session. Console> exit The end command ends the current configuration session and returns to the Privileged EXEC mode. Syntax Parameters Default Configuration Command Mode All configuration modes Example The following example ends the Global Configuration mode session and returns to...
User Interface Commands help The help command displays a brief description of the Help system. Syntax help Parameters Default Configuration Command Mode All command modes Example The following example describes the Help system. Console# help Help may be requested at any point in a command by entering a question mark '.
User Interface Commands history The history Line Configuration mode command enables saving commands that have been entered. Use the no form of this command to disable the command. Syntax history no history Parameters Default Configuration Enabled. Command Mode Line Configuration mode User Guidelines This command enables saving user-entered commands for a specified line.
User Interface Commands 2.10 history size The history size Line Configuration mode command changes the maximum number of user commands that are saved in the history buffer for a particular line. Use the no form of this command to reset the command history buffer size to the default value.
User Interface Commands 2.11 terminal history The terminal history EXEC mode command enables the command history function for the current terminal session, meaning it is not stored in the Running Configuration file. Use the no form of this command to disable the command. Syntax terminal history terminal no history...
User Interface Commands Parameters number-of-commands—Specifies the number of commands the system maintains in its history buffer. (Range: 10–207) Default Configuration The default configuration for all terminal sessions is defined by the history size Line Configuration mode command. Command Mode EXEC mode User Guidelines The terminal history size EXEC command changes the command history buffer size for the current terminal session.
User Interface Commands Default Configuration When printing, dumping is disabled and printing is paused every 24 lines. Command Mode EXEC mode User Guidelines By default, a More prompt is displayed when the output contains more than 24 lines. Pressing the Enter key displays the next line; pressing the Spacebar displays the next screen of output.
User Interface Commands Command Mode EXEC mode User Guidelines The buffer includes executed and unexecuted commands. Commands are listed from the first to the most recent command. The buffer remains unchanged when entering into and returning from configuration modes. Example The following example displays all the commands entered while in the current Privileged EXEC mode.
Page 44
User Interface Commands Default Configuration Command Mode EXEC mode Example The following example displays the privilege level for the user logged on. Console# show privilege Current privilege level is 15 2.16 The do command executes an EXEC-level command from Global Configuration mode or any configuration submode.
User Interface Commands gi1-39,Po1,Po2, other Required dynamicGvrp Required v0010 permanent Not Required V0011 gi1,gi3 permanent Required permanent Required gi1,gi3 permanent Required permanent Required gi1,gi4 permanent Required 4093 guest-vlan gi1,gi3 permanent Guest console(config)# 2.17 banner login Use the banner login command in Global Configuration mode to specify a message to be displayed before the username and password login prompts.
Page 46
User Interface Commands Command Mode Global Configuration mode User Guidelines Follow this command with one or more blank spaces and a delimiting character of your choice. Then enter one or more lines of text, terminating the message with the second occurrence of the delimiting character. Use tokens in the form of $(token) in the message text to customize the banner.
User Interface Commands When the login banner is executed, the user will see the following banner: You have entered host123.ourdomain.com 2.18 login-banner Use the login-banner command in Line Configuration mode to enable the display of login banners. Use the no form of this command to disable the display of login banners.
User Interface Commands 2.19 show banner Use the show banner commands in EXEC mode to display the banners that have been defined. Syntax show banner login Parameters Command Mode EXEC mode Examples console# show banner login ------------------------------------------------------------- Banner: Login Line SSH: Enabled Line Telnet: Enabled Line Console: Enabled 78-20269-01 Command Line Interface Reference Guide...
Macro Commands Macro Commands macro name There are two types of macros that can be created with the macro name Global Configuration mode command: • Global macros are macros that are simple a group of CLI commands that can be used at any time. •...
Page 50
Macro Commands Use the following guidelines to create a macro: • Use the macro name command to assign a name to the macro. • Enter one macro command per line. • Use the @ character to end the macro. • Use the # character at the beginning of a line to enter comment text within the macro.
Page 51
Macro Commands configuration modes within the macro by using commands such as exit, end, or interface-id interface . With few exceptions, there are other ways of executing macros in the various configuration modes. You can modify a macro by creating a new macro with the same name as the existing macro.
Macro Commands WORD <1-32> Keyword to replace with value e.g. $DUPLEX, $SPEED <cr> Switch<config-if> # macro apply duplex $DUPLEX ? WORD<1-32> First parameter value <cr> Switch<config-if> # macro apply duplex $DUPLEX full $SPEED ? WORD<1-32> Second parameter value Example 4 - The following example shows how to set the duplex mode of port gi 1 to full and to set its speed to 100 Mb/s.
Page 53
Macro Commands Default Configuration The command has no default setting. Command Mode Interface Configuration mode User Guidelines The macro apply Interface Configuration mode command hides the commands of the macro from the user while it is being run. For debugging purposes, the macro trace command displays the commands along with any errors which are generated by them as they are executed."...
Macro Commands Applying command… ‘speed 100’ Switch<config-if> # Example 2 - The following is an example of a macro being applied without the trace option. Switch(config) # interface gi2 Switch<config-if> # macro apply duplex $DUPLEX full $SPEED 100 Switch<config-if> # Example 3 - The following is an example of an incorrect macro being applied.
Page 55
Macro Commands Command Mode Interface Configuration mode User Guidelines When multiple macros are applied on a single interface, the description text is a concatenation of texts from a number of previously-applied macros. You can verify your setting by entering the show parser macro description privileged EXEC mode command.
Macro Commands macro global Use the macro global Global Configuration command to apply a macro to a switch or to apply and trace a macro configuration on a switch. Syntax apply | trace} macro-name [parameter-name1 {value}] macro global { [parameter-name2 {value}] [parameter -name3 {value} Parameters •...
Macro Commands If you apply a macro that contains keywords in its commands, the command fails if you do not specify the proper values for the keywords when you apply the macro. You can use the macro global apply macro-name with a '?' to display the help string for the macro keywords.
Macro Commands Default Configuration The command has no default setting. Command Mode Global Configuration mode User Guidelines When multiple global macros are applied to a switch, the global description text is a concatenation of texts from a number of previously applied macros. You can verify your settings by entering the show parser macro description privileged EXEC mode command.
Page 59
Example 1 - This is a partial output example from the show parser macro command. Switch# show parser macro Total number of macros = 6 -------------------------------------------------------------- Macro name : cisco-global Macro type : default global # Enable dynamic port error recovery for link state # failures <output truncated> --------------------------------------------------------------...
Page 60
Example 3 - This is an example of output from the show parser macro brief command. Switch# show parser macro brief default global : cisco-global default interface: cisco-desktop default interface: cisco-phone default interface: cisco-switch default interface: cisco-router customizable : snmp Example 4 - This is an example of output from the show parser macro description command.
RSA and Certificate Commands RSA and Certificate Commands crypto key generate dsa The crypto key generate dsa Global Configuration mode command generates DSA key pairs. Syntax crypto key generate dsa Default Configuration DSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs - one public DSA key and one private DSA key.
RSA and Certificate Commands Default Configuration RSA key paris do not exist. Command Mode Global Configuration mode User Guidelines RSA keys are generated in pairs - one public RSA key and one private RSA key. If the device already has RSA keys, a warning is displayed with a prompt to replace the existing keys with new keys.
RSA and Certificate Commands Example The following example displays the SSH public RSA keys on the device. Console# show crypto key mypubkey rsa RSA key data: 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 64CAB820 847EDAD9 DF0B4E4C 73A05DD2 BD62A8A9 FA603DD2 E2A8A6F8 98F76E28 D58AD221 B583D7A4 71020301 87685768 Fingerprint(Hex): 77:C7:19:85:98:19:27:96:C9:CC:83:C5:78:89:F8:86 Fingerprint(Bubble Babble): yteriuwt jgkljhglk yewiury hdskjfryt gfhkjglk...
Page 64
RSA and Certificate Commands • loc location—Specifies the location or city name. (Length: 1–64 characters) • st state—Specifies the state or province name. (Length: 1–64 characters) • cu country—Specifies the country name. (Length: 2 characters) • duration days—Specifies the number of days a certification is valid. (Range: 30–3650) Default Configuration The default certificate number is 1.
RSA and Certificate Commands Example The following example displays the certificate request for HTTPS. crypto certificate request Console# -----BEGIN CERTIFICATE REQUEST----- MIwTCCASoCAQAwYjELMAkGA1UEBhMCUFAxCzAJBgNVBAgTAkNDMQswCQYDVQQH EwRDEMMAoGA1UEChMDZGxkMQwwCgYDVQQLEwNkbGQxCzAJBgNVBAMTAmxkMRAw DgKoZIhvcNAQkBFgFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ecwQ HdML0831i0fh/F0MV/Kib6Sz5p+3nUUenbfHp/igVPmFM+1nbqTDekb2ymCu6K aKvEbVLF9F2LmM7VPjDBb9bb4jnxkvwW/wzDLvW2rsy5NPmH1QVl+8Ubx3GyCm /oW93BSOFwxwEsP58kf+sPYPy+/8wwmoNtDwIDAQABoB8wHQYJKoZIhvcNAQkH MRDjEyMwgICCAgICAICAgIMA0GCSqGSIb3DQEBBAUAA4GBAGb8UgIx7rB05m+2 m5ZZPhIwl8ARSPXwhVdJexFjbnmvcacqjPG8pIiRV6LkxryGF2bVU3jKEipcZa g+uNpyTkDt3ZVU72pjz/fa8TF0n3 -----END CERTIFICATE REQUEST----- CN= router.gm.com 0= General Motors C= US crypto certificate import The crypto certificate import Global Configuration mode command imports a certificate signed by a Certification Authority for HTTPS.
Page 67
RSA and Certificate Commands Command Mode Global Configuration mode User Guidelines To end the session, use a blank line. The imported certificate must be based on a certificate request created by the crypto certificate request privileged EXEC command. If the public key found in the certificate does not match the device's SSL RSA key, the command fails.
System Management Commands System Management Commands ping Use the ping EXEC mode command to send ICMP echo request packets to another node on the network. Syntax ping [ip] {ipv4-address | hostname} [size packet_size] [count packet_count] [timeout time_out] {ipv6-address | hostname} [size packet_size] [count packet_count] ping ipv6 [timeout time_out] Parameters...
Page 71
System Management Commands User Guidelines Press Esc to stop pinging. Following are sample results of the ping command: • Destination does not respond—If the host does not respond, a “no answer from host” appears within 10 seconds. • Destination unreachable—The gateway for this destination indicates that the destination is unreachable.
Page 72
System Management Commands ----10.1.1.1 PING Statistics---- 4 packets transmitted, 4 packets received, 0% packet loss round-trip (ms) min/avg/max = 7/8/11 Example 2 - Ping a site. Console> ping ip yahoo.com Pinging yahoo.com [66.218.71.198] with 64 bytes of data: 64 bytes from 10.1.1.1: icmp_seq=0. time=11 ms 64 bytes from 10.1.1.1: icmp_seq=1.
System Management Commands 64 bytes from 3003::33: icmp_seq=1. time=70 ms 64 bytes from 3003::11: icmp_seq=2. time=0 ms 64 bytes from 3003::55: icmp_seq=1. time=1050 ms 64 bytes from 3003::33: icmp_seq=2. time=70 ms 64 bytes from 3003::55: icmp_seq=2. time=1050 ms 64 bytes from 3003::11: icmp_seq=3. time=0 ms 64 bytes from 3003::33: icmp_seq=3.
Page 74
System Management Commands • hostname—Hostname of the destination host. (Range: 1–160 characters. Maximum label size: 63) • packet_size size —Number of bytes in the packet not including the VLAN tag. The default is 64 bytes. (IPv4:64-1518, IPv6: 68-1518) • max-ttl —The largest TTL value that can be used.
Page 75
System Management Commands The traceroute command terminates when the destination responds, when the maximum TTL is exceeded, or when the user interrupts the trace with Esc. The traceroute command is not relevant to IPv6 link local addresses. Example Router> traceroute ip umaxp1.physics.lsa.umich.edu Type Esc to abort.
System Management Commands The following are characters that can appear in the traceroute command output: Field Description The probe timed out. Unknown packet type. Administratively unreachable. Usually, this output indicates that an access list is blocking traffic. Fragmentation required and DF is set. Host unreachable.
Page 77
System Management Commands • keyword—Specifies the one or more keywords listed in the Keywords table in the User Guidelines. Default Configuration The default port is the Telnet port (23) on the host. By default, Telnet is disabled. Command Mode EXEC mode User Guidelines Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating...
Page 78
System Management Commands ^^ H sends telnet EC ^^ O sends telnet AO ^^ T sends telnet AYT ^^ U sends telnet EL ?/help suspends the session (return to system command prompt) Several concurrent Telnet sessions can be opened, enabling switching between the sessions.
Page 79
System Management Commands Keyword Description Port Number Remote commands daytime Daytime discard Discard domain Domain Name Service echo Echo exec Exec finger Finger File Transfer Protocol ftp-data FTP data connections gopher Gopher hostname NIC hostname server ident Ident Protocol Internet Relay Chat klogin Kerberos login kshell...
System Management Commands Keyword Description Port Number syslog Syslog tacacs TAC Access Control System talk Talk telnet Telnet time Time uucp Unix-to-Unix Copy Program whois Nickname World Wide Web Example The following example displays logging in to IP address 176.213.10.50 via Telnet. Console>...
System Management Commands Example The following command switches to open Telnet session number 1. Console> resume hostname The hostname Global Configuration mode command specifies or modifies the device host name. Use the no form of the command to remove the existing host name.
System Management Commands Syntax reload Parameters Default Usage Command Mode Privileged EXEC mode Example The following example reloads the operating system. Console# reload This command will reset the whole system and disconnect your current session. Do you want to continue? (y/n) [n] service cpu-utilization The service cpu-utilization Global Configuration mode command enables measuring CPU utilization.
System Management Commands Command Mode Global Configuration mode User Guidelines Use the service cpu utilization command to measure information on CPU utilization. Example The following example enables measuring CPU utilization. Console(config)# service cpu-utilization show cpu utilization The show cpu utilization Privileged EXEC mode command displays information about CPU utilization.
System Management Commands Console# show cpu utilization CPU utilization service is on. CPU utilization -------------------------------------------------- five seconds: 5%; one minute: 3%; five minutes: 3% show users The show users EXEC mode command displays information about the active users. Syntax show users Parameters Default Usage Command Mode...
System Management Commands Example The following example displays information about the active users. Console# show users Username Protocol Location ---------- ----------- ------------ Serial John 172.16.0.1 Robert HTTP 172.16.0.8 Betty Telnet 172.16.1.7 172.16.1.6 5.10 show sessions The show sessions EXEC mode command displays open Telnet sessions. Syntax show sessions Parameters...
System Management Commands Example The following example displays open Telnet sessions. Console# show sessions Connection Host Address Port Byte ---------- ------------- ---------- ----- ---- Remote router 172.16.1.1 172.16.1.2 172.16.1.2 The following table describes significant fields shown above. Field Description Connection The connection number.
System Management Commands Example The following example displays the system information. console# show system switch151400(config)#exit switch151400#show system System Description: 20-port Gigabit Managed Switch System Up Time (days,hour:min:sec): 03,02:27:46 System Contact: System Name: switch151400 System Location: System MAC Address: 00:24:ab:15:14:00 System Object ID: 1.3.6.1.4.1.9.6.1.83.20.1 5.12 show version...
System Management Commands console > show version SW Version 1.1.0.5 ( date 15-Sep-2010 time 10:31:33 ) Boot Version 1.1.0.2 ( date 04-Sep-2010 time 21:51:53 ) HW Version 5.13 show version md5 Use the show version md5 EXEC mode command to display external MD5 digest of firmware.
System Management Commands 5.14 system resources routing The system resources routing Global Configuration mode command configures the routing table maximum size. Use the no form of this command to return to the default size. Syntax routes hosts interfaces system resources routing no system resources routing Parameters •...
System Management Commands 5.15 show system resources The show system resources routings EXEC mode command displays system routing and tcam resource information. Syntax routing tcam show system resources { Parameters routing—Displays the number of hosts, routers and IP interfaces that are available. tcam—Displays the number of TCAM rules that are available.
System Management Commands TCAM resources -------------- Maximum number of miscellaneous TCAM rules: Used number of miscellaneous TCAM rules: Maximum number of routing TCAM rules: Used number of routing TCAM rules: 5.16 set system mode The set system mode Privileged EXEC mode command puts the device into switch mode (Layer 2 mode) or router mode (Layer 3 mode).
System Management Commands 5.17 show system mode The show system mode EXEC mode command displays information on features control. Syntax show system mode Parameters Default Usage Command Mode EXEC mode Example The following example displays system mode information. Console> show system mode Feature State -------------------...
System Management Commands Parameters Default Usage Command Mode EXEC mode Example The following example displays the languages configured on the device. Number of Sections indicates the number of languages permitted on the device. Console> show system languages Language Name Unicode Name Code Num of Sections --------------- -------------- ------...
System Management Commands Example The following example displays TCAM utilization information. Console> show system tcam utilization TCAM utilization: 58% 5.20 show services tcp-udp Use the show services tcp-udp Privileged EXEC mode command to display information about the active TCP and UDP services. Syntax show services tcp-udp Parameters...
System Management Commands TCP6 fe80::200:b0ff:fe00:0-23 Telnet fe80::200:b0ff:fe00:0-8999 ESTABLISHED All:161 SNMP UDP6A ll-161 SNMP 5.21 show system id The show system id EXEC mode command displays the system identity information. Syntax show system id Parameters There are no parameters for this command. Command Mode EXEC mode Example...
Page 96
System Management Commands User Guidelines Example The following example displays CPU input rate information. Console# show cpu input rate Input Rate to CPU is 1030 pps. 78-20269-01 Command Line Interface Reference Guide...
Clock Commands Clock Commands clock set The clock set Privileged EXEC mode command manually sets the system clock. Syntax day month month day year clock set ] | [ Parameters • —Specifies the current time in hours (military format), minutes, hh:mm:ss and seconds.
Clock Commands Syntax clock source {sntp} no clock source Parameters sntp—Specifies that an SNTP server is the external clock source. Default Configuration There is no external clock source. Command Mode Global Configuration mode Example The following example configures an SNTP server as an external time source for the system clock.
Clock Commands Default Configuration Offsets are 0. Acronym is empty. Command Mode Global Configuration mode User Guidelines The system internally keeps time in UTC, so this command is used only for display purposes and when the time is manually set. Example console(config)# clock timezone abc +2 minutes 32 clock summer-time...
Page 100
Clock Commands • recurring—Indicates that summer time starts and ends on the corresponding specified days every year. • date—Indicates that summer time starts on the first date listed in the command and ends on the second date in the command. •...
Clock Commands Time: 2 AM local time • Before 2007: Start: First Sunday in April End: Last Sunday in October Time: 2 AM local time EU rules for Daylight Saving Time: • Start: Last Sunday in March • End: Last Sunday in October •...
Clock Commands User Guidelines The TimeZone taken from the DHCP server has precedence over the static TimeZone. If the TimeZone does not exist in the DHCP-TimeZone option, the static configuration should be active. The Summer Time taken from the DHCP server has precedence over static SummerTime.
Clock Commands User Guidelines The command is relevant for both unicast and broadcast. Examples The following example enables authentication for received SNTP traffic and sets the key and encryption key. Console(config)# sntp authenticate device (config)# sntp authentication-key 8 md5 ClkKey device (config)# sntp trusted-key 8 device...
Clock Commands Examples The following example authenticates key 8. Console(config)# sntp trusted-key Device(config)# sntp authentication-key 8 md5 ClkKey Device(config)# sntp trusted-key 8 Device(config)# sntp authenticate sntp broadcast client enable The sntp broadcast client enable Global Configuration mode command enables Simple Network Time Protocol (SNTP) Broadcast clients. Use the no form of this command to disable SNTP Broadcast clients.
Clock Commands 6.10 sntp unicast client enable The sntp unicast client enable Global Configuration mode command enables the device to use Simple Network Time Protocol (SNTP)-predefined Unicast clients. Use the no form of this command to disable the SNTP Unicast clients. Syntax sntp unicast client enable no sntp unicast client enable...
Page 107
Clock Commands Syntax ipv4-address ipv6-address ipv6z-address hostname poll sntp server { keyid ipv4-address ipv6-address ipv6z-address hostname no sntp server { Parameters • ipv4-address—Specifies the server IPv4 address. • ipv6-address—Specifies the server IPv6 address. A Link Local address (IPv6Z address) can be defined. •...
Clock Commands Command Mode Global Configuration mode User Guidelines Up to 8 SNTP servers can be defined. sntp unicast client enable Global Configuration mode command enables predefined Unicast clients. sntp server Global Configuration mode command globally enables polling. The format of an IPv6Z address is: < ipv6-link-local-address>%<interface-name >.
Page 109
Clock Commands Syntax detail show clock [ Parameters detail—Displays the TimeZone and SummerTime configuration. Command Mode EXEC mode Example The following example displays the system time and date. Console> show clock 15:29:03 PDT(UTC-7) Jun 17 2002 Time source is SNTP Console>...
Clock Commands DHCP timezone: Disabled Device> show clock detail 15:29:03 PDT(UTC-7) Jun 17 2002 Time source is SNTP Timezone (DHCP): Acronym is PST Offset is UTC-8 Timezone (static): Acronym is PST Offset is UTC-8 Summertime (Static): Acronym is PDT Recurring every year. Begins at first Sunday of April at 2:00.
Clock Commands Default Configuration Command Mode Privileged EXEC mode Example The following example displays the device’s current SNTP configuration. console# show sntp configuration SNTP port : 123 . Polling interval: 1024 seconds. No MD5 authentication keys. Authentication is not required for synchronization. No trusted keys.
Clock Commands Parameters Default Configuration Command Mode Privileged EXEC mode Example The following example displays the SNTP servers status. Console# show sntp status Clock is synchronized, stratum 4, reference is 176.1.1.8, unicast Reference time is AFE2525E.70597B34 (00:10:22.438 PDT Jul 5 1993) Unicast servers: Server Status...
Page 113
Clock Commands Broadcast: Server Interface Last response --------- --------- ----------------- 176.9.1.1 VLAN 119 19:17:59.792 PDT Feb 19 2002 78-20269-01 Command Line Interface Reference Guide...
Configuration and Image File Commands Configuration and Image File Commands copy The copy Privileged EXEC mode command copies a source file to a destination file. Syntax copy source-url destination-url [snmp] Parameters • source-url—Specifies the source file URL or source file reserved keyword to be copied.
Page 115
Configuration and Image File Commands Keyword Source or Destination xmodem: Source for the file from a serial connection that uses the Xmodem protocol. null: Null destination for copies or files. A remote file can be copied to null to determine its size. For instance copy running-conf null returns the size of the running configuration file.
Page 116
Configuration and Image File Commands If the egress interface is not specified, the default interface is selected. The following combinations are possible: • ipv6_address%interface_id - Refers to the IPv6 address on the interface specified. • ipv6_address%0 - Refers to the IPv6 address on the single interface on which an IPv6 address is defined.
Page 117
Configuration and Image File Commands Copying a Boot File from a Server to Flash Memory source-url Use the copy boot command to copy a boot file from a server to flash memory. Copying a Configuration File from a Server to the Startup Configuration source-url Use the copy startup-config command to copy a configuration file from...
Page 118
Configuration and Image File Commands !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ! [OK] Copy took 0:01:11 [hh:mm:ss] Example 2 - Copying an Image from a Server to Flash Memory The following example copies a system image named file1 from the TFTP server with an IP address of 172.16.101.101 to a non-active image file. console# copy tftp://172.16.101.101/file1 flash://image Accessing file 'file1' on 172.16.101.101...
Configuration and Image File Commands write memory Use the write memory Privileged EXEC mode command to save the Running Configuration file to the Startup Configuration file. Syntax write memory Parameters Default Configuration Command Mode Privileged EXEC mode Examples The following example copies system image file1 from the TFTP server 172.16.101.101 to a non-active image file.
Configuration and Image File Commands write Use the write Privileged EXEC mode command to save the running configuration to the startup configuration file. Syntax write Parameters Default Configuration Command Mode Privileged EXEC mode Examples The following example copies system image file1 from the TFTP server 172.16.101.101 to a non-active image file.
Configuration and Image File Commands Parameters url—Specifies the location URL or reserved keyword of the file to be deleted. (Length: 1–160 characters) The following table displays keywords and URL prefixes: Keyword Source or Destination flash:// URL of the flash memory. This is the default URL if a URL is specified without a prefix.
Page 122
Configuration and Image File Commands Parameters Default Configuration Command Mode Privileged EXEC mode Example The following example displays the list of files on a flash file system Total size of flash: 33292288 bytes Free size of flash: 20708893 bytes console# dir Directory of flash: File Name Permission...
Configuration and Image File Commands more The more Privileged EXEC mode command displays a file. Syntax more Parameters url—Specifies the location URL or reserved keyword of the source file to be displayed. (Length: 1–160 characters). The following table displays options for the URL parameter: Keyword Source or Destination flash://...
Configuration and Image File Commands interface range gi1-48 speed 1000 exit no lldp run line console exec-timeout 0 boot system The boot system Privileged EXEC mode command specifies the active system image file that is loaded by the device at startup. Syntax {image-1 | image-2} boot system...
Configuration and Image File Commands show bootvar Use the show bootvar EXEC mode command to display the active system image file that is loaded by the device at startup. Syntax show bootvar Parameters Command Mode EXEC mode Example The following example displays the active system image file that is loaded by the device at startup.
Page 126
Configuration and Image File Commands Parameters interface interface-id-list —Specifies a list of interface IDs. The interface IDs can be one of the following types: Ethernet port, Port-channel or VLAN. Command Mode Privileged EXEC mode User Guidelines The Running Configuration file does not contain all the information that can be displayed in the output.
Page 127
Configuration and Image File Commands duplex half speed 10 flowcontrol on negotiation 10h 100h 100f dot1x max-req 8 description "Hello World String" lacp timeout short lacp port-priority 1234 garp timer join 100 garp timer leave 300 port security max 111 port security mode max-addresses spanning-tree disable spanning-tree portfast auto...
Configuration and Image File Commands interface fastethernet 2 ip address 1.100.100.100 255.0.0.0 switchport mode trunk switchport general map macs-group 1 vlan 111 switchport general map subnets-group 1 vlan 113 switchport general map protocols-group 1 vlan 112 switchport general ingress-filtering disable switchport general acceptable-frame-type untagged-only switchport general pvid 111 switchport trunk native vlan 22...
Page 129
Configuration and Image File Commands Example Example 1 - The following example displays the Startup Configuration file contents. Console# show startup-config no spanning-tree interface range gi1-48 speed 1000 exit no lldp run interface vlan 1 ip address 1.1.1.1 255.0.0.0 exit line console exec-timeout 0 exit...
Page 130
Configuration and Image File Commands garp timer join 100 garp timer leave 300 port security max 111 port security mode max-addresses spanning-tree disable spanning-tree portfast auto spanning-tree link-type point-to-point spanning-tree cost 200000 spanning-tree port-priority 224 spanning-tree guard root spanning-tree mst 2 port-priority 64 spanning-tree mst 2 cost 2222 spanning-tree mst 4 port-priority 80 qos cos 6...
Page 131
Configuration and Image File Commands switchport general pvid 111 switchport trunk native vlan 22 78-20269-01 Command Line Interface Reference Guide...
Auto-Configuration Auto-Configuration boot host auto-config Use the boot host auto-config Global Configuration mode command to enable auto configuration via DHCP. Use the no form of this command to disable DHCP auto configuration. Syntax boot host auto-config no boot host auto-config Parameters Default Configuration Enabled by default.
Auto-Configuration Parameters Default Configuration Command Mode Privilege EXEC mode Examples console# show boot Auto Config ----------- Config Download via DHCP: enabled Next Boot Config Download via DHCP: default ip dhcp tftp-server ip address Use the ip dhcp tftp-server ip address Global Configuration mode command to set the TFTP server’s IP address.
Auto-Configuration Command Mode Global Configuration mode Examples console(conf)# ip dhcp tftp-server ip address 10.5.234.232 ip dhcp tftp-server file Use the ip dhcp tftp-server file Global Configuration mode command to set the full file name of the configuration file to be downloaded on the TFTP server when it has not been received from the DHCP server.
Auto-Configuration Syntax show ip dhcp tftp-server Parameters Default Configuration Command Mode EXEC Example console# show ip dhcp tftp server tftp server address active 1.1.1.1 from sname manual 2.2.2.2 file path on tftp server active conf/conf-file from option 67 ip dhcp information option Use the ip dhcp information option Global Configuration command to enable DHCP option-82 data insertion.
Auto-Configuration Command Mode Global Configuration mode User Guidelines DHCP option 82 would be enabled only if DHCP snooping or DHCP relay are enabled. Example console(config)# ip dhcp information option show ip dhcp information option The show ip dhcp information option EXEC mode command displays the DHCP Option 82 configuration.
Management ACL Commands Management ACL Commands management access-list The management access-list Global Configuration mode command configures a management access list (ACL) and enters the Management Access-List Configuration command mode. Use the no form of this command to delete an ACL Syntax name management access-list...
Management ACL Commands Example Example 1 - The following example creates a management access list called mlist, configures management gi1 and gi9, and makes the new access list the active list. Console(config)# management access-list mlist Console(config-macl)# permit gi1 Console(config-macl)# permit gi9 Console(config-macl)# exit Console(config)#...
Management ACL Commands Parameters • interface-id:—Specify an interface ID. The interface ID can be one of the following types: Ethernet port, Port-channel or VLAN • service service — Specifies the service type. Possible values are: Telnet, SSH, HTTP, HTTPS and SNMP. •...
Page 140
Management ACL Commands Syntax [interface-id] [service service] deny {ipv4-address | ipv6-address/ipv6-prefix-length} [mask {mask | deny ip-source prefix-length}] [interface-id] [service service] Parameters • interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port, Port-channel or VLAN •...
Management ACL Commands management access-class The management access-class Global Configuration mode command restricts management connections by defining the active management access list (ACL). To disable management connection restrictions, use the no form of this command. Syntax name management access-class {console-only | no management access-class Parameters •...
Management ACL Commands Parameters name—Specifies the name of a management access list to be displayed. (Length: 1–32 characters) Default Configuration All management ACLs are displayed. Command Mode Privileged EXEC mode Example The following example displays the mlist management ACL. Console# mlist show management access-list console-only...
Page 143
Management ACL Commands Command Mode Privileged EXEC mode Example The following example displays the active management ACL information. Console# show management access-class Management access-class is enabled, using access list mlist 78-20269-01 Command Line Interface Reference Guide...
Network Management Protocol (SNMP) Commands Network Management Protocol (SNMP) Commands 10.1 snmp-server Use the snmp-server server Global Configuration mode command to enable the device to be configured by SNMP. Use the no form of this command to disable this function. Syntax snmp-server server no snmp-server server...
Page 145
Network Management Protocol (SNMP) Commands string [ipv4-address| ipv6-address] no snmp-server community Parameters • string—Community string that acts like a password and permits access to the SNMP protocol. (Range: 1–20 characters) • ro—Specifies read-only access (default) • rw—Specifies read-write access • su—Specifies SNMP administrator access •...
Page 146
Network Management Protocol (SNMP) Commands • group-name—Specifies the name of a group that should be configured using the command snmp-server group with v1 or v2 parameter (no specific order of the two command configurations is imposed on the user). The group defines the objects available to the community.
Network Management Protocol (SNMP) Commands The Type keyword is used for a different purpose. Therefore, when defining an SNMP community, the administrator must indicate which tables are being configured. If Type is router, it means that the device's tables are being configured. Example console(config)# snmp-server community abcd su 1.1.1.121 mask 255.0.0.0 console(config)# snmp-server community-group tom abcd 1.1.1.122 prefix 8...
Network Management Protocol (SNMP) Commands Command Mode Global Configuration mode User Guidelines This command can be entered multiple times for the same view record. The command logical key is the pair (view-name, oid-tree). The number of views is limited to 64. Default and DefaultSuper views are reserved for internal software use and cannot be deleted or modified.
Page 149
Network Management Protocol (SNMP) Commands • v3—Specifies the SNMP Version 3 security model. • noauth—Specifies no packet authentication. Applicable only to the SNMP version 3 security model. • auth—Specifies packet authentication without encryption. Applicable only to the SNMP version 3 security model. •...
Network Management Protocol (SNMP) Commands snmp-server group v3 priv read Console(config)# user-group user-view 10.5 snmp-server user Use the snmp-server user Global Configuration mode command to configure a new SNMP Version 3 user. Use the no form of the command to remove a user. Syntax username groupname {v1 | v2c | [ -host] v3 [...
Page 151
Network Management Protocol (SNMP) Commands Command Mode Global configuration User Guidelines If auth md5 or auth sha is specified, both authentication and privacy are enabled for the user. When you enter a show running-config command, you do not see a line for this user.
Network Management Protocol (SNMP) Commands The SNMPv3 database will be erased. Do you wish to continue? [Y/N] console(config)# snmp-server user tom acbd v3 10.6 snmp-server filter The snmp-server filter Global Configuration mode command creates or updates a Simple Network Management Protocol (SNMP) server filter entry. Use the no form of this command to remove the specified SNMP server filter entry.
Network Management Protocol (SNMP) Commands User Guidelines This command can be entered multiple times for the same filter record. If an object identifier is included in two or more lines, later lines take precedence. The command's logical key is the pair (filter-name, oid-tree). Example The following example creates a filter that includes all objects in the MIB-II system group except for sysServices (System 7) and all objects for interface 1 in the...
Page 154
Network Management Protocol (SNMP) Commands • informs—Sends SNMP informs to this host. Not applicable to SNMPv1. • 1—SNMPv1 traps are used. • 2c—SNMPv2 traps are used • 3—SNMPv2 traps are used • community-string—Password-like community string sent with the notification operation. (Range: 1–20 characters) •...
Network Management Protocol (SNMP) Commands • engineid-string—The character string that identifies the engine ID. The engine ID is a concatenated hexadecimal string. Each byte in hexadecimal character strings is two hexadecimal digits. Each byte can be separated by a period or colon. If the user enters an odd number of hexadecimal digits, the system automatically prefixes the hexadecimal string with a zero.
Network Management Protocol (SNMP) Commands Syntax snmp-server enable traps no snmp-server enable traps Default Configuration SNMP traps are enabled. Command Mode Global Configuration mode Example The following example enables SNMP traps. Console(config)# snmp-server enable traps 10.10 snmp-server trap authentication Use the snmp-server trap authentication Global Configuration mode command to enable the device to send SNMP traps when authentication fails.
Network Management Protocol (SNMP) Commands 10.11 snmp-server contact Use the snmp-server contact Global Configuration mode command to configure the system contact (sysContact) string. Use the no form of the command to remove the system contact information. Syntax text snmp-server contact no snmp-server contact Parameters text—Specifies the string describing system contact information.
Network Management Protocol (SNMP) Commands Command Mode Global Configuration mode Example The following example defines the device location as New_York. Console(config)# snmp-server location New_York 10.13 snmp-server set Use the snmp-server set Global Configuration mode command to define the SNMP MIB value. Syntax variable-name name value name2 value2...
Network Management Protocol (SNMP) Commands Example The following example configures the scalar MIB sysName with the value TechSupp. Console(config)# sysName sysname TechSupp snmp-server set 10.14 show snmp Use the show snmp Privileged EXEC mode command to display the SNMP status. Syntax show snmp Command Mode...
Network Management Protocol (SNMP) Commands Target Address Type Community Version Filter Retries Port Name ----------- ---- -------- ------- ---- ------ ------- 192.122.173.42 Trap public 192.122.173.42 Inform public Version 3 notifications Target Address Type Username Security Filter Retries Level Port name ----------- ---- --------...
Network Management Protocol (SNMP) Commands Example The following example displays the SNMP engine ID. Console # show snmp engineID Local SNMP engineID: 08009009020C0B099C075878 IP address Remote SNMP engineID ----------- ------------------------------- 172.16.1.1 08009009020C0B099C075879 10.16 show snmp views Use the show snmp views Privileged EXEC mode command to display the configured SNMP views.
Network Management Protocol (SNMP) Commands 10.17 show snmp groups Use the show snmp groups Privileged EXEC mode command to display the configured SNMP groups. Syntax groupname show snmp groups [ Parameters groupname—Specifies the group name. (Length: 1–30 characters) Command Mode Privileged EXEC mode Example The following example displays the configured SNMP groups.
Network Management Protocol (SNMP) Commands Field Description Views Read View name enabling viewing the agent contents. If unspecified, all objects except the community-table and SNMPv3 user and access tables are available. Write View name enabling data entry and managing the agent contents. Notify View name enabling specifying an inform or a trap.
Network Management Protocol (SNMP) Commands 10.19 show snmp users Use the show snmp users Privileged EXEC mode command to display the configured SNMP users. Syntax username show snmp users [ Parameters username—Specifies the user name. (Length: 1–30 characters) Command Mode Privileged EXEC mode Example The following example displays the configured SNMP users.
Web Server Commands Web Server Commands 11.1 ip http server The ip http server Global Configuration mode command enables configuring and monitoring the device from a web browser. Use the no form of this command to disable this function. Syntax ip http server no ip http server Default Configuration...
Web Server Commands http-only —The timeout is specified only for http https-only— The timeout is specified only for https Default Configuration 600 seconds Command Mode Global Configuration mode User Guidelines This command also configures the timeout-policy for HTTPS. To specify no timeout, enter the ip http timeout-policy 0 command. Example The following example configures the http timeout to be 1000 seconds.
Web Server Commands Command Mode Global Configuration mode User Guidelines Use the crypto certificate generate command to generate an HTTPS certificate. Example console(config)# ip http secure-server 11.4 ip https certificate The ip https certificate Global Configuration mode command configures the active certificate for HTTPS.
Web Server Commands Console(config)# ip https certificate 11.5 show ip http The show ip http EXEC mode command displays the HTTP server configuration. Syntax show ip http Command Mode EXEC mode Example The following example displays the HTTP server configuration. Console# show ip http HTTP server enabled...
Page 170
Web Server Commands Console# show ip https HTTPS server enabled Port: 443 Interactive timeout: Follows the HTTP interactive timeout (10 minutes) Certificate 1 is active Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by: self-signed...
Teletype Network (Telnet), Secure Shell (SSH) and Secure Login (Slogin) Commands Teletype Network (Telnet), Secure Shell (SSH) and Secure Login (Slogin) Commands 12.1 ip telnet server The ip telnet server Global Configuration mode command enables the device to be configured from a Telnet server. Use the no form of this command to disable the device configuration from a Telnet server.
Teletype Network (Telnet), Secure Shell (SSH) and Secure Login (Slogin) Commands no ip ssh server Default Configuration Device configuration from an SSH server is disabled. Command Mode Global Configuration mode User Guidelines If encryption keys are not generated, the SSH server is in standby until the keys are generated.
Teletype Network (Telnet), Secure Shell (SSH) and Secure Login (Slogin) Commands Command Mode SSH Public Key-string Configuration mode User Guidelines Follow this command with the key-string SSH Public Key-String Configuration mode command to specify the key. Please note that after entering this command, the existing key is deleted even if no new key is defined by the key-string command Example The following example enables manually configuring an SSH public key for SSH...
Page 174
Teletype Network (Telnet), Secure Shell (SSH) and Secure Login (Slogin) Commands Command Mode SSH Public Key-string Configuration mode User Guidelines Use the key-string SSH Public Key-string Configuration mode command without the row parameter to specify which SSH public key is to be interactively configured next.
Teletype Network (Telnet), Secure Shell (SSH) and Secure Login (Slogin) Commands Command Mode Privileged EXEC mode Example The following examples display SSH public keys stored on the device. Console# show crypto key pubkey-chain ssh Username -------- john Fingerprint ----------------------------------------------- 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 98:F7:6E:28:F2:79:87:C8:18:F8:88:CC:F8:89:87:C8 Console# show crypto key pubkey-chain ssh username...
Page 178
Teletype Network (Telnet), Secure Shell (SSH) and Secure Login (Slogin) Commands Command Mode Privileged EXEC mode Example The following example displays the SSH server configuration. Console# show ip ssh SSH server enabled. Port: 22 RSA key was generated. DSA (DSS) key was generated. SSH Public Key Authentication is enabled.
Line Commands Line Commands 13.1 line The line Global Configuration mode command identifies a specific line for configuration and enters the Line Configuration command mode. Syntax line {console | telnet | ssh} Parameters • console—Enters the console terminal line mode. •...
Line Commands Parameters bps—Specifies the baud rate in bits per second (bps). Possible values are 2400, 4800, 9600, 19200, 38400, 57600, and 115200. Default Configuration The default speed is 115200 bps. Command Mode Line Configuration (console) mode User Guidelines The configured speed is applied when Autobaud is disabled. This configuration applies to the current session only.
Line Commands User Guidelines To start communication using Autobaud, press the Enter key twice. Example The following example enables autobaud. Console(config)# line console Console(config-line)# autobaud 13.4 exec-timeout The exec-timeout Line Configuration mode command sets the session idle time interval, during which the system waits for user input before automatic logoff. Use the no form of this command to restore the default configuration.
Line Commands 13.5 show line The show line EXEC mode command displays line parameters. Syntax [console | telnet | ssh] show line Parameters • console—Displays the console configuration. • telnet—Displays the Telnet configuration. • ssh—Displays the SSH configuration. Default Configuration If the line is not specified, all line configuration parameters are displayed.
Bonjour Commands Bonjour Commands 14.1 bonjour enable Use the bonjour enable Global Configuration mode command to enable Bonjour globally. Use the no format of the command to disable globally. Syntax bonjour enable no bonjour enable. Default Configuration Enable Command Mode Global Configuration mode Examples console(conf)# bonjour enable...
Bonjour Commands Default Configuration The list is empty. Command Mode Global Configuration mode User Guidelines This command can only be used if the device is in Layer 3 (router) mode. Examples console(config)# bonjour interface range gi1-3 14.3 show bonjour Use the show bonjour Privileged EXEC mode command to show Bonjour information Syntax interface-id...
Page 186
Bonjour Commands Bonjour status: enabled L2 interface status: Up IP Address: 10.5.226.46 Service Admin Status Oper Status ------- ------------------ -------------- csco-sb enabled enabled http enabled enabled https enabled disabled enabled disabled telnet enabled disabled Layer 3: # show bonjour console Bonjour global status: enabled Bonjour L2 interfaces port list: vlans 1 Service Admin Status...
Authentication, Authorization and Accounting (AAA) Commands Authentication, Authorization and Accounting (AAA) Commands 15.1 aaa authentication login The aaa authentication login Global Configuration mode command sets one or more authentication methods to be applied during login. The list of authentication methods may be assigned a list name, and this list name can be used in authentication login aaa authentication enable.
Authentication, Authorization and Accounting (AAA) Commands Default Configuration The local user database is the default authentication method. This is the same as entering the command aaa authentication login local. If an authentication method is not defined, console users can log in without any NOTE authentication verification.
Page 189
Authentication, Authorization and Accounting (AAA) Commands Syntax {default | list-name method method2 aaa authentication enable ...] {default | list-name no aaa authentication enable Parameters • default—Uses the listed authentication methods that follow this argument as the default method list, when accessing higher privilege levels. •...
Authentication, Authorization and Accounting (AAA) Commands User Guidelines list-name method1 Create a list by entering the aaa authentication enable [method2...] command where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.
Authentication, Authorization and Accounting (AAA) Commands Parameters method [method2...]—Specifies a list of methods that the authentication algorithm tries, in the given sequence. The additional authentication methods are used only if the previous method returns an error, not if it fails. Specify none as the final method in the command line to ensure that the authentication succeeds, even if all methods return an error.
Page 192
Authentication, Authorization and Accounting (AAA) Commands Syntax show authentication methods Parameters Default Configuration Command Mode Privileged EXEC mode Example The following example displays the authentication configuration. Console# show authentication methods Login Authentication Method Lists --------------------------------- Default: Radius, Local, Line Console_Login: Line, None Enable Authentication Method Lists ---------------------------------- Default: Radius, Enable...
Authentication, Authorization and Accounting (AAA) Commands Line Login Method Enable Method List List -------------- ------------------ ----------------- Console Console_Enable Console_Login Telnet Default Default Default Default HTTP: Radius, local HTTPS: Radius, local Dot1x: Radius 15.5 password The password Line Configuration mode command specifies a password on a line, also known as access method, such as a console or Telnet.
Authentication, Authorization and Accounting (AAA) Commands Example The following example specifies the password ‘secret’ on a console. Console(config)# line console Console(config-line)# secret password 15.6 enable password Use the enable password Global Configuration mode command to set a local password to control access to normal and privilege levels. Use the no form of this command to return to the default password.
Authentication, Authorization and Accounting (AAA) Commands Default Configuration Default for level is 15. Passwords are encrypted by default. Command Mode Global Configuration mode User Guidelines Passwords are encrypted by default. You only are required to use the encrypted keyword when you are actually entering an encrypted keyword. Example The first command sets an unencrypted password for level 7 (it will be encrypted in the configuration file).
Authentication, Authorization and Accounting (AAA) Commands • nopassword—No password is required for this user to log in. • unencrypted-password—The authentication password for the user. (Range: 1–159) • encrypted encrypted-password —Specifies that the password is encrypted. Use this keyword to enter a password that is already encrypted (for instance that you copied from another the configuration file of another device).
Authentication, Authorization and Accounting (AAA) Commands Syntax show user accounts Parameters Default Configuration Command Mode Privileged EXEC mode Example The following example displays information about the users local database. Console# show user accounts Username Privilege -------- --------- Robert Smith The following table describes the significant fields shown in the display: Field Description Username...
Page 198
Authentication, Authorization and Accounting (AAA) Commands Syntax passwords complexity enable no passwords complexity enable Parameters Parameters Default Configuration Enabled Command Mode Global Configuration mode User Guidelines If password complexity is enabled by default, the user is forced to enter a password that: •...
Authentication, Authorization and Accounting (AAA) Commands Example The following example configures requiring complex passwords that fulfill the minimum requirements specified in the User Guidelines above. console(config)# passwords complexity enable console#show passwords configuration Passwords aging is enabled with aging time 180 days. Passwords complexity is enabled with the following attributes: Minimal length: 3 characters Minimal classes: 3...
Page 200
Authentication, Authorization and Accounting (AAA) Commands not-username passwords complexity not-username no passwords complexity manufacturer-name passwords complexity not-manufacturer-name no passwords complexity Parameters • min-length number—Sets the minimal length of the password. (Range: 0–64) • min-classes number—Sets the minimal character classes (uppercase letters, lowercase letters, numbers, and special characters available on a standard keyboard).
Authentication, Authorization and Accounting (AAA) Commands Example The following example configures the minimal required password length to 8 characters. passwords complexity min-length 8 Console (config)# 15.11 passwords aging Use the passwords aging Global Configuration mode command to enforce password aging. Use the no form of this command to return to default. Syntax passwords aging days...
Authentication, Authorization and Accounting (AAA) Commands 15.12 show passwords configuration The show passwords configuration Privileged EXEC mode command displays information about the password management configuration. Syntax show passwords configuration Parameters Default Configuration Command Mode Privileged EXEC mode Example console#show passwords configuration Passwords aging is enabled with aging time 180 days.
Page 203
Authentication, Authorization and Accounting (AAA) Commands The following table describes the significant fields shown in the display: Field Description Minimal length The minimal length required for passwords in the local database. Minimal The minimal number of different types of character characters (special characters, integers and so classes on) required to be part of the password.
Remote Authentication Dial-In User Service (RADIUS) Commands Remote Authentication Dial-In User Service (RADIUS) Commands 16.1 radius-server host Use the radius-server host Global Configuration mode command to specify a RADIUS server host. Use the no form of the command to delete the specified RADIUS server host.
Page 205
Remote Authentication Dial-In User Service (RADIUS) Commands ipv6_address - Refers to the IPv6 address on the single interface on which an IPv6 address is defined. • hostname—Specifies the RADIUS server host name. Translation to IPv4 addresses only is supported. (Length: 1–158 characters. Maximum label length: 63 characters) •...
Remote Authentication Dial-In User Service (RADIUS) Commands If timeout is not specified, the global value is used. If retransmit is not specified, the global value is used. If key-string is not specified, the global value is used. If the source value is not specified, the global value is used. The default usage type is all.
Remote Authentication Dial-In User Service (RADIUS) Commands Parameters key-string—Specifies the authentication and encryption key for all RADIUS communications between the device and the RADIUS server. This key must match the encryption used on the RADIUS daemon. (Range: 0–128 characters) Default Configuration The key-string is an empty string.
Remote Authentication Dial-In User Service (RADIUS) Commands Example The following example configures the number of times the software searches all RADIUS server hosts as 5. console(config)# radius-server retransmit 16.4 radius-server source-ip Use the radius-server source-ip Global Configuration mode command to specify the source IP address used for communication with RADIUS servers.
Remote Authentication Dial-In User Service (RADIUS) Commands 16.5 radius-server source-ipv6 Use the radius-server source-ipv6 Global Configuration mode command to specify the source IPv6 address used for communication with RADIUS servers. Use the no form of this command to restore the default configuration. Syntax source radius-server source-ipv6 {...
Remote Authentication Dial-In User Service (RADIUS) Commands Syntax timeout-seconds radius-server timeout no radius-server timeout Parameters timeout-seconds timeout —Specifies the timeout value in seconds. (Range: 1–30) Default Configuration The default timeout value is 3 seconds. Command Mode Global Configuration mode Example The following example sets the timeout interval on all RADIUS servers to 5 seconds.
Remote Authentication Dial-In User Service (RADIUS) Commands Default Configuration The default deadtime interval is 0. Command Mode Global Configuration mode Example The following example sets all RADIUS server deadtimes to 10 minutes. Console(config)# radius-server deadtime 16.8 show radius-servers Use the show radius-servers Privileged EXEC mode command to display the RADIUS server settings.
Page 212
Remote Authentication Dial-In User Service (RADIUS) Commands Example The following example displays RADIUS server settings. Console# show radius-servers Port Port Time Dead Sourc time Auth Acct Retransmision Priority Usage address ----- ------ ------------ -------- ----- ---- ---- ------ --------- Global Global Global 1812...
Terminal Access Controller Access-Control System Plus (TACACS+) Commands Terminal Access Controller Access-Control System Plus (TACACS+) Commands 17.1 tacacs-server host Use the tacacs-server host Global Configuration mode command to specify a TACACS+ host. Use the no form of this command to delete the specified TACACS+ host.
Terminal Access Controller Access-Control System Plus (TACACS+) Commands The default port-number is 49. If timeout is not specified, the global value is used. If key-string is not specified, the global value is used. If source is not specified, the global value is used. Command Mode Global Configuration mode User Guidelines...
Terminal Access Controller Access-Control System Plus (TACACS+) Commands Default Configuration The default key is an empty string. Command Mode Global Configuration mode Example The following example sets Enterprise as the authentication encryption key for all TACACS+ servers. Console(config)# enterprise tacacs-server key 17.3 tacacs-server timeout Use the tacacs-server timeout Global Configuration mode command to set the...
Terminal Access Controller Access-Control System Plus (TACACS+) Commands 17.4 tacacs-server source-ip Use the tacacs-server source-ip Global Configuration mode command to configure the source IP address to be used for communication with TACACS+ servers. Use the no form of this command to restore the default configuration. Syntax source tacacs-server source-ip {...
Page 217
Terminal Access Controller Access-Control System Plus (TACACS+) Commands Parameters ip-address—Specifies the TACACS+ server name or IP address. Default Configuration If ip-address is not specified, information for all TACACS+ servers is displayed. Command Mode Privileged EXEC mode Example The following example displays configuration and statistical information for all TACACS+ servers.
Syslog Commands Syslog Commands 18.1 logging on Use the logging on Global Configuration mode command to control error message logging. This command sends debug or error messages asynchronously to designated locations. Use the no form of this command to disable the logging. Syntax logging on no logging on...
Syslog Commands 18.2 logging host Use the logging host Global Configuration command to log messages to the specified SYSLOG server. Use the no form of this command to delete the SYSLOG server with the specified address from the list of SYSLOG servers. Syntax {ipv4-address | ipv6-address | hostname} [port port] [severity level] logging host...
Syslog Commands Command Mode Global Configuration mode User Guidelines You can use multiple SYSLOG servers. ipv6-link-local-address>%<interface-name The format of an IPv6Z address is: < > • vlan<integer> | ch<integer> | isatap<integer> | interface-name = /<physical-port-name> | 0 • decimal-number> | <integer><decimal-number integer = <...
Syslog Commands Parameters level—Specifies the severity level of logged messages displayed on the console. The possible values are: emergencies, alerts, critical, errors, warnings, notifications, informational and debugging. Default Configuration Informational. Command Mode Global Configuration mode Example The following example limits logging messages displayed on the console to messages with severity level errors.
Syslog Commands Default Configuration The default severity level is informational. The default buffer size is 200. Command Mode Global Configuration mode User Guidelines All the SYSLOG messages are logged to the internal buffer. This command limits the messages displayed to the user. Example The following example shows two ways of limiting the SYSLOG message display from an internal buffer to messages with severity level debugging.
Syslog Commands Example The following example clears messages from the internal logging buffer. Console# clear logging Clear logging buffer [confirm] 18.6 logging file Use the logging file Global Configuration mode command to limit SYSLOG messages sent to the logging file to messages with a specific severity level. Use the no form of this command to cancel sending messages to the file.
Syslog Commands 18.7 clear logging file Use the clear logging file Privileged EXEC mode command to clear messages from the logging file. Syntax clear logging file Parameters Default Configuration Command Mode Privileged EXEC mode Example The following example clears messages from the logging file. Console# clear logging file Clear Logging File [y/n]...
Syslog Commands • delete-rename—Specifies logging messages related to file deletion and renaming operations. Default Configuration Enabled. Command Mode Global Configuration mode Example The following example enables logging messages related to file copy operations. Console(config)# file-system logging copy 18.9 logging aggregation on Use the logging aggregation on Global Configuration mode command to control aggregation of SYSLOG messages.
Syslog Commands Example To turn off aggregation of SYSLOG messages: console(config)# no logging aggregation on 18.10 logging aggregation aging-time Use the logging aggregation aging-time Global Configuration mode command to configure the aging time of the aggregated SYSLOG messages. The SYSLOG messages are aggregated during the time interval set by the aging-time parameter.
Page 227
Syslog Commands Parameters Default Configuration Command Mode Privileged EXEC mode Example The following example displays the logging status and the SYSLOG messages stored in the internal buffer. console# show logging Logging is enabled. Console Logging: Level info. Console Messages: 0 Dropped. Buffer Logging: Level info.
Syslog Commands 01-Jan-2010 05:29:02 :%LINK-I-Up: Vlan 1 01-Jan-2010 05:29:02 :%LINK-I-Up: SYSLOG6 01-Jan-2010 05:29:02 :%LINK-I-Up: SYSLOG7 01-Jan-2010 05:29:00 :%LINK-W-Down: SYSLOG8 18.12 show logging file Use the show logging file Privileged EXEC mode command to display the logging status and the SYSLOG messages stored in the logging file. Syntax show logging file Parameters...
Syslog Commands Application Event Status ----------------- ---------------- --------- Login Enabled File system Copy Enabled File system Delete-Rename Enabled Management ACL Deny Enabled Aggregation: Disabled. Aggregation aging time: 300 Sec 01-Jan-2010 05:57:00 :%SSHD-E-ERROR: SSH error: key_read: type mismatch: encoding error 01-Jan-2010 05:56:36 :%SSHD-E-ERROR: SSH error: key_read: type mismatch: encoding error 01-Jan-2010 05:55:37 :%SSHD-E-ERROR: SSH error: key_read: type mismatch: encoding error...
Page 230
Syslog Commands Syntax show syslog-servers Parameters Default Configuration Command Mode Privileged EXEC mode Example The following example provides information about the SYSLOG servers. console# show syslog-servers Device Configuration IP address Port Facility Severity Description ------------- ---- --------- -------- -------------- 1.1.1.121 local7 info 3000::100...
Remote Network Monitoring (RMON) Commands Remote Network Monitoring (RMON) Commands 19.1 show rmon statistics Use the show rmon statistics EXEC mode command to display RMON Ethernet statistics. Syntax show rmon statistics {interface-id} Parameters interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel.
Page 232
Remote Network Monitoring (RMON) Commands The following table describes the significant fields displayed. Field Description Dropped The total number of events in which packets were dropped by the probe due to lack of resources. Note that this number is not necessarily the number of packets dropped.
Remote Network Monitoring (RMON) Commands Field Description Fragments The total number of packets received, less than 64 octets in length (excluding framing bits but including FCS octets) and either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
Remote Network Monitoring (RMON) Commands Syntax [owner ownername] [buckets bucket-number] [interval rmon collection stats index seconds] index no rmon collection stats Parameters • index—The requested group of statistics index.(Range: 1–65535) • ownername owner —Records the name of the owner of the RMON group of statistics.
Remote Network Monitoring (RMON) Commands Example The following example displays all RMON history group statistics. Console# show rmon collection stats Index Interface Interval Requested Granted Owner Samples Samples ----- --------- -------- ------- --------- ------- 1800 Manager The following table describes the significant fields shown in the display. Field Description Index...
Page 236
Remote Network Monitoring (RMON) Commands • seconds period —Specifies the period of time in seconds to display. (Range: 1–2147483647) Command Mode EXEC mode Example The following examples display RMON Ethernet history statistics for index 1 Console# show rmon history throughput Sample Set: 1 Owner: CLI Interface: gi1...
Page 237
Remote Network Monitoring (RMON) Commands Under Align size Time Oversize Fragments Jabbers ------- ----- ------------ -------- --------- ---- Jan 18 2005 21:57:00 Jan 18 2005 21:57:30 Console# show rmon history other Sample Set: 1 Owner: Me Interface: gi1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 500...
Remote Network Monitoring (RMON) Commands Field Description CRC Align The number of packets received during this sampling interval that had a length (excluding framing bits but including FCS octets) between 64 and 1518 octets, inclusive, but had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
Page 239
Remote Network Monitoring (RMON) Commands Syntax index mib-object-id interval rthreshold fthreshold revent fevent [type rmon alarm {absolute | delta}] [startup {rising | rising-falling | falling}] [owner name] index no rmon alarm Parameters • index—Specifies the alarm index. (Range: 1–65535) • mib-object-id—Specifies the object identifier of the variable to be sampled.
Remote Network Monitoring (RMON) Commands generated. If the first sample (after this entry becomes valid) is less than or equal to fthreshold, a single falling alarm is generated. falling —Specifies that if the first sample (after this entry becomes valid) is less than or equal to fthreshold, a single falling alarm is generated.
Remote Network Monitoring (RMON) Commands Example The following example displays the alarms table. Console# show rmon alarm-table Index Owner ----- ---------------------- ------- 1.3.6.1.2.1.2.2.1.10.1 1.3.6.1.2.1.2.2.1.10.1 Manager 1.3.6.1.2.1.2.2.1.10.9 The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the entry.
Page 242
Remote Network Monitoring (RMON) Commands Alarm 1 ------- OID: 1.3.6.1.2.1.2.2.1.10.1 Last sample Value: 878128 Interval: 30 Sample Type: delta Startup Alarm: rising Rising Threshold: 8700000 Falling Threshold: 78 Rising Event: 1 Falling Event: 1 Owner: CLI The following table describes the significant fields shown in the display: Field Description Alarm...
Remote Network Monitoring (RMON) Commands Field Description Startup Alarm The alarm that may be sent when this entry is first set. If the first sample is greater than or equal to the rising threshold, and startup alarm is equal to rising or rising-falling, then a single rising alarm is generated.
Remote Network Monitoring (RMON) Commands • log—Specifies that a notification entry is generated in the log table by the device for this event. • trap—Specifies that an SNMP trap is sent to one or more management stations by the device for this event. •...
Remote Network Monitoring (RMON) Commands Command Mode EXEC mode Example The following example displays the RMON event table. Console# show rmon events Index Description Type Community Owner Last time sent ----- ----------- ------ --------- ------ ------------------ Errors router Jan 18 2006 23:58:17 High Manager Jan 18 2006 23:59:48...
Remote Network Monitoring (RMON) Commands Parameters event—Specifies the event index. (Range: 0–65535) Command Mode EXEC mode Example The following example displays event 1 in the RMON log table. Console# show rmon log 1 Maximum table size: 500 (800 after reset) Event Description Time...
Page 247
Remote Network Monitoring (RMON) Commands Default Configuration The default history table size is 270 entries. The default log table size is 200 entries. Command Mode Global Configuration mode User Guidelines The configured table size takes effect after the device is rebooted. Example The following example configures the maximum size of RMON history tables to 100 entries.
802. 1 x Commands 802.1x Commands 20.1 aaa authentication dot1x Use the aaa authentication dot1x Global Configuration mode command to specify how ports are authenticated when 802.1x is enabled. You can select either authentication by a RADIUS server, no authentication, or both methods. Use the no form of this command to restore the default configuration.
802. 1 x Commands Example The following example sets 802.1X authentication mode to RADIUS server authentication. If no response is received, no authentication is performed. Console(config)# aaa authentication dot1x default radius none 20.2 dot1x system-auth-control Use the dot1x system-auth-control Global Configuration mode command to enable 802.1x globally.
Page 250
802. 1 x Commands no dot1x port-control Parameters • auto—Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.1x authentication exchange between the device and the client. • force-authorized—Disables 802.1x authentication on the interface and causes the port to transition to the authorized state without any authentication exchange required.
802. 1 x Commands 20.4 dot1x reauthentication Use the dot1x reauthentication Interface Configuration mode command to enable periodic re-authentication of the client. Use the no form of this command to return to the default setting. Syntax dot1x reauthentication no dot1x reauthentication Parameters Default Configuration Periodic re-authentication is disabled.
802. 1 x Commands Default Configuration 3600 Command Mode Interface Configuration (Ethernet) mode Example console(config)# interface gi1 console(config-if)# dot1x timeout reauth-period 5000 20.6 dot1x timeout quiet-period Use the dot1x timeout quiet-period Interface Configuration (Ethernet) mode command to set the time interval that the device remains in a quiet state following a failed authentication exchange (for example, the client provided an invalid password).
802. 1 x Commands The default value of this command should only be changed to adjust to unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. To provide faster response time to the user, a smaller number than the default value should be entered.
802. 1 x Commands User Guidelines The default value of this command should be changed only to adjust to unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. Example The following command sets the time interval during which the device waits for a response to an EAP request/identity frame to 3600 seconds.
802. 1 x Commands User Guidelines The default value of this command should be changed only to adjust to unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. Example The following example sets the maximum number of times that the device sends an EAP request/identity frame to 6 Console(config)# interface gi15...
802. 1 x Commands User Guidelines The default value of this command should be changed only to adjust to unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. Example The following example sets the time interval during which the device waits for a response to an EAP request frame from the client before resending the request to 3600 seconds.
802. 1 x Commands User Guidelines The actual timeout period can be determined by comparing the value specified by the dot1x timeout server-timeout command to the result of multiplying the number of retries specified by the radius-server retransmit command by the timeout period specified by the radius-server timeout command, and selecting the lower of the two values.
Page 258
802. 1 x Commands Example The following examples display the status of 802.1x-enabled Ethernet ports. Console# show dot1x 802.1x is enabled Port Admin Oper Reauth Reauth Username Mode Mode Control Period ---- ------- --------- ----------- ------- ----- Auto Authorized 3600 John Auto Authorized...
Page 259
802. 1 x Commands Time-range: work-hours (Inactive now) Quiet period: 60 Seconds Tx period: 30 Seconds Max req: Supplicant timeout: 30 Seconds Server timeout: 30 Seconds Session Time (HH:MM:SS): 08:19:17 MAC Address: 00:08:78:32:98:78 Authentication Method: Remote Termination Cause: Supplicant logoff Authenticator State Machine State: HELD...
Page 260
802. 1 x Commands Field Description Username The username representing the supplicant identity. This field shows the username if the port control is auto. If the port is Authorized, it displays the username of the current user. If the port is Unauthorized, it displays the last user authenticated successfully.
802. 1 x Commands 20.12 show dot1x users Use the show dot1x users Privileged EXEC mode command to display active 802.1x authenticated users for the device. Syntax [username username show dot1x users Parameters username—Specifies the supplicant username (Length: 1–160 characters) Command Mode Privileged EXEC mode 78-20269-01 Command Line Interface Reference Guide...
802. 1 x Commands Example The following example displays 802.1x users. Switch# show dot1x users Port Username Session Auth VLAN Filter Time Method Address ------ ---------- ------------- -------- ------------- ---- ------ 1d 03:08:58 Remote 0008.3b79.8787 John 08:19:17 None 0008.3b89.3127 Port Username Session Auth...
Page 263
802. 1 x Commands Syntax interface-id show dot1x statistics interface Parameters interface-id—Specifies an interface ID. The interface ID must be an Ethernet port. Command Mode Privileged EXEC mode Example The following example displays 802.1x statistics for gi1. Console# show dot1x statistics interface gi1 EapolFramesRx: 11 EapolFramesTx: 12 EapolStartFramesRx: 1...
Page 264
802. 1 x Commands The following table describes the significant fields shown in the display: Field Description EapolFramesRx The number of valid EAPOL frames of any type that have been received by this Authenticator. EapolFramesTx The number of EAPOL frames of any type that have been transmitted by this Authenticator.
802. 1 x Commands 20.14 clear dot1x statistics Use the clear dot1x statistics Privileged EXEC mode command to clear 802.1x statistics. Syntax nterface-id clear dot1x statistics [i Parameters interface-id —Specifies an interface ID. The interface ID must be an Ethernet port. Default Configuration Command Mode Privileged EXEC...
802. 1 x Commands • multi-sessions—Enable multiple-sessions mode. Default Configuration Default mode is multi-host. Command Mode Interface Configuration (Ethernet) mode User Guidelines In multiple hosts mode only one of the attached hosts must be successfully authorized for all hosts to be granted network access. If the port becomes unauthorized, all attached clients are denied access to the network.
Page 267
802. 1 x Commands Parameters • restrict—Generates a trap when a station whose MAC address is not the supplicant MAC address, attempts to access the interface. The minimum time between the traps is 1 second. Those frames are forwarded but their source address are not learned.
802. 1 x Commands 20.17 dot1x guest-vlan Use the dot1x guest-vlan Interface Configuration (VLAN) mode command to define a guest VLAN. Use the no form of this command to restore the default configuration. Syntax dot1x guest-vlan no dot1x guest-vlan Default Configuration No VLAN is defined as a guest VLAN.
802. 1 x Commands Syntax timeout dot1x guest-vlan timeout no dot1x guest-vlan timeout Parameters timeout—Specifies the time delay in seconds between enabling 802.1x (or port up) and adding the port to the guest VLAN. (Range: 30–180) Default Configuration The guest VLAN is applied immediately. Command Mode Global Configuration mode User Guidelines...
802. 1 x Commands Default Configuration The default configuration is disabled. Command Mode Interface Configuration (Ethernet) mode User Guidelines A device can have only one global guest VLAN. The guest VLAN is defined using the dot1x guest-vlan Interface Configuration mode command. Example The following example enables unauthorized users on gi1 to access the guest VLAN.
802. 1 x Commands Command Mode Interface Configuration (Ethernet) mode User Guidelines The guest VLAN must be enabled when MAC authentication is enabled. Static MAC addresses cannot be authorized. Do not change an authenticated MAC address to a static address. It is not recommended to delete authenticated MAC addresses.
Ethernet Configuration Commands Ethernet Configuration Commands 21.1 interface Use the interface Global Configuration mode command to configure an interface and enter interface configuration mode. Syntax interface interface-id Parameters interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel.
Ethernet Configuration Commands User Guidelines Commands under the interface range context are executed independently on each interface in the range: If the command returns an error on one of the interfaces, it does not stop the execution of the command on other interfaces. Example console(config)# interface range gi1-20 21.3...
Ethernet Configuration Commands Console(config-if) 21.4 description Use the description Interface Configuration (Ethernet, Port-channel) mode command to add a description to an interface. Use the no form of this command to remove the description. Syntax string description no description Parameters string—Specifies a comment or a description of the port to assist the user. (Length: 1–64 characters) Default Configuration The interface does not have a description.
Ethernet Configuration Commands no speed Parameters • 10—Forces10 Mbps operation. • 100—Forces 100 Mbps operation. • 1000—Forces 1000 Mbps operation. Default Configuration The port operates at its maximum speed capability. Command Mode Interface Configuration (Ethernet, Port-channel) mode User Guidelines The no speed command in a Port-channel context returns each port in the Port-channel to its maximum capability.
Ethernet Configuration Commands • full—Forces full-duplex operation. Default Configuration The interface operates in full duplex mode. Command Mode Interface Configuration (Port-channel) mode Example The following example configures gi5 to operate in full duplex mode. Console(config)# interface gi5 Console(config-if)# duplex full 21.7 negotiation Use the negotiation Interface Configuration (Ethernet, Port-channel) mode...
Ethernet Configuration Commands Example The following example enables auto-negotiation on gi5. Console(config)# interface gi5 Console(config-if)# negotiation 21.8 flowcontrol Use the flowcontrol Interface Configuration (Ethernet, Port-channel) mode command to configure the flow control on a given interface. Use the no form of this command to disable flow control.
Ethernet Configuration Commands Console(config-if)# flowcontrol on 21.9 mdix Use the mdix Interface Configuration (Ethernet) mode command to enable cable crossover on a given interface. Use the no form of this command to disable cable crossover. Syntax {on | auto} mdix no mdix Parameters •...
Ethernet Configuration Commands Syntax back-pressure no back-pressure Default Configuration Back pressure is disabled. Command Mode Interface Configuration (Ethernet) mode Example The following example enables back pressure on port Console(config)# interface gi5 Console(config-if)# back-pressure 21.11 port jumbo-frame Use the port jumbo-frame Global Configuration mode command to enable jumbo frames on the device.
Ethernet Configuration Commands Example The following example enables jumbo frames on the device. Console(config)# port jumbo-frame 21.12 clear counters Use the show interfaces counters EXEC mode command to display traffic seen by all the physical interfaces or by a specific interface. Syntax [interface-id] [detailed] show interfaces counters...
Ethernet Configuration Commands Parameters interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel. Command Mode EXEC mode User Guidelines This command is used to activate interfaces that were configured to be active, but were shut down by the system.
Ethernet Configuration Commands Flow Admin Back Mdix Port Type Duplex Speed control State Pressure Mode ------ --------- ------ ----- -------- ------- ----- -------- ---- 1G-Copper Full 10000 Disabled Off Disabled 1G-Copper Full 1000 Disabled Off Disabled Flow Admin Type Speed Control State ------...
Ethernet Configuration Commands Port Type Duplex Speed Neg ctrl State Pressure Mode ------ --------- ------ ----- -------- ---- ------ -------- -- 1G-Copper Full 1000 Disabled Off Disabled Off 1G-Copper -- Down Flow Link Type Duplex Speed ctrl State ----- ------- ------ ----- ------- ---- ------...
Ethernet Configuration Commands Console# show interfaces advertise Port:gi1 Type: 1G-Copper Link state: Up Auto Negotiation: enabled 100f 1000f ---- ----- Admin Local link Advertisement Oper Local link Advertisement Remote Local link Advertisement Priority Resolution Console# show interfaces advertise Port: gi1 Type: 1G-Copper Link state: Up Auto negotiation: disabled.
Ethernet Configuration Commands Command Mode EXEC mode Example The following example displays the description of all configured interfaces. Console# show interfaces description Port Descriptions --------------------------------------------- Port that should be used for management only Description ---- ----------- Output 21.18 show interfaces counters Use the show interfaces counters EXEC mode command to display traffic seen by all the physical interfaces or by a specific interface.
Page 287
Ethernet Configuration Commands console# show interfaces counters gi1 Port InUcastPkts InMcastPkts InBcastPkts InOctets ---------- ------------ ------------ ------------ ------------ Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets ---------- ------------ ------------ ------------ ------------ 7051 Alignment Errors: 0 FCS Errors: 0 Single Collision Frames: 0 Multiple Collision Frames: 0 SQE Test Errors: 0 Deferred Transmissions: 0 Late Collisions: 0...
Page 288
Ethernet Configuration Commands The following table describes the fields shown in the display. Field Description InOctets The number of received octets. InUcastPkts The number of received unicast packets. InMcastPkts The number of received multicast packets. InBcastPkts The number of received broadcast packets.
Ethernet Configuration Commands Field Description Oversize Packets The number of frames received that exceed the maximum permitted frame size. Internal MAC Rx Errors The number of frames for which reception fails due to an internal MAC sublayer receive error. Received Pause The number of MAC Control frames Frames received with an opcode indicating the...
Ethernet Configuration Commands 21.20 storm-control broadcast level kbps Use the storm-control broadcast level Interface Configuration mode command to configure the maximum rate of broadcast on a port. Use the no form of this command to return to default. Syntax kbps storm-control broadcast level kbps no storm-control broadcast level Parameters...
Page 291
Ethernet Configuration Commands Syntax level kbps storm-control broadcast level { | kbps no storm-control broadcast level Parameters level - Suppression level in percentage. Block the flooding of storm packets when the value specified for level is reached. (Range 1 -100) kbps—Maximum of kilobits per second of broadcast traffic on a port.
Ethernet Configuration Commands 21.22 storm-control include-multicast Use the storm-control include-multicast Interface Configuration mode command to count multicast packets in the broadcast storm control. Use the no form of this command to disable counting of multicast packets in the broadcast storm control. Syntax [unknown-unicast] storm-control include-multicast...
Page 293
Ethernet Configuration Commands Parameters interface-id—Specifies the interface. Command Mode EXEC mode Example console# show storm-control Port State Admin Rate Oper Rate Included [Kb/Sec] -------- -------- ------------- ---------- ------------ Enabled 12345 Kb/Sec 12345 Broadcast, Multicast, Unknown Unicast Disabled 100000 Kb/Sec 100000 Broadcast Enabled 000000...
PHY Diagnostics Commands PHY Diagnostics Commands 22.1 show cable-diagnostics cable-length Use the show cable-diagnostics cable-length EXEC mode command to display the estimated copper cable length attached to all ports or to a specific port. Syntax show cable-diagnostics cable-length [ interface interface-id Parameters interface-id—Specify an interface ID.
Page 295
PHY Diagnostics Commands Syntax interface interface-id] [detailed show fiber-ports optical-transceiver [ Parameters • interface-id—Specifies an interface ID. The interface ID must be an Ethernet port. • detailed—Displays detailed diagnostics. Command Mode EXEC mode Example The following examples display the optical transceiver diagnostics results. console# show fiber-ports optical-transceiver Port Temp...
Page 296
PHY Diagnostics Commands ----------- ------ ------- ------- ------- ------- --- Copper Copper 3.32 7.26 3.53 3.68 3.33 6.50 3.53 3.71 Temp - Internally measured transceiver temperature Voltage - Internally measured supply voltage Current - Measured TX bias current Output Power - Measured TX output power in milliWatts Input Power - Measured RX received power in milliWatts - Loss of signal...
Power over Ethernet (PoE) Commands Power over Ethernet (PoE) Commands 23.1 power inline Use the power inline Interface Configuration mode command to configure the inline power administrative mode on an interface. Syntax power inline {auto | never} Parameters • auto—Turns on the device discovery protocol and applies power to the device.
Power over Ethernet (PoE) Commands no power inline priority Parameters • critical—Specifies that the powered device operation is critical. • high—Specifies that the powered device operation is high priority. • low—Specifies that the powered device operation is low priority. Default Configuration The default configuration is set to low priority.
Power over Ethernet (PoE) Commands Command Mode Global Configuration mode Example The following example configures the threshold for initiating inline power usage alarms to 90 percent. Console(config)# power inline usage-threshold 23.4 power inline traps enable Use the power inline traps enable Global Configuration mode command to enable inline power traps.
Power over Ethernet (PoE) Commands Syntax power power inline limit no power inline limit Parameters power—States the port power consumption limit in Milliwatts (Range: 0-15400 Default Configuration The default value is the maximum power allowed in the specific working mode: •...
Power over Ethernet (PoE) Commands Command Mode Global Configuration mode Example The following example sets the power limit to class. console(config)# power inline limit-mode class 23.7 show power inline Use the show power inline EXEC mode command to display information about the inline power for all interfaces or for a specific interface.
Page 302
Power over Ethernet (PoE) Commands Port Powered Device State Status Priority Class ----- -------------- ----------- -------- -------- ------- IP Phone Model A Auto High Class0 Wireless AP Model A Auto Class1 Auto Example The following example displays information about the inline power for a specific port.
Power over Ethernet (PoE) Commands Field Description Priority The port inline power management priority. The possible values are Critical, High or Low. Status Describes the port inline power operational state. The possible values are On, Off, Test-Fail, Testing, Searching or Fault. Class The power consumption classification of the powered device.
Page 304
Power over Ethernet (PoE) Commands Syntax [interface-id] show power inline consumption Parameters Interface-id—Specifies an interface ID. The interface ID must be an Ethernet port. Default Configuration There is no default configuration for this command. Command Mode EXEC mode Example The following example displays information about the inline power consumption. Console# show power inline consumption Port...
EEE Commands EEE Commands 24.1 eee enable (global) Use the eee enable Global Configuration command to enable the EEE mode globally. Use the no format of the command to disable the mode. Syntax eee enable no eee enable Default Configuration EEE is enabled.
EEE Commands Default Configuration EEE is enabled. Command Mode Interface Configuration mode (Ethernet) User Guidelines If Auto-Negotiation is not enabled on the port and its speed is 1 Giga, the EEE Operational status is disabled. 24.3 eee lldp enable Use the eee lldp enable Interface Configuration command to enable EEE support by LLDP on an Ethernet port.
Page 307
EEE Commands Syntax [interface-id] show eee Parameters interface-id—Specify an interface ID. The interface ID must be an Ethernet port. Defaults Command Mode EXEC Examples Example 1 - Brief Information about all ports Switch>show eee EEE globally enabled EEE Administrate status is enabled on ports: gi1-6, gi7 EEE Operational status is enabled on ports: gi1, gi3-6, gi2, gi5 EEE LLDP Administrate status is enabled on ports: gi1-5 EEE LLDP Operational status is enabled on ports: gi1-5...
Page 308
EEE Commands Speed 10M: EEE not supported Speed 100M: EEE supported Speed 1G: EEE supported EEE Administrate status: enabled EEE LLDP Administrate status: enabled Example 4 - Port in status UP and does not support EEE Switch>show eee gi2 Port Status: UP EEE capabilities: Speed 10M: EEE not supported Speed 100M: EEE supported...
Page 309
EEE Commands EEE capabilities: Speed 10M: EEE not supported Speed 100M: EEE supported Speed 1G: EEE supported Current port speed: 1Gbps EEE Administrate status: disabled EEE Operational status: disabled EEE LLDP Administrate status: enabled EEE LLDP Operational status: disabled Example 7 - EEE is running on the port, EEE LLDP is disabled Switch>show eee gi2 Port Status: UP EEE capabilities:...
Page 311
EEE Commands Local Rx Timer: 16 Example 10 - EEE and EEE LLDP are running on the port Switch>show eee gi3 Port Status: UP EEE capabilities: Speed 10M: EEE not supported Speed 100M: EEE supported Speed 1G: EEE supported Current port speed: 1Gbps EEE Remote status: enabled EEE Administrate status: enabled EEE Operational status: enabled...
Green Ethernet Green Ethernet 25.1 green-ethernet energy-detect (global) Use the green-ethernet energy-detect Global Configuration mode command to enable Green-Ethernet Energy-Detect mode globally. Use the no form of this command to disabled it. Syntax green-ethernet energy-detect no green-ethernet energy-detect Parameters Default Configuration Enabled.
Green Ethernet Parameters Default Configuration Enabled Command Mode Interface configuration mode (Ethernet) User Guidelines Energy-Detect can work only when the port is copper. When a port is enabled for auto selection copper/fiber Energy-Detect cannot work. It takes the PHY ~5 seconds to fall into sleep mode when the link is lost after normal operation.
Page 314
Green Ethernet Command Mode Privileged EXEC mode User Guidelines The following describes all possible reasons the show command displays, and their descriptions. If there are a several reasons for non-operation, then only the highest priority reason is displayed. Energy-detect Non-operational Reasons Priority Reason Description...
Green Ethernet Port Energy-Detect Short-Reach VCT Cable Admin Oper Reason Admin Force Oper Reason Length ---- ----- ---- ------- ----- ----- ---- ------- ------ < 50 25.4 green-ethernet short-reach (global) Use the green-ethernet short-reach Global Configuration mode command to enable green-ethernet short-reach mode globally. Use the no form of this command to disabled it.
Green Ethernet Syntax green-ethernet short-reach no green-ethernet short-reach Parameters Default Configuration Disabled. Command Mode Interface Configuration mode (Ethernet) User Guidelines When Short-Reach mode is enabled and is not forced, the VCT (Virtual Cable Tester) length check must be performed. The VCT length check can be performed only on a copper port operating at a speed of 1000 Mbps.
Page 317
Green Ethernet Syntax green-ethernet power-meter reset Command Mode Privileged EXEC mode. Example console(config)# green-ethernet power-meter reset 78-20269-01 Command Line Interface Reference Guide...
Port Channel Commands Port Channel Commands Use the channel-group Interface Configuration (Ethernet) mode command to associate a port with a port-channel. Use the no form of this command to remove a port from a port-channel. Syntax port-channel mode {on | auto} channel-group no channel-group Parameters...
Port Channel Commands 26.1 port-channel load-balance Use the port-channel load-balance Global Configuration mode command to configure the load balancing policy of the port channeling. Use the no form of this command to reset to default. Syntax {src-dst-mac src-dst-mac-ip | } port-channel load-balance no port-channel load-balance Parameters...
Page 320
Port Channel Commands Syntax [interface-id] show interfaces port-channel Parameters interface-id—Specify an interface ID. The interface ID must be a Port Channel. Command Mode EXEC mode Example The following example displays information on all port-channels. console# show interfaces port-channel Load balancing: src-dst-mac. Gathering information...
Page 321
Port Channel Commands General PVID: 1 General VLANs Enabled: none General Egress Tagged VLANs Enabled: none General Forbidden VLANs: none General Ingress Filtering: enabled General Acceptable Frame Type: all General GVRP status: disabled Customer Mode VLAN: none Private-vlan promiscuous-association primary VLAN: none Private-vlan promiscuous-association Secondary VLANs Enabled: none Private-vlan host-association primary VLAN: none Private-vlan host-association Secondary VLAN Enabled: none...
Address Table Commands Address Table Commands 27.1 bridge multicast filtering Use the bridge multicast filtering Global Configuration mode command to enable the filtering of multicast addresses. Use the no form of this command to disable multicast address filtering. Syntax bridge multicast filtering no bridge multicast filtering Default Configuration Multicast address filtering is disabled.
Page 323
Address Table Commands Syntax {mac-group | ip-group | ip-src-group} bridge multicast mode no bridge multicast mode Parameters • mac-group—Specifies that multicast bridging is based on the packet's VLAN and MAC address. • ipv4-group—Specifies that multicast bridging is based on the packet's VLAN and MAC address for non-IPv4 packets, and on the packet's VLAN and IPv4 destination address for IPv4 packets.
Address Table Commands The following table describes the actual data that is written to the Forwarding Data Base (FDB) as a function of the IGMP version that is used in the network: FDB mode IGMP version 2 IGMP version 3 mac-group MAC group MAC group address...
Page 325
Address Table Commands Parameters • mac-multicast-address—Specifies the group MAC multicast address. • add—Adds ports to the group. • remove—Removes ports from the group. • ethernet interface-list—Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports.
Address Table Commands Console(config)# interface vlan Console(config-if)# 01:00:5e:02:02:03 gi1-2 bridge multicast address 27.4 bridge multicast forbidden address Use the bridge multicast forbidden address Interface Configuration (VLAN) mode command to forbid adding or removing a specific multicast address to or from specific ports.
Address Table Commands Example The following example forbids MAC address 0100.5e02.0203 on port within VLAN 8. Console(config)# interface vlan Console(config-if)# bridge multicast address 0100.5e02.0203 Console(config-if)# 0100.5e02.0203 bridge multicast forbidden address 27.5 bridge multicast ip-address Use the bridge multicast ip-address Interface Configuration (VLAN) mode command to register IP-layer multicast addresses to the bridge table, and statically add or remove ports to or from the group.
Address Table Commands Command Mode Interface Configuration (VLAN) mode User Guidelines To register the group in the bridge database without adding or removing ports or port channels, specify the ip-multicast-address parameter only. Static multicast addresses can be defined on static VLANs only. You can execute the command before the VLAN is created.
Address Table Commands • add—Forbids adding ports to the group. • remove—Forbids removing ports from the group. • interface-list ethernet —Specifies a list of Ethernet ports. Separate nonconsecutive Ethernet ports with a comma and no spaces. Use a hyphen to designate a range of ports. •...
Page 330
Address Table Commands Syntax ip-address ip-multicast-address [[add | remove] bridge multicast source group {ethernet interface-list | port-channel port-channel-list}] ip-address ip-multicast-address no bridge multicast source group Parameters • ip-address—Specifies the source IP address. • ip-multicast-address—Specifies the group IP multicast address. • add—Adds ports to the group for the specific source IP address.
Address Table Commands 27.8 bridge multicast forbidden source group Use the bridge multicast forbidden source group Interface Configuration (VLAN) mode command to forbid adding or removing a specific IP source address - multicast address pair to or from specific ports. Use the no form of this command to return to the default configuration.
Address Table Commands Example The following example registers a source IP address - multicast IP address pair to the bridge table, and forbids adding the pair to gigabitethernet port gi9 on VLAN Console(config)# interface vlan Console(config-if)# 13.16.1.1 bridge multicast source group 239.2.2.2 Console(config-if)# bridge multicast forbidden source 13.16.1.1...
Page 333
Address Table Commands User Guidelines Use the mac-group mode when using a Network Management System that uses a MIB based on the multicast MAC address. For each Forwarding Data Base (FDB) mode, use different CLI commands to configure static entries for IPv6 multicast addresses in the FDB, as described in the following table: FDB mode CLI commands...
Address Table Commands 27.10 bridge multicast ipv6 ip-address Use the bridge multicast ipv6 ip-address Interface Configuration (VLAN) mode command to register an IPv6 multicast address to the bridge table, and statically add or remove ports to or from the group. Use the no form of this command to unregister the IPv6 address.
Address Table Commands You can execute the command before the VLAN is created. Example The following example registers the IPv6 address to the bridge table: Console(config)# interface vlan Console(config-if)# FF00:0:0:0:4:4:4 bridge multicast ipv6 ip-address The following example registers the IPv6 address and adds ports statically. console(config)# interface vlan Console(config-if)#...
Address Table Commands • port-channel-list port-channel —Specifies a list of port channels. Separate nonconsecutive port-channels with a comma and no spaces. Use a hyphen to designate a range of port channels. Default Configuration No forbidden addresses are defined. Command Mode Interface Configuration (VLAN) mode User Guidelines Before defining forbidden ports, the multicast group should be registered.
Address Table Commands Parameters • ipv6-source-address—Specifies the source IPv6 address. • ipv6-multicast-address—Specifies the group IPv6 multicast address. • add—Adds ports to the group for the specific source IPv6 address. • remove—Removes ports from the group for the specific source IPv6 address.
Page 338
Address Table Commands - multicast address pair to or from specific ports. Use the no form of this command to return to the default configuration. Syntax ipv6-source-address bridge multicast ipv6 forbidden source group ipv6-multicast-address {add | remove} { interface-list | port-channel ethernet port-channel-list} no bridge multicast ipv6 forbidden source...
Address Table Commands Example The following example registers a source IPv6 address - multicast IPv6 address pair to the bridge table, and forbids adding the pair to gi9 on VLAN 8: Console(config)# interface vlan Console(config-if)# bridge multicast source 2001:0:0:0:4:4:4 group FF00:0:0:0:4:4:4 2001:0:0:0:4:4:4 Console(config-if)# bridge multicast forbidden source...
Address Table Commands You can execute the command before the VLAN is created. Example The following example specifies that unregistered multicast packets are filtered on gi1: Console(config)# interface gi1 Console(config-if)# bridge multicast unregistered filtering 27.15 bridge multicast forward-all Use the bridge multicast forward-all Interface Configuration (VLAN) mode command to enable forwarding all multicast packets for a range of ports or port channels.
Address Table Commands Example The following example enables all multicast packets on port gi8 to be forwarded. Console(config)# interface vlan bridge multicast forward-all add gi8 Console(config-if)# 27.16 bridge multicast forbidden forward-all Use the bridge multicast forbidden forward-all Interface Configuration (VLAN) mode command to forbid a port to dynamically join multicast groups.
Address Table Commands User Guidelines Use this command to forbid a port to dynamically join (by IGMP, for example) a multicast group. The port can still be a multicast router port. Example The following example forbids forwarding of all multicast packets to gi1 within VLAN 2.
Address Table Commands Default Configuration No static addresses are defined. The default mode for an added address is permanent. Command Mode Global Configuration mode Example console(config)# mac address-table static 00:3f:bd:45:5a:b1 vlan 1 gi1 27.18 clear mac address-table Use the clear mac address-table Privileged EXEC command to remove learned or secure entries from the forwarding database.
Address Table Commands Syntax seconds mac address-table aging-time no mac address-table aging-time Parameters seconds—Time is number of seconds. (Range:10– Default Configuration Command Mode Global Configuration mode Example console(config)# mac address-table aging-time 600 27.20 port security Use the port security Interface Configuration (Ethernet, Port-channel) mode command to enable port security on an interface.
Address Table Commands Default Configuration The feature is disabled The default mode is discard. Command Mode Interface Configuration (Ethernet, port-channel) mode Example The following example forwards all packets to port gi1 without learning addresses of packets from unknown sources and sends traps every 100 seconds if a packet with an unknown source address is received.
Address Table Commands Command Mode Interface Configuration (Ethernet, port-channel) mode Example The following example sets the port security mode to Lock for gi7. Console(config)# interface gi7 Console(config-if)# port security mode lock 27.22 port security max Use the port security mode Interface Configuration (Ethernet, Port-channel) mode command to configure the maximum number of addresses that can be learned on the port while the port is in port security max-addresses mode.
Address Table Commands Console(config-if)# port security max 20 27.23 show mac address-table Use the show mac address-table EXEC command to view entries in the MAC address table. Syntax [dynamic | static| secure] [vlan vlan] [interface show mac address-table interface-id] [address mac-address] Parameters •...
Address Table Commands Example Console# show mac address-table Aging time is 300 sec VLAN MAC Address Port Type -------- --------------------- ---------- ---------- 00:00:26:08:13:23 self 00:3f:bd:45:5a:b1 static 00:a1:b0:69:63:f3 dynamic 00:a1:b0:69:63:f3 dynamic Console# show mac address-table 00:3f:bd:45:5a:b1 Aging time is 300 sec VLAN MAC Address Port...
Address Table Commands Command Mode EXEC mode Example Console# show mac address-table count Capacity: 8192 Free: 8083 Used: 109 Static addresses: 2 Secure addresses: 1 Dynamic addresses: 97 Internal addresses: 9 27.25 show bridge multicast mode Use the show bridge multicast mode EXEC mode command to display the multicast bridging mode for all VLANs or for a specific VLAN.
Address Table Commands Example The following example displays the multicast bridging mode for all VLANs. Console# show bridge multicast mode VLAN IPv4 Multicast mode IPv6 Multicast mode Admin Oper Admin Oper ---------- ----------- ----------- ---------- MAC-GROUP -MAC-GROUP MAC-GROUP MAC-GROUP IPv4-GROUP IPv6-GROUP IPv4-GROUP IPv6-GROUP...
Page 351
Address Table Commands mac—Specifies that the multicast address is a MAC address. • source {ipv4-source-address | ipv6-source-address}—Specifies the source address. The possible values are: ipv4-address—Specifies the source IPv4 address. ipv6-address—Specifies the source IPv6 address. Default Configuration If the format is not specified, it defaults to mac. Command Mode EXEC mode User Guidelines...
Page 352
Address Table Commands 01:00:5e:02:02:03 Multicast address table for VLANs in IPv4-GROUP bridging mode: Vlan MAC Address Type Ports ---- ----------------- -------------- ----- 224.0.0.251 Dynamic Forbidden ports for multicast addresses: Vlan MAC Address Ports ---- ----------------- ----- 232.5.6.5 233.22.2.6 Multicast address table for VLANs in IPv4-SRC-GROUP bridging mode: Vlan Group Address Source address...
Address Table Commands Example The following example displays the unregistered multicast configuration. Console# show bridge multicast unregistered Port Unregistered ------- ------------- Forward Filter Filter 27.28 show ports security Use the show ports security Privileged EXEC mode command to display the port-lock status.
Address Table Commands Disabled Max- Addresses Enabled Lock Discard, 8 Disabled - Shutdown The following table describes the fields shown above. Field Description Port The port number. Status The port security status. The possible values are: Enabled or Disabled. Mode The port security mode.
Address Table Commands Example The following example displays dynamic addresses in all currently locked ports. Console# show ports security addresses Port Status Learning Current Maximum ---- -------- ------------- ------- ------- Enabled Max-addresses Disabled Max-addresses Enabled Lock 27.30 bridge multicast reserved-address Use the bridge multicast reserved-address Global Configuration mode command to define the action on multicast reserved-address packets.
Address Table Commands Default Configuration If an <address, frame type, protocol> tuple is mapped to an application that is supported by the device then the default is Peer (handled by the application rules). Otherwise: For addresses in the range 01-80-C2-00-00-00, 01-80-C2-00-00-02– 01-80-C2-00-00-0F, the default is discard.
Port Monitor Commands Port Monitor Commands 28.1 port monitor Use the port monitor Interface Configuration (Ethernet) mode command to start a port monitoring session (mirroring). Use the no form of this command to stop a port monitoring session. Syntax src-interface-id [rx | tx] port monitor src-interface-id no port monitor...
Page 360
Port Monitor Commands The analyzer port for port egress traffic mirroring should be the same port for all mirrored ports. The analyzer port for VLAN mirroring should be the same for all the mirrored VLANs, and should be the same port as the analyzer port for port ingress mirroring traffic.
Port Monitor Commands 3. Mirrored traffic is exposed to STP state, i.e. if the port is in STP blocking, it will not egress any mirrored traffic. Example The following example copies traffic for both directions (Tx and Rx) from the source port 2 to destination port gi1/1/...
Spanning-Tree Commands Spanning-Tree Commands 29.1 spanning-tree Use the spanning-tree Global Configuration mode command to enable spanning-tree functionality. Use the no form of this command to disable the spanning-tree functionality. Syntax spanning-tree no spanning-tree Default Configuration Spanning-tree is enabled. Command Mode Global Configuration mode Example The following example enables spanning-tree functionality.
Spanning-Tree Commands • rstp—Specifies that the Rapid Spanning Tree Protocol (RSTP) is enabled. • mst—Specifies that the Multiple Spanning Tree Protocol (MSTP) is enabled. Default Configuration The default is RSTP. Command Mode Global Configuration mode User Guidelines In RSTP mode, the device uses STP when the neighbor device uses STP. In MSTP mode, the device uses RSTP when the neighbor device uses RSTP, and uses STP when the neighbor device uses STP.
Spanning-Tree Commands Command Mode Global Configuration mode User Guidelines When configuring the forwarding time, the following relationship should be maintained: 2*(Forward-Time - 1) >= Max-Age Example The following example configures the spanning tree bridge forwarding time to 25 seconds. Console(config)# spanning-tree forward-time 29.4 spanning-tree hello-time...
Spanning-Tree Commands Max-Age >= 2*(Hello-Time + 1) Example The following example configures the spanning-tree bridge hello time to 5 seconds. Console(config)# spanning-tree hello-time 29.5 spanning-tree max-age Use the spanning-tree max-age Global Configuration mode command to configure the spanning-tree bridge maximum age. Use the no form of this command to restore the default configuration.
Spanning-Tree Commands Example The following example configures the spanning-tree bridge maximum age to 10 seconds. Console(config)# spanning-tree max-age 29.6 spanning-tree priority Use the spanning-tree priority Global Configuration mode command to configure the device spanning-tree priority, which is used to determine which bridge is selected as the root bridge.
Spanning-Tree Commands 29.7 spanning-tree disable Use the spanning-tree disable Interface Configuration (Ethernet, port-channel) mode command to disable the spanning tree on a specific port. Use the no form of this command to enable the spanning tree on a port. Syntax spanning-tree disable no spanning-tree disable Default Configuration...
Spanning-Tree Commands Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines The priority value must be a multiple of 16. Example The following example configures the spanning priority on gi15 to 96 Console(config)# interface gi15 Console(config-if)# spanning-tree port-priority 96 29.10 spanning-tree portfast Use the spanning-tree portfast Interface Configuration (Ethernet, port-channel) mode command to enable the PortFast mode.
Spanning-Tree Commands Example The following example enables the PortFast mode on gi15. Console(config)# interface gi15 Console(config-if)# spanning-tree portfast 29.11 spanning-tree link-type Use the spanning-tree link-type Interface Configuration (Ethernet, port-channel) mode command to override the default link-type setting determined by the port duplex mode, and enable Rapid Spanning Tree Protocol (RSTP) transitions to the forwarding state.
Spanning-Tree Commands 29.12 spanning-tree pathcost method Use the spanning-tree pathcost method Global Configuration mode command to set the default path cost method. Use the no form of this command to return to the default configuration. Syntax {long | short} spanning-tree pathcost method no spanning-tree pathcost method Parameters •...
Spanning-Tree Commands 29.13 spanning-tree bpdu (Global) Use the spanning-tree bpdu Global Configuration mode command to define BPDU handling when the spanning tree is disabled globally or on a single interface. Use the no form of this command to restore the default configuration. Syntax {filtering | flooding | bridging} spanning-tree bpdu...
Spanning-Tree Commands Example The following example defines the BPDU packet handling mode as flooding when the spanning tree is disabled on an interface Console(config)# spanning-tree bpdu flooding 29.14 spanning-tree bpdu (Interface) Use the spanning-tree bpdu Interface Configuration (Ethernet, Port-channel) mode command to define BPDU handling when the spanning tree is disabled on a single interface.
Spanning-Tree Commands Example The following example defines the BPDU packet as flooding when the spanning tree is disabled on gi3 Console(config)# interface gi3 Console(config-if)# spanning-tree bpdu flooding 29.15 spanning-tree bpduguard Use the spanning-tree bpduguard Interface Configuration (Ethernet, port-channel) mode command to shut down an interface when it receives a bridge protocol data unit (BPDU).
Spanning-Tree Commands Console(config-if)# spanning-tree bpduguard enable 29.16 clear spanning-tree detected-protocols Use the clear spanning-tree detected-protocols Privileged EXEC command to restart the protocol migration process (force the renegotiation with neighboring switches) on all interfaces or on the specified interface Syntax [interface interface-id] clear spanning-tree detected-protocols Parameters interface-id—Specifies an interface ID.
Spanning-Tree Commands • priority—Specifies the device priority for the specified spanning-tree instance. This setting affects the likelihood that the switch is selected as the root switch. A lower value increases the probability that the switch is selected as the root switch. (Range: 0–61440) Default Configuration The default bridge priority for IEEE Spanning Tree Protocol (STP) is 32768.
Spanning-Tree Commands Default Configuration The default number of hops is 20. Command Mode Global Configuration mode Example The following example configures the maximum number of hops that a packet travels in an MST region before it is discarded to 10. Console(config)# spanning-tree mst max-hops 29.19 spanning-tree mst port-priority...
Spanning-Tree Commands Example The following example configures the port priority of port gi1 to 144. Console(config)# interface gi1 Console(config-if)# spanning-tree mst 1 port-priority 144 29.20 spanning-tree mst cost Use the spanning-tree mst cost Interface Configuration (Ethernet, Port-channel) mode command to configure the path cost for multiple spanning-tree (MST) calculations.
Spanning-Tree Commands Example The following example configures the MSTP instance 1 path cost for gigabitethernet port 9 to 4. Console(config)# interface gi9 Console(config-if)# spanning-tree mst cost 29.21 spanning-tree mst configuration Use the spanning-tree mst configuration Global Configuration mode command to enable configuring an MST region by entering the Multiple Spanning Tree (MST) mode.
Spanning-Tree Commands 29.22 instance (MST) Use instance MST Configuration mode command to map VLANs to an MST instance. Use the no form of this command to restore default mapping. Syntax instance-id vlan vlan-range instance no instance instance-id vlan vlan-range Parameters •...
Spanning-Tree Commands 29.23 name (MST) Use the name MST Configuration mode command to define the MST configuration name. Use the no form of this command to restore the default setting. Syntax string name no name Parameters string—Specifies the MST configuration name. (Length: 1–32 characters) Default Configuration The default name is the bridge MAC address.
Spanning-Tree Commands Parameters value—Specifies the MST configuration revision number. (Range: 0–65535) Default Configuration The default configuration revision number is 0. Command Mode MST Configuration mode Example The following example sets the configuration revision to 1. Console(config) # spanning-tree mst configuration Console(config-mst) # revision 29.25 show (MST)
Spanning-Tree Commands Example The following example displays a pending MST region configuration. Console(config-mst)# show pending Pending MST configuration Name: Region1 Revision: 1 Instance VLANs Mapped State ------------ -------- ------- 1-9,21-4094 Enabled 10-20 Enabled 29.26 exit (MST) Use the exit MST Configuration mode command to exit the MST region Configuration mode and apply all configuration changes.
Spanning-Tree Commands Syntax abort Command Mode MST Configuration mode Example The following example exits the MST Configuration mode without saving changes. Console(config)# spanning-tree mst configuration Console(config-mst)# abort 29.28 show spanning-tree Use the show spanning-tree Privileged EXEC mode command to display the spanning-tree configuration.
Page 385
Spanning-Tree Commands Example The following examples display spanning-tree information.show spanning-tree Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Loopback guard: Disabled Root ID Priority 32768 Address 00:01:42:97:e0:00 Cost 20000 Port Hello Time 2 sec Max Age 20 Forward Delay 15 Bridge ID Priority 36864...
Page 386
Spanning-Tree Commands Interfaces Name State Prio. No Cost Role PortFas Type ------ ------ ------ ----- ---- ---------- 128.1 ------- Enabled 20000 Root P2p (RSTP) 128.2 Desg Enabled 20000 Shared 128.3 (STP) Disable 20000 128.4 Altn 20000 Shared Enabled 128.5 20000 (STP) Enabled Console#...
Page 387
Spanning-Tree Commands Name State Prio.Nbr Cost Role PortFas Type -------- ------- --------- ----- ---- ---------- ------- 128.1 20000 Desg P2p (RSTP) Enabled Desg 128.2 20000 Shared Enabled (STP) 128.3 20000 Disable Desg 128.4 20000 Shared 128.5 20000 (STP) Enabled Enabled Console# show spanning-tree Spanning tree disabled (BPDU filtering) mode RSTP...
Page 388
Spanning-Tree Commands Name State Prio.Nb Cost Role PortFas Type --------- ------- ------- ----- ---- ---------- ------- 128.1 20000 Enabled 128.2 20000 Enabled 128.3 20000 Disable 128.4 20000 128.5 20000 Enabled Enabled Console# show spanning-tree active Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority...
Page 389
Spanning-Tree Commands Name State Prio.Nbr Cost Role PortFas Type --------- ------- ------ ----- ---- ---------- ------- 128.1 20000 Root P2p (RSTP) Enabled Desg 128.2 20000 Shared Enabled (STP) Altn 128.4 20000 Enabled Shared (STP) Console# show spanning-tree blockedports Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority...
Page 390
Spanning-Tree Commands Name State Prio.Nbr Cost Role PortFas Type --------- ------- ------ ----- ---- ---------- ------- Enabled 128.4 Altn Shared (STP) Console# show spanning-tree detail Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000...
Page 391
Spanning-Tree Commands Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 2 (gi2) enabled Role: Designated State: Forwarding Port cost: 20000 Port id: 128.2 Port Fast: No (configured:no) Type: Shared (configured: auto) Address: 00:02:4b:29:7a:00 Designated bridge Priority: 32768 Designated path cost: 20000 Designated port id: 128.2 BPDU guard: Disabled...
Page 392
Spanning-Tree Commands Number of transitions to forwarding state: 1 BPDU: sent 2, received 120638 Port 5 (gi5) enabled Role: N/A State: Disabled Port cost: 20000 Port id: 128.5 Port Fast: N/A (configured:no) Type: N/A (configured: auto) Address: N/A Designated bridge Priority: N/A Designated port id: N/A Designated path cost: N/A BPDU guard: Disabled...
Page 393
Spanning-Tree Commands Console# show spanning-tree ethernet Port 1 (gi1) enabled Role: Root State: Forwarding Port cost: 20000 Port id: 128.1 Port Fast: No (configured:no) Type: P2p (configured: auto) RSTP Designated bridge Priority: 32768 Address: 00:01:42:97:e0:00 Designated path cost: 0 Designated port id: 128.25 BPDU guard: Disabled Guard root: Disabled Number of transitions to forwarding state: 1...
Page 394
Spanning-Tree Commands IST Master ID Priority 32768 Address 00:02:4b:29:7a:00 This switch is the IST master. Hello Time 2 sec Max Age 20 Forward Delay 15 Max hops 20 Interfaces Name State Prio.Nbr Cost Role PortFas Type ---- ------- -------- ----- ---- ------------ -------...
Page 395
Spanning-Tree Commands Interfaces Name State Prio.Nbr Cost Role PortFas Type ---- ------- -------- ----- ---- ------------ ------- Enabled 128.1 20000 Boun P2p Bound Enabled 128.2 20000 Boun (RSTP) Enabled 128.3 20000 Altn Shared Root Enabled 128.4 20000 Bound (STP) Console# show spanning-tree detail Spanning tree enabled mode MSTP Default port cost method: long...
Page 396
Spanning-Tree Commands Max hops 20 Number of topology changes 2 last change occurred 2d18h ago Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Port 1 (gi1) enabled Role: Root State: Forwarding Port cost: 20000 Port id: 128.1 Port Fast: No Type: P2p (configured: auto) Boundary...
Page 397
Spanning-Tree Commands Port 3 (gi3) enabled Role: Designated State: Forwarding Port cost: 20000 Port id: 128.3 Type: Shared (configured: auto) Internal Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.3 Designated path cost: Number of transitions to forwarding 20000 state: 1 BPDU: sent 2, received 170638...
Page 398
Spanning-Tree Commands Times: hold 1, topology change 2, notification 2 hello 2, max age 20, forward delay 15 Port 1 (gi1) enabled Role: Boundary State: Forwarding Port id: 128.1 Port cost: 20000 Port Fast: No Type: P2p (configured: auto) Boundary (configured:no) RSTP Address: 00:02:4b:29:7a:00...
Page 399
Spanning-Tree Commands Port 3 (gi3) disabled Role: Alternate State: Blocking Port cost: 20000 Port id: 128.3 Type: Shared (configured: auto) Internal Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:1a:19 Designated port id: 128.78 Designated path cost: Number of transitions to forwarding 20000 state: 1 BPDU: sent 2, received 170638...
Spanning-Tree Commands IST Master ID Priority 32768 Address 00:02:4b:19:7a:00 Path Cost 10000 Rem hops Bridge ID Priority 32768 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 Forward Delay 15 Max hops 20 Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9 CST Root ID...
Page 401
Spanning-Tree Commands Command Mode EXEC mode Example The following examples display spanning-tree information: Console# show spanning-tree bpdu The following is the output if the global BPDU handling command is not supported. The following is the output if both the global BPDU handling command and the per-interface BPDU handling command are supported.
Virtual Local Area Network (VLAN) Commands Virtual Local Area Network (VLAN) Commands 30.1 vlan database Use the vlan database Global Configuration mode command to enter the VLAN Configuration mode. Commands in this mode are at the VLAN level and perform actions, such as creating and naming VLANs and defining the default VLAN.
Virtual Local Area Network (VLAN) Commands Syntax vlan-range vlan vlan-range no vlan Parameters • vlan-range—Specifies a list of VLAN IDs to add. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs (range: 2-4094). Default Configuration VLAN 1 exists by default.
Page 404
Virtual Local Area Network (VLAN) Commands Syntax tag vlan-id | name vlan-name show vlan [ Parameters • vlan-id —Specifies a VLAN ID. • vlan-name name —Specifies a VLAN name string (length: 1–32 characters) Default Configuration All VLANs are displayed. Command Mode Privileged EXEC mode Examples: Example 1 - The following example displays information for all VLANs:.
Virtual Local Area Network (VLAN) Commands Example 2 - The following example displays information for the default VLAN (VLAN 1): Console# show vlan tag default VLAN Name Ports Type Authorization ---- --------- -------- ------- ------------- default gi1-2 Default Required Example 3 - The following example displays information for the VLAN named Marketing: Console# show vlan name Marketing...
Virtual Local Area Network (VLAN) Commands User Guidelines This command becomes effective after reboot of the device. Example The following example defines the default VLAN as 2. Console(config)# vlan database Console(config-vlan)# default-vlan vlan New Default VLAN ID will be active after save configuration and reboot device. 30.5 show default-vlan-membership Use the show default-vlan-membership privileged EXEC command to view the...
Virtual Local Area Network (VLAN) Commands 30.6 interface vlan Use the interface vlan Global Configuration mode command to enter the Interface Configuration (VLAN) mode for a specific VLAN. After this command is entered, all commands configure this VLAN. To configure a range of VLANs, use interface range vlan.
Virtual Local Area Network (VLAN) Commands 30.7 interface range vlan Use the interface range vlan Global Configuration mode command to configure multiple VLANs simultaneously. Syntax vlan-range interface range vlan Parameters vlan-range vlan —Specifies a list of VLANs. Separate nonconsecutive VLANs with a comma and no spaces.
Virtual Local Area Network (VLAN) Commands 30.8 name Use the name Interface Configuration (VLAN) mode command to name a VLAN. Use the no form of this command to remove the VLAN name. This is the same as using the vlan command with the name parameter. Syntax string name...
Virtual Local Area Network (VLAN) Commands Syntax switchport protected-port no switchport protected-port Parameters Default Configuration Unprotected Command Mode Interface configuration (Ethernet, port-channel) User Guidelines Note that packets are subject to all filtering rules and Filtering Database (FDB) decisions. Example console(config)# interface console(config-if)# switchport protected-port 30.10 show interfaces protected-ports Use the show interfaces protected-ports EXEC mode command to display...
Virtual Local Area Network (VLAN) Commands Command Mode EXEC mode Example console# show interfaces protected-ports Interface State --------- ------------- Protected Protected Unprotected Unprotected 30.11 switchport mode Use the switchport mode Interface Configuration (Ethernet, port-channel) mode command to configure the VLAN membership mode (access, trunk, general or customer) of a port.
Virtual Local Area Network (VLAN) Commands Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines • When the port’s mode is changed, it receives the configuration corresponding to the mode. • If the port mode is changed to access and the access VLAN does not exist, then the port does not belong to any VLAN.
Virtual Local Area Network (VLAN) Commands Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines The command automatically removes the port from its previous VLAN and adds it to the new VLAN. Example The following example sets gi 1 as an access port and assigns it to VLAN 2 (and removes it from its previous VLAN).
Virtual Local Area Network (VLAN) Commands Command Mode Interface Configuration (Ethernet, port-channel) mode Example To add VLANs 2,3 and 100 to trunk ports 1 to 13: console(config)# interface range gi1-13 console(config-if)# switchport mode trunk console(config-if)# switchport trunk allowed vlan add 2-3,100 console(config-if)# 30.14 switchport trunk native vlan If an untagged packet arrives on a trunk port, it is directed to the port’s native...
Virtual Local Area Network (VLAN) Commands Examples: Example 1 - The following example: • Defines VLAN 2 as native VLAN for port 1 • Removes VLAN 2 from port 1 and then sets it as the native VLAN console(config)# interface console(config-if)# switchport trunk native vlan Port 1: Port is Trunk in VLAN 2.
Page 416
Virtual Local Area Network (VLAN) Commands VLANs to/from a general port and configure whether packets on the egress are tagged or untagged. Use the no form of this command to reset to the default. Syntax vlan-list tagged untagged remove switchport general allowed vlan {[add ]] | [ vlan-list Parameters...
Virtual Local Area Network (VLAN) Commands console(config-if)# switchport general allowed vlan add 2-3 tagged 30.16 switchport general pvid The port VLAN ID (PVID) is the VLAN to which incoming untagged and priority-tagged frames are classified on a general port. Use the switchport general pvid Interface Configuration (Ethernet, Port-channel) mode command to configure the Port VLAN ID (PVID) of an interface when it is in general mode.
Page 418
Virtual Local Area Network (VLAN) Commands • Reverts to the default PVID (VID=1) console(config)# interface gi14 console(config-if)# switchport mode general console(config-if)# switchport general allowed vlan add 2-3 tagged console(config-if)# switchport general allowed vlan add 100 untagged console(config-if)# switchport general pvid 100 console(config-if)# no switchport general pvid console(config-if)# Example 3 - Configures VLAN on port 14 as untagged on input and untagged on...
Virtual Local Area Network (VLAN) Commands console(config-if)# switchport general allowed vlan add 2 tagged console(config-if)# Example 6 - Configures VLAN on port 23 as tagged on input and untagged on output: console(config)# interface gi23 console(config-if)# switchport mode general console(config-if)# switchport general allowed vlan add 2 tagged console(config-if)# 30.17 switchport general ingress-filtering disable Use the switchport general ingress-filtering disable Interface Configuration...
Virtual Local Area Network (VLAN) Commands Console(config-if)# switchport mode general Console(config-if)# switchport general ingress-filtering disable 30.18 switchport general acceptable-frame-type The switchport general acceptable-frame-type Interface Configuration mode command configures the types of packets (tagged/untagged) that are filtered (discarded) on the interface. Use the no form of this command to return ingress filtering to the default.
Virtual Local Area Network (VLAN) Commands 30.19 switchport customer vlan When a port is in customer mode it is in QinQ mode. This enables the user to use their own VLAN arrangements (PVID) across a provider network. The switch is in QinQ mode when it has one or more customer ports.
Page 422
Virtual Local Area Network (VLAN) Commands used in switchport general map macs-group vlan. Use the no form of this command to delete the mapping. This command can only be used when the device is in Layer 2 mode. Syntax mac-address prefix-mask | host} macs-group group map mac mac-address...
Virtual Local Area Network (VLAN) Commands 30.21 switchport general map macs-group vlan After groups of MAC addresses have been created (see map mac macs-group), they can be mapped to specific VLANs. Use the switchport general map macs-group vlan Interface Configuration (Ethernet, Port-channel) mode command to set a MAC-based classification rule.
Virtual Local Area Network (VLAN) Commands console(config-vlan)# map mac 0000.0000.2222 host macs-group 2 console(config-vlan)# exit console(config)# interface gi11 console(config-if)# switchport mode general console(config-if)# switchport general map macs-group 1 vlan 2 console(config-if)# switchport general map macs-group 2 vlan 3 30.22 show vlan macs-groups Use the show vlan macs-groups EXEC mode command to display the MAC addresses that belong to the defined MACs-groups.
Virtual Local Area Network (VLAN) Commands 30.23 switchport forbidden default-vlan Use the switchport forbidden default-vlan Interface Configuration command to forbid a port from being added to the default VLAN. Use the no form of this command to revert to default. Syntax switchport forbidden default-vlan no switchport forbidden default-vlan...
Virtual Local Area Network (VLAN) Commands Syntax vlan-list vlan-list switchport forbidden vlan {add | remove vlan-list vlan-list no switchport forbidden vlan {add | remove Parameters • vlan-list — Specifies a list of VLAN IDs to add. Separate nonconsecutive VLAN IDs with a comma and no spaces; use a hyphen designate a range of IDs.
Page 427
Virtual Local Area Network (VLAN) Commands no switchport default-vlan tagged Parameters Default Configuration If the port is a member in the default VLAN, by default, it is a member as an untagged port. Command Mode Interface configuration (Ethernet, port-channel) User Guidelines The command adds a port to the default VLAN as a tagged port.
Virtual Local Area Network (VLAN) Commands The no switchport default-vlan tagged command removes the port from the default VLAN, and returns the default VLAN mode to untagged. Note: • If the native VLAN of a trunk port is 4095 when the port is removed from the default VLAN (as a tagged), the native VLAN is set by the system to the default VLAN.
Page 429
Virtual Local Area Network (VLAN) Commands Examples: Example 1 - The following example displays the the command output for a trunk port: Console> show interfaces switchport Port Port Mode: Trunk Gvrp Status: disabled Ingress Filtering: true Acceptable Frame Type: admitAll Ingress UnTagged VLAN ( NATIVE ): 2 Protected: Enabled, Uplink is gi9.
Page 430
Virtual Local Area Network (VLAN) Commands Port VLAN Membership mode: General Operating Parameters: PVID: 4095 (discard vlan) Ingress Filtering: Enabled Acceptable Frame Type: All GVRP status: Enabled Protected: Disabled Port 1 is member in: VLAN Name Egress Rule Type ---- --------- ----------- ----- IP Telephony...
Virtual Local Area Network (VLAN) Commands Port Mode: Access Gvrp Status: disabled Ingress Filtering: true Acceptable Frame Type: admitAll Ingress UnTagged VLAN ( NATIVE ): 1 Port is member in: Vlan Name Egress Rule Port Membership Type ---- -------------------------------- ----------- -------------------- Untagged System Forbidden VLANS:...
Virtual Local Area Network (VLAN) Commands Default Configuration No VLAN is reserved as an internal usage VLAN by default (using this command). Command Mode Interface Configuration (Ethernet, Port-channel) mode. It cannot be configured for a range of interfaces (range context). User Guidelines An internal usage VLAN is assigned by the system when an IP interface is defined on an Ethernet port or port-channel.
Page 433
Virtual Local Area Network (VLAN) Commands Parameters Default Configuration Command Mode Privileged EXEC mode Example The following example displays VLANs used internally by the device. Console# show vlan internal usage Usage VLAN Reserved IP address -------- -------- ---------- ---------- 1007 gi21 Active gi22...
Internet Group Management Protocol (IGMP) Snooping Commands Internet Group Management Protocol (IGMP) Snooping Commands 31.1 ip igmp snooping (Global) Use the ip igmp snooping Global Configuration mode command to enable Internet Group Management Protocol (IGMP) snooping. Use the no form of this command to disable IGMP snooping.
Internet Group Management Protocol (IGMP) Snooping Commands Parameters vlan-id vlan —Specifies the VLAN. Default Configuration Disabled Command Mode Global Configuration mode User Guidelines IGMP snooping can be enabled only on static VLANs. IGMPv1, IGMPv2 and IGMPv3 are supported. To activate IGMP snooping, the bridge multicast filtering should be enabled.
Internet Group Management Protocol (IGMP) Snooping Commands Command Mode Global Configuration mode User Guidelines Multicast router ports are learned according to: • Queries received on the port • PIM/PIMv2 received on the port • DVMRP received on the port • MRDISC received on the port •...
Internet Group Management Protocol (IGMP) Snooping Commands Command Mode Global Configuration mode User Guidelines A port that is defined as a Multicast router port receives all IGMP packets (reports and queries) as well as all Multicast data. You can execute the command before the VLAN is created. Example gi1/1/1 console(config)# ip igmp snooping vlan 1 mrouter interface...
Internet Group Management Protocol (IGMP) Snooping Commands User Guidelines A port that is a forbidden mrouter port cannot be a Multicast router port (i.e. cannot be learned dynamically or assigned statically). You can execute the command before the VLAN is created. Example gi1/1/1 console(config)# ip igmp snooping vlan 1 forbidden mrouter interface...
Internet Group Management Protocol (IGMP) Snooping Commands You can register an entry without specifying an interface. Using the no command without a port-list removes the entry. Example console(config)# ip igmp snooping vlan 1 static 239.2.2.2 interface gi1/1/1 31.7 ip igmp snooping vlan querier Use the ip igmp snooping vlan querier Global Configuration mode command to enable the Internet Group Management Protocol (IGMP) querier on a specific VLAN.
Internet Group Management Protocol (IGMP) Snooping Commands Following are the IGMP snooping querier parameters as a function of the IGMP snooping parameters: • QueryMaxResponseTime: host-time-out/10. • QueryInterval: host-time-out/ 3. Example console(config)# ip igmp snooping vlan 1 querier 31.8 ip igmp snooping vlan querier address Use the ip igmp snooping vlan querier address Global Configuration mode command to define the source IP address that the IGMP snooping querier uses.
Internet Group Management Protocol (IGMP) Snooping Commands Example console(config)# ip igmp snooping vlan 1 querier address 10.5.234.205 31.9 ip igmp snooping vlan querier version Use the ip igmp snooping vlan querier version Global Configuration mode command to configure the IGMP version of an IGMP querier on a specific VLAN. Use the no form of this command to return to the default version.
Internet Group Management Protocol (IGMP) Snooping Commands Syntax count ip igmp robustness no ip igmp robustness Parameters count—The number of expected packet loss on a link. Parameter range. (Range: 1–7) Default Configuration Command Mode Interface Configuration (VLAN) mode User Guidelines You can execute the command before the VLAN is created, but you must enter the command in Interface VLAN mode.
Internet Group Management Protocol (IGMP) Snooping Commands Default Configuration Command Mode Interface Configuration (VLAN) mode User Guidelines You can execute the command before the VLAN is created. Example console(config)# interface vlan 1 console(config-if)# ip igmp query-interval 200 31.12 ip igmp query-max-response-time Use the ip igmp query-max-response-time Interface Configuration (VLAN) mode command to configure the Query Maximum Response time on a VLAN.
Internet Group Management Protocol (IGMP) Snooping Commands Example console(config)# interface vlan 1 console(config-if)# ip igmp query-max-response-time 20 31.13 ip igmp last-member-query-count Use the ip igmp last-member-query-count Interface Configuration (VLAN) mode command to configure the Last Member Query Counter on a VLAN. Use the no format of the command to return to default.
Internet Group Management Protocol (IGMP) Snooping Commands 31.14 ip igmp last-member-query-interval Use the ip igmp last-member-query-interval Interface Configuration (VLAN) mode command to configure the Last Member Query interval on a VLAN. Use the no format of the command to return to default. Syntax milliseconds ip igmp last-member-query-interval...
Internet Group Management Protocol (IGMP) Snooping Commands vlan-id no ip igmp snooping vlan immediate-leave Parameters vlan-id vlan —Specifies the VLAN ID value. (Range: 1–4094) Default Configuration Disabled Command Mode Global Configuration mode User Guidelines You can execute the command before the VLAN is created. Example The following example enables IGMP snooping immediate-leave feature on VLAN Console(config)#...
Internet Group Management Protocol (IGMP) Snooping Commands Example The following example displays information on dynamically learned Multicast router interfaces for VLAN 1000. Console# 1000 show ip igmp snooping mrouter interface VLAN Dynamic Static Forbidden ---- ------ ------- --------- 3-23 1000 gi1/1/1 gi1/1/2 gi1/1/...
Internet Group Management Protocol (IGMP) Snooping Commands Groups that are in IGMP version 1 compatibility mode: IGMP snooping querier admin: Enabled IGMP snooping querier oper: Enabled IGMP snooping querier address admin: IGMP snooping querier address oper: 172.16.1.1 IGMP snooping querier version admin: 3 IGMP snooping robustness: admin 2 oper 2 IGMP snooping query interval: admin 125 sec oper 125 sec...
Page 449
Internet Group Management Protocol (IGMP) Snooping Commands Command Mode EXEC mode User Guidelines To see all Multicast groups learned by IGMP snooping, use the show ip igmp snooping groups command without parameters. Use the show ip igmp snooping groups command with parameters to see a needed subset of all Multicast groups learned by IGMP snooping To see the full Multicast address table (including static addresses), use the show bridge multicast address-table command.
IPv6 MLD Snooping Commands IPv6 MLD Snooping Commands 32.1 ipv6 mld snooping (Global) The ipv6 mld snooping Global Configuration mode command enables IPv6 Multicast Listener Discovery (MLD) snooping. To disable IPv6 MLD snooping, use the no form of this command. Syntax ipv6 mld snooping no ipv6 mld snooping...
IPv6 MLD Snooping Commands Default Configuration Disabled Command Mode Global Configuration mode User Guidelines MLD snooping can only be enabled on static VLANs. MLDv1 and MLDv2 are supported. To activate MLD snooping, the Bridge Multicast Filtering command should be enabled. The user guidelines of the bridge multicast IPv6 mode interface VLAN configuration command describe the configuration that can be written into the FDB as a function of the FDB mode, and the MLD version that is used in the...
IPv6 MLD Snooping Commands Command Mode Interface Configuration (VLAN) mode User Guidelines You can execute the command before the VLAN is created. Example console(config)# interface vlan 1 console(config-if)# ipv6 mld robustness 3 32.4 ipv6 mld snooping mrouter Use the ipv6 mld snooping mrouter Global Configuration mode command to enable automatic learning of multicast router ports.
IPv6 MLD Snooping Commands Example console(config)# ipv6 mld snooping vlan 1 mrouter learn pim-dvmrp 32.5 ipv6 mld snooping mrouter interface Use the ipv6 mld snooping mrouter interface Global Configuration mode command to define a port that is connected to a multicast router port. Use the no form of this command to remove the configuration.
IPv6 MLD Snooping Commands 32.6 ipv6 mld snooping forbidden mrouter interface Use the ipv6 mld snooping forbidden mrouter interface Global Configuration mode command to forbid a port from being defined as a multicast router port by static configuration or by automatic learning. Use the no form of this command to remove the configuration.
IPv6 MLD Snooping Commands group. Use the no form of this command to remove ports specified as members of a static multicast group. Syntax vlan vlan-id ipv6-address interface [interface-list] ipv6 mld snooping static vlan vlan-id ipv6-address interface [interface-list] no ipv6 mld snooping static Parameters •...
IPv6 MLD Snooping Commands Syntax seconds ipv6 mld query-interval ipv6 mld query-interval Parameters seconds—Frequency, in seconds, at which MLD query messages are sent on the interface. (Range: 30–18000) Default Configuration Command Mode Interface Configuration (VLAN) mode User Guidelines You can execute the command before the VLAN is created. Example console(config)# interface vlan 1 console(config-if)# ipv6 mld query-interval 3000...
IPv6 MLD Snooping Commands Default Configuration Command Mode Interface Configuration (VLAN) mode User Guidelines You can execute the command before the VLAN is created. Example console(config)# interface vlan 1 console(config-if)# ipv6 mld query-max-response-time 5 32.10 ipv6 mld last-member-query-count Use the ipv6 mld last-member-query-count Interface Configuration mode command to configure the Last Member Query Counter.
IPv6 MLD Snooping Commands Example console(config)# interface vlan 1 console(config-if)# ipv6 mld last-member-query-count 3 32.11 ipv6 mld last-member-query-interval Use the ipv6 mld last-member-query-interval interface configuration command to configure the Last Member Query Interval. Use the no format of the command to return to default.
IPv6 MLD Snooping Commands the no format of the command to return to disable MLD Snooping Immediate-Leave processing. Syntax vlan-id ipv6 mld snooping vlan immediate-leave vlan-id no ipv6 mld snooping vlan immediate-leave Parameters vlan-id—Specifies the VLAN ID value. (Range: 1–4094) Default Configuration Disabled Command Mode...
IPv6 MLD Snooping Commands Example The following example displays information on dynamically learned multicast router interfaces for VLAN 1000 Console# show ipv6 mld snooping mrouter interface 1000 VLAN Static Dynamic Forbidden ---- ------ ------- --------- gi3-23 1000 32.14 show ipv6 mld snooping interface The show ipv6 mld snooping interface EXEC mode command displays the IPv6 MLD snooping configuration for a specific VLAN.
IPv6 MLD Snooping Commands Groups that are in MLD version 1 compatibility mode: FF12::3, FF12::8 MLD snooping robustness:admin 2 oper 2 MLD snooping query interval: admin 125 sec oper 125 sec MLD snooping query maximum response: admin 10 sec oper 10 sec MLD snooping last member query counter: admin 2 oper 2 MLD snooping last member query interval: admin 1000 msec...
Page 462
IPv6 MLD Snooping Commands The Reporters That Are Forbidden Statically list contains the list of ports which have asked to receive a multicast flow but were defined as forbidden for that multicast group in a multicast bridge. Note: Under certain circumstances, the Exclude list may not contain accurate information;...
Link Aggregation Control Protocol (LACP) Commands Link Aggregation Control Protocol (LACP) Commands 33.1 lacp system-priority Use the lacp system-priority Global Configuration mode command to set the system priority. Use the no form of this command to restore the default configuration. Syntax value lacp system-priority...
Link Aggregation Control Protocol (LACP) Commands Parameters value—Specifies the port priority. (Range: 1use the no form of this command65535) Default Configuration The default port priority is 1. Command Mode Interface Configuration (Ethernet) mode Example The following example sets the priority of gi6. console(config)# interface console(config-if)# lacp port-priority 247 33.3...
Link Aggregation Control Protocol (LACP) Commands Example The following example assigns a long administrative LACP timeout to gi6. Console(config)# interface gi6 Console(config-if)# lacp timeout long 33.4 show lacp Use the show lacp EXEC mode command to display LACP information for all Ethernet ports or for a specific Ethernet port.
Page 466
Link Aggregation Control Protocol (LACP) Commands system priority: system mac addr: 00:00:12:34:56:78 port Admin key: port Oper key: port Oper number: port Admin priority: port Oper priority: LONG port Admin timeout: LONG port Oper timeout: ACTIVE LACP Activity: AGGREGATABLE Aggregation: FALSE synchronization: FALSE...
Page 467
Link Aggregation Control Protocol (LACP) Commands system priority: system mac addr: 00:00:00:00:00:00 port Admin key: port Oper key: port Oper number: port Admin priority: port Oper priority: LONG port Admin timeout: LONG port Oper timeout: PASSIVE LACP Activity: AGGREGATABLE Aggregation: FALSE synchronization: FALSE...
Link Aggregation Control Protocol (LACP) Commands BEGIN: FALSE LACP_Enabled: TRUE Ready_N: FALSE Selected: UNSELECTED Port_moved: FALSE NNT: FALSE Port_enabled: FALSE Timer counters: periodic tx timer: current while timer: wait while timer: 33.5 show lacp port-channel Use the show lacp port-channel EXEC mode command to display LACP information for a port-channel.
Page 469
Link Aggregation Control Protocol (LACP) Commands System Priority: 000285:0E1C00 MAC Address: Admin Key: Oper Key: Partner System Priority: 00:00:00:00:00:00 MAC Address: Oper Key: 78-20269-01 Command Line Interface Reference Guide...
GARP VLAN Registration Protocol (GVRP) Commands GARP VLAN Registration Protocol (GVRP) Commands 34.1 gvrp enable (Global) Use the gvrp enable Global Configuration mode command to enable the Generic Attribute Registration Protocol (GARP) VLAN Registration Protocol (GVRP) globally. Use the no form of this command to disable GVRP on the device. Syntax gvrp enable no gvrp enable...
GARP VLAN Registration Protocol (GVRP) Commands Default Configuration GVRP is disabled on all interfaces. Command Mode Interface Configuration (Ethernet, Port-channel) mode User Guidelines An access port does not dynamically join a VLAN because it is always a member of a single VLAN only. Membership in an untagged VLAN is propagated in the same way as in a tagged VLAN.
GARP VLAN Registration Protocol (GVRP) Commands Example The following example disables dynamic VLAN creation on gi3. Console(config)# interface gi3 Console(config-if)# gvrp vlan-creation-forbid 34.4 gvrp registration-forbid Use the gvrp registration-forbid Interface Configuration mode command to deregister all dynamic VLANs on a port and prevent VLAN creation or registration on the port.
GARP VLAN Registration Protocol (GVRP) Commands Syntax [interface-id] clear gvrp statistics Parameters Interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel. Default Configuration All GVRP statistics are cleared. Command Mode Privileged EXEC mode Example The following example clears all GVRP statistical information on gi5.
GARP VLAN Registration Protocol (GVRP) Commands Example The following example displays GVRP configuration. console# show gvrp configuration GVRP Feature is currently Enabled on the device. Maximum VLANs: 4094 Port GVRP-Status Regist- Dynamic Timers(ms) ration VLAN Creation Leave Join Leave All ---- ----------- -------- ------------- ----...
GARP VLAN Registration Protocol (GVRP) Commands Example The following example displays GVRP statistical information. Console# show gvrp statistics GVRP statistics: ---------------- Legend: rJE : Join Empty Received rJIn: Join In Received rEmp: Empty Received rLIn: Leave In Received rLE : Leave Empty Received rLA : Leave All Received sJE :...
Page 476
GARP VLAN Registration Protocol (GVRP) Commands Parameters interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or Port-channel. Default Configuration All GVRP error statistics are displayed. Command Mode EXEC mode Example The following example displays GVRP error statistics. console# show gvrp error-statistics GVRP Error Statistics: ----------------------...
IP Addressing Commands IP Addressing Commands 35.1 ip address Use the ip address Interface Configuration (Ethernet, VLAN, Port-channel) mode command to define an IP address for an interface. Use the no form of this command to remove an IP address definition. Syntax If the product is a switch router.
IP Addressing Commands User Guidelines Defining a static IP address on an interface implicitly removes the DHCP client configuration on the interface. If the product supports multiple IP addresses: The product supports up to x IP addresses. The IP addresses should be from different IP subnets.
Page 479
IP Addressing Commands Syntax ip address dhcp no ip address dhcp Parameters No parameters Command Mode Interface Configuration (Ethernet, VLAN, Port-channel) mode. It cannot be configured for a range of interfaces (range context). User Guidelines The ip address dhcp command allows any interface to dynamically learn its IP address by using the DHCP protocol.
IP Addressing Commands 35.3 renew dhcp Use the renew dhcp Privileged EXEC mode command to renew an IP address that was acquired from a DHCP server for a specific interface. Syntax {interface-id} [ renew dhcp force-autoconfig Parameters • interface-id—This parameter is only available when the device is in Layer 3 (routing mode).
IP Addressing Commands 35.4 ip default-gateway The ip default-gateway Global Configuration mode command defines a default gateway (device). Use the no form of this command to restore the default configuration. Syntax ip-address ip default-gateway no ip default-gateway Parameters ip-address—Specifies the default gateway IP address. Command Mode Global Configuration mode Default Configuration...
IP Addressing Commands Command Mode EXEC mode Example The following example displays the configured IP interfaces and their types. The information on the default gateway is not shown when the device is in router mode console# show ip interface Gateway IP Address Activity status Type ----------------------- ----------------------- --------...
IP Addressing Commands Command Mode Global Configuration mode Default Configuration No permanent entry is defined. User Guidelines The software uses ARP cache entries to translate 32-bit IP addresses into 48-bit hardware (MAC) addresses. Because most hosts support dynamic address resolution, static ARP cache entries generally do not need to be specified. Example The following example adds IP address 198.133.219.232 and MAC address 00:00:0c:40:0f:bc to the ARP table.
IP Addressing Commands Command Mode Global Configuration mode Example The following example configures the ARP timeout to 12000 seconds. Console(config)# arp timeout 12000 35.8 ip arp proxy disable Use the ip arp proxy disable Global Configuration mode command to globally disable proxy Address Resolution Protocol (ARP).
IP Addressing Commands Console (config)# ip arp proxy disable 35.9 ip proxy-arp Use the ip proxy-arp Interface Configuration mode command to enable an ARP proxy on specific interfaces. Use the no form of this command disable it. Syntax ip proxy-arp no ip proxy-arp Default Configuration ARP Proxy is disabled.
IP Addressing Commands Command Mode Privileged EXEC mode Example The following example deletes all dynamic entries from the ARP cache. Console# clear arp-cache 35.11 show arp Use the show arp Privileged EXEC mode command to display entries in the ARP table.
IP Addressing Commands Example The following example displays entries in the ARP table. Console# show arp ARP timeout: 80000 Seconds VLAN Interface IP Address HW Address Status ------- --------- ---------- ------------- ------- VLAN 1 10.7.1.102 00:10:B5:04:DB:4B Dynamic VLAN 1 10.7.1.135 00:50:22:00:2A:A4 Static 35.12 show arp configuration...
IP Addressing Commands ARP Proxy: disabled ARP timeout:60000 Seconds VLAN 1: ARP Proxy: enabled ARP timeout:70000 Seconds VLAN 2: ARP Proxy: enabled ARP timeout:80000 Second (Global) 35.13 interface ip Use the interface ip Global Configuration mode command to enter the IP Interface Configuration mode.
IP Addressing Commands Console (config-ip)# 35.14 ip helper-address Use the ip helper-address Global Configuration mode command to enable the forwarding of User Datagram Protocol (UDP) broadcast packets received on an interface to a specific (helper) address. Use the no form of this command to disable the forwarding of broadcast packets to a specific (helper) address.
IP Addressing Commands system mode router command. The ip helper-address command forwards specific UDP broadcast packets from one interface to another. Many helper addresses may be defined. However, the total number of address-port pairs is limited to 128 for the device. The setting of a helper address for a specific interface has precedence over the setting of a helper address for all the interfaces.
IP Addressing Commands Parameters Command Mode Privileged EXEC mode User Guidelines To use this command, you must put the switch into routing mode using the set system mode router command. Example The following example displays the IP helper addresses configuration on the system.
IP Addressing Commands Default Configuration A default domain name is not defined. Command Mode Global Configuration mode User Guidelines Domain names and host names are restricted to the ASCII letters A through Z (case-insensitive), the digits 0 through 9, the underscore and the hyphen. A period (.) is used to separate labels.
IP Addressing Commands Default Configuration No name server IP addresses are defined. Command Mode Global Configuration mode User Guidelines The preference of the servers is determined by the order in which they were entered. Up to 8 servers can be defined using one command or using multiple commands. The format of an IPv6Z address is: <ipv6-link-local-address>%<interface-name>...
IP Addressing Commands Parameters • name—Specifies the host name. (Length: 1–158 characters. Maximum label length: 63 characters) • address—Specifies the associated IP address. Up to 4 addresses can be defined. Default Configuration No host is defined. Command Mode Global Configuration mode User Guidelines Host names are restricted to the ASCII letters A through Z (case-insensitive), the digits 0 through 9, the underscore and the hyphen.
IP Addressing Commands Command Mode Privileged EXEC mode Example The following example deletes all entries from the host name-to-address cache. Console# clear host * 35.20 clear host dhcp Use the clear host dhcp Privileged EXEC mode command to delete entries from the host name-to-address mapping received from Dynamic Host Configuration Protocol (DHCP).
IP Addressing Commands 35.21 show hosts Use the show hosts EXEC mode command to display the default domain name, the list of name server hosts, the static and the cached list of host names and addresses. Syntax [name] show hosts Parameters name—Specifies the host name.
Page 497
IP Addressing Commands Host Total Elapsed Type Addresses -------------- ----- ------- ---- ------------- www.stanford.edu 171.64.14.203 78-20269-01 Command Line Interface Reference Guide...
IPv6 Addressing Commands IPv6 Addressing Commands 36.1 ipv6 enable Use the ipv6 enable Interface Configuration (Ethernet, VLAN, Port-channel) mode command to enable the IPv6 addressing mode on an interface. Use the no form of this command to disable the IPv6 addressing mode on an interface. Syntax [no-autoconfig] ipv6 enable...
IPv6 Addressing Commands Console(config-if)# ipv6 enable 36.2 ipv6 address autoconfig Use the ipv6 address autoconfig Interface Configuration mode command to enable automatic configuration of IPv6 addresses, using stateless autoconfiguration on an interface. Addresses are configured depending on the prefixes received in Router Advertisement messages. Use the no form of this command to disable address autoconfiguration on the interface.
IPv6 Addressing Commands 36.3 ipv6 icmp error-interval Use the ipv6 icmp error-interval Global Configuration mode command to configure the rate limit interval and bucket size parameters for IPv6 Internet Control Message Protocol (ICMP) error messages. Use the no form of this command to return the interval to its default setting.
IPv6 Addressing Commands 36.4 show ipv6 icmp error-interval Use the show ipv6 error-interval command in the EXEC mode to display the IPv6 ICMP error interval. Syntax show ipv6 icmp error-interval Command Mode EXEC mode Example Console> show ipv6 icmp error-interval Rate limit interval: 100 ms Bucket size: 10 tokens 36.5...
IPv6 Addressing Commands • anycast—(Optional) Indicates that this address is an anycast address. • prefix-length—3–128 (64 when the eui-64 parameter is used. Default Configuration No IP address is defined for the interface. Command Mode Interface configuration (Ethernet, VLAN, Port-channel) mode. It cannot be configured for a range of interfaces (range context).
IPv6 Addressing Commands • prefix-length—Specifies the length of the IPv6 prefix. A decimal value indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash mark (/) must precede the decimal. Only 64-bit length is supported, according to IPv6 over Ethernet’s well-known practice Default Configuration IPv6 is enabled on the interface, link local address of the interface is FE80::EUI64...
IPv6 Addressing Commands no ipv6 unreachables Parameters Default Configuration ICMP unreachable messages are sent by default. Command Mode Interface Configuration (Ethernet, VLAN, Port-channel) mode. User Guidelines When ICMP unreachable messages are enabled, when receiving a packet addressed to one of the interface's IP address with TCP/UDP port not assigned, the device sends ICMP unreachable messages.
IPv6 Addressing Commands Default Configuration No default gateway is defined. Command Mode Global Configuration mode User Guidelines interface-id The format of an IPv6Z address is: {ipv6-link-local-address>%< Configuring a new default GW without deleting the previous configured information overwrites the previous configuration. A configured default GW has a higher precedence over automatically advertised (via router advertisement message).
Page 506
IPv6 Addressing Commands Default Configuration Displays all IPv6 interfaces. Command Mode EXEC mode User Guidelines Use the show ipv6 neighbors command in the privileged EXEC mode to display IPv6 neighbor discovery cache information. Example Console# show ipv6 interface Interface IP addresses Type ----------- --------------------------------------...
IPv6 Addressing Commands An interface returning to the administrative Up state restarts DAD for all of the unicast IPv6 addresses on the interface. While DAD is performed on the Link Local address of an interface, the state of the other IPv6 addresses is still set to TENTATIVE.
IPv6 Addressing Commands Parameters host name - Name of the host. (Range: 1–158 characters) • ipv6-address1—Associated IPv6 address. This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons. When the IPv6 address is a Link Local address (IPv6Z address), the outgoing interface name must be specified.
IPv6 Addressing Commands • interface-id—Specifies the interface that is associated with the IPv6 address • hw_addr—Specifies the MAC address to map to the specified IPv6 address. Command Mode Global Configuration mode User Guidelines The IPv6 neighbor command is similar to the ARP (global) command. If an entry for the specified IPv6 address already exists in the neighbor discovery cache, learned through the IPv6 neighbor discovery process, the entry is automatically converted to a static entry.
IPv6 Addressing Commands Default Configuration 1500 bytes Command Mode Privileged EXEC mode User Guidelines This command is intended for debugging and testing purposes and should be used only by technical support personnel. Example console# ipv6 set mtu default 36.15 show ipv6 neighbors Use the show ipv6 neighbors Privileged EXEC mode command to display IPv6 neighbor discovery cache information.
Page 513
IPv6 Addressing Commands User Guidelines Since the associated interface of a MAC address can be aged out from the FDB table, the Interface field can be empty. When an ARP entry is associated with an IP interface that is defined on a port or port-channel, the VLAN field is empty.
IPv6 Addressing Commands 36.16 clear ipv6 neighbors Use the clear ipv6 neighbors Privileged EXEC mode command to delete all entries in the IPv6 neighbor discovery cache, except for static entries. Syntax clear ipv6 neighbors Parameters This command has no keywords or arguments. Command Mode Privileged EXEC mode Example...
Tunnel Commands Tunnel Commands 37.1 interface tunnel Use the interface tunnel Global Configuration mode command to enter the Interface Configuration (Tunnel) mode. Syntax interface tunnel number Parameters number—Specifies the tunnel index. Command Mode Global Configuration mode Example The following example enters the Interface Configuration (Tunnel) mode. Console(config)# interface tunnel Console(config-tunnel)#...
Tunnel Commands Default Configuration The IPv6 transition-mechanism global support mode is disabled. Command Mode Interface Configuration (Tunnel) mode User Guidelines The system can be enabled to ISATAP tunnel. When enabled, an automatic tunnel interface is created on each interface that is assigned an IPv4 address. Note that on a specific interface (for example, port or VLAN), both native IPV6 and transition-mechanisms can coexist.
Tunnel Commands Default Configuration The automatic tunnel router's default domain name is ISATAP. Command Mode Interface Configuration (Tunnel) mode User Guidelines The ipv6 tunnel routers-dns command determines the string that the host uses for automatic tunnel router lookup in the IPv4 DNS procedure. By default, the string ISATAP is used for the corresponding automatic tunnel types.
Tunnel Commands interface is not changed when the IPv4 address is moved to another interface. Default No source address is defined. Command Mode Interface Configuration (Tunnel) mode User Guidelines The configured source IPv4 address is used for forming the tunnel interface identifier.
Tunnel Commands Command Mode Global Configuration mode User Guidelines This command determines the time interval between DNS queries before the ISATAP router IP address is known. If the IP address is known, the robustness level that is set by the tunnel isatap robustness Global Configuration mode command determines the refresh rate.
Tunnel Commands User Guidelines This command determines the interval between router solicitation messages when there is no active ISATAP router. If there is an active ISATAP router, the robustness level set by the tunnel isatap robustness Global Configuration mode command determines the refresh rate. Example The following example sets the time interval between ISATAP router solicitation messages to 30 seconds.
Tunnel Commands The router solicitation interval (when there is an active ISATAP router) is the minimum-router-lifetime that is received from the ISATAP router, divided by (Robustness + 1). Example The following example sets the number of DNS query/router solicitation refresh messages that the device sends to 5.
Page 522
Tunnel Commands DNS Query interval : 300 seconds Min DNS Query interval : 0 seconds Router Solicitation interval : 10 seconds Min Router Solicitation interval : 0 seconds Robustness 78-20269-01 Command Line Interface Reference Guide...
DHCP Relay Commands DHCP Relay Commands 38.1 ip dhcp relay enable (Global) Use the ip dhcp relay enable Global Configuration mode command to enable the DHCP relay feature on the device. Use the no form of this command to disable the DHCP relay feature.
DHCP Relay Commands Parameters Default Configuration Disabled Command Mode Interface Configuration (VLAN, Ethernet, Port-channel) mode User Guidelines The operational status of DHCP Relay on an interface is active if one of the following conditions exist: • DHCP Relay is globally enabled, and there is an IP address defined on the interface.
DHCP Relay Commands Parameters ip-address—Specifies the DHCP server IP address. Up to 8 servers can be defined. Default Configuration No server is defined. Command Mode Global Configuration mode Example The following example defines the DHCP server on the device. Console(config)# 176.16.1.1 ip dhcp relay address 38.4...
Page 526
DHCP Relay Commands DHCP relay is not configured on any vlan. No servers configured Example 2 - Option 82 is supported (disabled): console# show ip dhcp relay DHCP relay is globally disabled Option 82 is disabled Maximum number of supported VLANs without IP Address: 0 Number of DHCP Relays enabled on VLANs without IP Address: 4 DHCP relay is enabled on Ports: gi5,po3-4 Active:...
IP Routing Protocol-Independent Commands IP Routing Protocol-Independent Commands 39.1 ip route Use the ip route Global Configuration mode command to configure static routes. Use the no form of this command to remove static routes. Syntax ip route prefix mask prefix-length } {{ ip-address [metric...
IP Routing Protocol-Independent Commands ip-address Use the no ip route command with the parameter to remove only one static route to the given subnet via the given next hop. Examples Example 1 - The following example shows how to route packets for network 172.31.0.0 to a router at 172.31.6.6 using mask: console(conf)#ip route 172.31.0.0 255.255.0.0 172.31.6.6 metric 2 Example 2 - The following example shows how to route packets for network...
Page 530
IP Routing Protocol-Independent Commands Syntax [connected | static | {address address [mask | prefix-length] show ip route [longer-prefixes]}] Parameters • connected—Displays connected routing entries only. • static—Displays static routing entries only. • address address—Specifies the address for which routing information is displayed.
Page 531
IP Routing Protocol-Independent Commands 10.5.234.0/24 is directly connected vlan 1 Console> show ip route address 172.1.1.0 255.255.255.0 Codes: C - connected, S - static, E - OSPF external, * - candidate default S 172.1.1.0/24 [gi3] via 10.0.2.1, 17:12:19, gi1 Console> show ip route address 172.1.1.0 255.255.255.0 longer-prefixes...
ACL Commands ACL Commands 40.1 ip access-list Use the ip access-list Global Configuration mode command to name an IPv4 access list (ACL) and to place the device in IPv4 Access List Configuration mode. All commands after this command refer to this ACL. The rules (ACEs) for this ACL are defined in the permit ( IP ) deny ( IP )
ACL Commands 40.2 permit ( IP ) Use the permit IP Access-list Configuration mode command to set permit conditions for an IPv4 access list (ACL). Permit conditions are also known as access control entries (ACEs). Syntax protocol {any | source source-wildcard} {any | destination permit destination-wildcard} [dscp number | precedence number] permit...
Page 534
• igmp-type—IGMP packets can be filtered by IGMP message type. Enter a number or one of the following values: host-query, host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leave-v2, host-report-v3. (Range: 0–255) • destination-port—Specifies the UDP/TCP destination port. You can enter range of ports by using hyphen. E.g. 20 - 21. For TCP enter a number or one...
ACL Commands User Guidelines After an ACE is added to an access control list, an implicit deny any condition exists at the end of the list. That is, if there are no matches, the packets are denied. However, before the first ACE is added, the list permits all packets up to #ASIC-specific ranges for TCP and up to #ASIC-specific ranges for UDP.
Page 536
• igmp-type—IGMP packets can be filtered by IGMP message type. Enter a number or one of the following values: host-query, host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leave-v2, host-report-v3. (Range: 0–255) • destination-port—Specifies the UDP/TCP destination port. You can enter range of ports by using hyphen. E.g. 20 - 21. For TCP enter a number or one...
Page 537
ACL Commands nameserver (42), netbios-dgm (138), netbios-ns (137), non500-isakmp (4500), ntp (123), rip (520), snmp 161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (49), talk (517), tftp (69), time (37), who (513), xdmcp (177). (Range: 0–65535) • source-port—Specifies the UDP/TCP source port. Predefined port names are defined in the destination-port parameter.
ACL Commands console(config)# ip access-list extended server console(config-ip-al)# deny ip 176.212.0.0 00.255.255 40.4 ipv6 access-list Use the ipv6 access-list Global Configuration mode command to define an IPv6 access list (ACL) and to place the device in IPv6 Access List Configuration mode. All commands after this command refer to this ACL.
ACL Commands separate data link layer protocol; therefore, by default, IPv4 ACLs implicitly allow ARP packets to be sent and received on an interface. Example Switch (config)# ipv6 access-list acl1 Switch(config-ipv6-acl)# permit tcp 2001:0DB8:0300:0201::/64 any any 80 40.5 permit ( IPv6 ) Use the permit command in IPv6 Access-list Configuration mode to set permit conditions (ACEs) for IPv6 ACLs.
Page 540
ACL Commands • number dscp —Specifies the DSCP value. (Range: 0–63) • number precedence —Specifies the IP precedence value. • icmp-type—Specifies an ICMP message type for filtering ICMP packets. Enter a number or one of the following values: destination-unreachable (1), packet-too-big (2), time-exceeded (3), parameter-problem (4), echo-request (128), echo-reply (129), mld-query (130), mld-report (131), mldv2-report (143), mld-done (132), router-solicitation (133), router-advertisement (134),...
ACL Commands User Guidelines The number of TCP/UDP ranges that can be defined in ACLs is limited. You can define up to #ASIC-specific ranges for TCP and up to #ASIC-specific ranges for UDP. If a range of ports is used for a source port in ACE, it is not counted again if it is also used for a source port in another ACE.
Page 542
ACL Commands Parameters • protocol—The name or the number of an IP protocol. Available protocol names are: icmp (58), tcp (6) and udp (17). To match any protocol, use the ipv6 keyword. (Range: 0–255) • source-prefix/length—The source IPv6 network or class of networks about which to set permit conditions.
ACL Commands • list-of-flags match-all —List of TCP flags that should occur. If a flag should be set it is prefixed by “+”.If a flag should be unset it is prefixed by “-”. Available options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn and -fin.
ACL Commands deny (MAC) commands. The service-acl command is used to attach this ACL to an interface. Use the no form of this command to remove the access list. Syntax acl-name mac access-list extended acl-name no mac access-list extended Parameters acl-name—Specifies the name of the MAC ACL (range: 0–32 characters - use ""...
ACL Commands Parameters • source—Source MAC address of the packet. • source-wildcard—Wildcard bits to be applied to the source MAC address. Use 1s in the bit position that you want to be ignored. • destination—Destination MAC address of the packet. •...
ACL Commands Example console(config)# mac access-list extended server1 console(config-mac-al)# deny 00:00:00:00:00:01 00:00:00:00:00:ff any 40.10 service-acl use the service-acl command in interface Configuration mode to bind an access list(s) (ACL) to an interface. Use the no form of this command to remove all ACLs from the interface. Syntax acl-name1 [acl-name2] service-acl input...
ACL Commands Example console(config)# mac access-list extended server-acl console(config-mac-al)# permit 00:00:00:00:00:01 00:00:00:00:00:ff any console(config-mac-al)# exit console(config)# interface gi1 console(config-if)# service-acl input server-acl 40.11 absolute Use the absolute Time-range Configuration mode command to specify an absolute time when a time range is in effect. Use the no form of this command to remove the time limitation.
ACL Commands Command Mode Time-range Configuration mode Example Console (config)# time-range Console (config-time-range)# absolute start 12:00 1 jan 2005 Console (config-time-range)# absolute end 12:00 31 dec 2005 40.12 periodic Use the periodic Time-range Configuration mode command to specify a recurring (weekly) time range for functions that support the time-range feature.
ACL Commands • list day-of-the-week1—Specifies a list of days that the time range is in effect. Default Configuration There is no periodic time when the time range is in effect. Command Mode Time-range Configuration mode User Guidelines The second occurrence of the day can be at the following week, e.g. Thursday–Monday means that the time range is effective on Thursday, Friday, Saturday, Sunday, and Monday.
ACL Commands -------------- absolute start 12:00 1 jan 2005 absolute end 12:00 31 dec 2005 periodic monday 8:00 to friday 20:00 40.14 show access-lists Use the show access-lists Privileged EXEC mode command to display access control lists (ACLs) configured on the switch. Syntax name show access-lists [...
ACL Commands permit 192.168.0.2, wildcard bits 0.0.0.255 Extended IP access list ACL1 permit 234 172.30.40.1 0.0.0.0 any permit 234 172.30.8.8 0.0.0.0 any Extended IP access list ACL2 permit 234 172.30.19.1 0.0.0.255 any permit 234 172.30.23.8 0.0.0.255 any 40.15 show interfaces access-lists Use the show interfaces access-lists Privileged EXEC mode command to display access lists (ACLs) applied on interfaces.
ACL Commands 40.16 clear access-lists counters Use the clear access-lists counters Privileged EXEC mode command to clear access-lists (ACLs) counters. Syntax [interface-id] clear access-lists counters Parameters interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or port-channel. Command Mode Privileged EXEC mode Example...
ACL Commands Because forwarding is done in hardware and counting is done in software, if a large number of packets match a deny ACE containing a log-input keyword, the software might not be able to match the hardware processing rate, and not all packets are counted.
Quality of Service (QoS) Commands Quality of Service (QoS) Commands 41.1 Use the qos Global Configuration mode command to enable Quality of Service (QoS) on the device and set the QoS mode. Use the no form of this command to disable QoS on the device Syntax basic...
Quality of Service (QoS) Commands Console(config)# Example 2 - The following example enables the QoS advanced mode on the device with the ports-not-trusted option. Console(config)# qos advanced 41.2 qos advanced-mode trust Use the qos advanced-mode trust global configuration command to configure the trust mode in advanced mode.
Quality of Service (QoS) Commands • ports-trusted mode: For packets that are not classified by to any QoS action or classified to the QoS action trust. Example The following example sets cos as the trust mode for QoS on the device. qos advanced-mode trust cos Console(config)# 41.3...
Quality of Service (QoS) Commands Example 2 - The following example displays QoS attributes when QoS is enabled in basic mode on the device and the advanced mode is not supported. Console> show qos Qos: disable Trust: dscp 41.4 class-map The class-map command and its subcommands are used to define packet classification, marking, and aggregate policing as part of a globally-named service policy applied on a per-interface basis.
Quality of Service (QoS) Commands Default Configuration If neither match-all nor match-any is specified, the match-all parameter is selected by default. Command Mode Global Configuration mode User Guidelines The class-map enters Class-map Configuration mode. In this mode, up to two match commands can be entered to configure the criteria for this class.
Quality of Service (QoS) Commands Syntax class-map-name show class-map [ Parameters class-map-name—Specifies the name of the class map to be displayed. Command Mode EXEC mode Example The following example displays the class map for Class1. Console> show class-map class1 Class Map match-any class1 (id4) Match IP dscp 11 21 41.6 match...
Quality of Service (QoS) Commands Example The following example defines a class map called Class1. Class1 contains an ACL called enterprise. Only traffic matching all criteria in enterprise belong to the class map. Console(config)# class-map class1 Console(config-cmap)# enterprise match access-group 41.7 policy-map A policy map contains one or more class maps and an action that is taken if the...
Quality of Service (QoS) Commands policy map can be configured only if the classes have match criteria defined for them. Policy map is applied on the ingress path. The match criteria is for a class map. Only one policy map per interface is supported.
Quality of Service (QoS) Commands Command Mode Policy-map Configuration mode User Guidelines This is the same as creating a class map and then binding it to the policy map. You can specify an existing class map in this command, or you can use the access-group parameter to create a new class map.
Quality of Service (QoS) Commands Example The following example displays all policy maps. Console> show policy-map Policy Map policy1 class class1 set IP dscp 7 Policy Map policy2 class class 2 police 96000 4800 exceed-action drop class class3 police 124000 96000 exceed-action policed-dscp-transmit 41.10 trust Use the trust Policy-map Class Configuration mode command to configure the trust state.
Page 565
Quality of Service (QoS) Commands Command Mode Policy-map Class Configuration mode User Guidelines Use this command to distinguish the QoS trust behavior for certain traffic from others. For example, incoming traffic with certain DSCP values can be trusted. A class map can be configured to match and trust the DSCP values in the incoming traffic.
Quality of Service (QoS) Commands 41.11 set Use the set Policy-map Class Configuration mode command to select the value that QoS uses as the DSCP, egress queue or user priority values. This command is only available when QoS is in advanced mode. Syntax {dscp new-dscp | queue queue-id | cos new-cos no set...
Quality of Service (QoS) Commands console(config-cmap)# exit console(config)# policy-map p1 console(config-pmap)# class c1 Console(config-pmap-c)# set dscp 41.12 police Use the police Policy-map Class Configuration mode command to define the policer for classified traffic. This defines another group of actions for the policy map (per class map).
Quality of Service (QoS) Commands Command Mode Policy-map Class Configuration mode User Guidelines This command only exists in when the device is in Layer 2 mode. Policing uses a token bucket algorithm. CIR represents the speed with which the token is added to the bucket. CBS represents the depth of the bucket. Example The following example defines a policer for classified traffic.
Quality of Service (QoS) Commands User Guidelines Only one policy map per interface per direction is supported. Example The following example attaches a policy map called Policy1 to the input interface. Console(config-if)# service-policy input policy1 41.14 qos aggregate-policer Use the qos aggregate-policer Global Configuration mode command to define the policer parameters that can be applied to multiple traffic classes.
Quality of Service (QoS) Commands Command Mode Global Configuration mode User Guidelines This command only exists when the device is in Layer 2. Define an aggregate policer if the policer aggregates traffic from multiple class maps. Aggregate policers cannot aggregate traffic from multiple devices. If the aggregate policer is applied to more than one device, the traffic on each device is counted separately and is limited per device.
Quality of Service (QoS) Commands Syntax aggregate-policer-name show qos aggregate-policer [ Parameters aggregate-policer-name—Specifies the aggregate policer name. Default Configuration All policers are displayed. Command Mode EXEC mode Example The following example displays the parameters of the aggregate policer called Policer1. Console>...
Quality of Service (QoS) Commands Command Mode Policy-map Class Configuration mode User Guidelines An aggregate policer can be applied to multiple classes in the same policy map. An aggregate policer cannot be applied across multiple policy maps or interfaces. Use the exit command to return to the Policy-map Configuration mode. Use the end command to return to the Privileged EXEC mode.
Quality of Service (QoS) Commands Parameters • queue-id—Specifies the queue number to which the CoS values are mapped. • cos0 ... cos7—Specifies up to 8 CoS values to map to the specified queue number. (Range: 0–7) Default Configuration The default CoS value mapping to 4 queues is as follows: CoS value 0 is mapped to queue 1.
Page 574
Quality of Service (QoS) Commands frequency at which the packet scheduler removes packets from each queue. Use the no form of this command to restore the default configuration. Syntax weight1 weight2 weight_n wrr-queue bandwidth no wrr-queue bandwidth Parameters weight1 weight1 ... weight_n—Specifies the ratio of bandwidth assigned by the WRR packet scheduler to the packet queues.
Quality of Service (QoS) Commands 41.19 priority-queue out num-of-queues An expedite queue is a strict priority queue, which is serviced until empty before the other lower priority queues are serviced. Use the priority-queue out num-of-queues Global Configuration mode command to configure the number of expedite queues. Use the no form of this command to restore the default configuration.
Quality of Service (QoS) Commands 41.20 traffic-shape The egress port shaper controls the traffic transmit rate (Tx rate) on a port. Use the traffic-shape Interface Configuration mode command to configure the egress port shaper. Use the no form of this command to disable the shaper. Syntax traffic-shape committed-rate...
Quality of Service (QoS) Commands Syntax queue-id committed-rate committed-burst traffic-shape queue queue-id no traffic-shape queue Parameters • queue-id—Specifies the queue number to which the shaper is assigned. (Range: 1-4) • committed-rate—Specifies the average traffic rate (CIR) in kbits per second (kbps).
Quality of Service (QoS) Commands Parameters • committed-rate-kbps—Specifies the maximum number of kilobits per second of ingress traffic on a port. The range is 100 – max port speed. • burst committed-burst-bytes —The burst size in bytes (3000–19173960). If unspecified, defaults to 128K. Default Configuration Rate limiting is disabled.
Quality of Service (QoS) Commands • committed-rate—Specifies the average traffic rate (CIR) in kbits per second (kbps). (Range: 3-57982058) • committed-burst—Specifies the maximum burst size (CBS) in bytes. (Range: 3000-19173960) Default Configuration Rate limiting is disabled. Committed-burst-bytes is 128K. Command Mode Global Configuration mode User Guidelines Traffic policing in a policy map takes precedence over VLAN rate limiting.
Quality of Service (QoS) Commands Parameters Default Disabled Command Mode Global Configuration mode User Guidelines The command is effective after reset. Example Console(conf)#> qos wrr-queue wrtd This setting will take effect only after copying running configuration to startup configuration and resetting the device Console(config)# 41.25 show qos wrr-queue wrtd Use the show qos wrr-queue wrtd Exec mode command to display the Weighted...
Quality of Service (QoS) Commands Example Console> show qos wrr-queue wrtd Weighted Random Tail Drop is disabled Weighted Random Tail Drop will be enabled after reset 41.26 show qos interface Use the show qos interface EXEC mode command to display Quality of Service (QoS) information on the interface.
Page 582
Quality of Service (QoS) Commands User Guidelines If no parameter is specified with the show qos interface command, the port QoS mode (DSCP trusted, CoS trusted, untrusted, and so on), default CoS value, DSCP-to-DSCP- map (if any) attached to the port, and policy map (if any) attached to the interface are displayed.
Quality of Service (QoS) Commands This is an example of the output from the show qos interface policer command. Console> show qos interface policer gi1 Ethernet gi1 Class map: A Policer type: aggregate Commited rate: 192000 bps Commited burst: 9600 bytes Exceed-action: policed-dscp-transmit Class map: B Policer type: single...
Quality of Service (QoS) Commands Syntax tail-drop wrr-queue no wrr-queue Parameters tail-drop— Specifies the tail-drop mechanism. Default Configuration The tail-drop mechanism on an egress queue i s disabled. Command Mode Global Configuration mode User Guidelines This command can only be used if Advanced mode is enabled. Example The following example enables the tail-drop mechanism on an egress queue.
Quality of Service (QoS) Commands Parameters • gigabitethernet—Specifies that the thresholds are to be applied to Gigabit Ethernet ports. • queue-id—Specifies the queue number to which the tail-drop threshold is assigned. • threshold-percentage—Specifies the queue threshold percentage value. Default Configuration The default threshold is 80 percent.
Quality of Service (QoS) Commands Parameters • dscp- list—Specifies up to 8 DSCP values, separated by spaces. (Range: 0–63) • dscp-mark-down—Specifies the DSCP value to mark down. (Range: 0–63) Default Configuration The default map is the Null map, which means that each incoming DSCP value is mapped to the same DSCP value.
Quality of Service (QoS) Commands • queue-id—Specifies the queue number to which the DSCP values are mapped. Default Configuration The default map for 4 queues is as follows. Command Mode Global Configuration mode Example The following example maps DSCP values 33, 40 and 41 to queue 1. Console(config)# qos map dscp-queue 33 40 41...
Quality of Service (QoS) Commands Command Mode Global Configuration mode. Example The following example maps DSCP values 25, 27 and 29 to Drop Precedence 2. Console(config)# qos map dscp-dp 25 27 29 41.32 qos trust (Global) Use the qos trust Global Configuration mode command to configure the system to the basic mode and trust state.
Quality of Service (QoS) Commands Use this command to specify whether the port is trusted and which fields of the packet to use to classify traffic. When the system is configured with trust DSCP, the traffic is mapped to the queue by the DSCP-queue map.
Quality of Service (QoS) Commands 41.34 qos cos Use the qos cos Interface Configuration (Ethernet, Port-channel) mode command to define the default CoS value of a port. Use the no form of this command to restore the default configuration. Syntax default-cos qos cos no qos cos...
Quality of Service (QoS) Commands Syntax qos dscp-mutation no qos dscp-mutation Command Mode Global Configuration mode. User Guidelines Apply the DSCP-to-DSCP-mutation map to a port at the boundary of a Quality of Service (QoS) administrative domain. If two QoS domains have different DSCP definitions, use the DSCP-to-DSCP-mutation map to translate a set of DSCP values to match the definition of another domain.
Quality of Service (QoS) Commands Parameters • in-dscp—Specifies up to 8 DSCP values to map, separated by spaces. (Range: 0–63) • out-dscp—Specifies up to 8 DSCP mapped values, separated by spaces. (Range: 0–63) Default Configuration The default map is the Null map, which means that each incoming DSCP value is mapped to the same DSCP value.
Quality of Service (QoS) Commands • dscp-mutation—Displays the DSCP-DSCP mutation table. Command Mode EXEC mode Example The following example displays the QoS mapping information. Console> show qos map dscp-queue Dscp-queue map: 41.38 clear qos statistics Use the clear qos statistics EXEC mode command to clear the QoS statistics counters.
Quality of Service (QoS) Commands 41.39 qos statistics policer Use the qos statistics policer Interface Configuration (Ethernet, Port-channel) mode command to enable counting in-profile and out-of-profile. Use the no form of this command to disable counting. Syntax policy-map-name class-map-name qos statistics policer policy-map-name class-map-name no qos statistics policer Parameters...
Quality of Service (QoS) Commands Parameters aggregate-policer-name—Specifies the aggregate policer name. Default Configuration Counting in-profile and out-of-profile is disabled. Command Mode Global Configuration mode Example The following example enables counting in-profile and out-of-profile on the interface. Console(config)# policer1 qos statistics aggregate-policer 41.41 qos statistics queues Use the qos statistics queues Global Configuration mode command to enable QoS statistics for output queues.
Quality of Service (QoS) Commands Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. If the queue parameter is all, traffic in cascading ports is also counted. Example The following example enables QoS statistics for output queues for counter set 1. Console(config)# qos statistics queues all all all...
Page 597
Quality of Service (QoS) Commands Example The following example displays Quality of Service statistical information. Console# show qos statistics Policers --------- Interface Policy Class In-profile Out-of-prof bytes ile bytes ------------ -------- --------- ------- ------------- 5433 Class1 7564575 Policy1 Class2 8759 3214 Policy1 746587458...
Quality of Service (QoS) Commands 41.43 security-suite enable Use the security-suite enable Global Configuration mode command to enable the security suite feature. This feature supports protection against various types of attacks. When this command is used, hardward resources are reserved. These hardware resources are released when the no security-suite enable command is entered.
Quality of Service (QoS) Commands Default Configuration The security suite feature is disabled. If global-rules-only is not specified, the default is to enable security-suite globally and per interfaces. Command Mode Global Configuration mode User Guidelines MAC ACLs must be removed before the security-suite is enabled. The rules can be re-entered after the security-suite is enabled.
Page 600
Quality of Service (QoS) Commands There are three types of attacks against which protection can be supplied (see parameters below). Use the no form of this command to disable DoS protection. Syntax {add attack | remove attack security-suite dos protect no security-suite dos protect Parameters •...
Quality of Service (QoS) Commands 41.45 security-suite dos syn-attack Use the security-suite dos syn-attack Interface Configuration mode command to rate limit Denial of Service (DoS) SYN attacks. This provides partial blocking of of SNY packets (up to the rate that the user specifies). Use the no form of this command to disable rate limiting.
Quality of Service (QoS) Commands Since the hardware rate limiting counts bytes, it is assumed that the size of “SYN” packets is short. Example The following example attempts to rate limit DoS SYN attacks on a port. It fails because security suite is enabled globally and not per interface. Console(config)# security-suite enable global-rules-only Console(config)#...
Page 603
Quality of Service (QoS) Commands Parameters • reserved add/remove—Add or remove the table of reserved addresses below. • ip-address—Adds/discards packets with the specified IP source or destination address. • mask—Specifies the network mask of the IP address. • prefix-length—Specifies the number of bits that comprise the IP address prefix.
Quality of Service (QoS) Commands Address block Present use 224.0.0.0/4 as This block, formerly known as the Class D source address space, is allocated for use in IPv4 multicast address assignments. 240.0.0.0/4 (except This block, formerly known as the Class E when address space, is reserved.
Quality of Service (QoS) Commands • tcp-port | any—Specifies the destination TCP port. The possible values are: http, ftp-control, ftp-data, ssh, telnet, smtp, dns, tftp, ntp, snmp or port number. Use any to specify all ports. Default Configuration Creation of TCP connections is allowed from all interfaces. If the mask is not specified, it defaults to 255.255.255.255.
Quality of Service (QoS) Commands Syntax {[add {ip-address | any} {mask | /prefix-length}] | [remove security-suite deny icmp {ip-address | any} {mask | /prefix-length}]} no security-suite deny icmp Parameters • ip-address | any—Specifies the destination IP address. Use any to specify all IP addresses.
Quality of Service (QoS) Commands 41.49 security-suite deny fragmented Use the security-suite deny fragmented Interface Configuration (Ethernet, Port-channel) mode command to discard IP fragmented packets from a specific interface. Use the no form of this command to permit IP fragmented packets. Syntax {[add {ip-address | any} {mask | /prefix-length}] | security-suite deny fragmented...
Quality of Service (QoS) Commands Console(config)# security-suite enable global-rules-only Console(config)# interface Console(config-if)# security-suite deny fragmented add any / To perform this command, DoS Prevention must be enabled in the per-interface mode. 41.50 show security-suite configuration Use the show security-suite configuration EXEC mode command to display the security-suite configuration.
Page 609
Quality of Service (QoS) Commands Martian addresses filtering Reserved addresses: enabled. Configured addresses: 10.0.0.0/8, 192.168.0.0/16 SYN filtering Interface IP Address TCP port ---------------- -------------- ------------- 176.16.23.0\24 ICMP filtering Interface IP Address --------------- -------------- 176.16.23.0\24 Fragmented packets filtering Interface IP Address -------------- -------------- 176.16.23.0\24...
Voice VLAN Commands Voice VLAN Commands 42.1 voice vlan state The voice vlan state Global Configuration mode command sets the type of voice VLAN that is functional on the device or disables voice VLAN entirely. The no format of the command returns to the default. Syntax oui-enabled auto-enabled...
Page 611
A CDP voice VLAN advertisement is received from a neighboring switch. A Cisco UC device that advertises itself as a switch router is not considered to be a switch. Voice Service Discovery Protocol (VSDP) is a Cisco Small Business proprietary protocol for SF and SG series managed switches.
Voice VLAN Commands Are you sure you want to continue? (Y/N)[Y] Y console(config)#30-Apr-2011 00:04:41 %LINK-W-Down: Vlan 5 30-Apr-2011 00:04:41 %LINK-W-Down: Vlan 8 30-Apr-2011 00:04:41 %LINK-W-Down: Vlan 9 30-Apr-2011 00:04:41 %LINK-W-Down: Vlan 100 Example 3 —The following example sets the Voice VLAN state to auto-enabled. The VLANs are re-activated after the auto SmartPort state is re-applied.
Voice VLAN Commands no voice vlan id Parameters vlan-id vlan id —Specifies the voice VLAN (range 1-4094). Default Configuration VLAN ID 1. Command Mode Global Configuration mode User Guidelines If the Voice VLAN does not exist, it is created automatically. It will not be removed automatically by the no version of this command.
Voice VLAN Commands no voice vlan vpt Parameters vpt-value —The VPT value to be advertised (range 0-7). Default Configuration Command Mode Global Configuration mode Example The following example sets 7 as the voice VLAN VPT. A notification that the new settings are different than the old ones is displayed.
Voice VLAN Commands Parameters dscp-value dscp —The DSCP value (range 0-63). Default Configuration Command Mode Global Configuration mode Example The following example sets 63 as the voice VLAN DSCP. Console(config)# voice vlan dscp For Auto Voice VLAN, changes in the voice VLAN ID, CoS/802.1p, and/or DSCPwill cause the switch to advertise the administrative voice VLAN as static voice VLANwhich has higher priority than voice VLAN learnt from external sources.
Page 617
MAC address to the voice VLAN OUI table (length: 1–32 characters). Default Configuration The default voice VLAN OUI table is: Description 00:e0:bb 3COM Phone 00:03:6b Cisco Phone 00:e0:75 Veritel Polycom Phone 00:d0:1e Pingtel Phone 00:01:e3 Siemens AG Phone 00:60:b9...
Voice VLAN Commands Example The following example adds an entry to the voice VLAN OUI table. Console(config)# voice vlan oui-table add 00:AA:BB description experimental 42.7 voice vlan cos mode Use the voice vlan cos mode Interface Configuration mode command to select the OUI voice VLAN Class of Service (CoS) mode.
Voice VLAN Commands 42.8 voice vlan cos Use the voice vlan cos Global Configuration mode command to set the OUI Voice VLAN Class of Service (CoS). Use the no form of this command to restore the default configuration. Syntax cos cos [remark] voice vlan no voice vlan cos Parameters...
Voice VLAN Commands The port is added to the voice VLAN if a packet with a source MAC address OUI address (defined by voice vlan oui-table) is trapped on the port. Note: The packet VLAN ID does not have to be the voice VLAN, it can be any VLAN. The port joins the voice VLAN as a tagged port.
Page 622
Voice VLAN Commands Command Mode EXEC mode User Guidelines Using this command without parameters displays the current voice VLAN type parameters and local and agreed voice VLAN settings. The interface-id parameter is relevant only for the OUI VLAN type. Examples: Example 1—Displays the auto voice VLAN parameters.
Page 623
Voice VLAN Commands Agreed Voice VLAN-ID is 20 Agreed VPT is 7 Agreed DSCP is 20 Agreed VLAN Last Change is 10-Apr-10 20:01:00 Example 3—Displays the current voice VLAN parameters. switch>show voice vlan Administrate Voice VLAN state is auto-triggered Operational Voice VLAN state is disabled VSDP Authentication is disabled Example 4—Displays the current voice VLAN parameters.
Page 625
Voice VLAN Commands Command Mode EXEC mode Examples: Example 1—A UC is connected to an interface and a conflict is detected: 30-Apr-2011 00:39:24 %VLAN-W-ConflictingCDPDetected: conflict detected between operational VLAN and new CDP device 00:1e:13:73:3d:62 on interface gi7. Platform TLV is -4FXO-K9, Voice VLAN-ID is 100... console>show voice vlan local Administrate Voice VLAN state is auto-triggered Operational Voice VLAN state is auto-enabled...
Page 626
Voice VLAN Commands static 00:00:12:ea:87:dc 00:00:aa:aa:89:dc Example 3—Displays the local voice VLAN configuration when the voice VLAN state is OUI. console>show voice vlan local Administrate Voice VLAN state is auto-OUI Operational Voice VLAN state is OUI The character '*; marks the best local Voice VLAN VLAN-ID DSCP Source...
Smartport Commands Smartport Commands 43.1 macro auto (Global) The macro auto Global Configuration mode command sets the Auto Smartports administrative global state. The no format of the command returns to the default. Syntax macro auto { enabled disabled controlled no macro auto Parameters •...
Smartport Commands • Auto Smartport Operational state is enabled when the Auto Voice VLAN is enabled. A user cannot enable Auto Smartport globally if the OUI Voice VLAN is enabled. Example This example shows an attempt to enable the Auto Smartport feature globally in the controlled mode.
Smartport Commands Parameters Default Configuration Enabled. Command Mode Interface Configuration mode (Ethernet Interface, Port Channel) User Guidelines This command is effective only when Auto Smartport is globally enabled. Example Enables the Auto Smartport feature on port 1: console(conf)(conf)#interface gi1 console(conf-if)# macro auto smartport 43.3 macro auto trunk refresh The macro auto trunk refresh Global Configuration command reapplies the...
Smartport Commands Command Mode Global Configuration mode User Guidelines The macro auto smartport command becomes effective only when the Auto Smartport is globally enabled. smartport-type interface-id If both are defined, the attached Smartport macro is executed on the interface if it has the given Smartport type. smartport-type If only is defined, the attached Smartport macro is executed on all...
Smartport Commands Default Configuration Command Mode Interface Configuration mode (Ethernet Interface, Port Channel) User Guidelines When a Smartport macro fails at an interface, the Smartport type of the interface becomes Unknown. You must diagnose the reason for the failure on the interface and/or Smartport macro, and correct the error.
Smartport Commands Command Mode Interface Configuration mode (Ethernet Interface, Port Channel) User Guidelines A Smartport’s persistent interface retains its dynamic configuration in the following cases: link down/up, the attaching device ages out, and reboot. Note that for persistence and the Smartport configuration to be effective across reboot, the Running Configuration file must be saved to the Startup Configuration file.
Page 633
Smartport Commands Default Configuration parameter-name value —Parameter default value. For instance, if the parameter is the voice VLAN, the default value is the default voice VLAN. Command Mode Interface Configuration mode (Ethernet Interface, Port Channel) User Guidelines A static type set by the command cannot be changed by a dynamic type. Example This example shows an attempt to set the Smartport type of port 1 to printer (statically).
Smartport Commands Example To enable CDP globally: console(conf)#macro auto processing cdp 43.8 macro auto processing lldp The macro auto processing lldp Global Configuration mode command enables using the LLDP capability information to identify the type of an attached device. When Auto Smartport is enabled on an interface and this command is run, the switch automatically applies the corresponding Smartport type to the interface based on the LLDP capabilities advertised by the attaching device(s).
Smartport Commands 43.9 macro auto processing type The macro auto processing type Global Configuration mode command enables or disables automatic detection of devices of given type. The no format of the command returns to the default. Syntax smartport-type enabled disabled macro auto processing type smartport-type no macro auto processing type...
Smartport Commands Example 2 - In this example, automatic detection of wireless access points (ap) is enabled. console(config)#macro auto processing type ? host set type to host ip_phone set type to ip_phone ip_phone_desktop set type to ip_phone_desktop switch set type to switch router set type to router set type to access point...
Smartport Commands Default Configuration value parameter-name —Parameter’s default value. For instance, if the parameter is the native VLAN, the default value is the default native VLAN. Command Mode Global Configuration User Guidelines The scope of each parameter is the macro in which it is defined, with the exception of the parameter $voice_vlan, which is a global parameter and its value is specified by the switch and cannot be defined in a macro.
Smartport Commands Parameters smartport-type—Smartport type (range: printer, desktop, guest, server, host, ip_camera, ip_phone, ip_phone_desktop, switch, router or wireless access point (ap)). parameter-name value—Specifies the parameter name and its value. These are the parameters of the built-in or user-defined macro defined in macro auto user smartport macro.
Smartport Commands Parameters Default Configuration Command Mode EXEC Example switch>show macro auto processing CDB: enabled LLDP: enabled host :disabled ip_phone :enabled ip_phone_desktop:enabled switch :enabled router :disabled :enabled 43.13 show macro auto smart-macros The show macro auto smart-macros EXEC mode command displays the name of Smartport macros, their type (built-in or user-defined) and their parameters.
Smartport Commands Default Configuration Command Mode EXEC Example switch>show macro auto smartport Smartport type: ip_phone Parameters: $native_vlan=1 $voice_vlan=100 Smartport Macro: phone (built-in) Smartport type: switch Parameters: $native_vlan =1 $man=aa $enc=qq Smartport Macro: use-switch Smartport type: router Parameters: $native_vlan =2 Smartport Macro: router (built-in) 43.14 show macro auto ports The show macro auto ports EXEC mode command displays information about all Smartport ports or a specific one.
Page 642
Smartport Commands Examples Example 1—Note that Smartport on switch and phone types was configured automatically. Smartport on routers was configured statically. console>show macro auto ports Smartport is enabled Administrative Globally Auto Smartport is enabled Operational Globally Auto Smartport is enabled Interface Auto Smartport Persistent...
Smartport Commands console(config-if)#interface gi1 console(config-if)#macro auto smartport console(config-if)#end console#show macro auto ports gi1 SmartPort is Enabled Administrative Globally Auto SmartPort is enabled Operational Globally Auto SmartPort is enabled Auto SmartPort is enabled on gi1 Persistent state is persistent Interface type is switch Last activated macro is switch 43.15 smartport switchport trunk allowed vlan The smartport switchport trunk allowed vlan Interface Configuration (Ethernet,...
Smartport Commands Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines This command is an extension of the switchport trunk allowed vlan command. vlan-list Unlike the switchport trunk allowed vlan command, the parameter of this command may include the voice VLAN (when it is the default VLAN). If the default VLAN is the voice VLAN, the following occurs: •...
Smartport Commands User Guidelines This command is an extension of the switchport trunk native vlan CLI command. Unlike the switchport trunk native vlan CLI command, this command may also be applied to the default VLAN when the interface belongs to the default VLAN as egress tagged port.
Link Layer Discovery Protocol (LLDP) Commands Link Layer Discovery Protocol (LLDP) Commands 44.1 lldp run Use the lldp run Global Configuration mode command to enable LLDP. To disable LLDP, use the no form of this command. Syntax lldp run no lldp run Parameters N/A.
Link Layer Discovery Protocol (LLDP) Commands Default Configuration Enabled Command Mode Interface Configuration (Ethernet) mode User Guidelines LLDP manages LAG ports individually. LLDP sends separate advertisements on each port in a LAG. LLDP operation on a port is not dependent on the STP state of a port. I.e. LLDP frames are sent on blocked ports.
Link Layer Discovery Protocol (LLDP) Commands User Guidelines LLDP manages LAG ports individually. LLDP data received through LAG ports is stored individually per port. LLDP operation on a port is not dependent on the STP state of a port. I.e. LLDP frames are received on blocked ports.
Link Layer Discovery Protocol (LLDP) Commands 44.5 lldp hold-multiplier Use the lldp hold-multiplier Global Configuration mode command to specify how long the receiving device holds a LLDP packet before discarding it. Use the no form of this command to restore the default configuration. Syntax number lldp hold-multiplier...
Link Layer Discovery Protocol (LLDP) Commands 44.6 lldp reinit Use the lldp reinit Global Configuration mode command to specify the minimum time an LLDP port waits before reinitializing LLDP transmission. Use the no form of this command to revert to the default setting. Syntax seconds lldp reinit...
Link Layer Discovery Protocol (LLDP) Commands Parameters seconds tx-delay —Specifies the delay in seconds between successive LLDP frame transmissions initiated by value/status changes in the LLDP local systems MIB (range: 1-8192 seconds). Default Configuration The default LLDP frame transmission delay is 2 seconds. Command Mode Global Configuration mode User Guidelines...
Link Layer Discovery Protocol (LLDP) Commands Command Mode Interface Configuration (Ethernet) mode Example The following example specifies that the port description TLV is transmitted on gigabitethernet port 2. Console(config)# interface gi2 Console(config-if)# lldp optional-tlv port-desc 44.9 lldp management-address Use the lldp management-address Interface Configuration (Ethernet) mode command to specify the management address advertised by an interface.
Link Layer Discovery Protocol (LLDP) Commands port or port- channel are members in a VLAN that has an IP address, that address is not included because the address is associated with the VLAN. Default Configuration No IP address is advertised. The default advertisement is automatic.
Link Layer Discovery Protocol (LLDP) Commands Default Configuration Disabled. Command Mode Interface Configuration (Ethernet) mode Example The following example enables sending LLDP notifications on gi5. Console(config)# interface gi5 Console(config-if)# enable lldp notifications 44.11 lldp notifications interval Use the lldp notifications interval Global Configuration mode command to configure the maximum transmission rate of LLDP notifications.
Link Layer Discovery Protocol (LLDP) Commands 44.12 lldp lldpdu The lldp lldpdu Global Configuration mode command defines LLDP packet handling when LLDP is globally disabled. To restore the default configuration, use the no form of this command. Syntax filtering flooding lldp lldpdu { no lldp lldpdu Parameters...
Link Layer Discovery Protocol (LLDP) Commands Example The following example sets the LLDP packet handling mode to Flooding when LLDP is globally disabled. Console(config)# lldp lldpdu flooding 44.13 lldp med Use the lldp med Interface Configuration (Ethernet) mode command to enable or disable LLDP Media Endpoint Discovery (MED) on a port.
Link Layer Discovery Protocol (LLDP) Commands 44.14 lldp med notifications topology-change Use the lldp med notifications topology-change Interface Configuration (Ethernet) mode command to enable sending LLDP MED topology change notifications on a port. Use the no form of this command to restore the default configuration. Syntax {enable | disable} lldp med notifications topology-change...
Link Layer Discovery Protocol (LLDP) Commands Syntax number lldp med fast-start repeat-count no lldp med fast-start repeat-count Parameters number repeat-count —Specifies the number of times the fast start LLDPDU is being sent during the activation of the fast start mechanism. The range is 1-10. Default Configuration Command Mode Global Configuration mode...
Page 659
Link Layer Discovery Protocol (LLDP) Commands • application—The name or the number of the primary function of the application defined for this network policy. Available application names are: voice voice-signaling guest-voice guest-voice-signaling softphone-voice video-conferencing streaming-video video-signaling. • vlan vlan-id —VLAN identifier for the application. •...
Link Layer Discovery Protocol (LLDP) Commands Example This example creates a network policy for the voice-signally application and attaches it to port 1. LLDP packets sent on port 1 will contain the information defined in the network policy. console(config)# lldp med network-policy 1 voice-signaling vlan 1 vlan-type untagged up 1 dscp 2 Console(config)# interface gi1...
Link Layer Discovery Protocol (LLDP) Commands User Guidelines For each port, only one network policy per application (voice, voice-signaling, etc.) can be defined. Example This example creates a network policy for the voice-signally application and attaches it to port 1. LLDP packets sent on port 1 will contain the information defined in the network policy.
Link Layer Discovery Protocol (LLDP) Commands Command Mode Global Configuration mode User Guidelines In Auto mode, the Voice VLAN feature determines on which interfaces to advertise the network policy TLV with application type voice, and controls the parameters of that TLV. To enable the auto generation of a network policy based on the auto voice VLAN, there must be no manual pre-configured network policies for the voice application In Auto mode, you cannot manually define a network policy for the voice...
Link Layer Discovery Protocol (LLDP) Commands 44.20 lldp med location Use the lldp med location Interface Configuration (Ethernet) mode command to configure the location information for the LLDP Media Endpoint Discovery (MED) for a port. Use the no form of this command to delete location information for a port.
Link Layer Discovery Protocol (LLDP) Commands 44.21 show lldp configuration Use the show lldp configuration Privileged EXEC mode command to display the LLDP configuration for all ports or for a specific port. Syntax [interface-id] show lldp configuration Parameters interface-id—Specifies the port ID. Default Configuration Command Mode Privileged EXEC mode...
Page 665
Link Layer Discovery Protocol (LLDP) Commands RX,TX SN, SD, SC automatic Disabled RX,TX PD, SN, SD, SC auto vlan 1 Disabled RX,TX PD, SN, SD, SC auto g1 Disabled RX,TX PD, SN, SD, SC auto ch1 Disabled Example 2 - Display LLDP configuration for port 1. Switch# show lldp configuration gi1 State: Enabled Timer: 30 Seconds...
Link Layer Discovery Protocol (LLDP) Commands The following table describes the significant fields shown in the display: Field Description Timer The time interval between LLDP updates. Hold multiplier The amount of time (as a multiple of the timer interval) that the receiving device holds a LLDP packet before discarding it.
Page 667
Link Layer Discovery Protocol (LLDP) Commands Default Configuration If no port ID is entered, the command displays information for all ports. Command Mode Privileged EXEC mode Examples Example 1 - The following example displays the LLDP MED configuration for all interfaces.
Link Layer Discovery Protocol (LLDP) Commands Network policies: Location: Civic-address: 61:62:63:64:65:66 44.23 show lldp local tlvs-overloading When an LLDP packet contains too much information for one packet, this is called overloading. Use the show lldp local tlvs-overloading EXEC mode command to display the status of TLVs overloading of the LLDP on all ports or on a specific port.
Link Layer Discovery Protocol (LLDP) Commands Total: 1600 bytes Left: 100 bytes 44.24 show lldp local Use the show lldp local Privileged EXEC mode command to display the LLDP information that is advertised from a specific port. Syntax interface-id show lldp local Parameters Interface-id—Specifies a port ID.
Page 670
Link Layer Discovery Protocol (LLDP) Commands Auto-negotiation status: Enabled Auto-negotiation Advertised Capabilities: 100BASE-TX full duplex, 1000BASE-T full duplex Operational MAU type: 1000BaseTFD 802.3 Link Aggregation Aggregation capability: Capable of being aggregated Aggregation status: Not currently in aggregation Aggregation port ID: 1 802.3 Maximum Frame Size: 1522 802.3 EEE Local Tx: 30 usec...
Link Layer Discovery Protocol (LLDP) Commands Device Type: Power Sourcing Entity Power source: Primary Power Source Power priority: High Power value: 9.6 Watts LLDP-MED Location Coordinates: 54:53:c1:f7:51:57:50:ba:5b:97:27:80:00:00:67:01 Hardware Revision: B1 Firmware Revision: A1 Software Revision: 3.8 Serial number: 7978399 Manufacturer name: Manufacturer Model name: Model 1 Asset ID: Asset 123 Switch# show lldp local gi2...
Link Layer Discovery Protocol (LLDP) Commands Example Switch# show lldp statistics console(config-if)# do show lldp statistics Tables Last Change Time: 14-Oct-2010 32:08:18 Tables Inserts: 26 Tables Deletes: 2 Tables Dropped: 0 Tables Ageouts: 1 TX Frames RX Frame TLVs RX Ageouts Port Total Total Discarded Errors Discarded...
Page 673
Link Layer Discovery Protocol (LLDP) Commands Parameters interface-id—Specifies a port ID. detail—Displays detailed information about a neighbor (or neighbors) from the main cache. secondary—Displays information about neighbors from the secondary cache. Default Configuration If no port ID is entered, the command displays information for all ports. Detail is the default parameter.
Page 674
Link Layer Discovery Protocol (LLDP) Commands Example 2 - The following example displays information about neighboring devices discovered using LLDP port 1. Switch# show lldp neighbors gi1 Device ID: 00:00:00:11:11:11 Port ID: gi System Name: ts-7800-2 Capabilities: B System description: Port description: Management address: 172.16.1.1 Time To Live: 90 seconds...
Page 675
Link Layer Discovery Protocol (LLDP) Commands Aggregation status: Not currently in aggregation Aggregation port ID: 1 802.3 Maximum Frame Size: 1522 802.3 EEE Remote Tx: 25 usec Remote Rx: 30 usec Local Tx Echo: 30 usec Local Rx Echo: 25 usec 802.1 PVID: 1 802.1 PPVID: 2 supported, enabled 802.1 VLAN: 2(VLAN2)
Page 676
Link Layer Discovery Protocol (LLDP) Commands Hardware revision: 2.1 Firmware revision: 2.3 Software revision: 2.7.1 Serial number: LM759846587 Manufacturer name: VP Model name: TR12 Asset ID: 9 LLDP-MED Location Coordinates: 54:53:c1:f7:51:57:50:ba:5b:97:27:80:00:00:67:01 The following table describes significant LLDP fields shown in the display: Field Description Port...
Page 677
Link Layer Discovery Protocol (LLDP) Commands Field Description Management The neighbor device’s management address. address Auto-negotiation The auto-negotiation support status on the support port. (Supported or Not Supported) Auto-negotiation The active status of auto-negotiation on the status port. (Enabled or Disabled) Auto-negotiation The port speed/duplex/flow-control Advertised...
Page 678
Link Layer Discovery Protocol (LLDP) Commands Field Description Power Source The power source utilized by a PSE or PD device. A PSE device advertises its power capability. The possible values are: Primary power source and Backup power source. A PD device advertises its power source. The possible values are: Primary power, Local power, Primary and Local power.
CDP Commands CDP Commands 45.1 cdp run The cdp run Global Configuration mode command enables CDP globally. The no format of this command disabled CDP globally. Syntax cdp run no cdp run Parameters Default Configuration Enabled. Command Mode Global Configuration mode User Guidelines CDP is a link layer protocols for directly-connected CDP/LLDP-capable devices to advertise themselves and their capabilities.
CDP Commands 45.2 cdp enable The cdp enable Interface Configuration mode command enables CDP on interface. The no format of the CLI command disables CDP on an interface. Syntax cdp enable Parameters Default Configuration Enabled Command Mode Ethernet Interface User Guidelines For CDP to be enabled on an interface, it must first be enabled globally using run.
CDP Commands Parameters filtering—Specify that when CDP is globally disabled, CDP packets are filtered (deleted). bridging—Specify that when CDP is globally disabled, CDP packets are bridged as regular data packets (forwarded based on VLAN). flooding—Specify that when CDP is globally disabled, CDP packets are flooded to all the ports in the product that are in STP forwarding state, ignoring the VLAN filtering rules.
CDP Commands Parameters Default Configuration Version 2. Command Mode Global Configuration mode Example console(conf) cdp run console(conf)cdp advertise-v2 45.5 cdp appliance-tlv enable The cdp appliance-tlv enable Global Configuration mode command enables sending of the Appliance TLV. The no format of this command disables the sending of the Appliance TLV.
CDP Commands • 0 - The CDP packets transmitting through this port would contain Appliance VLAN-ID TLV with value of 0. VoIP and related packets are expected to be sent and received with VLAN-id=0 and an 802.1p priority. • 1..4094 - The CDP packets transmitting through this port would contain Appliance VLAN-ID TLV with N.
CDP Commands Example Turn off mandatory TLV validation: console(conf) no cdp mandatory-tlvs validation 45.7 cdp source-interface The cdp source-interface Global Configuration mode command specifies the CDP source port used for source IP address selection. The no format of this command deletes the source interface.
CDP Commands packet matches the ports actual configuration. If not, a SYSLOG duplex mismatch message is generated. The no format of the CLI command disables the generation of the SYSLOG messages. Syntax cdp log mismatch duplex no cdp log mismatch duplex Parameters Default Configuration The switch reports duplex mismatches from all ports.
CDP Commands Default Configuration The switch reports voip mismatches from all ports. Command Mode Global Configuration mode Ethernet Interface Example console(conf) interface gi1 console(conf-if) cdp log mismatch voip 45.10 cdp log mismatch native Use the cdp log mismatch native Global and Interface Configuration mode command to enable validating that the native VLAN received in a CDP packet matches the actual native VLAN of the port.
CDP Commands console(conf-if) cdp log mismatch native 45.11 cdp device-id format The cdp device-id format Global Configuration mode command specifies the format of the Device-ID TLV. The no format of this command returns to default. Syntax cdp device-id format {mac | serial-number} no cdp device-id format Parameters mac—Specifies that the Device-ID TLV contains the device’s MAC address.
CDP Commands Parameters seconds—Value of the Transmission Timer in seconds. Range: 5-254 seconds. Default Configuration 60 seconds. Command Mode Global Configuration mode Example console(conf) cdp timer 100 45.13 cdp holdtime The cdp holdtime Global Configuration mode command specified a value of the Time-to-Live field into sent CDP messages.
CDP Commands Example console(conf) clear cdp table 45.16 show cdp The show cdp Privileged EXEC mode command displays the interval between advertisements, the number of seconds the advertisements are valid and version of the advertisements. Syntax show cdp Parameters Command Mode Privileged EXEC mode Example switch>show cdp...
Version: Cisco Internetwork Operating System Software IOS (tm) 4500 Software (C4500-J-M), Version 11.1(10.4), MAINTENANCE INTERIM SOFTWARE Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Mon 07-Apr-97 19:51 by dschwart Example 2 - switch#show cdp entry device.cisco.com protocol Protocol information for device.cisco.com: IP address: 192.168.68.18...
CDP Commands 45.18 show cdp interface The show cdp interface Privileged EXEC mode command displays information about ports on which CDP is enabled. Syntax interface-id show cdp interface Parameters interface-id—Port ID. Command Mode Privileged EXEC mode Example switch#show cdp interface gi1 CDP is globally enabled CDP log duplex mismatch Globally is enabled...
CDP Commands 45.19 show cdp neighbors The show cdp neighbors Privileged EXEC mode command displays information about neighbors kept in the main or secondary cache. Syntax interface-id show cdp neighbors [ ] [detail | secondary] Parameters interface-id—Displays the neighbors attached to this port. detail—Displays detailed information about a neighbor (or neighbors) from the main cache including network address, enabled protocols, hold time, and software version.
Port ID (outgoing port): fa 0 Time To Live : 123 sec Version : Cisco Internetwork Operating System Software IOS (tm) 5800 Software (C5800-P4-M), Version 12.1(2) Copyright (c) 1986-2002 by Cisco Systems, Inc. Duplex: half ------------------------- Device ID: lab-as5300-1 Entry address(es): IP address: 172.19.169.87...
Page 696
Gateway#show cdp neighbors fa 1 detail Device ID: SEP000427D400ED Advertisement version: 2 Entry address(es): IP address: 1.6.1.81 Platform: Cisco IP Phone 7940, Capabilities: Host Interface: fa 1, Port ID (outgoing port): Port 1 Time To Live: 150 sec Version :...
Page 697
CDP Commands Field Definitions: • Advertisement version—The version of CDP being used for CDP advertisements. • Capabilities—The device type of the neighbor. This device can be a router, a bridge, a transparent bridge, a source-routing bridge, a switch, a host, an IGMP device, or a repeater.
CDP Commands • Platform—The product name and number of the neighbor device. In the case of the Secondary Cache only the 8 last characters of the value are printed. • Power Available—Every switch interface transmits information in the Power Available TLV, which permits a device which needs power to negotiate and select an appropriate power setting.
Page 699
CDP Commands Syntax interface-id show cdp tlv [ Parameters interface-id— Port ID. Default Configuration TLVs for all ports. Command Mode Privileged EXEC mode User Guidelines You can use the show cdp tlv command to verify the TLVs configured to be sent in CDP packets.
Page 700
CDP Commands Interface TLV: gi2 CDP is disabled on Example 3 - In this example, CDP is globally enabled and enabled on the port, but the port is down and no information is displayed. switch#show cdp tlv interface gi2 cdp globally is enabled Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - VoIP Phone,M - Remotely-Managed Device,...
Page 701
CDP Commands Version TLV: 1 and 2 Platform TLV: VSD Ardd Native VLAN TLV: 1 Full/Half Duplex TLV: full-duplex Appliance VLAN_ID TLV: Appliance-ID is 1; VLAN-ID is 100 COS for Untrusted Ports TLV: 1 Power Available TLV: Request-ID is 1 Power management-ID is 1; Available-Power is 10;...
CDP Commands Power Available TLV: Request-ID is 1 Power management-ID is 1; Available-Power is 10; Management-Power-Level is 0xFFFFFFFF Interface TLV: gi2 CDP is disabled on Interface TLV: gi3 CDP is enabled on Ethernet 3 is down 45.21 show cdp traffic The show cdp traffic Privileged EXEC mode command displays the CDP counters, including the number of packets sent and received and checksum errors.
Page 703
CDP Commands Field Definition • Total packets output—The number of CDP advertisements sent by the local device. Note that this value is the sum of the CDP Version 1 advertisements output and CDP Version 2 advertisements output fields. • Input—The number of CDP advertisements received by the local device. Note that this value is the sum of the CDP Version 1 advertisements input and CDP Version 2 advertisements input fields.
Revision History 78-20269-01 Command Line Interface Reference Guide...
Page 706
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.